macospkg

package module
v1.4.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 21, 2024 License: MIT Imports: 19 Imported by: 6

README

pkg.go.dev

About

go-macos-pkg was built out of a desire to generate and sign macOS pkgs on non-macOS OSs.

Caveats

  • Right now most of the heavy lifting is done by calling the xar utility, as there aren't currently (2021) Go libraries that write xar archives. The good news is xar is available on other OSs, unlike productsign/productbuild
  • Right now only payload-free (e.g. just runs postinstall) packages can be generated as that's all I currently need. It shouldn't be too hard for someone to add payload capabilities, though.

Usage

script := []byte("#!/bin/bash\necho 'hello, world!'\n")

pkg, err := macospkg.GeneratePkg("com.github.korylprince.go-macos-pkg", "1.0.0", script)
if err != nil {
    log.Fatalln("could not generate pkg:", err)
}

// use Apple Developer ID Installer cert and key to sign
signed, err := macospkg.SignPkg(pkg, cert, key)
if err != nil {
    log.Fatalln("could not sign pkg:", err)
}

if err = os.WriteFile("signed.pkg", signed, 0644); err != nil {
    log.Fatalln("could not write signed pkg:", err)
}

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ErrNotSigned = errors.New("package not signed")

Functions

func GeneratePkg 

func GeneratePkg(identifier, version string, postinstall []byte) ([]byte, error)

GeneratePkg creates a Distribution style, payload free pkg with identifier, version, and postinstall. See http://bomutils.dyndns.org/tutorial.html

func SignPkg 

func SignPkg(pkg []byte, cert *x509.Certificate, key *rsa.PrivateKey) ([]byte, error)

SignPkg signs and returns the given pkg with the given certificate and key. The certificate should be an "Apple Developer ID Installer" certificate. See https://mackyle.github.io/xar/howtosign.html

func VerifyPkg added in v1.3.0 

func VerifyPkg(pkg []byte) error

VerifyPkg returns an error if the pkg cannot be verified with a complete chain to Apple's root CA If pkg is not signed, ErrNotSigned is returned

Types

type Asset added in v1.2.0 

type Asset struct {
	Kind       string   `plist:"kind" json:"kind"`
	MD5Size    int      `plist:"md5-size,omitempty" json:"md5-size,omitempty"`
	MD5s       []string `plist:"md5s,omitempty" json:"md5s,omitempty"`
	SHA256Size int      `plist:"sha256-size,omitempty" json:"sha256-size,omitempty"`
	SHA256s    []string `plist:"sha256s,omitempty" json:"sha256s,omitempty"`
	URL        string   `plist:"url" json:"url"`
}

type Item added in v1.2.0 

type Item struct {
	Assets []*Asset `plist:"assets" json:"assets"`
}

type Manifest added in v1.2.0 

type Manifest struct {
	Items []*Item `plist:"items" json:"items"`
}

Manifest is used by a MDM's InstallApplication or InstallEnterpiseApplication's command

func NewManifest added in v1.2.0 

func NewManifest(pkg []byte, url string, h ManifestHash) *Manifest

NewManifest generates a Manifest by hashing the given package (which should be signed) and setting the URL. h should be ManifestHashMD5 for InstallApplication commands and ManifestHashSHA256 for InstallEnterpiseApplication commands

type ManifestHash added in v1.2.0 

type ManifestHash int
const (
	ManifestHashMD5 ManifestHash = iota
	ManifestHashSHA256
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.