Help

Extension Attributes not populating

Go to solution
MajorHeck
New Contributor

Posted on ‎08-08-2022 03:41 PM

Hi all,

Not sure why this is failing. I have an Extension Attribute that will simply not populate and I truly cannot figure out why. This EA runs a script that checks for the existence of a certificate on a custom keychain, then outputs either "Found" or "Not found" accordingly. I have removed proper names for privacy reasons:

#!/bin/bash

result=$(security find-certificate -a -c 'certificateName' keychainName.keychain)
search='certificateName'

if [[ "$result" == *"$search"* ]]; then
echo "<result>Certificate Found</result>"
else
echo "<result>Not found</result>"
fi

Running this script on a machine (outside of Jamf) returns the expected result. Once a device updates, the EA stays blank. Any help is super appreciated.

0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
Tangentism
Contributor III

‎08-10-2022 01:42 AM - edited ‎08-13-2022 03:54 AM

Your question is almost word for word the same as.....

Your command results in a lot of data from each certificate it finds whereas you should reduce what you want with grep then pipe to awk such as:

 

result=$(security find-certificate -a -c 'JSS' /Library/Keychains/System.keychain | grep labl | awk -F'=' '{print $2}')

 

Then do not quote the right hand string in the if...fi comparison so it looks like:

 

if [[ "$result" == *$search* ]]; then...

 

The reason not to quote the right hand string comparison is because using either " or ' will treat the * as a normal character and not a wildcard operator.

View solution in original post

0 Kudos
Reply
2 REPLIES 2

Go to solution
Tangentism
Contributor III

‎08-10-2022 01:42 AM - edited ‎08-13-2022 03:54 AM

Your question is almost word for word the same as.....

Your command results in a lot of data from each certificate it finds whereas you should reduce what you want with grep then pipe to awk such as:

 

result=$(security find-certificate -a -c 'JSS' /Library/Keychains/System.keychain | grep labl | awk -F'=' '{print $2}')

 

Then do not quote the right hand string in the if...fi comparison so it looks like:

 

if [[ "$result" == *$search* ]]; then...

 

The reason not to quote the right hand string comparison is because using either " or ' will treat the * as a normal character and not a wildcard operator.

0 Kudos
Reply

Go to solution
brockwalters
Contributor II
In response to Tangentism

Posted on ‎09-11-2022 06:53 PM

you don't need grep to awk...

 

security find-certificate -a -c 'JSS' /Library/Keychains/System.keychain | awk -F '=' '/labl/{print $2}'

 

0 Kudos
Reply