Category filter
Script to install unsigned packages on Mac
An unsigned package (PKG) refers to a software package that has not been digitally signed by the developer or a recognized certificate authority. Digital signatures are cryptographic certificates that verify the authenticity and integrity of software. When a package is signed, it indicates that the software comes from a trusted source and has not been tampered with.
Sometimes, IT admins need to deploy specialized development tools in the form of open-source software distributed as packages that may or may not be signed. These tools, such as advanced debugging libraries, specialized testing frameworks, beta software versions, and others, are essential for effective software development. By utilizing the script provided below, IT administrators can install unsigned packages on Mac using Hexnode’s ‘Execute Custom Script’ action.
- The sample scripts provided below are adapted from third-party open-source sites.
- Installing unsigned packages might compromise security, as the absence of a digital signature makes it challenging to verify the software’s authenticity and integrity. Exercise caution while deploying unsigned packages.
Deploy unsigned PKG on Mac
The script provided below will deploy and install an unsigned package on a Mac:
|
1 2 |
curl -o /tmp/<unsigned_package>.pkg "download_URL" sudo installer -verboseR -pkg /tmp/test.pkg -target / |
The script utilizes the ‘curl’ command to download a macOS package from a specified URL and saves it in the ‘/tmp’ directory. Replace
What happens at the device end?
After executing the script, the unsigned application package will be silently installed on the Mac and the app icon will appear in the Applications folder in Finder.
- It is recommended to manually validate the script execution on a system before executing the action in bulk.
- Hexnode will not be responsible for any damage/loss to the system on the behavior of the script.
