Changing the Installer package Checkpoint’s SecureClient R56 to work with Snow Leopard

Posted on 07 September 2009

As in my previous post I describe a method to have SecureClient R56 running on Snow Leopard. However, if you have  a lot of machines to be installed an VPN Client, it might be worth just doing the changes inside the package. So it must be done only once. All you need to later, just running the Package on Snow Leopard without editing anything.

It requires some knowledge using the shell, so a basic understanding of Linux commands would be good.

To get around the Leopard Check

  1. edit two  Files inside the package (Right-Click on the Package / Show Package Contents. This opens finder within the package.
  2. go to Contents/Resources
  3. open TextEdit, use vi in a shell or whatever you prefer to edit a simple file
  4. on file “InstallationCheck” change the number 9 in line 8 to number 10: if  [ “$MAJOR” != “10” ]; then
  5. same on file “postinstall “ change the number 9 in line 84 to number 10

Creating a new content (pax archive)

I suspect the original unchanged package is on your Desktop and its name is “SecureClient_B634000031_1”.

Open a Terminal window from the Utilities folder.

cd Desktop
mkdir temp
cd temp
mv $HOME/Desktop/SecureClient_B634000031_1.pkg/Contents/Archive.pax.gz .
gunzip Archive.pax.gz
pax -r -f Archive.pax
mkdir SC
cd SC
tar -xzvf ../desktop_B634000031_1.tgz

Now just go ahead and do the changes inside Desktop/temp/SC

so please edit “scuninstall” in the bin folder and it will uninstall cleanly:

# Delete install entry so the next time we run the installer it would suggest
# installing and not upgrading
$RM -r -f /Library/Receipts/SecureClient*.pkg
# the following lines should be added here
$RM -r -f /private/var/db/receipts/com.checkpoint.secureclient.R56.bom
$RM -r -f /private/var/db/receipts/com.checkpoint.secureclient.R56.plist

Open a hex editor and change anything with “kextload -s” to “kextload -r”. on the following files:

temp/SC/bin/StartupItemsMgr
temp/SC/boot/SecureClient/SecureClientStarter

Please have alook at my previous post.

mkdir ../newSC
tar -czvf ../newSC/desktop_B634000031_1.tgz *
sudo chown -R root:wheel ../newSC
cd ../newSC/
mkbom -s ./ ../Archive.bom
rm ../Archive.pax
pax -U root -x cpio -w . > ../Archive.pax
cd ..
gzip Archive.pax
mv Archive.bom $HOME/Desktop/SecureClient_B634000031_1.pkg/Contents/Archive.bom
mv Archive.pax.gz $HOME/Desktop/SecureClient_B634000031_1.pkg/Contents/Archive.pax.gz
exit

After testing the package, you can delete the temp folder on your desktop.

Feedback welcome.


45 responses to Changing the Installer package Checkpoint’s SecureClient R56 to work with Snow Leopard

  • Great info, thanks for useful post. I’m waiting for more

  • […] also possible to change the installer package itself. This makes it easier if you have a lot of […]

  • Jane says:

    Thank you so much for providing such detailed instructions and adding such an essential element to the developer’s toolbox. Please keep up your fine work!

  • […] hint on the Sysadmin’s World page. Here is a hint about how to get the Installer package for Checkpoint’s SecureClient R56 to work with Snow Leopard if you have several macs to update. Now I just have to keep an eye on updated applications the next […]

  • Brian Kerley says:

    Harald, I’ve successfully installed the modified package on several machines running snowleopard, but on only one machine (a mac mini) the machine was unable to obtain an IP address using DHCP after SecureClient was installed, essentially blocking the internet connection. The only way to re-establish the IP address and the internet connection was to uninstall SecureClient. Shutting secureclient down was insufficient. This mac mini is connected directly to a cable modem via an ethernet cable–no router. Could that be the issue? I have had other users deliberately connect directly to their cable modem in this way in order to establish the site on SecureClient because they were unable to do so through their router, but those machines were running Leopard, not Snowleopard.

  • nyc xyz says:

    thanks for the great work on this installer modification (check point you suck).

    HOWEVER, has anyone tested the “office mode / hub mode” check point functionality with this updated installer? doesn’t seem to work on the two snow leopard laptops we’ve tried.

    thanks!

  • cj.smessaert says:

    you rock! just got a new 17″ macbook pro @ work, specifically for remote work via vpn. your instructions were clear, concise, and ultimately saved the day; i’ll pass my created package to the companies sysadmins so my fellow mac users can make the move to snow leopard. huge thanks (again)!

    • MORZ says:

      Hey,

      Reading this blog really gives me hope. Checkpoint DOES suck…however, i don’t have the LINUX skills (just a lowly designer running a mac) and am a little apprehensive about trying to manipulate the installer and install on a company mac laptop. any idea where i can get a package that’s ready to install? not looking for something for nothing, but can’t wait on Checkpoint anymore

      thanks,

      Chris

  • Jon says:

    Hi there. I followed these instructions to the letter. Very easy to follow and no problems with the commands or order of items.

    However, I run the installer package and everything seems to install properly. Upon reboot, nothing happens. There is a Checkpoint folder with 3 broken links in the Applications folders. It won’t let me run the installer package again because it says it is already installed. I have to do the terminal thing to remove it completely. I was able to run your other page that described how to fix it SecureClient after the install of the broken version. That method works.

    So, any ideas about what is going wrong?
    Thanks

    • Harald Haentsch says:

      This is exact what I experienced, if the installer does not complete because of an uncleaned deinstallation of SC.
      However, removing the files seems to have helped for me. Maybe there are some other files left somewhere.
      Please check this folder /Library/Receipts/ for any files which could be from SC. If you renamed the SC Installer package to a different name. Then that name will be listed as a file here and will need to be removed.

      During the installation of SC, you can even verify and check the install logs from the menu while the installer is open. It should display “Upgrading”. Otherwise it still found something of the former SC installations.

  • […] complained at boot-up that the SecureClient service wasn’t started. A known work-around is to binary edit two files, StartupItemsMgr and SecureClientStarter and replace the string […]

  • Gerardo Nunez says:

    Thanks, its grate.

  • Andreas Nuechter says:

    Hello, the install runs perfect but there is no secureclient app. is there a way to check the install success ?
    Regards Andreas

    • Harald Haentsch says:

      Did you uninstall before? If so, please make sure you cleaned the receipt files after uninstall (Check other post for cleaning CP) Otherwise the installer will upgrade. You can check the installer log, while the installer is still open. On the menu there is an option to show the log.

      • Andreas Nuechter says:

        it seems to be an update – can I run the uninstall process now ? Thanks Andreas

        • Harald Haentsch says:

          Sure, f you don’t see the Checkpoint uninstaller. Just use these commands in a Terminal:

          sudo rm -rf /opt/CPsrsc-50
          sudo rm -rf /private/var/db/receipts/com.checkpoint.secureclient.R56.bom
          sudo rm -rf /private/var/db/receipts/com.checkpoint.secureclient.R56.plist
          sudo rm -rf /Library/Receipts/SecureClient_B634000031_1.pkg/

  • PJ says:

    You, Sir, are a steely-eyed missile man. It works! The Checkpoint VPN client is important enough to daily activities that I would otherwise have had to downgrade to Leopard on a new MacBook Pro.

    Thanks!

  • Hjalti á Lava says:

    Thanks for the instructions, they are working as expected. The only problem I have so far, is the setting called “Route all traffic through gateway”, I can not get it to work correctly. Any solution for this?

  • Stephan Budach says:

    Harald,

    this is so great! I just created a SL compatible PKG without any issue following your instructions.

    Really appreciate it!

  • JOHNb says:

    I ran into the same problems with the following command:
    pax -x cpio -w . > ../Archive.pax

    Because my user account is Active Directory based the pax command was having problems with the long userID. I used the following command:
    pax -U root -x cpio -w . > ../Archive.pax

    which worked, but only after I issued this command to remove the long UserID from the ownership of the files in question:

    sudo chown -R root:wheel ../newSC

    Hope that helps whomever else might be having the same problems I was.

  • devylon says:

    Hi,

    i get the following error on “pax -w . > ../Archive.pax”

    pax -w . > ../Archive.pax
    pax: Ustar header field is too small for uid 2026487260, using nobody
    pax: Ustar header field is too small for .
    pax: Ustar header field is too small for ./desktop_B634000031_1.tgz

  • Chris Moss says:

    I did it a couple more times to be sure – I don’t get a directory opt in the SC folder in the newly made temp folder. The SC folder contains:
    MBP1:SC fred$ ls
    bin conf log release_notes.pdf shared
    boot copyright.txt policy sc_ts state
    build_number.conf database product.ini sds tmp

    but no opt!

    Chris

    • Harald Haentsch says:

      Mea culpa!
      I’m sorry, you are right. I changed my article accordingly. Its in SC/bin …

      • Chris Moss says:

        But not in my bin! See the list of files above in temp/SC/bin – still no opt folder.

        Chris

        • Harald Haentsch says:

          yes, no opt folder. That was wrong. I changed my posting accordingly –
          As you stated, SC contains beside others the bin and boot folder, so you just hexedit
          the StartupItemsMgr in the bin folder of SC
          and
          the SecureClientStarter in the boot/SecureClient folder of SC

          • Chris Moss says:

            Got it! Thanks.
            I hope this is the last question, when starting up Terminal again and making the new directory newSC, which directory should I be in?
            Chris

    • Harald Haentsch says:

      if you are about to create the newSC folder, you should be in the SC folder before.

  • Chris Moss says:

    Next question, about this part:
    “Open a hex editor and change anything with “kextload -s” to “kextload -d”. on the following files:

    temp/SC/opt/CPsrsc-50/bin/StartupItemsMgr
    temp/SC/opt/CPsrsc-50/boot/SecureClient/SecureClientStarter”

    In the temp directory I have made on my desktop, and in which I have edited the scuninstaller, there is no directory temp/SC/opt/
    It doesn’t make sense to me to go to the /opt/CPsrsc-50/bin/ which is already on my hard disk as I am modifying the installer, not the current installation. So is the path ~/Desktop/temp/SC/opt/CPsrsc-50/bin/ correct?

    Chris

    • Harald Haentsch says:

      You have made a temp dir on your Desktop. Thats good. If you did it right you will have also created and unpacked the some files/dirs in the SC directory below of the temp dir.

      And now just step deeper in, and insight SC go to opt/CPsrsc-50/boot/SecureClient/SecureClientStarter and opt/opt/CPsrsc-50/bin/StartupItemsMgr

      to summarize, based from your Desktop: open these files with an hexeditor:
      temp/SC/opt/CPsrsc-50/bin/StartupItemsMgr
      temp/SC/opt/CPsrsc-50/boot/SecureClient/SecureClientStarter”

  • Chris Moss says:

    Thank you! I suppose it would be cheeky and possibly illegal to ask for the modified installer to be made available for download? I’d be happy to “test” it for you on another Mac, just to check that it works….

    Chris

  • Harald Haentsch says:

    You are not supposed to type this in a Terminal window:

    so please edit “scuninstall” in the bin folder and it will uninstall cleanly:

    # Delete install entry so the next time we run the installer it would suggest
    # installing and not upgrading
    $RM -r -f /Library/Receipts/SecureClient*.pkg
    # the following lines should be added here
    $RM -r -f /private/var/db/receipts/com.checkpoint.secureclient.R56.bom
    $RM -r -f /private/var/db/receipts/com.checkpoint.secureclient.R56.plist

    Look fo the file scuninstall in the bin folder and edit it with TextEdit.

  • Chris Moss says:

    I have tried that out on a copy of the R56 installer, and I keep getting the Terminal message from bash that command -r doesn’t exist.
    Chris

  • Recent Posts

    Tag Cloud

    Checkpoint FAS 3020c Join Mac OS X Server NetApp OS X 10.6 R56 SecureClient Snow Leopard

    Meta

    Sysadmins World is proudly powered by WordPress and the SubtleFlux theme.

    Copyright © Sysadmins World