The Ether: Package a macOS Application to Be Deployed by Intune MDM

Package a macOS Application to Be Deployed by Intune MDM

Issue

There a number of specific parameters required to successfully package and deploy a macOS application .pkg via Intune MDM.

An example of deploying the FreeCAD application.

Resolution

export APP=FreeCAD.app
export APP_PATH=/Applications/$APP

Remove downloaded from the Internet attribute

sudo xattr -d -r com.apple.quarantine $APP_PATH

Check all required values

defaults read $APP_PATH/Contents/Info CFBundleIdentifier
defaults read $APP_PATH/Contents/Info CFBundleLongVersionString
defaults read $APP_PATH/Contents/Info CFBundleName
defaults read $APP_PATH/Contents/Info CFBundleShortVersionString
defaults read $APP_PATH/Contents/Info CFBundleVersion

Set missing values

defaults write $APP_PATH/Contents/Info CFBundleIdentifier -string "org.freecadweb"
defaults write $APP_PATH/Contents/Info.plist CFBundleLongVersionString -string 0.18-16146
defaults write $APP_PATH/Contents/Info.plist CFBundleShortVersionString -string 0.18
plutil -convert xml1 $APP_PATH/Contents/Info.plist 
cat $APP_PATH/Contents/Info.plist

Create preinstall script

mkdir $APP_PATH/Contents/Scripts
cat <<EOF >$APP_PATH/Contents/Scripts/preinstall
> #!/bin/bash
> cp -R "$APP" /Applications
> exit 0
> EOF

chmod +x $APP_PATH/Contents/Scripts/preinstall

cat $APP_PATH/Contents/Scripts/preinstall
#!/bin/bash
cp -R "FreeCAD.app" /Applications
exit 0

Create postinstall script

cat <<EOF >$APP_PATH/Contents/Scripts/postinstall
> #!/bin/bash
> U=\$(w -h | awk '{ print \$1 }' | uniq)
> chown -R \$U:staff $APP_PATH
> exit 0
> EOF

chmod +x $APP_PATH/Contents/Scripts/postinstall 

cat $APP_PATH/Contents/Scripts/postinstall
#!/bin/bash
U=$(w -h | awk '{ print $1 }' | uniq)
chown -R $U:staff /Applications/FreeCAD.app
exit 0

Build package

pkgbuild --scripts $APP_PATH/Contents/Scripts --install-location /Applications  --component $APP_PATH ./FreeCAD.pkg
pkgbuild: Adding component at /Applications/FreeCAD.app
pkgbuild: Adding top-level preinstall script
pkgbuild: Adding top-level postinstall script
pkgbuild: Wrote package to ./FreeCAD.pkg

productbuild --synthesize --package FreeCAD.pkg /Applications --version 0.18 ./dist.xml
productbuild: Wrote synthesized distribution to ./dist.xml

productbuild --distribution dist.xml --version 0.18 --package-path ./FreeCAD.pkg ./FreeCAD-final.pkg
productbuild: Wrote product to ./FreeCAD-final.pkg

productsign --sign "Developer ID Installer: theether PTY LTD (0123456789)" ./FreeCAD-final.pkg ./FreeCAD-final-signed.pkg 
productsign: using timestamp authority for signature
productsign: signing product with identity "Developer ID Installer: theether PTY LTD (0123456789)" from keychain /Users/theether/Library/Keychains/login.keychain-db
productsign: adding certificate "Developer ID Certification Authority"
productsign: adding certificate "Apple Root CA"
productsign: Wrote signed product archive to ./FreeCAD-final-signed.pkg

Package for Intune

./IntuneAppUtil -c FreeCAD-final-signed.pkg -o .
Microsoft Intune Application Utility for Mac OS X
Version: 1.0.0.0
Copyright 2018 Microsoft Corporation

Creating intunemac file for /FreeCAD-final-signed.pkg
Composing the intunemac file output
Output written to ./FreeCAD-final-signed.pkg.intunemac.

IntuneAppUtil successfully processed "FreeCAD-final-signed.pkg",
to deploy refer to the product documentation.

References

FreeCAD Your own 3D parametric modeler
https://www.freecadweb.org/

How to add macOS line-of-business (LOB) apps to Microsoft Intune
https://docs.microsoft.com/en-us/mem/intune/apps/lob-apps-macos

MacOS LOB apps aren't deployed in Microsoft Intune
https://support.microsoft.com/en-us/help/4344141

Products

Apple macOS 10.15

Created: 19th April 2020
Updated: 19th April 2020