K2Client.pkg is a signed “flat package” which can be installed on OS 10.6 and later. It can be customized to include the target KeyServer address and other settings, but this customization will remove the signature, so you may need to right-click the installer when running it manually in order to tell Gatekeeper to allow it to run.
The k2clientconfig script is an OS X command line utility that lets you customize the OS X client package installer (K2Client.pkg) with a pre-configured KeyServer DNS name (or IP address). You can also customize other client settings and the installer behavior itself to suit your particular deployment strategy. k2clientconfig can be found in the full K2 archive, in Installers/Macintosh Installers/Misc (or download k2clientconfig from the Sassafras web site, but then you must use chmod u+x in the terminal to enable execute permission).
Use the Mac OS X Terminal program to run k2clientconfig. Type in the path manually, or just drag the k2clientconfig file into the terminal window. Running k2clientconfig with no additional parameters will display the command line options. The table below gives a more complete explanation with defaults underlined and some additional comments. Running k2clientconfig with a particular set of command line options changes ONLY those options specified on the command line, leaving all other options set to their current values. Therefore, it not necessary to specify every command line option, but only those which you would like to change. Because customization removes the signature, Gatekeeper might handle the modified installer differently from the original installer.
k2clientconfig [options] K2Client.pkg
Command Line Options:
1 Note that by default, the installer will prompt for the KeyServer address during installation. If you are using Apple Remote Desktop for distribution of the pkg, this dialog will appear on the computer where the software is being installed - not on the computer where Remote Desktop is running. Therefore, you will probably want to configure the KeyServer address, and set the installer to silent mode. To do so, you would do something like:
./k2clientconfig -h 192.168.0.16 -s 2 -g yes K2Client.pkg(assuming you are in a directory containing copies of k2clientconfig and K2Client.pkg)
2 "-r yes" will start KeyAccess after installation. In order to do so, it must kill any currently running KeyAccess. If you do not use keyed software, this has no unexpected consequences - if the client has a connection to KeyServer, it will close the connection, and the newly installed KeyAccess will open a new connection. However, if a keyed program is running when this happens, the new session will not ask for the key again. Therefore, KeyAccess will ask the user to quit the keyed program about 15 minutes after the installation. For this reason, you should only use "-r yes" if your clients do not yet have KeyAccess software installed, or if you do not use any keyed programs. If you use "-r yes", you may want to also use "-b no", since a restart is no longer necessary. e.g.:
./k2clientconfig -r yes -b no K2Client.pkg(assuming you are in a directory containing copies of k2clientconfig and K2Client.pkg)
For one more example, suppose you want users who run the pkg installer not to be able to choose the server address. After installation, you don't want them to be able to see the KeyAccess Preference Panel, and don't want them to be able to make changes (such as changing the KeyServer address). In this case, use something like:
./k2clientconfig -h 192.168.0.16 -s 2 -g yes -p no -l yes K2Client.pkg(assuming you are in a directory containing copies of k2clientconfig and K2Client.pkg)
k2clientconfig extracts underlying files from K2Client.pkg, modifies them, then reassembles the flat package installer. Most of the common command line options correspond to settings in a single file that is embedded in the installer, k2clientconfig.plist.
The k2clientconfig utility customizes the XML key values in the plist file as follows:
On 10.8 (Mountain Lion) and higher, any installer that is tagged as "quarantined" (an extended file system attribute) may be prevented from running by GateKeeper. Generally, this attribute is set on downloaded files and will remain set for all copies. After running k2clientconfig to customize the K2Client.pkg installer, its quarantine attribute will be deleted — make sure that your deployment method does not set the quarantine attribute again when the installer is deployed to a computer running OSX 10.8 or higher.