Help

Scripts not working in Catalina

Go to solution
junderwood
New Contributor III

Posted on ‎10-09-2019 02:33 PM

Hello Jamf Nation!

I have a script we've been using to install various apps in Self Service that no longer works in 10.15. Wondering if anyone can tell me why.

It worked fine in 10.14. In 10.15, I can run it in Terminal from the logged in user, but I can't get it to work when I run it as a policy.

An example of the script is here (in this case, to install Chromium):

#!/bin/bash
clear && rm -rf ~/updtemp && mkdir ~/updtemp > /dev/null && cd ~/updtemp 

###############################
#    Define functions  #
###############################
versionChecker() {
    local v1=$1; local v2=$2;
    while [ `echo $v1 | egrep -c [^0123456789.]` -gt 0 ]; do
        char=`echo $v1 | sed 's/.*([^0123456789.]).*/1/'`; char_dec=`echo -n "$char" | od -b | head -1 | awk {'print $2'}`; v1=`echo $v1 | sed "s/$char/.$char_dec/g"`; done
    while [ `echo $v2 | egrep -c [^0123456789.]` -gt 0 ]; do
        char=`echo $v2 | sed 's/.*([^0123456789.]).*/1/'`; char_dec=`echo -n "$char" | od -b | head -1 | awk {'print $2'}`; v2=`echo $v2 | sed "s/$char/.$char_dec/g"`; done
    v1=`echo $v1 | sed 's/../.0/g'`; v2=`echo $v2 | sed 's/../.0/g'`;
    checkVersion "$v1" "$v2"
}

checkVersion() {
    [ "$1" == "$2" ] && return 1
    v1f=`echo $1 | cut -d "." -f -1`;v1b=`echo $1 | cut -d "." -f 2-`;v2f=`echo $2 | cut -d "." -f -1`;v2b=`echo $2 | cut -d "." -f 2-`;
    if [[ "$v1f" != "$1" ]] || [[ "$v2f" != "$2" ]]; then [[ "$v1f" -gt "$v2f" ]] && return 1; [[ "$v1f" -lt "$v2f" ]] && return 0;
        [[ "$v1f" == "$1" ]] || [[ -z "$v1b" ]] && v1b=0; [[ "$v2f" == "$2" ]] || [[ -z "$v2b" ]] && v2b=0; checkVersion "$v1b" "$v2b"; return $?
    else [ "$1" -gt "$2" ] && return 1 || return 0; fi
}

appStatus() {
  if [ ! -d "/Applications/$1" ]; then echo "uninstalled"; else
    if [[ $5 == "build" ]]; then BUNDLE="CFBundleVersion"; else BUNDLE="CFBundleShortVersionString"; fi
    INSTALLED=`/usr/libexec/plistbuddy -c Print:$BUNDLE: "/Applications/$1/Contents/Info.plist"`
      if [ $4 == "dmg" ]; then COMPARETO=`/usr/libexec/plistbuddy -c Print:$BUNDLE: "/Volumes/$2/$1/Contents/Info.plist"`;
      elif [[ $4 == "zip" || $4 == "tar" ]]; then COMPARETO=`/usr/libexec/plistbuddy -c Print:$BUNDLE: "$3$1/Contents/Info.plist"`; fi
    checkVersion "$INSTALLED" "$COMPARETO"; UPDATED=$?;
    if [[ $UPDATED == 1 ]]; then echo "updated"; else echo "outdated"; fi; fi
}
installApp() {
  echo $'360237214200  - ['$2'] Downloading app...'
  if [ $1 == "dmg" ]; then curl -s -L -o "$2.dmg" $4; yes | hdiutil mount -nobrowse "$2.dmg" -mountpoint "/Volumes/$2" > /dev/null;
    if [[ $(appStatus "$3" "$2" "" "dmg" "$7") == "updated" ]]; then echo $'342235214  - ['$2'] Skipped because it was already up to date!
';
    elif [[ $(appStatus "$3" "$2" "" "dmg" "$7") == "outdated" && $6 != "noupdate" ]]; then ditto "/Volumes/$2/$3" "/Applications/$3"; echo $'360237214216  - ['$2'] Successfully updated!
'
    elif [[ $(appStatus "$3" "$2" "" "dmg" "$7") == "outdated" && $6 == "noupdate" ]]; then echo $'342235214  - ['$2'] This app cant be updated!
'
    elif [[ $(appStatus "$3" "$2" "" "dmg" "$7") == "uninstalled" ]]; then cp -R "/Volumes/$2/$3" /Applications; echo $'360237221215  - ['$2'] Succesfully installed!
'; fi
    hdiutil unmount "/Volumes/$2" > /dev/null && rm "$2.dmg"
  elif [ $1 == "zip" ]; then curl -s -L -o "$2.zip" $4; unzip -qq "$2.zip";
    if [[ $(appStatus "$3" "" "$5" "zip" "$7") == "updated" ]]; then echo $'342235214  - ['$2'] Skipped because it was already up to date!
';
    elif [[ $(appStatus "$3" "" "$5" "zip" "$7") == "outdated" && $6 != "noupdate" ]]; then ditto "$5$3" "/Applications/$3"; echo $'360237214216  - ['$2'] Successfully updated!
'
    elif [[ $(appStatus "$3" "" "$5" "zip" "$7") == "outdated" && $6 == "noupdate" ]]; then echo $'342235214  - ['$2'] This app cant be updated!
'
    elif [[ $(appStatus "$3" "" "$5" "zip" "$7") == "uninstalled" ]]; then mv "$5$3" /Applications; echo $'360237221215  - ['$2'] Succesfully installed!
'; fi;
    rm -rf "$2.zip" && rm -rf "$5" && rm -rf "$3"
  elif [ $1 == "tar" ]; then curl -s -L -o "$2.tar.bz2" $4; tar -zxf "$2.tar.bz2" > /dev/null;
    if [[ $(appStatus "$3" "" "$5" "tar" "$7") == "updated" ]]; then echo $'342235214  - ['$2'] Skipped because it was already up to date!
';
    elif [[ $(appStatus "$3" "" "$5" "tar" "$7") == "outdated" && $6 != "noupdate" ]]; then ditto "$3" "/Applications/$3"; echo $'360237214216  - ['$2'] Successfully updated!
';
    elif [[ $(appStatus "$3" "" "$5" "tar" "$7") == "outdated" && $6 == "noupdate" ]]; then echo $'342235214  - ['$2'] This app cant be updated!
'
    elif [[ $(appStatus "$3" "" "$5" "tar" "$7") == "uninstalled" ]]; then mv "$5$3" /Applications; echo $'360237221215  - ['$2'] Succesfully installed!
'; fi
    rm -rf "$2.tar.bz2" && rm -rf "$3"; fi
}

###############################
#    Install apps    #
###############################
installApp "zip" "Chromium" "Chromium.app" "https://download-chromium.appspot.com/dl/Mac" "chrome-mac/" "" ""

###############################
#    Eject Volumes            #
###############################
rm -rf ~/updtemp

When running this as policy in 10.15, I get the following error (for every app we attempt to install in this manor):

�  - [Chromium] Downloading app...
unzip:  cannot find or open Chromium.zip, Chromium.zip.zip or Chromium.zip.ZIP.
mv: rename chrome-mac/Chromium.app to /Applications/Chromium.app: No such file or directory

It appears the script can't download (or find?) the file. I guessed that maybe new security protocols in 10.15 were preventing Terminal from having access to pull and view downloaded files, so I created a PPPC profile to ensure it has access (attached). But still the same error.

220f8a58afe540f0bdad7d57f5d728cf

Just wondering if anyone has any ideas as to why this might be happening... Would love to get these scripts working again--and quickly.

1 ACCEPTED SOLUTION

Go to solution
mm2270
Legendary Contributor III

Posted on ‎10-10-2019 06:08 AM

While I don't know why 10.15 would react any differently with your script than 10.14 or other OS versions, I do think the problem is the use of the ~/udtemp directory in your script. I would consider using a more direct file path for the downloads and other operations, such as /private/tmp/ which is a universally accessible location on all Macs that exists by default. It doesn't need to be created or managed. You are cd'ing into ~/updtemp as your working directory in the script, which may be running into some problems, as suggested by @seann above, since the script run from a policy would be running as 'root', so the ~/ path may not be resolving correctly in that context. I would use more literal complete paths throughout the script and see if that resolves it for you.

View solution in original post

13 REPLIES 13

Go to solution
Gascolator
New Contributor III

Posted on ‎10-09-2019 04:41 PM

https://www.jamf.com/jamf-nation/discussions/32215/heads-up-for-admins-zsh-in-now-default-shell-for-macos-catalina

If you changed the default shell to bash then ignore.

0 Kudos

Go to solution
seann
Contributor

Posted on ‎10-09-2019 06:21 PM

I would add -xv to #!/bin/bash to debug

That being said I wouldn't be surprised if it was having trouble with a working directory given the root context in which Jamf scripts run

Go to solution
junderwood
New Contributor III

Posted on ‎10-09-2019 07:01 PM

@Gaslocater:

https://www.jamf.com/jamf-nation/discussions/32215/heads-up-for-admins-zsh-in-now-default-shell-for-macos-catalina If you changed the default shell to bash then ignore.

The shebang (#!/bin/bash) is calling the bash shell (still installed in 10.15, just no longer default), so shouldn't need to set bash as default. In this case, the script does in fact run perfectly in 10.15--just not when run as a policy, apparently running into a problem at/around the "downloading app" stage.

@Seann, will try the debug tomorrow and report back... I am also thinking there is an issue with working directory in root context--just not sure what issue that would be that's unique to 10.15. Policy works with no problems in 10.14 & 10.13.

0 Kudos

Go to solution
mm2270
Legendary Contributor III

Posted on ‎10-10-2019 06:08 AM

While I don't know why 10.15 would react any differently with your script than 10.14 or other OS versions, I do think the problem is the use of the ~/udtemp directory in your script. I would consider using a more direct file path for the downloads and other operations, such as /private/tmp/ which is a universally accessible location on all Macs that exists by default. It doesn't need to be created or managed. You are cd'ing into ~/updtemp as your working directory in the script, which may be running into some problems, as suggested by @seann above, since the script run from a policy would be running as 'root', so the ~/ path may not be resolving correctly in that context. I would use more literal complete paths throughout the script and see if that resolves it for you.

Go to solution
mschroder
Valued Contributor

Posted on ‎10-10-2019 06:57 AM

bash-3.2$ sudo mkdir /udtemp
Password:
mkdir: /udtemp: Read-only file system
bash-3.2$

0 Kudos

Go to solution
schiemsk
New Contributor III

Posted on ‎10-10-2019 07:08 AM

@mschroder
~/somepath is not /somepath or have I missed something ?

btw, I do as @mm2270 wrote : use of /private/sub path for any package I have to copy before its installation.

0 Kudos

Go to solution
mschroder
Valued Contributor

Posted on ‎10-10-2019 07:23 AM

@schiemsk So what is the difference between ~/somepath and /somepath for user root?

0 Kudos

Go to solution
schiemsk
New Contributor III

Posted on ‎10-10-2019 07:29 AM

Oops, I was in another context... To much time spent on debian boxes today.

root@deb10:~# stat ~/
  File: /root/

root@deb10:~# stat /
  File: /
0 Kudos

Go to solution
junderwood
New Contributor III

Posted on ‎10-10-2019 08:20 AM

@mm2270, changing the location to /private/tmp/ worked. Script now runs in 10.15 as policy without issue. Thanks!

0 Kudos

Go to solution
mschroder
Valued Contributor

Posted on ‎10-10-2019 09:10 AM

I have to admit I am totally confused now. I just ran a policy via the Self-Service, expecting it to resolve '~' as the root homedir, and found out that it did resolve as the homedir of the user that started the Self-Service app. Why did I always make such a fuzz to find out the logged in user when running a script via Self-Service???

0 Kudos

Go to solution
tlarkin
Honored Contributor

Posted on ‎10-10-2019 10:48 AM

Just gonna say it again :-)

AutoPKG + JSS Importer doesn't break between major OS releases.

Go to solution
RobertHammen
Valued Contributor II

Posted on ‎10-10-2019 11:39 AM

Going to second @tlarkin's point, and mention that, should Google rename/move the path to Chrome, it'll take you awhile before you figure out that the script isn't working/is busted and what changed.

If you're using AutoPkg + JSS Importer, the maintainer of the recipe will figure this out, your recipe will get updated, and updates will continue to be automatically pulled and made available to your JSS.

Go to solution
haircut
Contributor

Posted on ‎10-10-2019 02:51 PM

All together now!

Don't 👏 run 👏 curl 👏 as 👏 root!