Deploying or converting a bourne shell script via JAMF

rrick
New Contributor

Is there a way to either deploy a bourne shell script via JAMF, or convert that bourne shell script to a *.pkg file, so I can deploy it to all my Macs?

10 REPLIES 10

sdagley
Esteemed Contributor II

@rrick While you could create a .pkg to run your script that's not really necessary. Create a Script object in Jamf Pro (under Settings->Computer Management->Scripts) containing the script you want to run. Then create a Policy with a Script payload and add the Script object you created and scope the Policy as needed.

rrick
New Contributor

Thank you very much for the quick response. Is there a limitation of how many lines the script can be, as to not crash JAMF?

sdagley
Esteemed Contributor II

@rrick I don't know if there's a limit, but I have scripts in the 2000 line/80KB range and have never had a problem with them running.

rrick
New Contributor

My script is ~607,000 lines long, due a bunch of binary that is in it.

sdagley
Esteemed Contributor II

You might want to re-consider embedding binaries to create such a large script, and just build a .pkg for them instead. Packaging for Apple Administrators is a good resource if you're looking for a guide on creating Mac packages.

mm2270
Legendary Contributor III

A bunch of binary in it? Does it happen to be a McAfee install script?

rrick
New Contributor

No sir. It is a Digital Guardian installer. And unfortunately I cannot remove the binaries.

sdagley
Esteemed Contributor II

That's unfortunate, but it does justify your interest in creating a .pkg for deployment (I wouldn't want to have a script that large in the Jamf Pro database). Copy the script to /private/tmp/scriptname, open Composer and drag the copy into the Sources section to create a packaging project, change the Owner/Group of the script added to Compose to root/wheel and make sure the executable flag is set for Owner, add a postinstall Shell script that has the command /private/tmp/scriptname followed by a rm /private/tmp/scriptname, then build as PKG.

mm2270
Legendary Contributor III

Oh, great. Seems like some other security companies are taking on McAfee’s bad practice of embedded a binary package inside a script. (Who thought it was a good idea to do this?)
Anyway, following @sdagley’s instructions should set you on the right track. It’s the same process we need to do for McAfee’s nonsense install script, for the same reason. Even if it was practical to include the entire script into the Jamf db, I can tell you that it likely wouldn’t work that way anyway. But including it in a package that drops it into /tmp/ and installs it from there should work.

sdagley
Esteemed Contributor II

@mm2270 One gets the feeling the last refuge of unix greybeards is writing "security" tools for macOS considering the propensity of that industry to do stupid @#$%^ like creating ginormous encoded shell scripts because that's the way one did it in the old days.