Java 8u91 best way to have casper install it ??

tcandela
Valued Contributor II

what are some of the ways JAMF nation Casper admins create Java pkg for installation ?

Java8u91 comes as a .dmg and then mounts as a .app - that says 'Double-click on icon to install'

are you using composer? the .app ?

1 ACCEPTED SOLUTION

obi-k
Valued Contributor III

Go inside the contents of the .app to get the package. Drop into Casper Admin.

https://jamfnation.jamfsoftware.com/discussion.html?id=17507

View solution in original post

21 REPLIES 21

Josh_Smith
Contributor III

Autopkg.

If you want to see the manual process @rtrouton has a good blog post for a previous version, you can see if that info still applies: https://derflounder.wordpress.com/2015/10/20/oracles-java-8-update-65-the-return-of-the-java-install...

obi-k
Valued Contributor III

Go inside the contents of the .app to get the package. Drop into Casper Admin.

https://jamfnation.jamfsoftware.com/discussion.html?id=17507

tcandela
Valued Contributor II

ok, I right clicked the .app and /contents/Resources and dragged the JavaAppletPlugin.pkg to desktop

@mvu I checked out the link @Josh.Smith provided, based on the information provided from reading that link, after java installs the JavaAppletPlugin.pkg via Casper Policy, the application will prompt for admin privileges before fully launching and a few other user needed input. Going to check this out.

hope this is not still happening.

scottb
Honored Contributor

Definitely look at AutoPKG(r)

You can get the sfw in many formats, and it's a piece of cake to get the latest versions.

Josh_Smith
Contributor III

@tcandela I think the portion of Rich's post you are referring to (about the elevation prompt) is for the .app...not the .pkg:

Now that the good news is covered, let’s talk about the install application. Oracle’s Java 8 Update 65 install application has the following behavior: This application will prompt for admin privileges before fully launching.

tcandela
Valued Contributor II

@Josh.Smith oh, ok. Going to be testing the .pkg pulled from /path/to/install.app/Contents/Resources/JavaAppletPlugin.pkg soon

Taylor_Armstron
Valued Contributor

Has anyone suggested AutoPKG yet? ;)

Seriously, it is worth the price of admission just for Java and Flash updates.
(that's a joke, since the "price" = "Free".

maxvre
New Contributor

I packaged Java 8 Update 92 yesterday for a manual ARD deployment with everything dumped into an Iceberg package. It's not the casper way of doing it but there may be stuff in here that will be of use to you. I'll try to post the config files below.

maxvre
New Contributor

The postflight script

Install Java 8 update 92

sudo installer -dumplog -verbose -pkg "$1/Contents/Resources/JavaAppletPlugin.pkg" -target /

---------------------------------------------

Make the Deployment folder. Is not created by default.

sudo mkdir -pv -m 755 "/Library/Application Support/Oracle/Java/Deployment"
sudo chown root:admin "/Library/Application Support/Oracle/Java/Deployment/"

Copy Deployment System-Wide Config Files

sudo cp -R "$1/Contents/Resources/deployment.config" "/Library/Application Support/Oracle/Java/Deployment/"
sudo cp -R "$1/Contents/Resources/deployment.properties" "/Library/Application Support/Oracle/Java/Deployment/"
sudo cp -R "$1/Contents/Resources/exception.sites" "/Library/Application Support/Oracle/Java/Deployment/"

sudo chown root:admin "/Library/Application Support/Oracle/Java/Deployment/deployment.config"
sudo chown root:admin "/Library/Application Support/Oracle/Java/Deployment/deployment.properties"
sudo chown root:admin "/Library/Application Support/Oracle/Java/Deployment/exception.sites"

sudo chmod 755 "/Library/Application Support/Oracle/Java/Deployment/deployment.config"
sudo chmod 755 "/Library/Application Support/Oracle/Java/Deployment/deployment.properties"
sudo chmod 755 "/Library/Application Support/Oracle/Java/Deployment/exception.sites"

---------------------------------------------

Disable the Auto Updates check box in Java Control Panel

sudo defaults write /Library/Preferences/com.oracle.java.Java-Updater JavaAutoUpdateEnabled -bool false

Disable Sponsor offers during install or updating of Java

sudo defaults write "/System/Library/User Template/English.lproj/Library/Application Support/JREInstaller/ThirdParty" SPONSORS -string "0"

-----------------------------------------------

exit 0

maxvre
New Contributor

The Deployment.Config File

####################################################################

Java SE JRE 8 OSX Enterprise Settings Config File 07/06/2016

####################################################################

The location of the system level deployment.properties file

deployment.system.config="file:///Library/Application Support/Oracle/Java/Deployment/deployment.properties"

####################################################################

If the below is set to true, and the deployment.properties file can't be found

then NO java applet will be permitted to run on this system.

deployment.system.config.mandatory=false

maxvre
New Contributor

I'm sorry about the formatting, the hashes in the files code are making the text in the post huge.

The Deployment.Properties File

-----------------------------------------------------------------------------------------

Java 8 SE Update 92 Deployment Properties File

07/JUNE/2016

-----------------------------------------------------------------------------------------

-----------------------------------------------------------------------------------------

SECURITY TAB

-----------------------------------------------------------------------------------------

Enable Java content in the browser OPTIONS: true false

deployment.webjava.enabled=true
deployment.webjava.enabled.locked

Security Level OPTIONS: MEDIUM HIGH VERY_HIGH

deployment.security.level=HIGH
deployment.security.level.locked

Location of the centrally managed exception sites list. NOTE: DO NOT PUT QUOTE "" MARKS AROUND THE URL. IT WON'T WORK!!!

deployment.user.security.exception.sites=/Library/Application Support/Oracle/Java/Deployment/exception.sites

deployment.user.security.exception.sites.locked

-----------------------------------------------------------------------------------------

ADVANCED TAB

-----------------------------------------------------------------------------------------

---------

DEBUGGING

---------

Enable tracing OPTIONS: true false

deployment.trace=false

deployment.trace.locked

Enable logging OPTIONS: true false

deployment.log=false

deployment.log.locked

Show applet life-cycle exceptions OPTIONS: true false

deployment.javapi.lifecycle.exception=false

deployment.javapi.lifecycle.exception.locked

----------------------------------------

JAVA CONSOLE OPTIONS: HIDE SHOW DISABLE

----------------------------------------

deployment.console.startup.mode=HIDE

deployment.console.startup.mode.locked

Default Java For Browsers

-------------------------

Microsoft Internet Explorer

Set in the registry

Mozilla Family

Set in the registry

Java Plug-in

------------

NOTE: THIS OPTION ONLY APPEARS IN THE X86 VERSION OF JAVA

Enable the next generation Java Plug-in (requires browser restart)

Set in the registry

---------------------------------------------------------------

SHORTCUT CREATION OPTIONS: NEVER ALWAYS ASK_USER ASK_IF_HINTED

---------------------------------------------------------------

deployment.javaws.shortcut=NEVER

deployment.javaws.shortcut.locked

------------------------------------------------------------

JNLP FILE / MIME ASSOCIATION OPTIONS: ALWAYS ASK_USER NEVER

------------------------------------------------------------

The options for this in the official documentation are wrong on the Oracle website. The above options are correct.

deployment.javaws.associations=ASK_USER

deployment.javaws.associations.locked

---------------------------------------------------------------------------------

APPLICATION INSTALLATION OPTIONS: IF_HINT IF_SHORTCUT IF_HINT_AND_SHORTCUT NEVER

---------------------------------------------------------------------------------

deployment.javaws.install=IF_HINT

deployment.javaws.install.locked

---------------------------------------

EXECUTION ENVIRONMENT SECURITY SETTINGS

---------------------------------------

Allow user to grant permissions to signed content OPTIONS: true false

deployment.security.askgrantdialog.show=true

deployment.security.askgrantdialog.show.locked

Show sandbox warning banner OPTIONS: true false

deployment.security.sandbox.awtwarningwindow=false

deployment.security.sandbox.awtwarningwindow.locked

Allow user to accept JNLP security requests OPTIONS: true false

deployment.security.sandbox.jnlp.enhanced=true

deployment.security.sandbox.jnlp.enhanced.locked

Don't prompt for client certificate selection when no certificates or only one exists OPTIONS: true false

deployment.security.clientauth.keystore.auto=true

deployment.security.clientauth.keystore.auto.locked

Warn if site certificate does not match host-name OPTIONS: true false

deployment.security.jsse.hostmismatch.warning=true

deployment.security.jsse.hostmismatch.warning.locked

Show site certificate from server even if it is valid OPTIONS: true false

deployment.security.https.warning.show=false

deployment.security.https.warning.show.locked

-----------------------------------------------------------------------------------------------------

MIXED CODE (SANDBOXED VS TRUSTED) SECURITY VERIFICATION OPTIONS: ENABLE HIDE_RUN HIDE_CANCEL DISABLE

-----------------------------------------------------------------------------------------------------

deployment.security.mixcode=HIDE_RUN

deployment.security.mixcode.locked

-------------------------------------------------------------------------------------------------------

PERFORM SIGNED CODE CERTIFICATE REVOCATION CHECKS ON OPTIONS: PUBLISHER_ONLY ALL_CERTIFICATES NO_CHECK

-------------------------------------------------------------------------------------------------------

deployment.security.revocation.check=ALL_CERTIFICATES

deployment.security.revocation.check.locked

-----------------------------------------------------------------------

CHECK FOR SIGNED CODE CERTIFICATE REVOCATION USING OPTIONS: true false

-----------------------------------------------------------------------

deployment.security.validation.ocsp=true
deployment.security.validation.crl=true

-------------------------------------------------------------------------------------------------------

PERFORM TLS CERTIFICATE REVOCATION CHECKS ON OPTIONS: PUBLISHER_ONLY ALL_CERTIFICATES NO_CHECK

-------------------------------------------------------------------------------------------------------

deployment.security.tls.revocation.check=ALL_CERTIFICATES

deployment.security.tls.revocation.check.locked

-----------------------------------------------------------------------

CHECK FOR TLS CERTIFICATE REVOCATION USING OPTIONS: true false

-----------------------------------------------------------------------

deployment.security.tls.validation.ocsp=true
deployment.security.tls.validation.crl=true

--------------------------

ADVANCED SECURITY SETTINGS

--------------------------

Use certificates and keys in browser key-store OPTIONS: true false

deployment.security.browser.keystore.use=true

deployment.security.browser.keystore.use.locked

Enable blacklist revocation check OPTIONS: true false

deployment.security.blacklist.check=true

deployment.security.blacklist.check.locked

Enable caching password for authentication OPTIONS: true false

deployment.security.password.cache=true

deployment.security.password.cache.locked

Use SSL 2.0 compatible client hello format OPTIONS: true false

deployment.security.SSLv2Hello=false

deployment.security.SSLv2Hello.locked

Use TLS 1.0 OPTIONS: true false

deployment.security.TLSv1=true

deployment.security.TLSv1.locked

Use TLS 1.1 OPTIONS: true false

deployment.security.TLSv1.1=true

deployment.security.TLSv1.1.locked

Use TLS 1.2 OPTIONS: true false

deployment.security.TLSv1.2=true

deployment.security.TLSv1.2.locked

-------------

MISCELLANEOUS

-------------

Place Java icon in the system tray OPTIONS: true false

deployment.system.tray.icon=false

deployment.system.tray.icon.locked

-----------------------------------------------------------------------------------------

MISCELLANEOUS SETTINGS

-----------------------------------------------------------------------------------------

Prompt user before using insecure JRE version? OPTIONS: PROMPT NEVER

----------------------------------------------

deployment.insecure.jres=NEVER

Auto download an updated version of Java Web Start? OPTIONS: ALWAYS PROMPT NEVER

---------------------------------------------------

deployment.javaws.autodownload=NEVER

Prompt users to update the JRE when an out-of-date JRE is found on their system? OPTIONS: true false

--------------------------------------------------------------------------------

deployment.expiration.check.enabled=false

tcandela
Valued Contributor II

oh, i didn't see 8u92

maxvre
New Contributor

Exception.Sites File
Just a plain text file with a list of https addresses in it. Only needed if you want to control approved websites to run Rich Internet Applications (JAR files etc.) without them being blocked.

https://www.google.com

maxvre
New Contributor

Orcale release 2 versions at the same time. Why? I don't know. O_o? Theres a "mandatory bug fix" version 91 and a "mandatory + extra bugs fixed" version 92. You can get both of them here:

Java 8 SE (Standard Edition)
http://www.oracle.com/technetwork/java/javase/downloads/index.html

This is where I usually get them instead of Java.com <- That site for the public.

scottb
Honored Contributor

@Taylor.Armstrong - I think so, but then again, I don't see any acknowledgement. Maybe we're using invisible fonts? :)
Just in case: .- ..- - --- .--. -.- --. .-.

Has anyone suggested AutoPKG yet? ;) Seriously, it is worth the price of admission just for Java and Flash updates. (that's a joke, since the "price" = "Free".

CasperSally
Valued Contributor II

@maxvre One release is CPU, one is PSU. Some links below for reference.

"Which Java version should I choose: the CPU or the PSU?
Oracle strongly recommends that all Java SE users upgrade to the latest CPU release available for a release family. Most users should choose the CPU release.

Users should only use the corresponding PSU release if they are being impacted by one of the additional bugs fixed in that version as noted in the release notes."

http://www.oracle.com/technetwork/java/javase/cpu-psu-explained-2331472.html

https://www.java.com/en/download/faq/release_dates.xml

maxvre
New Contributor

The deployment.properties file above may be overkill for what you want to do but it lets me configure every setting in the advanced tab of the Java control panel.

Any setting you don't want locked, just put a hash in front of the "locked" line and it will be ignored.

Also note! in the postflight script the default write command for
"Disable Sponsor offers during install or updating of Java"

This setting isn't available in the deployment.properties file and has to be set by a default write command. Why? Bad programming on oracles part. I've seen people posting on the net variations of the setting that gets created in the users home directory deployment.properties file when you tick the box manually but none of them worked for me. Only this default write command ticked the box for me in the Java control panel. Tested it in a clean VM to make sure.

tcandela
Valued Contributor II

I grabbed my 8u92 from here

http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html

maxvre
New Contributor

@CasperSally If in doubt, go with version 91 Sally. It's up to you.

maxvre
New Contributor

What I have posted gives you control over "every" setting in the Java 8 control panel and may be more than what some people need, if they just want a simple package deployment. Everyone has their own deployment method and preferred software.

howie_isaacks
Valued Contributor II

I have been using Composer to build a deployable package. This has worked well for me, but often, when I run a test install via Self Service, I would end up with a bad installation of Java. I created a new package for 8u91 yesterday, and it seems to be working really well.