Skip to main content
Jamf Nation, hosted by Jamf, is a knowledgeable community of Apple-focused admins and Jamf users. Join us in person at the ninth annual Jamf Nation User Conference (JNUC) this November for three days of learning, laughter and IT love.

Help to deploy notarised app to Mac

We are beginning to evaluate Cisco AMP for our Antivirus needs.
In connection with that I need to deploy the app via Jamf.

In the newest release, Cisco has made AMP a notarised app, and changed the way they distribute it from a .pkg to a .dmg.

They state that I need to do this to install the .dmg:

• Push amp_mac_connector.dmg to your endpoints
• Mount the .dmg file:
$ hdiutil attach ampmac_connector.dmg
• Execute the Apple notarized Mac Connector package file:
$ sudo installer -pkg /Volumes/ampmac_connector/ciscoampmac_connector.pkg -target /
• Un-mount the .dmg file:
$ hdiutil detach /Volumes/ampmac_connector

So, my question is:
Do I need to do the above or can I just extract the .pkg from the .dmg and deploy that like normal, or will that somehow not work because it is notarised?

Thanks for any insights anyone might have on this, as I am not entirely certain about the new notarised concept.

Regards
Jesper

Like Comment
Order by:
SOLVED Posted: by Dr_Jones

I wasn't able to successfully deploy v.1.9.0.x without actually following the directions

  1. Turn their instructions into a script
  2. Create an installer and add the created script as a post-install
#!/bin/sh
#####
#Mount the .dmg file
#####

hdiutil attach /private/tmp/ampmac_connector.dmg

######
#Execute the Apple notarized Mac Connector package file
######

/usr/sbin/installer -pkg  /Volumes/ampmac_connector/ciscoampmac_connector.pkg -target /

#####
#Un-mount the .dmg file
######

hdiutil detach /Volumes/ampmac_connector



exit 0      ## Success

Everything should work perfectly with that workflow

Like
SOLVED Posted: by Jesper

Thanks a lot @Dr_Jones .

Ill utilise that to deploy it.

Like
SOLVED Posted: by misenberg

@Dr_Jones Ok slightly confused on your instructions.

I created your script in Jamf, but how do I make an installer?

Should I be uploading the DMG to Jamf and creating a policy?

Currently, I have a policy that installs the cisco amp from a . PKG but it recently just stopped working. It just says "installer failed" in terminal. No real helpful information. That same PKG installs just fine on a computer if I put it on the machine locally. It just won't work from Jamf.

Any information you could provide would be very helpful. Thanks!

Like
SOLVED Posted: by Dr_Jones

You have a few different options @misenberg

  1. Upload script to Jamf Pro and create a policy that deploys ampmac_connector.dmg to the local machine, I chose the /private/tmp/ folder in my case, the script should be attached to the newly created policy to run after ampmac_connector.dmg has been installed somewhere.

  2. I created an pkg that places ampmac_connector.dmg into /private/tmp/ampmac_connector.dmg and includes the script as a postinstall function so the installer isn't so dependent on Jamf Pro.

Let me know if you still run into issues!
Ronnie

Like
SOLVED Posted: by misenberg

@Dr_Jones I see what you are saying. How do I tell the policy where to put the DMG (i.e. /private/tmp). I did this for Mojave and I can't remember what we did haha!

Like
SOLVED Posted: by misenberg

Nevermind, we did it with composer and did a snapshot! Now we are trying to figure out our smart groups and how to scope the policy

Like
SOLVED Posted: by Dr_Jones

Awesome @misenberg! Composer is definitely the easiest way to go, I'd skip the snapshot part next time and just open up composer to drag and drop the files that have on your local machine/check file permissions in to create your installer, otherwise you might catch unwanted files during the snapshot period.

Sounds like you got it figured out : )

Like

Jamf wants to hear your feedback around Peripherals and Jamf Connect settings configuration