Packaging iTunes 12.3.1

rmhughes
New Contributor

Hi Guys,

New CCT here, forgive my noobiness.

Just trying to package iTunes 12.3.1

On blank 10.11 OS.

Tried dragging the package from the iTunes12.3.1.dmg into Composer and building a package. The installer worked but then was hit with an error on test machines (screen shot attached). Test machines were both 10.10 and 10.11.

Then under normal snap shot. I captured the installation and my only edit to the files was deleting users. The result was very similar, I'll get a screen shot after I re-image and test.

Can anyone tell me how they've done it?

Thanks a lot!

EDIT - Attached error of normal snapshot.6282b5d52f2548b68b1e5ce3d5d0a68b

"This copy ofdb886511662e46ccab46c4d6e7ef574d

1 ACCEPTED SOLUTION

Aziz
Valued Contributor

@rmhughes

On OS X 10.11 iTunes.app is SIP protected. That means you cannot write to it, only Apple can.

Take the "Install iTunes.pkg" and don't use Composer.

https://support.apple.com/en-us/HT204899

https://derflounder.wordpress.com/2015/10/01/system-integrity-protection-adding-another-layer-to-apples-security-model/

View solution in original post

12 REPLIES 12

chriscollins
Valued Contributor

@rmhughes Why are you trying to repackage iTunes? The installer package from the website is a perfectly fine install package. Just drag it into Casper admin and use it.

I know in the CCT classes you may here different opinions on when you should repackage things or not (DMG files with dragging the app into Applications is a perfect example of when you would repackage). But, if the installer works fine on its own, you really shouldn't repackage it as you are gaining nothing.

Aziz
Valued Contributor

iTunes.app has System Integrity Protected (SIP) enabled. It simply won't work without SIP disabled.

Download iTunes from here and deploy the .pkg https://www.apple.com/itunes/download

rmhughes
New Contributor

We generally re-package because we prevent students from having write access from the package contents of an App.

Workflow
Drag install Install iTunes.pkg to Composer
Convert to Source
Create package Run package - Hit with “Installation failed” error

Or are you suggesting, just use the “Install iTunes.pkg” as the file and not use composer at all?

Thanks a lot

Aziz
Valued Contributor

@rmhughes

On OS X 10.11 iTunes.app is SIP protected. That means you cannot write to it, only Apple can.

Take the "Install iTunes.pkg" and don't use Composer.

https://support.apple.com/en-us/HT204899

https://derflounder.wordpress.com/2015/10/01/system-integrity-protection-adding-another-layer-to-apples-security-model/

calumhunter
Valued Contributor

Yes, there is no need to repackage. Use Install iTunes.pkg

What do you mean when you say "prevent students from having write access from the package contents of an App."

In general, try to avoid repackaging at all costs. Use vendor provided packages.

mpermann
Valued Contributor II

@rmhughes the workflow for iTunes would be to simply drag the Install iTunes.pkg file into the Casper Admin window to upload the package and deploy the package as it is. You should not repackage the iTunes application using Composer. If you have a .pkg file, you're better off trying to use it simply as it is rather than repackage it. Test it and if it doesn't work then maybe you might have to repackage it. Try it with iTunes and see how it works for you.

calumhunter
Valued Contributor

In general, try to avoid repackaging at all costs. Use vendor provided packages.

rmhughes
New Contributor

Hi Guys,

Thank you for the responses. It's cleared it all up for me. We generally re-packing so we can restrict write access, but as you guys say, it's fine in this case.

Cheers
R

calumhunter
Valued Contributor

Still not sure what you mean by restrict write access though....

rmhughes
New Contributor

Just preventing clients from having write access anywhere in ~/Applications :)

SQR
New Contributor

Preventing clients having write access in Applications? I simply don't get it. One thing I've learned from casper training and i have been managing apple devices for a long long time before integrating Casper, the process of overthinking things and making things more complex then they need to be, is easy to get caught up on when managing systems.

So you have to find a point where, this is the big picture and end goal. does this whole "prevent clients from having write access anywhere in Applications" fit in to how your managing your devices overall. whats the big picture management structure.

donmontalvo
Esteemed Contributor III

@rmhughes wrote:

Just preventing clients from having write access anywhere in ~/Applications :)

M'yea, not sure why you would ever want to micromanage your users' home directories, did you mean /Applications? A lot depends on the minimum/baseline security requirements laid out by the business.

Don

--
https://donmontalvo.com