ScanSnap scanners are extremely popular among my clients. They are fast, efficient, and output a high-quality PDF. The ScanSnap Manager application makes it simple for average users to very simply create powerful workflows that include running OCR (Optical Character Recognition), rule-based filing and other type and quality modifications.
With its software distribution strategy, Fujitsu has thrown out the tenants of good packaging. If you go to the installer download page you get a package that assumes that all installations are completed by the user and worse, includes a slew of additional components for their Automatic Online Update (AOU) software which is only Automatic in that it prompts the user to go through a painful and confusing process of installing multiple packages with multiple password prompts and DMGs and packages mounting and unmounting in userland. Did I mention that the Update process itself takes forever*?
Fujitsu does offer an installer that does not install the AOU components, but like its big sister, it also assumes you are running the installer manually as a logged in user and breaks as many of the rules of good packaging as possible including running unnecessary commands in both preinstall and postinstall scripts, triggering Wizards and popping up show-stopper user prompts using AppleScript (!). Both installers are just bad.
We are going to have to rip this baby apart, modify both the preinstall and postinstall scripts, and then put it all back together and test the hell out of it to see if our assumptions are correct and the installer does not stall or fail to create a usable application.
To create a package that we can run with Munki, we will be extracting the package from the DMG, unpacking the installer with
pkgutil, commenting out any commands running in userland then re-packaging so we can import it into Munki.
Mount the DMG and extract the package. Here we will use
pkgutil to extract the package components so that we can mangle the install scripts. For more on this process, see Armin Briegel’s excellent Packaging for Apple Administrators.
$ hdiutil mount ~/Downloads/MaciX500ManagerV63L50WW1.dmg expected CRC32 $CE13EEFB /dev/disk2 Apple_partition_scheme /dev/disk2s1 Apple_partition_map /dev/disk2s2 Apple_HFS /Volumes/ScanSnap $ pkgutil --expand /Volumes/ScanSnap/ScanSnap\ Manager.pkg scansnap_edit
Edit the preinstall script. Now that our package has been freed, we can open the scripts and make our changes.
$ bbedit ~/scansnap_edit/scansnapManager.pkg/Scripts/preinstall
Repackage. Now that we have butchered the scripts, let’s put this back together so that we have a usable installer package. Note that since we have modified the package, the signing is no longer valid. If we try to run this manually Gatekeeper will be very upset with us. Because we are going to install this with Munki (or your RMM of choice) we don’t have to be concerned with this.
$ pkgutil --flatten scansnap_edit/ ScanSnap_Manager-6.3.50.pkg
In considering this strategy, my initial concerns were around login window installs. At the time I developed this strategy in 2015 we were micro-managing our client devices. Install requests would come in and we would add the software to machine manifests. In its vanilla form, the ScanSnap Manager installer would eventually finish once the scripts waiting for user input would eventually time out but this had two problems; sometimes the scripts wouldn’t time out before Munki, resulting in a failed install and in any case, waiting for scripts to time out would cause the process to take in excess of 45 minutes. it only took one unhappy employee report of being unable to use their computer in the morning for me to realize this was an untenable solution.
Now that we are encouraging self-service with Managed Software Center, there is the further consideration of wrapping the user-land commands in a test for a logged in user so that we can allow the wireless setup wizard to run for example. But that seems like a lot of work and I am lazy. Plus, we still need to build the Delta updated so that this will actually run properly on 10.12 and above.tags: packaging