Jamf Nation Community

rmanly · ‎01-11-2010

What do you guys do when you want to push out updated software and also
change the config to have the new software?

To clarify, say I want to push out Firefox 3.5.7 to all computers. To do
this I create a policy that runs "Once Per Computer" for "Login". But I have
also replaced 3.5.x in all configs with 3.5.7, so any new machines or
re-imaged machines will already have 3.5.7. My policy to force the update
once per computer will trigger at some point on those new machines that
already have it. This is a waste of time etc.

Up until this time I have just let that happen. Thoughts on cleaning this
process up a bit?

Ryan M. Manly
Level 4 Mac Tech
Glenbrook High Schools
1835 Landwehr Rd.
Glenview, IL 60026
(847) 486-4948

? ACSP ? ACMT

Report Inappropriate Content · ‎01-11-2010

The best way to get some sort of handle on PlistBuddy is to read in the plist you want to mess with. The –c makes PlistBuddy non-interactive for use in scripts. It’s the mechanism that Apple uses to change plists during updates. I started using it for /etc/authorization so I’ll use that as my example.

/usr/libexec/PlistBuddy –c “Print” /etc/authorization

If you look at what’s returned here you’ll notice right at the beginning “rules = Dict” somewhere about halfway down you’ll see “rights = Dict”. This is how I found out that the manipulating values started with “rules” or “rights”. Values are separated by colons.

I wanted to change the rights “group” for “system.print.admin” from “lpadmin” to “staff”.

The default looked like

}

system.print.admin = Dict {

allow – root = true

shared = true

group = lpadmin

class = user

}

I issued /usr/libexec/PllistBuddy –c “Set :rights:system.print.admin:group staff” /etc/authorization

This changed the “group” value above to “staff”

I also issued /usr/libexec/PlistBuddy –c “Set :rules:is-lpadmin:group staff” /etc/authorization

This changed the “group” value under rules for “is-lpadmin” to “staff”.

Now any user can do whatever with printing.

This is just an example for people to get started with PlistBuddy as I really struggled at first. People have done some crazy editing with this and it was hard to follow some of the examples I found without a basic example to get started with.

FYI, This change was for our off-campus notebooks. Changes may not hold on this particular file after updates.

- JD

John_Wetter · ‎01-11-2010

I would have the policy based on a smart group of ‘Firefox not version 3.5.7’ or something similar.

John
--
John Wetter
Technology Support Administrator
Educational Technology, Media & Information Services
Hopkins Public Schools
952-988-5373

dustydorey · ‎01-11-2010

You could make a smart group of computers that do not have version 3.5.7, scope your policy to that group.

Also for keeping things in your configs up to date I would leverage smart configs. We keep “Base Configs” like 10.4 base, 10.5 base etc… and then each buildings config that would use 10.5 is a smart config of that base. In our bases we keep the software up to date that goes on everything, like your adobe readers and firefox type apps. We also have an extremely long list of individual configs here though since there are almost 30 different buildings configs and each building typically has 2+ configs. So I’d guess with out actually looking or counting we have at least 70 configs. Beyond our base configs.

-Dusty-

Dustin Dorey

Technology Support Cluster Specialist

Independent School District 196

Rosemount-Apple Valley-Eagan Public Schools

dustin.dorey at district196.org

651|423|7971

Report Inappropriate Content · ‎01-11-2010

If you really want to make sure you're not wasting time/bandwidth, you could
create a smart-group of machine that don't already have Firefox 3.5.7.

In software info, select has Firefox and application version is not 3.5.7.

Or you could use the receipts to do the same thing. Just create a smart
group for every computer that hasn't received the Firefox 3.5.7 receipt.
Then run the policy once per computer on that group.

rmanly · ‎01-11-2010

Thanks all. Kind of a d'oh moment. :)

P.S. omg # of configs! I only have 7 bases with 3 smarts each and I am
trying to cut that down.

Ryan M. Manly
Level 4 Mac Tech
Glenbrook High Schools
1835 Landwehr Rd.
Glenview, IL 60026
(847) 486-4948

? ACSP ? ACMT

Report Inappropriate Content · ‎01-11-2010

Speaking of the number of configs...

It would make my life so much easier it it were possible to change the partitions within Smart Configs. I have multiple labs were the only difference between one and the other is that one needs BootCamp and the other does not. This means I have to create a brand new base config for the windows system.

I also have base users on computers that are different, so even though I could keep staff and student machines the same, I can't because I have to have two different base configurations to add the different users to the system.

I currently do the users with a policy, but it doesn't work immediately, and sometimes doesn't work when the network connection is not active for long enough to get the policy to create the user.

I hope this may find it's way into a future release ;).

-Robert

tlarkin · ‎01-11-2010

Manual triggered policies and shell scripts are your best friend for
this....

Now I gotta warn you, this may not be future proof as I am not testing
this myself but just coming up with this on the fly. So, play around
with the code and see what you can come up with, repost it once it works
as it may benefit other users of the list.

#!/bin/bash

# get the current FF version

getffvers=`cat /Applications/Firefox.app/Contents/Info.plist | grep
Contributors | awk ' { print $2 }' | sed 's/,//'`

if [[ $getffvers != 3.5.7 ]]

then jamf policy -trigger firefox_357

else echo "Current version is 3.5.7"

done exit

I tried using the defaults read command since Info.plist should be
easier to read with that, but it doesn't want to place nice with my
Unix-Fu. However if you run that command I put up there it will pull
the version of firefox out from the system, and then you can code that
into a script that will trigger an install if it does not equal a
certain version. That way you maintain 1 script for every single
machine.

Of course, test this out, clean it up and repost the final
script/process so everyone can benefit from it.

-Tom

Report Inappropriate Content · ‎01-11-2010

For future reference the PlistBuddy binary will allow editing of plists that the defaults command won’t. There is little good documentation that I’ve found but it sure does work!

On 10.5 it’s located in /usr/libexec

Run /usr/libexec/PlistBuddy –help for usage info.

I’ve been using it to modify /etc/authorization with great success.

- JD

tlarkin · ‎01-11-2010

I see there is a PlistBuddy -c print option, but I can't quite get it to
work. I know my method of getting the version is a bit long, cumbersome
and improvident, but it does work almost instantly when you pump it into
the terminal.

I need to read the developer pages on PlistBuddy

Report Inappropriate Content · ‎01-13-2010

Worked for me on 3.5.4...

Bob

tlarkin · ‎01-13-2010

While we are on the subject, has anyone here ever been successful with
using the Firefox command line to globally install extensions, and have
it keep settings? I find these blogs with examples of how to do it, but
no proof that it works and I cannot for the life of me get it to work.

Global extensions fail or don't work or don't even show up when I
install them via command line and then log out of my admin account and
right into the same machine with a managed user account.

I am about to just say forget about it and deploy unmanaged firefox as
it is wasting a lot of my time.

Thanks

Tom

?xml version="1.0" encoding="ISO-8859-1"?>

tlarkin · ‎01-13-2010

So yeah, I keep forgetting Firefox has its own CLI built into the app
itself. This is how you would return the version of firefox from the
command line

/Applications/Firefox/Contents/MacOS/firefox -v | awk '{ print $3 }' |
sed 's/,//'

-Tom

jmclaughlin · ‎01-13-2010

Don't you mean

/Applications/Firefox/Contents/MacOS/firefox

-bin

-v | awk '{ print $3 }' | sed 's/,//'

because that's the binary that launches the browser.

John McLaughlin
Technical Support Specialist
Newton Public Schools

tlarkin · ‎01-13-2010

Nope, I meant what I posted and it works for me. I have got a few
emails asking that so here are my results from terminal:

bash-3.2# /Applications/Firefox.app/Contents/MacOS/firefox -v | awk '{
print $3 }' | sed 's/,//' 3.5.7 bash-3.2#

-Tom

?xml version="1.0" encoding="ISO-8859-1"?>

jmclaughlin · ‎01-13-2010

I guess it works only for older versions then. I have version 3.5.3 and
it hadn't worked for me until I changed it.

John McLaughlin
Technical Support Specialist
Newton Public Schools

tlarkin · ‎01-13-2010

I am running 3.5.7....weird

?xml version="1.0" encoding="ISO-8859-1"?>

Jamf Nation Community

Pushing software