I'm trying to download a shell script from the distribution point and install it but i have no clue how to package it, If i put it as a script in the policy it doesn't install. is there a way to package it to install it on the computer so it will unzip and install?
Solved! Go to Solution.
I'm a little confused about what you're looking to do. You mention "installing" a script, but generally speaking, we run scripts and install other items.
Are you looking to have the script dropped on a client Mac into a specific location to be used later on? If yes, then just use Composer. Place the script into a location where you want it to go on your Mac, for ex, you can copy it to /private/tmp/ or some other location, then open Composer and drag it into the Composer window's sidebar. it should auto create a new Source entry with the item and copy its path in (any folders and sub-folders) Then you can create your package. Later, when the pkg installs as part of a policy, it will put the script on the Mac as its payload into whatever location it was dragged into the package from, like /private/tmp/, using the same example as above.
If you're looking for something else than the above, can you clarify your end goal?
I make an installer package that puts the Agent install script on the system, then there is a post flight script in the package that executes the script and deletes it. I am using WhiteBox Packages to create the installer.
I don't recall if I saw this method suggested here or at the McAfee forums but it generally works.
I've never seen anyone that embeds a binary in a script like that. When install.sh executes it unpacks a .dmg with the CMA agent in it anyway.
The post flight script doesn't have to be very complex. I have a staging directory that I clear out at the end of the imaging workflow which is where I put install.sh, it would probably be better to put it in a temp directory for most.
#!/bin/sh # Install McAfee Agent 4.0 (1816) /Library/HCIS/install.sh -i exit
HaHaHa, what a piece of crap that shell script agent installer is, right?!
I make mine with Composer, like @mm2270 said. Once you have that done, turn the arrow down on the name of your package, and right click on the Scripts folder > Add Shell script > postflight.
Click on the new postflight item and you can then write your command in there to execute the script. Should just be the full path to script with the -i flag for install. You have to save before you exit that script editor.
From there, save the pkg file. It has to be save as non-flat as flat packages don't support post flight scripts. You should be alerted to that when creating the pkg.
I couldnt find any easier way to do it than to just push the install script to the machine and run it. I created a package a couple years ago that had the post flight script in it that ran the install.sh and then the McAfee package but i totally forgot how to do it now. its been too long.
Another option is to use "Payload-Free-Package-Creator" by @rtrouton][/url. Short explanation, take a script and turn it into deployable package.
At first I didn't see how the simple tool would be of any value, harumph . Now that I understand it, it's a important part of my mac admin toolbox.
I don't the know specifics of your script, but one example have has done is script that downloads the installer for Trend Micro Security from the server console by way of curl and then installs it. I used payload-free-package-creator to place that script into a pkg.
If the script is hosted on a file share hosting it on HTTP you can just curl it down to run it. You could just run a command in a policy to do so, example code:
cd /tmp && curl -O http://mywebserver.com/CasperShare/Scripts/installer_script.sh | bash
That would download the script and automatically have bash execute it. Not sure if this fits your needs, or is a valid workflow for your environment, but it could be an option. There are many ways to leverage curl as well. In the above example I just change into the /tmp directory, then download the script based on URL it is hosted, then pipe that right into bash so it will run it.
I am not too familiar with the installer script you are referring to.
Hope this helps.
Yeah I have seen the 300+ meg (or whatever it is) shell script they provide with the actual installer/software embedded in it, but I have not had a lot of direct hands on with it. Creating a package that payloads the script locally, and then having a post install script that executes would also work. There would be many ways to accomplish that goal. I have used the curl trick in the past to download and execute scripts before, and it has for the most part worked for me. I have never done it with the McAfee stuff though.
I don't know if this is even a valid workflow for your environment, but if you can host it, you may be able to install it from a policy that just runs that command. Hopefully the suggestions here get you going.
I personally enjoy working with Packages instead of composer and others, just preference I know. For McAfee we needed something beyond just deploying, we needed something to verify it's health since all our users are admins on their Macs and McAfee kext have a nasty habit of going south sometimes. We use a two step process, meaning we have an avEnforce script who's job is to verify the app bundle is present and version, verify the various processes and daemons are loaded. If any of those fail the script calls a custom trigger for our avPayload which then installs McAfee 2.2.0 in our case. This is an ongoing policy to help us automatically enforce and heal.
We are just moving to an ePO server for McAfee but finding that on some systems we need to completely remove a previous install on McAfee before running the install.sh
What we would like to do is run our modified uninstall.sh then do a restart followed by the actual install.sh
Question, can this be done in a single pkg that we can push out to computers, if so what would be the best way?
To do so in a single policy I'd think you'd need to include a run once launch agent to trigger the new install after the reboot.
Besides that, the first thing that comes to my mind is to include a dummy receipt with your uninstaller policy.
Then create a smart group looking for that dummy recipt and use that as the scope to trigger the install of the new agent and AV software.
Agreed that multiple policies will probably be required.
I have a number of extension attributes that return the version of the different ePO/EPM parts. You could install those (I believe all were from Jamfnation) and then scope the reinstallation policy to a smart group wherein all of those EAs fail to return a version number. You can be fairly confident that it's been removed if they're all empty.
Just remember to run a 'jamf recon' as part of the uninstall script so that the JSS becomes aware of the software removal.