Jamf Nation Community

pbenham · ‎01-05-2010

Hi all,

just a quick question for anyone who uses Keyserver. I am in the process of rolling out a new version of the KeyAccess client (v6.2.0.2) and would like to be able to use the .mpkg that is provided directly by Keyserver as it can be customized for our environment using the k2clientconfig command line options. The issue that I am running into is that if I set a policy to install the .mpkg on a machine the package is installed incorrectly (the installer logs show permissions errors). I checked out the JAMF Knowledge base and found this article (http://jamfsoftware.com/kb/article.php?id=157) which I assume is the problem that I am experiencing:

"The MPKG file format may not always work natively with Casper Remote or Policy deployments. This is because embedded permissions on the files within the mpkg may conflict with the privileges used by the Distribution Point read/write user. It is suggested that you first try using the .mpkg file on a test machine. If the deployment does not successfully install, then use Composer to make a dmg package for distribution with Casper Remote or Policies. Composer will not convert the mpkg to dmg, but you can use the snap-shot or the PreBuilt method to create a dmg installer."

Unfortunately a dmg of the KeyAccess client built by Composer does not include the pre and postflight scripts that the original .mpkg does.

So my question is - has anyone managed to use the .mpkg in any way?

thanks in advance

paul

Paul Benham
Desktop Operations Analyst
Bates College
110 Russell Street
Lewiston, ME 04240
PH: 207-786-6382
pbenham at bates.edu

jarednichols · ‎01-05-2010

I’m not a KeyServer user, but I’ve run into this with other mpkgs that are customized or that I’d like to use “as-is” instead of running through another Composer session. In particular, one that was doing the same thing was for our laptop encryption solution.

What I found worked was that you can drag the installer file into the Casper Admin app so that it is uploaded to the server. Then, go into Server Admin and go to the CasperShare and re-propagate the permissions (O/G/E and ACLs) and that seemed to fix the issues during deployment.

Give it a go.

j

ernstcs · ‎01-05-2010

Paul,

We’ve just done a traditional package on this beast with no issue. I know it’s nice to use the premade installers, but sometimes a traditional package isn't all that bad either. Just need to make sure you have it reboot after the install.

Craig E

Report Inappropriate Content · ‎01-05-2010

Paul,

I created a script to deploy MS Office via Casper, you can modify the values
to accomplish your objective. I have used this script to deploy other mpkg.
As long as you have the mpkg in a dmg you should be able to use this script
as a post install script in Apple's Package Maker.

I can provide more details if needed, but you should be able to drag and
drop the dmg into Package Maker, chose /tmp/ as the destination, and assign
the script as post install and post upgrade.

Script

#!/bin/bash
############################################################################################################################
# Variables for volume checking
rootpath="Volumes"
volumecheck="Microsoft Office 2008"
#
#
# Variables for installation
installimagerootpath="tmp"
installimage="MsOffice2008MacDVD.dmg"
installername="Office Installer.mpkg"
installpath="/$rootpath/$volumecheck"
#
#
##################################
# DO NOT MODIFY BELOW THIS LINE
##################################
#
############################################################################################################################
#
#
test -d "/$rootpath/$volumecheck" # check if volume exist

if [ "$?" = "0" ] # If exist then /sbin/umount "/$rootpath/$volumecheck" # Unmount volume /bin/sleep 2 # Wait for system to unmount image /usr/bin/hdid "/$installimagerootpath/$installimage" # Mount the
installers volume /bin/sleep 2 # Wait for system to mount image /usr/sbin/installer -pkg "/$installpath/$installername" -target / #
Install
/sbin/umount "/$rootpath/$volumecheck" # Unmount install volume
/bin/rm -f "/$installimagerootpath/$installimage" # Delete image from
system

elif [ "$?" = "1" ] # If does NOT exist
then
/usr/bin/hdid "/$installimagerootpath/$installimage" # Mount the installer
volume /bin/sleep 2 # Wait for system to mount image /usr/sbin/installer -pkg "/$installpath/$installername" -target / #
Install /sbin/umount "/$rootpath/$volumecheck" # Unmount install volume
/bin/rm -f "/$installimagerootpath/$installimage" # Delete image from system
fi

Anthony Avarca
aavarca at anl.gov
630.252.4940

robertojok · ‎09-14-2022

In case anyone is interested, the latest version of key server client, now called ksp-cient.pkg is much easier to install.

the K2ClientConfig is not recommended by Sassafras and not even usable, since using it removes the digital signature from the .pkg, which is a no no for the latest macOS versions.

So to deploy is really simple by simply dropping the installer where you can run a command, for instance in /tmp/

There are two main commands at the most basic level; the first command simply writes to the /Library/Preferences to configure the server and the second command simply installs the .pkg.

Worth noting that the /Library/Preference command needs to be present before installing the .pkg.

This is a simple script that does the work

--------------------------------

#!/bin/bash

#Configure Sassafras server preferences and then install ksp-client 7.8.1.0-2022-08-25.pkg

#configure the server
defaults write /Library/Preferences/com.sassafras.KeyAccess host YOUR-KEY-SERVER-IP

#Install ksp-client 7.8.1.0-2022-08-25.pkg
installer -tgt / -pkg /tmp/ksp-client\ 7.8.1.0-2022-08-25/ksp-client\ 7.8.1.0-2022-08-25.pkg

#remove the installer
rm -rf /tmp/ksp-client\ 7.8.1.0-2022-08-25

-----------------------------------------

Remember to configure a Restart.

Jamf Nation Community

KeyServer client installer