Making macOS Installer Packages which are Developer ID ready

Question

Note  This is for OS X Installer packages only  packages for submission to the Mac App Store follow different rules   Because of Mountain Lion s Gatekeeper I finally had to take my PackageMaker build script behind the barn and shoot it  PackageMaker was already removed from Xcode and moved into  Auxiliary Tools for Xcode   so hopefully it will be soon forgotten   The question is how do I use pkgbuild  productbuild  and pkgutil to replace it

User · Answer

There is one very interesting application by Stéphane Sudre which does all of this for you, is scriptable / supports building from the command line, has a super nice GUI and is FREE. Sad thing is: it's called "Packages" which makes it impossible to find in google.

http://s.sudre.free.fr/Software/Packages/about.html

I wished I had known about it before I started handcrafting my own scripts.

Packages application screenshot

User · Answer

Here is a build script which creates a signed installer package out of a build root      bin bash   TRIMCheck build script   Copyright Doug Richardson 2015   Usage  build sh     The result is a disk image that contains the TRIMCheck installer     DSTROOT  tmp trimcheck dst SRCROOT  tmp trimcheck src  INSTALLER PATH  tmp trimcheck INSTALLER PKG  TRIMCheck pkg  INSTALLER   INSTALLER PATH  INSTALLER PKG       Clean out anything that doesn t belong    echo Going to clean out build directories rm -rf build  DSTROOT  SRCROOT  INSTALLER PATH echo Build directories cleaned out       Build   echo ------------------ echo Installing Sources echo ------------------ xcodebuild -project TRIMCheck xcodeproj installsrc SRCROOT  SRCROOT    exit 1  echo ---------------- echo Building Project echo ---------------- pushd  SRCROOT xcodebuild -project TRIMCheck xcodeproj -target trimcheck -configuration Release install    exit 1 popd  echo ------------------ echo Building Installer echo ------------------ mkdir -p   INSTALLER PATH     exit 1  echo  Runing pkgbuild  Note you must be connected to Internet for this to work as it  echo  has to contact a time server in order to generate a trusted timestamp  See  echo  man pkgbuild for more info under SIGNED PACKAGES   pkgbuild --identifier  com delicioussafari TRIMCheck        --sign  Developer ID Installer  Douglas Richardson  4L84QT8KA9         --root   DSTROOT          INSTALLER     exit 1   echo Successfully built TRIMCheck open   INSTALLER PATH   exit 0

User · Answer

FYI for those that are trying to create a package installer for a bundle or plugin  it s easy   pkgbuild --component  Color Lists colorPicker  --install-location   Library ColorPickers ColorLists pkg

User · Answer

A  1 to accepted answer   Destination Selection in Installer  If domain  a k a destination  selection is desired between user domain and system domain then rather than trying  lt domains enable anywhere  true  gt  use following    lt domains enable currentUserHome  true  enable localSystem  true   gt   enable currentUserHome installs application app under   Applications  and enable localSystem allows the application to be installed under  Application  I ve tried this in El Capitan 10 11 6  15G1217  and it seems to be working perfectly fine in 1 dev machine and 2 different VMs I tried

User · Answer

Our example project has two build targets  HelloWorld app and Helper app  We make a component package for each and combine them into a product archive  A component package contains payload to be installed by the OS X Installer  Although a component package can be installed on its own  it is typically incorporated into a product archive  Our tools  pkgbuild  productbuild  and pkgutil After a successful  quot Build and Archive quot  open  BUILT PRODUCTS DIR in the Terminal    cd   Library Developer Xcode DerivedData     InstallationBuildProductsLocation   pkgbuild --analyze --root   HelloWorld app HelloWorldAppComponents plist   pkgbuild --analyze --root   Helper app HelperAppComponents plist  This give us the component-plist  you find the value description in the  quot Component Property List quot  section  pkgbuild -root generates the component packages  if you don t need to change any of the default properties you can omit the --component-plist parameter in the following command  productbuild --synthesize results in a Distribution Definition    pkgbuild --root   HelloWorld app       --component-plist HelloWorldAppComponents plist       HelloWorld pkg   pkgbuild --root   Helper app       --component-plist HelperAppComponents plist       Helper pkg   productbuild --synthesize       --package HelloWorld pkg --package Helper pkg       Distribution xml   In the Distribution xml you can change things like title  background  welcome  readme  license  and so on  You turn your component packages and distribution definition with this command into a product archive    productbuild --distribution   Distribution xml       --package-path           Installer pkg  I recommend to take a look at iTunes Installers Distribution xml to see what is possible  You can extract  quot Install iTunes pkg quot  with    pkgutil --expand  quot Install iTunes pkg quot   quot Install iTunes quot   Lets put it together I usually have a folder named Package in my project which includes things like Distribution xml  component-plists  resources and scripts  Add a Run Script Build Phase named  quot Generate Package quot   which is set to Run script only when installing  VERSION   defaults read  quot   BUILT PRODUCTS DIR    FULL PRODUCT NAME  Contents Info quot  CFBundleVersion   PACKAGE NAME  echo  quot  PRODUCT NAME quot    sed  quot s     g quot   TMP1 ARCHIVE  quot   BUILT PRODUCTS DIR   PACKAGE NAME-tmp1 pkg quot  TMP2 ARCHIVE  quot   BUILT PRODUCTS DIR   PACKAGE NAME-tmp2 quot  TMP3 ARCHIVE  quot   BUILT PRODUCTS DIR   PACKAGE NAME-tmp3 pkg quot  ARCHIVE FILENAME  quot   BUILT PRODUCTS DIR    PACKAGE NAME  pkg quot   pkgbuild --root  quot   INSTALL ROOT  quot        --component-plist  quot   Package HelloWorldAppComponents plist quot        --scripts  quot   Package Scripts quot        --identifier  quot com test pkg HelloWorld quot        --version  quot  VERSION quot        --install-location  quot   quot         quot   BUILT PRODUCTS DIR  HelloWorld pkg quot  pkgbuild --root  quot   BUILT PRODUCTS DIR  Helper app quot        --component-plist  quot   Package HelperAppComponents plist quot        --identifier  quot com test pkg Helper quot        --version  quot  VERSION quot        --install-location  quot   quot         quot   BUILT PRODUCTS DIR  Helper pkg quot  productbuild --distribution  quot   Package Distribution xml quot         --package-path  quot   BUILT PRODUCTS DIR  quot        --resources  quot   Package Resources quot         quot   TMP1 ARCHIVE  quot   pkgutil --expand  quot   TMP1 ARCHIVE  quot   quot   TMP2 ARCHIVE  quot         Patches and Workarounds  pkgutil --flatten  quot   TMP2 ARCHIVE  quot   quot   TMP3 ARCHIVE  quot   productsign --sign  quot Developer ID Installer  John Doe quot         quot   TMP3 ARCHIVE  quot   quot   ARCHIVE FILENAME  quot   If you don t have to change the package after it s generated with productbuild you could get rid of the pkgutil --expand and pkgutil --flatten steps  Also you could use the --sign paramenter on productbuild instead of running productsign  Sign an OS X Installer Packages are signed with the Developer ID Installer certificate which you can download from Developer Certificate Utility  They signing is done with the --sign  quot Developer ID Installer  John Doe quot  parameter of pkgbuild  productbuild or productsign  Note that if you are going to create a signed product archive using productbuild  there is no reason to sign the component packages   All the way  Copy Package into Xcode Archive To copy something into the Xcode Archive we can t use the Run Script Build Phase  For this we need to use a Scheme Action  Edit Scheme and expand Archive  Then click post-actions and add a New Run Script Action  In Xcode 6     bin bash  PACKAGES  quot   ARCHIVE PATH  Packages quot     PACKAGE NAME  echo  quot  PRODUCT NAME quot    sed  quot s     g quot   ARCHIVE FILENAME  quot  PACKAGE NAME pkg quot  PKG  quot   OBJROOT     BuildProductsPath   CONFIGURATION    ARCHIVE FILENAME  quot   if   -f  quot   PKG  quot     then     mkdir  quot   PACKAGES  quot      cp -r  quot   PKG  quot   quot   PACKAGES  quot  fi  In Xcode 5  use this value for PKG instead  PKG  quot   OBJROOT  ArchiveIntermediates   TARGET NAME  BuildProductsPath   CONFIGURATION    ARCHIVE FILENAME  quot   In case your version control doesn t store Xcode Scheme information I suggest to add this as shell script to your project so you can simple restore the action by dragging the script from the workspace into the post-action  Scripting There are two different kinds of scripting  JavaScript in Distribution Definition Files and Shell Scripts  The best documentation about Shell Scripts I found in WhiteBox - PackageMaker How-to  but read this with caution because it refers to the old package format  Apple Silicon In order for the package to run as arm64  the Distribution file has to specify in its hostArchitectures section that it supports arm64 in addition to x86 64   lt options hostArchitectures  quot arm64 x86 64 quot    gt   Additional Reading  Flat Package Format - The missing documentation Installer Problems and Solutions Stupid tricks with pkgbuild persisting obsolescence  Known Issues and Workarounds Destination Select Pane The user is presented with the destination select option with only a single choice -  quot Install for all users of this computer quot   The option appears visually selected  but the user needs to click on it in order to proceed with the installation  causing some confusion   Apples Documentation recommends to use  lt domains enable anywhere       gt  but this triggers the new more buggy Destination Select Pane which Apple doesn t use in any of their Packages  Using the deprecate  lt options rootVolumeOnly  quot true quot    gt  give you the old Destination Select Pane    You want to install items into the current user   s home folder  Short answer  DO NOT TRY IT  Long answer  REALLY  DO NOT TRY IT  Read Installer Problems and Solutions  You know what I did even after reading this  I was stupid enough to try it  Telling myself I m sure that they fixed the issues in 10 7 or 10 8  First of all I saw from time to time the above mentioned Destination Select Pane Bug  That should have stopped me  but I ignored it  If you don t want to spend the week after you released your software answering support e-mails that they have to click once the nice blue selection DO NOT use this  You are now thinking that your users are smart enough to figure the panel out  aren t you  Well here is another thing about home folder installation  THEY DON T WORK  I tested it for two weeks on around 10 different machines with different OS versions and what not  and it never failed  So I shipped it  Within an hour of the release I heart back from users who just couldn t install it  The logs hinted to permission issues you are not gonna be able to fix  So let s repeat it one more time  We do not use the Installer for home folder installations   RTFD for Welcome  Read-me  License and Conclusion is not accepted by productbuild  Installer supported since the beginning RTFD files to make pretty Welcome screens with images  but productbuild doesn t accept them  Workarounds  Use a dummy rtf file and replace it in the package by after productbuild is done  Note  You can also have Retina images inside the RTFD file  Use multi-image tiff files for this  tiffutil -cat Welcome tif Welcome 2x tif -out FinalWelcome tif  More details   Starting an application when the installation is done with a BundlePostInstallScriptPath script     bin bash  LOGGED IN USER ID  id -u  quot   USER  quot    if    quot   COMMAND LINE INSTALL  quot     quot  quot    then      bin launchctl asuser  quot   LOGGED IN USER ID  quot   usr bin open -g PATH OR BUNDLE ID fi  exit 0  It is important to run the app as logged in user  not as the installer user  This is done with launchctl asuser uid path  Also we only run it when it is not a command line installation  done with installer tool or Apple Remote Desktop

[xcode] Making macOS Installer Packages which are Developer ID ready

Examples related to xcode

Examples related to packagemaker

Examples related to pkgbuild

Examples related to productbuild