2024-2-5 03:39:43 Author: derflounder.wordpress.com(查看原文) 阅读量:10 收藏
I’ve been thinking about the issue of building installer packages using AutoPkg which are ready for installation using MDM commands. Installing an installer package via MDM command requires packages to have the following attributes:
- Signed with an Apple Developer ID Installer certificate
- Be a distribution installer package
For criteria #2, this references the fact that there are two kinds of modern installer packages for macOS:
- Component packages: these are the standard type of installer package, which contain an archive of files to install and the information on where the files should be installed.
- Distribution packages: These packages can contain one or more component packages, and may also include additional resources to customize and control the user interface shown in the Installer application.
By default, AutoPkg will build component packages using the PkgCreator processor or the AppPkgCreator processor. But there is a relatively straightforward way to create a a distribution package while using an existing component package as a source, using the productbuild command. To create a distribution installer package from an existing component installer package, you would use a command similar to the one shown below:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Note: If using a signed component installer package as a source, the resulting new distribution package will not be signed. If needed, you will need to sign the distribution package following its creation.
For those who want to create distribution packages as part of an AutoPkg workflow, I’ve written a DistributionPackageCreator AutoPkg processor which is designed to perform the following tasks:
- Rename the existing AutoPkg-generated component package.
- Create a new distribution package from the AutoPkg-generated component package.
- Set the newly-created distribution package to have the original name of the AutoPkg-generated component package.
For more details, please see below the jump.
The DistributionPackageCreator processor is shown below, as well as being available via the following link:
https://github.com/rtrouton/AutoPkg_Processors/tree/main/DistributionPackageCreator
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/local/autopkg/python | |
| # | |
| # Copyright 2010 Per Olofsson | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # http://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| import plistlib | |
| import subprocess | |
| import os | |
| from autopkglib import Processor, ProcessorError | |
| __all__ = ["DistributionPackageCreator"] | |
| class DistributionPackageCreator(Processor): | |
| description = "Creates a distribution package from an existing component package using ProductBuild." | |
| input_variables = { | |
| "pkg_path": { | |
| "required": True, | |
| "description": "Path to the component package used to create the distribution package", | |
| }, | |
| } | |
| output_variables = { | |
| "pkg_path": {"description": "Path to the distribution package."} | |
| } | |
| __doc__ = description | |
| def main(self): | |
| # Rename component package so that we can retain the original name for the distribution package. | |
| pkg_dir = os.path.dirname(self.env["pkg_path"]) | |
| pkg_base_name = os.path.basename(self.env["pkg_path"]) | |
| (pkg_name_no_extension, pkg_extension) = os.path.splitext(pkg_base_name) | |
| component_pkg_path = os.path.join( | |
| pkg_dir, pkg_name_no_extension + "-component" + pkg_extension | |
| ) | |
| os.rename(self.env["pkg_path"], component_pkg_path) | |
| command_line_list = [ | |
| "/usr/bin/productbuild", | |
| "–package", | |
| component_pkg_path, | |
| self.env["pkg_path"], | |
| ] | |
| print(command_line_list) | |
| # print command_line_list | |
| subprocess.call(command_line_list) | |
| if __name__ == "__main__": | |
| processor = DistributionPackageCreator() | |
| processor.execute_shell() |
When included in an AutoPkg recipe, the DistributionPackageCreator processor will locate AutoPkg-generated component packages by using the pkg_path variable and do the following:
- Rename the AutoPkg-generated component package from /path/to/package_name_here.pkg to /path/to/package_name_here-component.pkg
- Create a new distribution package from the AutoPkg-generated component package.
- Save the distribution package as /path/to/package_name_here.pkg, so that the name matches the original package.
Note: Setting the distribution package’s name to match the original component package’s name allows AutoPkg to continue to work with the distribution installer package.
To assist folks who want to use this processor, but don’t want to rewrite their existing .pkg recipes, I’ve written an example recipe to assist with this: the .distpkg recipe.
The .distpkg recipe uses the DistributionPackageCreator processor and is designed to be placed in the AutoPkg workflow between a .pkg recipe and whatever else came next. In this case, the .pkg recipe would be a parent recipe for the .distpkg recipe. In turn, the .distpkg recipe would be used as the parent recipe for whatever came next in the workflow.
A good example would be if you wanted to create a signed distribution package. In that case, you could combine a .pkg recipe, a .distpkg recipe and a .sign recipe into the same workflow to produce a signed distribution package, which should meet all the necessary requirements to install the package via an MDM command.
For those who want to use .distpkg recipes, there is an example recipe available via the link below:
https://github.com/autopkg/rtrouton-recipes/blob/master/SharedProcessors/Example.distpkg.recipe
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <plist version="1.0"> | |
| <dict> | |
| <key>Description</key> | |
| <string>Creates a distribution package from an existing component package.</string> | |
| <key>Identifier</key> | |
| <string>com.github.distpkg.MyGreatApp</string> | |
| <key>Input</key> | |
| <dict> | |
| </dict> | |
| <key>ParentRecipe</key> | |
| <string>com.github.pkg.MyGreatApp</string> | |
| <key>Process</key> | |
| <array> | |
| <dict> | |
| <key>Processor</key> | |
| <string>com.github.rtrouton.SharedProcessors/DistributionPackageCreator</string> | |
| <key>Arguments</key> | |
| <dict> | |
| <key>pkg_path</key> | |
| <string>%RECIPE_CACHE_DIR%/%NAME%-%version%.pkg</string> | |
| </dict> | |
| </dict> | |
| </array> | |
| </dict> | |
| </plist> |
If you want to use the DistributionPackageCreator processor hosted from my AutoPkg recipe repo, first verify that AutoPkg is installed on the Mac you’re using. Once verified, run the following command:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
如有侵权请联系:admin#unsafe.sh