In a previous article, I discussed creating a choices.xml file to control what gets installed by a vendor package. I briefly touched on how to use the choices.xml file, but don’t give much detail. In this post, I will spell out how to put the vendor package and choices.xml file in a wrapper package for deployment through anything that handles packages.
For my example, I will be using Cisco’s AnyConnect 4.8 package and a choices.xml file to only install the VPN portion. Using Stéphane Sudre’s Packages application, create a new raw package project. Give it a useful name and decide where to save the project. You can set Settings how you like, but the defaults generally work for what we are doing.
Everything in this exercise will be in the Scripts tab. Drag the AnyConnect.pkg and your choices.xml to the Additional Resources area. You can name your xml file anything you want. For example, I have choicesForAnyConnectVPN.xml and choicesForAnyConnectUmbrella.xml for 2 different package projects. For AnyConnect, I also want to install our vpn configuration, so I add a Profiles folder with the vpn folder and the configuration in there.
My company’s VPN requires a certificate, so that is added as well.
The AnyConnect.pkg already looks for the Profiles directory in the same directory as the package. Now we need a post installation script to tell the installer binary to use our choices.xml file. The first step is to find the path to the resources area, which is created by the installer process and cleaned up automatically. The post install script will be running from that directory, so we can find the path with
dirname. Then we tell installer about the choices.xml, the vendor package, and the target volume. Lastly, I add the certificate to the System Keychain.
Once the postinstall.sh is created, drag it to the Post-installation well, save your package, and build it. I then sign my packages with a certificate from my company’s Apple developer account.
Lastly, a note about the target for
installer. You could put
/ in for the target, but if there is a chance this package will be installed while booted from something other than the internal drive (much more common in the era of imaging), the package will be installed to the boot volume, not the correct target. Using
$3 means put it on the target volume. Rich Trouton mentions it under Installer Script Variables here. There are also mentions in the old PeachPit Mac OS X Deployment book. And thanks to Scripting OS X for the pointer to double quote
$3 in the post install script. In these cases (where it isn’t
/) it will likely expand to
/Volumes/Macintosh HD/ and the space will cause a problem if not quoted. He also points out that I hard coded the path to the System Keychain, but
security won’t be happy if
/, so this isn’t as flexible as I intended.