How to generate an installation package [KES for Mac]

[Antipova Anna]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.

Intro

This instruction describes how to create an installation package (.pkg) for the MacOS operating system from the standalone installation package of Kaspersky Endpoint Security for Mac.

You may need to create such a package to automate the installation of Kaspersky Endpoint Security software via third-party systems (e.g. AirWatch).

Details

Files

Munki tool (with predefined files)

Prerequisites

• Kaspersky Security Center
• MacOS machine
• Python must be installed

Usage

• Create a standalone installation package for Kaspersky Endpoint Security for Mac (https://support.kaspersky.com/KSC/14/en-US/182663.htm)
• On a MacOS machine:

Unzip the file munki-munki-pkg-e018bf1.zip to Desktop.

Open Terminal and navigate to the directory munki-munki-pkg-e018bf1

cd /Users/John/Desktop/munki-munki-pkg-e018bf1

Copy the built standalone installation package (kesmac11.2.1.145.sh) to the postinstall file in the kesmac/scripts/ directory:

cp kesmac11.2.1.145.sh kesmac/scripts/postinstall

Modify the code of the standalone installation package with the vim editor

vi kesmac/scripts/postinstall

Replace the section in the file  to the modified section (note that the line "#!/bin/sh" must be the first line in the file, there must be no empty lines before it):

nagent/scripts/postinstall (new) 

#!/bin/sh   logfile="/tmp/kesmac11.2.1.1450.log" wstrUnpackTempPath="${TMPDIR:-/tmp}"/"$(date '+%d.%m_%H.%M.%S.%N')"   if [ -f "$logfile" ]; then     rm -f "$logfile" fi   ExitWithError() {     echo "Clean temporary directory '$wstrUnpackTempPath'" >> $logfile         rm -rf "$wstrUnpackTempPath"         echo "$2" >> $logfile         exit $1 }   rm -rf "$wstrUnpackTempPath" mkdir "$wstrUnpackTempPath" || ExitWithError 1 "Failed to create temporary directory '$wstrUnpackTempPath': error = $?"   echo "Unpack archive to '$wstrUnpackTempPath'..." >> $logfile archive_marker_line=$(grep -an '^CCFAFCA1-F619-4618-B8C1-107EF7694A0C-ARCHIVE:$' "$0" | cut -d : -f 1 | tail -1) tail -n +$((archive_marker_line + 1)) "$0" | tar -xzf - -C "$wstrUnpackTempPath" > /dev/null || ExitWithError 1 "Failed to unpack archive: error = $?"   echo "Found installer..." >> $logfile wstrExecName=$(grep -o -r "--include=*.kud" "--include=*.kpd" '^Executable=.*\.sh' $wstrUnpackTempPath | sed 's/.*=//' | sed 's/.*[\\/]//') [ ! -z "$wstrExecName" ] || ExitWithError 1 "Installer not found"   echo "Found parameters..." >> $logfile wstrParams=$(grep -o -r "--include=*.kud" "--include=*.kpd" '^Params=.*' $wstrUnpackTempPath | sed 's/.*=//' | sed 's/\r//')   echo "Run package installer '$wstrExecName $wstrParams' ..." >> $logfile sh "$wstrUnpackTempPath/$wstrExecName" $wstrParams >> $logfile || ExitWithError $? "Installation failed: error = $?"   echo "Product successfully installed!" >> $logfile ExitWithError 0 ""

Add the execution bit:

chmod +x kesmac/scripts/postinstall

You can also change the metadata (if needed) in the nagent/build-info.plist file

Change meta 

<key>version</key> <string>11.2.1.145</string> // version of package <key>name</key> <string>Kaspersky Endpoint Security.pkg</string> // name of package <key>identifier</key> <string>com.kaspersky.kesmac</string> // identifier of package

Perform the assembly:

./munkipkg kesmac

The built package will be available in the kesmac/build directory with the name <name of package from build-info.plist>.pkg

Important

Before installing, a configuration profile must be installed: https://support.kaspersky.com/kes11mac/settings/15647

The configuration profile contains settings that are only allowed through User Approved Mobile Device Management (UAMDM), so when you apply the configuration profile locally on the device, the error "Profile installation failure. System profile required. User profiles are not supported". To avoid the error, use the remote administration utility.

When installing a .pkg built this way, MacOS may give an error that the package has been signed by an unauthorized developer. It is necessary to allow it to run in OS.

The installation log will be saved to the file /tmp/kesmac11.2.1.1450.log