HCS Technology Group posted a white paper recently, showing how to deploy Cisco AnyConnect using Jamf Pro. As part of that documentation, HCS described how to create an installer choices XML file and then use it to create a custom Cisco AnyConnect installer package.
It’s possible to replicate this packaging workflow, including generating an installer choices XML file, using AutoPkg. For more details, please see below the jump.
In this example, there are going to be multiple AutoPkg recipes and support files referenced:
- CiscoAnyConnect.download.recipe – Download recipe for the vendor-supplied Cisco AnyConnect disk image with the vendor-supplied installer package stored inside.
- CiscoAnyConnect.pkg.recipe – Package recipe for Cisco AnyConnect, which generates an installer choices XML file and wraps both the installer choices XML file and the vendor-supplied installer package inside a separate installer package generated by AutoPkg
- Example.xml – Sample VPN profile for Cisco AnyConnect’s VPN module
- Cisco AnyConnect package recipe override – This is the AutoPkg recipe override where you’re defining how the installer choices file is configured and other information being supplied to the Cisco AnyConnect installer by the AutoPkg package creation process.
Important information:
A. You absolutely must create an AutoPkg override to work with these recipes. The download location, configuration for the installer choices XML file and other settings are not included in the AutoPkg recipes themselves and must be defined in the override.
B. The example recipes as written include the following assumptions:
- You’re using the Cisco AnyConnect Umbrella module.
- You’re adding the necessary configuration information for the Cisco AnyConnect Umbrella module to the AutoPkg recipe override.
- You may be using the Cisco AnyConnect VPN module.
C. The Cisco AnyConnect disk image does not have a set address for downloading it, so you will need to do one of the following:
- Download the disk image from Cisco and host it yourself somewhere.
- Change the download URL in the AutoPkg recipe override to match wherever you can currently download the Cisco AnyConnect disk image from.
D. To configure the installer choices XML file, you must designate what modules you want to include using ones and zeros in the AutoPkg override. By default, the .pkg recipe is configured to install all modules:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <key>CHOICE_DART</key> | |
| <string>1</string> | |
| <key>CHOICE_FIREAMP</key> | |
| <string>1</string> | |
| <key>CHOICE_ISEPOSTURE</key> | |
| <string>1</string> | |
| <key>CHOICE_NVM</key> | |
| <string>1</string> | |
| <key>CHOICE_POSTURE</key> | |
| <string>1</string> | |
| <key>CHOICE_UMBRELLA</key> | |
| <string>1</string> | |
| <key>CHOICE_VPN</key> | |
| <string>1</string> | |
| <key>CHOICE_WEBSECURITY</key> | |
| <string>1</string> |
To change this, change one to zero for the modules you don’t want to install. For example, the configuration below will configure the AnyConnect installer to only install the AnyConnect Umbrella module:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <key>CHOICE_DART</key> | |
| <string>0</string> | |
| <key>CHOICE_FIREAMP</key> | |
| <string>0</string> | |
| <key>CHOICE_ISEPOSTURE</key> | |
| <string>0</string> | |
| <key>CHOICE_NVM</key> | |
| <string>0</string> | |
| <key>CHOICE_POSTURE</key> | |
| <string>0</string> | |
| <key>CHOICE_UMBRELLA</key> | |
| <string>1</string> | |
| <key>CHOICE_VPN</key> | |
| <string>0</string> | |
| <key>CHOICE_WEBSECURITY</key> | |
| <string>0</string> |
E. If you do not want to have the VPN module installed or enabled, you will need to set the CHOICE_VPN and DISABLE_VPN settings in the recipe override. Please see below for an example:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <key>CHOICE_VPN</key> | |
| <string>0</string> | |
| <key>CHOICE_WEBSECURITY</key> | |
| <string>0</string> | |
| <key>CONTENT_XML</key> | |
| <string>Put_escaped_XML_profile_text_into_AutoPkg_recipe_override</string> | |
| <key>DISABLE_CUSTOMER_EXPERIENCE_FEEDBACK</key> | |
| <string>false</string> | |
| <key>DISABLE_VPN</key> | |
| <string>true</string> |
In this example, the CHOICE_VPN setting is set to zero and the DISABLE_VPN setting is set to true.
F. These recipes allow you to hide the Cisco-provided AnyConnect installers, so that your users will not be able to see them in the Finder. (They will still be visible via the Terminal.) Like the installer choices selection, this can be set using ones and zeros in the AutoPkg override.
To hide, set the HIDE_UNINSTALLERS setting to one:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <key>HIDE_UNINSTALLERS</key> | |
| <string>1</string> |
To not hide the uninstallers, set the HIDE_UNINSTALLERS setting to zero:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <key>HIDE_UNINSTALLERS</key> | |
| <string>0</string> |
G. It’s possible to disable the customer feedback functionality through the installer. To set this to be disabled, set the DISABLE_CUSTOMER_EXPERIENCE_FEEDBACK setting to true.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <key>DISABLE_CUSTOMER_EXPERIENCE_FEEDBACK</key> | |
| <string>true</string> |
To leave the customer feedback functionality enabled, set the DISABLE_CUSTOMER_EXPERIENCE_FEEDBACK setting to false.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <key>DISABLE_CUSTOMER_EXPERIENCE_FEEDBACK</key> | |
| <string>false</string> |
Please see below for the example .download and .pkg recipes, example VPN XML file and example .pkg recipe override:
Download recipe:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <plist version="1.0"> | |
| <dict> | |
| <key>Description</key> | |
| <string>Downloads a Cisco AnyConnect package from a specified URL.</string> | |
| <key>Identifier</key> | |
| <string>com.company.download.CiscoAnyConnect</string> | |
| <key>Input</key> | |
| <dict> | |
| <key>NAME</key> | |
| <string>Cisco AnyConnect Secure Mobility Client</string> | |
| <key>VENDOR</key> | |
| <string>Cisco</string> | |
| <key>DOWNLOAD_URL</key> | |
| <string>Put_download_URL_into_AutoPkg_recipe_override</string> | |
| </dict> | |
| <key>MinimumVersion</key> | |
| <string>1.0.0</string> | |
| <key>Process</key> | |
| <array> | |
| <dict> | |
| <key>Arguments</key> | |
| <dict> | |
| <key>predicate</key> | |
| <string>DOWNLOAD_URL == "Put_download_URL_into_AutoPkg_recipe_override"</string> | |
| </dict> | |
| <key>Processor</key> | |
| <string>StopProcessingIf</string> | |
| </dict> | |
| <dict> | |
| <key>Processor</key> | |
| <string>URLDownloader</string> | |
| <key>Arguments</key> | |
| <dict> | |
| <key>url</key> | |
| <string>%DOWNLOAD_URL%</string> | |
| <key>request_headers</key> | |
| <dict> | |
| <key>user-agent</key> | |
| <string>%DOWNLOAD_USERAGENT%</string> | |
| <key>referer</key> | |
| <string>%DOWNLOAD_REFERER%</string> | |
| </dict> | |
| </dict> | |
| </dict> | |
| <dict> | |
| <key>Processor</key> | |
| <string>FlatPkgUnpacker</string> | |
| <key>Arguments</key> | |
| <dict> | |
| <key>flat_pkg_path</key> | |
| <string>%pathname%/AnyConnect.pkg</string> | |
| <key>destination_path</key> | |
| <string>%RECIPE_CACHE_DIR%/%VENDOR%/unpack</string> | |
| <key>purge_destination</key> | |
| <true/> | |
| </dict> | |
| </dict> | |
| <dict> | |
| <key>Processor</key> | |
| <string>PkgPayloadUnpacker</string> | |
| <key>Arguments</key> | |
| <dict> | |
| <key>pkg_payload_path</key> | |
| <string>%RECIPE_CACHE_DIR%/%VENDOR%/unpack/vpn_module.pkg/Payload</string> | |
| <key>destination_path</key> | |
| <string>%RECIPE_CACHE_DIR%/%VENDOR%/vpn_module_payload</string> | |
| <key>purge_destination</key> | |
| <true/> | |
| </dict> | |
| </dict> | |
| <dict> | |
| <key>Processor</key> | |
| <string>Versioner</string> | |
| <key>Arguments</key> | |
| <dict> | |
| <key>input_plist_path</key> | |
| <string>%RECIPE_CACHE_DIR%/%VENDOR%/vpn_module_payload/Applications/Cisco/Cisco AnyConnect Secure Mobility Client.app/Contents/Info.plist</string> | |
| <key>plist_version_key</key> | |
| <string>CFBundleShortVersionString</string> | |
| </dict> | |
| </dict> | |
| <dict> | |
| <key>Processor</key> | |
| <string>EndOfCheckPhase</string> | |
| </dict> | |
| </array> | |
| </dict> | |
| </plist> |
Package recipe:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <plist version="1.0"> | |
| <dict> | |
| <key>Comments</key> | |
| <string>Based on https://github.com/autopkg/grahampugh-recipes/blob/master/CiscoAnyConnect/CiscoAnyConnect.pkg.recipe | |
| Wraps the vendor package so that it can be run with Choice Changes XML. | |
| Requires a configuration xml profile (VPN_XML) which should be added to the RECIPE_OVERRIDE_DIR before running the recipe. An example is provided named example.xml. | |
| If you need more packages installing, you should make a copy of this recipe and edit the ChoicesXMLGenerator choices list. This isn't overridable. Don't forget to change the Identifier if you do this. | |
| </string> | |
| <key>Description</key> | |
| <string>Creates a Cisco AnyConnect VPN-only package.</string> | |
| <key>Identifier</key> | |
| <string>com.company.pkg.CiscoAnyConnect</string> | |
| <key>ParentRecipe</key> | |
| <string>com.company.download.CiscoAnyConnect</string> | |
| <key>Input</key> | |
| <dict> | |
| <key>NAME</key> | |
| <string>Cisco AnyConnect Secure Mobility Client</string> | |
| <key>VPN_XML</key> | |
| <string>example.xml</string> | |
| <key>CONTENT_XML</key> | |
| <string>Put_escaped_XML_profile_text_into_AutoPkg_recipe_override | |
| </string> | |
| <key>UMBRELLA_ORGANIZATION_ID</key> | |
| <string>Put_text_into_AutoPkg_recipe_override</string> | |
| <key>UMBRELLA_FINGERPRINT</key> | |
| <string>Put_text_into_AutoPkg_recipe_override</string> | |
| <key>UMBRELLA_USER_ID</key> | |
| <string>Put_text_into_AutoPkg_recipe_override</string> | |
| <key>CHOICE_VPN</key> | |
| <string>1</string> | |
| <key>CHOICE_WEBSECURITY</key> | |
| <string>1</string> | |
| <key>CHOICE_FIREAMP</key> | |
| <string>1</string> | |
| <key>CHOICE_DART</key> | |
| <string>1</string> | |
| <key>CHOICE_POSTURE</key> | |
| <string>1</string> | |
| <key>CHOICE_ISEPOSTURE</key> | |
| <string>1</string> | |
| <key>CHOICE_NVM</key> | |
| <string>1</string> | |
| <key>CHOICE_UMBRELLA</key> | |
| <string>1</string> | |
| <key>DISABLE_VPN</key> | |
| <string>false</string> | |
| <key>DISABLE_CUSTOMER_EXPERIENCE_FEEDBACK</key> | |
| <string>false</string> | |
| <key>HIDE_UNINSTALLERS</key> | |
| <string>1</string> | |
| <key>SOFTWARETITLE</key> | |
| <string>AnyConnectSecureMobilityClient</string> | |
| <key>SOFTWARETITLE1</key> | |
| <string>AnyConnect</string> | |
| <key>SOFTWARETITLE2</key> | |
| <string>Secure</string> | |
| <key>SOFTWARETITLE3</key> | |
| <string>Mobility</string> | |
| <key>SOFTWARETITLE4</key> | |
| <string>Client</string> | |
| <key>PKGID</key> | |
| <string>com.cisco.anyconnect</string> | |
| </dict> | |
| <key>MinimumVersion</key> | |
| <string>1.0.0</string> | |
| <key>Process</key> | |
| <array> | |
| <dict> | |
| <key>Arguments</key> | |
| <dict> | |
| <key>pkgdirs</key> | |
| <dict> | |
| <key>Profiles</key> | |
| <string>0755</string> | |
| <key>Profiles/ampenabler</key> | |
| <string>0755</string> | |
| <key>Profiles/feedback</key> | |
| <string>0755</string> | |
| <key>Profiles/iseposture</key> | |
| <string>0755</string> | |
| <key>Profiles/nvm</key> | |
| <string>0755</string> | |
| <key>Profiles/umbrella</key> | |
| <string>0755</string> | |
| <key>Profiles/vpn</key> | |
| <string>0755</string> | |
| <key>Profiles/websecurity</key> | |
| <string>0755</string> | |
| </dict> | |
| <key>pkgroot</key> | |
| <string>%RECIPE_CACHE_DIR%/Scripts</string> | |
| </dict> | |
| <key>Processor</key> | |
| <string>PkgRootCreator</string> | |
| </dict> | |
| <dict> | |
| <key>Arguments</key> | |
| <dict> | |
| <key>pkgdirs</key> | |
| <dict> | |
| </dict> | |
| <key>pkgroot</key> | |
| <string>%RECIPE_CACHE_DIR%/pkgroot</string> | |
| </dict> | |
| <key>Processor</key> | |
| <string>PkgRootCreator</string> | |
| </dict> | |
| <dict> | |
| <key>Arguments</key> | |
| <dict> | |
| <key>pkg_path</key> | |
| <string>%RECIPE_CACHE_DIR%/Scripts/AnyConnect.pkg</string> | |
| <key>source_pkg</key> | |
| <string>%pathname%/AnyConnect.pkg</string> | |
| </dict> | |
| <key>Processor</key> | |
| <string>PkgCopier</string> | |
| </dict> | |
| <dict> | |
| <key>Arguments</key> | |
| <dict> | |
| <key>file_content</key> | |
| <string>%CONTENT_XML%</string> | |
| <key>file_mode</key> | |
| <string>0644</string> | |
| <key>file_path</key> | |
| <string>%RECIPE_CACHE_DIR%/Scripts/Profiles/vpn/%VPN_XML%</string> | |
| </dict> | |
| <key>Processor</key> | |
| <string>FileCreator</string> | |
| </dict> | |
| <dict> | |
| <key>Arguments</key> | |
| <dict> | |
| <key>file_content</key> | |
| <string>{ | |
| "organizationId" : "%UMBRELLA_ORGANIZATION_ID%", | |
| "fingerprint" : "%UMBRELLA_FINGERPRINT%", | |
| "userId" : "%UMBRELLA_USER_ID%" | |
| } | |
| </string> | |
| <key>file_mode</key> | |
| <string>0644</string> | |
| <key>file_path</key> | |
| <string>%RECIPE_CACHE_DIR%/Scripts/Profiles/umbrella/OrgInfo.json</string> | |
| </dict> | |
| <key>Processor</key> | |
| <string>FileCreator</string> | |
| </dict> | |
| <dict> | |
| <key>Arguments</key> | |
| <dict> | |
| <key>file_content</key> | |
| <string><?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <plist version="1.0"> | |
| <array> | |
| <dict> | |
| <key>attributeSetting</key> | |
| <integer>%CHOICE_VPN%</integer> | |
| <key>choiceAttribute</key> | |
| <string>selected</string> | |
| <key>choiceIdentifier</key> | |
| <string>choice_vpn</string> | |
| </dict> | |
| <dict> | |
| <key>attributeSetting</key> | |
| <integer>%CHOICE_WEBSECURITY%</integer> | |
| <key>choiceAttribute</key> | |
| <string>selected</string> | |
| <key>choiceIdentifier</key> | |
| <string>choice_websecurity</string> | |
| </dict> | |
| <dict> | |
| <key>attributeSetting</key> | |
| <integer>%CHOICE_FIREAMP%</integer> | |
| <key>choiceAttribute</key> | |
| <string>selected</string> | |
| <key>choiceIdentifier</key> | |
| <string>choice_fireamp</string> | |
| </dict> | |
| <dict> | |
| <key>attributeSetting</key> | |
| <integer>%CHOICE_DART%</integer> | |
| <key>choiceAttribute</key> | |
| <string>selected</string> | |
| <key>choiceIdentifier</key> | |
| <string>choice_dart</string> | |
| </dict> | |
| <dict> | |
| <key>attributeSetting</key> | |
| <integer>%CHOICE_POSTURE%</integer> | |
| <key>choiceAttribute</key> | |
| <string>selected</string> | |
| <key>choiceIdentifier</key> | |
| <string>choice_posture</string> | |
| </dict> | |
| <dict> | |
| <key>attributeSetting</key> | |
| <integer>%CHOICE_ISEPOSTURE%</integer> | |
| <key>choiceAttribute</key> | |
| <string>selected</string> | |
| <key>choiceIdentifier</key> | |
| <string>choice_iseposture</string> | |
| </dict> | |
| <dict> | |
| <key>attributeSetting</key> | |
| <integer>%CHOICE_NVM%</integer> | |
| <key>choiceAttribute</key> | |
| <string>selected</string> | |
| <key>choiceIdentifier</key> | |
| <string>choice_nvm</string> | |
| </dict> | |
| <dict> | |
| <key>attributeSetting</key> | |
| <integer>%CHOICE_UMBRELLA%</integer> | |
| <key>choiceAttribute</key> | |
| <string>selected</string> | |
| <key>choiceIdentifier</key> | |
| <string>choice_umbrella</string> | |
| </dict> | |
| </array> | |
| </plist> | |
| </string> | |
| <key>file_mode</key> | |
| <string>0755</string> | |
| <key>file_path</key> | |
| <string>%RECIPE_CACHE_DIR%/Scripts/InstallerChoices.xml</string> | |
| </dict> | |
| <key>Processor</key> | |
| <string>FileCreator</string> | |
| </dict> | |
| <dict> | |
| <key>Arguments</key> | |
| <dict> | |
| <key>file_content</key> | |
| <string><!– Optional AnyConnect installer settings are provided below. Configure the setting(s) as "true" (default "false" or commented out) to perform optional action(s) at install time. —> | |
| <Transforms> | |
| <DisableVPN>%DISABLE_VPN%</DisableVPN> | |
| <DisableCustomerExperienceFeedback>%DISABLE_CUSTOMER_EXPERIENCE_FEEDBACK%</DisableCustomerExperienceFeedback> | |
| </Transforms> | |
| </string> | |
| <key>file_mode</key> | |
| <string>0755</string> | |
| <key>file_path</key> | |
| <string>%RECIPE_CACHE_DIR%/Scripts/Profiles/ACTransforms.xml</string> | |
| </dict> | |
| <key>Processor</key> | |
| <string>FileCreator</string> | |
| </dict> | |
| <dict> | |
| <key>Arguments</key> | |
| <dict> | |
| <key>file_content</key> | |
| <string>#!/bin/bash | |
| packagePath="${0%/*}/AnyConnect.pkg" | |
| choicesXML="${0%/*}/InstallerChoices.xml" | |
| # Set value in AutoPkg override, default is 1 for "true" | |
| hideUninstallers="%HIDE_UNINSTALLERS%" | |
| # Array of uninstall application bundles on the installer's target volume | |
| if [[ -n $3 ]]; then | |
| targetVolume=$3 | |
| else | |
| targetVolume="" | |
| fi | |
| uninstallAppBundlePaths=( | |
| "${targetVolume}/Applications/Cisco/Uninstall AnyConnect DART.app" | |
| "${targetVolume}/Applications/Cisco/Uninstall AnyConnect.app" | |
| ) | |
| exitCode=0 | |
| # Run embedded installer with the Choice Changes XML | |
| if [[ -r "${packagePath}" && -r "${choicesXML}" ]]; then | |
| if ! /usr/sbin/installer -applyChoiceChangesXML "${choicesXML}" -pkg "${packagePath}" -target "$3"; then | |
| echo "Installation of package \"${packagePath}\" failed." | |
| exitCode=1 | |
| fi | |
| else | |
| echo "Package \"${packagePath}\" not found." | |
| exitCode=1 | |
| fi | |
| # Hide uninstallers | |
| # Override will specify 1 as "true" | |
| # Set to another value to specify "false" | |
| # If variable is unset/null or still contains an AutoPkg variable reference, treat as "true" | |
| if [[ "${hideUninstallers}" -eq 1 || \ | |
| -z "${hideUninstallers}" || \ | |
| "${hideUninstallers}" == "%""HIDE_UNINSTALLERS""%" ]]; then | |
| for uninstallAppBundlePath in "${uninstallAppBundlePaths[@]}" | |
| do | |
| if [[ -d "${uninstallAppBundlePath}" ]]; then | |
| if /usr/bin/chflags hidden "${uninstallAppBundlePath}"; then | |
| echo "Uninstaller app bundle \"${uninstallAppBundlePath}\" was hidden successfully." | |
| else | |
| echo "Uninstaller app bundle \"${uninstallAppBundlePath}\" was not hidden successfully." | |
| exitCode=1 | |
| fi | |
| else | |
| echo "Uninstaller app bundle \"${uninstallAppBundlePath}\" was not found and cannot be hidden." | |
| fi | |
| done | |
| else | |
| echo "Uninstallers will not be hidden." | |
| fi | |
| exit "${exitCode}" | |
| </string> | |
| <key>file_mode</key> | |
| <string>0755</string> | |
| <key>file_path</key> | |
| <string>%RECIPE_CACHE_DIR%/Scripts/postinstall</string> | |
| </dict> | |
| <key>Processor</key> | |
| <string>FileCreator</string> | |
| </dict> | |
| <dict> | |
| <key>Arguments</key> | |
| <dict> | |
| <key>pkg_request</key> | |
| <dict> | |
| <key>chown</key> | |
| <array> | |
| </array> | |
| <key>id</key> | |
| <string>%PKGID%.%VENDOR%%SOFTWARETITLE%</string> | |
| <key>pkgname</key> | |
| <string>%VENDOR%_%SOFTWARETITLE%_%version%</string> | |
| <key>pkgroot</key> | |
| <string>%RECIPE_CACHE_DIR%/pkgroot</string> | |
| <key>pkgtype</key> | |
| <string>flat</string> | |
| <key>scripts</key> | |
| <string>%RECIPE_CACHE_DIR%/Scripts</string> | |
| <key>version</key> | |
| <string>%version%</string> | |
| </dict> | |
| </dict> | |
| <key>Processor</key> | |
| <string>PkgCreator</string> | |
| </dict> | |
| <dict> | |
| <key>Arguments</key> | |
| <dict> | |
| <key>path_list</key> | |
| <array> | |
| <string>%RECIPE_CACHE_DIR%/%VENDOR%</string> | |
| <string>%RECIPE_CACHE_DIR%/pkgroot</string> | |
| </array> | |
| </dict> | |
| <key>Processor</key> | |
| <string>PathDeleter</string> | |
| </dict> | |
| </array> | |
| </dict> | |
| </plist> |
Example VPN XML file:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/" | |
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/encoding/ AnyConnectProfile.xsd"> | |
| <ClientInitialization> | |
| <UseStartBeforeLogon UserControllable="true">false</UseStartBeforeLogon> | |
| <AutomaticCertSelection UserControllable="false">true</AutomaticCertSelection> | |
| <ShowPreConnectMessage>false</ShowPreConnectMessage> | |
| <CertificateStore>All</CertificateStore> | |
| <CertificateStoreOverride>true</CertificateStoreOverride> | |
| <ProxySettings>Native</ProxySettings> | |
| <AllowLocalProxyConnections>true</AllowLocalProxyConnections> | |
| <AuthenticationTimeout>12</AuthenticationTimeout> | |
| <AutoConnectOnStart UserControllable="true">false</AutoConnectOnStart> | |
| <MinimizeOnConnect UserControllable="true">true</MinimizeOnConnect> | |
| <LocalLanAccess UserControllable="true">true</LocalLanAccess> | |
| <DisableCaptivePortalDetection UserControllable="false">false</DisableCaptivePortalDetection> | |
| <ClearSmartcardPin UserControllable="false">true</ClearSmartcardPin> | |
| <IPProtocolSupport>IPv4,IPv6</IPProtocolSupport> | |
| <AutoReconnect UserControllable="false">true | |
| <AutoReconnectBehavior UserControllable="false">DisconnectOnSuspend</AutoReconnectBehavior> | |
| </AutoReconnect> | |
| <AutoUpdate UserControllable="false">true</AutoUpdate> | |
| <RSASecurIDIntegration UserControllable="false">Automatic</RSASecurIDIntegration> | |
| <WindowsLogonEnforcement>SingleLocalLogon</WindowsLogonEnforcement> | |
| <WindowsVPNEstablishment>LocalUsersOnly</WindowsVPNEstablishment> | |
| <AutomaticVPNPolicy>false</AutomaticVPNPolicy> | |
| <PPPExclusion UserControllable="false">Disable | |
| <PPPExclusionServerIP UserControllable="false"></PPPExclusionServerIP> | |
| </PPPExclusion> | |
| <EnableScripting UserControllable="false">false</EnableScripting> | |
| <EnableAutomaticServerSelection UserControllable="true">false | |
| <AutoServerSelectionImprovement>20</AutoServerSelectionImprovement> | |
| <AutoServerSelectionSuspendTime>4</AutoServerSelectionSuspendTime> | |
| </EnableAutomaticServerSelection> | |
| <RetainVpnOnLogoff>false</RetainVpnOnLogoff> | |
| <AllowManualHostInput>true</AllowManualHostInput> | |
| </ClientInitialization> | |
| <ServerList> | |
| <HostEntry> | |
| <HostName>example.com/</HostName> | |
| <HostAddress>example.com</HostAddress> | |
| <UserGroup>example</UserGroup> | |
| </HostEntry> | |
| </ServerList> | |
| </AnyConnectProfile> |
Example .pkg recipe override:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <plist version="1.0"> | |
| <dict> | |
| <key>Identifier</key> | |
| <string>local.pkg.CiscoAnyConnect</string> | |
| <key>Input</key> | |
| <dict> | |
| <key>CHOICE_DART</key> | |
| <string>1</string> | |
| <key>CHOICE_FIREAMP</key> | |
| <string>1</string> | |
| <key>CHOICE_ISEPOSTURE</key> | |
| <string>1</string> | |
| <key>CHOICE_NVM</key> | |
| <string>1</string> | |
| <key>CHOICE_POSTURE</key> | |
| <string>1</string> | |
| <key>CHOICE_UMBRELLA</key> | |
| <string>1</string> | |
| <key>CHOICE_VPN</key> | |
| <string>1</string> | |
| <key>CHOICE_WEBSECURITY</key> | |
| <string>1</string> | |
| <key>CONTENT_XML</key> | |
| <string>Put_escaped_XML_profile_text_into_AutoPkg_recipe_override | |
| </string> | |
| <key>DISABLE_CUSTOMER_EXPERIENCE_FEEDBACK</key> | |
| <string>false</string> | |
| <key>DISABLE_VPN</key> | |
| <string>false</string> | |
| <key>DOWNLOAD_URL</key> | |
| <string>https://company.com/anyconnect-macos-4.10.04071-predeploy-k9.dmg</string> | |
| <key>HIDE_UNINSTALLERS</key> | |
| <string>1</string> | |
| <key>NAME</key> | |
| <string>Cisco AnyConnect Secure Mobility Client</string> | |
| <key>PKGID</key> | |
| <string>com.cisco.anyconnect</string> | |
| <key>SOFTWARETITLE</key> | |
| <string>AnyConnectSecureMobilityClient</string> | |
| <key>SOFTWARETITLE1</key> | |
| <string>AnyConnect</string> | |
| <key>SOFTWARETITLE2</key> | |
| <string>Secure</string> | |
| <key>SOFTWARETITLE3</key> | |
| <string>Mobility</string> | |
| <key>SOFTWARETITLE4</key> | |
| <string>Client</string> | |
| <key>UMBRELLA_FINGERPRINT</key> | |
| <string>2a7145a02f0b4b9799695b224af3f6c3</string> | |
| <key>UMBRELLA_ORGANIZATION_ID</key> | |
| <string>7775762</string> | |
| <key>UMBRELLA_USER_ID</key> | |
| <string>65034259</string> | |
| <key>VENDOR</key> | |
| <string>Cisco</string> | |
| <key>VPN_XML</key> | |
| <string>example.xml</string> | |
| </dict> | |
| <key>ParentRecipe</key> | |
| <string>com.company.pkg.CiscoAnyConnect</string> | |
| <key>ParentRecipeTrustInfo</key> | |
| <dict> | |
| <key>non_core_processors</key> | |
| <dict/> | |
| <key>parent_recipes</key> | |
| <dict> | |
| <key>com.company.download.CiscoAnyConnect</key> | |
| <dict> | |
| <key>path</key> | |
| <string>~/Library/AutoPkg/RecipeRepos/com.company.autopkg_recipes/CiscoAnyConnect/CiscoAnyConnect.download.recipe</string> | |
| <key>sha256_hash</key> | |
| <string>16f0a121a1e537585c4de9324e13512689751f4dda53c8ab61223dc0ac8bbd34</string> | |
| </dict> | |
| <key>com.company.pkg.CiscoAnyConnect</key> | |
| <dict> | |
| <key>path</key> | |
| <string>~/Library/AutoPkg/RecipeRepos/com.company.autopkg_recipes/CiscoAnyConnect/CiscoAnyConnect.pkg.recipe</string> | |
| <key>sha256_hash</key> | |
| <string>b9d0d31e987c232d4b71c381b1f51ab8ba9108474297694aeae137cf5ab8ff87</string> | |
| </dict> | |
| </dict> | |
| </dict> | |
| </dict> | |
| </plist> |