+5I need to install some python modules via script to a group of Macs. I know you aren't supposed to use sudo when installing modules with pip. The script given to me by our vendor has sudo. Is this going to cause me or our users problems later on with permissions? I was thinking of adding -H to sudo as suggested in the CLI.
This is part of it:
sudo pip3 install --upgrade pip
+19Why do you need to install additional modules? Do you have an app from a vendor that required Py3? How are you installing Py3 on the computers, since it does not come by default?
I would look at creating a relocatable python. Build a requirements.txt file with all the modules you want installed and then use Greg Neagle's Relocatable Python build script to build an installer that can be pushed out by Jamf:
https://github.com/gregneagle/relocatable-python
You will need to change the #! path in the python script.
+7This is for Okta Device Trust huh?
+31Also recommend relo python, and I wrote a blog post about it a short while ago. Been using it for a few years now and it is a fantastic tool
+5Why do you need to install additional modules? Do you have an app from a vendor that required Py3? How are you installing Py3 on the computers, since it does not come by default?
I would look at creating a relocatable python. Build a requirements.txt file with all the modules you want installed and then use Greg Neagle's Relocatable Python build script to build an installer that can be pushed out by Jamf:
https://github.com/gregneagle/relocatable-python
You will need to change the #! path in the python script.
Installing python 3 this way:
#!/bin/sh
echo "Checking for the existence of the Apple Command Line Developer Tools"
/usr/bin/xcode-select -p &> /dev/null
if [[ $? -ne 0 ]]; then
echo "Apple Command Line Developer Tools not found."
touch /tmp/.com.apple.dt.CommandLineTools.installondemand.in-progress;
installationPKG=$(/usr/sbin/softwareupdate --list | /usr/bin/grep -B 1 -E 'Command Line Tools' | /usr/bin/tail -2 | /usr/bin/awk -F'*' '/^ *\\\\*/ {print $2}' | /usr/bin/sed -e 's/^ *Label: //' -e 's/^ *//' | /usr/bin/tr -d '\\n')
echo "Installing ${installationPKG}"
/usr/sbin/softwareupdate --install "${installationPKG}" --verbose
else
echo "Apple Command Line Developer Tools are already installed."
fi
exit
+5I likely won't be able to use any alternative python versions due to open source and legal reasons.
+31I likely won't be able to use any alternative python versions due to open source and legal reasons.
why is that? The Apple way is still the same open source licensed Python, but you cannot patch it or control it. You are much better off shipping your own and managing it. What happens with Python vulns that Apple does not patch in their XCode CLI packages that includes vanilla Python?
+5why is that? The Apple way is still the same open source licensed Python, but you cannot patch it or control it. You are much better off shipping your own and managing it. What happens with Python vulns that Apple does not patch in their XCode CLI packages that includes vanilla Python?
I don't make the rules I just follow them. If that happens I'm sure we would just deal with XCode vanilla python and wait for a patch.
+31I don't make the rules I just follow them. If that happens I'm sure we would just deal with XCode vanilla python and wait for a patch.
Good luck with that Apple is super slow to patch things like Apache and you cannot control that, but I would still suggest you find out why your policies stop this. Most of the time in my experience it is usually just a misunderstanding of the policies. Typically legal teams hate things like GPLv3 open source licensing, but Apache or MIT licensing is fine. When I engage with legal teams at my current and previous jobs it is pretty much this. If all open source was banned you wouldn't be allowed to run Jamf since it is built off of Tomcat, Java and MySQL
+5Good luck with that Apple is super slow to patch things like Apache and you cannot control that, but I would still suggest you find out why your policies stop this. Most of the time in my experience it is usually just a misunderstanding of the policies. Typically legal teams hate things like GPLv3 open source licensing, but Apache or MIT licensing is fine. When I engage with legal teams at my current and previous jobs it is pretty much this. If all open source was banned you wouldn't be allowed to run Jamf since it is built off of Tomcat, Java and MySQL
It may not be all open source I don't know to what extent. I was just told that. I'm asking around.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
