Trying to work with custom triggers

binjali
Contributor

I wanted to make a popup window that users had to click on to acknowledge they were getting an update that would close their open application.

I created a notifyScript , a notifyPolicy, and a updatePolicy.

notifyPolicy is set to enabled, recurring check-in, automatically rerun, on next.

notifyPolicy is set to enabled. notifyPolicy passes the name of updatePolicy into notifyScript as an argument

notifyScript uses updatePolicy name as a custom event trigger to call update Policy

When notifyPolicy runs, i get the following:

"No policies were found for the "updatePolicy" trigger.

Where am i going wrong?

1 ACCEPTED SOLUTION

mm2270
Legendary Contributor III

Try this script, which was modified to use jamfHelper. See if you get what you want.

#!/bin/sh

# uncomment the next line to enable debugging
#set -x

## Parameters for new software version
appPath="$4"		# Path to application, escape spaces, no quotes
appName="$5" 		# Name of App
newVersion="$6"		# target App Version
policyTrigger="$7"	# name of install policy to be triggered

jamfHelperPath="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper"

# get the currently logged in user
currentUser=$( echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ { print $3 }' )

# get version of installed appName
version=$( /usr/bin/defaults read "$appPath/Contents/Info" CFBundleShortVersionString )

# Get the application's icon icns path
appIcon=$(/usr/bin/defaults read "$appPath/Contents/Info" CFBundleIconFile)

## path to icon for dialog
iconPath="$appPath/Contents/Resources/$appIcon"

# global check if there is a user logged in
if [ -z "$currentUser" -o "$currentUser" = "loginwindow" ]; then
  echo "no user logged in, cannot proceed"
  exit 1
fi

# now we know a user is logged in

# main code starts here
if [[ $version != $newVersion ]]
then
	notifyText="$appName is outdated. Please quit $appName, then click OK to Update."
    "$jamfHelperPath" -windowType utility -description "$notifyText" -button1 "OK" -defaultButton 1 -icon "$appIcon"
#	pgrep "$appName" | xargs kill -15
#	/usr/local/bin/jamf policy -event "$policyTrigger"
else
	echo "*** $appName versions match "
   	exit 0
fi

exit 0

View solution in original post

28 REPLIES 28

stevewood
Honored Contributor II
Honored Contributor II

What is the scoping on the "updatePolicy"? Also, if you are trying to trigger using "updatePolicy" as the trigger, did you set "Custom Event" in the updatePolicy? You do not use the name of the policy, you use the value you put in the "Custom Event" field after selecting "Custom".

Edit_Policy_Google_Chrome_-_Push__.png

binjali
Contributor

Thanks for replying! notifyPolicy is currently scoped to a single computer for testing/building.  I want the "notifyPolicy" policy to execute first so that a user gets a popup to acknowledge. The acknoledgement then is supposed to trigger the "updatePolicy" policy which is what actually installs the .pkg  i feel like i'm really close to getting this working.

notifyPolicynotifyPolicynotifyPolicynotifyPolicyupdatePolicyupdatePolicyupdatePolicyupdatePolicynotifyScriptnotifyScriptparameters passed to notifyScriptparameters passed to notifyScript

btowns
New Contributor III

Like Steve pointed out, you need to use the custom trigger string that you’ve set instead of the name of the policy. Your policyTrigger parameter needs to be set to “updateWorkspace”.

Waldroup151
New Contributor II

Yeah, I strongly recommend using "control scripts" with logic that calls various policy triggers when you need to control the timing of events. Once you get the hang of it, it's very effective.

MDHHS MI Bridges

binjali
Contributor

Okay, I changed the parameter to "updateWorkspace" but now Jamf is giving me this error message:  I did get the popup I wanted, which is nice!  But I'm still not getting the activation of the update policy. what gives?Screen Shot 2022-06-24 at 11.15.39 AM.png

mm2270
Legendary Contributor III

Looks like the issue is this line in the script.

version=$(defaults read $appPath/Contents/Info CFBundleShortVersionString)

Since "Citrix Workspace.app" has a space in it, you should update the script to contain the path to the Info.plist or at least the app path itself in double quotes and remove the \ character in your parameter. I would make this adjustment to it

version=$(defaults read "$appPath"/Contents/Info CFBundleShortVersionString)

That should avoid the error you're seeing in the policy log.

Make sure to change your script parameter in the policy for appPath to just /Applications/Citrix Workspace.app

This helped clear up that error! thank you so much for the assistance!  @stevewood helped out with scoping, but when I leave the machines alone for the regular checkin to work, The popup window doesn't show up and i get new errors! details further down

stevewood
Honored Contributor II
Honored Contributor II

How do you have the "Scope" tab configured on hte "Update Workspace" policy? The "No policies were found" error indicates that the device, or user, were not in scope for that policy. 

the updateWorkspace policy is currently scoped to Specific computers, Specific users, but has no targets.  Since i didn't want it to kick off unless specifically triggered by machines that got scoped in the updateNotify policy

stevewood
Honored Contributor II
Honored Contributor II

Well, that's what the problem is. You have to have computers in scope for it to work. So if you're testing with a specific computer or user, scope to that (computer or user).

Or, since you are only able to trigger with the custom trigger, you can scope to All Computers and know that it will not run unless you call it using the trigger.

That helped!  I did sudo jamf policy on my test target machine, and everything worked!  I rolled the version back and forced another check-in, and it worked!  I even got the popup window I wanted!

Then I rolled the version back, flushed the logs, and waited for the regular schedule checkin

No popup window, and the package installed.  Not the behaviour i'm looking for.

Executing Policy z_update Workspace Notify
Running script z_distributionNotify...
Script exit code: 0
Script result: 2022-06-24 15:40:01.134 osascript[13382:237222] -[__NSCFConstantString objectAtIndex:]: unrecognized selector sent to instance 0x7fff8be230d0
2022-06-24 15:40:01.135 osascript[13382:237222] *** Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: '-[__NSCFConstantString objectAtIndex:]: unrecognized selector sent to instance 0x7fff8be230d0' *** First throw call stack: ( 0 CoreFoundation 0x00007fff345ee4d7 __exceptionPreprocess + 250 1 libobjc.A.dylib 0x00007fff6ceb25bf objc_exception_throw + 48 2 CoreFoundation 0x00007fff3466d607 -[NSObject(NSObject) __retain_OA] + 0 3 CoreFoundation 0x00007fff34552d2b ___forwarding___ + 1427 4 CoreFoundation 0x00007fff34552708 _CF_forwarding_prep_0 + 120 5 CoreFoundation 0x00007fff34521ef7 CFArrayContainsValue + 197 6 HIServices 0x00007fff328287b9 TransformProcessType + 927 7 osascript 0x0000000100d8c02c osascript + 12332 8 HIToolbox 0x00007fff3323c7a5 AEInteractWithUser + 53 9 StandardAdditions 0x000000010391e8b9 CSDSTEXTurl_ + 5865 10 StandardAdditions 0x000000010390f331 AEVTsysodlog + 85 11 AE 0x00007fff358e6203 _AppleEventsCheckInAppWithBlock + 18103 12 AE 0x00007fff358f5c83 AESendMessage + 2838 13 AE 0x00007fff35901fb1 aeSend + 355 14 osascript 0x0000000100d8ab25 osascript + 6949 15 AppleScript 0x00007fff480b9fb2 _Z13ComponentSendPK6AEDescPS_ii + 485 16 AppleScript 0x00007fff480cbb7a _ZN15TUASApplication4SendEP25TStackFrame_UASRemoteSendP6AEDescS3_hhh + 2332 17 AppleScript 0x00007fff480ec917 _Z13UASRemoteSendhhhhhPh + 548 18 AppleScript 0x00007fff480c4e60 _Z13UASActor_Sendhhh + 383 19 AppleScript 0x00007fff480f8072 _Z13UASValue_Sendhh14TUASClassIndexh + 326 20 AppleScript 0x00007fff480cfc69 _Z11UASExecute1v + 288 21 AppleScript 0x00007fff480a3796 _Z14ASExecuteEventPK6AEDescjiPj + 614 22 AppleScript 0x00007fff4809c5e1 AppleScriptComponent + 1677 23 AppleScript 0x00007fff480b584b _ZN12AGenericCall8DelegateEP23ComponentInstanceRecord + 37 24 AppleScript 0x00007fff480b5811 _ZN15AGenericManager13HandleOSACallEP19ComponentParameters + 57 25 AppleScript 0x00007fff480b4dfc GenericComponent + 156 26 OpenScripting 0x00007fff3347f3e2 OSAExecuteEvent + 50 27 osascript 0x0000000100d8b5bd osascript + 9661 28 libdyld.dylib 0x00007fff6e05acc9 start + 1 29 ??? 0x0000000000000003 0x0 + 3 ) libc++abi.dylib: terminating with uncaught exception of type NSException /Library/Application Support/JAMF/tmp/z_distributionNotify: line 17: 13382 Abort trap: 6 $OSASCRIPT -e 'display dialog "'"$appName"' is outdated. Please quit '"$appName"', then click OK to update." buttons {"OK"} default button 1' No matching processes were found Checking for policies triggered by "updateWorkspace" for user "jssaccount"... Executing Policy z_updateWorkspace2206 Downloading Install Citrix Workspace 2206.pkg... Downloading https://use1-jcds.services.jamfcloud.com//download/9c47a6ab47fd4f229ac2a54924efe59a/Install%20Citrix...... Verifying package integrity... Installing Install Citrix Workspace 2206.pkg... Successfully installed Install Citrix Workspace 2206.pkg. Submitting log to https://zumiez.jamfcloud.com/

stevewood
Honored Contributor II
Honored Contributor II

Looks like there was an error thrown by the 'osascript' line. Not sure what but I'd dig into that.

Not sure if it will help or not, but you might try breaking your 'osascript' line out and also not chaining the kill and jamf commands. Something like these lines:

#!/bin/bash

appPath="$4"
appName="$5"
newVersion="$6"
policyTrigger="$7"

version=$( /usr/bin/defaults read "$appPath/Contents/INfo CFBundleShortVersionString" )

if [[  $version != $newVersion ]]; then
	
	notifyUser="display dialog \"$appName is outdated. Please quit $appName, then click OK to Update.\" buttons {\"OK\"} default button 1"
	displayDialog=$( /usr/bin/osascript -e "$notifyUser" )
	pgrep "$appName" | xargs kill -15
	/usr/local/bin/jamf policy -event "$policyTrigger"

fi
exit 0

mm2270
Legendary Contributor III

It's possible the issue is that when the policy gets run by the check-in trigger, it's not liking that your script is calling an Applescript (osascript) command and attempting to present a dialog to the logged in user. You see, when a policy gets run by Recurring Check-in, there's a LaunchDaemon that runs that, and anything called from a LaunchDaemon by default (unless otherwise specified) runs as root and within a root context.

By contrast when you do something like sudo jamf policy in a Terminal window, you're escalating privileges with the sudo, but it's still running in the logged in user's context.

What I'm getting at is, take a look at this blog post by Armin Briegel for some tips on how to get commands to run as the logged in user, which can help get around these OS restrictions.

Running a Command as another User – Scripting OS X

binjali
Contributor

So, i came up with this as a new option for my notify policy

#!/bin/sh

# variable and function declarations
export PATH=/usr/bin:/bin:/usr/sbin:/sbin

# get the currently logged in user
currentUser=$( echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ { print $3 }' )

# global check if there is a user logged in
if [ -z "$currentUser" -o "$currentUser" = "loginwindow" ]; then
  echo "no user logged in, cannot proceed"
  exit 1
fi
# now we know a user is logged in

# get the current user's UID
uid=$(id -u "$currentUser")

# convenience function to run a command as the current user
# usage:
#   runAsUser command arguments...
runAsUser() {  
  if [ "$currentUser" != "loginwindow" ]; then
    launchctl asuser "$uid" sudo -u "$currentUser" "$@"
  else
    echo "no user logged in"
    # uncomment the exit command
    # to make the function exit with an error when no user is logged in
    # exit 1
  fi
}

## Parameters for new software version
appPath="$4"		# Path to application, escape spaces, no quotes
appName="$5" 		# Name of App
newVersion="$6"		# target App Version
policyTrigger="$7"	# name of install policy to be triggered

# main code starts here
OSASCRIPT="/usr/bin/osascript"

runAsUser $OSASCRIPT -e 'display dialog "'"$appName"' is outdated. Please quit '"$appName"', then click OK to update." buttons {"OK"} default button 1'; killall $appName; jamf policy -event $policyTrigger

fi

exit 0

and after I get it to run, i get this in the Jamf logsScreen Shot 2022-06-27 at 1.39.03 PM.png

Not sure if I have too many fi statements or whatever.

i have also created this to try and follow @stevewood 's advice:

#!/bin/sh

# variable and function declarations
export PATH=/usr/bin:/bin:/usr/sbin:/sbin

# get the currently logged in user
currentUser=$( echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ { print $3 }' )

# global check if there is a user logged in
if [ -z "$currentUser" -o "$currentUser" = "loginwindow" ]; then
  echo "no user logged in, cannot proceed"
  exit 1
fi
# now we know a user is logged in

# get the current user's UID
uid=$(id -u "$currentUser")

# convenience function to run a command as the current user
# usage:
#   runAsUser command arguments...
runAsUser() {  
  if [ "$currentUser" != "loginwindow" ]; then
    launchctl asuser "$uid" sudo -u "$currentUser" "$@"
  else
    echo "no user logged in"
    # uncomment the exit command
    # to make the function exit with an error when no user is logged in
    # exit 1
  fi
}

## Parameters for new software version
appPath="$4"		# Path to application, escape spaces, no quotes
appName="$5" 		# Name of App
newVersion="$6"		# target App Version
policyTrigger="$7"	# name of install policy to be triggered

# main code starts here
OSASCRIPT="/usr/bin/osascript"
if [[  $version != $newVersion ]]; then
	
	notifyUser="display dialog \"$appName is outdated. Please quit $appName, then click OK to Update.\" buttons {\"OK\"} default button 1"
	runAsUser displayDialog=$( /usr/bin/osascript -e "$notifyUser" )
	pgrep "$appName" | xargs kill -15
	/usr/local/bin/jamf policy -event "$policyTrigger"

exit 0

and I'm waiting to see if that helps

stevewood
Honored Contributor II
Honored Contributor II

In your script, you have an extra "fi" on line 44. Not sure why the 'jamf' command on 42 is not functioning. Might want to put the full path to the binary: /usr/local/bin/jamf

And on my script, you have a missing "fi" before the "exit 0". Might be my mistake, but that last "if" block is not closed so you'll get an error.

so, i thought i got it right, but its still not happy

#!/bin/sh

# variable and function declarations
export PATH=/usr/bin:/bin:/usr/sbin:/sbin

# get the currently logged in user
currentUser=$( echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ { print $3 }' )

# global check if there is a user logged in
if [ -z "$currentUser" -o "$currentUser" = "loginwindow" ]; then
  echo "no user logged in, cannot proceed"
  exit 1
fi
# now we know a user is logged in

# get the current user's UID
uid=$(id -u "$currentUser")

# convenience function to run a command as the current user
# usage:
#   runAsUser command arguments...
runAsUser() {  
  if [ "$currentUser" != "loginwindow" ]; then
    launchctl asuser "$uid" sudo -u "$currentUser" "$@"
  else
    echo "no user logged in"
    # uncomment the exit command
    # to make the function exit with an error when no user is logged in
    # exit 1
  fi
}

## Parameters for new software version
appPath="$4"		# Path to application, escape spaces, no quotes
appName="$5" 		# Name of App
newVersion="$6"		# target App Version
policyTrigger="$7"	# name of install policy to be triggered

# main code starts here
OSASCRIPT="/usr/bin/osascript"
if [[  $version != $newVersion ]]; then
	{
	notifyUser="display dialog \"$appName is outdated. Please quit $appName, then click OK to Update.\" buttons {\"OK\"} default button 1"
	runAsUser displayDialog=$( /usr/bin/osascript -e "$notifyUser" )
	pgrep "$appName" | xargs kill -15
	/usr/local/bin/jamf policy -event "$policyTrigger"}
   fi

exit 0

binjali
Contributor

Okay. I have a new notify script, works great when I run it manually (sudo jamf policy)

#!/bin/sh

# variable and function declarations
export PATH=/usr/bin:/bin:/usr/sbin:/sbin

# get the currently logged in user
currentUser=$( echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ { print $3 }' )

# global check if there is a user logged in
if [ -z "$currentUser" -o "$currentUser" = "loginwindow" ]; then
  echo "no user logged in, cannot proceed"
  exit 1
fi
# now we know a user is logged in

# get the current user's UID
uid=$(id -u "$currentUser")

# convenience function to run a command as the current user
# usage:
#   runAsUser command arguments...
runAsUser() {  
  if [ "$currentUser" != "loginwindow" ]; then
    launchctl asuser "$uid" sudo -u "$currentUser" "$@"
  else
    echo "no user logged in"
    # uncomment the exit command
    # to make the function exit with an error when no user is logged in
    # exit 1
  fi
}

## Parameters for new software version
appPath="$4"		# Path to application, escape spaces, no quotes
appName="$5" 		# Name of App
newVersion="$6"		# target App Version
policyTrigger="$7"	# name of install policy to be triggered

# main code starts here
OSASCRIPT="/usr/bin/osascript"
if [[ $version != $newVersion ]]
then
	notifyUser="display dialog \"$appName is outdated. Please quit $appName, then click OK to Update.\" buttons {\"OK\"} default button 1"
	runAsUser displayDialog=$( /usr/bin/osascript -e "$notifyUser" )
	pgrep "$appName" | xargs kill -15
	/usr/local/bin/jamf policy -event "$policyTrigger"    
fi

exit 0

when i let the computer check in, this is what shows up in the logs:

Script result: 2022-06-27 16:20:36.546 osascript[1824:14413] -[__NSCFConstantString objectAtIndex:]: unrecognized selector sent to instance 0x7fff90e590d0
2022-06-27 16:20:36.550 osascript[1824:14413] *** Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: '-[__NSCFConstantString objectAtIndex:]: unrecognized selector sent to instance 0x7fff90e590d0'
*** First throw call stack:
(
0 CoreFoundation 0x00007fff396244d7 __exceptionPreprocess + 250
1 libobjc.A.dylib 0x00007fff71ee85bf objc_exception_throw + 48
2 CoreFoundation 0x00007fff396a3607 -[NSObject(NSObject) __retain_OA] + 0
3 CoreFoundation 0x00007fff39588d2b ___forwarding___ + 1427
4 CoreFoundation 0x00007fff39588708 _CF_forwarding_prep_0 + 120
5 CoreFoundation 0x00007fff39557ef7 CFArrayContainsValue + 197
6 HIServices 0x00007fff3785e7b9 TransformProcessType + 927
7 osascript 0x000000010f30e02c osascript + 12332
8 HIToolbox 0x00007fff382727a5 AEInteractWithUser + 53
9 StandardAdditions 0x0000000111ed58b9 CSDSTEXTurl_ + 5865
10 StandardAdditions 0x0000000111ec6331 AEVTsysodlog + 85
11 AE 0x00007fff3a91c203 _AppleEventsCheckInAppWithBlock + 18103
12 AE 0x00007fff3a92bc83 AESendMessage + 2838
13 AE 0x00007fff3a937fb1 aeSend + 355
14 osascript 0x000000010f30cb25 osascript + 6949
15 AppleScript 0x00007fff4d0effb2 _Z13ComponentSendPK6AEDescPS_ii + 485
16 AppleScript 0x00007fff4d101b7a _ZN15TUASApplication4SendEP25TStackFrame_UASRemoteSendP6AEDescS3_hhh + 2332
17 AppleScript 0x00007fff4d122917 _Z13UASRemoteSendhhhhhPh + 548
18 AppleScript 0x00007fff4d0fae60 _Z13UASActor_Sendhhh + 383
19 AppleScript 0x00007fff4d12e072 _Z13UASValue_Sendhh14TUASClassIndexh + 326
20 AppleScript 0x00007fff4d105c69 _Z11UASExecute1v + 288
21 AppleScript 0x00007fff4d0d9796 _Z14ASExecuteEventPK6AEDescjiPj + 614
22 AppleScript 0x00007fff4d0d25e1 AppleScriptComponent + 1677
23 AppleScript 0x00007fff4d0eb84b _ZN12AGenericCall8DelegateEP23ComponentInstanceRecord + 37
24 AppleScript 0x00007fff4d0eb811 _ZN15AGenericManager13HandleOSACallEP19ComponentParameters + 57
25 AppleScript 0x00007fff4d0eadfc GenericComponent + 156
26 OpenScripting 0x00007fff384b53e2 OSAExecuteEvent + 50
27 osascript 0x000000010f30d5bd osascript + 9661
28 libdyld.dylib 0x00007fff73090cc9 start + 1
29 ??? 0x0000000000000003 0x0 + 3
)
libc++abi.dylib: terminating with uncaught exception of type NSException
usage: sudo -h | -K | -k | -V
usage: sudo -v [-AknS] [-g group] [-h host] [-p prompt] [-u user]
usage: sudo -l [-AknS] [-g group] [-h host] [-p prompt] [-U user] [-u user]
[command]
usage: sudo [-AbEHknPS] [-C num] [-D directory] [-g group] [-h host] [-p
prompt] [-R directory] [-T timeout] [-u user] [VAR=value] [-i|-s]
[<command>]
usage: sudo -e [-AknS] [-C num] [-D directory] [-g group] [-h host] [-p prompt]
[-R directory] [-T timeout] [-u user] file ...
Checking for policies triggered by "updateWorkspace" for user "jssaccount"...
No policies were found for the "updateWorkspace" trigger.

 

So, something is going wrong with all the "run as" stuff, i think?  This is so hard to follow!

stevewood
Honored Contributor II
Honored Contributor II

You're over complicating the script. First, you do not need the "EXPORT" line since the path you are exporting is the standard path on most machines. Also, if you use the full path to binaries that you are running, you shouldn't need to do that anyway.

The "RunAs" function that you put in is wrong, and unnecessary. If you go back to the Scripting OS X article that Mike listed, the "launchctl asuser" method is for loading and unloading LaunchDaemons or LaunchAgents. You will want to use the "sudo -u "$currentUser"" functionality to run the "osascript" command.

There was a typo or two in the script I posted, so I cleaned that up. I tested the below in my Jamf Pro server using Google Chrome as the example. This worked fine without throwing any errors that would prevent execution (there is a warning about fonts if you look at the debug of the script, but it's not important).

You can use the command "set -x" to have the script output each command as it is being run. This gets logged in the Policy Log so you can see what is going on on the computer.

The script:

#!/bin/sh

# uncomment the next line to enable debugging
#set -x

## Parameters for new software version
appPath="$4"		# Path to application, escape spaces, no quotes
appName="$5" 		# Name of App
newVersion="$6"		# target App Version
policyTrigger="$7"	# name of install policy to be triggered

# get the currently logged in user
currentUser=$( echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ { print $3 }' )

# get version of installed appName
version=$( /usr/bin/defaults read "$appPath/Contents/Info" CFBundleShortVersionString )

# global check if there is a user logged in
if [ -z "$currentUser" -o "$currentUser" = "loginwindow" ]; then
  echo "no user logged in, cannot proceed"
  exit 1
fi

# now we know a user is logged in

# main code starts here
OSASCRIPT="/usr/bin/osascript"
if [[ $version != $newVersion ]]
then
	notifyUser="display dialog \"$appName is outdated. Please quit $appName, then click OK to Update.\" buttons {\"OK\"} default button 1"
    displayDialog=$( sudo -u "$currentUser" /usr/bin/osascript -e "$notifyUser" )
	pgrep "$appName" | xargs kill -15
	/usr/local/bin/jamf policy -event "$policyTrigger"    
else
	echo "*** $appName versions match "
   	exit 0
fi

exit 0

 

And the policy log when I had debugging on:

Script result: + appPath='/Applications/Google Chrome.app'
+ appName='Google Chrome'
+ newVersion=103.0.5060.53
+ policyTrigger=googlechrome
++ echo 'show State:/Users/ConsoleUser'
++ scutil
++ awk '/Name :/ { print $3 }'
+ currentUser=jamfdemo
++ /usr/bin/defaults read '/Applications/Google Chrome.app/Contents/Info' CFBundleShortVersionString
+ version=97.0.4692.99
+ '[' -z jamfdemo -o jamfdemo = loginwindow ']'
+ OSASCRIPT=/usr/bin/osascript
+ [[ 97.0.4692.99 != 103.0.5060.53 ]]
+ notifyUser='display dialog "Google Chrome is outdated. Please quit Google Chrome, then click OK to Update." buttons {"OK"} default button 1'
++ sudo -u jamfdemo /usr/bin/osascript -e 'display dialog "Google Chrome is outdated. Please quit Google Chrome, then click OK to Update." buttons {"OK"} default button 1'
2022-06-27 21:56:12.942 osascript[64607:1793974] XType: failed to connect - Error Domain=NSCocoaErrorDomain Code=4099 "The connection to service named com.apple.fonts was invalidated: failed at lookup with error 3 - No such process." UserInfo={NSDebugDescription=The connection to service named com.apple.fonts was invalidated: failed at lookup with error 3 - No such process.}
2022-06-27 21:56:12.942 osascript[64607:1793974] Font server protocol version mismatch (expected:5 got:0), falling back to local fonts
2022-06-27 21:56:12.942 osascript[64607:1793974] XType: unable to make a connection to the font daemon!
2022-06-27 21:56:12.942 osascript[64607:1793974] XType: XTFontStaticRegistry is enabled as fontd is not available.
+ displayDialog='button returned:OK'
+ pgrep 'Google Chrome'
+ xargs kill -15
+ /usr/local/bin/jamf policy -event googlechrome
Checking for policies triggered by "googlechrome" for user "jamfdemo"...
Executing Policy Install - Google Chrome
Submitting log to <your jamf server>
+ exit 0

 

Give that a try.

Pasted that code snip in and  waited for check-in to fire. After it did, the update did not run, and my installed version hasn;t changed.  This is what the logging said:

Executing Policy z_update Workspace Notify
Running script z_distributionNotify...
Script exit code: 0
Script result: + appPath='/Applications/Citrix Workspace.app'
+ appName='Citrix Workspace' + newVersion=22.06.0 + policyTrigger=updateWorkspace ++ echo 'show State:/Users/ConsoleUser' ++ scutil ++ awk '/Name :/ { print $3 }' + currentUser=jssaccount ++ /usr/bin/defaults read '/Applications/Citrix Workspace.app/Contents/Info' CFBundleShortVersionString + version=22.04.0 + '[' -z jssaccount -o jssaccount = loginwindow ']' + OSASCRIPT=/usr/bin/osascript + [[ 22.04.0 != 22.06.0 ]] + notifyUser='display dialog "Citrix Workspace is outdated. Please quit Citrix Workspace, then click OK to Update." buttons {"OK"} default button 1' ++ sudo -u jssaccount /usr/bin/osascript -e 'display dialog "Citrix Workspace is outdated. Please quit Citrix Workspace, then click OK to Update." buttons {"OK"} default button 1' 0:133: execution error: No user interaction allowed. (-1713) + displayDialog= + pgrep 'Citrix Workspace' + xargs kill -15 + /usr/local/bin/jamf policy -event updateWorkspace Checking for policies triggered by "updateWorkspace" for user "jssaccount"... No policies were found for the "updateWorkspace" trigger. + exit 0

Is this just because I have the computer signed in as the jssaccount?  would i get something different if I was signed in as a different user that wasn't the jssaccount:

figured out why the update didn't fire: needed to flush logs in the updatePolicy in addition to the notifyPolicy

So, after switching to a different user, and clearing out logs in 2 places, I tried again (waiting for check in is a pain!) same result:

So, after switching to a different user, and clearing out logs in 2 places, I tried again (waiting for check in is a pain!) same result:

Script result: + appPath='/Applications/Citrix Workspace.app'
+ appName='Citrix Workspace'
+ newVersion=22.06.0
+ policyTrigger=updateWorkspace
++ echo 'show State:/Users/ConsoleUser'
++ scutil
++ awk '/Name :/ { print $3 }'
+ currentUser=localadmin
++ /usr/bin/defaults read '/Applications/Citrix Workspace.app/Contents/Info' CFBundleShortVersionString
+ version=22.04.0
+ '[' -z localadmin -o localadmin = loginwindow ']'
+ OSASCRIPT=/usr/bin/osascript
+ [[ 22.04.0 != 22.06.0 ]]
+ notifyUser='display dialog "Citrix Workspace is outdated. Please quit Citrix Workspace, then click OK to Update." buttons {"OK"} default button 1'
++ sudo -u localadmin /usr/bin/osascript -e 'display dialog "Citrix Workspace is outdated. Please quit Citrix Workspace, then click OK to Update." buttons {"OK"} default button 1'
0:133: execution error: No user interaction allowed. (-1713)
+ displayDialog=
+ pgrep 'Citrix Workspace'
+ xargs kill -15
+ /usr/local/bin/jamf policy -event updateWorkspace
Checking for policies triggered by "updateWorkspace" for user "localadmin"...
Executing Policy z_updateWorkspace2206
Downloading Install Citrix Workspace 2206.pkg...
Downloading https://use1-jcds.services.jamfcloud.com//download/9c47a6ab47fd4f229ac2a54924efe59a/Install%20Citrix%20Workspace%202206.pkg?token=3332d0beeddb4848923e0f2cebaf465140rsd5tywkk44mlt9qqm6x4te5sc8pv8...
Verifying package integrity...
Installing Install Citrix Workspace 2206.pkg...
Successfully installed Install Citrix Workspace 2206.pkg.
Submitting log to https://zumiez.jamfcloud.com/
+ exit 0

 

No user interaction allowed.  so.. have I been wasting my time trying to do this?

mm2270
Legendary Contributor III

You're not wasting your time, but you might be trying to use the wrong tool for the job. See my post above in response to Steve for some alternatives you might want to look at. Trying to get the OS to show Applescript dialogs to the logged in user when called as root is a PITA and becomes more so with each new OS release from Apple.

Looking at all the scripts you've posted, since all you want to do is pop up a basic dialog with an OK button, I suggest moving over to use jamfHelper or one of the 3rd party tools I mention. There's no reason to wrestle with osascript for something this simple.

mm2270
Legendary Contributor III

Try this script, which was modified to use jamfHelper. See if you get what you want.

#!/bin/sh

# uncomment the next line to enable debugging
#set -x

## Parameters for new software version
appPath="$4"		# Path to application, escape spaces, no quotes
appName="$5" 		# Name of App
newVersion="$6"		# target App Version
policyTrigger="$7"	# name of install policy to be triggered

jamfHelperPath="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper"

# get the currently logged in user
currentUser=$( echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ { print $3 }' )

# get version of installed appName
version=$( /usr/bin/defaults read "$appPath/Contents/Info" CFBundleShortVersionString )

# Get the application's icon icns path
appIcon=$(/usr/bin/defaults read "$appPath/Contents/Info" CFBundleIconFile)

## path to icon for dialog
iconPath="$appPath/Contents/Resources/$appIcon"

# global check if there is a user logged in
if [ -z "$currentUser" -o "$currentUser" = "loginwindow" ]; then
  echo "no user logged in, cannot proceed"
  exit 1
fi

# now we know a user is logged in

# main code starts here
if [[ $version != $newVersion ]]
then
	notifyText="$appName is outdated. Please quit $appName, then click OK to Update."
    "$jamfHelperPath" -windowType utility -description "$notifyText" -button1 "OK" -defaultButton 1 -icon "$appIcon"
#	pgrep "$appName" | xargs kill -15
#	/usr/local/bin/jamf policy -event "$policyTrigger"
else
	echo "*** $appName versions match "
   	exit 0
fi

exit 0

So, At first I was excited, because as soon as I tied this updateNotify2 script to the updateNotify Workspace policy, I got my popup-window!  Didn't get the icon, just a blank space, but that is so far down the list of priorities that it has become irrelivant!

 

I got super excited for a second, but then I saw that the actual update didn't kick off. I was confused, since i had cloned the previous updateNotify policy into the new one.

Then I saw that the lines for doing the actual custom trigger had been commented out!  Two successful test later and I'm feeling way more confident about proceeding.

Thanks for your help!

mm2270
Legendary Contributor III

Ah! My bad! I forgot I commented those lines out when I ran a quick test on the script before posting it. 
Glad you figured that out though! 

 

As for the icon not showing up, that was my somewhat feeble attempt to get the icon of the app you’re looking to update to show up, but it’s not a guarantee to work on all apps. It’s probably best you swap in your own icon, like a company logo maybe on disk somewhere. Just add the path to the icon file or image after the -icon flag in the script. 

mm2270
Legendary Contributor III

@stevewood I use the launchctl asuser "$uid" sudo -u "$currentUser" syntax all the time in my scripts when I want something to run as the logged in user and never have any issues. In fact, in Armin's blog, he mentions that to hedge your bets it can include both launchctl asuser and sudo -u username syntax in one command so you cover your bases. The function that @binjali included in his script is taken verbatim from the blog in fact.

That said, these kinds of troubles are the reason I use other 3rd party messaging tools to pop up my messages and forgo the use of osascript unless it's the only option I have available. These days I use IBM Notifier a lot, but I'm also beginning to use swiftDialog a bit more as well. Both are great tools that take a little time to get used to their syntax and use, but well worth the time if you have a need to periodically send up messages to users from a Jamf policy.

@binjali There is also jamfHelper for this if you wanted to use something that gets delivered to every Mac by default. I know for some environments pushing out a 3rd party tool from github is a non-starter, but hopefully using something that ships with your MDM vendor would be acceptable. In the end, I think any of these options may be better than using Applescript personally.

stevewood
Honored Contributor II
Honored Contributor II

@mm2270 - thanks for setting me right, again. :-) I guess I didn't read far enough through Armin's post, and I've only ever used that command for launchctl stuff. Regardless, I should have suggested moving away from AppleScript in favor of one of the solutions you mentioned. I know better.

Thank you so much for jumping in and helping, @stevewood! Its super appreciated on my end just getting a response at all!