Archive

Archive for the ‘AutoPkg’ Category

AutoPkg recipes for macOS Sierra, OS X El Capitan and OS X Yosemite OS installers now available

November 7, 2019 2 comments

Now that Apple has made direct download links available for older OS installers, I’ve written AutoPkg .download and .pkg recipes for the following macOS installers:

 

These recipes will download the disk images linked to the relevant KBase articles, extract the installer packages stored inside the disk images and rename the disk images and installer packages with the OS name and version number.

One thing to be aware of is that the downloaded installers do not themselves install the relevant version of macOS or OS X. Instead, they install the Install.app for that version of macOS or OS X into the /Applications directory.

Screen Shot 2019 11 07 at 11 41 25 AM

The AutoPkg recipes are available via the links below:

Categories: AutoPkg, Mac OS X, macOS

Building customized postinstall scripts for AutoPkg recipes

July 26, 2019 Leave a comment

As part of some recent work, I needed to build a deployable installer package for an application named Zscaler. This application does not use an installer package, nor can it be installed as a drag-and-drop app. Instead, it uses a third party installer application to install.

Screen Shot 2019 07 26 at 4 36 20 PM 1

This is exactly the kind of situation where I want to write an AutoPkg recipe to handle building a deployable installer package for me. As part of that, I had two bits of good news:

  1. There was a publicly available download URL for the Zscaler installer app.
  2. Zscaler has instructions for installing from the command line, so I could wrap up the installer application inside an installer application and use a postinstall script to run the installation process.

Screen Shot 2019 07 26 at 2 51 06 PM

I had one bit of bad news:

The installer process included options for adding things like the Zscaler cloud instance which the app should talk to following the installation as well as various other options which probably shouldn’t be hardcoded into an Autopkg recipe. I especially shouldn’t be hardcoding my own organization’s credentials into a recipe which I was planning to share with other folks.

Normally, sensitive information is something I want to only have in an AutoPkg recipe override. Recipe overrides are locally-stored files that allow you to change certain input variables in AutoPkg recipes. Since the recipe overrides are stored locally on the Mac which is running AutoPkg and not shared with any other resources, the sensitive information is only made available to the AutoPkg installation running on that specific Mac. I’ve used this approach previously for the following:

Sensitive URLs: https://derflounder.wordpress.com/2017/06/12/autopkg-recipes-for-apple-enterprise-connect/
Signing AutoPkg-generated installer packages: https://derflounder.wordpress.com/2017/11/10/adding-installer-package-code-signing-to-autopkg-workflows/

This time though, I didn’t see a way to pass an AutoPkg recipe override’s variables to a postinstall script. I did have one idea though, which was using AutoPkg’s FileCreator processor to create a customized postinstall script. I had previously used the FileCreator processor in other AutoPkg recipes to create postinstall scripts, but those scripts were self-contained and didn’t use variables from the AutoPkg recipe.

AutoPkg Adobe Creative Cloud recipe postinstall script

That said, you never know what AutoPkg can do until you try it and sure enough the FileCreator processor was able to pass recipe variables as part of creating a file. For more details, please see below the jump.

Read more…

Using AutoPkg 1.1’s recipe template creation option

May 29, 2019 Leave a comment

As part of the release of AutoPkg 1.1, a new-recipe feature was added to help with recipe creation.

Screen Shot 2019 05 29 at 10 51 43 AM

It will create a generic recipe file with the following keys added:

  • Description
  • Identifier
  • Input
  • MinimumVersion (by default, MinimumVersion will be set for AutoPkg 1.0)
  • Process

Under the Process keys, there are additional keys created by default:

  • Arguments
  • Processor

As an example, here’s the recipe file which is created when the following command is run:

autopkg new-recipe ~/Desktop/MyGreatApplication.download.recipe

Screen Shot 2019 05 29 at 10 48 25 AM

For more details, please see below the jump.

Read more…

Categories: AutoPkg, macOS

Oracle Java JDK, OpenJDK, Java 11 and macOS

October 19, 2018 2 comments

With Java 8 approaching the end of its lifecycle, Oracle has made some changes to the Oracle JDK license that will affect Java 11’s JDK. As of Oracle Java JDK 8, you can use the JDK for free in the following circumstances:

  • Development
  • Testing
  • Prototyping
  • Production

As of Oracle Java JDK 11, you can use the JDK for free in the following circumstances:

  • Development
  • Testing
  • Prototyping

Notice that Production has dropped off the list? If you use Oracle Java JDK 11 for production use, Oracle is now expecting payment. For the complete details, please see the license agreement (relevant sections highlighted below):

Screen Shot 2018 10 19 at 10 32 44 AM

If you don’t want to or can’t pay Oracle, what are the available options?

1. Keep using Oracle Java JDK 8

Oracle will continue to provide updates for Java 8 until January 2019, so a short-term solution is to keep using JDK 8 until support ends. This is only a short term solution however. If you want to continue using Java 8 past January 2019, you may need to start paying Oracle in order to get access to continuing Java 8 support.

2. Migrate from Oracle Java JDK to OpenJDK

In addition to its commercial offering, Oracle has an open-source Java available named OpenJDK. As of Java 11, Oracle will be providing functionally identical JDK builds to both the commercially licensed Oracle JDK and the open-source OpenJDK. For more details, please see below the jump:

Read more…

Phantom groups, MySQL queries and Jamf Pro 10.7

September 19, 2018 2 comments

On September 13th, Jamf released a new KBase article for Jamf Pro customers who hosted Jamf Pro themselves instead of hosting in Jamf Cloud:

On-Prem Jamf Pro Customers Upgrading to 10.7.0: https://www.jamf.com/jamf-nation/articles/552/on-prem-jamf-pro-customers-upgrading-to-10-7-0

In the KBase article, Jamf provides a couple of MySQL commands to run:

select computer_group_id,criteria,criteria_display from smart_computer_group_criteria where criteria not in (select computer_group_name from computer_groups) and search_field="Computer Group";
select computer_group_id,criteria,criteria_display from smart_computer_group_criteria where binary criteria not in (select binary computer_group_name from computer_groups) and search_field="Computer Group";

If either query returned data, the KBase directs you to contact Jamf Support. This was my output:

What had happened? For more details, please see below the jump.

Read more…

Categories: AutoPkg, Jamf Pro, JSSImporter

Automating AutoPkg and JSSImporter setup

July 13, 2018 1 comment

As part of building my autopkg-conductor solution for automating AutoPkg runs, I also wanted to automate the setup of AutoPkg and JSSImporter. My colleague Graham Pugh has written a setup script for his environment, which I was able to adapt and extend for my own needs. For more details, please see below the jump.

Read more…

Automating AutoPkg runs with autopkg-conductor

July 6, 2018 2 comments

About two weeks ago, I noticed I had an SSL error cropping up with one of my AutoPkg recipes:

[Errno socket error] EOF occurred in violation of protocol (_ssl.c:590)

When I investigated what it meant, I wound up at this lengthy issue opened for Python’s requests module. In the end, it seemed to boil down to four issues:

  1. I was running AutoPkg on macOS Sierra 10.12.6.
  2. The recipe I was running used a processor which called Python’s urllib2 library.
  3. Python’s urllib2 library was calling the OS’s installed version of OpenSSL to connect to a server using TLSv1.2 .
  4. The version of OpenSSL included with 10.12.6 does not support TLSv1.2 for the urllib2 library.

When I looked into the situation on macOS High Sierra 10.13.5, Apple had addressed the problem by replacing OpenSSL with LibreSSL. Among other improvements, LibreSSL allowed Python’s urllib2 library to be able to connect to servers using TLSv1.2. Problem solved!

Until I ran into another problem.

I had been using AutoPkgr as my way of managing AutoPkg and scheduling AutoPkg runs. However, when I set up AutoPkgr on a 10.13.5 VM and scheduled my AutoPkg nightly run, nothing happened except my CPU spiked to 100% and AutoPkgr locked up with the pinwheel of patience.

OK, maybe it was something with my VM. No problem, set up a new macOS 10.13.5 VM.

Same problem.

Maybe it was because I was trying to run the VM on VMware’s ESXi? Set up a new VM running in VMware Fusion. Same problem.

Maybe AutoPkgr was getting confused by Apple File System? I set up a 10.13.5 VM which used an HFS+ boot volume. Same problem, replicated on both ESXi and Fusion.

No matter what I tried, trying to run recipes using AutoPkgr on macOS 10.13.x resulted in the following:

  • The VM’s CPU spiking to 100%
  • AutoPkgr locking up with the pinwheel of patience
  • My AutoPkg recipes not running

I was able to eliminate AutoPkg itself as being the issue, as running recipes from the command line using AutoPkg worked fine. With that information in mind, I decided to see if I could replicate what I most liked about using AutoPkgr into another form. In the end, my needs boiled down to three:

  1. I wanted to be able to run a list of AutoPkg recipes on a scheduled basis. These recipes would be .jss recipes for uploading to a Jamf Pro server.
  2. I wanted to be able to post information about those AutoPkg recipes to a Slack channel
  3. I wanted all the error messages from an AutoPkg run, but I didn’t care about all the information that came from a successful AutoPkg run.

With that, I decided to draw on some earlier work done by Sean Kaiser, a colleague who had written a script for managing AutoPkg in the pre-AutoPkgr days. For more details, please see below the jump.

Read more…

Adding installer package code-signing to AutoPkg workflows

November 10, 2017 2 comments

As part of building an AutoPkg workflow to create installer packages, one of the requirements I was given was that any packages that weren’t already signed by the vendor needed to be signed using a Developer ID Installer signing certificate.

Screen Shot 2017 11 09 at 9 58 53 PM

Signing installer package is not usually an outcome of most AutoPkg workflows, since code signature verification can be used at the download end to make sure that the application is what it is supposed to be. However, there were several good reasons for adding a package signing step to the workflow, including:

  1. It is now necessary to sign packages before you’ll be able to use them as part of NetInstall sets
  2. The InstallApplication MDM command requires that macOS installer packages be signed with an appropriate certificate

After some research and testing, I was able to incorporate installer package signing into my AutoPkg workflow and am now able to automatically sign installer package as they’re generated by my package creation workflows. For more details, see below the jump.

Read more…

AutoPkg recipes for Apple Enterprise Connect

June 12, 2017 6 comments

To help keep on top of software updates, I’ve been using AutoPkg in combination with AutoPkgr and JSSImporter for a while now to upload new software updates to Jamf Pro. However, I recently ran into a challenge when I wanted to build an AutoPkg recipe for Apple’s Enterprise Connect.

AutoPkg recipes usually rely on the vendor having a publicly accessible way to get downloads via HTTP or HTTPS. Apple does not have a publicly accessible download URL for Enterprise Connect and in fact discourages customers from sharing the download link. The fact that there was a download link meant that I could write AutoPkg recipes but at the same time I couldn’t include the URL needed to download the latest update as part of the recipe .

After some thinking and research into AutoPkg’s functionality, I found a way to create AutoPkg recipes for Enterprise Connect while at the same time not sharing Apple’s download URL. For more details, see below the jump.

Read more…

Deploying and licensing EndNote X8

November 23, 2016 7 comments

As previously discussed, a number of folks in my shop use Clarivate Analytics’s EndNote bibliography software. Clarivate Analytics provides EndNote X8 with an installer application, but I need an installer package in order to easily deploy it to my customers. EndNote X8 was initially problematic in that regard, but I was able to write AutoPkg recipes for EndNote X8 to handle converting Clarivate Analytics’s installer application into a deployable installer package, including a recipe that would automate uploading the latest EndNote installers to my Casper server.

Screen Shot 2016 11 22 at 9 56 17 PM

 

Once AutoPkg was able to provide an EndNote X8 installer package for deployment, the remaining hurdle was that the EndNote X8 installer from AutoPkg installs an unlicensed copy of EndNote and I needed to have installed copies of EndNote automatically use my shop’s EndNote site license.

Screen Shot 2016 11 22 at 9 41 57 PM

 

Fortunately, EndNote X8’s volume license can be deployed just like EndNote X7’s volume license. The volume license is stored in as an invisible file named .license.dat in /Applications/EndNote X8  and it has a format that looks like this:

Company Name
1234567890
V2ZMQT6556P8WMH38MTQ6YSM8UXCCRYQ5MDS4WJGLKMP7RGSWECBCMT77556P8WCE8KMTQ6YSMNXJCCRYQ59MD9WJGLKMCSESSWECBCMB76556P8WCU3NMTQ6YSMLUYCCRYQ5MET8WJGLKMPSMJSWECBCM57F556P8WCU3CMTQ6YSM9DECCRYQ59XSCWJGLKMPNE9SWECBCMB79556P8WCH8KMTQ6YSMDXECCRYQ5MTSMWJGLKMPYRMSWECBCB7W7556P8W

Note: The Company Name part may show up twice in your .license.dat file.

With some additional testing, I found that I could remove an existing .license.dat file (if one was present) and replace it with my shop’s site license’s .license.dat file. That allowed me to use the EndNote X8 installer produced by AutoPkg by having Casper install it, then apply our site license file as a post-installation action. For more details, see below the jump.

Read more…

%d bloggers like this: