Edit .plist for during application deployment through JAMF

kaysp3cial
New Contributor III

Hello all,

I'm trying to edit a .plist file to for Symantec Cloudsoc Reach agent application. editing the .plist file will automatically open the default browser for user authentication.

The Reach agent gives you the option of automatically launching the default browser to initiate user authentication with CloudSoC. Otherwise, the Reach agent uses its own pop-up window to prompt the user to click the authentication URL to initiate the login process.

On Mac, I would have to give the ShowAuthPopup key a string value of 0 in the ReachAgentConfig.plist file at the following location:

/Library/Application Support/ReachAgent/ReachAgent.app/Contents/Resources/

For example:

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>ShowAuthPopup</key> <string>0</string> <key>APIServer</key> <string>api-vip.elastica.net</string> <key>ENSServer</key> <string>ens.elastica.net:443</string>

I want to push this through jamf, but not entirely sure how to do it especially since the .plist file isn't located on the machines until after the application is installed.

any help would be greatly appreciated

thanks

1 ACCEPTED SOLUTION

kaysp3cial
New Contributor III

ok, I was able to solved this using the following script

#!/bin/bash
USERNAME="$3"

#Create Directory for Reach Agent plist file
mkdir -p /Library/Application Support/ReachAgent/ReachAgent.app/Contents/Resources/

#Contents of plist file ReachAgentConfig.plist
cat > /Library/Application Support/ReachAgent/ReachAgent.app/Contents/Resources/ReachAgentConfig.plist << 'ENDSCRIPT'

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>ShowAuthPopup</key>
        <string>0</string>
        <key>APIServer</key>
        <string>api-vip.elastica.net</string>
        <key>ENSServer</key>
        <string>ens.elastica.net:443</string>
        <key>Gateway</key>
        <string>gw.elastica.net</string>
        <key>UIServer</key>
        <string>app.elastica.net</string>
</dict>
</plist>
ENDSCRIPT

chmod +x /Library/Application Support/ReachAgent/ReachAgent.app/Contents/Resources/ReachAgentConfig.plist

I deployed this script in a package that would run it before the the application was installed and it worked.

View solution in original post

19 REPLIES 19

hdsreid
Contributor III

are you deploying it with JAMF? you can create a script to run after the package in a policy

echo "<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0"> <dict> <key>ShowAuthPopup</key>
 <string>0</string> <key>APIServer</key> <string>api-vip.elastica.net</string>
 <key>ENSServer</key> <string>ens.elastica.net:443</string>" >> /Library/Application Support/ReachAgent/ReachAgent.app/Contents/Resources/RANDOMNAME.plist

kaysp3cial
New Contributor III

Im deploying the application with Jamf. When the application gets installed it creates a .plist file here "/Library/Application Support/ReachAgent/ReachAgent.app/Contents/Resources/ReachAgentConfig.plist"

I want to rewrite this .plist file to resemble:

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>ShowAuthPopup</key> <string>0</string> <key>APIServer</key> <string>api-vip.elastica.net</string> <key>ENSServer</key> <string>ens.elastica.net:443</string> <key>Gateway</key> <string>gw.elastica.net</string> <key>UIServer</key> <string>app.elastica.net</string>
</dict>
</plist>

once .plist has been changed I also want it to launch.

mm2270
Legendary Contributor II

You might want to see if defaults write commands would do what you're after here. If you can post a copy of the plist as it is right after the application gets installed, we might be able to help come up with some defaults commands that can write the correct values in.
It's also possible that defaults won't work, because it doesn't always work, especially with more complex plist files. Though I suspect in this case it should work just fine. This is what your example plist above looks like when its read by defaults

{
    APIServer = "api-vip.elastica.net";
    ENSServer = "ens.elastica.net:443";
    Gateway = "gw.elastica.net";
    ShowAuthPopup = 0;
    UIServer = "app.elastica.net";
}

That seems like a very straight forward plist, so I don't see why you couldn't just use defaults commands to edit the plist.

BTW, are you sure the value for the ShowAuthPopup key is a string as you have it? It almost seems like it should be a boolean value (true/false), but I don't know since I have no experience with the Symantec Cloudsoc Reach agent.

kaysp3cial
New Contributor III

261a676d3bc64f378b1bea3702a47842
In the documentation for Symantec Cloudsoc Reach agent it state the value should be 0

mm2270
Legendary Contributor II

OK, cool, just checking. It's slightly abnormal, but every vendor does things their own way. As long as it works!

kaysp3cial
New Contributor III

i'm not to sure how to to use default writes to modify this

mm2270
Legendary Contributor II

Can you copy/paste the contents of the unedited plist file that gets installed with the application? I'm willing to bet making the changes to it with defaults will be pretty easy, but I'd need to see what the "default" plist looks like first.

kaysp3cial
New Contributor III

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict> <key>APIServer</key> <string>api-vip.elastica.net</string> <key>ENSServer</key> <string>ens.elastica.net:443</string> <key>Gateway</key> <string>gw.elastica.net</string> <key>UIServer</key> <string>app.elastica.net</string>
</dict>
</plist>

mm2270
Legendary Contributor II

Ok, thanks. That plist file looks like this when read in by defaults

{
    APIServer = "api-vip.elastica.net";
    ENSServer = "ens.elastica.net:443";
    Gateway = "gw.elastica.net";
    UIServer = "app.elastica.net";
}

It looks to me like the only change to the file that would need to be made is:

defaults write /Library/Application Support/ReachAgent/ReachAgent.app/Contents/Resources/ReachAgentConfig.plist ShowAuthPopup 0

This would just add that ShowAuthPopup value into the file. Everything else is the same it looks like, so no other changes.

Hope that helps.

kaysp3cial
New Contributor III

so i created a script to run this command post installation via Jamf and it didnt make the change. When i try and run it manually i'm getting the following error:

"Could not write domain /Library/Application Support/ReachAgent/ReachAgent.app/Contents/Resources/ReachAgentConfig.plist; exiting"

mm2270
Legendary Contributor II

Might need to quote the full path to the plist to protect it, although the backslashes included in my post above should have taken care of the spaces. You added the defaults line just like I wrote it above? Either way, you could do this to see if it works.

/usr/bin/defaults write "/Library/Application Support/ReachAgent.app/Contents/Resources/ReachAgentConfig.plist" ShowAuthPopup 0

And you're certain that's the correct path to the plist file, right? Because you will get a similar error to that if the file it's trying to write to doesn't exist.

kaysp3cial
New Contributor III
#!/bin/sh

USERNAME="$3" 
PLIST="/Library/Application Support/ReachAgent/ReachAgent.app/Contents/Resources/ReachAgentConfig.plist"

defaults write "$PLIST" ShowAuthPopup 0

kaysp3cial
New Contributor III

That's the script that i'm using

mm2270
Legendary Contributor II

@kaysp3cial Ok, so, if you quote a path that contains a space, you have to drop the backslashes. The backslashes are only needed for an unquoted path that contains spaces. Including backslashes and quotes together is sure to fail, because the shell will interpret the backslash as being a literal character, which of course doesn't exist in that path.
So either do it just like I originally posted it (no quotes, with backslash), or how I posted it above (with quotes, no backslash) earlier today. Not how you have it in your post 2 above this one.

kaysp3cial
New Contributor III

I did quite a bit of research on this and talked to several people. Here's what I came up with

On a clean system.... before installing Reach.... I will create a script on Jamf to deploy before the package is installed. The script will run the following commands.

#!/bin/bash
USERNAME="$3"

mkdir -p /Library/Application Support/ReachAgent/ReachAgent.app/Contents/Resources/

After the folder has been created, I copy the ReachAgentConfig.plist in there and then do the Reach install.

Contents of ReachAgentConfig.plist:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>ShowAuthPopup</key>
        <string>0</string>
        <key>APIServer</key>
        <string>api-vip.elastica.net</string>
        <key>ENSServer</key>
        <string>ens.elastica.net:443</string>
        <key>Gateway</key>
        <string>gw.elastica.net</string>
        <key>UIServer</key>
        <string>app.elastica.net</string>
</dict>
</plist>

I reached out to our Symantec Rep and they confirmed that the new install of Reach will preserve the Keys that were set in the existing ReachAgentConfig.plist at that location.

Please note, I was also notified that the defaults command would not work in this case. Our Customers will require to manually copy the ReachAgentConfig.plist with the required Keys.

My only blocker is how I can edit the plist file in the script without using the "Defualt writes" command?

mm2270
Legendary Contributor II

@kaysp3cial Who informed you that the defaults command would not work, and why? Did they offer any explanation on that?

kaysp3cial
New Contributor III

Symnantec rep informed not to use the default command, im still waiting for an update as to why

mm2270
Legendary Contributor II

I'd be very curious to hear the explanation, since I don't see a reason why a defaults command couldn't write a value into that plist. From what you posted, it seems like a simple straight forward plist to me. The only thing I can think of is that a defaults command might mess up some privileges on the plist, but that can always be corrected in the same script if needed.

kaysp3cial
New Contributor III

ok, I was able to solved this using the following script

#!/bin/bash
USERNAME="$3"

#Create Directory for Reach Agent plist file
mkdir -p /Library/Application Support/ReachAgent/ReachAgent.app/Contents/Resources/

#Contents of plist file ReachAgentConfig.plist
cat > /Library/Application Support/ReachAgent/ReachAgent.app/Contents/Resources/ReachAgentConfig.plist << 'ENDSCRIPT'

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>ShowAuthPopup</key>
        <string>0</string>
        <key>APIServer</key>
        <string>api-vip.elastica.net</string>
        <key>ENSServer</key>
        <string>ens.elastica.net:443</string>
        <key>Gateway</key>
        <string>gw.elastica.net</string>
        <key>UIServer</key>
        <string>app.elastica.net</string>
</dict>
</plist>
ENDSCRIPT

chmod +x /Library/Application Support/ReachAgent/ReachAgent.app/Contents/Resources/ReachAgentConfig.plist

I deployed this script in a package that would run it before the the application was installed and it worked.

View solution in original post