Deploying Xcode 8 via Self-Service - a how-to

Worked this out with @rtrouton based on both his installation script as well as the one located at cobbservations.wordpress.com

Wanted to offer Xcode 8 (requires OS X 10.11.5 or later) to our user population via Self Service.

Downloaded the Xcode 8 installation package from the App Store using the App Store Capture Methodology (yes, VPP would be better), described at:

https://derflounder.wordpress.com/2013/10/19/downloading-microsofts-remote-desktop-installer-package-from-the-app-store/

Added the 4.43GB installation package to the JSS, created a Self Service policy to install it, and used this script below (set to Run After) to handle all of the post-installation processing (so that users are not prompted for admin credentials). You may want to customize the script for your environment (we don't disable the Gatekeeper validation, and our users are already developers, nor do we have multiple versions of Xcode installed, so those line-items are disabled, but it's your call):

#!/bin/bash



# Accept EULA so there is no prompt



if [[ -e "/Applications/Xcode.app/Contents/Developer/usr/bin/xcodebuild" ]]; then

  "/Applications/Xcode.app/Contents/Developer/usr/bin/xcodebuild" -license accept

fi



# Just in case the xcodebuild command above fails to accept the EULA, set the license acceptance info 

# in /Library/Preferences/com.apple.dt.Xcode.plist. For more details on this, see Tim Sutton's post: 

# http://macops.ca/deploying-xcode-the-trick-with-accepting-license-agreements/



if [[ -e "/Applications/Xcode.app/Contents/Resources/LicenseInfo.plist" ]]; then



   xcode_version_number=`/usr/bin/defaults read "/Applications/Xcode.app/Contents/"Info CFBundleShortVersionString`

   xcode_build_number=`/usr/bin/defaults read "/Applications/Xcode.app/Contents/Resources/"LicenseInfo licenseID`

   xcode_license_type=`/usr/bin/defaults read "/Applications/Xcode.app/Contents/Resources/"LicenseInfo licenseType`



   if [[ "${xcode_license_type}" == "GM" ]]; then

       /usr/bin/defaults write "/Library/Preferences/"com.apple.dt.Xcode IDEXcodeVersionForAgreedToGMLicense "$xcode_version_number"

       /usr/bin/defaults write "/Library/Preferences/"com.apple.dt.Xcode IDELastGMLicenseAgreedTo "$xcode_build_number"

    else

       /usr/bin/defaults write "/Library/Preferences/"com.apple.dt.Xcode IDEXcodeVersionForAgreedToBetaLicense "$xcode_version_number"

       /usr/bin/defaults write "/Library/Preferences/"com.apple.dt.Xcode IDELastBetaLicenseAgreedTo "$xcode_build_number"

   fi       



fi



# DevToolsSecurity tool to change the authorization policies, such that a user who is a

# member of either the admin group or the _developer group does not need to enter an additional

# password to use the Apple-code-signed debugger or performance analysis tools.



/usr/sbin/DevToolsSecurity -enable



# Add all users to developer group, if they're not admins



/usr/sbin/dseditgroup -o edit -a everyone -t group _developer



# If you have multiple versions of Xcode installed, specify which one you want to be current.



/usr/bin/xcode-select --switch /Applications/Xcode.app



# Bypass Gatekeeper verification for Xcode, which can take awhile.



if [[ -e "/Applications/Xcode.app" ]]; then xattr -dr com.apple.quarantine /Applications/Xcode.app

fi



# Install Mobile Device Packages so there is no prompt



if [[ -e "/Applications/Xcode.app/Contents/Resources/Packages/MobileDevice.pkg" ]]; then

  /usr/sbin/installer -dumplog -verbose -pkg "/Applications/Xcode.app/Contents/Resources/Packages/MobileDevice.pkg" -target /

fi



if [[ -e "/Applications/Xcode.app/Contents/Resources/Packages/MobileDeviceDevelopment.pkg" ]]; then

  /usr/sbin/installer -dumplog -verbose -pkg "/Applications/Xcode.app/Contents/Resources/Packages/MobileDeviceDevelopment.pkg" -target /

fi



# Install XcodeSystemResources.pkg so there is no prompt



if [[ -e "/Applications/Xcode.app/Contents/Resources/Packages/XcodeSystemResources.pkg" ]]; then

  /usr/sbin/installer -dumplog -verbose -pkg "/Applications/Xcode.app/Contents/Resources/Packages/XcodeSystemResources.pkg" -target /

fi



exit 0

Page 2 / 2

Question to @franton @donmontalvo @RobertHammen ,
Lets say this was not done through self service, would this script then have to be run per user at login? Or could we run the bulk of the script once and just have users added to the developer group at login? Since all the users are not logged in yet, my question is the script adding any user created after the script is run to the developers group or does this have to happen as they login and get created?

Gabe Shackney
Princeton Public Schools

Nope, you run this exactly once. Nothing user specific in my script.

@franton will we see you at this year's JNUC?

October 26th, 11:30am in the Greenway Ballroom. I'm the Smart Card talk :D

I wrote a tool today that should help others to download and ultimately install Xcode simulators via pkg installations. It's called "makexcodesimulators".

This has only been tested with Xcode 9.3 but it should theoretically work on older versions. Hope it helps.

makexcodesimulators

@eng that's very nice. nice work! I ended up approaching things from a different angle and I now include this code with my org's finalisation script. It allows non admin users to install the same products by themselves. I have not found any adverse effects from this ... yet.

# alter authorisation database to allow installation of apple components without admin rights

security authorizationdb read system.install.apple-software > /tmp/xcode.plist

defaults write /tmp/xcode.plist rule -array authenticate-session-owner-or-admin

security authorizationdb write system.install.apple-software < /tmp/xcode.plist

Our users are admins, but we have "build servers" to test our apps prior to release.

We needed something that could be fully automated and unfortunately I had to figure out what it is that Xcode was doing.

This tool will parse out all of the simulators available for your version of Xcode and allow you to download them. After it downloads, it wraps the original Apple installed with productbuild using the customLocation key to allow the package to properly install. But the original package still has its signing certificates in case Apple is validating this somewhere else.

I imagine Apple uses relative links because they have changed the install path three times now, but my hope is the current folder is now the permanent one (/Library/Developer/continue/long/path)

Hello Anyone know if this script still works in 10.4?

@stephaniemm77 @eng the script doesn't work anymore. It was the greatest help indeed. I hope @eng will revisit it.

This thing is over seven years old now. Good chance anything that old is not likely to work anymore.

I'll not likely be revisiting it because my current employer allows full admin rights to developers, so it's not required.

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded