cancel
Showing results for 
Search instead for 
Did you mean: 
upinya
Level 7
Report Inappropriate Content
Message 1 of 16

install.sh, Package as .mkpg or .dmg?

Jump to solution

Has anyone had any luck wrapping the Mac Agent install.sh in a user-friendly package? We didn't get very far with it, and ended up using Apple Remote Desktop on a few test machines. And it worked well, but having a package would be sweet.

Thanks!

Peter

1 Solution

Accepted Solutions

Re: install.sh, Package as .mkpg or .dmg?

Jump to solution

This is what I just sent over to user rherling when he asked me via email to explain my method for creating a pkg from the install.sh agent.  DISCLAIMER: I DO NOT WORK FOR MCAFEE OR APPLE, SO THE INFORMATION BELOW SHOULD BE USED AT YOUR OWN RISK:

Alright, before I do the steps,
let me explain my methodology on how I am doing this.  Think of a
PackageMaker package as almost an archive file that has your data.  If
you want to install something, or run a script against the data, you
have to know where the files are "decompressed" to when the package is
run.  So, when I add the install.sh file, I want to tell PackageMaker
to put it somewhere that is common whenever the package is run (e.g.
/Library/MyCompany/ ... I will explain this in the steps below too).
From there, I simply create a PostInstall shell script that references
the install.sh file from the location I put it in (so, the executable
would now be /Library/MyCompany/install.sh -i).  Okay, if you have that
basis of understanding, here are the actual steps I used:

  1. When
    you first open PackageMaker, the first thing prompted is the "Install
    Properties" dialog.  This is up to you on what to put for your
    organization, but it is looking for something similar to
    "com.mycompany" (essentially like a domain name backwards).  This is
    just what will be used to identify these packages as made for your
    organization.  You then select what the minimum version of Mac OS X
    that the package can be run on.  Click OK.
  2. With PackageMaker's
    main window open, either drag install.sh from within Finder in to the
    "Contents" section on the left, or press the "+" button on the bottom
    left to add the file via an "Open" dialog.
  3. Now, you should see
    a little tree view under the Contents section with the top being a
    little blue dot with the word "install" next to it, and the branch
    below with "install" as well with a "/" to indicate where the file will
    "install" to when the package is launched (This is what I change...next
    step)
  4. Now, click on the "install" branch with the "/"
    underneath, and you will see the dialog on the right change.  Under the
    "Configuration" section, select a "Destination" for the file to be
    copied to when the package is run (again, I chose /Library/MyCompany/).
  5. Under
    the same area, you will notice that the Package Identifier should show
    "com.mycompany.install.pkg".  You can change the install.pkg to
    anything that makes sense to you.  I put
    "com.mycompany.McAfeeAgent.4.patch2.install" (really does not matter I
    don't think).  I left the version as 1.0, and made sure that the
    checkbox for "Require admin authentication" was checked.
  6. Click
    on the "Content" button next to "Configuration".  Change the install.sh
    owner to "root", and the group to "admin", and at the bottom (this
    works, but may not be necessary exactly), change the permissions on the
    file to 755 (i.e Owner:RWX, Group:RX, and Other:RX), and click on
    "Include root in package" (not sure this is needed either, but it seems
    to work)
  7. Now, leave PackageMaker up, and open up your favorite
    text editor (I use TextWrangler or XCode myself).  You are going to
    create a whole other shell script to call the install.sh script.  Here
    is what I simply put for mine (this can obviously be expanded greatly
    to include checks and balances, but this gives you the idea of how to
    simply install.  Also, you notice I am not using sudo in the commands.
    This is due to the script being run as an admin, as was ensured in step
    5):

    #!/bin/sh

    # Install McAfee Agent 4.0 w/patch 2
    /Library/MyCompany/install.sh -i

    # Remove the file when the install is complete
    rm -f /Library/MyCompany/install.sh

    exit

  8. After
    saving the file (I saved mine as MCF4Agentinstall.sh), head back in to
    PackageMaker.  Click on the "Scripts" header next to "Components" and
    next to the "Postinstall" field, either type in the location to the
    shell script you just created, or select the button next to the field
    to choose the location where it is.
  9. For all intents and
    purposes, that is it.  You can build it and run it, and it will install
    the agent without having someone run the install.sh script.  However,
    there are a few other items to configure to make it a little more
    viable.
  10. Over under the Contents section, click the package icon
    right above it to select it (it should say "Untitled Package").  Under
    the "Configuration" header, you can name the package to something more
    familiar (e.g. "McAfee Agent 4.0 Patch 2").  Since I only want this
    installed on the "System Volume", I only check the "System Volume"
    option and then leave everything else default.
  11. If you want (I
    did not do this), you can click on the "Requirements" section, and
    actually add additional requirements before the package can be
    installed.  This is everything to the OS version (say, 10.6.2 or
    greater only), to memory, hard drive and CPU minimum specs.  That is
    totally up to you, but interesting to mess around with.
  12. Now,
    you can even edit the interface (click the blue "Edit Interface" button
    on the top right of PackageMaker) to put in a company logo on the
    package background (or a McAfee logo with their legal's permission of
    course), as well as change the text to explain what the package is
    doing.  After you are done, simply close the interface dialog (there is
    no "save" button, but trust me, it is saved)
  13. You can now simply
    build the package.  Also, make sure you save your settings you just set
    up to.  This comes in handy when you need to go back and change it for
    a newer version of the agent.

From
here, if you decide to put it out on to an FTP server, make sure to
create a DMG file of the package so users are not clicking through the
.pkg as if it is simply a folder on the FTP server.  You can do this
from the terminal by entering:

hdiutil
create McAfeeAgent4patch2.dmg -volname "McAfee Agent 4.0 patch 2" -fs
HFS+ -srcfolder /Locationof Package/McAfeeAgent4patch2.pkg

This worked for me, so I hope everyone else finds it useful.

Regards,

tdmomega

Message was edited by: tdmomega on 1/7/10 9:22:59 AM CST
15 Replies

Re: install.sh, Package as .mkpg or .dmg?

Jump to solution

Hey Peter,

Did you try this with PackageMaker? (Mac OS utility).

Let me check on this for you!

Cheers,

Rod.

Message was edited by: Rod Cambridge on 09/12/09 14:47:58 GMT

Re: install.sh, Package as .mkpg or .dmg?

Jump to solution

Hey Peter,

OK - I checked this with a couple of people - and we don't have an officially supported way of doing this unfortunately.

As I mentioned yesterday, you'd have to use the Mac OS utility PackageMaker to create the mpkg file which could then be used to install - maybe using something like LANDesk (do you use this?).

I'm guessing more customers will come across this type of issue in the future, so if we manage to get something together that works, I'd like to document it in a Knowledgebase article - not as an official solution, but more as guide as to how this can be achieved.

Can you let me know what you've done so far?

Feel free to ping me via IM if you prefer - if we do get a Knowledgebase article together and published eventually, I'll post it to this thread for others in the Community.

Cheers!

Rod.

upinya
Level 7
Report Inappropriate Content
Message 4 of 16

Re: install.sh, Package as .mkpg or .dmg?

Jump to solution

PackageMaker is about as painful as swallowing a box of nails. Can you tell me about "MFEcma.dmg" and its included file "cma.pkg"? What exactly is the relationship between them and install.sh? It could be that most of the work is done already...

Message was edited by: upinya on 12/10/09 2:38:17 PM CST

Re: install.sh, Package as .mkpg or .dmg?

Jump to solution

upinya wrote:

PackageMaker is about as painful as swallowing a box of nails.


I've heard! I'm not aware of any other way of creating packages, though.

The cma packages you mention contain McAfee Agent 4.x. The Agent provides functionality such as allowing VirusScan for Mac to be managed remotely by McAfee's ePO (ePolicy Orchestrator) product. You can find out more about McAfee Agent by going to the Knowledgebase and searching for PD21857 - McAfee Agent Release Notes.

Cheers,

Rod.

upinya
Level 7
Report Inappropriate Content
Message 6 of 16

Re: install.sh, Package as .mkpg or .dmg?

Jump to solution

I'm up to speed on what the McAfee Agent is, my issue is this:

When you are in the ePO interface and want to build a custom installer for PC, no problem, it outputs a .exe. Very easy to distribute.

But for Mac, it outputs a file called install.sh. Far more tricky to distribute. At least a package can be installed silently. My question is, what is the relationship between the original MFEcma.dmg that McAfee provides, its included file "cma.pkg", and install.sh that ePO outputs?

I guess I'm wondering if we can use the dmg or pkg to install the agent, instead of the unwieldly install.sh, and maybe some sort of post-script to direct it to our ePO. I fear there is some sort of certificate things going on though...

Re: install.sh, Package as .mkpg or .dmg?

Jump to solution

Actually, all you have to do in PackageMaker is add the install.sh file, tell it to place it in a common location for your company install scripts (e.g. /Library/MyCompany) or a temp location if you want , tell the package to run as an administrator, and create a postinstall script to run that runs the install.sh from the folder the install package put it in.  You can even delete the install.sh after the install is complete.  This is what I did, and it works fine.  Now, you can get even trickier, by copying over all files from an actual installed machine, and then creating a postinstall that removes the AgentGUID in the /Library/McAfee/cma/scratch/registry.ini file and requiring the user to reboot after the install.  This can be a little riskier, so I chose not to do it this way.  I still prefer using JAMFSoftware's Composer though.  It makes it much easier if PackageMaker is not your thing.  However, I have done it in both.

Highlighted
upinya
Level 7
Report Inappropriate Content
Message 8 of 16

Re: install.sh, Package as .mkpg or .dmg?

Jump to solution

Just taking a swing at packagemaker 3.0 and it is a language of which I do not speak. I guess I'll have to practice.

Re: install.sh, Package as .mkpg or .dmg?

Jump to solution

I am also in the same boat i know very little about package maker.  We deploy McAfee and epo to all our students to install themselves the PC side is easy the mac side however in very complicated witht the install.sh file.  We need a way to make it so students can double click the anti malware installer and get install.sh to run automatically.

Re: install.sh, Package as .mkpg or .dmg?

Jump to solution

This is what I just sent over to user rherling when he asked me via email to explain my method for creating a pkg from the install.sh agent.  DISCLAIMER: I DO NOT WORK FOR MCAFEE OR APPLE, SO THE INFORMATION BELOW SHOULD BE USED AT YOUR OWN RISK:

Alright, before I do the steps,
let me explain my methodology on how I am doing this.  Think of a
PackageMaker package as almost an archive file that has your data.  If
you want to install something, or run a script against the data, you
have to know where the files are "decompressed" to when the package is
run.  So, when I add the install.sh file, I want to tell PackageMaker
to put it somewhere that is common whenever the package is run (e.g.
/Library/MyCompany/ ... I will explain this in the steps below too).
From there, I simply create a PostInstall shell script that references
the install.sh file from the location I put it in (so, the executable
would now be /Library/MyCompany/install.sh -i).  Okay, if you have that
basis of understanding, here are the actual steps I used:

  1. When
    you first open PackageMaker, the first thing prompted is the "Install
    Properties" dialog.  This is up to you on what to put for your
    organization, but it is looking for something similar to
    "com.mycompany" (essentially like a domain name backwards).  This is
    just what will be used to identify these packages as made for your
    organization.  You then select what the minimum version of Mac OS X
    that the package can be run on.  Click OK.
  2. With PackageMaker's
    main window open, either drag install.sh from within Finder in to the
    "Contents" section on the left, or press the "+" button on the bottom
    left to add the file via an "Open" dialog.
  3. Now, you should see
    a little tree view under the Contents section with the top being a
    little blue dot with the word "install" next to it, and the branch
    below with "install" as well with a "/" to indicate where the file will
    "install" to when the package is launched (This is what I change...next
    step)
  4. Now, click on the "install" branch with the "/"
    underneath, and you will see the dialog on the right change.  Under the
    "Configuration" section, select a "Destination" for the file to be
    copied to when the package is run (again, I chose /Library/MyCompany/).
  5. Under
    the same area, you will notice that the Package Identifier should show
    "com.mycompany.install.pkg".  You can change the install.pkg to
    anything that makes sense to you.  I put
    "com.mycompany.McAfeeAgent.4.patch2.install" (really does not matter I
    don't think).  I left the version as 1.0, and made sure that the
    checkbox for "Require admin authentication" was checked.
  6. Click
    on the "Content" button next to "Configuration".  Change the install.sh
    owner to "root", and the group to "admin", and at the bottom (this
    works, but may not be necessary exactly), change the permissions on the
    file to 755 (i.e Owner:RWX, Group:RX, and Other:RX), and click on
    "Include root in package" (not sure this is needed either, but it seems
    to work)
  7. Now, leave PackageMaker up, and open up your favorite
    text editor (I use TextWrangler or XCode myself).  You are going to
    create a whole other shell script to call the install.sh script.  Here
    is what I simply put for mine (this can obviously be expanded greatly
    to include checks and balances, but this gives you the idea of how to
    simply install.  Also, you notice I am not using sudo in the commands.
    This is due to the script being run as an admin, as was ensured in step
    5):

    #!/bin/sh

    # Install McAfee Agent 4.0 w/patch 2
    /Library/MyCompany/install.sh -i

    # Remove the file when the install is complete
    rm -f /Library/MyCompany/install.sh

    exit

  8. After
    saving the file (I saved mine as MCF4Agentinstall.sh), head back in to
    PackageMaker.  Click on the "Scripts" header next to "Components" and
    next to the "Postinstall" field, either type in the location to the
    shell script you just created, or select the button next to the field
    to choose the location where it is.
  9. For all intents and
    purposes, that is it.  You can build it and run it, and it will install
    the agent without having someone run the install.sh script.  However,
    there are a few other items to configure to make it a little more
    viable.
  10. Over under the Contents section, click the package icon
    right above it to select it (it should say "Untitled Package").  Under
    the "Configuration" header, you can name the package to something more
    familiar (e.g. "McAfee Agent 4.0 Patch 2").  Since I only want this
    installed on the "System Volume", I only check the "System Volume"
    option and then leave everything else default.
  11. If you want (I
    did not do this), you can click on the "Requirements" section, and
    actually add additional requirements before the package can be
    installed.  This is everything to the OS version (say, 10.6.2 or
    greater only), to memory, hard drive and CPU minimum specs.  That is
    totally up to you, but interesting to mess around with.
  12. Now,
    you can even edit the interface (click the blue "Edit Interface" button
    on the top right of PackageMaker) to put in a company logo on the
    package background (or a McAfee logo with their legal's permission of
    course), as well as change the text to explain what the package is
    doing.  After you are done, simply close the interface dialog (there is
    no "save" button, but trust me, it is saved)
  13. You can now simply
    build the package.  Also, make sure you save your settings you just set
    up to.  This comes in handy when you need to go back and change it for
    a newer version of the agent.

From
here, if you decide to put it out on to an FTP server, make sure to
create a DMG file of the package so users are not clicking through the
.pkg as if it is simply a folder on the FTP server.  You can do this
from the terminal by entering:

hdiutil
create McAfeeAgent4patch2.dmg -volname "McAfee Agent 4.0 patch 2" -fs
HFS+ -srcfolder /Locationof Package/McAfeeAgent4patch2.pkg

This worked for me, so I hope everyone else finds it useful.

Regards,

tdmomega

Message was edited by: tdmomega on 1/7/10 9:22:59 AM CST
More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support
  • The McAfee ePO Support Center Plug-in is now available in the Software Manager. Follow the instructions in the Product Guide for more.