Using Composer to build PKG with Cylance, vmware horizon client, and Office

skywada
New Contributor II

Hi everyone! I am new to this scripting game and I was wondering if I can garner some knowledge on using the script function in composer to install a series of programs, all condensed in one convenient PKG file. Basically, I have everything working EXCEPT I can't get our anti-virus (Cylance) to install WHILE inserting the license token into the program using the script function.

TLDR: I am trying to run a script using composer to install Cylance (and other apps) with the license key so it doesn't prompt the user, but can't get it to install, let alone have it apply the license key. NOTE: this is not being pushed by jamfpro (I have that working successfully), rather I want to create a new pkg with the Cylance license key embedded so the user isn't prompted.

Currently, I am using the postflight script to install VMware Horizon Client (I found this script somewhere else on the forums but can't seem to find it again) and it works great.

#!/bin/sh

postflight

Not supported for flat packages.

pathToScript=$0 pathToPackage=$1 targetLocation=$2 targetVolume=$3 VendorDMG="/private/var/tmp/VMware-Horizon-Client-5.0.0-12557381.dmg"
###########################################

Check for the presence of the Vendor .dmg file

if [ -e "$VendorDMG" ] then # Mount the vendor .dmg file echo "Mounting $VendorDMG" hdiutil attach "$VendorDMG" -nobrowse sleep 3 else echo "Vendor .dmg file not found, look for $VendorDMG" echo "Exiting script, please verify name and location of .dmg" exit 1 #Stop HERE# fi
#######################################

If present, Remove the earlier copies of the VMware Horizon Client from /Applications

Start a running count of old apps we find

#######################################
OldCopy=0

Look for older client name version

if [ -e "/Applications/VMware View Client.app" ] then let "OldCopy=OldCopy+1" echo "Found VMware View, now removing" rm -Rf "/Applications/VMware View Client.app" fi

Look for not quite as old client name version

if [ -e "/Applications/VMware Horizon View Client.app" ] then let "OldCopy=OldCopy+1" echo "Found VMware Horizon View, now removing" rm -Rf "/Applications/VMware Horizon View Client.app" fi

Look for current name copy of Application

if [ -e "/Applications/VMware Horizon Client.app" ] then let "OldCopy=OldCopy+1" echo "Removing original App" sudo rm -Rf "/Applications/VMware Horizon Client.app" sleep 3 fi

Report what was found when looking for older copies

if [ Oldcopy != 0 ] then # Report older name versions found echo "Found $OldCopy Older .app copies" else # Report no older copies found echo "No older named .apps found" fi
########################################

Copy the .app from the mounted vendor .dmg volume

If App name changes, the next line needs modified

########################################
cp -Rf "/Volumes/VMware Horizon Client/VMware Horizon Client.app" "/Applications/VMware Horizon Client.app" sleep 3

Check if the copy completed and .app is present, modify via chown and chmod

if [ -e "/Applications/VMware Horizon Client.app" ] then echo "Application successfully copied" sudo chown root:wheel "/Applications/VMware Horizon Client.app" sudo chmod 755 "/Applications/VMware Horizon Client.app" else echo "Application not found!, check the $VendorDMG file" fi

UnMount the vendor .dmg file, remove the vendor.dmg as cleanup

echo "UnMounting $VendorDMG" hdiutil detach "/Volumes/VMware Horizon Client" sleep 3 sudo rm -Rf "$VendorDMG" echo "Finished! Check status messages above" exit 0 ## Success exit 1 ## Failure

I am trying to get another script using postinstall to install Cylance, but I am not sure how to go about scripting it. I put the original Cylance pkg file in a tmp folder along with a .sh file with this content (updating TOKEN HERE with my license key. I found this lovely script in this forum https://www.jamf.com/jamf-nation/discussions/19218/installing-cylance-package#responseChild123682 - install cylance script):

#!/bin/sh

!/bin/bash

echo TOKEN HERE > /private/tmp/Cylance/cyagent_install_token sudo installer -pkg /private/tmp/Cylance/CylancePROTECT.pkg -target / exit 0

Then I set the post install script as:

#!/bin/sh

postinstall

!/bin/bash

pathToScript=$0 pathToPackage=$1 targetLocation=$2 targetVolume=$3 /private/tmp/Cylance/install_cylance_with_token.sh exit 0 ## Success exit 1 ## Failure

I have also just tried copying the content from the .sh file directly to the postinstall script so it reflected this:

#!/bin/sh

postinstall

!/bin/bash

pathToScript=$0 pathToPackage=$1 targetLocation=$2 targetVolume=$3 echo TOKEN HERE > /private/tmp/Cylance/cyagent_install_token sudo installer -pkg /private/tmp/Cylance/CylancePROTECT.pkg -target / exit 0 ## Success exit 1 ## Failure

All of the apps install except Cylance. Although the pkg file I run places the original Cylance installer in the tmp folder I had designated earlier, it just won't install.

16 REPLIES 16

balexander667
New Contributor III

if you create a policy to dump your cylance token and the installer package into the root folder on the client machine, then kickoff installer -pkg /CylancePROTECT.pkg -target /
that will get it installed and activated.

cmudgeUWF
New Contributor III

@balexander667 has it right. I built a bash script based on Cylance's documentation that dumps it all to the same folder and launches the installer from the directory, using the token as a parameter. It takes some tweaking, but it will work.

skywada
New Contributor II

Thanks for your input! I was able to successfully create a single Cylance installer that installs with the license BUT once I combine that pkg file in Composer with other apps, the scripts stop working. The most I can do when I combine all the apps is have the installer place the pkg and .sh file in a tmp folder. For whatever reason, even though I am initiating the same script as my single test installer (where Cylance installs fine with the license), it won't install after I combine it with other apps.

balexander667
New Contributor III

it's seems like combining multiple installers in to a single package is probably not the most efficient route to go. For this very reason; when you run into any issues, narrowing down the culprit becomes exponentially more complicated. I would think single app per pkg and then layering policies would be the right move.

While i didn't do my cylance deployment via jamf (it was several years ago and before my employer at the time ponied up for jamf so i used ARD), I think it would make sense to use the "Execute command" option in "File and Processes" of the policy instead of a script for the deployment, just add "installer -pkg /CylancePROTECT.pkg -target /" (no quotes).

the other benefit of single app deployment packages/policies is, that same policy can be added to Self-Service and you'll have less clutter in your admin panel.

Chris_Hafner
Valued Contributor II

Yea, seperate those installers and check this thread about Cylance

https://www.jamf.com/jamf-nation/discussions/19218/installing-cylance-package

cmudgeUWF
New Contributor III

The Files and Processes method is what I use. I built the package in Composer to copy the files I need to /private/tmp. I add that package to the Policy and then add the Files and Processes section to call the script I added to the package. It seems to work pretty well for us.

skywada
New Contributor II

Thank you everyone for your guidance. Just to reiterate, I am only using Composer to create this installer, I AM NOT USING jamf to push any policies (our target machines will not be managed by jamf so I don't have any ability to push any policies, our organization also doesn't have self-service setup).

I might just need to have 2 separate installers since when combining Cylance with other apps seems to break the process.

@Chris_Hafner I actually used your solution to put together my first working instance of Cylance awhile back when we were trying to find a way to push the app! Thank you for that! The problem I am having is that I am only using Composer to bundle Cylance with other apps, but I am not using jamfpro to push any polcies. I am trying to put together an installer that a user can just click and run since our target machines will not be managed on jamfpro.

Chris_Hafner
Valued Contributor II

Ah... OK. Somewhere in the lower middle of that thread is the way in which you would do that. Just make sure that you have a postinstall script added in Composer and use that to place the isntall command, instead of having it run from the policy.

Example:
d8d25bbf275e41beb60571b19036a475

skywada
New Contributor II

@Chris_Hafner My original script pointed to the file path of the .sh file and didn't have sudo. I edited the postinstall script to include the sudo command, but now the package installer just fails :(

Chris_Hafner
Valued Contributor II

Do you have any info on the failure?

skywada
New Contributor II

This is the message I receive after the pkg fails to install. 0617d14360ad43f1aa92c4378a9119c1

balexander667
New Contributor III

what are you using to perform the install? (ard?)

drtaru
New Contributor III

The only thing that stands out to me is it seems you don't have your Cylance Token encapsulated, have you checked that cyagent_install_token is being populated with the correct token?

Here is an example of my InstallCylanceProtect.sh

#!/bin/sh
#!/bin/bash

echo 'TOKEN' > /private/tmp/Cylance/cyagent_install_token 
sudo installer -pkg /private/tmp/Cylance/CylancePROTECT.pkg -target /

exit 0

skywada
New Contributor II

We are handing the users a flashdrive with the pkg file on it, so the user is going to run the installer.

@andrew.clark.viv yes it is the correct token. I have also isolated the Cylance installer and ran the same exact commands (with just the Cylance app) and that seemed to work fine. So something is happening when I combine it with other apps and the postflight script. I spoke with support and they told me that there's not much else I can do. I may just have to have 2 separate installers.

LNGU1203
New Contributor II

try this as an "after" script with your token info inserted. it works for our environment. sometimes popup still happens but you can bypass that and script will take of your token.

https://github.com/northice/LDMS-Scripts/blob/master/SWD%20%26%20Provisioning%20Scripts/Cylance%20Token%20Replacement/CylanceTokenReplacement.sh

bartreardon
New Contributor III

RE Cylance installer:

the first couple of lines of the cylance postinstall script (at least mine) looks like this:

#!/bin/sh

INSTALL_TOKEN_FILE="/tmp/YvUnIpzc2omyt1ln"
if ! [ -e "$INSTALL_TOKEN_FILE" ]
then
    INSTALL_TOKEN_FILE="$(/usr/bin/dirname "$PACKAGE_PATH")/cyagent_install_token"
fi

in my install I perform an echo $TOKEN > /tmp/YvUnIpzc2omyt1ln before running the cylance installer. then it doesn't matter where it installs from and it will pick up the token.

further down the postinstall it runs

if [ -e "/tmp/YvUnIpzc2omyt1ln" ]
then
   /bin/rm /tmp/YvUnIpzc2omyt1ln
fi

so you shouldn't neet to perform manual cleanup. From what I can tell there's nothing identifying, special or unique about the file name YvUnIpzc2omyt1ln and it's just a bunch of random characters - been deploying the standard Cylance pkg like this for a while without issue.