Half the packages must be downloaded manually
I feel your pain, Alex; however, this is a restriction imposed by the product vendors: Apple, Adobe, Oracle,et. al., and not anything that SolarWinds has any control over. Were it ideal, every file would be directly downloadable via FTP or HTTP without any convolutions. Unfortunately Adobe and Oracle require acknowledgement of an End-User Redistribution Licensing Agreement. Adobe's process is somewhat onerous, but luckily only has to be done one time (per product), and afterwards they will email you a direct download link for subsequent releases. Oracle's process is much simpler (check one box on the download page), but has to be done for every Java release. Apple doesn't make the binaries for Apple Application Support or Apple Mobile Device Support available as individual downloads, so those files must be extracted from the iTunesSetup.exe.
some of the packages aren't signed
To be sure, it's the FILE associated with the package that is or is not signed, and that, also, is a function of the individual product vendors. Most are signed, however; and for a very long time we only packaged/distributed products that provided signed binaries. In fact, Patch Manager, in earlier versions, prevented the publication of an unsigned binary. However, as the catalog grew into scopes of products requested by customers, and the resulting unavailability of vendor-signed binaries for those products (e.g. Notepad++), we had to make a choice: Provide those packages with unsigned binaries, or don't provide the packages at all. We chose the former.
and have to be signed by you (still haven't figure this one out, although one of your folks at TechEd said I should be able to),
As for this requirement ... this is an explicit limitation of Configuration Manager (standalone WSUS environments do not have to deal with this).
The procedure works like this (let's use Notepad++ as an example, which is a classic scenario):
- Download the binary file using the "Download Content" action.
- Following completion of the download, note the Update/PackageID in the Package Details tab. (For Notepad++ v6.6.6 (Upgrade) this is 4cb24533-f755-46e4-9648-8d69d1aa9a66.)
- On the Patch Manager server, navigate to %ProgramFiles%\SolarWinds\Patch Manager\Server\packages\publisher\PackageID -- where PackageID is the value identified from step #2.
- Inside that folder will be the vendor's binary that was just downloaded. In this instance, the file is npp.6.6.6.Installer.exe. Sign that file with a Code Signing Certificate of your preference: Self-Signed, Enterprise CA, or Third-Party. Now ConfigMgr will be happy because the binary is signed.