As part of many application or package building workflows, there is a requirement to sign the end result to guarantee that the app or package has not been tampered with. With the advent of Apple’s notarization process, this has become even more important because an app or installer package must be signed before it can be notarized.
However, in order to sign apps or packages, you must have the signing certificate available. This has often meant putting copies of Apple signing certificates, complete with the certificate’s private key, onto the Mac or Macs used to build the application and/or installer package. This has security concerns because if the signing certificate’s private key is compromised, you must now revoke the existing certificate, get a new one from Apple and re-sign everything that used that now-revoked signing certificate.
To assist with the security concerns, Twocanoes Software has developed Signing Manager. This tool provides a way to centralize hosting of signing certificates and make their signing capabilities securely available to Macs which need them. In my own case, I’m investigating Signing Manager in the context of signing AutoPkg-built installer packages. For more details, please see below the jump.
Signing Manager consists of a server which hosts certificates and a client which logs into the server using an API key. Let’s take a look at how you set up a certificate to be shared. In this example, I’ll be using Twocanoes’ own signing server and a sample Package Signing certificate.
Importing the signing certificate into the Signing Manager server
Pre-requisites:
- Signing certificate’s public and private keys stored in a .p12 file
- The password to unlock the .p12 file
1. Log into the Signing Manager server.
2. Make note of the Signing Server Domain URL and API key. You’ll need them later with the Signing Manager client software.
3. Click on the Identities link.
3. Click on the Import Identity button.
4. Select your signing certificate’s .p12 file and enter the password for it into the password blank.
5. Click the Import button.
Your certificate should now be imported.
Enabling the signing certificate for access on a client Mac.
1. Install the Signing Manager client software.
2. In the Signing Manager, set the following:
- In the Signing Server blank, enter the Signing Server Domain URL.
- In the API Key blank, enter the API key
Once entered and verified, click the OK button.
3. You should now see the certificate appear in the Signing Manager app window, along with a notification that a smartcard has been inserted.
Signing Manager sets up a virtual smart card with the signing certificate’s information stored inside. Your Mac should be able to work with the certificate information on this virtual smart card like it can with certificates stored in your Mac’s own keychain files.
The Signing Manager client software also includes several useful features:
1. Copying the Common Name from the certificate:
Clicking the Copy CN button will add the Common Name of the selected certificate to the clipboard.
2. Copying the Fingerprint, or SHA1 hash of the certificate to the clipboard.
Clicking the Copy Fingerprint button will add the SHA1 hash of the selected certificate to the clipboard.
Note: The Fingerprint name is what will be used as the certificate name when signing.
3. Copying an example codesign command with certificate name to clipboard.
Clicking the Copy codesign command button will copy the example codesign command to the clipboard.
4. Copying an example productsign command with certificate name to clipboard.
Clicking the Copy productsign command button will copy the example productsign command to the clipboard.
5. Displaying certificate information
Clicking the Show Certificate button will display information about the selected certificate.
Signing an AutoPkg-built installer package
In most ways, using a Signing Manager-hosted certificate for signing is identical to using a certificate stored in a Mac’s keychain. The main difference will be the name of the certificate, as Signing Manager will use the Fingerprint identifier for the certificate. Specifically, you can use Apple’s codesign and productsign tools with a Signing Manager-hosted certificate just like you would a certificate stored locally on your Mac inside a keychain.
This similarity allows it to be easily integrated into an AutoPkg workflow which uses the PkgSigner processor. This AutoPkg processor uses productsign to do the following:
- Identify an unsigned package built by an AutoPkg recipe.
- Rename the unsigned package from /path/to/package_name_here.pkg to /path/to/package_name_here-unsigned.pkg.
- Sign the package.
- Save the signed package as /path/to/package_name_here.pkg, so that the name matches the original package. Renaming the signed package to match the original unsigned package’s name allows AutoPkg to continue to work with the now-signed installer package.
The main difference should be that a keychain-stored certificate would be named something like this:
Developer ID Installer: Rich Trouton (XF95CST45F)
The Signing Manager-hosted certificate would instead be identified by the Fingerprint value, which may look something like this:
4A72196F535A51A98FF2480132F024222B65060C
With that in mind, let’s take a look at how a Signing Manager-hosted certificate could be integrated into an AutoPkg workflow, using a process I’ve written about previously.
For this example, a .pkg recipe for Postman which includes the PkgSigner processor is being used:
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <plist version="1.0"> | |
| <dict> | |
| <key>Description</key> | |
| <string>Downloads the latest version of Postman and creates an installer package.</string> | |
| <key>Identifier</key> | |
| <string>net.trouton.pkg.postman</string> | |
| <key>Input</key> | |
| <dict> | |
| <key>NAME</key> | |
| <string>Postman</string> | |
| <key>VENDOR</key> | |
| <string>Postman</string> | |
| <key>SOFTWARETITLE</key> | |
| <string>Labs</string> | |
| <key>SOFTWARETYPE</key> | |
| <string>Postman</string> | |
| <key>SIGNINGCERTIFICATE</key> | |
| <string>Put_Signing_Certificate_into_AutoPkg_recipe_override</string> | |
| </dict> | |
| <key>MinimumVersion</key> | |
| <string>1.0.0</string> | |
| <key>ParentRecipe</key> | |
| <string>com.github.dataJAR-recipes.download.postman</string> | |
| <key>Process</key> | |
| <array> | |
| <dict> | |
| <key>Arguments</key> | |
| <dict> | |
| <key>predicate</key> | |
| <string>SIGNINGCERTIFICATE == "Put_Signing_Certificate_into_AutoPkg_recipe_override"</string> | |
| </dict> | |
| <key>Processor</key> | |
| <string>StopProcessingIf</string> | |
| </dict> | |
| <dict> | |
| <key>Processor</key> | |
| <string>PkgRootCreator</string> | |
| <key>Arguments</key> | |
| <dict> | |
| <key>pkgroot</key> | |
| <string>%RECIPE_CACHE_DIR%/%SOFTWARETYPE%</string> | |
| <key>pkgdirs</key> | |
| <dict> | |
| <key>Applications</key> | |
| <string>0755</string> | |
| </dict> | |
| </dict> | |
| </dict> | |
| <dict> | |
| <key>Processor</key> | |
| <string>Unarchiver</string> | |
| <key>Arguments</key> | |
| <dict> | |
| <key>archive_path</key> | |
| <string>%pathname%</string> | |
| <key>destination_path</key> | |
| <string>%pkgroot%/Applications</string> | |
| <key>purge_destination</key> | |
| <true /> | |
| </dict> | |
| </dict> | |
| <dict> | |
| <key>Processor</key> | |
| <string>Versioner</string> | |
| <key>Arguments</key> | |
| <dict> | |
| <key>input_plist_path</key> | |
| <string>%pkgroot%/Applications/%SOFTWARETYPE%.app/Contents/Info.plist</string> | |
| <key>plist_version_key</key> | |
| <string>CFBundleShortVersionString</string> | |
| </dict> | |
| </dict> | |
| <dict> | |
| <key>Processor</key> | |
| <string>PkgCreator</string> | |
| <key>Arguments</key> | |
| <dict> | |
| <key>pkgname</key> | |
| <string>%VENDOR%_%SOFTWARETITLE%_%SOFTWARETYPE%_%version%</string> | |
| <key>pkg_request</key> | |
| <dict> | |
| <key>version</key> | |
| <string>%version%</string> | |
| <key>id</key> | |
| <string>com.postmanlabs.mac</string> | |
| <key>options</key> | |
| <string>purge_ds_store</string> | |
| <key>chown</key> | |
| <array> | |
| <dict> | |
| <key>path</key> | |
| <string>Applications</string> | |
| <key>user</key> | |
| <string>root</string> | |
| <key>group</key> | |
| <string>wheel</string> | |
| </dict> | |
| </array> | |
| </dict> | |
| </dict> | |
| </dict> | |
| <dict> | |
| <key>Processor</key> | |
| <string>PkgSigner</string> | |
| <key>Arguments</key> | |
| <dict> | |
| <key>pkg_path</key> | |
| <string>%RECIPE_CACHE_DIR%/%VENDOR%_%SOFTWARETITLE%_%SOFTWARETYPE%_%version%.pkg</string> | |
| <key>signing_cert</key> | |
| <string>%SIGNINGCERTIFICATE%</string> | |
| </dict> | |
| </dict> | |
| <dict> | |
| <key>Arguments</key> | |
| <dict> | |
| <key>path_list</key> | |
| <array> | |
| <string>%RECIPE_CACHE_DIR%/%SOFTWARETYPE%</string> | |
| </array> | |
| </dict> | |
| <key>Processor</key> | |
| <string>PathDeleter</string> | |
| </dict> | |
| </array> | |
| </dict> | |
| </plist> |
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <plist version="1.0"> | |
| <dict> | |
| <key>Description</key> | |
| <string>Downloads the latest version of Postman and creates a signed installer package.</string> | |
| <key>Identifier</key> | |
| <string>net.trouton.pkg.postman</string> | |
| <key>Input</key> | |
| <dict> | |
| <key>NAME</key> | |
| <string>Postman</string> | |
| <key>VENDOR</key> | |
| <string>Postman</string> | |
| <key>SOFTWARETITLE</key> | |
| <string>Labs</string> | |
| <key>SOFTWARETYPE</key> | |
| <string>Postman</string> | |
| <key>SIGNINGCERTIFICATE</key> | |
| <string>Put_Signing_Certificate_into_AutoPkg_recipe_override</string> | |
| </dict> | |
| <key>MinimumVersion</key> | |
| <string>1.0.0</string> | |
| <key>ParentRecipe</key> | |
| <string>com.github.dataJAR-recipes.download.postman</string> | |
| <key>Process</key> | |
| <array> | |
| <dict> | |
| <key>Arguments</key> | |
| <dict> | |
| <key>predicate</key> | |
| <string>SIGNINGCERTIFICATE == "Put_Signing_Certificate_into_AutoPkg_recipe_override"</string> | |
| </dict> | |
| <key>Processor</key> | |
| <string>StopProcessingIf</string> | |
| </dict> | |
| <dict> | |
| <key>Processor</key> | |
| <string>PkgRootCreator</string> | |
| <key>Arguments</key> | |
| <dict> | |
| <key>pkgroot</key> | |
| <string>%RECIPE_CACHE_DIR%/%SOFTWARETYPE%</string> | |
| <key>pkgdirs</key> | |
| <dict> | |
| <key>Applications</key> | |
| <string>0755</string> | |
| </dict> | |
| </dict> | |
| </dict> | |
| <dict> | |
| <key>Processor</key> | |
| <string>Unarchiver</string> | |
| <key>Arguments</key> | |
| <dict> | |
| <key>archive_path</key> | |
| <string>%pathname%</string> | |
| <key>destination_path</key> | |
| <string>%pkgroot%/Applications</string> | |
| <key>purge_destination</key> | |
| <true /> | |
| </dict> | |
| </dict> | |
| <dict> | |
| <key>Processor</key> | |
| <string>Versioner</string> | |
| <key>Arguments</key> | |
| <dict> | |
| <key>input_plist_path</key> | |
| <string>%pkgroot%/Applications/%SOFTWARETYPE%.app/Contents/Info.plist</string> | |
| <key>plist_version_key</key> | |
| <string>CFBundleShortVersionString</string> | |
| </dict> | |
| </dict> | |
| <dict> | |
| <key>Processor</key> | |
| <string>PkgCreator</string> | |
| <key>Arguments</key> | |
| <dict> | |
| <key>pkgname</key> | |
| <string>%VENDOR%_%SOFTWARETITLE%_%SOFTWARETYPE%_%version%</string> | |
| <key>pkg_request</key> | |
| <dict> | |
| <key>version</key> | |
| <string>%version%</string> | |
| <key>id</key> | |
| <string>com.postmanlabs.mac</string> | |
| <key>options</key> | |
| <string>purge_ds_store</string> | |
| <key>chown</key> | |
| <array> | |
| <dict> | |
| <key>path</key> | |
| <string>Applications</string> | |
| <key>user</key> | |
| <string>root</string> | |
| <key>group</key> | |
| <string>wheel</string> | |
| </dict> | |
| </array> | |
| </dict> | |
| </dict> | |
| </dict> | |
| <dict> | |
| <key>Processor</key> | |
| <string>PkgSigner</string> | |
| <key>Arguments</key> | |
| <dict> | |
| <key>pkg_path</key> | |
| <string>%RECIPE_CACHE_DIR%/%VENDOR%_%SOFTWARETITLE%_%SOFTWARETYPE%_%version%.pkg</string> | |
| <key>signing_cert</key> | |
| <string>%SIGNINGCERTIFICATE%</string> | |
| </dict> | |
| </dict> | |
| <dict> | |
| <key>Arguments</key> | |
| <dict> | |
| <key>path_list</key> | |
| <array> | |
| <string>%RECIPE_CACHE_DIR%/%SOFTWARETYPE%</string> | |
| </array> | |
| </dict> | |
| <key>Processor</key> | |
| <string>PathDeleter</string> | |
| </dict> | |
| </array> | |
| </dict> | |
| </plist> |
An override of the recipe would be needed, in order to include the Fingerprint value from Signing Manager into the SIGNINGCERTIFICATE key’s value in the recipe override.
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <plist version="1.0"> | |
| <dict> | |
| <key>Identifier</key> | |
| <string>local.pkg.Postman</string> | |
| <key>Input</key> | |
| <dict> | |
| <key>DOWNLOAD_URL</key> | |
| <string>https://dl.pstmn.io/download/latest/osx</string> | |
| <key>NAME</key> | |
| <string>Postman</string> | |
| <key>SIGNINGCERTIFICATE</key> | |
| <string>4A72196F535A51A98FF2480132F024222B65060C</string> | |
| <key>SOFTWARETITLE</key> | |
| <string>Labs</string> | |
| <key>SOFTWARETYPE</key> | |
| <string>Postman</string> | |
| <key>VENDOR</key> | |
| <string>Postman</string> | |
| </dict> | |
| <key>ParentRecipe</key> | |
| <string>net.trouton.pkg.postman</string> | |
| <key>ParentRecipeTrustInfo</key> | |
| <dict> | |
| <key>non_core_processors</key> | |
| <dict> | |
| <key>PkgSigner</key> | |
| <dict> | |
| <key>git_hash</key> | |
| <string>3c6c09b14d63dfa4b40f737ee079bf1d3842aef5</string> | |
| <key>path</key> | |
| <string>~/Library/AutoPkg/RecipeRepos/com.github.rtrouton.signing_manager_autopkg_recipes/Postman/PkgSigner.py</string> | |
| <key>sha256_hash</key> | |
| <string>464d1756f190a0161a6a00358cd42042bcdb5213802624d9ac58d3e723877a56</string> | |
| </dict> | |
| </dict> | |
| <key>parent_recipes</key> | |
| <dict> | |
| <key>com.github.dataJAR-recipes.download.postman</key> | |
| <dict> | |
| <key>git_hash</key> | |
| <string>ec4d1a926dbec4bb4e1d44dbe425e2c771d18f37</string> | |
| <key>path</key> | |
| <string>~/Library/AutoPkg/RecipeRepos/com.github.autopkg.dataJAR-recipes/Postman/Postman.download.recipe</string> | |
| <key>sha256_hash</key> | |
| <string>6ce36a3ad1b99cd4804cd9acfbd16e1763d757c8d6d1aae44c10f4a992c7ba6b</string> | |
| </dict> | |
| <key>net.trouton.pkg.postman</key> | |
| <dict> | |
| <key>git_hash</key> | |
| <string>3c6c09b14d63dfa4b40f737ee079bf1d3842aef5</string> | |
| <key>path</key> | |
| <string>~/Library/AutoPkg/RecipeRepos/com.github.rtrouton.signing_manager_autopkg_recipes/Postman/Postman.pkg.recipe</string> | |
| <key>sha256_hash</key> | |
| <string>3aa55bc6b5af7417409b6a40e9ccdeb83e8c2e59ce4fe88bfbe35c044b235632</string> | |
| </dict> | |
| </dict> | |
| </dict> | |
| </dict> | |
| </plist> |
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <plist version="1.0"> | |
| <dict> | |
| <key>Identifier</key> | |
| <string>local.pkg.Postman</string> | |
| <key>Input</key> | |
| <dict> | |
| <key>DOWNLOAD_URL</key> | |
| <string>https://dl.pstmn.io/download/latest/osx</string> | |
| <key>NAME</key> | |
| <string>Postman</string> | |
| <key>SIGNINGCERTIFICATE</key> | |
| <string>4A72196F535A51A98FF2480132F024222B65060C</string> | |
| <key>SOFTWARETITLE</key> | |
| <string>Labs</string> | |
| <key>SOFTWARETYPE</key> | |
| <string>Postman</string> | |
| <key>VENDOR</key> | |
| <string>Postman</string> | |
| </dict> | |
| <key>ParentRecipe</key> | |
| <string>net.trouton.pkg.postman</string> | |
| <key>ParentRecipeTrustInfo</key> | |
| <dict> | |
| <key>non_core_processors</key> | |
| <dict> | |
| <key>PkgSigner</key> | |
| <dict> | |
| <key>git_hash</key> | |
| <string>3c6c09b14d63dfa4b40f737ee079bf1d3842aef5</string> | |
| <key>path</key> | |
| <string>~/Library/AutoPkg/RecipeRepos/com.github.rtrouton.signing_manager_autopkg_recipes/Postman/PkgSigner.py</string> | |
| <key>sha256_hash</key> | |
| <string>464d1756f190a0161a6a00358cd42042bcdb5213802624d9ac58d3e723877a56</string> | |
| </dict> | |
| </dict> | |
| <key>parent_recipes</key> | |
| <dict> | |
| <key>com.github.dataJAR-recipes.download.postman</key> | |
| <dict> | |
| <key>git_hash</key> | |
| <string>ec4d1a926dbec4bb4e1d44dbe425e2c771d18f37</string> | |
| <key>path</key> | |
| <string>~/Library/AutoPkg/RecipeRepos/com.github.autopkg.dataJAR-recipes/Postman/Postman.download.recipe</string> | |
| <key>sha256_hash</key> | |
| <string>6ce36a3ad1b99cd4804cd9acfbd16e1763d757c8d6d1aae44c10f4a992c7ba6b</string> | |
| </dict> | |
| <key>net.trouton.pkg.postman</key> | |
| <dict> | |
| <key>git_hash</key> | |
| <string>3c6c09b14d63dfa4b40f737ee079bf1d3842aef5</string> | |
| <key>path</key> | |
| <string>~/Library/AutoPkg/RecipeRepos/com.github.rtrouton.signing_manager_autopkg_recipes/Postman/Postman.pkg.recipe</string> | |
| <key>sha256_hash</key> | |
| <string>3aa55bc6b5af7417409b6a40e9ccdeb83e8c2e59ce4fe88bfbe35c044b235632</string> | |
| </dict> | |
| </dict> | |
| </dict> | |
| </dict> | |
| </plist> |
When the recipe override is run in verbose mode, the Fingerprint value shows up as the signing certificate used to successfully sign the certificate using the PkgSigner processor:
| Processing local.pkg.Postman… | |
| {'AUTOPKG_VERSION': '2.3.1', | |
| 'DOWNLOAD_URL': 'https://dl.pstmn.io/download/latest/osx', | |
| 'NAME': 'Postman', | |
| 'PARENT_RECIPES': ['/Users/username/Library/AutoPkg/RecipeRepos/com.github.rtrouton.signing_manager_autopkg_recipes/Postman/Postman.pkg.recipe', | |
| '/Users/username/Library/AutoPkg/RecipeRepos/com.github.autopkg.dataJAR-recipes/Postman/Postman.download.recipe'], | |
| 'RECIPE_CACHE_DIR': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman', | |
| 'RECIPE_DIR': '/Users/username/Library/AutoPkg/RecipeOverrides', | |
| 'RECIPE_OVERRIDE_DIRS': ['~/Library/AutoPkg/RecipeOverrides'], | |
| 'RECIPE_PATH': '/Users/username/Library/AutoPkg/RecipeOverrides/Postman.pkg.recipe', | |
| 'RECIPE_REPOS': {'/Users/username/Library/AutoPkg/RecipeRepos/com.github.autopkg.dataJAR-recipes': {'URL': 'https://github.com/autopkg/dataJAR-recipes'}, | |
| '/Users/username/Library/AutoPkg/RecipeRepos/com.github.autopkg.hjuutilainen-recipes': {'URL': 'https://github.com/autopkg/hjuutilainen-recipes'}, | |
| '/Users/username/Library/AutoPkg/RecipeRepos/com.github.rtrouton.signing_manager_autopkg_recipes': {'URL': 'https://github.com/rtrouton/signing_manager_autopkg_recipes'}}, | |
| 'RECIPE_SEARCH_DIRS': ['.', | |
| '~/Library/AutoPkg/Recipes', | |
| '/Library/AutoPkg/Recipes', | |
| '/Users/username/Library/AutoPkg/RecipeRepos/com.github.rtrouton.signing_manager_autopkg_recipes', | |
| '/Users/username/Library/AutoPkg/RecipeRepos/com.github.autopkg.hjuutilainen-recipes', | |
| '/Users/username/Library/AutoPkg/RecipeRepos/com.github.autopkg.dataJAR-recipes', | |
| '/Users/username/Library/AutoPkg/RecipeOverrides', | |
| '/Users/username/Library/AutoPkg/RecipeRepos/com.github.rtrouton.signing_manager_autopkg_recipes/Postman', | |
| '/Users/username/Library/AutoPkg/RecipeRepos/com.github.rtrouton.signing_manager_autopkg_recipes/Postman', | |
| '/Users/username/Library/AutoPkg/RecipeRepos/com.github.rtrouton.signing_manager_autopkg_recipes/Postman'], | |
| 'SIGNINGCERTIFICATE': '4A72196F535A51A98FF2480132F024222B65060C', | |
| 'SOFTWARETITLE': 'Labs', | |
| 'SOFTWARETYPE': 'Postman', | |
| 'VENDOR': 'Postman', | |
| 'verbose': 4} | |
| URLDownloader | |
| {'Input': {'filename': 'Postman.zip', | |
| 'url': 'https://dl.pstmn.io/download/latest/osx'}} | |
| URLDownloader: No value supplied for prefetch_filename, setting default value of: False | |
| URLDownloader: No value supplied for CHECK_FILESIZE_ONLY, setting default value of: False | |
| URLDownloader: Curl command: ['/usr/bin/curl', '–silent', '–show-error', '–no-buffer', '–dump-header', '-', '–speed-time', '30', '–location', '–url', 'https://dl.pstmn.io/download/latest/osx', '–fail', '–output', '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/downloads/tmpgnvvfjc8'] | |
| URLDownloader: Downloaded /Users/username/Library/AutoPkg/Cache/local.pkg.Postman/downloads/Postman.zip | |
| {'Output': {'download_changed': True, | |
| 'pathname': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/downloads/Postman.zip', | |
| 'url_downloader_summary_result': {'data': {'download_path': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/downloads/Postman.zip'}, | |
| 'summary_text': 'The following ' | |
| 'new items were ' | |
| 'downloaded:'}}} | |
| EndOfCheckPhase | |
| {'Input': {}} | |
| {'Output': {}} | |
| Unarchiver | |
| {'Input': {'archive_path': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/downloads/Postman.zip', | |
| 'destination_path': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman', | |
| 'purge_destination': True}} | |
| Unarchiver: No value supplied for USE_PYTHON_NATIVE_EXTRACTOR, setting default value of: False | |
| Unarchiver: Guessed archive format 'zip' from filename Postman.zip | |
| Unarchiver: Unarchived /Users/username/Library/AutoPkg/Cache/local.pkg.Postman/downloads/Postman.zip to /Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman | |
| {'Output': {}} | |
| CodeSignatureVerifier | |
| {'Input': {'input_path': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman/Postman.app', | |
| 'requirement': 'identifier "com.postmanlabs.mac" and anchor apple ' | |
| 'generic and certificate ' | |
| '1[field.1.2.840.113635.100.6.2.6] /* exists */ and ' | |
| 'certificate leaf[field.1.2.840.113635.100.6.1.13] ' | |
| '/* exists */ and certificate leaf[subject.OU] = ' | |
| 'H7H8Q7M5CK'}} | |
| CodeSignatureVerifier: Verifying code signature… | |
| CodeSignatureVerifier: Deep verification enabled… | |
| CodeSignatureVerifier: Strict verification not defined. Using codesign defaults… | |
| CodeSignatureVerifier: /Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman/Postman.app: valid on disk | |
| CodeSignatureVerifier: /Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman/Postman.app: satisfies its Designated Requirement | |
| CodeSignatureVerifier: /Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman/Postman.app: explicit requirement satisfied | |
| CodeSignatureVerifier: Signature is valid | |
| {'Output': {}} | |
| Versioner | |
| {'Input': {'input_plist_path': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman/Postman.app/Contents/Info.plist', | |
| 'plist_version_key': 'CFBundleShortVersionString'}} | |
| Versioner: No value supplied for skip_single_root_dir, setting default value of: False | |
| Versioner: Found version 8.0.6 in file /Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman/Postman.app/Contents/Info.plist | |
| {'Output': {'version': '8.0.6'}} | |
| StopProcessingIf | |
| {'Input': {'predicate': 'SIGNINGCERTIFICATE == ' | |
| '"Put_Signing_Certificate_into_AutoPkg_recipe_override"'}} | |
| StopProcessingIf: (SIGNINGCERTIFICATE == "Put_Signing_Certificate_into_AutoPkg_recipe_override") is False | |
| {'Output': {}} | |
| PkgRootCreator | |
| {'Input': {'pkgdirs': {'Applications': '0755'}, | |
| 'pkgroot': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman'}} | |
| PkgRootCreator: Created /Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman | |
| PkgRootCreator: Creating Applications | |
| PkgRootCreator: Created /Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman/Applications | |
| {'Output': {}} | |
| Unarchiver | |
| {'Input': {'USE_PYTHON_NATIVE_EXTRACTOR': False, | |
| 'archive_path': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/downloads/Postman.zip', | |
| 'destination_path': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman/Applications', | |
| 'purge_destination': True}} | |
| Unarchiver: Guessed archive format 'zip' from filename Postman.zip | |
| Unarchiver: Unarchived /Users/username/Library/AutoPkg/Cache/local.pkg.Postman/downloads/Postman.zip to /Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman/Applications | |
| {'Output': {}} | |
| Versioner | |
| {'Input': {'input_plist_path': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman/Applications/Postman.app/Contents/Info.plist', | |
| 'plist_version_key': 'CFBundleShortVersionString', | |
| 'skip_single_root_dir': False}} | |
| Versioner: Found version 8.0.6 in file /Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman/Applications/Postman.app/Contents/Info.plist | |
| {'Output': {'version': '8.0.6'}} | |
| PkgCreator | |
| {'Input': {'pkg_request': {'chown': [{'group': 'wheel', | |
| 'path': 'Applications', | |
| 'user': 'root'}], | |
| 'id': 'com.postmanlabs.mac', | |
| 'options': 'purge_ds_store', | |
| 'version': '8.0.6'}}} | |
| PkgCreator: Connecting | |
| PkgCreator: Sending packaging request | |
| PkgCreator: Disconnecting | |
| PkgCreator: Failed to close socket: [Errno 9] Bad file descriptor | |
| {'Output': {'new_package_request': True, | |
| 'pkg_creator_summary_result': {'data': {'identifier': 'com.postmanlabs.mac', | |
| 'pkg_path': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman_Labs_Postman_8.0.6.pkg', | |
| 'version': '8.0.6'}, | |
| 'report_fields': ['identifier', | |
| 'version', | |
| 'pkg_path'], | |
| 'summary_text': 'The following ' | |
| 'packages were ' | |
| 'built:'}, | |
| 'pkg_path': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman_Labs_Postman_8.0.6.pkg'}} | |
| PkgSigner | |
| {'Input': {'pkg_path': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman_Labs_Postman_8.0.6.pkg', | |
| 'signing_cert': '4A72196F535A51A98FF2480132F024222B65060C'}} | |
| ['/usr/bin/productsign', '–sign', '4A72196F535A51A98FF2480132F024222B65060C', '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman_Labs_Postman_8.0.6-unsigned.pkg', '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman_Labs_Postman_8.0.6.pkg'] | |
| productsign: signing product with identity "Package Signing" from keychain (null) | |
| productsign: adding certificate "ca.twocanoes.com" | |
| productsign: Wrote signed product archive to /Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman_Labs_Postman_8.0.6.pkg | |
| {'Output': {'pkg_path': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman_Labs_Postman_8.0.6.pkg'}} | |
| PathDeleter | |
| {'Input': {'path_list': ['/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman']}} | |
| PathDeleter: Deleted /Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman | |
| {'Output': {}} | |
| {'AUTOPKG_VERSION': '2.3.1', | |
| 'CHECK_FILESIZE_ONLY': False, | |
| 'DOWNLOAD_URL': 'https://dl.pstmn.io/download/latest/osx', | |
| 'NAME': 'Postman', | |
| 'PARENT_RECIPES': ['/Users/username/Library/AutoPkg/RecipeRepos/com.github.rtrouton.signing_manager_autopkg_recipes/Postman/Postman.pkg.recipe', | |
| '/Users/username/Library/AutoPkg/RecipeRepos/com.github.autopkg.dataJAR-recipes/Postman/Postman.download.recipe'], | |
| 'RECIPE_CACHE_DIR': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman', | |
| 'RECIPE_DIR': '/Users/username/Library/AutoPkg/RecipeOverrides', | |
| 'RECIPE_OVERRIDE_DIRS': ['~/Library/AutoPkg/RecipeOverrides'], | |
| 'RECIPE_PATH': '/Users/username/Library/AutoPkg/RecipeOverrides/Postman.pkg.recipe', | |
| 'RECIPE_REPOS': {'/Users/username/Library/AutoPkg/RecipeRepos/com.github.autopkg.dataJAR-recipes': {'URL': 'https://github.com/autopkg/dataJAR-recipes'}, | |
| '/Users/username/Library/AutoPkg/RecipeRepos/com.github.autopkg.hjuutilainen-recipes': {'URL': 'https://github.com/autopkg/hjuutilainen-recipes'}, | |
| '/Users/username/Library/AutoPkg/RecipeRepos/com.github.rtrouton.signing_manager_autopkg_recipes': {'URL': 'https://github.com/rtrouton/signing_manager_autopkg_recipes'}}, | |
| 'RECIPE_SEARCH_DIRS': ['.', | |
| '~/Library/AutoPkg/Recipes', | |
| '/Library/AutoPkg/Recipes', | |
| '/Users/username/Library/AutoPkg/RecipeRepos/com.github.rtrouton.signing_manager_autopkg_recipes', | |
| '/Users/username/Library/AutoPkg/RecipeRepos/com.github.autopkg.hjuutilainen-recipes', | |
| '/Users/username/Library/AutoPkg/RecipeRepos/com.github.autopkg.dataJAR-recipes', | |
| '/Users/username/Library/AutoPkg/RecipeOverrides', | |
| '/Users/username/Library/AutoPkg/RecipeRepos/com.github.rtrouton.signing_manager_autopkg_recipes/Postman', | |
| '/Users/username/Library/AutoPkg/RecipeRepos/com.github.rtrouton.signing_manager_autopkg_recipes/Postman', | |
| '/Users/username/Library/AutoPkg/RecipeRepos/com.github.rtrouton.signing_manager_autopkg_recipes/Postman'], | |
| 'SIGNINGCERTIFICATE': '4A72196F535A51A98FF2480132F024222B65060C', | |
| 'SOFTWARETITLE': 'Labs', | |
| 'SOFTWARETYPE': 'Postman', | |
| 'USE_PYTHON_NATIVE_EXTRACTOR': False, | |
| 'VENDOR': 'Postman', | |
| 'archive_path': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/downloads/Postman.zip', | |
| 'destination_path': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman/Applications', | |
| 'download_changed': True, | |
| 'etag': '', | |
| 'filename': 'Postman.zip', | |
| 'input_path': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman/Postman.app', | |
| 'input_plist_path': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman/Applications/Postman.app/Contents/Info.plist', | |
| 'last_modified': '', | |
| 'new_package_request': True, | |
| 'path_list': ['/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman'], | |
| 'pathname': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/downloads/Postman.zip', | |
| 'pkg_creator_summary_result': {'data': {'identifier': 'com.postmanlabs.mac', | |
| 'pkg_path': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman_Labs_Postman_8.0.6.pkg', | |
| 'version': '8.0.6'}, | |
| 'report_fields': ['identifier', | |
| 'version', | |
| 'pkg_path'], | |
| 'summary_text': 'The following packages were ' | |
| 'built:'}, | |
| 'pkg_path': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman_Labs_Postman_8.0.6.pkg', | |
| 'pkg_request': {'chown': [{'group': 'wheel', | |
| 'path': 'Applications', | |
| 'user': 'root'}], | |
| 'id': 'com.postmanlabs.mac', | |
| 'infofile': '', | |
| 'options': 'purge_ds_store', | |
| 'pkgdir': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman', | |
| 'pkgname': 'Postman_Labs_Postman_8.0.6', | |
| 'pkgroot': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman', | |
| 'pkgtype': 'flat', | |
| 'resources': '', | |
| 'scripts': '', | |
| 'version': '8.0.6'}, | |
| 'pkgdirs': {'Applications': '0755'}, | |
| 'pkgname': 'Postman_Labs_Postman_8.0.6', | |
| 'pkgroot': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman', | |
| 'plist_version_key': 'CFBundleShortVersionString', | |
| 'predicate': 'SIGNINGCERTIFICATE == ' | |
| '"Put_Signing_Certificate_into_AutoPkg_recipe_override"', | |
| 'prefetch_filename': False, | |
| 'purge_destination': True, | |
| 'requirement': 'identifier "com.postmanlabs.mac" and anchor apple generic and ' | |
| 'certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ ' | |
| 'and certificate leaf[field.1.2.840.113635.100.6.1.13] /* ' | |
| 'exists */ and certificate leaf[subject.OU] = H7H8Q7M5CK', | |
| 'signing_cert': '4A72196F535A51A98FF2480132F024222B65060C', | |
| 'skip_single_root_dir': False, | |
| 'stop_processing_recipe': False, | |
| 'url': 'https://dl.pstmn.io/download/latest/osx', | |
| 'url_downloader_summary_result': {'data': {'download_path': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/downloads/Postman.zip'}, | |
| 'summary_text': 'The following new items ' | |
| 'were downloaded:'}, | |
| 'verbose': 4, | |
| 'version': '8.0.6'} | |
| Receipt written to /Users/username/Library/AutoPkg/Cache/local.pkg.Postman/receipts/local.pkg-receipt-20210305-130108.plist | |
| The following new items were downloaded: | |
| Download Path | |
| ————- | |
| /Users/username/Library/AutoPkg/Cache/local.pkg.Postman/downloads/Postman.zip | |
| The following packages were built: | |
| Identifier Version Pkg Path | |
| ———- ——- ——– | |
| com.postmanlabs.mac 8.0.6 /Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman_Labs_Postman_8.0.6.pkg |
| Processing local.pkg.Postman… | |
| {'AUTOPKG_VERSION': '2.3.1', | |
| 'DOWNLOAD_URL': 'https://dl.pstmn.io/download/latest/osx', | |
| 'NAME': 'Postman', | |
| 'PARENT_RECIPES': ['/Users/username/Library/AutoPkg/RecipeRepos/com.github.rtrouton.signing_manager_autopkg_recipes/Postman/Postman.pkg.recipe', | |
| '/Users/username/Library/AutoPkg/RecipeRepos/com.github.autopkg.dataJAR-recipes/Postman/Postman.download.recipe'], | |
| 'RECIPE_CACHE_DIR': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman', | |
| 'RECIPE_DIR': '/Users/username/Library/AutoPkg/RecipeOverrides', | |
| 'RECIPE_OVERRIDE_DIRS': ['~/Library/AutoPkg/RecipeOverrides'], | |
| 'RECIPE_PATH': '/Users/username/Library/AutoPkg/RecipeOverrides/Postman.pkg.recipe', | |
| 'RECIPE_REPOS': {'/Users/username/Library/AutoPkg/RecipeRepos/com.github.autopkg.dataJAR-recipes': {'URL': 'https://github.com/autopkg/dataJAR-recipes'}, | |
| '/Users/username/Library/AutoPkg/RecipeRepos/com.github.autopkg.hjuutilainen-recipes': {'URL': 'https://github.com/autopkg/hjuutilainen-recipes'}, | |
| '/Users/username/Library/AutoPkg/RecipeRepos/com.github.rtrouton.signing_manager_autopkg_recipes': {'URL': 'https://github.com/rtrouton/signing_manager_autopkg_recipes'}}, | |
| 'RECIPE_SEARCH_DIRS': ['.', | |
| '~/Library/AutoPkg/Recipes', | |
| '/Library/AutoPkg/Recipes', | |
| '/Users/username/Library/AutoPkg/RecipeRepos/com.github.rtrouton.signing_manager_autopkg_recipes', | |
| '/Users/username/Library/AutoPkg/RecipeRepos/com.github.autopkg.hjuutilainen-recipes', | |
| '/Users/username/Library/AutoPkg/RecipeRepos/com.github.autopkg.dataJAR-recipes', | |
| '/Users/username/Library/AutoPkg/RecipeOverrides', | |
| '/Users/username/Library/AutoPkg/RecipeRepos/com.github.rtrouton.signing_manager_autopkg_recipes/Postman', | |
| '/Users/username/Library/AutoPkg/RecipeRepos/com.github.rtrouton.signing_manager_autopkg_recipes/Postman', | |
| '/Users/username/Library/AutoPkg/RecipeRepos/com.github.rtrouton.signing_manager_autopkg_recipes/Postman'], | |
| 'SIGNINGCERTIFICATE': '4A72196F535A51A98FF2480132F024222B65060C', | |
| 'SOFTWARETITLE': 'Labs', | |
| 'SOFTWARETYPE': 'Postman', | |
| 'VENDOR': 'Postman', | |
| 'verbose': 4} | |
| URLDownloader | |
| {'Input': {'filename': 'Postman.zip', | |
| 'url': 'https://dl.pstmn.io/download/latest/osx'}} | |
| URLDownloader: No value supplied for prefetch_filename, setting default value of: False | |
| URLDownloader: No value supplied for CHECK_FILESIZE_ONLY, setting default value of: False | |
| URLDownloader: Curl command: ['/usr/bin/curl', '–silent', '–show-error', '–no-buffer', '–dump-header', '-', '–speed-time', '30', '–location', '–url', 'https://dl.pstmn.io/download/latest/osx', '–fail', '–output', '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/downloads/tmpgnvvfjc8'] | |
| URLDownloader: Downloaded /Users/username/Library/AutoPkg/Cache/local.pkg.Postman/downloads/Postman.zip | |
| {'Output': {'download_changed': True, | |
| 'pathname': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/downloads/Postman.zip', | |
| 'url_downloader_summary_result': {'data': {'download_path': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/downloads/Postman.zip'}, | |
| 'summary_text': 'The following ' | |
| 'new items were ' | |
| 'downloaded:'}}} | |
| EndOfCheckPhase | |
| {'Input': {}} | |
| {'Output': {}} | |
| Unarchiver | |
| {'Input': {'archive_path': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/downloads/Postman.zip', | |
| 'destination_path': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman', | |
| 'purge_destination': True}} | |
| Unarchiver: No value supplied for USE_PYTHON_NATIVE_EXTRACTOR, setting default value of: False | |
| Unarchiver: Guessed archive format 'zip' from filename Postman.zip | |
| Unarchiver: Unarchived /Users/username/Library/AutoPkg/Cache/local.pkg.Postman/downloads/Postman.zip to /Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman | |
| {'Output': {}} | |
| CodeSignatureVerifier | |
| {'Input': {'input_path': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman/Postman.app', | |
| 'requirement': 'identifier "com.postmanlabs.mac" and anchor apple ' | |
| 'generic and certificate ' | |
| '1[field.1.2.840.113635.100.6.2.6] /* exists */ and ' | |
| 'certificate leaf[field.1.2.840.113635.100.6.1.13] ' | |
| '/* exists */ and certificate leaf[subject.OU] = ' | |
| 'H7H8Q7M5CK'}} | |
| CodeSignatureVerifier: Verifying code signature… | |
| CodeSignatureVerifier: Deep verification enabled… | |
| CodeSignatureVerifier: Strict verification not defined. Using codesign defaults… | |
| CodeSignatureVerifier: /Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman/Postman.app: valid on disk | |
| CodeSignatureVerifier: /Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman/Postman.app: satisfies its Designated Requirement | |
| CodeSignatureVerifier: /Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman/Postman.app: explicit requirement satisfied | |
| CodeSignatureVerifier: Signature is valid | |
| {'Output': {}} | |
| Versioner | |
| {'Input': {'input_plist_path': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman/Postman.app/Contents/Info.plist', | |
| 'plist_version_key': 'CFBundleShortVersionString'}} | |
| Versioner: No value supplied for skip_single_root_dir, setting default value of: False | |
| Versioner: Found version 8.0.6 in file /Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman/Postman.app/Contents/Info.plist | |
| {'Output': {'version': '8.0.6'}} | |
| StopProcessingIf | |
| {'Input': {'predicate': 'SIGNINGCERTIFICATE == ' | |
| '"Put_Signing_Certificate_into_AutoPkg_recipe_override"'}} | |
| StopProcessingIf: (SIGNINGCERTIFICATE == "Put_Signing_Certificate_into_AutoPkg_recipe_override") is False | |
| {'Output': {}} | |
| PkgRootCreator | |
| {'Input': {'pkgdirs': {'Applications': '0755'}, | |
| 'pkgroot': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman'}} | |
| PkgRootCreator: Created /Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman | |
| PkgRootCreator: Creating Applications | |
| PkgRootCreator: Created /Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman/Applications | |
| {'Output': {}} | |
| Unarchiver | |
| {'Input': {'USE_PYTHON_NATIVE_EXTRACTOR': False, | |
| 'archive_path': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/downloads/Postman.zip', | |
| 'destination_path': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman/Applications', | |
| 'purge_destination': True}} | |
| Unarchiver: Guessed archive format 'zip' from filename Postman.zip | |
| Unarchiver: Unarchived /Users/username/Library/AutoPkg/Cache/local.pkg.Postman/downloads/Postman.zip to /Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman/Applications | |
| {'Output': {}} | |
| Versioner | |
| {'Input': {'input_plist_path': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman/Applications/Postman.app/Contents/Info.plist', | |
| 'plist_version_key': 'CFBundleShortVersionString', | |
| 'skip_single_root_dir': False}} | |
| Versioner: Found version 8.0.6 in file /Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman/Applications/Postman.app/Contents/Info.plist | |
| {'Output': {'version': '8.0.6'}} | |
| PkgCreator | |
| {'Input': {'pkg_request': {'chown': [{'group': 'wheel', | |
| 'path': 'Applications', | |
| 'user': 'root'}], | |
| 'id': 'com.postmanlabs.mac', | |
| 'options': 'purge_ds_store', | |
| 'version': '8.0.6'}}} | |
| PkgCreator: Connecting | |
| PkgCreator: Sending packaging request | |
| PkgCreator: Disconnecting | |
| PkgCreator: Failed to close socket: [Errno 9] Bad file descriptor | |
| {'Output': {'new_package_request': True, | |
| 'pkg_creator_summary_result': {'data': {'identifier': 'com.postmanlabs.mac', | |
| 'pkg_path': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman_Labs_Postman_8.0.6.pkg', | |
| 'version': '8.0.6'}, | |
| 'report_fields': ['identifier', | |
| 'version', | |
| 'pkg_path'], | |
| 'summary_text': 'The following ' | |
| 'packages were ' | |
| 'built:'}, | |
| 'pkg_path': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman_Labs_Postman_8.0.6.pkg'}} | |
| PkgSigner | |
| {'Input': {'pkg_path': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman_Labs_Postman_8.0.6.pkg', | |
| 'signing_cert': '4A72196F535A51A98FF2480132F024222B65060C'}} | |
| ['/usr/bin/productsign', '–sign', '4A72196F535A51A98FF2480132F024222B65060C', '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman_Labs_Postman_8.0.6-unsigned.pkg', '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman_Labs_Postman_8.0.6.pkg'] | |
| productsign: signing product with identity "Package Signing" from keychain (null) | |
| productsign: adding certificate "ca.twocanoes.com" | |
| productsign: Wrote signed product archive to /Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman_Labs_Postman_8.0.6.pkg | |
| {'Output': {'pkg_path': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman_Labs_Postman_8.0.6.pkg'}} | |
| PathDeleter | |
| {'Input': {'path_list': ['/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman']}} | |
| PathDeleter: Deleted /Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman | |
| {'Output': {}} | |
| {'AUTOPKG_VERSION': '2.3.1', | |
| 'CHECK_FILESIZE_ONLY': False, | |
| 'DOWNLOAD_URL': 'https://dl.pstmn.io/download/latest/osx', | |
| 'NAME': 'Postman', | |
| 'PARENT_RECIPES': ['/Users/username/Library/AutoPkg/RecipeRepos/com.github.rtrouton.signing_manager_autopkg_recipes/Postman/Postman.pkg.recipe', | |
| '/Users/username/Library/AutoPkg/RecipeRepos/com.github.autopkg.dataJAR-recipes/Postman/Postman.download.recipe'], | |
| 'RECIPE_CACHE_DIR': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman', | |
| 'RECIPE_DIR': '/Users/username/Library/AutoPkg/RecipeOverrides', | |
| 'RECIPE_OVERRIDE_DIRS': ['~/Library/AutoPkg/RecipeOverrides'], | |
| 'RECIPE_PATH': '/Users/username/Library/AutoPkg/RecipeOverrides/Postman.pkg.recipe', | |
| 'RECIPE_REPOS': {'/Users/username/Library/AutoPkg/RecipeRepos/com.github.autopkg.dataJAR-recipes': {'URL': 'https://github.com/autopkg/dataJAR-recipes'}, | |
| '/Users/username/Library/AutoPkg/RecipeRepos/com.github.autopkg.hjuutilainen-recipes': {'URL': 'https://github.com/autopkg/hjuutilainen-recipes'}, | |
| '/Users/username/Library/AutoPkg/RecipeRepos/com.github.rtrouton.signing_manager_autopkg_recipes': {'URL': 'https://github.com/rtrouton/signing_manager_autopkg_recipes'}}, | |
| 'RECIPE_SEARCH_DIRS': ['.', | |
| '~/Library/AutoPkg/Recipes', | |
| '/Library/AutoPkg/Recipes', | |
| '/Users/username/Library/AutoPkg/RecipeRepos/com.github.rtrouton.signing_manager_autopkg_recipes', | |
| '/Users/username/Library/AutoPkg/RecipeRepos/com.github.autopkg.hjuutilainen-recipes', | |
| '/Users/username/Library/AutoPkg/RecipeRepos/com.github.autopkg.dataJAR-recipes', | |
| '/Users/username/Library/AutoPkg/RecipeOverrides', | |
| '/Users/username/Library/AutoPkg/RecipeRepos/com.github.rtrouton.signing_manager_autopkg_recipes/Postman', | |
| '/Users/username/Library/AutoPkg/RecipeRepos/com.github.rtrouton.signing_manager_autopkg_recipes/Postman', | |
| '/Users/username/Library/AutoPkg/RecipeRepos/com.github.rtrouton.signing_manager_autopkg_recipes/Postman'], | |
| 'SIGNINGCERTIFICATE': '4A72196F535A51A98FF2480132F024222B65060C', | |
| 'SOFTWARETITLE': 'Labs', | |
| 'SOFTWARETYPE': 'Postman', | |
| 'USE_PYTHON_NATIVE_EXTRACTOR': False, | |
| 'VENDOR': 'Postman', | |
| 'archive_path': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/downloads/Postman.zip', | |
| 'destination_path': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman/Applications', | |
| 'download_changed': True, | |
| 'etag': '', | |
| 'filename': 'Postman.zip', | |
| 'input_path': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman/Postman.app', | |
| 'input_plist_path': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman/Applications/Postman.app/Contents/Info.plist', | |
| 'last_modified': '', | |
| 'new_package_request': True, | |
| 'path_list': ['/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman'], | |
| 'pathname': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/downloads/Postman.zip', | |
| 'pkg_creator_summary_result': {'data': {'identifier': 'com.postmanlabs.mac', | |
| 'pkg_path': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman_Labs_Postman_8.0.6.pkg', | |
| 'version': '8.0.6'}, | |
| 'report_fields': ['identifier', | |
| 'version', | |
| 'pkg_path'], | |
| 'summary_text': 'The following packages were ' | |
| 'built:'}, | |
| 'pkg_path': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman_Labs_Postman_8.0.6.pkg', | |
| 'pkg_request': {'chown': [{'group': 'wheel', | |
| 'path': 'Applications', | |
| 'user': 'root'}], | |
| 'id': 'com.postmanlabs.mac', | |
| 'infofile': '', | |
| 'options': 'purge_ds_store', | |
| 'pkgdir': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman', | |
| 'pkgname': 'Postman_Labs_Postman_8.0.6', | |
| 'pkgroot': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman', | |
| 'pkgtype': 'flat', | |
| 'resources': '', | |
| 'scripts': '', | |
| 'version': '8.0.6'}, | |
| 'pkgdirs': {'Applications': '0755'}, | |
| 'pkgname': 'Postman_Labs_Postman_8.0.6', | |
| 'pkgroot': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman', | |
| 'plist_version_key': 'CFBundleShortVersionString', | |
| 'predicate': 'SIGNINGCERTIFICATE == ' | |
| '"Put_Signing_Certificate_into_AutoPkg_recipe_override"', | |
| 'prefetch_filename': False, | |
| 'purge_destination': True, | |
| 'requirement': 'identifier "com.postmanlabs.mac" and anchor apple generic and ' | |
| 'certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ ' | |
| 'and certificate leaf[field.1.2.840.113635.100.6.1.13] /* ' | |
| 'exists */ and certificate leaf[subject.OU] = H7H8Q7M5CK', | |
| 'signing_cert': '4A72196F535A51A98FF2480132F024222B65060C', | |
| 'skip_single_root_dir': False, | |
| 'stop_processing_recipe': False, | |
| 'url': 'https://dl.pstmn.io/download/latest/osx', | |
| 'url_downloader_summary_result': {'data': {'download_path': '/Users/username/Library/AutoPkg/Cache/local.pkg.Postman/downloads/Postman.zip'}, | |
| 'summary_text': 'The following new items ' | |
| 'were downloaded:'}, | |
| 'verbose': 4, | |
| 'version': '8.0.6'} | |
| Receipt written to /Users/username/Library/AutoPkg/Cache/local.pkg.Postman/receipts/local.pkg-receipt-20210305-130108.plist | |
| The following new items were downloaded: | |
| Download Path | |
| ————- | |
| /Users/username/Library/AutoPkg/Cache/local.pkg.Postman/downloads/Postman.zip | |
| The following packages were built: | |
| Identifier Version Pkg Path | |
| ———- ——- ——– | |
| com.postmanlabs.mac 8.0.6 /Users/username/Library/AutoPkg/Cache/local.pkg.Postman/Postman_Labs_Postman_8.0.6.pkg |
By itself, Signing Manager is an amazing tool. For those interested in using AutoPkg on a cloud service or as part of a continuous integration workflow, it opens up all kinds of possibilities because it means it’s no longer necessary to have one or multiple copies of your signing certificates on the same Macs where you’re running AutoPkg. Now you can have your signing certificate stored in a secured central place and also have it available on-demand to remote clients in a secure manner.