I need to install some python modules via script to a group of Macs. I know you aren't supposed to use sudo when installing modules with pip. The script given to me by our vendor has sudo. Is this going to cause me or our users problems later on with permissions? I was thinking of adding -H to sudo as suggested in the CLI.This is part of it:sudo pip3 install --upgrade pipsudo pip install pyOpenSSL I changed the last pip3 to pip and that fixed a module installation issue just FYI.

Installing Python modules with pip and sudo

Why do you need to install additional modules? Do you have an app from a vendor that required Py3? How are you installing Py3 on the computers, since it does not come by default?

I would look at creating a relocatable python. Build a requirements.txt file with all the modules you want installed and then use Greg Neagle's Relocatable Python build script to build an installer that can be pushed out by Jamf:

https://github.com/gregneagle/relocatable-python

You will need to change the #! path in the python script.

This is for Okta Device Trust huh?

Also recommend relo python, and I wrote a blog post about it a short while ago. Been using it for a few years now and it is a fantastic tool

https://t-lark.github.io/posts/shipping-python/

Why do you need to install additional modules? Do you have an app from a vendor that required Py3? How are you installing Py3 on the computers, since it does not come by default?

I would look at creating a relocatable python. Build a requirements.txt file with all the modules you want installed and then use Greg Neagle's Relocatable Python build script to build an installer that can be pushed out by Jamf:

https://github.com/gregneagle/relocatable-python

You will need to change the #! path in the python script.

Installing python 3 this way:

#!/bin/sh



echo "Checking for the existence of the Apple Command Line Developer Tools"



/usr/bin/xcode-select -p &> /dev/null



if [[ $? -ne 0 ]]; then



echo "Apple Command Line Developer Tools not found."



touch /tmp/.com.apple.dt.CommandLineTools.installondemand.in-progress;



installationPKG=$(/usr/sbin/softwareupdate --list | /usr/bin/grep -B 1 -E 'Command Line Tools' | /usr/bin/tail -2 | /usr/bin/awk -F'*' '/^ *\\\\*/ {print $2}' | /usr/bin/sed -e 's/^ *Label: //' -e 's/^ *//' | /usr/bin/tr -d '\\n')



echo "Installing ${installationPKG}"



/usr/sbin/softwareupdate --install "${installationPKG}" --verbose



else



echo "Apple Command Line Developer Tools are already installed."



fi



exit

I likely won't be able to use any alternative python versions due to open source and legal reasons.

why is that? The Apple way is still the same open source licensed Python, but you cannot patch it or control it. You are much better off shipping your own and managing it. What happens with Python vulns that Apple does not patch in their XCode CLI packages that includes vanilla Python?

I don't make the rules I just follow them. If that happens I'm sure we would just deal with XCode vanilla python and wait for a patch.

Good luck with that Apple is super slow to patch things like Apache and you cannot control that, but I would still suggest you find out why your policies stop this. Most of the time in my experience it is usually just a misunderstanding of the policies. Typically legal teams hate things like GPLv3 open source licensing, but Apache or MIT licensing is fine. When I engage with legal teams at my current and previous jobs it is pretty much this. If all open source was banned you wouldn't be allowed to run Jamf since it is built off of Tomcat, Java and MySQL

It may not be all open source I don't know to what extent. I was just told that. I'm asking around.

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded