Jamf Nation Community

ammonsc · ‎03-24-2020

For various security reasons our JAMF installation does not allow installs from outside the network. With our company being all WFH this has it's challenges. I thought I would share a script I use to deploy necessary packages remotely.

If I borrowed from a script already out there I apologize for not noting it inn here. I usually do that and I am sure I did not come up with all of this myself.

#!/bin/bash

# Set the package specifics using JAMF script options 
packageDownloadUrl="$4"
packageName="$5"

log() {
    echo "$1"
    /usr/bin/logger -t "$packageName:" "$1"
}
log "Installing $packageName"

## Get the Username of the currently logged user
loggedInUser=`/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }'`
tempDir=$(/usr/bin/mktemp -d -t "temp_install")
echo $tempDir

log "Downloading $packageName..."
/usr/bin/curl -s $packageDownloadUrl -o "$tempDir/$packageName"
if [ $? -ne 0 ]; then
    log "curl error: The package did not successfully download"; exit 1
fi


log "Installing $packageName..."
/usr/sbin/installer -pkg $tempDir/$packageName -target /
if [ $? -ne 0 ]; then
    log "installer error: The package did not successfully install"; exit 1
fi


# cleanup
log "Removing $packageName..."
rm -rf  "$tempDir"

exit 0

Chris_Hafner · ‎03-27-2020

Out of curiosity, how is this different (from a security perspective) than the binary downloading and installing them? Really, just simple curiosity.

ammonsc · ‎03-27-2020

I do not have a distribution point outside of my network. So if a user is working from home now and does not have a need to get on the VPN (apparently more common than I would have thought) they may not get some of the patches that I need to push. Such as an updated VPN client or AV software. I can the packages on a web server temporarily and then have this install happen.

Jamf Nation Community

Remote package deployment