I highly suggest using this little puppy... Makes life so much easier!
installPKGfromDMG with extra parameters for supplying an xml answer file within your DMG container
Create your xml file, add it into your DMG next to your PKG... Create a policy to cache the DMG, add this script (after priority) and supply parameters
dmgName="" # Required eg anyconnect.dmg
forcesuccessflag="" # Optional
useinstallerapp="" # Optional eg YES
allowUntrusted="" # Optional
applyChoiceChangesXMLFile="" # Optional eg myfileinsidethedmg.xml
Supplying parameter 5/forcesuccessflag with "YES" without quotes and case sensitive allows PKG exit code to be bypassed and returns a forced exit code of 0 to the JSS (if needed).
Supplying parameter 6/useinstallerapp with "YES" without quotes and case sensitive forces the use of macOS native installer binary to install the PKG.
Supplying parameter 7/allowUntrusted with "YES" without quotes and case sensitive allows to bypass an invalid or expired certificate embedded within the PKG.
Supplying parameter 8/applyChoiceChangesXMLFile with an XML filename allows the PKG to be supplied an xml answerfile. The xml file MUST be beside the PKG wrapped in your DMG.
Please take careful note, that parameters 7 (allowUntrusted) and 8 (applyChoiceChangesXMLFile) are dependent on parameter 6 (useinstallerapp) being YES. I've also added mpkg if no pkg is found within the DMG. Additionally all parameters will be parsed in the logs so one can see if, when, and where something went wrong.
For anyone that is still trying to get just the VPN package out of the AnyConnect DMG, it's as simple as following these steps:
- Download AnyConnect DMG from Cisco.
- Extract AnyConnect.pkg from DMG to your Desktop.
- Run the following commands in Terminal:
mkdir AnyConnectVPN
pkgutil --expand AnyConnect.pkg AnyConnect
cp -r AnyConnect/vpn_module.pkg ./
cp -r vpn_module.pkg/* AnyConnectVPN/
pkgutil --flatten AnyConnectVPN AnyConnectVPN.pkg
rm -r ./AnyConnect.pkg ./AnyConnect ./AnyConnectVPN ./vpn_module.pkg
That should remove the VPN module from the Cisco AnyConnect PKG and turn it into a stand-alone deployable PKG that installs with no errors like it does when you try to install just the vpn_module.pkg.
This still works on 4.8 btw, thanks it was driving me spare.
@d.williams Your steps Worked Great! I just packaged the 4.10 client. Thank you! If we wanted to include the .xml file with the connect-to sites on it, where would we place that in this? Or is this even possible?
I'd advise using Choices XML rather than repackaging our installer. This is how I do it for us internally: https://www.jamf.com/jamf-nation/discussions/23198/cisco-anyconnect-4-4#responseChild140881
I'd advise using Choices XML rather than repackaging our installer. This is how I do it for us internally: https://www.jamf.com/jamf-nation/discussions/23198/cisco-anyconnect-4-4#responseChild140881
@iJake Just curios... if we only wanted the VPN component from the install list, is there any reason why we can't just use the WebDeploy version of the 4.10 AnyConnect installer? anyconnect-macos-4.10.01075-webdeploy-k9.pkg
@iJake Just curios... if we only wanted the VPN component from the install list, is there any reason why we can't just use the WebDeploy version of the 4.10 AnyConnect installer? anyconnect-macos-4.10.01075-webdeploy-k9.pkg
That installer is meant to be delivered by the headend for autoupdates. I've never tried to use it standalone so can't say for sure but likely you'd be advised against it officially.
