The ConnectWise Control forum has moved to ConnectWise University! This forum has been locked and is in read-only mode. Click here for instructions on how to access the new forum.

Welcome Guest! You can not login or register.



Go to last post Go to first unread
#1 Posted : Wednesday, March 8, 2017 3:40:00 PM(UTC)

Rank: Administration

Medals: Level 3: Shirt off your back! Received 25 Thanks!

Joined: 7/23/2013(UTC)
Posts: 715
Location: Raleigh, NC

Was thanked: 66 time(s) in 63 post(s)
This post was inspired by this request on UserEcho:
Unsigned packages are particularly hard to deal with on a remote session.

Developer Identities are $99 a year and easy enough to purchase. It would be great if a screenconnect server could store ours, and allow for on-the-fly signing of packages.

Some background:
Currently, if you download the .pkg installer on a Mac with the default security settings, you can’t run it just by double-clicking it; you have to either select Open from the context menu or go into System Preferences. If the .pkg file was signed, it wouldn't have that issue, but we can't just sign it ahead of time because any customization would break that signature. However, if you have your own Developer ID, you can sign it yourself.

The request is to automate that signing as part of the process of building the installer, so long as a Developer ID is provided. But we run into one immediate problem: signing a .pkg file requires a Mac, so on-the-fly signing would require that the server either be a Mac itself or have access to one somehow.

But even if you have to manually sign your .pkg files, that doesn’t mean you have to do it every time you want to add a new machine: you can reuse one signed installer many times.
Even if you have custom properties or specific names that are different for each machine, you may be able to take advantage of the ability to include environment variables in those values. (These use the syntax %variable_name% and are expanded for each installed client the first time it’s run.)

Of course, this means you have to be able to distribute the signed .pkg file to the machines you want to install it on. There are plenty of ways to distribute a file, and we provide a couple more:

  • You can add it to your toolbox and run it during a support session (the Mac bundle used for those is signed).
  • If you have an on-premise installation, you can host it on your site by just putting it somewhere under your installation's root directory.
  • You can use an RMM solution like ConnectWise Automate to script deployment.

Addendum: manually signing a .pkg file:

  1. Request a development certificate
  2. Ensure your certificate is imported to a Keychain on your Mac
  3. Run the following command in Terminal (replacing the generic stuff as necessary):
    productsign --sign 'Developer ID Installer: Your Company Name' 'path/to/ScreenConnect.ClientSetup.pkg' 'output/path/ScreenConnect.ClientSetup.signed.pkg'
ScreenConnect Team

Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.