Jamf Nation Community

dnorman · ‎09-15-2021

I need to install some python modules via script to a group of Macs. I know you aren't supposed to use sudo when installing modules with pip. The script given to me by our vendor has sudo. Is this going to cause me or our users problems later on with permissions? I was thinking of adding -H to sudo as suggested in the CLI.

This is part of it:

sudo pip3 install --upgrade pip

sudo pip install pyOpenSSL

I changed the last pip3 to pip and that fixed a module installation issue just FYI.

Tribruin · ‎09-16-2021

Why do you need to install additional modules? Do you have an app from a vendor that required Py3? How are you installing Py3 on the computers, since it does not come by default?

I would look at creating a relocatable python. Build a requirements.txt file with all the modules you want installed and then use Greg Neagle's Relocatable Python build script to build an installer that can be pushed out by Jamf:

https://github.com/gregneagle/relocatable-python

You will need to change the #! path in the python script.

dnorman · ‎09-28-2021

Installing python 3 this way:

#!/bin/sh

echo "Checking for the existence of the Apple Command Line Developer Tools"

/usr/bin/xcode-select -p &> /dev/null

if [[ $? -ne 0 ]]; then

echo "Apple Command Line Developer Tools not found."

touch /tmp/.com.apple.dt.CommandLineTools.installondemand.in-progress;

installationPKG=$(/usr/sbin/softwareupdate --list | /usr/bin/grep -B 1 -E 'Command Line Tools' | /usr/bin/tail -2 | /usr/bin/awk -F'*' '/^ *\\*/ {print $2}' | /usr/bin/sed -e 's/^ *Label: //' -e 's/^ *//' | /usr/bin/tr -d '\n')

echo "Installing ${installationPKG}"

/usr/sbin/softwareupdate --install "${installationPKG}" --verbose

else

echo "Apple Command Line Developer Tools are already installed."

fi

exit

beeboo · ‎09-17-2021

This is for Okta Device Trust huh?

tlarkin · ‎09-17-2021

Also recommend relo python, and I wrote a blog post about it a short while ago. Been using it for a few years now and it is a fantastic tool

https://t-lark.github.io/posts/shipping-python/

dnorman · ‎09-28-2021

I likely won't be able to use any alternative python versions due to open source and legal reasons.

tlarkin · ‎09-28-2021

why is that? The Apple way is still the same open source licensed Python, but you cannot patch it or control it. You are much better off shipping your own and managing it. What happens with Python vulns that Apple does not patch in their XCode CLI packages that includes vanilla Python?

dnorman · ‎09-28-2021

I don't make the rules I just follow them. If that happens I'm sure we would just deal with XCode vanilla python and wait for a patch.

tlarkin · ‎09-28-2021

Good luck with that Apple is super slow to patch things like Apache and you cannot control that, but I would still suggest you find out why your policies stop this. Most of the time in my experience it is usually just a misunderstanding of the policies. Typically legal teams hate things like GPLv3 open source licensing, but Apache or MIT licensing is fine. When I engage with legal teams at my current and previous jobs it is pretty much this. If all open source was banned you wouldn't be allowed to run Jamf since it is built off of Tomcat, Java and MySQL

dnorman · ‎10-07-2021

It may not be all open source I don't know to what extent. I was just told that. I'm asking around.

Installing Python modules with pip and sudo