Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
z
zwass
09/04/2020, 10:16 PMHas anyone found a good way to build Launcher .pkgs for macOS on a non-macOS system? Or is that still always done on macOS?
d
defensivedepth
09/04/2020, 11:35 PMI recently shelved this part of the integration for Security Onion. Launcher package generation is all done locally within Security Onion, so I can only work with Linux/Docker. So for Windows & Linux, we generate a customized package for the deployment; For MacOS we just provide a stock Launcher pkg. I dumped a ton of time into trying to figure out how to get it working, and I got it kinda working, but not enough to call it stable. 😞
z
zwass
09/04/2020, 11:39 PMDo you require notarized packages?
And/or signing? Were you planning to ask users to input their signing key?
s
seph
09/05/2020, 5:32 AMI still build on macOS.
I've seen some stuff about packaging on Linux. Groob did some experiments too. But it's never seemed worth it to me.
And I've never seen a non-macOS notarization tool. (Though it's therorwrically possible)
A common other pattern is to have a common signed package distributed next to a configuration. The installer can look for the configuration via relative path.
Not as clean as a fully baked installer though.
d
defensivedepth
09/05/2020, 6:04 PMSigned (with the option for users to input signing key). Notary was ideal. We are planning on revisiting this probably early next year.