Identifying that a PKG was run by Jamf Pro?

straffin
New Contributor III

I'm trying to develop a customized PKG that would be used to install a piece of software both in-person and via Jamf Pro (two birds, one stone and all that). I would like to do things a little differently depending on whether or not Jamf Pro has launched the installer. Is there a way anyone can think of to identify whether or not Jamf Pro launched the PKG?

2 ACCEPTED SOLUTIONS

mm2270
Legendary Contributor III

I'm not sure using either pkgutil or looking in the computer record for receipts is what the OP is after. Looking at his post, I'm reading it as trying to know at the time the package is being installed, whether its being installed by a Jamf policy or if someone is manually installing the pkg, like in a preinstall script perhaps, and changing the behavior of what takes place in that script, maybe. @straffin will probably have to clarify that to be sure, but that was how I took his post.
If I'm right, checking package receipts isn't going to help, because those only get dropped after the package install has finished, not during installation.

Checking the jamf.log could work. I've used something similar in my scripts, but for a different end goal.

Another possibility is checking the running process list with ps and looking to see where installer/Installer is running from. If being called by a policy, it would show up as /usr/sbin/installer along with the path to the package in /Library/Application Support/JAMF/Downloads/. If being run from Installer.app, /System/Library/CoreServices/Installer.app/Contents/MacOS/Installer will show up in the results.

View solution in original post

straffin
New Contributor III

Thanks for the suggestions so far! Sorry for any lack of clarity in my request, but @mm2270 has the sense of it. I'm looking for code that would run during the pkg install as part of the pkg that identifies whether a person is running the install or a process is running the install.

I wasn't sure if there was a standard target location for Jamf Pro downloads or if it just tossed things into a temp directory. Looking for a location of /Library/Application Support/JAMF/Downloads/ should work. I also like the ps option, perhaps looking for a uid of 0 to see that a system-level process is running it.

Thanks again!

View solution in original post

9 REPLIES 9

sdagley
Esteemed Contributor II

@straffin Speaking theoretically (as in never tried it myself), you could do a tail -n 1 /var/log/jamf.log | grep yourpackagenamehere.pkg and see if it comes back non-empty. That should indicate the jamf binary is currently attempting to installing your package.

talkingmoose
Moderator
Moderator

Use the pkgutil command to look for the presence of a package receipt.

To list all package receipts run /usr/sbin/pkgutil list --pkgs.

To find a specific package receipt use something like /usr/sbin/pkgutil --pkgs=com.microsoft.Edge.Beta.

donmontalvo
Esteemed Contributor III

Should see it under the computer record too, installed by Installer vs installed by Jamf Pro (policy).

--
https://donmontalvo.com

mm2270
Legendary Contributor III

I'm not sure using either pkgutil or looking in the computer record for receipts is what the OP is after. Looking at his post, I'm reading it as trying to know at the time the package is being installed, whether its being installed by a Jamf policy or if someone is manually installing the pkg, like in a preinstall script perhaps, and changing the behavior of what takes place in that script, maybe. @straffin will probably have to clarify that to be sure, but that was how I took his post.
If I'm right, checking package receipts isn't going to help, because those only get dropped after the package install has finished, not during installation.

Checking the jamf.log could work. I've used something similar in my scripts, but for a different end goal.

Another possibility is checking the running process list with ps and looking to see where installer/Installer is running from. If being called by a policy, it would show up as /usr/sbin/installer along with the path to the package in /Library/Application Support/JAMF/Downloads/. If being run from Installer.app, /System/Library/CoreServices/Installer.app/Contents/MacOS/Installer will show up in the results.

maurits
Contributor

Maybe a smart group based on 'Packages installed by Casper' ? I use that quit often

straffin
New Contributor III

Thanks for the suggestions so far! Sorry for any lack of clarity in my request, but @mm2270 has the sense of it. I'm looking for code that would run during the pkg install as part of the pkg that identifies whether a person is running the install or a process is running the install.

I wasn't sure if there was a standard target location for Jamf Pro downloads or if it just tossed things into a temp directory. Looking for a location of /Library/Application Support/JAMF/Downloads/ should work. I also like the ps option, perhaps looking for a uid of 0 to see that a system-level process is running it.

Thanks again!

mm2270
Legendary Contributor III

@straffin Glad to help! Just be aware that the /Library/Application Support/JAMF/Downloads/ directory always exists, or at least always exists after at least one package is installed by a policy. You would have to make sure you look inside that directory in your script for the package name itself, or like I mentioned, see if installer is active and installing something from that directory.
Either way though, that should get you where you're looking to go.

straffin
New Contributor III

Based on what I've seen in other installers (particularly those that allow for pre-configuration files residing in the same directory as the installer), there is a built-in $PACKAGE_PATH variable that contains the parent directory of the pkg being installed. I should be able to simply test for $PACKAGE_PATH = /Library/Application Support/JAMF/Downloads/ to identify that the pkg is being installed by Jamf Pro. Thanks again!

donmontalvo
Esteemed Contributor III

Interesting thread, so much to learn.

@straffin Curious does the trailing slash need to be removed for $PACKAGE_PATH to work? Tested this as a preinstall script in a test PKG and seems to work (considering both Downloads and Waiting Room*:

#!/bin/bash

currentDir=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
cd "$currentDir"
downloadsDir="/Library/Application Support/JAMF/Downloads"
waitingRoomDir="/Library/Application Support/JAMF/Waiting Room"

if [ "$currentDir" != "$downloadsDir" ] && [ "$currentDir" != "$waitingRoomDir" ];
then
    echo "Installing using Installer.app"
    echo "Running commands"
else
    echo "Installing using jamf"
    echo "Runninng alternate commands"
fi

Will try using $PACKAGE_PATH when I have time later.

--
https://donmontalvo.com