how to install symantec endpoint protection 12.1 on OS X 10.6

If you’ve made the attempt to install Symantec Endpoint Protection (SEP) 12.1, you may have run into this error message: “This software requires the Mac OS X BSD package.” However when installing via JAMF, for example, JAMF will report the package installed successfully though no actual files were written to the client machine.

Upon further inspection, it seems that the SEP installer tries to verify that BSD.pkg exists in /Library/Receipts. That’s great if you’re trying to install on a pre-OS 10.6 system, but seems rather obtuse on 10.6 as 10.6 writes installer receipts to /var/db/receipts (let alone naming them in a fashion similar to plist files).  Vanilla installations of OS X 10.6 will install a stub file at the /Library/Receipts location, but if you have a customized image, as I do, you most likely will have gotten rid of this on OS X 10.6. This message is made more confusing by the fact that the BSD Subsystem is a standard, immutable install on OS X 10.6 (it was optional on earlier OS X installs). The attempt to verify the receipt can be seen by looking at the install.log. The entries you see there may be similar to the following:

Nov 30 13:01:41 ag2025 Installer[2840]: @(#)PROGRAM:Install  PROJECT:Install-596.1
 Nov 30 13:01:41 ag2025 Installer[2840]: @(#)PROGRAM:Installer  PROJECT:Installer-430.1
 Nov 30 13:01:41 ag2025 Installer[2840]: Hardware: MacPro1,1 @ 2.66 GHz (x 4), 4096 MB RAM
 Nov 30 13:01:41 ag2025 Installer[2840]: Running OS Build: Mac OS X 10.6.8 (10K549)
 Nov 30 13:01:41 ag2025 Installer[2840]: Env: PATH=/usr/bin:/bin:/usr/sbin:/sbin
 Nov 30 13:01:41 ag2025 Installer[2840]: Env: TMPDIR=/var/folders/EF/EFvdzeyOG-K6-BUjPRHZbI2SuTs/-Tmp-/
 Nov 30 13:01:41 ag2025 Installer[2840]: Env: SHELL=/bin/bash
 Nov 30 13:01:41 ag2025 Installer[2840]: Env: HOME=/Users/<username>
 Nov 30 13:01:41 ag2025 Installer[2840]: Env: USER=<username>
 Nov 30 13:01:41 ag2025 Installer[2840]: Env: LOGNAME=<username>
 Nov 30 13:01:41 ag2025 Installer[2840]: Env: DISPLAY=/tmp/launch-nYyP37/org.x:0
 Nov 30 13:01:41 ag2025 Installer[2840]: Env: SSH_AUTH_SOCK=/tmp/launch-Wl7nMj/Listeners
 Nov 30 13:01:41 ag2025 Installer[2840]: Env: Apple_PubSub_Socket_Render=/tmp/launch-FA6FAC/Render
 Nov 30 13:01:41 ag2025 Installer[2840]: Env: COMMAND_MODE=unix2003
 Nov 30 13:01:41 ag2025 Installer[2840]: Env: __CF_USER_TEXT_ENCODING=0x411EE9FE:0:0
 Nov 30 13:01:41 ag2025 Installer[2840]: Symantec Endpoint Protection  Installation Log
 Nov 30 13:01:41 ag2025 Installer[2840]: Opened from: path/to/Symantec Endpoint Protection.mpkg
 Nov 30 13:01:41 ag2025 Installer[2840]: Package Authoring Warning: Symantec Endpoint Protection.pkg authorization level is NoAuthorization but was promoted to RootAuthorization for compatibility, ensure authorization level is sufficient to install.
 Nov 30 13:01:41 ag2025 Installer[2840]: Package Authoring Warning: Symantec Endpoint Protection.mpkg authorization level is NoAuthorization but was promoted to RootAuthorization for compatibility, ensure authorization level is sufficient to install.
 Nov 30 13:01:46 ag2025 Installer[2840]: Requirement: requires bundle:/Library/Receipts/SnacAgent.pkg?CFBundleIdentifier != com.symantec.snacagent SKIP for root=(none), domain=0
 Nov 30 13:01:46 ag2025 Installer[2840]: Requirement: requires file:/Library/Receipts/BSD.pkg = (null) SKIP for root=(none), domain=0
 Nov 30 13:01:46 ag2025 Installer[2840]: Requirement: requires plist:/System/Library/CoreServices/SystemVersion.plist?ProductVersion >= 10.4 SKIP for root=(none), domain=0

The line we are interested in is

Nov 30 13:01:46 ag2025 Installer[2840]: Requirement: requires file:/Library/Receipts/BSD.pkg = (null) SKIP for root=(none), domain=0

It seems that the SEP installer is not aware that on OS X 10.6 systems, /Library/Receipts is not used, and instead /var/db/receipts is used to show installed software. Even stranger is the fact that the installer senses the OS version of the machine (see Running OS Build above), making one think that it would be able to search locations other than /Library/Receipts…

Since the BSD Subsystem is installed by default on OS X 10.6, it is safe to disable this check by commenting out the following lines in the Info.plist file located at <installername – usually Symantec Endpoint Protection>.mpkg/Contents/ (just add the <!– –> tags around the <dict> block):

 <!--
      <dict>
        <key>MessageKey</key>
        <string>BSDPkgMessage</string>
        <key>SpecArgument</key>
        <string>/Library/Receipts/BSD.pkg</string>
        <key>SpecType</key>
        <string>file</string>
      </dict>
 -->

This tricks the installer into not looking for the BSD.pkg receipt file. Since the BSD Subsystem is installed by default on OS X 10.5 and 10.6, it seems safe to disable this check. A second way to trick the installer is to add the BSD.pkg receipt file to /Library/Receipts on 10.6. The OS won’t bother looking at this directory for software installs (though you may get some missing bundle identifier errors in JAMF), but it seems to make the SEP installer happy. Note that this BSD.pkg file does not even have to be a valid file. I tested this with a 0 byte .pkg file name “BSD.pkg” and it passed the installer’s check. I also recently tested this with a simple text file named BSD.pkg, and the installer was fooled by this as well.

————————-
UPDATE – 1/16/2012
————————-

According to a Sr. Mac Engineer at Symantec, removing the check for BSD.pkg from the Info.plist file (described above) is the preferred method of skirting this erroneous test. Additionally, the engineer brought this issue up with their developers and allegedly this test will be removed from future revisions of the SEP 12.1 installer, as it is a superfluous check on OS X 10.4+. Also additionally, Symantec is going to be changing (also allegedly) the IFRequirementDicts array to specify a GREATER THAN requirement for OS 10.4 instead of GREATER THAN OR EQUAL TO, since SEP 12.1 does not support OS X below 10.5.

<string>10.4</string>
<key>TestOperator</key>
<string>&gt;=</string>

to:

<string>10.4</string>
<key>TestOperator</key>
<string>&gt;</string>

 


About this entry