Archive for the ‘Packaging’ Category

Packaging a SAP GUI installer application for macOS

July 26, 2021 1 comment

One of the recent changes for the macOS version of SAP GUI for Java is that both SapMachine Java 11 and OpenJFX 11 are now bundled with SAP GUI, so it is no longer required to have Java installed on your machine in order for SAP GUI to work. This change has also been extended to the SAP GUI installer, which is now available as a notarized installer application as of SAP GUI 7.70.

You can run this installer on a Mac which does not have Java already installed and it will install SAP GUI for Java with SapMachine Java 11 and OpenJFX 11 installations embedded inside the SAP GUI application.

Note: As of SAP GUI 7.70 rev 2, Rosetta 2 is required if installing on an Apple Silicon Mac so Rosetta needs to be installed and running before installing SAP GUI.

The installer application is available for download to customers via a link on the announcement blog post:

When you click the download link, you will see two choices:

  • DMG
  • JAR

Screen Shot 2021 07 26 at 9 52 31 AM

The DMG download will provide the notarized installer application and the JAR download will provide the Java .jar installer that SAP GUI has traditionally used on macOS. I’ve discussed how to package the .jar installer in previous posts, so this post is going to focus on the new installer application contained inside the DMG download.

Screen Shot 2021 07 26 at 9 52 32 AM

For more details, please see below the jump.

Read more…

PkgSigner AutoPkg processor updated for Python 3

July 31, 2020 Leave a comment

A while back, I discussed how to incorporate installer package signing into AutoPkg workflows. The PkgSigner processor used in this workflow was originally written by Paul Suh and it uses Apple’s productsign tool to access a Developer ID Installer certificate stored in the login keychain.

Like other processors and AutoPkg itself, PkgSigner needed updating to Python 3 when Python 2 reached end-of-life in April 2020. This updating process has been completed, thanks to Nick McDonald. To make sure PkgSigner is consistently using the same Python environment across machines, PkgSigner has also been set to use the Python 3 install bundled with AutoPkg.

For those who need it, I have a copy of the PkgSigner processor available via the link below:

Categories: AutoPkg, Packaging

Building customized postinstall scripts for AutoPkg recipes

July 26, 2019 Leave a comment

As part of some recent work, I needed to build a deployable installer package for an application named Zscaler. This application does not use an installer package, nor can it be installed as a drag-and-drop app. Instead, it uses a third party installer application to install.

Screen Shot 2019 07 26 at 4 36 20 PM 1

This is exactly the kind of situation where I want to write an AutoPkg recipe to handle building a deployable installer package for me. As part of that, I had two bits of good news:

  1. There was a publicly available download URL for the Zscaler installer app.
  2. Zscaler has instructions for installing from the command line, so I could wrap up the installer application inside an installer application and use a postinstall script to run the installation process.

Screen Shot 2019 07 26 at 2 51 06 PM

I had one bit of bad news:

The installer process included options for adding things like the Zscaler cloud instance which the app should talk to following the installation as well as various other options which probably shouldn’t be hardcoded into an Autopkg recipe. I especially shouldn’t be hardcoding my own organization’s credentials into a recipe which I was planning to share with other folks.

Normally, sensitive information is something I want to only have in an AutoPkg recipe override. Recipe overrides are locally-stored files that allow you to change certain input variables in AutoPkg recipes. Since the recipe overrides are stored locally on the Mac which is running AutoPkg and not shared with any other resources, the sensitive information is only made available to the AutoPkg installation running on that specific Mac. I’ve used this approach previously for the following:

Sensitive URLs:
Signing AutoPkg-generated installer packages:

This time though, I didn’t see a way to pass an AutoPkg recipe override’s variables to a postinstall script. I did have one idea though, which was using AutoPkg’s FileCreator processor to create a customized postinstall script. I had previously used the FileCreator processor in other AutoPkg recipes to create postinstall scripts, but those scripts were self-contained and didn’t use variables from the AutoPkg recipe.

AutoPkg Adobe Creative Cloud recipe postinstall script

That said, you never know what AutoPkg can do until you try it and sure enough the FileCreator processor was able to pass recipe variables as part of creating a file. For more details, please see below the jump.

Read more…

Building an installer package for

March 20, 2019 11 comments

One of the open-source contributions by the Apple@SAP team has been, a tool designed to grant or take away administrator rights from accounts on macOS. The general idea behind Privileges is that it allows people to work with the account privileges of a standard user for day-to-day use, but allows them to get administrator rights when needed.

Documentation for can be found at the GitHub repo which hosts it, which is available via the link below:

However, one item not included in that documentation is how to package it for deployment. Instead, AutoPkg recipes were written and made available to automate the packaging process:

computername:~ username$ autopkg search com.github.rtrouton.Privileges
Name Repo Path
—- —- —-
Privileges.munki.recipe apfelwerk-recipes Privileges/Privileges.munki.recipe
Privileges.install.recipe rtrouton-recipes Privileges/Privileges.install.recipe
Privileges.munki.recipe rtrouton-recipes Privileges/Privileges.munki.recipe
Privileges.jss.recipe rtrouton-recipes JSS/Privileges.jss.recipe
Privileges.pkg.recipe rtrouton-recipes Privileges/Privileges.pkg.recipe rtrouton-recipes Privileges/
To add a new recipe repo, use 'autopkg repo-add <repo name>'
computername:~ username$

view raw
hosted with ❤ by GitHub

However, not everyone is able to use AutoPkg in their environment, so manual packaging instructions are now available here. For more details, please see below the jump:

Read more…

Packaging SAP GUI for macOS with Java 11 support

December 14, 2018 7 comments

A while back, I wrote a post on building a SAP GUI installer for macOS, where SAP GUI needed to have Oracle’s Java 8 JDK as a pre-requisite. Since then Oracle has made an announcement that the use of Oracle’s Java 11 JDK is no longer free if you’re using it for production work.

One of the consequences of that decision by Oracle is that SAP GUI 7.50 rev 5 is the first version of SAP GUI to support Java 11. However, the SAP GUI developers are now recommending the use of OpenJDK 11 in place of Oracle’s Java JDK 11. More specifically, the SAP GUI folks are recommending the use of SAP’s own SapMachine Java JDK 11 release.

Screen Shot 2018 12 14 at 10 39 38 AM

Meanwhile, a Java library named JavaFX used by SAP GUI is no longer being bundled as part of Java 11. Instead, JavaFX has been split off into its own open source project called OpenJFX and is now a separate install.

Screen Shot 2018 12 14 at 4 15 11 PM

What do SapMachine JDK 11 and JavaFX have in common? Among other things, neither have a native installer for macOS. Instead, each is distributed via compressed files.

Screen Shot 2018 12 14 at 11 14 36 AM

Screen Shot 2018 12 14 at 11 14 59 AM

Installation is performed by uncompressing into the following directory on macOS:


Screen Shot 2018 12 14 at 4 11 14 PM

That said, SAP GUI also still works with Oracle’s Java JDK 8 as of the release of SAP GUI 7.50 rev 5. JavaFX is bundled with Java JDK 8, so installing Oracle’s Java JDK 8 handles both the Java and JavaFX requirements.

Screen Shot 2018 12 14 at 2 46 13 PM

With all the changes, how should SAP GUI now be packaged for installation? Without question, the main challenge for deployment here is going to be the Java component. In my testing, which was limited to “Launch SAP GUI and see if it runs”, I found SAP GUI 7.50 rev 5 is able to run on the following Java releases:

If using any Java 11 release, OpenJFX will need to be installed for SAP GUI to successfully run.

With this in mind, it’s possible to build a package that does the following:

  1. Detects if Java is installed
  2. Detects if JavaFX is installed
  3. If Java is not installed, install the latest release of SapMachine JDK.
  4. If JavaFX is not installed, install the latest release of OpenJFX.
  5. Verifies that both Java and JavaFX are installed.
  6. If both Java and JavaFX are installed, install SAP GUI

For more details, please see below the jump.

Read more…

Building an SAP GUI installer for macOS

October 11, 2018 4 comments

Since I’ve started working for my current employer, my colleagues and I have occasionally received the following question from various Mac admins:

“I’m using SAP in my environment. How do I deploy the Mac software for SAP?”

When we’ve followed up for more details, the “Mac software for SAP” usually means the SAP GUI software. SAP GUI comes in two flavors:

SAP GUI for Java supports the following operating systems:

  • openSUSE
  • Fedora
  • macOS
  • Microsoft Windows
  • AIX
  • Ubuntu

The SAP GUI for Java is what’s available for macOS, so how to get it and deploy it? For more details, please see below the jump.

Read more…

Creating local user accounts with pycreateuserpkg

December 24, 2017 17 comments

As part of setting up new Macs, you may want to add one or more local user accounts with a pre-determined password to those Macs. The reasons for this may include the following:

  • Setting up a local administrator account
  • Setting up a “loaner” user account for a pool of loaner laptops
  • Setting up a local user account that automatically logs at startup for a library kiosk
  • Setting up a generic “student” account for use in a school’s computer lab

Previously, it was possible to use the venerable CreateUserPkg utility to accomplish this goal, but the password scheme used by CreateUserPkg stopped working on macOS High Sierra. An alternative tool which works on macOS High Sierra is pycreateuserpkg, a Python script written by Greg Neagle which generates packages that create local user accounts when installed. For more information, see below the jump.

Read more…

First Boot Package Install now adds product identifier tags to its packages

November 22, 2017 Leave a comment

As a follow-up to Greg Neagle’s discovery that product identifiers are now needed to ensure best results when adding additional packages to macOS High Sierra OS installers, I’ve updated First Boot Package Installer to add product identifiers by default to the firstboot packages created by this tool.

The product identifier values will be the user-selected Package Identifier followed by the Version Identifier.

Screen Shot 2017 11 21 at 2 21 13 PM

Screen Shot 2017 11 21 at 2 21 19 PM

These values will appear in the firstboot package’s distribution file as shown below:

Screen Shot 2017 11 21 at 2 22 03 PM

For those who need this capability, an installer for First Boot Package Install 1.7 can be downloaded via the link below:

Deploying a pre-configured F5 Big-IP VPN client

July 27, 2017 2 comments

As part of a discussion with a colleague, he said that he needed to build an installer for his shop’s F5 Network’s VPN service but wasn’t sure how. I hadn’t built one of these previously either, so I decided to look into it.

Fortunately, F5 Networks has made the process of creating one a fairly straightforward process, assuming that your VPN administrator can provide the needed config_tmp.f5c configuration file. Assuming that you can get that file, all that’s needed is making sure that the config_tmp.f5c file is located in the same directory as the VPN client installer.

Screen Shot 2017 07 26 at 8 27 48 PM

The reason for this is that the postinstall scripts of the F5 VPN client installer are set to look for that file in that location, and will automatically import the configuration file’s contents if the file is found.

Screen Shot 2017 07 26 at 8 16 13 PM

Once I had both the config_tmp.f5c config file and a copy of the F5 VPN client installer, I was able to create an installer using this method that handled both the installation and the automated configuration of the F5 VPN client. For more details, see below the jump.

Read more…

Slides from the “Payload-free Packages: Bundle vs Flat” QuickTalk at MacDevOpsYVR 2017

June 6, 2017 Leave a comment

For those who wanted a copy of my payload-free package QuickTalk at the MacDevOpsYVR 2017 conference, here are links to the slides in PDF and Keynote format.


Keynote –

%d bloggers like this: