Creating a pre-configured Junos Pulse VPN client on OS X with The Luggage

Rich Trouton’s Der Flounder blog recently described how to create a pre-configured Junos Pulse VPN client on OS X: https://derflounder.wordpress.com/2015/03/13/deploying-a-pre-configured-junos-pulse-vpn-client-on-os-x/

I prefer to use Unixorn’s The Luggage rather than a GUI package creator, so here I adapt Rich’s instructions for The Luggage users.

Installing the Luggage

If you don’t already have The Luggage, install it as follows (as per the instructions on Graham Gilbert’s blog post about The Luggage):

$ cd
$ git clone https://github.com/unixorn/luggage.git

At this point, if you don’t already have git installed, you will be prompted to do so. If that happens, install git and rerun the last command. Then continue:

$ cd luggage
$ make bootstrap_files

Creating the package

Now The Luggage is installed, copy your Junos Pulse installer and config file into a new folder:

$ mkdir -p ~/luggage-packages/junos
$ cp /path/to/JunosPulse.dmg /path/to/Default.jnprpreconfig ~/luggage-packages/junos/

Create a new file named Makefile in the same folder using whatever editor you use, and populate as follows:

USE_PKGBUILD=1
include /usr/local/share/luggage/luggage.make

TITLE=Junos-Pulse
PACKAGE_NAME=${TITLE}
REVERSE_DOMAIN=net.juniper
MANAGEMENT_DIR = "junos"
INSTALLER_PATH = "."
INSTALLER = "JunosPulse.dmg"
CONFIG = "Default.jnprpreconfig"
PAYLOAD=\
pack-server \
pack-script-postinstall

pack-server:
    @sudo mkdir -p ${WORK_D}/Library/Management/$(MANAGEMENT_DIR)
    @sudo cp $(INSTALLER_PATH)/$(INSTALLER) $(INSTALLER_PATH)/$(CONFIG) ${WORK_D}/Library/Management/$(MANAGEMENT_DIR)
    @sudo chown -R root:wheel ${WORK_D}/Library/Management/$(MANAGEMENT_DIR)

You may wish to sign the package with a developer ID if you are intending to make the installer available to your users for self-install, so that Gatekeeper doesn’t prevent installation. You will need an Apple Mac OS X Developer Account to do this, and have your Developer ID Certificate installed on the machine you are building the package. Then, add the following line as the third line of the Makefile, changing “Your Name” to the name of your certificate in your Keychain:

PB_EXTRA_ARGS+= --sign "Your Name"

Create a new file named postinstall in the same folder using whatever editor you use, and populate as follows (this is exactly the same as Rich Trouton’s postinstall file except for the install_dir):

#!/bin/bash
# Determine working directory
install_dir="/Library/Management/junos"

#
# Installing Junos Pulse
#

# Specify location of the Junos Pulse disk image
TOOLS=$install_dir/"JunosPulse.dmg"

# Specify location of the Junos Pulse configuration file
VPN_CONFIG_FILE=$install_dir/"Default.jnprpreconfig"

# Specify a /tmp/junospulse.XXXX mountpoint for the disk image
TMPMOUNT=`/usr/bin/mktemp -d /tmp/junospulse.XXXX`

# Mount the latest Junos Pulse disk image to the /tmp/junospulse.XXXX mountpoint
hdiutil attach "$TOOLS" -mountpoint "$TMPMOUNT" -nobrowse -noverify -noautoopen

# Install Junos Pulse
/usr/sbin/installer -dumplog -verbose -pkg "$(/usr/bin/find $TMPMOUNT -maxdepth 1 \( -iname \*\.pkg -o -iname \*\.mpkg \))" -target "$3"

#
# Applying Janelia VPN configuration file
#

if [[ -d "$3/Applications/Junos Pulse.app" ]]; then
    echo "Junos Pulse VPN Client Installed"
    "$3/Applications/Junos Pulse.app/Contents/Plugins/JamUI/jamCommand" -importFile "$VPN_CONFIG_FILE"
    echo "VPN Configuration Installed"
else
    echo "Pulse Client Not Installed"
fi

#
# Clean-up
#

# Unmount the Junos Pulse disk image
/usr/bin/hdiutil detach "$TMPMOUNT"

# Remove the /tmp/junospulse.XXXX mountpoint
/bin/rm -rf "$TMPMOUNT"

exit 0

To create the package, run the following command:

$ make pkg

You should now have a package named Junos-Pulse.pkg which you can import into your software distribution system (Munki, Casper etc).

Making a DMG for manual distribution

For any package that you wish to make available for distribution via the web or fileshare, you may wish to enclose it in a DMG. I’ve created a script that automates the process of creating a dmg for any pkg file in the same folder. the output includes a visual check to see if the package is signed.

$ nano dmg-it.sh

Contents of dmg-it.sh:

#!/bin/bash

# Run this script after "make pkg" to create a DMG
# if you have already signed your pkg in the Makefile
# or if you dont want to sign it.
#
# This version of the script will create a DMG for each pkg in the folder it is in.

mkdir tmp
ls ./*.pkg | while read script
do
    output_Name="${script%.pkg}.dmg"
    echo "PKG->DMG maker. Checking for signed packages..."
    pkgutil --check-signature "${script}"
    cp $script tmp/
    hdiutil create \
        -volname "${script}" \
        -srcfolder ./tmp \
        -ov \
        $output_Name
    rm tmp/*
done
rm -rf tmp
exit 0

Make it executable, then run it:

$ chmod o+x dmg-it.sh
$ ./dmg-it.sh

You should now have Junos-Pulse.dmg in your folder.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s