#!/bin/bash | |
# Copy the com.avid.bsd.DigiShoeTool Helper Tool | |
PHT_DIGISHOETOOL="/Library/PrivilegedHelperTools/com.avid.bsd.DigiShoeTool" | |
/bin/cp "/Applications/Pro Tools.app/Contents/Library/LaunchServices/com.avid.bsd.DigiShoeTool" $PHT_DIGISHOETOOL | |
/usr/sbin/chown root:wheel $PHT_DIGISHOETOOL | |
/bin/chmod 544 $PHT_DIGISHOETOOL | |
# Create the Launch Deamon Plist for com.avid.bsd.DigiShoeTool |
# (set GIT to the git binary if needed) | |
$GIT clone https://github.com/autopkg/recipes autopkg-recipes | |
$GIT clone https://github.com/keeleysam/recipes keeleysam-recipes |
The reason that importing the CA cert that was created via the tutorial for setting up a HTTPS munki server failed was the certificates, not the import method.
Once I corrected the certificates, the following workflow worked:
# Create the keychain at ~/Library/Keychains/ (or specify a full path instead of a relative filename)
security create-keychain -p munki munki.keychain
# Unlock it
""" | |
First attempt at bringing security into play with the .pem files. | |
Only the security tool is used, no additional tools (openssl, etc.). | |
This code does the following: | |
- Creates the specified keychain if it doesn't exist | |
- Unlocks it with the specified password | |
- Configures it to not lock | |
- Adds it to the keychain search paths if it's not present already (necessary for 10.9) | |
- Import the client.pem cert / identity |
# App Store playing | |
import urllib, urllib2, json, plistlib | |
### | |
# Utility function for performing an iTunes-style search | |
def perform_itunes_search(api_url, query_list=[]): | |
query_str = urllib.urlencode(query_list) | |
response_handle = urllib2.urlopen('https://itunes.apple.com/%s?%s' % (api_url, query_str)) |
#!/usr/bin/env python | |
# encoding: utf-8 | |
# | |
# Copyright 2009-2014 Arjen van Bochoven. | |
# | |
# Licensed under the Apache License, Version 2.0 (the "License"); | |
# you may not use this file except in compliance with the License. | |
# You may obtain a copy of the License at | |
# | |
# http://www.apache.org/licenses/LICENSE-2.0 |
#!/usr/bin/python | |
''' | |
reposado update notification: reports changed Apple products between repo_sync runs | |
Checks the current list of updates versus the previous list of updates and | |
reports on the changes. Run this script after your repo_sync run to see the | |
changes between syncs. You can then hand this report off in email if you wish. | |
For example: |
###Using CodeSignatureVerification in your recipe
The CodeSignatureVerifier processor was added to allow signature verification for both:
-
Installer packages (.pkg or .mpkg).
-
Application bundles (.app). This option is necessary since not all software is supplied as packages. Instead, software is commonly released for download 'bare' at the root of a zip archive. CodeSignatureVerifier can look inside a DMG mount, but zip's must use the Unarchiver processor first.
Take into account the fact that both the computer running autopkg and the one that genrates the required configuration settings should have the default spctl
settings, meaning Gatekeeper allows apps from the App Store and those signed with an Apple-recognized Developer ID.
####Adding Application bundle (.app) verification to your recipe
According to Microsoft, Lync must be completely uninstalled, following the procedures documented at https://technet.microsoft.com/en-us/library/jj945448(v=office.14).aspx, at least for Calendar functionality to work correctly.
This repo contains a python script for removing all referenced Lync components for all normal users on a machine, i.e., with homes in /Users.
It is somewhat naive in that it assumes the users have not moved the Lync keychain items out of the Login keychain and into some other keychain. It handles the potential for multiple "your.email@domain.com" certificates in the login keychain, however. This is all done by running the security command as a subprocess. Improvements could probably be made to do this all with the Security Framework and the PyObjC bridge, but this gets the job done.
You will need to edit the pattern global APP_PW_PATTERN
at the top of the uninstall_lync.py
script to look for your environment's email domai