Skip to main content

I am working on a remediation policy for Self Service that will trigger the uninstall and then reinstall of a profile. Doing this is easy to do. I created a smart group then excluded the smart group from the profile I was testing with. Once the policy causes the Mac to be added to the smart group, the profile gets removed. When the Mac is removed from the smart group the profile is installed again. But there's a problem... I wanted to have a step that would verify the the profile did get reinstalled. To do that, I used this command:


profiles show -o stdout | grep "ProfileDisplayName = "ProfileName"" | /usr/bin/awk '{print $3}' | sed 's/[[:punct:]]//g')


When I was testing this on my own Mac and a test Mac, I was testing removing a profile we have for Zoom. The profile is simply named "Zoom". The command above works perfectly for a profile named with just one word. If the profile is named something like "Zoom Profile" the command will output "no such file or directory". I have tried putting the profile name in double quotes and single quotes. Since I'm using a variable called profileName in the command I have also tried using "${profileName}". The command simply won't work with a profile name with more than one word. Can anyone tell me how to get this to work? The script that handles the uninstall and reinstall of the profile works perfectly. It's just this verification step that doesn't work. Here's the function I created for verification:


# Check if profile was reinstalled
function checkInstall() {
installed=$(profiles show -o stdout | grep "ProfileDisplayName = "$profileName"" | /usr/bin/awk '{print $3}' | sed 's/[[:punct:]]//g')
if [ "$installed" = "$profileName" ]; then
log "Profile "$profileName" was installed successfully"
elif [ "$installed" != "$profileName" ]; then
log "Profile "$profileName" install failed"
fi
}

 


 

Here's the answer in case someone is curious.


profileName="Profile Name"

profiles show -o stdout | grep "${profileName}" | sed 's/ProfileDisplayName = //g' | sed 's/[";]//g' | sed "s/^[ \\t]*//"

 

 


You're over-quoting $profileName. If it's already inside "" don't "" it again.


grep "ProfileDisplayName = $profileName"

 

This command works too. I wanted to simplify the use of sed.


 


profileName="Profile Name" # Or use a Jamf parameter

profiles show -o stdout | grep "${profileName}" | sed -E -e 's/ProfileDisplayName = //g' -e 's/[";]//g' -e "s/^[ \\t]*//"

 

This command works too. I wanted to simplify the use of sed.


 


profileName="Profile Name" # Or use a Jamf parameter

profiles show -o stdout | grep "${profileName}" | sed -E -e 's/ProfileDisplayName = //g' -e 's/[";]//g' -e "s/^[ \\t]*//"

 


You don't really need sed. A grep alone is enough to tell you if the profile you're looking for is installed by checking the result of the grep to see if it's an empty string (which indicates the search pattern wasn't found). Here's an example of a function I wrote that waits for the Configuration Profile I use for Global Protect to be installed :


WaitForGPProfileInstall() { # $1 - number of seconds to try before giving up
profileStatusResponse=""
startTime=$(/bin/date '+%s')
whenToQuit=$(($1 + startTime))

while [ -z "$profileStatusResponse" ]; do

profileStatusResponse=$(/usr/bin/profiles show | /usr/bin/grep "GP VPN Configuration")

if [ -z "$profileStatusResponse" ]; then
if [ "$(/bin/date '+%s')" -gt $whenToQuit ]; then
profileStatusResponse="False"
fi

/bin/sleep 1
else
profileStatusResponse="True"
fi
done

echo "$profileStatusResponse"
}

 If the profile is found the function echoes True, and if the profile isn't found in the number of seconds provided as the limit it echoes False.

You don't really need sed. A grep alone is enough to tell you if the profile you're looking for is installed by checking the result of the grep to see if it's an empty string (which indicates the search pattern wasn't found). Here's an example of a function I wrote that waits for the Configuration Profile I use for Global Protect to be installed :


WaitForGPProfileInstall() { # $1 - number of seconds to try before giving up
profileStatusResponse=""
startTime=$(/bin/date '+%s')
whenToQuit=$(($1 + startTime))

while [ -z "$profileStatusResponse" ]; do

profileStatusResponse=$(/usr/bin/profiles show | /usr/bin/grep "GP VPN Configuration")

if [ -z "$profileStatusResponse" ]; then
if [ "$(/bin/date '+%s')" -gt $whenToQuit ]; then
profileStatusResponse="False"
fi

/bin/sleep 1
else
profileStatusResponse="True"
fi
done

echo "$profileStatusResponse"
}

 If the profile is found the function echoes True, and if the profile isn't found in the number of seconds provided as the limit it echoes False.


I like this! I was considering using a while loop. For the moment, the way I'm doing this appears to be working but this method is better. I have a sleep function in the script that waits before running the command to check for the successful uninstall and reinstall of the profile. It has been working but profiles don't always install or remove as quick as we want them to. Your approach is a lot more accurate, plus I could insert a command into the while loop that would launch a Swift Dialog window to give the user some info about what's happening while they wait.

Reply


Terms & ConditionsCookie settings