Skip to main content

Apple Notarisation and Custom PKG Installers

Description

Apple has introduced notarisation as a requirement for installation of PKGs on macOS with macOS version 10.15. Notarisation status can be determined in two ways : 

  • Offline: cryptographically verifying a ticket stapled to the PKG at installer creation time
  • Online: contacting apples servers to verify an app / installer has been notarised

Information

Custom installers for FileWave Client and Booster will be notarised starting from Version 13.2.2 and upwards, however, the notarisation ticket will not be stapled onto the PKG you download from https://custom.filewave.com at the current time, requiring 'Online' confirmation. 

Provided your macOS machines can reach the required servers outlined in https://support.apple.com/en-us/HT210060 , you can expect everything to work as normal after 10-15 minutes of downloading the custom PKG. 

Hosts Ports Protocol OS Description Supports proxies
17.248.128.0/18 443 TCP macOS only Ticket delivery
17.250.64.0/18 443 TCP macOS only Ticket delivery
17.248.192.0/19 443 TCP macOS only Ticket delivery

Custom PKG Version 13.2.2
Version 13.2.2 Custom PKGs created prior to 4th March 2020 will not be notarised and will require re-creating if notarisation is required

Confirmation

The PKG may be tested for notarisation.  On macOS 10.15.x you may observe the following:

Before notarisation has been completed by Apple:

Unnotarised
% spctl -a -vvv -t install FileWaveClient_13.2.2-fw.filewave.com-20-Feb-2020.pkg
FileWaveClient_13.2.2-fw.filewave.com-20-Feb-2020.pkg: rejected
source=Unnotarized Developer ID
origin=Developer ID Installer: FileWave (Europe) Gmbh (83S2TRZ3CS)

After notarisation has been completed by Apple:

Notarised
% spctl -a -vvv -t install FileWaveClient_13.2.2-fw.filewave.com-20-Feb-2020.pkg
FileWaveClient_13.2.2-fw.filewave.com-20-Feb-2020.pkg: accepted
source=Notarized Developer ID
origin=Developer ID Installer: FileWave (Europe) Gmbh (83S2TRZ3CS)