Apple Notarisation and Custom PKG Installers
Description
Apple has introduced notarisation as a requirement for installation of PKGs on macOS with macOS version 10.15. Notarisation status can be determined in two ways :
- Offline: cryptographically verifying a ticket stapled to the PKG at installer creation time
- Online: contacting apples servers to verify an app / installer has been notarised
Information
Custom installers for FileWave Client and Booster will be notarised starting from Version 13.2.2 and upwards, however, the notarisation ticket will not be stapled onto the PKG you download from https://custom.filewave.com at the current time, requiring 'Online' confirmation.
Provided your macOS machines can reach the required servers outlined in https://support.apple.com/en-us/HT210060 , you can expect everything to work as normal after 10-15 minutes of downloading the custom PKG.
Hosts | Ports | Protocol | OS | Description | Supports proxies |
17.248.128.0/18 | 443 | TCP | macOS only | Ticket delivery | — |
17.250.64.0/18 | 443 | TCP | macOS only | Ticket delivery | — |
17.248.192.0/19 | 443 | TCP | macOS only | Ticket delivery | — |
Custom PKG Version 13.2.2
Version 13.2.2 Custom PKGs created prior to 4th March 2020 will not be notarised and will require re-creating if notarisation is required
Confirmation
The PKG may be tested for notarisation. On macOS 10.15.x you may observe the following:
Before notarisation has been completed by Apple:
Unnotarised
% spctl -a -vvv -t install FileWaveClient_13.2.2-fw.filewave.com-20-Feb-2020.pkg
FileWaveClient_13.2.2-fw.filewave.com-20-Feb-2020.pkg: rejected
source=Unnotarized Developer ID
origin=Developer ID Installer: FileWave (Europe) Gmbh (83S2TRZ3CS)
After notarisation has been completed by Apple:
Notarised
% spctl -a -vvv -t install FileWaveClient_13.2.2-fw.filewave.com-20-Feb-2020.pkg
FileWaveClient_13.2.2-fw.filewave.com-20-Feb-2020.pkg: accepted
source=Notarized Developer ID
origin=Developer ID Installer: FileWave (Europe) Gmbh (83S2TRZ3CS)
No Comments