Identity Finder - Creating a Custom Identity Finder Installer for Mac (PackageMaker)

Guide on how to create a custom Identity Finder client installer for Mac with Identity Finder's build scripts and PackageMaker

IT Security can create custom Windows and Mac Identity Finder clients for your department. If you would prefer to create your own clients, follow the steps outlined below. Please note that the provided template files assume you are using the shared IT Security Identity Finder Console. If you are creating clients for your own installation of the Console, additional edits will be required in com.identityfinder.macedition.xml and you will need to provide your server's certificate.

Before Starting

PackageMaker and Identity Finder's build scripts are the only supported way of customizing the Identity Finder client installer for Mac. These build scripts require a machine running OS X 10.5 (Leopard), OS X 10.6 (Snow Leopard) or OS X 10.7 (Lion). If you do not have a machine running one of these operating systems, you can contact the Help Desk and IT Security will make your custom package. Otherwise, ensure you have Xcode and PackageMaker installed, and if you do not, follow these steps:

  1. Install Xcode from the Mac App Store
  2. Download PackageMaker. Navigate to https://developer.apple.com/downloads, search for "PackageMaker" and download "Auxiliary Tools for Xcode - Late July 2012". NOTE: This requires an Apple ID associated with an Apple Developer account.
  3. Double-click the downloaded DMG to mount the volume
  4. If it does not already exist, create the folder "Developer" in your Applications folder and copy in the contents of the DMG

Creating a Custom Identity Finder Installer for Mac (PackageMaker)

  1. Obtain the necessary files to create the installer
    • IdentityFinderPackageBuilder.zip - NOTE: This file is also available on Box if you cannot download it directly from Identity Finder.
    • NOTE: The following files are hosted on Box.com and require an invitation to download. If you do not have access to the Box folder, please contact the Help Desk for assistance.
    • IdentityFinderMacSetup.dmg - NOTE: This file will be named IdentityFinderMacSetup-XXXX.dmg on Box, where "XXXX" indicates the specific version of the installer package. This file must be renamed to IdentityFinderMacSetup.dmg for the package builder to work.
    • com.identityfinder.macedition.xml
    • ca.pem
  2. Edit com.identityfinder.macedition.xml to include a default tag
    1. Open com.identityfinder.macedition.xml in TextEdit or a similar text editor
    2. Locate the following lines toward the bottom of the file:
      <Category name="Endpoint Service">
      <Setting Multi="false" Name="defaultTag" Type="String">
      <Value></Value>
      </Setting>
      </Category>
      Insert the name of the Simple Tag provided to you in the "Welcome to Identity Finder" email in between the two Value tags. For advanced default tagging options, see Default Tag Syntax.
    3. Save, making sure the file is saved as an XML file.
  3. Unzip IdentityFinderPackageBuilder.zip and move the build files into their respective locations
    • Move IdentityFinderMacSetup.dmg into the root IdentityFinderPackageBuilder folder. This can be done from Finder or the command line.
    • Move identityfinder.lic, com.identityfinder.macedition.xml and ca.pem to the IdentityFinderPackageBuilder/Resources folder. This can be done from Finder or the command line.
  4. Open Terminal and change into the IdentityFinderPackageBuilder folder. Assuming you unzipped IdentityFinderPackageBuilder.zip to your Downloads directory:
    cd ~/Downloads/IdentityFinderPackageBuilder
  5. Make the required build files executable
    chmod ugo+x IdentityFinderPackageBuilder.sh Resources/preflight Resources/preinstall
  6. Execute the build script. The build script requires one parameter and its options are described below:
    • -RootAuth - Specifies that the installer will require root or administrator permissions. This is necessary for clients that will be installed on machines that don't currently have Identity Finder installed because files will be placed in system directories. The -RootAuth parameter also calls a few additional commands that reset the permissions on some build files. These calls use sudo so you will be required to enter your user's password.
    • -NoRootAuth - Specifies that the installer will not require root or administrator permissions. This can be used for upgrade installations that don't require files like com.identityfinder.macedition.xml to be copied into system folders.
    While you are not required to prefix this command with sudo, the -RootAuth parameter will call sudo-prefixed commands and both the -RootAuth and -NoRootAuth parameters will try to purge .DS_Store files which also calls sudo. If you are unsure which parameter you should use, use -RootAuth.
    sudo ./IdentityFinderPackageBuilder.sh -RootAuth
    NOTE: No text will appear on screen when you type your password.
  7. Use the space bar or Enter key to scroll through the license agreement. Enter y at the prompt to agree to the license terms.
  8. The package builder will build the package. If package creation was successful, IdentityFinder.pkg and IdentityFinderXXXX.zip will be placed in the Output folder inside the IdentityFinderPackageBuilder folder, where "XXXX" is the specific version number of the package. IdentityFinderXXXX.zip will contain the same package as IdentityFinder.pkg. If package creation failed, review the package builder's output in the Terminal.

Testing the Package

Testing of the client should be done before deployment, and at a minimum you should verify that the following files are being installed to their correct locations. They are:

  • ~/Applications/Identity Finder.app
  • /Library/Application Support/Identity Finder/identityfinder.lic
  • /Library/Application Support/Identity Finder/ca.pem
  • /Library/Preferences/com.identityfinder.macedition.xml
  • /Library/Launch Daemons/com.identityfinder.launchdaemon.plist
  • /Library/Application Support/Identity Finder/EndpointService
Installation log output is appended to the file /var/log/install.log and is often helpful for troubleshooting installation failures.

Default Tag Syntax

It is possible to specify additional tagging parameters for nested default tags, as well as define multiple default tags.

  • Nested tags - To use a nested tag as a default tag, enter the tag names in the form parentTag->childTag. Spacing around the arrow (->) symbol is ignored.
  • Multiple default tags - To add an endpoint to multiple tags by default, enter the tag names in the form firstTag||secondTag. Spacing around the vertical bars (||) is ignored.
Examples:
  • Single nested tag:
    "defaultTag"="DoIT->ITSecurity"
  • Two top-level tags:
    "defaultTag"="CompSci || DoIT"
  • One nested tag and one top-level tag:
    "defaultTag"="DoIT->ITSecurity || CompSci"




Keywords:identity finder "identity finder" custom package mac "os x" installer packagemaker   Doc ID:44790
Owner:Andy S.Group:Office of Campus Information Security
Created:2014-11-10 17:36 CDTUpdated:2015-03-04 15:53 CDT
Sites:DoIT Help Desk, Office of Campus Information Security
Feedback:  0   0