Unsigned package deployment

Asifahmed
New Contributor III

I want to deploy a .jpg file in a customized path on macOS, /Library/MyCompany/logo.jpg 

Now on my test mac I placed the .jpg on the mentioned path and using by composer I did drag and drop the entire path and built as .pkg. Now if I deploy it through JAMF Pro, it will create any issue or better to sign this package using by Jamf Pro's built-in certificate downloading it from Jamf Settings/PKI Settings and install cert and make it trust in system keychain and sign using by Jamf Composer when going to build the package and then deploy it. Which is correct?

Instead of using Jamf Pro to deploy the package if I try to install the unsigned .pkg it will create any issue on different mac?

6 REPLIES 6

TrentO
Contributor II

Generally, deploying unsigned pkgs via Jamf isn't an issue as Jamf uses a local binary to perform the install instead of the MDM command (unless deploying as part of a prestage). So as long as you are deploying via a policy, it should work the same if it's signed or unsigned. 

AJPinto
Honored Contributor II

With JAMF Pro you do not need to sign packages, JAMF Pro will sign them in flight. You can sign packages if you want, it wont help or hurt anything. Other tools like JAMF Now do not sign packages. So you need to manually sign packages before uploading to JAMF Now.

 

The only things you really need to sign with JAMF Pro are Configuration Profiles you create manually. Especially if the Configuration Profile uses Payloads that JAMF Pro does not have as JAMF Pro will screw with or strip the payload all together. 

Asifahmed
New Contributor III

If I build the package and do not sign the package by composer and copy to different mac and start the installation manually(Double clicking on it) then it will create any issue?

AJPinto
Honored Contributor II

Why don't you test it? Every application is different, 99% of the time unless its an appstore app, once packaged the app will install on any device happily. However you should be testing everything you do before you cut it lose on devices.

Asifahmed
New Contributor III

make sense now, thanks.

gabester
Contributor III

Also FYI - you can distribute content via Jamf Pro as zip files instead; for something like a single image like this you might be best served by caching the zip file then relying on a script to verify the zip file is in the /Library/Application\ Support/JAMF/Waiting\ Room then unzip it into the right place. Quick and dirty and you won't have to worry about building and signing a PKG. 

Or, since it's a single image file you could just use a Policy with just a Files and Processes payload leveraging the Execute Command function to curl down your JPG from a webserver where you can host it. Again no need to worry about building or signing packages or DMGs.

Example curl (imagine this is all on one line...):

 

/usr/bin curl -C - "https://your.tld/path/to/source.jpg" -o /Library/MyCompany/logo.jpg