Last active
December 7, 2023 16:57
-
-
Save rtrouton/91a7c7fc35bc338cff54f48a01f2e899 to your computer and use it in GitHub Desktop.
Postinstall script for Privileges.app installer package
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # postinstall.sh | |
| # Marc Thielemann, 2020/01/21 | |
| exitCode=0 | |
| helperPath="$3/Applications/Privileges.app/Contents/XPCServices/PrivilegesXPC.xpc/Contents/Library/LaunchServices/corp.sap.privileges.helper" | |
| if [[ -f "$helperPath" ]]; then | |
| # create the target directory if needed | |
| if [[ ! -d "$3/Library/PrivilegedHelperTools" ]]; then | |
| /bin/mkdir -p "$3/Library/PrivilegedHelperTools" | |
| /bin/chmod 755 "$3/Library/PrivilegedHelperTools" | |
| /usr/sbin/chown -R root:wheel "$3/Library/PrivilegedHelperTools" | |
| fi | |
| # move the privileged helper into place | |
| /bin/cp -f "$helperPath" "$3/Library/PrivilegedHelperTools" | |
| if [[ $? -eq 0 ]]; then | |
| /bin/chmod 755 "$3/Library/PrivilegedHelperTools/corp.sap.privileges.helper" | |
| # create the launchd plist | |
| helperPlistPath="$3/Library/LaunchDaemons/corp.sap.privileges.helper.plist" | |
| /bin/cat > "$helperPlistPath" << EOF | |
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <plist version="1.0"> | |
| <dict> | |
| <key>Label</key> | |
| <string>corp.sap.privileges.helper</string> | |
| <key>MachServices</key> | |
| <dict> | |
| <key>corp.sap.privileges.helper</key> | |
| <true/> | |
| </dict> | |
| <key>ProgramArguments</key> | |
| <array> | |
| <string>/Library/PrivilegedHelperTools/corp.sap.privileges.helper</string> | |
| </array> | |
| </dict> | |
| </plist> | |
| EOF | |
| /bin/chmod 644 "$helperPlistPath" | |
| # load the launchd plist only if installing on the boot volume | |
| if [[ "$3" = "/" ]]; then | |
| /bin/launchctl bootstrap system "$helperPlistPath" | |
| fi | |
| # restart the Dock if Privileges is in there. This ensures proper loading | |
| # of the (updated) Dock tile plug-in | |
| # get the currently logged-in user and go ahead if it's not root | |
| currentUser=$(/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }') | |
| if [[ -n "$currentUser" && "$currentUser" != "root" ]]; then | |
| if [[ -n $(/usr/bin/sudo -u "$currentUser" /usr/bin/defaults read com.apple.dock "persistent-apps" | /usr/bin/grep "/Applications/Privileges.app") ]]; then | |
| /usr/bin/killall Dock | |
| fi | |
| fi | |
| # make sure PrivilegesCLI can be accessed without specifying the full path | |
| echo "/Applications/Privileges.app/Contents/Resources" > "$3/private/etc/paths.d/PrivilegesCLI" | |
| else | |
| exitCode=1 | |
| fi | |
| else | |
| exitCode=1 | |
| fi | |
| exit $exitCode |
OK. I don’t have your setup and I believe you when you’re saying you’re seeing this issue, but I’m not able to reproduce it in a freshly built Sonoma 14.1 VM running on Apple Silicon using an installer package built using AutoPkg.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Howdy @rtrouton- I am not using AutoPkg but a combo of Installomator with WS1. I will play with other MDMs that I have access to but I have been able to reproduce with this workflow