OK - I checked this with a couple of people - and we don't have an officially supported way of doing this unfortunately.
As I mentioned yesterday, you'd have to use the Mac OS utility PackageMaker to create the mpkg file which could then be used to install - maybe using something like LANDesk (do you use this?).
I'm guessing more customers will come across this type of issue in the future, so if we manage to get something together that works, I'd like to document it in a Knowledgebase article - not as an official solution, but more as guide as to how this can be achieved.
Can you let me know what you've done so far?
Feel free to ping me via IM if you prefer - if we do get a Knowledgebase article together and published eventually, I'll post it to this thread for others in the Community.
PackageMaker is about as painful as swallowing a box of nails. Can you tell me about "MFEcma.dmg" and its included file "cma.pkg"? What exactly is the relationship between them and install.sh? It could be that most of the work is done already...
PackageMaker is about as painful as swallowing a box of nails.
I've heard! I'm not aware of any other way of creating packages, though.
The cma packages you mention contain McAfee Agent 4.x. The Agent provides functionality such as allowing VirusScan for Mac to be managed remotely by McAfee's ePO (ePolicy Orchestrator) product. You can find out more about McAfee Agent by going to the Knowledgebase and searching for PD21857 - McAfee Agent Release Notes.
I'm up to speed on what the McAfee Agent is, my issue is this:
When you are in the ePO interface and want to build a custom installer for PC, no problem, it outputs a .exe. Very easy to distribute.
But for Mac, it outputs a file called install.sh. Far more tricky to distribute. At least a package can be installed silently. My question is, what is the relationship between the original MFEcma.dmg that McAfee provides, its included file "cma.pkg", and install.sh that ePO outputs?
I guess I'm wondering if we can use the dmg or pkg to install the agent, instead of the unwieldly install.sh, and maybe some sort of post-script to direct it to our ePO. I fear there is some sort of certificate things going on though...
Actually, all you have to do in PackageMaker is add the install.sh file, tell it to place it in a common location for your company install scripts (e.g. /Library/MyCompany) or a temp location if you want , tell the package to run as an administrator, and create a postinstall script to run that runs the install.sh from the folder the install package put it in. You can even delete the install.sh after the install is complete. This is what I did, and it works fine. Now, you can get even trickier, by copying over all files from an actual installed machine, and then creating a postinstall that removes the AgentGUID in the /Library/McAfee/cma/scratch/registry.ini file and requiring the user to reboot after the install. This can be a little riskier, so I chose not to do it this way. I still prefer using JAMFSoftware's Composer though. It makes it much easier if PackageMaker is not your thing. However, I have done it in both.
I am also in the same boat i know very little about package maker. We deploy McAfee and epo to all our students to install themselves the PC side is easy the mac side however in very complicated witht the install.sh file. We need a way to make it so students can double click the anti malware installer and get install.sh to run automatically.
This is what I just sent over to user rherling when he asked me via email to explain my method for creating a pkg from the install.sh agent. DISCLAIMER: I DO NOT WORK FOR MCAFEE OR APPLE, SO THE INFORMATION BELOW SHOULD BE USED AT YOUR OWN RISK:
Alright, before I do the steps, let me explain my methodology on how I am doing this. Think of a PackageMaker package as almost an archive file that has your data. If you want to install something, or run a script against the data, you have to know where the files are "decompressed" to when the package is run. So, when I add the install.sh file, I want to tell PackageMaker to put it somewhere that is common whenever the package is run (e.g. /Library/MyCompany/ ... I will explain this in the steps below too). From there, I simply create a PostInstall shell script that references the install.sh file from the location I put it in (so, the executable would now be /Library/MyCompany/install.sh -i). Okay, if you have that basis of understanding, here are the actual steps I used:
- When you first open PackageMaker, the first thing prompted is the "Install Properties" dialog. This is up to you on what to put for your organization, but it is looking for something similar to "com.mycompany" (essentially like a domain name backwards). This is just what will be used to identify these packages as made for your organization. You then select what the minimum version of Mac OS X that the package can be run on. Click OK.
- With PackageMaker's main window open, either drag install.sh from within Finder in to the "Contents" section on the left, or press the "+" button on the bottom left to add the file via an "Open" dialog.
- Now, you should see a little tree view under the Contents section with the top being a little blue dot with the word "install" next to it, and the branch below with "install" as well with a "/" to indicate where the file will "install" to when the package is launched (This is what I change...next step)
- Now, click on the "install" branch with the "/" underneath, and you will see the dialog on the right change. Under the "Configuration" section, select a "Destination" for the file to be copied to when the package is run (again, I chose /Library/MyCompany/).
- Under the same area, you will notice that the Package Identifier should show "com.mycompany.install.pkg". You can change the install.pkg to anything that makes sense to you. I put "com.mycompany.McAfeeAgent.4.patch2.install" (really does not matter I don't think). I left the version as 1.0, and made sure that the checkbox for "Require admin authentication" was checked.
- Click on the "Content" button next to "Configuration". Change the install.sh owner to "root", and the group to "admin", and at the bottom (this works, but may not be necessary exactly), change the permissions on the file to 755 (i.e Owner:RWX, Group:RX, and Other:RX), and click on "Include root in package" (not sure this is needed either, but it seems to work)
- Now, leave PackageMaker up, and open up your favorite
text editor (I use TextWrangler or XCode myself). You are going to
create a whole other shell script to call the install.sh script. Here
is what I simply put for mine (this can obviously be expanded greatly
to include checks and balances, but this gives you the idea of how to
simply install. Also, you notice I am not using sudo in the commands.
This is due to the script being run as an admin, as was ensured in step
# Install McAfee Agent 4.0 w/patch 2
# Remove the file when the install is complete
rm -f /Library/MyCompany/install.sh
- After saving the file (I saved mine as MCF4Agentinstall.sh), head back in to PackageMaker. Click on the "Scripts" header next to "Components" and next to the "Postinstall" field, either type in the location to the shell script you just created, or select the button next to the field to choose the location where it is.
- For all intents and purposes, that is it. You can build it and run it, and it will install the agent without having someone run the install.sh script. However, there are a few other items to configure to make it a little more viable.
- Over under the Contents section, click the package icon right above it to select it (it should say "Untitled Package"). Under the "Configuration" header, you can name the package to something more familiar (e.g. "McAfee Agent 4.0 Patch 2"). Since I only want this installed on the "System Volume", I only check the "System Volume" option and then leave everything else default.
- If you want (I did not do this), you can click on the "Requirements" section, and actually add additional requirements before the package can be installed. This is everything to the OS version (say, 10.6.2 or greater only), to memory, hard drive and CPU minimum specs. That is totally up to you, but interesting to mess around with.
- Now, you can even edit the interface (click the blue "Edit Interface" button on the top right of PackageMaker) to put in a company logo on the package background (or a McAfee logo with their legal's permission of course), as well as change the text to explain what the package is doing. After you are done, simply close the interface dialog (there is no "save" button, but trust me, it is saved)
- You can now simply build the package. Also, make sure you save your settings you just set up to. This comes in handy when you need to go back and change it for a newer version of the agent.
From here, if you decide to put it out on to an FTP server, make sure to create a DMG file of the package so users are not clicking through the .pkg as if it is simply a folder on the FTP server. You can do this from the terminal by entering:
hdiutil create McAfeeAgent4patch2.dmg -volname "McAfee Agent 4.0 patch 2" -fs HFS+ -srcfolder /Locationof Package/McAfeeAgent4patch2.pkg
This worked for me, so I hope everyone else finds it useful.