Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save rickgmac/532f3bdd030595b7631b9fe7ef4cb4cb to your computer and use it in GitHub Desktop.
Save rickgmac/532f3bdd030595b7631b9fe7ef4cb4cb to your computer and use it in GitHub Desktop.
Postinstall script for Jamf Composer to install DEPNotify with supporting scripts and a LaunchDaemon
## postinstall
# This postinstall script for Composer creates the following
# A LaunchDaemon that starts a separate script to run a Jamf Pro policy command
# A script to wait for Jamf Pro enrollment to complete
# - then triggers a Jamf Pro policy that triggers DEPNotify
# A script that is designed to be called by a Jamf Pro policy
# - to unload the LaunchDaemon then remove the LaunchDaemon and script
# Q: Why not just call the `jamf policy -event` command
# from the PreStage Enrollment package postinstall script?
# A: Because the PreStage Enrollment package is installed
# before the jamf binary is installed.
# Q: Why not just have the postinstall script wait until jamf enrollment is complete?
# A: Because the postinstall script won't exit while it waits, which prevents enrollment
# Q: Why not just include the script in the PreStage Enrollment package?
# A: Because every time you update it, for instance POLICY_ARRAY,
# you'd need to re-build and re-upload the package
# Q: Why not distribute the extra scripts and LaunchDaemons somewhere else,
# instead of embedding them in this funky postinstall script?
# A: This way you only have to download and maintain one extra thing.
# One approach is to use the following locations and files:
# LaunchDaemon:
# /Library/LaunchDaemons/com.arekdreyer.DEPNotify-prestarter.plist
# Temporary folder for the installer and scripts:
# /usr/local/depnotify-with-installers/
# Scripts:
# /usr/local/depnotify-with-installers/com.arekdreyer.DEPNotify-prestarter-installer.zsh
# /usr/local/depnotify-with-installers/com.arekdreyer.DEPNotify-prestarter-uninstaller.zsh
# This script must be run as root or via Jamf Pro.
# The resulting Script and LaunchDaemon will be run as root.
# Update this when the DEPNotify installer package is updated; earlier name was DEPNotifyInstallerName=DEPNotify-1.1.4.pkg
# You can change this if you have a better location to use.
# I haven't tested this with any path that has a space in the name.
# You can change any of these:
# Best to use /Library/LaunchDaemons for the LaunchDaemon
# Install the package
/usr/sbin/installer -pkg ${TempUtilitiesPath}/${DEPNotifyInstallerName} -target $3
# The following will create a script that triggers the DEPNotify script to start. Be sure the contents are between the two "ENDOFINSTALLERSCRIPT" lines.
# NOTE: Make sure to leave a full return at the end of the Script content before the last "ENDOFINSTALLERSCRIPT" line.
echo "Creating ${InstallerScriptPath}."
until [ -f /var/log/jamf.log ]
echo "Waiting for jamf log to appear"
sleep 1
until ( /usr/bin/grep -q enrollmentComplete /var/log/jamf.log )
echo "Waiting for jamf enrollment to be complete."
sleep 1
/usr/local/jamf/bin/jamf policy -event ${DEPNOTIFYSTARTER_TRIGGER}
exit 0
) > "${InstallerScriptPath}"
echo "Setting permissions for ${InstallerScriptPath}."
chmod 755 "${InstallerScriptPath}"
chown root:wheel "${InstallerScriptPath}"
# The following will create the LaunchDaemon file that starts the script that waits for Jamf Pro enrollment
# then runs the jamf policy -event command to run your script.
echo "Creating ${LaunchDaemonPath}."
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "">
<plist version="1.0">
) > "${LaunchDaemonPath}"
echo "Setting permissions for ${LaunchDaemonPath}."
chmod 644 "${LaunchDaemonPath}"
chown root:wheel "${LaunchDaemonPath}"
echo "Loading ${LaunchDaemonName}."
launchctl load "${LaunchDaemonPath}"
# The following will create the script file to uninstall the LaunchDaemon and installer script.
# You can create a Jamf Pro policy with the following characteristics:
# General settings:
# --Name: Cleanup DEPNotify Installers
# --Trigger: Custom Trigger: cleanup-depnotify-preinstaller
# --Scope: All Computers
# --Frequency: Once per Computer
# Files and Processes settings:
# --Execute Command: Whatever your $UnInstallerScriptPath is set to.
# In your script, include the policy near the end of your POLICY_ARRAY.
# Paste your script's contents between the two "ENDOFUNINSTALLERSCRIPT" lines.
# NOTE: Make sure to leave a full return at the end of the Script content before the last "ENDOFUNINSTALLERSCRIPT" line.
echo "Creating ${UnInstallerScriptPath}."
# This is meant to be called by a Jamf Pro policy via trigger
# Near the end of your POLICY_ARRAY in your script
rm ${TempUtilitiesPath}/${DEPNotifyInstallerName}
rm ${InstallerScriptPath}
#Note that if you unload the LaunchDaemon this will immediately kill the script
#Just remove the underlying plist file, and the LaunchDaemon will not run after next reboot/login.
rm ${LaunchDaemonPath}
rm ${UnInstallerScriptPath}
rmdir ${TempUtilitiesPath}
exit 0
exit 1
) > "${UnInstallerScriptPath}"
echo "Setting permissions for ${UnInstallerScriptPath}."
chmod 644 "${UnInstallerScriptPath}"
chown root:wheel "${UnInstallerScriptPath}"
exit 0 ## Success
exit 1 ## Failure
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment