This package is incompatible with this version of macOS and may fail to install

TMPlatform
New Contributor

Hi Team,

Need some assistance with packaging Cisco AnyConnect and getting some errors along the way.

I am using Composer to create the package using a snapshot. I clean up the package a little bit before creating the pkg.

I'm in the stages of testing the package but I get a couple of errors along the way and trying to troubleshoot what's going on. I have attached some images of the errors.

Running Big Sur 11.4

5b0ff960b9f348ca8e300c52bc5d52cf

542b2db372734d4a930783638cc3237c

22 REPLIES 22

mark_mahabir
Valued Contributor

Unfortunately I don’t see any attachments?

TMPlatform
New Contributor

@mark.mahabir Hi Mark, sorry. I have now added the screenshots. Thanks!

Jason33
Contributor III

Are there different installers for Intel/Arm, and trying to install one on the other? If this is for an M1, is Rosetta 2 installed?

TMPlatform
New Contributor

@Jason33 Hi Jason, this is on an Intel machine. There are very few M1s in the business at the moment, but as part of our enrolment policy Rosetta is installed. Cheers!

junjishimazaki
Valued Contributor

I would recommend instead of capturing the installation, create a post install script in Composer. Then before installing, create a conditional statement to check if the CPU is Intel or Arm. If it's arm64, install the rosetta and then the package. If not then continue with the installation. Makes this a smarter installer

JustDeWon
Contributor III

@TMPlatform what's the full version of AnyConnect you're trying to install? Big Sur support for AnyConnect started on 4.9.04xxx. You may want to validate the version

junjishimazaki
Valued Contributor

Cisco 4.8 installs fine on my primary Mac with Big Sur. No compatibility issues.

JustDeWon
Contributor III

@junjishimazaki unless Cisco has changed their AnyConnect application to be compatible with System Extensions in any version below 4.9.04xxx, then I'm not sure how that's working on Big Sur, based on this and from experience dealing with multiple issues with Big Sur and AnyConnect

junjishimazaki
Valued Contributor

@JustDeWon , I'm aware of the compatibility advisory. I'm just stating I don't have any issues with Cisco 4.8 on my Mac. Anyways, my situation is irrelevant to the OP's topic. The screenshot he provided shows TM is installing 4.9. So, which is why instead of capturing the installation, it's easier to create a package with a pre-install script.

TMPlatform
New Contributor

@JustDeWon If I install the pkg from the DMG then it installs fine but I am trying to create the package that includes the company profile. So what I am doing taking a snapshot inside of Composer, installing Cisco AnyConnect, adding the profile and then export that as a pkg. It is this PKG which is having issues.

TMPlatform
New Contributor

@junjishimazaki Thanks for the advice. I'll be honest I am not a packager and learning this stuff for the first time. Are you able to provide any resources I could work through?

MikeF
Contributor II

I have found that when packaging AnyConnect you need to do it this way
Expand the AnyConnect.pkg
Pkgutil --expand AnyConnect.pkg ~/Documents/AnyConnectVPN

then I opened the Distribution file inside of the expanded package and look for these type entries
<choices-outline> <line choice="choice_vpn"/>

Leave what you want and delete the ones you don't. I only package vpn, posture, and dart
After saving the Distribution file, I flattened the package.
pkgutil --flatten ~/Documents/AnyConnectVPN ~/Desktop/AnyConnect.pkg

I have also found that changing the name to add the version number it will fail to open. Package it first ands then change the name if needed.

I have this working on the latest version of Anyconnect.

junjishimazaki
Valued Contributor

I create a folder called "anyconnect_4_9" (you call it whatever you want it to be) in the private/tmp . I have 3 files in that folder, the Cisco AnyConnect package, the anyconnect choice xml file, and the my vpn portal profile. I drag/drop that folder into Composer, make the necessary folder permission, and then create post-install script that I attached to this post. Make sure to digitally sign the package when you create the package.

TMPlatform
New Contributor

@junjishimazaki Thanks for your last post. I tried looking for your attachment but you may have not attached it?

junjishimazaki
Valued Contributor

How about now?

junjishimazaki
Valued Contributor

!/bin/sh

postinstall

installer ‑showChoicesXML -pkg /private/tmp/anyconnect_4_9/AnyConnect.pkg -target / > ~/Desktop/showchoices.xml

Get computer architecture type

arch_name="$(uname -m)"

check condition if type is Intel

if [ "$arch_name" = "x86_64" ]; then installer -applyChoiceChangesXML /private/tmp/anyconnect_4_9/anyconnect_choices.xml -pkg /private/tmp/anyconnect_4_9/AnyConnect.pkg -target / cp /private/tmp/anyconnect_4_9/ACManifestVPN.xml /opt/cisco/anyconnect/profile/ACManifestVPN.xml
elif [ "$arch_name" = "arm64" ]; then # install rosetta first /usr/sbin/softwareupdate --install-rosetta --agree-to-license # install anyconnect package installer -applyChoiceChangesXML /private/tmp/anyconnect_4_9/anyconnect_choices.xml -pkg /private/tmp/anyconnect_4_9/AnyConnect.pkg -target / cp /private/tmp/anyconnect_4_9/ACManifestVPN.xml /opt/cisco/anyconnect/profile/ACManifestVPN.xml
else echo "Unknown architecture"
fi

rm -rf /private/tmp/anyconnect_4_9

exit 0 ## Success
exit 1 ## Failure

junjishimazaki
Valued Contributor

<?xml version="1.0" encoding="UTF-8"?>
<vpn rev="1.0"> <file version="4.8.00175" id="VPNCore" is_core="yes" type="dmg" action="install"> <uri>binaries/anyconnect-macos-4.8.00175-core-vpn-webdeploy-k9.dmg</uri> <display-name>AnyConnect Secure Mobility Client</display-name> <ServerList> <HostEntry> <HostName>HOSTNAME</HostName> <HostAddress>VPN PORTAL ADDRESS/HostAddress> <UserGroup></UserGroup> </HostEntry>
</ServerList> </file>
</vpn>

TMPlatform
New Contributor

@junjishimazaki Got it, thank you.

TMPlatform
New Contributor

@junjishimazaki Am I copying this script verbatim or do I have to amend this in any way?

!/bin/sh postinstall installer ‑showChoicesXML -pkg /private/tmp/anyconnect_4_9/AnyConnect.pkg -target / > ~/Desktop/showchoices.xml Get computer architecture type arch_name="$(uname -m)" check condition if type is Intel if [ "$arch_name" = "x86_64" ]; then installer -applyChoiceChangesXML /private/tmp/anyconnect_4_9/anyconnect_choices.xml -pkg /private/tmp/anyconnect_4_9/AnyConnect.pkg -target / cp /private/tmp/anyconnect_4_9/ACManifestVPN.xml /opt/cisco/anyconnect/profile/ACManifestVPN.xml elif [ "$arch_name" = "arm64" ]; then # install rosetta first /usr/sbin/softwareupdate --install-rosetta --agree-to-license # install anyconnect package installer -applyChoiceChangesXML /private/tmp/anyconnect_4_9/anyconnect_choices.xml -pkg /private/tmp/anyconnect_4_9/AnyConnect.pkg -target / cp /private/tmp/anyconnect_4_9/ACManifestVPN.xml /opt/cisco/anyconnect/profile/ACManifestVPN.xml else echo "Unknown architecture" fi rm -rf /private/tmp/anyconnect_4_9 exit 0 ## Success exit 1 ## Failure

junjishimazaki
Valued Contributor

You can copy/paste the whole thing and add # in front of my comments or you can remove my comments

TMPlatform
New Contributor

@junjishimazaki What do I enter in the brackets in the script?

arch_name="$(uname -m)"

TMPlatform
New Contributor

@junjishimazaki I get this error...

8a41dc62e1df43188e7cc66c31ce9610