ZScaler App Deployment

will_pitre
New Contributor

We have signed on with ZScaler and they have provided and .app installer. I have used Composer to convert it to .pkg and uploaded it to our repository. When I setup a policy to install the app, I get a log that states it was successful but ZScaler app is not installed on the target machines. Has anyone else run into this issue and what did you do to get it resolved?

Thanks,
Wil

6 REPLIES 6

Travid
New Contributor

Using Composer I put the Zscaler-osx-x.x.x-installer.app in the /Applications/Utilities folder then added a postinstall script that has

/bin/sh /Applications/Utilities/Zscaler-osx-1.5.1.5-installer.app/Contents/MacOS/installbuilder.sh

in it.
46e239b634ed4736882e15707bc2b2a5

rtrouton
Valued Contributor III

I built Zscaler AutoPkg recipes. More information on how to use them to build a Zscaler installer package is available via the link below:

https://derflounder.wordpress.com/2019/07/26/building-customized-postinstall-scripts-for-autopkg-rec...

aharonrichman
New Contributor II

I have a script for Zscaler download and install, it has space for variables to drop in your download link, but thats pretty trivial to get from your Zscaler admin portal. Its not totally automated, but its pretty quick to update the links etc. if anything changes.

#!/bin/zsh

## This will download the version of Zscaler specified in the URL and version name fields
# this will check for application signature, if invalid will remove the application and exit with error 
## This uses variables in Jamf in order to easily deploy multiple version, or different enforcements/policys

## last updated by Harry Richman, december 2020
## version 1, revision 2 for Jamf

## Set variables
zip="zscaler.zip"
app="Zscaler"


## Check is Zscaler is installed or not and to show installed version if it is already
    if [ ! -f "/Applications/$app.app/Contents/Info.plist" ] ; then
            echo "`date` $app isn't installed"
    else

    ## Get installed version from plist
        installedVersion=$( defaults read "/Applications/$app/$app.app/Contents/Info.plist" CFBundleShortVersionString )

        echo "`date` Installed version of $app is $installedVersion"
    fi

## set $4 in jamf to be the version number downloading
echo "`date` Downloading $app $4"
## Download silently and allow redirects
## Set $5 in Jamf to be the download URL for the version desired
curl -L -s -o  /tmp/$zip $5

echo "`date` Changing Directory"
## Change Directory
cd /private/tmp

echo "`date` Unzipping $zip"
## unzip zip into /private/tmp/
sudo unzip -q $zip

echo "`date` Remove zip file"
## delete the zip file
rm -rf /private/tmp/$zip

## Set installer name by searching 
installer=$( ls | grep "Zscaler" )

echo "`date` installing Zscaler"
## Install using correct settings, set these all to variables in jamf
## $6 for cloudname
## $7 for policy token
## $8 for domain
sudo sh /tmp/$installer/Contents/MacOS/installbuilder.sh --cloudName $6  --policyToken $7  --strictEnforcement 1 --unattendedmodeui none --userDomain $8

sleep 10

echo "`date` moving Uninstaller" 
## Move uninstaller to /var to hide from users
mkdir /var/Zscaler
mv /Applications/Zscaler/UninstallApplication.app /var/Zscaler/UninstallApplication.app

echo "`date` removing installer"
## Remove installer from /tmp
rm -rf $installer

echo "`date` $app version $4 installed"

# Set path to newly installed application
applicationPath="/Applications/$app/$app.app"

# Check signature of installed application to ensure trusted
appSignature=$( pkgutil --check-signature "$applicationPath" | grep "Status:" | sed 's/^[ 	]*//;s/[ 	]*$//' )
## echo "Application Signature $appSignature"

# if unstrusted and exit with error
# else, continue
            if [[ $appSignature != *"signed by a certificate trusted"* ]]; then
                    echo "`date` $app is not trusted, reccomend removing $app"
                    exit 1
                else
                    echo "`date` $app version $4 trusted, install succesful"
            fi

exit 0

Hi,

Where are you getting the download URL from? The Zscaler dashboard portal? 

I don’t have access to Zscaler to confirm fully. But it is in the admin portal. Then you head to what Zscaler call the Mobile admin. And then to the app download part. There you will find download links for the various agents. 

Frank_Sonder
New Contributor

Thanks for the script! Works good!