Problems with packagesbuild

To build the macOS Agent Packages, the tool packagesbuilder, from package Packages.dmg, which we download from website http://s.sudre.free.fr/. There is not much information on the website, only one tutorial, which doesn't mention the tools we use, only the graphical ones the package provides. There isn't a reference to the source code in the web, although there are some repositories in GitHub which could be related, although no mention of versions or how is it related to the downloadable package:

• https://github.com/packagesdev/packages
• https://github.com/midoks/Iceberg
  As discovered in the investigation for issue Improve the Wazuh "login item" on macOS Ventura #1917, the tool has a problem, as it doesn't preserve in its execution the extended attributes of files. This removes the signature for all non-Mach-o signed executables, which in macOS Ventura means the Wazuh Login Item is shown as unidentified.

There is also no manual for the tool inside the man pages, only the help message:

Wazuhs-Mac-mini:~ jenkins$ packagesbuild -h
packagesbuild: invalid option -- h
Usage: packagesbuild [OPTIONS] file

Options:
  --verbose, -v                          provide additional status output
  --debug, -d                            build project in debug mode (i.e. disable locators)
  --temporary-build-location, -t PATH    use this folder as the temporary build folder
  --reference-folder, -F PATH            use this path as the reference folder
  --build-folder PATH                    create the build output in this folder
  --identity NAME                        sign the build output with this identity
  --keychain PATH                        look for the identity in the keychain at this path
  --package-version VERSION              set the version of the built raw package project to this value


Wazuhs-Mac-mini:~ jenkins$ man packagesbuild
No manual entry for packagesbuild
Wazuhs-Mac-mini:~ jenkins$ 

Summary:

• No documentation
• No source code
• Problem with signatures
• No visible continuation of the project

Proposed solution

During the investigation for issue #1917 an alternative was found, https://github.com/munki/munki-pkg. The idea of the tool is the same, it creates packages for macOS, as well as their own managed software installation. It has a web with a well-structured tutorial of usage, a GitHub repository with the source code and even more documentation, and it is also mentioned in 3rd party tutorials and articles:

• https://www.munki.org/munki-pkg/
• https://github.com/munki/munki-pkg
• https://www.elliotjordan.com/posts/munkipkg-01-intro/
• https://macblog.org/manage-custom-login-items/: In this tutorial, the problem seen in issue Improve the Wazuh "login item" on macOS Ventura #1917 is solved, so it could be assumed it does not have the same problem as our current tool with maintaining signatures and extended attributes of files.