So, I was not able to extract jq or install jq by itself, but was able to trim autobrew script so it installs without the policy getting stuck and adding a Files and Processes > Execute Command, which successfully pushes jq and UAPI JSON is working now, whew!
Here is the trimmed autobrew script:
I have added to the script the permissions command:
currentuser=`stat -f "%Su" /dev/console`
chown -R $currentuser /usr/local/lib
#!/bin/sh
# AutoBrew - Install Homebrew with root
# Source: https://github.com/kennyb-222/AutoBrew/
# Author: Kenny Botelho
# Version: 1.2
# Set environment variables
HOME="$(mktemp -d)"
export HOME
export USER=root
export PATH="/usr/local/sbin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin"
BREW_INSTALL_LOG=$(mktemp)
# Get current logged in user
TargetUser=$(echo "show State:/Users/ConsoleUser" | \\
scutil | awk '/Name && ! /loginwindow/ { print $3 }')
# Check if parameter passed to use pre-defined user
if [ -n "$3" ]; then
# Supporting running the script in Jamf with no specialization via Self Service
TargetUser=$3
elif [ -n "$1" ]; then
# Fallback case for the command line initiated method
TargetUser=$1
fi
# Ensure TargetUser isn't empty
if [ -z "${TargetUser}" ]; then
/bin/echo "'TargetUser' is empty. You must specify a user!"
exit 1
fi
# Verify the TargetUser is valid
if /usr/bin/dscl . -read "/Users/${TargetUser}" 2>&1 >/dev/null; then
/bin/echo "Validated ${TargetUser}"
else
/bin/echo "Specified user \\"${TargetUser}\\" is invalid"
exit 1
fi
# Install Homebrew | strip out all interactive prompts
/bin/bash -c "$(curl -fsSL \\
https://raw.githubusercontent.com/Homebrew/install/master/install.sh | \\
sed "s/abort \\"Don't run this as root\\!\\"/\\
echo \\"WARNING: Running as root...\\"/" | \\
sed 's/ wait_for_user/ :/')" 2>&1 | tee "${BREW_INSTALL_LOG}"
# Reset Homebrew permissions for target user
brew_file_paths=$(sed '1,/==> This script will install:/d;/==> /,$d' \\
"${BREW_INSTALL_LOG}")
brew_dir_paths=$(sed '1,/==> The following new directories/d;/==> /,$d' \\
"${BREW_INSTALL_LOG}")
# Get the paths for the installed brew binary
brew_bin=$(echo "${brew_file_paths}" | grep "/bin/brew")
brew_bin_path=${brew_bin%/brew}
# shellcheck disable=SC2086
chown -R "${TargetUser}":admin ${brew_file_paths} ${brew_dir_paths}
chgrp admin ${brew_bin_path}/
chmod g+w ${brew_bin_path}
# Unset home/user environment variables
unset HOME
unset USER
# Finish up Homebrew install as target user
su - "${TargetUser}" -c "${brew_bin} update --force"
# Run cleanup before checking in with the doctor
su - "${TargetUser}" -c "${brew_bin} cleanup"
sleep 1
currentuser=`stat -f "%Su" /dev/console`
chown -R $currentuser /usr/local/lib
exit 0
Then I have added it to the policy and in the Files and Processes > Execute Command, included this command:
thisUser=`stat -f '%u %Su' /dev/console | awk '{ print $2 }'`;su "$thisUser" -c "brew install jq"
This fully installs jq and JSON parsing with jq will work on that mac.
I suggest to trigger it at Enrollment Complete.
Also, if you need to implement this towards the macs in production, I did it this way:
2 extension attributes: 1 for brew presence and 1 for jq presence, 2 smart groups: Group 1 checks if brew is not installed on the mac, which is then scoped to a policy which pushes brew + jq to the affected mac, Group 2 checks if mac has brew present, but jq missing, which is then scoped to a policy which pushes only jq to the afected mac
thisUser=`stat -f '%u %Su' /dev/console | awk '{ print $2 }'`;su "$thisUser" -c "brew install jq"
Here are the 2 Computer Extension Attributes:
1) Brew presence check:
#!/bin/bash
if [ ! -z $(which brew) ];then
echo "<result>Brew installed</result>"
else
echo "<result>Brew Not installed</result>"
fi
exit 0
2) jq presence check:
#!/bin/bash
if [ ! -z $(which jq) ];then
echo "<result>jq installed</result>"
else
echo "<result>jq Not installed</result>"
fi
exit 0
Maybe not the best or cleanest solutions, but it works 🙂