Building and Signing Mac Packages

Jamf Now only supports PKG for package deployment. If you have an app that is not available in the PKG type, you will need to repackage the DMG as a signed PKG before distributing with Jamf Now.

The process for building and signing Mac packages involves the following steps:

  1. Generating a signing request

  2. Generating a certificate

  3. Repackaging a file

Mac Package Requirements

  • An Apple Developer Program account ($99.00/year). This account is needed to sign your PKG before uploading to Jamf Now.

  • A packaging tool is needed to do the conversion from a DMG to a PKG. The PKG must be formatted to be a distribution package or it will not be deployable. We recommend Composer. Composer is available with the Jamf Fundamentals plan or can be purchased for $99.00.

Generating a Signing Request

In this procedure, we will generate a special .csr file. This file is required when we request a valid certificate from Apple.

  1. On a Mac, open Keychain Access.
  2. On the top Mac menu bar, click Keychain Access, and then choose Certificate Assistant > Request a Certificate From a Certificate Authority.
  3. Enter your email address in the User Email Address field, ensure your name is spelled correctly in the Common Name field, and leave the CA Email Address field blank.
  4. Under Request is, click Saved to Disc.
  5. Click Continue.

Ensure your signing request is successfully saved to your local machine as a .csr file before generating a certificate.

Generating a Certificate

This procedure involves exchanging the .csr file with Apple for a valid certificate that will allow you to sign package files.

  1. In a web browser, navigate to the Apple Developer portal, and then click Account in the top-right corner.
  2. Create an account or sign in.
  3. Click Certificates, IDs, and Profiles.
  4. Click Certificates + to generate a new certificate.
  5. Select Developer ID Installer and click Continue.
  6. Select the Previous Sub-CA profile type and upload the Certificate Signing Request downloaded previously.
  7. Your certificate is now created. Download the certificate and install it on your Mac to sign packages with Composer or other packaging tools.

Repackaging a File

You can use Composer or a third-party packaging tool to build PKGs. The following workflow uses Composer, which is included with the Jamf Fundamentals plan, or can be purchased for $99. If using a third-party packaging tool, refer to the developer's documentation for instructions on repackaging. For more information about building packages using Composer, see Package Building in the Composer User Guide.

  1. Double-click on the DMG.
  2. Move the .app file to the location on your computer where you intend for it to install on your client devices.

    For example, move the .app file to the Applications folder on your computer if you want it to install in the Applications folder on your end user devices once you deploy it with Jamf Now.

  3. Open Composer. If the menu Choose a method to create your package appears, click Cancel.
  4. In the Mac menu bar, click Composer, and then click Preferences.

    Ensure Build flat PKGs is selected, Sign with is selected, and your Developer ID is shown in that field.

  5. Close the Preferences menu and return to Composer. Drag the .app file into the left-hand sidebar. You will see "Sources and Packages" listed, drop it there.
  6. Click Build as PKG to begin the build process.
  7. Choose where to save the completed PKG in the pop-up menu (we suggested your desktop) and click Continue.
Composer will build the PKG. This may take a few minutes. Look for the completed file in the previously specified location (for example, your desktop).

Now that you have a PKG that is signed by a valid certificate, you are ready to upload.

For instructions on uploading this file to Jamf Now, see Deploying Mac Packages. Once uploaded, assign it to a Blueprint to distribute the app to your team.