OSX Install with Package

jj_isd728
New Contributor II

We moved to Jamf in December and I have had quit a few iMacs that are not DEPable.
My goal was to install MacOS Sierra from scratch and have a package run that will assign the correct Jamf Recon package based on IP.

Making this post to share what worked for me and also get feedback, as I am still learning.

I used a Mac Mini, running 10.12.6, running Mac Server and the System Image Utility program.
Downloaded MacOS Sierra from the App Store.
Ran System Image Utility and created a NetInstall Image, adding my package.
After trial and error with adding a package to the System Image Utility, with it being "not signed".
I had to renew our developer account and used XCODE to add the Developer ID Installer certificate.
Used this as a guidet
Using the app Packages, I was able to create a flat package with a preflight script that curled my main script. curl -s http://path-to-script-hosted/ISD728_JamfAdd.sh | sh > "/Users/Shared/728/Jamf.log" 2>&1
I then signed the flat package I created. krypted helped me
Once I had my package set, I tested with created a new Sierra Net-Install, adding the signed package.
Using the same cert, i exported it and used it in Recon to create my individual site, signing them with the exported cert.

example of script being curled:

#!/bin/bash
# Created by Jeffro @ isd728
# Last Update Jan.26.2018
# Variables
#
mountSharedFolder (){
    sharedFolder="/Volumes/LoginScripts"
    mountSMB="//username:password@path-to-mounted-folder/LoginScripts /Volumes/LoginScripts"
        if [ -d "$sharedFolder/UpdateME" ]; then
            echo "Volume Mounted"
        else
            echo " Volume NOT Mounted... exiting "
            if [ -d ${sharedFolder} ]; then
                echo ""
                echo "Removing mounted volume: "${sharedFolder}
                sudo diskutil umount force ${sharedFolder}
                sudo rmdir ${sharedFolder}
            fi
            exit 0
        fi
    fi
}
#
while read -r enPort
do
    if ifconfig | grep $enPort > /dev/null; then
        echo ""
        echo "Port $enPort exists"
        echo ""
        INTERFACES=$enPort
    fi
done <<< $(networksetup -listnetworkserviceorder | grep "Hardware Port" | grep -E "Ethernet|USB" | awk -F ": " '{print $3}'  | sed 's/)//g')

echo $INTERFACES
if [[ $INTERFACES == "" ]]; then
    INTERFACES="en0"
fi
NetworkIP=$(echo $(ipconfig getifaddr $INTERFACES | perl -pe 's/\./\n/g' | cut -d "." -f 2))
echo $NetworkIP

#
if [ $NetworkIP == "0" ]; then 
    Building="Elementary"
elif [ $NetworkIP == "2" ]; then
    Building="Middle"
elif [ $NetworkIP == "3" ]; then
    Building="High"
#Removed another 17 items
fi
if [ $Building == "" ]; then
    Building="All"
fi

echo $Building
echo ""

mountSharedFolder

jamfPackage="/Users/Shared/${Building}-QuickAdd.pkg"
if [ -d $sharedFolder ]; then
    cp -Rfv $sharedFolder/Jamf/${Building}-QuickAdd.pkg /Users/Shared/
    sudo chmod -Rf 775 /Users/Shared/${Building}-QuickAdd.pkg
    if [ -f $jamfPackage ]; then
        sudo installer -pkg /Users/Shared/${Building}-QuickAdd.pkg -target / -allowUntrusted
        sleep 60
        echo ""
    fi
fi

# disconnect Shared Folder, if exists   
if [ -d ${sharedFolder} ]; then
    echo ""
    echo "Removing mounted volume: "${sharedFolder}
    sudo diskutil umount force ${sharedFolder}
fi
if [ -d ${sharedFolder} ]; then
    echo ""
    echo "Removing mounted volume: "${sharedFolder}
    sudo diskutil umount force ${sharedFolder}
    sudo rmdir ${sharedFolder}
fi

##########################################################################
exit 0

Not sure how quality my scripting is, but i gets the job done.

0 REPLIES 0