Launchdaemon - Any can "script guru´s" explain this

jameson
Contributor II

I will just try describe the overall issue, that I have spent weeks on - overall I just don´t understand why it does not work

Overall goal is when user is finished pre-stage enrollment and seing the desktop, that right away the policies are executed. The "enrollment complete" trigger Is not reliable enough to use. so thought a launchdaemon would be easy to use - but now.

Below issue is overall to get the the launchdaemon running - as this is the main issue

I have the following code as post install script in my pre-stage packet (included in the jamf connect pkg)

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>Label</key>
	<string>com.depnotify</string>
	<key>ProgramArguments</key>
	<array>
		<string>/usr/local/jamf/bin/jamf</string>
		<string>policy</string>
		<string>-event</string>
		<string>Jamfsetup</string>
	</array>
	<key>StandardErrorPath</key>
	<string>/tmp/com.depnotify.stderr</string>
	<key>StandardOutPath</key>
	<string>/tmp/com.depnotify.stdout</string>
	<key>WatchPaths</key>
	<array>
		<string>/usr/local/jamf/bin/jamf</string>
	</array>
</dict>
</plist>

So overall it should wait for the jamf binary to be there. But issue is when user is logged in and I check the launchdaemons it is not loaded for whatever reason - errorcode 78

jameson_0-1643203392356.png
If I install the same pkg on a running client, the launchdaemon works fine and load. So PKG is fine - but if same pkg in pre-stage it doesn´t work - and yes package is signed :)

I hope someone can explain why this does not work 

 

10 REPLIES 10

DBrowning
Valued Contributor II

Maybe check the permission, owner/group on everything.

andrew_nicholas
Valued Contributor

I can't say for certain, but aren't PKGs installed via the pre-stage done so with MDM commands rather than with the jamf binary? So could it be that it just isn't seeing the binary in place when it's deployed because that particular step happens after the pre-stage PKG installs?

Yes jamf Binary does not install pkg in pre-stage. But launchdaemon should wait for binary to appear - but something goes wrong in that

jameson
Contributor II

PKG works fine outside pre-stage. And plist is owned by Root:Wheel and 644 - also tried 755 actually

mm2270
Legendary Contributor III

POSIX permissions on the LaunchDaemon plist should be 644, but I don't really think that's the reason it's not loading. I think it's not loading because of the use of WatchPaths in the plist. My understanding of that is that the path has to exist at the time the daemon is loaded or it will exit with an error. I have a feeling that's why when it gets installed in Pre-Stage it fails to load - the jamf agent actually isn't there yet - but if you manually install it on a Mac that already has the jamf agent in place, it loads ok.

If that's true, you might have to use a different method of kicking off your process, such as crafting a script to go along with the LaunchDaemon as its ProgramArguments and then looping every x seconds (using a StartInterval) to check if /usr/local/bin/jamf exists, then finally running the rest of your workflow. 

KRIECCO
Contributor

So something like this in the postinstall script

cat << EOF > /Library/LaunchDaemons/com.depnotify.launch.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>GroupName</key>
	<string>wheel</string>
	<key>InitGroups</key>
	<false/>
	<key>Label</key>
	<string>com.depnotify.launch</string>
	<key>Program</key>
	<string>/var/tmp/launchDEPNotify.sh</string>
	<key>RunAtLoad</key>
	<true/>
	<key>StartInterval</key>
	<integer>5</integer>
	<key>UserName</key>
	<string>root</string>
	<key>StandardErrorPath</key>
	<string>/var/tmp/depnotify.launch.err</string>
	<key>StandardOutPath</key>
	<string>/var/tmp/depnotify.launch.out</string>
</dict>
</plist>
EOF

chmod 644 /Library/LaunchDaemons/com.depnotify.launch.plist
chown root:wheel /Library/LaunchDaemons/com.depnotify.launch.plist

/bin/launchctl load -w /Library/LaunchDaemons/com.depnotify.launch.plist

And then in the 

KRIECCO
Contributor

and then in the launchDEPNotify.sh file just have

 

while [ ! -f /usr/local/jamf/bin/jamf]
do
	sleep 5
done

jamf policy -event xxxx

I don´t know if @mm2270 agree on this


jameson
Contributor II

So just tried like above. - but launchdaemon is loaded but with status 127 - :( It makes me crazy this issue. I don´t nearly don´t care get it working, just I can understand why it doesn´t work this

jameson_0-1643273639433.png

jameson_1-1643273656265.png

jameson_2-1643273671985.png

jameson_3-1643273716373.png

 

mm2270
Legendary Contributor III

You shouldn't have double quotes around the jamf policy command in the script. That just tells the script it's a string, not a command to run.

KRIECCO
Contributor

the following is working - I just tried to test the setup, so you are good to go now :)

 

cat << EOF > /Library/LaunchDaemons/com.depnotify.launch.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>GroupName</key>
	<string>wheel</string>
	<key>InitGroups</key>
	<false/>
	<key>Label</key>
	<string>com.depnotify.launch</string>
	<key>ProgramArguments</key>
	<array>
	<string>/var/tmp/launchDEPNotify.sh</string>
	</array>
	<key>RunAtLoad</key>
	<true/>
	<key>StartInterval</key>
	<integer>5</integer>
	<key>UserName</key>
	<string>root</string>
	<key>StandardErrorPath</key>
	<string>/var/tmp/depnotify.launch.err</string>
	<key>StandardOutPath</key>
	<string>/var/tmp/depnotify.launch.out</string>
</dict>
</plist>
EOF

chmod 644 /Library/LaunchDaemons/com.depnotify.launch.plist
chown root:wheel /Library/LaunchDaemons/com.depnotify.launch.plist

/bin/launchctl load -w /Library/LaunchDaemons/com.depnotify.launch.plist