Posted on 09-15-2021 04:50 PM
I need to install some python modules via script to a group of Macs. I know you aren't supposed to use sudo when installing modules with pip. The script given to me by our vendor has sudo. Is this going to cause me or our users problems later on with permissions? I was thinking of adding -H to sudo as suggested in the CLI.
This is part of it:
sudo pip3 install --upgrade pip
Posted on 09-16-2021 06:27 AM
Why do you need to install additional modules? Do you have an app from a vendor that required Py3? How are you installing Py3 on the computers, since it does not come by default?
I would look at creating a relocatable python. Build a requirements.txt file with all the modules you want installed and then use Greg Neagle's Relocatable Python build script to build an installer that can be pushed out by Jamf:
https://github.com/gregneagle/relocatable-python
You will need to change the #! path in the python script.
Posted on 09-28-2021 11:04 AM
Installing python 3 this way:
#!/bin/sh
echo "Checking for the existence of the Apple Command Line Developer Tools"
/usr/bin/xcode-select -p &> /dev/null
if [[ $? -ne 0 ]]; then
echo "Apple Command Line Developer Tools not found."
touch /tmp/.com.apple.dt.CommandLineTools.installondemand.in-progress;
installationPKG=$(/usr/sbin/softwareupdate --list | /usr/bin/grep -B 1 -E 'Command Line Tools' | /usr/bin/tail -2 | /usr/bin/awk -F'*' '/^ *\\*/ {print $2}' | /usr/bin/sed -e 's/^ *Label: //' -e 's/^ *//' | /usr/bin/tr -d '\n')
echo "Installing ${installationPKG}"
/usr/sbin/softwareupdate --install "${installationPKG}" --verbose
else
echo "Apple Command Line Developer Tools are already installed."
fi
exit
Posted on 09-17-2021 01:15 PM
This is for Okta Device Trust huh?
Posted on 09-17-2021 09:20 PM
Also recommend relo python, and I wrote a blog post about it a short while ago. Been using it for a few years now and it is a fantastic tool
Posted on 09-28-2021 11:06 AM
I likely won't be able to use any alternative python versions due to open source and legal reasons.
Posted on 09-28-2021 11:08 AM
why is that? The Apple way is still the same open source licensed Python, but you cannot patch it or control it. You are much better off shipping your own and managing it. What happens with Python vulns that Apple does not patch in their XCode CLI packages that includes vanilla Python?
Posted on 09-28-2021 11:13 AM
I don't make the rules I just follow them. If that happens I'm sure we would just deal with XCode vanilla python and wait for a patch.
Posted on 09-28-2021 11:16 AM
Good luck with that Apple is super slow to patch things like Apache and you cannot control that, but I would still suggest you find out why your policies stop this. Most of the time in my experience it is usually just a misunderstanding of the policies. Typically legal teams hate things like GPLv3 open source licensing, but Apache or MIT licensing is fine. When I engage with legal teams at my current and previous jobs it is pretty much this. If all open source was banned you wouldn't be allowed to run Jamf since it is built off of Tomcat, Java and MySQL
Posted on 10-07-2021 03:45 PM
It may not be all open source I don't know to what extent. I was just told that. I'm asking around.