is there the possibility the component that's trying to traverse the firewall lives outside the app bundle? like in /Library or /Library/Application Support? or even at the user-level?

Another thing to try is adding the binary itself (or multiple of them if there are others within the app bundle) as the exceptions.

@htse I wasn't able to find any relatable application files in the system and user library.

I've tried adding the binary inside the package >> MacOS folder >> Cisco Jabber with no luck :(

Hi all

I've been able to replicate this and the problem has only become apparent for users without admin rights. The problem is to do with the applications code signature not being recognised and so prompts the user to allow through the firewall and requires admin rights.

No matter how i packaged the app in Composer as a pkg or dmg i kept getting the issue.

The solution was to download the Cisco Jabber installer from Cisco, put the downloaded original zip file in /private/tmp/ and have this as a postinstall script in Composer

#!/bin/sh
## postinstall

pathToScript=$0
pathToPackage=$1
targetLocation=$2
targetVolume=$3

# Check to see if the zip file exists in /tmp/
if [ -f $3/tmp/CiscoJabberMac*.zip ]; then

# If Jabber is installed, delete it
if [ -d $3/Applications/Cisco Jabber.app/ ]; then
rm -rf $3/Applications/Cisco Jabber.app/
fi

# Unzip Jabber to /tmp
unzip -q $3/tmp/CiscoJabberMac*.zip -d /tmp/

# remove resource forks
rm -rf $3/tmp/__MACOSX

#move the app from /tmp to /Applications
mv $3/tmp/Cisco Jabber.app /Applications/

# If the app still exists in /tmp delete it
if [ -d $3/tmp/Cisco Jabber.app/ ]; then
rm -rf $3/tmp/Cisco Jabber.app/
fi

# Delete the zip file in /tmp
if [ -f $3/tmp/CiscoJabberMac*.zip ]; then
rm -rf $3/tmp/CiscoJabberMac*.zip
fi
fi




exit 0      ## Success
exit 1      ## Failure

I'm still having issues with this but i'm trying a new approach to modify the authorization database to allow all users to make the change. This suppresses the admin prompt and still allows the user to click allow and all is well.

#!/bin/sh

sudo security authorizationdb write com.alf allow

early testing is proving positive. Hope this helps someone out :)

Tim

@tkimpton Awesome. I'll be upgrading Jabber pretty soon. Hoping this works so we can also enable the firewall. Thanks!

so ive been in support calls with Cisco (email anyway) the command i provided stops the admin pop up for the application firewall.

Cisco have told me to carry out this codesign --verify --deep -vvvvvvv --strict "Cisco Jabber.app"

If is comes back verified then its ok.

So i ran codesign --verify --deep -vvvvvvv --strict "/Applications/Cisco Jabber.app" and it passed after a manual install drag and drop.

However when either dragging the app in Composer or scripting the installation with the downloaded zip file the signature check fails!

It seems you cannot package up Cisco Jabber at all as a pkg. The only way i have been able to deploy it with a signature intact is to deploy if via a dmg made in Composer and then it seems ok.

In version 11.7 Cisco are switching to a native pkg installer so we shouldn't need to faff around like this.

@tkimpton We're on Jabber 11.7.1 and Jabber appears to be fine deploying from a .pkg. No firewall prompts when making phone calls. How about you?