Let this post serve as a brief overview on how to build a customized, signed build of Google’s Deprecation Notifier utility. I say brief as it assumes you’ve got a mechanism to deploy, and already have a means by which to trigger the application. I’ll touch on this a bit more near the end, but for now… Onward!

Pre-Requisites:

  1. GitHub account
  2. Apple Developer Account

Requirements:

  1. Xcode IDE
  2. Local clone of Google’s macops repository

Steps:

First, let’s clone the repository and open it in Xcode:

$ git clone https://github.com/google/macops.git

$ open macops/deprecation_notifier/DeprecationNotifier.xcodeproj

Next, we need to modify Localizable.strings to declare the macOS version that is desired (expectedVersion) and a variety of other settings which determine Deprecation Notifier’s behavior. As you’ll see, all of these settings are commented with descriptions, so you can piece that together.

Alt Text

We’ve now done all that is absolutely necessary for us to build and deploy Deprecation Notifier, but I want to go a step further and put that Apple Developer certificate to good use, so let’s configure the project to sign our .app after building.

Navigate back to the projects root in Xcode’s left-hand pane, and then head to the ‘General’ view from the top navigation bar. Here we’re going to modify the Bundle Identifier to match our company’s reverse domain name, and allow Xcode to sign our build of DeprecationNotifier.app with the Apple Developer certificate in our Keychain:

Alt Text

Ready to build? Not so fast; let’s test this sucker, first.

Xcode allows us to build and execute the application within the IDE before we actually churn out a .app file by going to ‘Product’ > ‘Run’ from the toolbar (or Command+R). Assuming your local macOS version does not meet the expectedVersion set in Localizable.strings, you should be hit with the infamous blackout.

Alt Text

Finally, we’re ready to let Xcode throw together DeprecationNotifier.app and sign it, then we will validate the code signature and you’ll have a deployable application!

To build our production application, we navigate to ‘Product’ > ‘Build For’ > ‘Running’ from the toolbar (or Command+Shift+R). After thinking for a moment, you’ll see that glorious alert…

“Build Succeeded”

After you see your build was successful, we can then verify the code signature using:

$ /usr/bin/codesign -dv /path/to/your/DeprecationNotifier.app

Alt Text

That’s it!

Now you just need to deploy it, and determine your preferred means of invoking it; I prefer using a custom LaunchAgent, but there’s no reason that you couldn’t have it triggered by a run of Chef, as a postflight to a Munki run, or whatever ace you’ve got up your sleeve.