###Using CodeSignatureVerification in your recipe
The CodeSignatureVerifier processor was added to allow signature verification for both:
-
Installer packages (.pkg or .mpkg).
-
Application bundles (.app). This option is necessary since not all software is supplied as packages. Instead, software is commonly released for download 'bare' at the root of a zip archive. CodeSignatureVerifier can look inside a DMG mount, but zip's must use the Unarchiver processor first.
Take into account the fact that both the computer running autopkg and the one that genrates the required configuration settings should have the default spctl
settings, meaning Gatekeeper allows apps from the App Store and those signed with an Apple-recognized Developer ID.
####Adding Application bundle (.app) verification to your recipe