what are some of the ways JAMF nation Casper admins create Java pkg for installation ?
Java8u91 comes as a .dmg and then mounts as a .app - that says 'Double-click on icon to install'
are you using composer? the .app ?
Page 1 / 1
Autopkg.
If you want to see the manual process @rtrouton has a good blog post for a previous version, you can see if that info still applies: https://derflounder.wordpress.com/2015/10/20/oracles-java-8-update-65-the-return-of-the-java-install-application/
Go inside the contents of the .app to get the package. Drop into Casper Admin.
https://jamfnation.jamfsoftware.com/discussion.html?id=17507
ok, I right clicked the .app and /contents/Resources and dragged the JavaAppletPlugin.pkg to desktop
@mvu I checked out the link @Josh.Smith provided, based on the information provided from reading that link, after java installs the JavaAppletPlugin.pkg via Casper Policy, the application will prompt for admin privileges before fully launching and a few other user needed input. Going to check this out.
hope this is not still happening.
Definitely look at AutoPKG(r)
You can get the sfw in many formats, and it's a piece of cake to get the latest versions.
@tcandela I think the portion of Rich's post you are referring to (about the elevation prompt) is for the .app...not the .pkg:
Now that the good news is covered, let’s talk about the install application. Oracle’s Java 8 Update 65 install application has the following behavior:
This application will prompt for admin privileges before fully launching.
@Josh.Smith oh, ok. Going to be testing the .pkg pulled from /path/to/install.app/Contents/Resources/JavaAppletPlugin.pkg soon
Has anyone suggested AutoPKG yet? ;)
Seriously, it is worth the price of admission just for Java and Flash updates.
(that's a joke, since the "price" = "Free".
I packaged Java 8 Update 92 yesterday for a manual ARD deployment with everything dumped into an Iceberg package. It's not the casper way of doing it but there may be stuff in here that will be of use to you. I'll try to post the config files below.
The postflight script
Install Java 8 update 92
sudo installer -dumplog -verbose -pkg "$1/Contents/Resources/JavaAppletPlugin.pkg" -target /
---------------------------------------------
Make the Deployment folder. Is not created by default.
sudo mkdir -pv -m 755 "/Library/Application Support/Oracle/Java/Deployment"
sudo chown root:admin "/Library/Application Support/Oracle/Java/Deployment/"
Copy Deployment System-Wide Config Files
sudo cp -R "$1/Contents/Resources/deployment.config" "/Library/Application Support/Oracle/Java/Deployment/"
sudo cp -R "$1/Contents/Resources/deployment.properties" "/Library/Application Support/Oracle/Java/Deployment/"
sudo cp -R "$1/Contents/Resources/exception.sites" "/Library/Application Support/Oracle/Java/Deployment/"
sudo chown root:admin "/Library/Application Support/Oracle/Java/Deployment/deployment.config"
sudo chown root:admin "/Library/Application Support/Oracle/Java/Deployment/deployment.properties"
sudo chown root:admin "/Library/Application Support/Oracle/Java/Deployment/exception.sites"
sudo chmod 755 "/Library/Application Support/Oracle/Java/Deployment/deployment.config"
sudo chmod 755 "/Library/Application Support/Oracle/Java/Deployment/deployment.properties"
sudo chmod 755 "/Library/Application Support/Oracle/Java/Deployment/exception.sites"
---------------------------------------------
Disable the Auto Updates check box in Java Control Panel
sudo defaults write /Library/Preferences/com.oracle.java.Java-Updater JavaAutoUpdateEnabled -bool false
Disable Sponsor offers during install or updating of Java
sudo defaults write "/System/Library/User Template/English.lproj/Library/Application Support/JREInstaller/ThirdParty" SPONSORS -string "0"
-----------------------------------------------
exit 0
The Deployment.Config File
####################################################################
Java SE JRE 8 OSX Enterprise Settings Config File 07/06/2016
####################################################################
The location of the system level deployment.properties file
deployment.system.config="file:///Library/Application Support/Oracle/Java/Deployment/deployment.properties"
####################################################################
If the below is set to true, and the deployment.properties file can't be found
then NO java applet will be permitted to run on this system.
deployment.system.config.mandatory=false
I'm sorry about the formatting, the hashes in the files code are making the text in the post huge.
The Deployment.Properties File
-----------------------------------------------------------------------------------------
Java 8 SE Update 92 Deployment Properties File
07/JUNE/2016
-----------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------
SECURITY TAB
-----------------------------------------------------------------------------------------
Enable Java content in the browser OPTIONS: true false
deployment.webjava.enabled=true
deployment.webjava.enabled.locked
Security Level OPTIONS: MEDIUM HIGH VERY_HIGH
deployment.security.level=HIGH
deployment.security.level.locked
Location of the centrally managed exception sites list. NOTE: DO NOT PUT QUOTE "" MARKS AROUND THE URL. IT WON'T WORK!!!
deployment.user.security.exception.sites=/Library/Application Support/Oracle/Java/Deployment/exception.sites
deployment.user.security.exception.sites.locked
-----------------------------------------------------------------------------------------
ADVANCED TAB
-----------------------------------------------------------------------------------------
---------
DEBUGGING
---------
Enable tracing OPTIONS: true false
deployment.trace=false
deployment.trace.locked
Enable logging OPTIONS: true false
deployment.log=false
deployment.log.locked
Show applet life-cycle exceptions OPTIONS: true false
deployment.javapi.lifecycle.exception=false
deployment.javapi.lifecycle.exception.locked
----------------------------------------
JAVA CONSOLE OPTIONS: HIDE SHOW DISABLE
----------------------------------------
deployment.console.startup.mode=HIDE
deployment.console.startup.mode.locked
Default Java For Browsers
-------------------------
Microsoft Internet Explorer
Set in the registry
Mozilla Family
Set in the registry
Java Plug-in
------------
NOTE: THIS OPTION ONLY APPEARS IN THE X86 VERSION OF JAVA
Enable the next generation Java Plug-in (requires browser restart)
Set in the registry
---------------------------------------------------------------
SHORTCUT CREATION OPTIONS: NEVER ALWAYS ASK_USER ASK_IF_HINTED
---------------------------------------------------------------
deployment.javaws.shortcut=NEVER
deployment.javaws.shortcut.locked
------------------------------------------------------------
JNLP FILE / MIME ASSOCIATION OPTIONS: ALWAYS ASK_USER NEVER
------------------------------------------------------------
The options for this in the official documentation are wrong on the Oracle website. The above options are correct.
deployment.javaws.associations=ASK_USER
deployment.javaws.associations.locked
---------------------------------------------------------------------------------
APPLICATION INSTALLATION OPTIONS: IF_HINT IF_SHORTCUT IF_HINT_AND_SHORTCUT NEVER
---------------------------------------------------------------------------------
deployment.javaws.install=IF_HINT
deployment.javaws.install.locked
---------------------------------------
EXECUTION ENVIRONMENT SECURITY SETTINGS
---------------------------------------
Allow user to grant permissions to signed content OPTIONS: true false
deployment.security.askgrantdialog.show=true
deployment.security.askgrantdialog.show.locked
Show sandbox warning banner OPTIONS: true false
deployment.security.sandbox.awtwarningwindow=false
deployment.security.sandbox.awtwarningwindow.locked
Allow user to accept JNLP security requests OPTIONS: true false
deployment.security.sandbox.jnlp.enhanced=true
deployment.security.sandbox.jnlp.enhanced.locked
Don't prompt for client certificate selection when no certificates or only one exists OPTIONS: true false
deployment.security.clientauth.keystore.auto=true
deployment.security.clientauth.keystore.auto.locked
Warn if site certificate does not match host-name OPTIONS: true false
deployment.security.jsse.hostmismatch.warning=true
deployment.security.jsse.hostmismatch.warning.locked
Show site certificate from server even if it is valid OPTIONS: true false
deployment.security.https.warning.show=false
deployment.security.https.warning.show.locked
-----------------------------------------------------------------------------------------------------
MIXED CODE (SANDBOXED VS TRUSTED) SECURITY VERIFICATION OPTIONS: ENABLE HIDE_RUN HIDE_CANCEL DISABLE
-----------------------------------------------------------------------------------------------------
deployment.security.mixcode=HIDE_RUN
deployment.security.mixcode.locked
-------------------------------------------------------------------------------------------------------
PERFORM SIGNED CODE CERTIFICATE REVOCATION CHECKS ON OPTIONS: PUBLISHER_ONLY ALL_CERTIFICATES NO_CHECK
-------------------------------------------------------------------------------------------------------
deployment.security.revocation.check=ALL_CERTIFICATES
deployment.security.revocation.check.locked
-----------------------------------------------------------------------
CHECK FOR SIGNED CODE CERTIFICATE REVOCATION USING OPTIONS: true false
-----------------------------------------------------------------------
deployment.security.validation.ocsp=true
deployment.security.validation.crl=true
-------------------------------------------------------------------------------------------------------
PERFORM TLS CERTIFICATE REVOCATION CHECKS ON OPTIONS: PUBLISHER_ONLY ALL_CERTIFICATES NO_CHECK
-------------------------------------------------------------------------------------------------------
deployment.security.tls.revocation.check=ALL_CERTIFICATES
deployment.security.tls.revocation.check.locked
-----------------------------------------------------------------------
CHECK FOR TLS CERTIFICATE REVOCATION USING OPTIONS: true false
-----------------------------------------------------------------------
deployment.security.tls.validation.ocsp=true
deployment.security.tls.validation.crl=true
--------------------------
ADVANCED SECURITY SETTINGS
--------------------------
Use certificates and keys in browser key-store OPTIONS: true false
deployment.security.browser.keystore.use=true
deployment.security.browser.keystore.use.locked
Enable blacklist revocation check OPTIONS: true false
deployment.security.blacklist.check=true
deployment.security.blacklist.check.locked
Enable caching password for authentication OPTIONS: true false
deployment.security.password.cache=true
deployment.security.password.cache.locked
Use SSL 2.0 compatible client hello format OPTIONS: true false
deployment.security.SSLv2Hello=false
deployment.security.SSLv2Hello.locked
Use TLS 1.0 OPTIONS: true false
deployment.security.TLSv1=true
deployment.security.TLSv1.locked
Use TLS 1.1 OPTIONS: true false
deployment.security.TLSv1.1=true
deployment.security.TLSv1.1.locked
Use TLS 1.2 OPTIONS: true false
deployment.security.TLSv1.2=true
deployment.security.TLSv1.2.locked
-------------
MISCELLANEOUS
-------------
Place Java icon in the system tray OPTIONS: true false
deployment.system.tray.icon=false
deployment.system.tray.icon.locked
-----------------------------------------------------------------------------------------
MISCELLANEOUS SETTINGS
-----------------------------------------------------------------------------------------
Prompt user before using insecure JRE version? OPTIONS: PROMPT NEVER
----------------------------------------------
deployment.insecure.jres=NEVER
Auto download an updated version of Java Web Start? OPTIONS: ALWAYS PROMPT NEVER
---------------------------------------------------
deployment.javaws.autodownload=NEVER
Prompt users to update the JRE when an out-of-date JRE is found on their system? OPTIONS: true false
--------------------------------------------------------------------------------
deployment.expiration.check.enabled=false
oh, i didn't see 8u92
Exception.Sites File
Just a plain text file with a list of https addresses in it. Only needed if you want to control approved websites to run Rich Internet Applications (JAR files etc.) without them being blocked.
https://www.google.com
Orcale release 2 versions at the same time. Why? I don't know. O_o? Theres a "mandatory bug fix" version 91 and a "mandatory + extra bugs fixed" version 92. You can get both of them here:
Java 8 SE (Standard Edition)
http://www.oracle.com/technetwork/java/javase/downloads/index.html
This is where I usually get them instead of Java.com <- That site for the public.
@Taylor.Armstrong - I think so, but then again, I don't see any acknowledgement. Maybe we're using invisible fonts? :)
Just in case: .- ..- - --- .--. -.- --. .-.
Has anyone suggested AutoPKG yet? ;)
Seriously, it is worth the price of admission just for Java and Flash updates.
(that's a joke, since the "price" = "Free".
@maxvre One release is CPU, one is PSU. Some links below for reference.
"Which Java version should I choose: the CPU or the PSU?
Oracle strongly recommends that all Java SE users upgrade to the latest CPU release available for a release family. Most users should choose the CPU release.
Users should only use the corresponding PSU release if they are being impacted by one of the additional bugs fixed in that version as noted in the release notes."
http://www.oracle.com/technetwork/java/javase/cpu-psu-explained-2331472.html
https://www.java.com/en/download/faq/release_dates.xml
The deployment.properties file above may be overkill for what you want to do but it lets me configure every setting in the advanced tab of the Java control panel.
Any setting you don't want locked, just put a hash in front of the "locked" line and it will be ignored.
Also note! in the postflight script the default write command for
"Disable Sponsor offers during install or updating of Java"
This setting isn't available in the deployment.properties file and has to be set by a default write command. Why? Bad programming on oracles part. I've seen people posting on the net variations of the setting that gets created in the users home directory deployment.properties file when you tick the box manually but none of them worked for me. Only this default write command ticked the box for me in the Java control panel. Tested it in a clean VM to make sure.
I grabbed my 8u92 from here
http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html
@CasperSally If in doubt, go with version 91 Sally. It's up to you.
What I have posted gives you control over "every" setting in the Java 8 control panel and may be more than what some people need, if they just want a simple package deployment. Everyone has their own deployment method and preferred software.
I have been using Composer to build a deployable package. This has worked well for me, but often, when I run a test install via Self Service, I would end up with a bad installation of Java. I created a new package for 8u91 yesterday, and it seems to be working really well.
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.