Fraser Hess recently posted about automating the creation of Cisco Secure Client installers. Similar to my earlier post on using AutoPkg to build a Cisco AnyConnect installer, it’s possible to replicate this packaging workflow, including generating an installer choices XML file, using AutoPkg. For more details, please see below the jump.
In this example, there are going to be multiple AutoPkg recipes and support files referenced:
- CiscoSecureClient.download.recipe – Download recipe for the vendor-supplied Cisco Secure Client disk image with the vendor-supplied installer package stored inside.
- CiscoSecureClient.pkg.recipe – Package recipe for Cisco Secure Client, which generates an installer choices XML file and wraps both the installer choices XML file and the vendor-supplied installer package inside a separate installer package generated by AutoPkg
- Example.xml – Sample VPN profile for Cisco Secure Client’s VPN module
- CiscoSecureClient package recipe override – This is the AutoPkg recipe override where you’re defining how the installer choices file is configured and other information being supplied to the Cisco Secure Client installer by the AutoPkg package creation process.
Important information:
A. The recipes as written assume the following:
- You’re using the Cisco Secure Client Umbrella module.
- You’re adding the necessary configuration information for the Cisco Secure Client Umbrella module to the AutoPkg recipe override.
- You may be using the Cisco Secure Client VPN module.
B. You absolutely must create an AutoPkg override to work with these recipes. The download location, configuration for the installer choices XML file and other settings are not included in the AutoPkg recipes themselves and must be defined in the override.
C. The Cisco Secure Client disk image does not have a set address for download, so you will need to do one of the following:
- Download the disk image from Cisco and host it yourself somewhere.
- Change the download URL in the AutoPkg recipe override to match wherever you can currently download the Cisco Secure Client disk image from.
D. To configure the installer choices XML file, you must designate what modules you want to include using ones and zeros in the AutoPkg override. By default, the .pkg recipe is configured to install all modules:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <key>CHOICE_VPN</key> | |
| <string>1</string> | |
| <key>CHOICE_WEBSECURITY</key> | |
| <string>1</string> | |
| <key>CHOICE_FIREAMP</key> | |
| <string>1</string> | |
| <key>CHOICE_DART</key> | |
| <string>1</string> | |
| <key>CHOICE_DUO</key> | |
| <string>1</string> | |
| <key>CHOICE_POSTURE</key> | |
| <string>1</string> | |
| <key>CHOICE_ISEPOSTURE</key> | |
| <string>1</string> | |
| <key>CHOICE_NVM</key> | |
| <string>1</string> | |
| <key>CHOICE_THOUSANDEYES</key> | |
| <string>1</string> | |
| <key>CHOICE_UMBRELLA</key> | |
| <string>1</string> | |
| <key>CHOICE_ZEROTRUST</key> | |
| <string>1</string> |
To change this, change one to zero for the modules you don’t want to install. For example, the configuration below will configure the Secure Client installer to only install the Secure Client Umbrella module:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <key>CHOICE_VPN</key> | |
| <string>0</string> | |
| <key>CHOICE_WEBSECURITY</key> | |
| <string>0</string> | |
| <key>CHOICE_FIREAMP</key> | |
| <string>0</string> | |
| <key>CHOICE_DART</key> | |
| <string>0</string> | |
| <key>CHOICE_DUO</key> | |
| <string>0</string> | |
| <key>CHOICE_POSTURE</key> | |
| <string>0</string> | |
| <key>CHOICE_ISEPOSTURE</key> | |
| <string>0</string> | |
| <key>CHOICE_NVM</key> | |
| <string>0</string> | |
| <key>CHOICE_THOUSANDEYES</key> | |
| <string>0</string> | |
| <key>CHOICE_UMBRELLA</key> | |
| <string>1</string> | |
| <key>CHOICE_ZEROTRUST</key> | |
| <string>0</string> |
E. If you do not want to have the VPN module installed or enabled, you will need to set the CHOICE_VPN and DISABLE_VPN settings in the recipe override. Please see below for an example:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <key>CHOICE_VPN</key> | |
| <string>0</string> | |
| <key>CHOICE_WEBSECURITY</key> | |
| <string>0</string> | |
| <key>CONTENT_XML</key> | |
| <string>Put_escaped_XML_profile_text_into_AutoPkg_recipe_override</string> | |
| <key>DISABLE_CUSTOMER_EXPERIENCE_FEEDBACK</key> | |
| <string>false</string> | |
| <key>DISABLE_VPN</key> | |
| <string>true</string> |
In this example, the CHOICE_VPN setting is set to zero and the DISABLE_VPN setting is set to true.
F. These recipes allow you to hide the Cisco-provided Secure Client installers, so that your users will not be able to see them in the Finder. Like the installer choices selection, this can be set using ones and zeros in the AutoPkg override.
To hide, set the HIDE_UNINSTALLERS setting to one:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <key>HIDE_UNINSTALLERS</key> | |
| <string>1</string> |
To not hide the uninstallers, set the HIDE_UNINSTALLERS setting to zero:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <key>HIDE_UNINSTALLERS</key> | |
| <string>0</string> |
G. It’s possible to disable the customer feedback functionality through the installer. To set this to be disabled, set the DISABLE_CUSTOMER_EXPERIENCE_FEEDBACK setting to true.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <key>DISABLE_CUSTOMER_EXPERIENCE_FEEDBACK</key> | |
| <string>true</string> |
To leave the customer feedback functionality enabled, set the DISABLE_CUSTOMER_EXPERIENCE_FEEDBACK setting to false.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <key>DISABLE_CUSTOMER_EXPERIENCE_FEEDBACK</key> | |
| <string>false</string> |
Please see below for the example .download and .pkg recipes, example VPN XML file and example .pkg recipe override:
Download recipe:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <plist version="1.0"> | |
| <dict> | |
| <key>Description</key> | |
| <string>Downloads a Cisco Secure Client package from a specified URL.</string> | |
| <key>Identifier</key> | |
| <string>com.company.download.CiscoSecureClient</string> | |
| <key>Input</key> | |
| <dict> | |
| <key>NAME</key> | |
| <string>Cisco Secure Client</string> | |
| <key>VENDOR</key> | |
| <string>Cisco</string> | |
| <key>DOWNLOAD_URL</key> | |
| <string>Put_download_URL_into_AutoPkg_recipe_override</string> | |
| </dict> | |
| <key>MinimumVersion</key> | |
| <string>1.0.0</string> | |
| <key>Process</key> | |
| <array> | |
| <dict> | |
| <key>Arguments</key> | |
| <dict> | |
| <key>predicate</key> | |
| <string>DOWNLOAD_URL == "Put_download_URL_into_AutoPkg_recipe_override"</string> | |
| </dict> | |
| <key>Processor</key> | |
| <string>StopProcessingIf</string> | |
| </dict> | |
| <dict> | |
| <key>Processor</key> | |
| <string>URLDownloader</string> | |
| <key>Arguments</key> | |
| <dict> | |
| <key>url</key> | |
| <string>%DOWNLOAD_URL%</string> | |
| <key>request_headers</key> | |
| <dict> | |
| <key>user-agent</key> | |
| <string>%DOWNLOAD_USERAGENT%</string> | |
| <key>referer</key> | |
| <string>%DOWNLOAD_REFERER%</string> | |
| </dict> | |
| </dict> | |
| </dict> | |
| <dict> | |
| <key>Processor</key> | |
| <string>FlatPkgUnpacker</string> | |
| <key>Arguments</key> | |
| <dict> | |
| <key>flat_pkg_path</key> | |
| <string>%pathname%/Cisco Secure Client.pkg</string> | |
| <key>destination_path</key> | |
| <string>%RECIPE_CACHE_DIR%/%VENDOR%/unpack</string> | |
| <key>purge_destination</key> | |
| <true /> | |
| </dict> | |
| </dict> | |
| <dict> | |
| <key>Processor</key> | |
| <string>PkgPayloadUnpacker</string> | |
| <key>Arguments</key> | |
| <dict> | |
| <key>pkg_payload_path</key> | |
| <string>%RECIPE_CACHE_DIR%/%VENDOR%/unpack/vpn_module.pkg/Payload</string> | |
| <key>destination_path</key> | |
| <string>%RECIPE_CACHE_DIR%/%VENDOR%/vpn_module_payload</string> | |
| <key>purge_destination</key> | |
| <true /> | |
| </dict> | |
| </dict> | |
| <dict> | |
| <key>Processor</key> | |
| <string>Versioner</string> | |
| <key>Arguments</key> | |
| <dict> | |
| <key>input_plist_path</key> | |
| <string>%RECIPE_CACHE_DIR%/%VENDOR%/vpn_module_payload/Applications/Cisco/Cisco Secure Client.app/Contents/Info.plist</string> | |
| <key>plist_version_key</key> | |
| <string>CFBundleShortVersionString</string> | |
| </dict> | |
| </dict> | |
| <dict> | |
| <key>Processor</key> | |
| <string>EndOfCheckPhase</string> | |
| </dict> | |
| </array> | |
| </dict> | |
| </plist> |
Package recipe:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <plist version="1.0"> | |
| <dict> | |
| <key>Comments</key> | |
| <string>Based on https://github.com/autopkg/grahampugh-recipes/blob/master/CiscoSecureClient/CiscoSecureClient.pkg.recipe | |
| Wraps the vendor package so that it can be run with Choice Changes XML. | |
| Requires a configuration xml profile (VPN_XML) which should be added to the RECIPE_OVERRIDE_DIR before running the recipe. An example is provided in the recipe repo folder, named example.xml. | |
| If you need more packages installing, you should make a copy of this recipe and edit the ChoicesXMLGenerator choices list. This isn't overridable. Don't forget to change the Identifier if you do this.</string> | |
| <key>Description</key> | |
| <string>Creates a Cisco Secure Client package with all modules enabled.</string> | |
| <key>Identifier</key> | |
| <string>com.company.pkg.CiscoSecureClient-AllModulesEnabled</string> | |
| <key>ParentRecipe</key> | |
| <string>com.company.download.CiscoSecureClient</string> | |
| <key>Input</key> | |
| <dict> | |
| <key>NAME</key> | |
| <string>Cisco Secure Client</string> | |
| <key>VPN_XML</key> | |
| <string>example.xml</string> | |
| <key>CONTENT_XML</key> | |
| <string>Put_escaped_XML_profile_text_into_AutoPkg_recipe_override</string> | |
| <key>UMBRELLA_ORGANIZATION_ID</key> | |
| <string>Put_text_into_AutoPkg_recipe_override</string> | |
| <key>UMBRELLA_FINGERPRINT</key> | |
| <string>Put_text_into_AutoPkg_recipe_override</string> | |
| <key>UMBRELLA_USER_ID</key> | |
| <string>Put_text_into_AutoPkg_recipe_override</string> | |
| <key>CHOICE_VPN</key> | |
| <string>1</string> | |
| <key>CHOICE_WEBSECURITY</key> | |
| <string>1</string> | |
| <key>CHOICE_FIREAMP</key> | |
| <string>1</string> | |
| <key>CHOICE_DART</key> | |
| <string>1</string> | |
| <key>CHOICE_DUO</key> | |
| <string>1</string> | |
| <key>CHOICE_POSTURE</key> | |
| <string>1</string> | |
| <key>CHOICE_ISEPOSTURE</key> | |
| <string>1</string> | |
| <key>CHOICE_NVM</key> | |
| <string>1</string> | |
| <key>CHOICE_THOUSANDEYES</key> | |
| <string>1</string> | |
| <key>CHOICE_UMBRELLA</key> | |
| <string>1</string> | |
| <key>CHOICE_ZEROTRUST</key> | |
| <string>1</string> | |
| <key>DISABLE_VPN</key> | |
| <string>false</string> | |
| <key>DISABLE_CUSTOMER_EXPERIENCE_FEEDBACK</key> | |
| <string>false</string> | |
| <key>HIDE_UNINSTALLERS</key> | |
| <string>1</string> | |
| <key>VENDOR</key> | |
| <string>Cisco</string> | |
| <key>SOFTWARETITLE1</key> | |
| <string>Secure</string> | |
| <key>SOFTWARETITLE2</key> | |
| <string>Client</string> | |
| <key>SOFTWARETITLE3</key> | |
| <string>All_Modules_Enabled</string> | |
| <key>PKGID</key> | |
| <string>com.company.cisco.SecureClient</string> | |
| </dict> | |
| <key>MinimumVersion</key> | |
| <string>1.0.0</string> | |
| <key>Process</key> | |
| <array> | |
| <dict> | |
| <key>Arguments</key> | |
| <dict> | |
| <key>pkgdirs</key> | |
| <dict> | |
| <key>Profiles</key> | |
| <string>0755</string> | |
| <key>Profiles/ampenabler</key> | |
| <string>0755</string> | |
| <key>Profiles/feedback</key> | |
| <string>0755</string> | |
| <key>Profiles/iseposture</key> | |
| <string>0755</string> | |
| <key>Profiles/nvm</key> | |
| <string>0755</string> | |
| <key>Profiles/umbrella</key> | |
| <string>0755</string> | |
| <key>Profiles/vpn</key> | |
| <string>0755</string> | |
| <key>Profiles/websecurity</key> | |
| <string>0755</string> | |
| </dict> | |
| <key>pkgroot</key> | |
| <string>%RECIPE_CACHE_DIR%/Scripts</string> | |
| </dict> | |
| <key>Processor</key> | |
| <string>PkgRootCreator</string> | |
| </dict> | |
| <dict> | |
| <key>Arguments</key> | |
| <dict> | |
| <key>pkgdirs</key> | |
| <dict /> | |
| <key>pkgroot</key> | |
| <string>%RECIPE_CACHE_DIR%/pkgroot</string> | |
| </dict> | |
| <key>Processor</key> | |
| <string>PkgRootCreator</string> | |
| </dict> | |
| <dict> | |
| <key>Arguments</key> | |
| <dict> | |
| <key>pkg_path</key> | |
| <string>%RECIPE_CACHE_DIR%/Scripts/CiscoSecureClient.pkg</string> | |
| <key>source_pkg</key> | |
| <string>%pathname%/Cisco Secure Client.pkg</string> | |
| </dict> | |
| <key>Processor</key> | |
| <string>PkgCopier</string> | |
| </dict> | |
| <dict> | |
| <key>Arguments</key> | |
| <dict> | |
| <key>file_content</key> | |
| <string>%CONTENT_XML%</string> | |
| <key>file_mode</key> | |
| <string>0644</string> | |
| <key>file_path</key> | |
| <string>%RECIPE_CACHE_DIR%/Scripts/Profiles/vpn/%VPN_XML%</string> | |
| </dict> | |
| <key>Processor</key> | |
| <string>FileCreator</string> | |
| </dict> | |
| <dict> | |
| <key>Arguments</key> | |
| <dict> | |
| <key>file_content</key> | |
| <string>{ | |
| "organizationId" : "%UMBRELLA_ORGANIZATION_ID%", | |
| "fingerprint" : "%UMBRELLA_FINGERPRINT%", | |
| "userId" : "%UMBRELLA_USER_ID%" | |
| }</string> | |
| <key>file_mode</key> | |
| <string>0644</string> | |
| <key>file_path</key> | |
| <string>%RECIPE_CACHE_DIR%/Scripts/Profiles/umbrella/OrgInfo.json</string> | |
| </dict> | |
| <key>Processor</key> | |
| <string>FileCreator</string> | |
| </dict> | |
| <dict> | |
| <key>Arguments</key> | |
| <dict> | |
| <key>file_content</key> | |
| <string><?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <plist version="1.0"> | |
| <array> | |
| <dict> | |
| <key>attributeSetting</key> | |
| <integer>%CHOICE_VPN%</integer> | |
| <key>choiceAttribute</key> | |
| <string>selected</string> | |
| <key>choiceIdentifier</key> | |
| <string>choice_anyconnect_vpn</string> | |
| </dict> | |
| <dict> | |
| <key>attributeSetting</key> | |
| <integer>%CHOICE_WEBSECURITY%</integer> | |
| <key>choiceAttribute</key> | |
| <string>selected</string> | |
| <key>choiceIdentifier</key> | |
| <string>choice_websecurity</string> | |
| </dict> | |
| <dict> | |
| <key>attributeSetting</key> | |
| <integer>%CHOICE_FIREAMP%</integer> | |
| <key>choiceAttribute</key> | |
| <string>selected</string> | |
| <key>choiceIdentifier</key> | |
| <string>choice_fireamp</string> | |
| </dict> | |
| <dict> | |
| <key>attributeSetting</key> | |
| <integer>%CHOICE_DART%</integer> | |
| <key>choiceAttribute</key> | |
| <string>selected</string> | |
| <key>choiceIdentifier</key> | |
| <string>choice_dart</string> | |
| </dict> | |
| <dict> | |
| <key>attributeSetting</key> | |
| <integer>%CHOICE_DUO%</integer> | |
| <key>choiceAttribute</key> | |
| <string>selected</string> | |
| <key>choiceIdentifier</key> | |
| <string>choice_duo</string> | |
| </dict> | |
| <dict> | |
| <key>attributeSetting</key> | |
| <integer>%CHOICE_POSTURE%</integer> | |
| <key>choiceAttribute</key> | |
| <string>selected</string> | |
| <key>choiceIdentifier</key> | |
| <string>choice_secure_firewall_posture</string> | |
| </dict> | |
| <dict> | |
| <key>attributeSetting</key> | |
| <integer>%CHOICE_ISEPOSTURE%</integer> | |
| <key>choiceAttribute</key> | |
| <string>selected</string> | |
| <key>choiceIdentifier</key> | |
| <string>choice_iseposture</string> | |
| </dict> | |
| <dict> | |
| <key>attributeSetting</key> | |
| <integer>%CHOICE_NVM%</integer> | |
| <key>choiceAttribute</key> | |
| <string>selected</string> | |
| <key>choiceIdentifier</key> | |
| <string>choice_nvm</string> | |
| </dict> | |
| <dict> | |
| <key>attributeSetting</key> | |
| <integer>%CHOICE_THOUSANDEYES%</integer> | |
| <key>choiceAttribute</key> | |
| <string>selected</string> | |
| <key>choiceIdentifier</key> | |
| <string>choice_thousandeyes</string> | |
| </dict> | |
| <dict> | |
| <key>attributeSetting</key> | |
| <integer>%CHOICE_UMBRELLA%</integer> | |
| <key>choiceAttribute</key> | |
| <string>selected</string> | |
| <key>choiceIdentifier</key> | |
| <string>choice_secure_umbrella</string> | |
| </dict> | |
| <dict> | |
| <key>attributeSetting</key> | |
| <integer>%CHOICE_ZEROTRUST%</integer> | |
| <key>choiceAttribute</key> | |
| <string>selected</string> | |
| <key>choiceIdentifier</key> | |
| <string>choice_zta</string> | |
| </dict> | |
| </array> | |
| </plist></string> | |
| <key>file_mode</key> | |
| <string>0755</string> | |
| <key>file_path</key> | |
| <string>%RECIPE_CACHE_DIR%/Scripts/InstallerChoices.xml</string> | |
| </dict> | |
| <key>Processor</key> | |
| <string>FileCreator</string> | |
| </dict> | |
| <dict> | |
| <key>Arguments</key> | |
| <dict> | |
| <key>file_content</key> | |
| <string><!– Optional SecureClient installer settings are provided below. Configure the setting(s) as "true" (default "false" or commented out) to perform optional action(s) at install time. —> | |
| <Transforms> | |
| <DisableVPN>%DISABLE_VPN%</DisableVPN> | |
| <DisableCustomerExperienceFeedback>%DISABLE_CUSTOMER_EXPERIENCE_FEEDBACK%</DisableCustomerExperienceFeedback> | |
| </Transforms></string> | |
| <key>file_mode</key> | |
| <string>0755</string> | |
| <key>file_path</key> | |
| <string>%RECIPE_CACHE_DIR%/Scripts/Profiles/ACTransforms.xml</string> | |
| </dict> | |
| <key>Processor</key> | |
| <string>FileCreator</string> | |
| </dict> | |
| <dict> | |
| <key>Arguments</key> | |
| <dict> | |
| <key>file_content</key> | |
| <string>#!/bin/bash | |
| packagePath="${0%/*}/CiscoSecureClient.pkg" | |
| choicesXML="${0%/*}/InstallerChoices.xml" | |
| # Set value in AutoPkg override, default is 1 for "true" | |
| hideUninstallers="%HIDE_UNINSTALLERS%" | |
| # Array of uninstall application bundles on the installer's target volume | |
| if [[ -n $3 ]]; then | |
| targetVolume=$3 | |
| else | |
| targetVolume="" | |
| fi | |
| uninstallAppBundlePaths=( | |
| "${targetVolume}/Applications/Cisco/Uninstall Cisco Secure Client – DART.app" | |
| "${targetVolume}/Applications/Cisco/Uninstall Cisco Secure Client.app" | |
| ) | |
| exitCode=0 | |
| # Run embedded installer with the Choice Changes XML | |
| if [[ -r "${packagePath}" && -r "${choicesXML}" ]]; then | |
| if ! /usr/sbin/installer -applyChoiceChangesXML "${choicesXML}" -pkg "${packagePath}" -target "$3"; then | |
| echo "Installation of package \"${packagePath}\" failed." | |
| exitCode=1 | |
| fi | |
| else | |
| echo "Package \"${packagePath}\" not found." | |
| exitCode=1 | |
| fi | |
| # Hide uninstallers | |
| # Override will specify 1 as "true" | |
| # Set to another value to specify "false" | |
| # If variable is unset/null or still contains an AutoPkg variable reference, treat as "true" | |
| if [[ "${hideUninstallers}" -eq 1 || \ | |
| -z "${hideUninstallers}" || \ | |
| "${hideUninstallers}" == "%""HIDE_UNINSTALLERS""%" ]]; then | |
| for uninstallAppBundlePath in "${uninstallAppBundlePaths[@]}" | |
| do | |
| if [[ -d "${uninstallAppBundlePath}" ]]; then | |
| if /usr/bin/chflags hidden "${uninstallAppBundlePath}"; then | |
| echo "Uninstaller app bundle \"${uninstallAppBundlePath}\" was hidden successfully." | |
| else | |
| echo "Uninstaller app bundle \"${uninstallAppBundlePath}\" was not hidden successfully." | |
| exitCode=1 | |
| fi | |
| else | |
| echo "Uninstaller app bundle \"${uninstallAppBundlePath}\" was not found and cannot be hidden." | |
| fi | |
| done | |
| else | |
| echo "Uninstallers will not be hidden." | |
| fi | |
| exit "${exitCode}"</string> | |
| <key>file_mode</key> | |
| <string>0755</string> | |
| <key>file_path</key> | |
| <string>%RECIPE_CACHE_DIR%/Scripts/postinstall</string> | |
| </dict> | |
| <key>Processor</key> | |
| <string>FileCreator</string> | |
| </dict> | |
| <dict> | |
| <key>Arguments</key> | |
| <dict> | |
| <key>pkg_request</key> | |
| <dict> | |
| <key>chown</key> | |
| <array /> | |
| <key>id</key> | |
| <string>%PKGID%.%VENDOR%%SOFTWARETITLE1%%SOFTWARETITLE2%</string> | |
| <key>pkgname</key> | |
| <string>%VENDOR%_%SOFTWARETITLE1%_%SOFTWARETITLE2%_%SOFTWARETITLE3%_%version%</string> | |
| <key>pkgroot</key> | |
| <string>%RECIPE_CACHE_DIR%/pkgroot</string> | |
| <key>pkgtype</key> | |
| <string>flat</string> | |
| <key>scripts</key> | |
| <string>%RECIPE_CACHE_DIR%/Scripts</string> | |
| <key>version</key> | |
| <string>%version%</string> | |
| </dict> | |
| </dict> | |
| <key>Processor</key> | |
| <string>PkgCreator</string> | |
| </dict> | |
| <dict> | |
| <key>Arguments</key> | |
| <dict> | |
| <key>path_list</key> | |
| <array> | |
| <string>%RECIPE_CACHE_DIR%/%VENDOR%</string> | |
| <string>%RECIPE_CACHE_DIR%/pkgroot</string> | |
| </array> | |
| </dict> | |
| <key>Processor</key> | |
| <string>PathDeleter</string> | |
| </dict> | |
| </array> | |
| </dict> | |
| </plist> |
Example VPN XML file:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/" | |
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/encoding/ AnyConnectProfile.xsd"> | |
| <ClientInitialization> | |
| <UseStartBeforeLogon UserControllable="true">false</UseStartBeforeLogon> | |
| <AutomaticCertSelection UserControllable="false">true</AutomaticCertSelection> | |
| <ShowPreConnectMessage>false</ShowPreConnectMessage> | |
| <CertificateStore>All</CertificateStore> | |
| <CertificateStoreOverride>true</CertificateStoreOverride> | |
| <ProxySettings>Native</ProxySettings> | |
| <AllowLocalProxyConnections>true</AllowLocalProxyConnections> | |
| <AuthenticationTimeout>12</AuthenticationTimeout> | |
| <AutoConnectOnStart UserControllable="true">false</AutoConnectOnStart> | |
| <MinimizeOnConnect UserControllable="true">true</MinimizeOnConnect> | |
| <LocalLanAccess UserControllable="true">true</LocalLanAccess> | |
| <DisableCaptivePortalDetection UserControllable="false">false</DisableCaptivePortalDetection> | |
| <ClearSmartcardPin UserControllable="false">true</ClearSmartcardPin> | |
| <IPProtocolSupport>IPv4,IPv6</IPProtocolSupport> | |
| <AutoReconnect UserControllable="false">true | |
| <AutoReconnectBehavior UserControllable="false">DisconnectOnSuspend</AutoReconnectBehavior> | |
| </AutoReconnect> | |
| <AutoUpdate UserControllable="false">true</AutoUpdate> | |
| <RSASecurIDIntegration UserControllable="false">Automatic</RSASecurIDIntegration> | |
| <WindowsLogonEnforcement>SingleLocalLogon</WindowsLogonEnforcement> | |
| <WindowsVPNEstablishment>LocalUsersOnly</WindowsVPNEstablishment> | |
| <AutomaticVPNPolicy>false</AutomaticVPNPolicy> | |
| <PPPExclusion UserControllable="false">Disable | |
| <PPPExclusionServerIP UserControllable="false"></PPPExclusionServerIP> | |
| </PPPExclusion> | |
| <EnableScripting UserControllable="false">false</EnableScripting> | |
| <EnableAutomaticServerSelection UserControllable="true">false | |
| <AutoServerSelectionImprovement>20</AutoServerSelectionImprovement> | |
| <AutoServerSelectionSuspendTime>4</AutoServerSelectionSuspendTime> | |
| </EnableAutomaticServerSelection> | |
| <RetainVpnOnLogoff>false</RetainVpnOnLogoff> | |
| <AllowManualHostInput>true</AllowManualHostInput> | |
| </ClientInitialization> | |
| <ServerList> | |
| <HostEntry> | |
| <HostName>example.com/</HostName> | |
| <HostAddress>example.com</HostAddress> | |
| <UserGroup>example</UserGroup> | |
| </HostEntry> | |
| </ServerList> | |
| </AnyConnectProfile> |
Example .pkg recipe override:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <plist version="1.0"> | |
| <dict> | |
| <key>Identifier</key> | |
| <string>local.pkg.CiscoSecureClient-AllModulesEnabled</string> | |
| <key>Input</key> | |
| <dict> | |
| <key>CHOICE_DART</key> | |
| <string>1</string> | |
| <key>CHOICE_DUO</key> | |
| <string>1</string> | |
| <key>CHOICE_FIREAMP</key> | |
| <string>1</string> | |
| <key>CHOICE_ISEPOSTURE</key> | |
| <string>1</string> | |
| <key>CHOICE_NVM</key> | |
| <string>1</string> | |
| <key>CHOICE_POSTURE</key> | |
| <string>1</string> | |
| <key>CHOICE_THOUSANDEYES</key> | |
| <string>1</string> | |
| <key>CHOICE_UMBRELLA</key> | |
| <string>1</string> | |
| <key>CHOICE_VPN</key> | |
| <string>1</string> | |
| <key>CHOICE_WEBSECURITY</key> | |
| <string>1</string> | |
| <key>CHOICE_ZEROTRUST</key> | |
| <string>1</string> | |
| <key>CONTENT_XML</key> | |
| <string><?xml version="1.0" encoding="UTF-8"?> | |
| <AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/" | |
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/encoding/ AnyConnectProfile.xsd"> | |
| <ClientInitialization> | |
| <UseStartBeforeLogon UserControllable="true">false</UseStartBeforeLogon> | |
| <AutomaticCertSelection UserControllable="false">true</AutomaticCertSelection> | |
| <ShowPreConnectMessage>false</ShowPreConnectMessage> | |
| <CertificateStore>All</CertificateStore> | |
| <CertificateStoreOverride>true</CertificateStoreOverride> | |
| <ProxySettings>Native</ProxySettings> | |
| <AllowLocalProxyConnections>true</AllowLocalProxyConnections> | |
| <AuthenticationTimeout>12</AuthenticationTimeout> | |
| <AutoConnectOnStart UserControllable="true">false</AutoConnectOnStart> | |
| <MinimizeOnConnect UserControllable="true">true</MinimizeOnConnect> | |
| <LocalLanAccess UserControllable="true">true</LocalLanAccess> | |
| <DisableCaptivePortalDetection UserControllable="false">false</DisableCaptivePortalDetection> | |
| <ClearSmartcardPin UserControllable="false">true</ClearSmartcardPin> | |
| <IPProtocolSupport>IPv4,IPv6</IPProtocolSupport> | |
| <AutoReconnect UserControllable="false">true | |
| <AutoReconnectBehavior UserControllable="false">DisconnectOnSuspend</AutoReconnectBehavior> | |
| </AutoReconnect> | |
| <AutoUpdate UserControllable="false">true</AutoUpdate> | |
| <RSASecurIDIntegration UserControllable="false">Automatic</RSASecurIDIntegration> | |
| <WindowsLogonEnforcement>SingleLocalLogon</WindowsLogonEnforcement> | |
| <WindowsVPNEstablishment>LocalUsersOnly</WindowsVPNEstablishment> | |
| <AutomaticVPNPolicy>false</AutomaticVPNPolicy> | |
| <PPPExclusion UserControllable="false">Disable | |
| <PPPExclusionServerIP UserControllable="false"></PPPExclusionServerIP> | |
| </PPPExclusion> | |
| <EnableScripting UserControllable="false">false</EnableScripting> | |
| <EnableAutomaticServerSelection UserControllable="true">false | |
| <AutoServerSelectionImprovement>20</AutoServerSelectionImprovement> | |
| <AutoServerSelectionSuspendTime>4</AutoServerSelectionSuspendTime> | |
| </EnableAutomaticServerSelection> | |
| <RetainVpnOnLogoff>false</RetainVpnOnLogoff> | |
| <AllowManualHostInput>true</AllowManualHostInput> | |
| </ClientInitialization> | |
| <ServerList> | |
| <HostEntry> | |
| <HostName>example.com/</HostName> | |
| <HostAddress>example.com</HostAddress> | |
| <UserGroup>example</UserGroup> | |
| </HostEntry> | |
| </ServerList> | |
| </AnyConnectProfile></string> | |
| <key>DISABLE_CUSTOMER_EXPERIENCE_FEEDBACK</key> | |
| <string>false</string> | |
| <key>DISABLE_VPN</key> | |
| <string>false</string> | |
| <key>DOWNLOAD_URL</key> | |
| <string>https://company.com/cisco-secure-client-macos-5.1.1.42-predeploy-k9.dmg</string> | |
| <key>HIDE_UNINSTALLERS</key> | |
| <string>1</string> | |
| <key>NAME</key> | |
| <string>Cisco Secure Client</string> | |
| <key>PKGID</key> | |
| <string>com.company.cisco.SecureClient</string> | |
| <key>SOFTWARETITLE1</key> | |
| <string>Secure</string> | |
| <key>SOFTWARETITLE2</key> | |
| <string>Client</string> | |
| <key>SOFTWARETITLE3</key> | |
| <string>All_Modules_Enabled</string> | |
| <key>UMBRELLA_FINGERPRINT</key> | |
| <string>2a7145a02f0b4b9799695b224af3f6c3</string> | |
| <key>UMBRELLA_ORGANIZATION_ID</key> | |
| <string>7775762</string> | |
| <key>UMBRELLA_USER_ID</key> | |
| <string>65034259</string> | |
| <key>VENDOR</key> | |
| <string>Cisco</string> | |
| <key>VPN_XML</key> | |
| <string>example.xml</string> | |
| </dict> | |
| <key>ParentRecipe</key> | |
| <string>com.company.pkg.CiscoSecureClient-AllModulesEnabled</string> | |
| <key>ParentRecipeTrustInfo</key> | |
| <dict> | |
| <key>non_core_processors</key> | |
| <dict/> | |
| <key>parent_recipes</key> | |
| <dict> | |
| <key>com.company.download.CiscoSecureClient</key> | |
| <dict> | |
| <key>path</key> | |
| <string>~/Library/AutoPkg/RecipeRepos/com.company.autopkg_recipes/CiscoSecureClient.download.recipe</string> | |
| <key>sha256_hash</key> | |
| <string>711dc16d406d7a0197e507cbb227e058e974276743bd9108b0b8146525e256f6</string> | |
| </dict> | |
| <key>com.company.pkg.CiscoSecureClient-AllModulesEnabled</key> | |
| <dict> | |
| <key>path</key> | |
| <string>~/Library/AutoPkg/RecipeRepos/com.company.autopkg_recipes/CiscoSecureClient-AllModulesEnabled.pkg.recipe</string> | |
| <key>sha256_hash</key> | |
| <string>845152bc12c86d485f5712c4361339250bc93f621ed3d02da4b88c3807d4c99f</string> | |
| </dict> | |
| </dict> | |
| </dict> | |
| </dict> | |
| </plist> |