Home > Bash scripting, Mac administration, Mac OS X, Packaging > Creating payload-free packages with pkgbuild

Creating payload-free packages with pkgbuild

One of the tools that Apple included with Lion and Mountain Lion is the command-line tool pkgbuild. This tool was designed to work by itself or in conjunction with another tool, productbuild, to build Apple installer packages.

pkgbuild has a number of options associated with it (see the man page for details on the available options) and the –nopayload option makes it very useful for building payload-free packages. This option tells pkgbuild that the package being built will be a payload-free package that contains only scripts. See below the jump for an example process.

Here’s an example of how you can use pkgbuild to create a payload-free package that runs the following script:

#!/bin/sh

softwareupdate -i -a
shutdown -r now
    Preparing to build the package

1. Log into an account that has administrator rights

2. Create a folder on your desktop named Run_Software_Update

Screen Shot 2012-08-15 at 12.24.51 PM

3. Inside the Run_Software_Update folder, create a new directory called scripts

Screen Shot 2012-08-15 at 12.24.28 PM

4. Open Terminal and run the following command to change to the scripts directory:
cd /Users/username/Desktop/Run_Software_Update/scripts

Screen Shot 2012-08-15 at 12.25.22 PM

5. Run the following command to create a new file inside scripts named postinstall (By default, the pkgbuild command will use scripts named postinstall for a package’s post-installation action):

pico postinstall

Screen Shot 2012-08-15 at 12.26.10 PM

6. Add the following to the postinstall file:

#!/bin/sh

softwareupdate -i -a
shutdown -r now

Screen Shot 2012-08-15 at 12.27.04 PM

7. Once the script’s content has been added to the postinstall file, run the following command to make the script executable:

chmod a+x /Users/username/Desktop/Run_Software_Update/scripts/postinstall

Screen Shot 2012-08-15 at 12.28.22 PM

    Building the package

To build the package, open Terminal and run the following command:

sudo pkgbuild --identifier com.company.run_software_update --nopayload --scripts /Users/username/Desktop/Run_Software_Update/scripts "/Users/username/Desktop/Run_Software_Update/Run Apple Software Update and Restart.pkg"


This will create a payload-free package named Run Apple Software Update and Restart that will incorporate the postinstall script you created earlier. The Run Apple Software Update and Restart installer package will be saved to /Users/username/Desktop/Run_Software_Update

Screen Shot 2012-08-15 at 2.06.38 PM

    Signing the package as part of the build process

To help avoid problems with 10.8’s Gatekeeper, you may want to sign your payload-free package with an Apple Developer ID Installer certificate as part of creating it. Signing with an Developer ID Installer certificate will cue Gatekeeper that this is a “known” installer that can be opened without a problem.

Screen Shot 2012-08-15 at 12.50.23 PM

To create the payload-free package and sign it with a Apple Developer ID Installer certificate as part of the build process, open Terminal and run the following command:

sudo pkgbuild --identifier com.company.run_software_update --nopayload --scripts /Users/username/Desktop/Run_Software_Update/scripts --sign "Developer ID Installer: Your Name" "/Users/username/Desktop/Run_Software_Update/Run Apple Software Update and Restart.pkg"



You should be prompted to sign using private keys; click Allow each time.

Screen Shot 2012-08-15 at 2.07.07 PM

This will create a signed payload-free package named Run Apple Software Update and Restart that will incorporate the postinstall script you created earlier.

Screen Shot 2012-08-15 at 2.06.38 PM

To verify that it’s been properly signed, check your payload-free package to verify that it has a lock icon in the top-right corner.

Screen Shot 2012-08-15 at 12.56.48 PM

If the lock is there, click the lock icon to verify that the signing certificate is showing up as a valid Apple Developer ID Installer certificate.

Screen Shot 2012-08-15 at 12.56.53 PM

  1. Marquette Rogers
    August 16, 2012 at 12:50 pm

    Is this an alternate solution that I can use to build payload free packages for use in Casper or InstaUp2DatePackages folder? If not do you have documentation on how I can do this with PackageMaker.

    Thanks

  2. FTBZ
    August 20, 2012 at 5:55 am

    Thanks for the tips. For Absolute Manage user, you can simply add a shell script as payload and don’t need to create a package. The script will be execute when running the installation.

  3. Sam
    October 29, 2012 at 3:16 pm

    Great information. I’ve used this to create a payload free package a couple times. However, when adding it to munki the package will continuously run. It seems as though munki doesn’t realize it’s already run it and each time it checks in, it runs again. Has anyone run into this? Is there something I need to add to the command when building the package that will add more information to fix the issue?

  4. machacks
    October 30, 2012 at 6:58 am

    Use Packages, http://www.macupdate.com/download/34613/Packages.dmg

    Setup New Raw project,Select “Payload” add folder to root with /tmp/bash.sh, select “Scripts”, execute bash.sh by setting it with Pre- Installation script. Use Post-Installation script to delete /bash.sh from /tmp.

  5. GRW
    March 9, 2013 at 1:32 am

    Thanks for this great tutorial. I do have a short question. I made a couple of packages following your methodology, but when viewing them with Pacifist I find an unwanted “.DS_Store” file as well as the “postinstall”. I understood that pkgbuild should ignore them. Any ideas?

  6. Bob Henry
    November 22, 2013 at 12:15 am

    First of all, thanks once again Rich for a simple, linear, instruction set without assumptions of intuitive leaps of logic.
    I am trying to figure out how to make payload free .pkg based on script that need sudo to run. Would like to use them in task server (ard). I see a lot of material but nothing I can grasp yet.

  7. December 2, 2013 at 6:21 pm

    Hi, I created the pkg with and without a valid Developer ID and GateKeeper allowed it all the time.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 164 other followers

%d bloggers like this: