That's what I ended up using, in order to avoid repackaging the installer I built a payloadless deployment (dummy/empty .pkg, unsigned as it doesn't matter if it fails to run, followed by a post-install script that downloads the latest installer for each software to deploy, install them, then delete the temporary folder.