Creating a pre-configured Junos Pulse VPN client on OS X with The Luggage
Rich Trouton’s Der Flounder blog recently described how to create a pre-configured Junos Pulse VPN client on OS X.
I prefer to use Unixorn’s The Luggage rather than a GUI package creator, so here I adapt Rich’s instructions for The Luggage users.
Installing the Luggage
If you don’t already have The Luggage, install it as follows (as per @grahamgilbert’s blog post The Luggage: An Introduction:
$ cd
$ git clone https://github.com/unixorn/luggage.git
At this point, if you don’t already have git installed, you will be prompted to do so. If that happens, install git and rerun the last command. Then continue:
$ cd luggage
$ make bootstrap_files
Creating the package
Now The Luggage is installed, copy your Junos Pulse installer and config file into a new folder:
$ mkdir -p ~/luggage-packages/junos
$ cp /path/to/JunosPulse.dmg /path/to/Default.jnprpreconfig ~/luggage-packages/junos/
Create a new file named Makefile
in the same folder using whatever editor you use, and populate as follows:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
USE_PKGBUILD=1
include /usr/local/share/luggage/luggage.make
#PB_EXTRA_ARGS+= --sign "Your Org" ## uncomment this line if you wish to sign the package
TITLE=Pulse-Secure-Configured
PACKAGE_NAME=${TITLE}
PACKAGE_VERSION=5.2r5.0-b869 ## change to reflect the current version
REVERSE_DOMAIN=net.juniper
MANAGEMENT_DIR = "junos"
INSTALLER_PATH = "."
INSTALLER = "ps-pulse-mac-5.2r5.0-b869-installer.dmg"
CONFIG = "Default.jnprpreconfig" ## change to suit your config file
PAYLOAD=\
pack-server \
pack-script-postinstall
pack-server:
@sudo mkdir -p ${WORK_D}/Library/Management/$(MANAGEMENT_DIR)
@sudo cp $(INSTALLER_PATH)/$(INSTALLER) ${WORK_D}/Library/Management/$(MANAGEMENT_DIR)/Pulse-Secure.dmg
@sudo cp $(INSTALLER_PATH)/$(CONFIG) ${WORK_D}/Library/Management/$(MANAGEMENT_DIR)/config.jnprpreconfig
@sudo chown -R root:wheel ${WORK_D}/Library/Management/$(MANAGEMENT_DIR)
You may wish to sign the package with a developer ID if you are intending to make the installer available to your users for self-install, so that Gatekeeper doesn’t prevent installation. You will need an Apple Mac OS X Developer Account to do this, and have your Developer ID Certificate installed on the machine you are building the package. Then, add the following line as the third line of the Makefile, changing “Your Name” to the name of your certificate in your Keychain:
PB_EXTRA_ARGS+= --sign "Your Org"
Create a new file named postinstall
in the same folder using whatever editor you use, and populate as follows (this is exactly the same as Rich Trouton’s postinstall
file except for the install_dir
):
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
#!/bin/bash
# Determine working directory
install_dir="/Library/Management/junos"
#
# Installing Junos Pulse
#
# Specify location of the Junos Pulse disk image
TOOLS=$install_dir/"Pulse-Secure.dmg"
# Specify location of the Junos Pulse configuration file
VPN_CONFIG_FILE=$install_dir/"config.jnprpreconfig"
# Specify a /tmp/junospulse.XXXX mountpoint for the disk image
TMPMOUNT=`/usr/bin/mktemp -d /tmp/junospulse.XXXX`
# Mount the latest Junos Pulse disk image to the /tmp/junospulse.XXXX mountpoint
hdiutil attach "$TOOLS" -mountpoint "$TMPMOUNT" -nobrowse -noverify -noautoopen
# Install Junos Pulse
/usr/sbin/installer -dumplog -verbose -pkg "$(/usr/bin/find $TMPMOUNT -maxdepth 1 \( -iname \*\.pkg -o -iname \*\.mpkg \))" -target "$3"
#
# Applying Janelia VPN configuration file
#
if [[-d "$3/Applications/Junos Pulse.app"]]; then
echo "Junos Pulse VPN Client Installed"
"$3/Applications/Junos Pulse.app/Contents/Plugins/JamUI/jamCommand" -importFile "$VPN_CONFIG_FILE"
echo "VPN Configuration Installed"
elif [[-d "$3/Applications/Pulse Secure.app"]]; then
echo "Pulse Secure VPN Client Installed"
"$3/Applications/Pulse Secure.app/Contents/Plugins/JamUI/jamCommand" -importFile "$VPN_CONFIG_FILE"
echo "VPN Configuration Installed"
else
echo "Pulse Client Not Installed"
fi
#
# Clean-up
#
# Unmount the Junos Pulse disk image
/usr/bin/hdiutil detach "$TMPMOUNT"
# Remove the /tmp/junospulse.XXXX mountpoint
/bin/rm -rf "$TMPMOUNT"
exit 0
To create the package, run the following command:
$ make pkg
You should now have a package named Pulse-Secure-Configured.pkg
which you can import into your software distribution system (Munki, Casper etc).
Making a DMG for manual distribution
For any package that you wish to make available for distribution via the web or fileshare, you may wish to enclose it in a DMG. I’ve created a script that automates the process of creating a dmg for any pkg file in the same folder. the output includes a visual check to see if the package is signed.
$ nano dmg-it.sh
Contents of dmg-it.sh
:
#!/bin/bash
# Run this script after "make pkg" to create a DMG
#
# This version of the script will create a DMG for each pkg in the folder it is in.
mkdir tmp
ls ./_.pkg | while read script
do
output_Name="${script%.pkg}.dmg"
echo "PKG->DMG maker. Checking for signed packages..."
pkgutil --check-signature "${script}"
cp $script tmp/
hdiutil create \
-volname "${script}" \
-srcfolder ./tmp \
-ov \
$output_Name
rm tmp/_
done
rm -rf tmp
exit 0
Make it executable, then run it:
$ chmod o+x dmg-it.sh
$ ./dmg-it.sh
You should now have Pulse-Secure-Configured.dmg
in your folder.
Note: This post was updated 04 October 2016. The installed Pulse Secure app is now correctly named Pulse Secure.app, so the script now checks for this as well as Junos Pulse.app.