Skip to main content
Question

Deploying or converting a bourne shell script via JAMF


Forum|alt.badge.img+3

Is there a way to either deploy a bourne shell script via JAMF, or convert that bourne shell script to a *.pkg file, so I can deploy it to all my Macs?

sdagley
Forum|alt.badge.img+25
  • Jamf Heroes
  • June 24, 2021

@rrick While you could create a .pkg to run your script that's not really necessary. Create a Script object in Jamf Pro (under Settings->Computer Management->Scripts) containing the script you want to run. Then create a Policy with a Script payload and add the Script object you created and scope the Policy as needed.


Forum|alt.badge.img+3
  • New Contributor
  • June 24, 2021

Thank you very much for the quick response. Is there a limitation of how many lines the script can be, as to not crash JAMF?


sdagley
Forum|alt.badge.img+25
  • Jamf Heroes
  • June 24, 2021

@rrick I don't know if there's a limit, but I have scripts in the 2000 line/80KB range and have never had a problem with them running.


Forum|alt.badge.img+3
  • New Contributor
  • June 24, 2021

My script is ~607,000 lines long, due a bunch of binary that is in it.


sdagley
Forum|alt.badge.img+25
  • Jamf Heroes
  • June 24, 2021

You might want to re-consider embedding binaries to create such a large script, and just build a .pkg for them instead. Packaging for Apple Administrators is a good resource if you're looking for a guide on creating Mac packages.


mm2270
Forum|alt.badge.img+16
  • Legendary Contributor
  • June 24, 2021

A bunch of binary in it? Does it happen to be a McAfee install script?


Forum|alt.badge.img+3
  • New Contributor
  • June 24, 2021

No sir. It is a Digital Guardian installer. And unfortunately I cannot remove the binaries.


sdagley
Forum|alt.badge.img+25
  • Jamf Heroes
  • June 24, 2021

That's unfortunate, but it does justify your interest in creating a .pkg for deployment (I wouldn't want to have a script that large in the Jamf Pro database). Copy the script to /private/tmp/scriptname, open Composer and drag the copy into the Sources section to create a packaging project, change the Owner/Group of the script added to Compose to root/wheel and make sure the executable flag is set for Owner, add a postinstall Shell script that has the command /private/tmp/scriptname followed by a rm /private/tmp/scriptname, then build as PKG.


mm2270
Forum|alt.badge.img+16
  • Legendary Contributor
  • June 24, 2021

Oh, great. Seems like some other security companies are taking on McAfee’s bad practice of embedded a binary package inside a script. (Who thought it was a good idea to do this?)
Anyway, following @sdagley’s instructions should set you on the right track. It’s the same process we need to do for McAfee’s nonsense install script, for the same reason. Even if it was practical to include the entire script into the Jamf db, I can tell you that it likely wouldn’t work that way anyway. But including it in a package that drops it into /tmp/ and installs it from there should work.


sdagley
Forum|alt.badge.img+25
  • Jamf Heroes
  • June 25, 2021

@mm2270 One gets the feeling the last refuge of unix greybeards is writing "security" tools for macOS considering the propensity of that industry to do stupid @#$%^ like creating ginormous encoded shell scripts because that's the way one did it in the old days.


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings