Okta Device Trust v1.3.1 Deployment Issue

lukasindre
New Contributor III

Hey Everyone!  Running into a snag with the new v1.3.1 Okta Device Trust registration process.  There is nothing wrong with the script, rather i'm running into deployment issues of command line tools (python3).

 

This is the script I'm using to get the command line tools:

#!/bin/sh

echo "Checking for the existence of the Apple Command Line Developer Tools"

/usr/bin/xcode-select -p &> /dev/null

if [[ $? -ne 0 ]]; then
    echo "Apple Command Line Developer Tools not found."
    touch /tmp/.com.apple.dt.CommandLineTools.installondemand.in-progress;
    installationPKG=$(/usr/sbin/softwareupdate --list | /usr/bin/grep -B 1 -E 'Command Line Tools' | /usr/bin/tail -2 | /usr/bin/awk -F'*' '/^ *\\*/ {print $2}' | /usr/bin/sed -e 's/^ *Label: //' -e 's/^ *//' | /usr/bin/tr -d '\n')
    echo "Installing ${installationPKG}"
    /usr/sbin/softwareupdate --install "${installationPKG}" --verbose
else
    echo "Apple Command Line Developer Tools are already installed."
fi

exit

 

From what I know, that is super dependent on a solid HTTP connection, which obviously is something we can never assume 😞  How do you guys package Command Line Tools/python3, or have you found any remediation to this?

 

Error I'm getting:

Script result: Checking for the existence of the Apple Command Line Developer Tools
Apple Command Line Developer Tools not found.
Timed out while loading data from the Apple Software Update server.
Installing 
: No such update
No updates are available.
Software Update Tool

Which then errors the device trust script with this (which is expected):

Script result: Running pip3 install --upgrade pip
xcode-select: error: no developer tools were found at '/Applications/Xcode.app', and no install could be requested (perhaps no UI is present), please install manually from 'developer.apple.com'.
Running pip3 install pyobjc-framework-SystemConfiguration
xcode-select: error: no developer tools were found at '/Applications/Xcode.app', and no install could be requested (perhaps no UI is present), please install manually from 'developer.apple.com'.
pip3 install pyOpenSSL
xcode-select: error: no developer tools were found at '/Applications/Xcode.app', and no install could be requested (perhaps no UI is present), please install manually from 'developer.apple.com'.
1 ACCEPTED SOLUTION

tlarkin
Honored Contributor

So Xcode CLI tools do install a version of Python 3, they also install Apple's shipped version of `git` so you can use `git` as a test to see if it is present.  I also just download the XCode CLI tools pkg from the dev portal and slap that package into my enrollment dependency flow.  

I also maintain and ship my own Python environment to all endpoints with my wanted python packages installed.  This allows me to point vendor code that is written in Python to my env and not rely on Apple's.  The other error I see in your post is that the script is complaining about the objc bridge not being installed, which Apple does not install on their version of Python3 from XCode.  So, I would highly recommend looking at shipping your own Python env that you control.

 

Also, Okta needs to do better on this so I would also tell your vendor that not supporting something like a PKI and relying on scripts to generate certs is not really that great or scalable. 

View solution in original post

4 REPLIES 4

tlarkin
Honored Contributor

So Xcode CLI tools do install a version of Python 3, they also install Apple's shipped version of `git` so you can use `git` as a test to see if it is present.  I also just download the XCode CLI tools pkg from the dev portal and slap that package into my enrollment dependency flow.  

I also maintain and ship my own Python environment to all endpoints with my wanted python packages installed.  This allows me to point vendor code that is written in Python to my env and not rely on Apple's.  The other error I see in your post is that the script is complaining about the objc bridge not being installed, which Apple does not install on their version of Python3 from XCode.  So, I would highly recommend looking at shipping your own Python env that you control.

 

Also, Okta needs to do better on this so I would also tell your vendor that not supporting something like a PKI and relying on scripts to generate certs is not really that great or scalable. 

lukasindre
New Contributor III

I followed your guide you share in deploying relocatable python.  Super easy, super simple, super lightweight.  I owe you a beer for this one

Hey Luka, any chance you can share what you did to resolve this?

Euwanh
New Contributor III

@lukasindre @tlarkin would you happen to have the steps taken to do this please the deploying relocatable python guide?