Create Sophos Install Package For Mac
After downloading AutoDMG, launch the app to start creating a new build and then drag either an OS X Lion, Mountain Lion or Mavericks installer that has been have downloaded from the Mac App Store. As soon as an OS X installer has been selected, AutoDMG will check for any available software updates that might need to be applied. Creating Software Package with Single File Creating a package to install with a single installable file is very easy. Follow the steps mentioned below: Click Software Deployment tab. Select Packages. Click Add Package and choose Mac Specify a the name and license type of the package. Click Installation tab. Click Browse, under Upload Files upload the installable (software application) that needs to be deployed to the target computers. I know on windows there are a bunch of installer tools you can use to create an installer, but on Mac OS I've seen two ways to install apps: A DMG file which you download, double-click, then run an application inside - the application typically has you drag an icon to another icon (representing the Applications folder) to install the app.
With the release of Sophos Enterprise Anti-Virus 9.2.x, Sophos changed how their enterprise antivirus solution for Macs was installed. While previous versions of Sophos Enterprise used an Apple installer metapackage, Sophos has now switched to using an application to install their enterprise antivirus software.
This switch was a problem for Mac admins who wanted to deploy Sophos Enterprise Anti-Virus 9.2.x, as the previously-available installer package had simplified the task of deployment. The new Sophos Enterprise Anti-Virus 9.2.x install application added further complexity by storing many of the installer’s files and other components outside the application in a separate Sophos Installer Components directory.
However, after doing some research and testing, it looks like it is possible to repackage Sophos Enterprise 9.2.x for deployment. For more details, see below the jump.
Sophos’ application can be run from the command line using the InstallationDeployer tool and include both install and remove switches. Here’s how to install and uninstall Sophos 9.x using the Sophos Enterprise Anti-Virus installer application:
Install:
Uninstall:
With these commands, it’s possible to add the Sophos Installer application and the Sophos Installer Components directory to an installer package and run the needed commands with preinstall and postinstall scripts.
The other part of the puzzle is providing configuration and login credentials, to allow Sophos 9.2.x to communicate back with the Sophos Enterprise console following installation. After working on the problem in his own shop, Tim Kimpton figured out that both of the following files were needed:
/Library/Preferences/com.sophos.sau.plist
/Library/Sophos Anti-Virus/Sophos.keychain
Once I had this information and understood what was going on, here’s how I repackaged Sophos Enterprise Anti-Virus 9.2.x so that it could be deployed via an installer package.
Prerequisites:
A copy of the Sophos Installer application and the Sophos Installer Components directory from your Sophos Enterprise console server. The Sophos installer is available from the link below:
smb://your_sophos_enterprise_server_name_goes_here/SophosUpdate/CIDs/S000/ESCOSX/
A copy of the Sophos.keychain file, which will need to be taken from the following location on a Sophos Enterprise-managed machine: /Library/Sophos Anti-Virus/Sophos.keychain
A copy of the com.sophos.sau.plist file, which will need to be taken from the following location on a Sophos Enterprise-managed machine: /Library/Preferences/com.sophos.sau.plist
1. Set up a new Packages project and select Raw Package.
2. In this case, I’m naming the project Sophos Enterprise Anti-Virus 9.2.4
3. Once the Packages project opens, click on the Project tab. You’ll want to make sure that the your information is correctly set here (if you don’t know what to put in, check the Help menu for the Packages User Guide. The information you need is in Chapter 4 – Configuring a project.)
In this example, I’m not changing any of the options from what is set by default.
4. Next, click on the Settings tab. In the case of my project, I want to install with root privileges and not require a logout, restart or shutdown.
To accomplish this, I’m choosing the following options in the Settings section:
In the Post-Installation Behavior section, set On Success: to Do Nothing
In the Options section, check the box for Require admin password for installation.
5. Click on the Scripts tab in your Packages project.
6. Select the Sophos Installer application and the Sophos Installer Components directory and drag it into the Additional Resources section of your Packages project.
7. Select the Sophos.keychain file and drag it into the Additional Resources section of your Packages project.
8. The last piece is doing an automated uninstall of any existing Sophos installations, then installing a fresh copy of Sophos with the pre-configured autoupdate settings.
For this, you’ll need a preinstall script and postinstall script. Here are the ones I’m using:
Preinstall:
Postinstall:
9. Once you’ve got the preinstall and postinstall scripts built, run the following command to make the script executable:
10. Once completed, add the preinstall and postinstall scripts to your Packages project.
11. Last step, go ahead and build the package. (If you don’t know to build, check the Help menu for the Packages User Guide. The information you need is in Chapter 3 – Creating a raw package project and Chapter 10 – Building a project.)
Testing the installer
Once the package has been built, test it by taking it to a test machine that does not have Sophos and install it. The end result should be that Sophos Anti-Virus installs properly and has the pre-configured settings for your Sophos Enterprise server included automatically.
I know on windows there are a bunch of installer tools you can use to create an installer, but on Mac OS I've seen two ways to install apps:
A DMG file which you download, double-click, then run an application inside - the application typically has you drag an icon to another icon (representing the Applications folder) to install the app
Another type of file which launches an apparently standard installer, which sometimes brings up a warning like 'This installer may run a program to determine if you can go ahead with the install'
What's the 'standard' way of packaging an app for install on Mac OS? Is one of the above the Apple-recommended way?
Thanks.
Colen
Colen5 Answers
Apple is very clearly making the 'standard' to be downloading a program from the App Store. This has the benefit of making application installation transparent to the normal user. And, believe it or not, normal people have a lot of trouble with the concept of installing a program. Of course that benefit comes with some costs, but this isn't the place for that debate–there are plenty of other places for that.
Assuming you don't want to or can't go the App Store route, both PKG and DMG are common ways to distribute a program. Use a PKG if you need to install files aside from your application bundle (which should not be a common use case). In all other cases use a DMG that prompts the user to copy the application into the Applications folder. But a lot of your users will not understand that they need to do that (unless your target audience is solely knowledgeable computer users). They will run your application from the disk image. Ideally in this case, your program will detect that it is running from a disk image and offer to copy itself into the Applications folder.
SSteveSStevePackages works well. If your deployment process must be kept simple, it is great.
The Quick build consists of dragging your .app onto Package and it is done.
For advanced packaging, you can also provide a certificate.
rolandrolandWe're discussing two things:
- first and most importantly, the standard method by which the bits of an executable get laid on the disk in a way that's accessible and properly registered by the system
- second, the mechanism for preparing the .app, as recommended by Apple
An older marketing page on Apple's site says it's recommended to create packages (so the Installer application can move the bits in place) with the PackageMaker application.Its usage is described here: mactech.com/articles/mactech/Vol.25/25.03/2503MacEnterprise-PackagingforSystemAdministrators/index.html.
But as others have mentioned, the elephant in the room is the MacAppStore(MAS for short). Until it's debut, what was standard for large companies was their own custom scripts rolled into an older-style 'bundle' package or using an executable like the VISE installer. Smaller developers usually tried to make their app installable via drag-drop, distributed in zip archives or disk images(for simplicity's sake).The MAS is different: as of 10.7 it uses a package format (which debuted in 10.5) referred to as a flat package (really a xar archive, explanation here)which is transferred over http to a hidden folder, installs directly to Applications(after which the temporary folder it is downloaded to is deleted). It drops its receipt and a bill or materials file into /private/var/db, and is therefore audit-able by the built-in command line pkgutil tool, described here: mactech.com/articles/mactech/Vol.25/25.12/2512MacEnterprise-PackagesReceiptsandSnow/index.html
A benefit of using the flat package format is you can pull things over the network more safely and efficiently, but it isn't as easy to work with as bundle packages if you are testing and modifying the package regularly, or iterating to ensure scripts that perform actions or checks work well. Even when flat, putting the pkg in a archive or disk image is recommended for flexibility. More distribution tools expect DMG's than zip's, so there's that as well.
Besides what Apple recommends and what is standard, common practice, there's this article: https://www.afp548.com/2010/06/03/the-commandments-of-packaging-in-os-x/ which discusses the why's and hows (although mainly for system administrators) of packaging for wider distribution. It is greatly recommended to get more of a feel of how and why things go wrong, and what to avoid.
In OS X, many applications are just created as a Relocatableapplication bundles that the user just need to copy to the/Application folder (or any other location). In other cases, when youneed to perform some operations over the machine (such as adding usersor changing permissions) you can use a PKG installer (for example built using PackageMaker), which allowsexecuting some pre and post install scripts and support some basicinstallation configuration, like selecting the installation drive.
Sophos For Mac Free
Sometimes, as with complex server software, you need more flexibility, for example to show custom pages tothe end user requesting information required to install yourapplication, like the MySQL port and password or proxy information todownload requirements on the fly (or simply to make it look fancier:)). For this cases there are other installer solutions like our BitRockInstallBuilder (disclaimer, I'm one of the developers).InstallBuilder also has the advantage of generating multiplatforminstallers using the same project with very little customization perplatform.