Posted on 12-17-2014 12:59 PM
I'm trying to download a shell script from the distribution point and install it but i have no clue how to package it, If i put it as a script in the policy it doesn't install. is there a way to package it to install it on the computer so it will unzip and install?
Solved! Go to Solution.
Posted on 12-18-2014 06:31 AM
Composer, put the install script where you want it "copied" to.
Create a postflight script with the -i command.
Save it as a non-flat pkg.
Posted on 12-17-2014 01:14 PM
I'm a little confused about what you're looking to do. You mention "installing" a script, but generally speaking, we run scripts and install other items.
Are you looking to have the script dropped on a client Mac into a specific location to be used later on? If yes, then just use Composer. Place the script into a location where you want it to go on your Mac, for ex, you can copy it to /private/tmp/ or some other location, then open Composer and drag it into the Composer window's sidebar. it should auto create a new Source entry with the item and copy its path in (any folders and sub-folders) Then you can create your package. Later, when the pkg installs as part of a policy, it will put the script on the Mac as its payload into whatever location it was dragged into the package from, like /private/tmp/, using the same example as above.
If you're looking for something else than the above, can you clarify your end goal?
Posted on 12-17-2014 01:37 PM
Ok sorry, yeah I'm trying to run a script that has McAfee embedded in it to install it on the machine but i don't know the easiest way to push the script out to the machine to have it run and install. i hope that makes more sense.
Posted on 12-17-2014 01:49 PM
I make an installer package that puts the Agent install script on the system, then there is a post flight script in the package that executes the script and deletes it. I am using WhiteBox Packages to create the installer.
I don't recall if I saw this method suggested here or at the McAfee forums but it generally works.
Posted on 12-17-2014 01:50 PM
Ill give it a shot! Thanks!
Posted on 12-17-2014 01:57 PM
I've never seen anyone that embeds a binary in a script like that. When install.sh executes it unpacks a .dmg with the CMA agent in it anyway.
The post flight script doesn't have to be very complex. I have a staging directory that I clear out at the end of the imaging workflow which is where I put install.sh, it would probably be better to put it in a temp directory for most.
#!/bin/sh
# Install McAfee Agent 4.0 (1816)
/Library/HCIS/install.sh -i
exit
Posted on 12-17-2014 02:01 PM
HaHaHa, what a piece of crap that shell script agent installer is, right?!
I make mine with Composer, like @mm2270 said. Once you have that done, turn the arrow down on the name of your package, and right click on the Scripts folder > Add Shell script > postflight.
Click on the new postflight item and you can then write your command in there to execute the script. Should just be the full path to script with the -i flag for install. You have to save before you exit that script editor.
From there, save the pkg file. It has to be save as non-flat as flat packages don't support post flight scripts. You should be alerted to that when creating the pkg.
Posted on 12-17-2014 02:02 PM
I couldnt find any easier way to do it than to just push the install script to the machine and run it. I created a package a couple years ago that had the post flight script in it that ran the install.sh and then the McAfee package but i totally forgot how to do it now. its been too long.
Posted on 12-17-2014 02:29 PM
Another option is to use "Payload-Free-Package-Creator" by @rtrouton][/url. Short explanation, take a script and turn it into deployable package.
Read about it here:https://derflounder.wordpress.com/2014/06/01/understanding-payload-free-packages/
Get it here: https://github.com/rtrouton/Payload-Free-Package-Creator
At first I didn't see how the simple tool would be of any value, harumph . Now that I understand it, it's a important part of my mac admin toolbox.
I don't the know specifics of your script, but one example have has done is script that downloads the installer for Trend Micro Security from the server console by way of curl and then installs it. I used payload-free-package-creator to place that script into a pkg.
Posted on 12-17-2014 03:57 PM
Seems like it would work perfectly for my needs, How would you append a variable for the install? like install.sh -i ?
Posted on 12-17-2014 04:24 PM
If the script is hosted on a file share hosting it on HTTP you can just curl it down to run it. You could just run a command in a policy to do so, example code:
cd /tmp && curl -O http://mywebserver.com/CasperShare/Scripts/installer_script.sh | bash
That would download the script and automatically have bash execute it. Not sure if this fits your needs, or is a valid workflow for your environment, but it could be an option. There are many ways to leverage curl as well. In the above example I just change into the /tmp directory, then download the script based on URL it is hosted, then pipe that right into bash so it will run it.
I am not too familiar with the installer script you are referring to.
Hope this helps.
Thanks,
Tom
Posted on 12-17-2014 04:30 PM
Its basically just a shell script to install McAfee's ePO Agent 4.8. Required for OSX 10.10, So basically just need to run it as install.sh -i. I could try hosting it on HTTP and download and run it. Ill see if that works. Otherwise the non payload package would be awesome too.
Posted on 12-17-2014 04:34 PM
Yeah I have seen the 300+ meg (or whatever it is) shell script they provide with the actual installer/software embedded in it, but I have not had a lot of direct hands on with it. Creating a package that payloads the script locally, and then having a post install script that executes would also work. There would be many ways to accomplish that goal. I have used the curl trick in the past to download and execute scripts before, and it has for the most part worked for me. I have never done it with the McAfee stuff though.
I don't know if this is even a valid workflow for your environment, but if you can host it, you may be able to install it from a policy that just runs that command. Hopefully the suggestions here get you going.
Thanks,
Tom
Posted on 12-17-2014 04:36 PM
Yeah this one is only about 18.1 mb so i think i can host it on our Amazon AWS and just grab it and run the install script. Sounds easy enough. Only thing i might have a problem with is the only way i can run the script is if i chmod +x it....
Posted on 12-18-2014 06:01 AM
So i dont think the curl option will work, I dont have a place to store it thats not easily downloadable. I tried using the payload free package creator but that doesnt work because the package needs to have the -i argument for the install flag. Any ideas?
Posted on 12-18-2014 06:31 AM
Composer, put the install script where you want it "copied" to.
Create a postflight script with the -i command.
Save it as a non-flat pkg.
Posted on 12-18-2014 06:53 AM
Got it!!!! Thanks!!!! I think thats what i did with my previous install package but i forgot how to do it. A little rusty but i wrote it down this time lol. Thanks again!
Posted on 12-21-2014 09:04 PM
I personally enjoy working with Packages instead of composer and others, just preference I know. For McAfee we needed something beyond just deploying, we needed something to verify it's health since all our users are admins on their Macs and McAfee kext have a nasty habit of going south sometimes. We use a two step process, meaning we have an avEnforce script who's job is to verify the app bundle is present and version, verify the various processes and daemons are loaded. If any of those fail the script calls a custom trigger for our avPayload which then installs McAfee 2.2.0 in our case. This is an ongoing policy to help us automatically enforce and heal.
Posted on 01-18-2015 07:36 PM
We are just moving to an ePO server for McAfee but finding that on some systems we need to completely remove a previous install on McAfee before running the install.sh
What we would like to do is run our modified uninstall.sh then do a restart followed by the actual install.sh
Question, can this be done in a single pkg that we can push out to computers, if so what would be the best way?
Posted on 01-19-2015 06:05 AM
To do so in a single policy I'd think you'd need to include a run once launch agent to trigger the new install after the reboot.
Besides that, the first thing that comes to my mind is to include a dummy receipt with your uninstaller policy.
Then create a smart group looking for that dummy recipt and use that as the scope to trigger the install of the new agent and AV software.
Posted on 01-19-2015 07:57 AM
Agreed that multiple policies will probably be required.
I have a number of extension attributes that return the version of the different ePO/EPM parts. You could install those (I believe all were from Jamfnation) and then scope the reinstallation policy to a smart group wherein all of those EAs fail to return a version number. You can be fairly confident that it's been removed if they're all empty.
Just remember to run a 'jamf recon' as part of the uninstall script so that the JSS becomes aware of the software removal.