Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add the support for package installation #110

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Add the support for package installation #110

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
b697b81
Update macOSUpgrade.sh
ecanault May 13, 2019
1d2d001
Update macOSUpgrade.sh
ecanault May 13, 2019
c807b78
Update macOSUpgrade.sh
ecanault May 13, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
21 changes: 14 additions & 7 deletions macOSUpgrade.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,6 +109,10 @@ fi
userDialog="$9"
if [[ ${userDialog:=0} != 1 ]]; then userDialog=0 ; fi

##Specify path to postinstallation package. Use Parameter 10 in the JSS
##Example: /Users/Shared/postinstall.pkg
installPkg="${10}"

##Title of OS
##Example: macOS High Sierra
macOSname=$(/bin/echo "$OSInstaller" | /usr/bin/sed 's/^\/Applications\/Install \(.*\)\.app$/\1/')
Expand All @@ -120,8 +124,8 @@ title="$macOSname Upgrade"
heading="Please wait as we prepare your computer for $macOSname..."

##Title to be used for userDialog
description="This process will take approximately 5-10 minutes.
Once completed your computer will reboot and begin the upgrade."
description="Your computer will reboot in 5-10 minutes and begin the upgrade.
This process will take approximately 30-40 minutes."
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM to description strings changes.


##Description to be used prior to downloading the OS installer
dldescription="We need to download $macOSname to your computer, this will \
Expand Down Expand Up @@ -261,7 +265,7 @@ fi
# CREATE FIRST BOOT SCRIPT
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

/bin/mkdir -p /usr/local/jamfps
/bin/mkdir /usr/local/jamfps
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If there is already this directory, It would be got an error.
The switch '-p' will be workaround.


/bin/echo "#!/bin/bash
## First Run Script to remove the installer.
Expand Down Expand Up @@ -374,12 +378,16 @@ if [[ ${pwrStatus} == "OK" ]] && [[ ${spaceStatus} == "OK" ]]; then
eraseopt='--eraseinstall'
/bin/echo " Script is configured for Erase and Install of macOS."
fi
##Check if installPackage is Enabled
if [ ! -z "${installPkg}" ]; then
pkgopt="--installpackage ${installPkg}"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@taniguti

There is something I would like to discuss with you.

I would say @ecanault's work has partially good points.
But it might be better to use following steps than to use the installpackage option of startosinstall command.

Steps (draft)

  1. Get the trigger name of a policy in the argument from the user with jamf script argument.
  2. Create a pkg which runs jamf policy-event <the trigger name>.
  3. Set the value of the installpackage option to run the pkg (created in step2).

This is because it is difficult to put pkg on the local device beforehand.
The advantage of running a policy is that we can run a variety of subsequent processes, not just a pkg.

Cons
If the device cannot connect to the Internet, it may not work as expected.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@kenchan0130

Summary)
The addition of pkgopt complicates the functionality of macOSUpgrade.sh, so I object to adding this functionality.
I think that it is possible to realize this function by the function of JamfPro.

It is of course possible to use macOSUpgrade.sh alone, but I understand that it is assumed to be used with JamfPro.
This means that the Mac computer on which macOSUpgrade.sh is to be run is under control of JamfPro.

Considering putting the pkg file in the path pointed to by "$ pkgotp", it seems more straightforward to do with JamfPro's Policy processing than processing in macOSUpgrade.sh. In other words, check the version of os etc. If there is no element added by the pkg file, pkg will be sent and installed.

Even through, when adding "pkgopt" to macOSUpgrade.sh, there should be confirmation of the existence of the pkg file expected by this switch. There should also be verification of the package itself, if it might not be signed or the file has been corrupted. The implicit premise and expectation that management will definitely put the pkg file in its place as expected brings the possibility of interfering with stable operation.
It is possible to make the above implementation macOSUpgrade.sh, but the code gets more complicated. I think it would be better to adopt a solution using JamfPro's Policy.

Thank you for your suggestions. @ecanault

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The addition of pkgopt complicates the functionality of macOSUpgrade.sh, so I object to adding this functionality.
I think that it is possible to realize this function by the function of JamfPro.

I have the same opinion as you.
As mentioned #110 (comment)
, I recommend to use the install pkg feature of prestage enrollment if the admin want to use erase option of the startosinstall command.

However, when the device does not have DEP, the installpackage option may be useful.
Therefore, if package validation is correct, we may be able to accept the changes.
We will not continue to adopt it aggressively, as it will not be complicated. (In other words, if we get the right response, we may adopt it.)

/bin/echo " Script is configured for installing extra package."
fi

osinstallLogfile="/var/log/startosinstall.log"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

keep $osinstallLogfile

if [ "$versionMajor" -ge 14 ]; then
eval /usr/bin/nohup "\"$OSInstaller/Contents/Resources/startosinstall\"" "$eraseopt" --agreetolicense --nointeraction --pidtosignal "$jamfHelperPID" >> "$osinstallLogfile" &
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use eval for safe.

"$OSInstaller/Contents/Resources/startosinstall" $pkgopt $eraseopt --agreetolicense --nointeraction --pidtosignal "$jamfHelperPID" &
else
eval /usr/bin/nohup "\"$OSInstaller/Contents/Resources/startosinstall\"" "$eraseopt" --applicationpath "\"$OSInstaller\"" --agreetolicense --nointeraction --pidtosignal "$jamfHelperPID" >> "$osinstallLogfile" &
"$OSInstaller/Contents/Resources/startosinstall" $pkgopt $eraseopt --applicationpath "$OSInstaller" --agreetolicense --nointeraction --pidtosignal "$jamfHelperPID" &
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

--installpackage supports 10.13 or later.

fi
/bin/sleep 3
else
Expand All @@ -390,7 +398,6 @@ else

/bin/echo "Launching jamfHelper Dialog (Requirements Not Met)..."
/Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility -title "$title" -icon "$icon" -heading "Requirements Not Met" -description "We were unable to prepare your computer for $macOSname. Please ensure you are connected to power and that you have at least 15GB of Free Space.

If you continue to experience this issue, please contact the IT Support Center." -iconSize 100 -button1 "OK" -defaultButton 1

fi
Expand Down