If you’ve been watching the Intune Whats New page closely, you may have noticed you can now use Intune to push down applications to MacOS devices. This is a quick post on how to achieve that – We’ll use Skype for Business as the example app.
Or a later OS preinstalled will not be allowed to convert the.pkg to the Install OS X El Capitan.app. This is pretty dumb of Apple, as many Mac owners might need to use newer Macs to create bootable. Installers for older Macs that have experienced difficulties. Packages need to be signed and built as a distribution package. For more information, see Tutorial: Building and Signing Mac Packages. Deploying an Existing.pkg File. If you already have a.pkg file on your local machine, deploying with Jamf Now is easy. Follow the steps below to deploy your.pkg file. Log in to Jamf Now.
Mac App To Organize Photos
The IT admin process is pretty straight forward but I must admit I tripped on a couple of syntax issues the first time I did this so I’ll blog it here with some syntax to save you some time. Your welcome ?
Step 1 – Get the app package (.pkg file)
First you need to acquire the app as a .pkg file.
(Conversion of other formats e.g. “.DMG” to “.PKG” is not supported.)
On a Mac, Logon to http://portal.office.com as a user licensed for Office 365 Pro Plus and download the Skype for Business .pkg file.
Step 2 – Convert it to a format that Intune understands (.intunemac)
On a Mac, download the Intune app wrapping tool from Github ( https://github.com/msintuneappsdk/intune-app-wrapping-tool-mac)
Once you have it downloaded, Open a Terminal session and navigate to the directory where the IntuneAppUtil tool was placed. Run this syntax to convert from .pkg to .intuneMac format
(-c is the input file and -o is the output directory)
You now have an .intunemac file you can distribute with Intune
Step 3 – Upload to intune
In the Intune console, go to Mobile Apps> Apps>Add> Line-of-business App
Choose the .intunemac file to upload.
Mac Pkg Installer
In the App Information blade, you can configure some metadata and add an icon.
Click Ok, and Add and wait for the app to be uploaded.
Step 4 – Assign it
Select the Skype for Business app, Assignments, then assign it to a User and/or Device group as a Required install. https://newswiss873.weebly.com/blog/maximize-windows-mac-app.
(Note: At the time of writing this post, Available install isnt an option) Google plus photos app mac.
Don’t forget to click save.
On Intune enrolled Mac’s, Skype for Business will be installed seamlessly and be ready for use.
Tip: If you want to watch the progress of the install, open the Console utility on the Mac and filter for the Bundle ID. (For Skype this is com.microsoft.package.Microsoft_autoUpdate.app)
- Use filter for App keywords: “Skype”
Filter on the Thread ID for app download and installation
Other handy filters for troubleshooting are mdmclient and Company Portal
If a prospective customer downloads your software onto Mac OS X 10.8 and it hasn’t been signed, they will see a scary warning:
Mac App Store Pkg
Not good. To run unsigned software they need to go into Mac OS X Preferences>Security & Privacy>General and change Allow applications downloaded from Mac App store and identified developers to Anywhere:
Or they need to right/Ctrl click and see another scary warning. Double plus not good. This is the new Mac Gatekeeper system in action. Apple being Apple, Gatekeeper defaults to only allowing users to run software they have downloaded off the Internet if it has been signed. This could have a big effect on your conversion rate on Mac. So if you are shipping software for the Mac, you really need to sign it.
Apple fanboys will tell this is a sensible way for Apple to control software quality. A valid certificate shows that your software hasn’t been tampered with and, if it turns out to be malware, Apple can revoke your certificate. The more cynical might see it as a way for Apple to exert even greater control over Mac developers than it already does, while simultaneously extorting $99 per year from each and every one of them. Make your own mind up on that one.
I have now managed to sign my table planner software, ready for its next release. I should have done it months ago. But I expected the process to be so tedious that it has taken me this long to get around to it. And it was every bit as mind-numbingly tedious as I expected trying to find a few useful nuggets amongst the acres of Apple documentation. I found some useful stuff in blogs, but it was quite fragmented. So I have thrown together these notes in the hope that it saves someone else a few hours going round in circles. Note that I am not currently submitting my software to the Mac App Store, so I don’t cover that here. Also my software is developed in C++/Qt using Qt Creator, rather than Objective-C/Cocoa using XCode, and my approach reflects that.
1. Sign up for Apple Developer Connection ($99 per year). Doesn’t matter if you already paid through the nose for a Windows authenticode certificate. Gatekeeper only accepts Apple certificates, so you have no choice. https://newswiss873.weebly.com/blog/mac-os-how-to-delete-data-from-mail-app. On the plus side, you do get other benefits, including downloading new OS upgrades for free.
2. You need Mac OS X 10.8 so you can test that your signing works. If you have an Apple Developer Connection subscription, you can download 10.8 for free (get a code from the ADC downloads area and using it in the Mac App Store). I found the upgrade from 10.6 to 10.8 was surprisingly painless (Microsoft eat your heart out).
3. Request your Apple certificates and install them into your Keychain. You can do this from Xcode (instructions here). You may need to upgrade Xcode to a recent version.
Best texting apps for android and mac users list. 4. Use the codesign command line tool to sign:
- Every framework in your .app bundle
- Every plugin in your .app bundle
- Your .app file
I believe you can do this as part of your Xcode build. But I prefer a shell script. For example:
echo --sign frameworks --
codesign --force --verify --verbose --sign 'Developer ID Application: <yourID>' <yourApp>.app/Contents/Frameworks/QtCore.framework/Versions/4/QtCore
codesign --force --verify --verbose --sign 'Developer ID Application: <yourID>' <yourApp>.app/Contents/Frameworks/QtGui.framework/Versions/4/QtGui
codesign --force --verify --verbose --sign 'Developer ID Application: <yourID>' <yourApp>.app/Contents/Frameworks/QtNetwork.framework/Versions/4/QtNetwork
codesign --force --verify --verbose --sign 'Developer ID Application: <yourID>' <yourApp>.app/Contents/Frameworks/QtSql.framework/Versions/4/QtSql
codesign --force --verify --verbose --sign 'Developer ID Application: <yourID>' <yourApp>.app/Contents/Frameworks/QtXml.framework/Versions/4/QtXml
codesign --force --verify --verbose --sign 'Developer ID Application: <yourID>' <yourApp>.app/Contents/Frameworks/Qt3Support.framework/Versions/4/Qt3Support
echo --sign plugins--
codesign --force --verify --verbose --sign 'Developer ID Application: <yourID>' <yourApp>.app/Contents/Plugins/accessible/libqtaccessiblecompatwidgets.dylib
codesign --force --verify --verbose --sign 'Developer ID Application: <yourID>' <yourApp>.app/Contents/Plugins/accessible/libqtaccessiblewidgets.dylib
codesign --force --verify --verbose --sign 'Developer ID Application: <yourID>' <yourApp>.app/Contents/Plugins/bearer/libqcorewlanbearer.dylib
codesign --force --verify --verbose --sign 'Developer ID Application: <yourID>' <yourApp>.app/Contents/Plugins/bearer/libqgenericbearer.dylib
codesign --force --verify --verbose --sign 'Developer ID Application: <yourID>' <yourApp>.app/Contents/Plugins/codecs/libqcncodecs.dylib
codesign --force --verify --verbose --sign 'Developer ID Application: <yourID>' <yourApp>.app/Contents/Plugins/codecs/libqjpcodecs.dylib
codesign --force --verify --verbose --sign 'Developer ID Application: <yourID>' <yourApp>.app/Contents/Plugins/codecs/libqkrcodecs.dylib
codesign --force --verify --verbose --sign 'Developer ID Application: <yourID>' <yourApp>.app/Contents/Plugins/codecs/libqtwcodecs.dylib
codesign --force --verify --verbose --sign 'Developer ID Application: <yourID>' <yourApp>.app/Contents/Plugins/graphicssystems/libqtracegraphicssystem.dylib
codesign --force --verify --verbose --sign 'Developer ID Application: <yourID>' <yourApp>.app/Contents/Plugins/imageformats/libqjpeg.dylib
![Mac Mac](/uploads/1/3/4/1/134150109/815507889.png)
echo --sign app--
codesign --force --verify --verbose --sign 'Developer ID Application: <yourID>' <yourApp>.app
I do this in a build shell script that automates the whole process of creating a .dmg for download. I’m not sure if the order you sign the components in is important.
Note that:
- <yourID> is the ID on your certificate (in my case “Oryx Digital Ltd”).
- For frameworks you sign the folder, not the file.
- Any changes to the .app bundle after signing may invalidate the signature (that is kind of the point).
5. Verify the signing of the .app file. For example:
codesign -vvv -d <yourApp>.app
6. Package your .app into a .dmg, .zip, .pkg or whatever other format you use to install it (I believe .pkg files might require additional signing with a different certificate).
7. Make sure your Mac OS X 10.8 machine is set to the default Gatekeeper setting.
8. Download your software onto Mac OS X 10.8 and check if the scary warning has gone away.
9. Pray that Apple doesn’t decide to revoke your certificate at some point for an infraction, real or imagined.
Until you have released a signed version you can put up a warning with some simple Javascript, for example:
Further reading:
Qt related:
Java related:
Thanks to Jonathan of DeepTrawl and Stephane of LandlordMax for some useful pointers.
************** Update **************
Things have changed again for Mac OS X 10.9/10.10. See this post for an update.