Distribute custom packages for Mac
Apple devices support wireless installation of custom packages without going through the App Store. There are two ways you can distribute proprietary in-house apps:
Using MDM
Using a website
Use MDM to distribute apps
To use MDM, use a manifest with either InstallEnterpriseApplication
(manifest file or embedded manifest) or InstallApplication
(manifest file) commands. Prefer using the InstallEnterpriseApplication
command because it supports sha256 and certificate pinning. For more information, see MDM commands.
Use a website to distribute apps
Create a package that contains content—such as the app, fonts, and scripts to be installed on Mac.
It’s up to you to design and host the website used to distribute these packages. Make sure that users are authenticated and that the website is accessible from your intranet or from the internet, depending on your needs. Upload your package file (with a .pkg filename extension) to an area of your website that your authenticated users can access.
You may need to configure your web server so the package is transmitted correctly. For the server, add this MIME type to the web service’s MIME types settings:
application/octet-stream pkg
For Microsoft’s Internet Information Server (IIS), use IIS Manager to add the MIME type in the Properties page of the server:
.pkg/octet-stream
A typical manifest file for macOS
Below is an example of a manifest or manifest file, which is an XML property list (.plist file). The following fields are required:
URL: The fully qualified HTTPS URL of the package
kind: Must be set to software-package
The following fields are optional for chunking:
md5-size: The size of each chunk
md5s: The md5 hashes for each chunk
sha256-size: The size of each chunk
sha256s: The sha256 hashes for each chunk
A sample manifest file for a Mac package
Below is a sample manifest file. Note that in the fields for chunking, if both sha256 and md5 chunking information is provided, sha256 is preferred.
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<!-- array of downloads. -->
<key>items</key>
<array>
<dict>
<!-- an array of assets to download -->
<key>assets</key>
<array>
<dict>
<!-- Required. The asset kind. -->
<key>kind</key>
<string>software-package</string>
<!-- Optional. md5 is used here for chunking every 10 MB; Can also use sha256-size. -->
<key>md5-size</key>
<integer>10485760</integer>
<!-- Array of md5 hashes for each "md5-size" sized chunk; Can also use sha256s. -->
<key>md5s</key>
<array>
<string>41fa64bb7a7cae5a46bfb45821ac8b99</string>
<string>51fa64bb7a7cae5a46bfb45821ac8b98</string>
<string>61fa64bb7a7cae5a46bfb45821ac8b97</string>
</array>
<!-- required. the URL of the package to download. -->
<key>url</key>
<string>https://www.betterbag.com/apps/myapp.pkg</string>
</dict>
</array>
</dict>
</array>
</dict>
</plist>
Generate a Code Signature
In the Terminal app, enter first the command (by typing it) and, in the same line, the application (by dragging it from a Finder window). For example:
codesign -display -r - /Applications/CompanyName\ ApplicationName.app