Posted on 01-24-2018 12:01 PM
So, I go to login and get the latest version of the Packager and ran into the fact that Adobe seems to make the Packager much harder to find. Ultimately I did find it but that's not the point of this post. Apparently there is a new feature when I can click a couple of things in the admin console and Adobe will build my deployment-ready package. I found myself snarking "let's just see what happens". In short it seems to work, BUT, because it builds the package out in Internet land and then lets you download it for a short time you download it and it's not signed anyone and like most people, we only let signed packages run.
In short this is more of a grunting email. Apparently now, we can use nifty new web tools to create the package, but apparently Adobe doesn't go through the added effort to make a flat package or sign the silly thing.
Does anyone else have to go through this or am I doing something wrong? I did some checking, packages built by the old Packager were not signed either but I never ran into a cert issue previously, even on High Sierra.
Strange...interested in hearing other Adobe rants.
Posted on 01-24-2018 04:31 PM
I've also had the fun opportunity to work with Adobe packages and licensing, maybe more than any person should in their lifetime. We also just recently switched from enterprise serial numbers to named user licensing.
You're correct that Packager (CCP) and the packages created in the Admin Console are not signed and are non-flat, and I don't believe they ever were in previous versions, like you said.
I haven't found an easy way to convert a non-flat package to a flat package, and sign it for that matter. If someone knows of one, then I'm all ears. When I was deploying individual installers from Self Service before, I would compress the non-flat packages into ZIPs or wrap them in DMGs and deploy that way.
I believe I've always gotten the gatekeeper message about the package not being signed for all of the unsigned packages that CCP creates. The only times that I have not are if installing by some other means like terminal or Casper/Jamf Pro. Is that the cert issue that you're referring to, or something else?
You've probably already found this out, but if you're using a serial number, then the packages from the console are not licensed with it. But obviously CCP can make the serialized packages, which I think is one of the main differences. You can always create a serializer with CCP and run it on the packages from the console though. If you're already using named user licensing, then this licensing piece probably doesn't matter.
If it works for your environment, then I'd suggest using the Creative Cloud Desktop Application to allow your users to get the CC applications. The Desktop App may save you guys the pains of packaging and deploying individual CC installers as well. It's also available in the Admin Console as a pre-packaged template to build the package there, or you can build it in CCP. I'd recommend using one of those methods instead of having users download it directly from Adobe, because the packaged Desktop App from the Console or CCP allows your non-admin users to install and update the CC applications after the Desktop App is installed.