Jamf Nation Community

DanJ_LRSFC · ‎07-26-2022

We use DEPNotify as part of our deployment process so we can see which stage the process has got to.

As part of this, we use defaults write to set up the .plist needed to allow DEPNotify to show a "registration" dialog that lets us specify the name and role (staff/student) of the Mac.

On Monterey (12.2.1) on brand new Apple Silicon M1 iMacs, this seems to be failing for some reason.

In the logs we can see:

2022-07-26 10:12:08.279056+0100 0x69fea    Activity    0x5e290              10301  0    defaults: (CoreFoundation) Loading Preferences From System CFPrefsD
2022-07-26 10:12:08.297138+0100 0x69fff    Activity    0x5e2c0              10311  0    defaults: (libsystem_info.dylib) Retrieve User by ID
2022-07-26 10:12:08.306905+0100 0x69fff    Error       0x0                  10311  0    defaults: (CoreFoundation) [com.apple.defaults:User Defaults] Couldn't write values for keys (
    registrationMainTitle
) in CFPrefsPlistSource<0x600001394500> (Domain: menu.nomad.DEPNotify, User: kCFPreferencesCurrentUser, ByHost: No, Container: (null), Contents Need Refresh: Yes): Domain or user not found, detaching from cfprefsd
2022-07-26 10:12:08.306913+0100 0x69fff    Activity    0x5e2c1              10311  0    defaults: (CoreFoundation) Flushing Cached Preferences Data
2022-07-26 10:12:08.306963+0100 0x69fff    Default     0x0                  10311  0    defaults: Could not write domain menu.nomad.DEPNotify; exiting

Can anyone suggest what might be causing this? The script works fine if run from Terminal.

The commands being used are:

imagePath="${4}"
loggedInUser=$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' )

/usr/bin/sudo -u "${loggedInUser}" /usr/bin/defaults write menu.nomad.DEPNotify registrationMainTitle "Configuration of this Mac"
/usr/bin/sudo -u "${loggedInUser}" /usr/bin/defaults write menu.nomad.DEPNotify registrationButtonLabel "Configure"
/usr/bin/sudo -u "${loggedInUser}" /usr/bin/defaults write menu.nomad.DEPNotify registrationPicturePath "${imagePath}"
/usr/bin/sudo -u "${loggedInUser}" /usr/bin/defaults write menu.nomad.DEPNotify statusTextAlignment "center"
# Device Name request
/usr/bin/sudo -u "${loggedInUser}" /usr/bin/defaults write menu.nomad.DEPNotify textField1Label "Device Name"
/usr/bin/sudo -u "${loggedInUser}" /usr/bin/defaults write menu.nomad.DEPNotify textField1Placeholder "Set the Device Name"
/usr/bin/sudo -u "${loggedInUser}" /usr/bin/defaults write menu.nomad.DEPNotify textField1IsOptional false    
     
# Device role request       
/usr/bin/sudo -u "${loggedInUser}" /usr/bin/defaults write menu.nomad.DEPNotify popupButton1Label "Machine Role"
        
machineRoleValues="Student,Staff,Server"
OLDIFS=$IFS
IFS=','
/usr/bin/sudo -u "${loggedInUser}" /usr/bin/defaults write menu.nomad.DEPNotify popupButton1Content -array $machineRoleValues
IFS=$OLDIFS

I've tried adding delays between each defaults write command, I've tried checking that cfprefsd is running, I've tried adding a while loop that checks whether /Users/${loggedInuser}/Library/Preferences/menu.nomad.DEPNotify.plist exists, but none of these seem to help.

DanJ_LRSFC · ‎07-27-2022

Answering my own question, the solution to this is to add launchctl asuser on top of the sudo -u.

Like this:

loggedInUser=$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' )
uid=$(id -u "$loggedInUser")
/bin/launchctl asuser "${uid}" /usr/bin/sudo -u "${loggedInUser}" /usr/bin/defaults write menu.nomad.DEPNotify registrationMainTitle "Configuration of this Mac"
/bin/launchctl asuser "${uid}" /usr/bin/sudo -u "${loggedInUser}" /usr/bin/defaults write menu.nomad.DEPNotify registrationButtonLabel "Configure"
/bin/launchctl asuser "${uid}" /usr/bin/sudo -u "${loggedInUser}" /usr/bin/defaults write menu.nomad.DEPNotify registrationPicturePath "${imagePath}"
/bin/launchctl asuser "${uid}" /usr/bin/sudo -u "${loggedInUser}" /usr/bin/defaults write menu.nomad.DEPNotify statusTextAlignment "center"
# Device Name request
/bin/launchctl asuser "${uid}" /usr/bin/sudo -u "${loggedInUser}" /usr/bin/defaults write menu.nomad.DEPNotify textField1Label "Device Name"
/bin/launchctl asuser "${uid}" /usr/bin/sudo -u "${loggedInUser}" /usr/bin/defaults write menu.nomad.DEPNotify textField1Placeholder "Set the Device Name"
/bin/launchctl asuser "${uid}" /usr/bin/sudo -u "${loggedInUser}" /usr/bin/defaults write menu.nomad.DEPNotify textField1IsOptional false    
# Device role request       
/bin/launchctl asuser "${uid}" /usr/bin/sudo -u "${loggedInUser}" /usr/bin/defaults write menu.nomad.DEPNotify popupButton1Label "Machine Role"
machineRoleValues="Student,Staff,Server"
OLDIFS=$IFS
IFS=','
/bin/launchctl asuser "${uid}" /usr/bin/sudo -u "${loggedInUser}" /usr/bin/defaults write menu.nomad.DEPNotify popupButton1Content -array $machineRoleValues
IFS=$OLDIFS
/bin/echo "Command: MainTitle: Device Deployment"  >> /var/tmp/depnotify.log
/bin/echo "Command: MainText: ${mainText}" >> /var/tmp/depnotify.log
/bin/echo "Status: Please set the computer name and role to continue..." >> /var/tmp/depnotify.log    
/bin/echo "Command: WindowStyle: ActivateOnStep" >> /var/tmp/depnotify.log
/bin/echo "Command: ContinueButtonRegister: Configure This Mac" >> /var/tmp/depnotify.log
/bin/sleep 1
/bin/launchctl asuser "${uid}" /usr/bin/sudo -u "${loggedInUser}" /Applications/Utilities/DEPNotify.app/Contents/MacOS/DEPNotify -fullScreen -munki -path "/private/var/tmp/depnotify.log" &

View solution in original post

andrew_nicholas · ‎07-26-2022

Have you tried listing the file explicitly in the write statement?

DanJ_LRSFC · ‎07-26-2022

@andrew_nicholas I haven't; it was my understanding from the defaults man page that this method of using defaults is deprecated and may stop working in some future version. Someone on the macadmins slack has suggested I may need to use launchctl asuser instead of sudo -u so I'm going to try that next.

DanJ_LRSFC · ‎07-27-2022

Answering my own question, the solution to this is to add launchctl asuser on top of the sudo -u.

Like this:

loggedInUser=$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' )
uid=$(id -u "$loggedInUser")
/bin/launchctl asuser "${uid}" /usr/bin/sudo -u "${loggedInUser}" /usr/bin/defaults write menu.nomad.DEPNotify registrationMainTitle "Configuration of this Mac"
/bin/launchctl asuser "${uid}" /usr/bin/sudo -u "${loggedInUser}" /usr/bin/defaults write menu.nomad.DEPNotify registrationButtonLabel "Configure"
/bin/launchctl asuser "${uid}" /usr/bin/sudo -u "${loggedInUser}" /usr/bin/defaults write menu.nomad.DEPNotify registrationPicturePath "${imagePath}"
/bin/launchctl asuser "${uid}" /usr/bin/sudo -u "${loggedInUser}" /usr/bin/defaults write menu.nomad.DEPNotify statusTextAlignment "center"
# Device Name request
/bin/launchctl asuser "${uid}" /usr/bin/sudo -u "${loggedInUser}" /usr/bin/defaults write menu.nomad.DEPNotify textField1Label "Device Name"
/bin/launchctl asuser "${uid}" /usr/bin/sudo -u "${loggedInUser}" /usr/bin/defaults write menu.nomad.DEPNotify textField1Placeholder "Set the Device Name"
/bin/launchctl asuser "${uid}" /usr/bin/sudo -u "${loggedInUser}" /usr/bin/defaults write menu.nomad.DEPNotify textField1IsOptional false    
# Device role request       
/bin/launchctl asuser "${uid}" /usr/bin/sudo -u "${loggedInUser}" /usr/bin/defaults write menu.nomad.DEPNotify popupButton1Label "Machine Role"
machineRoleValues="Student,Staff,Server"
OLDIFS=$IFS
IFS=','
/bin/launchctl asuser "${uid}" /usr/bin/sudo -u "${loggedInUser}" /usr/bin/defaults write menu.nomad.DEPNotify popupButton1Content -array $machineRoleValues
IFS=$OLDIFS
/bin/echo "Command: MainTitle: Device Deployment"  >> /var/tmp/depnotify.log
/bin/echo "Command: MainText: ${mainText}" >> /var/tmp/depnotify.log
/bin/echo "Status: Please set the computer name and role to continue..." >> /var/tmp/depnotify.log    
/bin/echo "Command: WindowStyle: ActivateOnStep" >> /var/tmp/depnotify.log
/bin/echo "Command: ContinueButtonRegister: Configure This Mac" >> /var/tmp/depnotify.log
/bin/sleep 1
/bin/launchctl asuser "${uid}" /usr/bin/sudo -u "${loggedInUser}" /Applications/Utilities/DEPNotify.app/Contents/MacOS/DEPNotify -fullScreen -munki -path "/private/var/tmp/depnotify.log" &

Jamf Nation Community

defaults write failing during deployment script?