10.7.4 command line installer tool can now install installer packages with expired certificates
One of the unpleasant surprises that popped up in March 2012 was that the certificate that Apple embedded in various Apple software installers expired. When using Installer.app, people started getting warnings about the certificate being invalid but were given the option of installing the package anyway.
However, the command line installer tool did not have the option of “certificate invalid, install anyway”. Instead, installations run with the installer tool failed when the installers were signed with expired certificates. This affected all scripts and system management tools that used Apple’s installer tool via the command line to install packages.
Fortunately, as part of the release of Mac OS X 10.7.4 in May 2012, Apple has now released a fix for this by including this new flag among installer‘s various functions.
-allowUntrusted
Allow install of a package signed by an untrusted (or expired) certificate.
The new function worked as advertised when I used it with installer to install an iLife ’11 installer which had expired certificates. Here’s the command I used (-dumplog and -verbose were also included to give me maximum logging to /var/log/install.log):
sudo installer -dumplog -verbose -allowUntrusted -pkg "path/to/iLife.pkg" -target /
Leave a comment
Recent Comments
 | nathanhaggard on Losing a giant |
 | andras0602 on Disabling login window clock d… |
 | Jeff on Losing a giant |
 | Ousley, Kara on Losing a giant |
 | jmoyer9af90c9f6b on Granting Volume Owner status o… |
Der Flounder 
For repackaged iLife 11 to be used with DeployStudio, do we need to re-create the .pkgs?
That would be a good idea. That way, you know exactly what the postflight script is set to do.
I’m a novice at unix commands…when I copied and pasted your command it gave an error about the path to ilife being invalid.