Unattended installation with password passthrough

MarcosMunoz
New Contributor III

I built a pkg using Platypus that is designed to run an unattended install using the following script:

#!/bin/sh
sudo installer -allowUntrusted -verboseR -pkg "/path-to-pkg" -target /

I added the following line to present the users with a notification when the installation was complete:

#!/bin/sh
osascript -e 'tell app "System Events" to display dialog "All Done!"'

When I tested, I kept getting mixed results. Sometimes the installation would complete successfully. But, most of my tests were unsuccessful. The application appeared to "install" in a matter of seconds. When I looked in the system log, I kept seeing the following error "sudo: no tty present and no askpass program specified"

The users on these particular machines are admins and should be sudoers. Is there a way to prompt them for their password and pass that through a script?

I tried something like this:

#!/bin/sh
    CURPASSWORD="$(osascript -e 'tell application "System Events" to display dialog "Please enter your CURRENT password:" with hidden answer default answer ""' -e 'text returned of result' 2>/dev/null)"
    if [ $? -ne 0 ]; then
        # Pressed cancel
        exit 0
    elif [ -z "$CURPASSWORD" ]; then
        # Left blank
        osascript -e 'tell application "System Events" to display alert "Password can not be left blank." as warning'
    else break
    fi

echo "$CURPASSWORD" | sudo -S installer —allowUntrusted —VerboseR -pkg "path-to-pkg" -target /

But, that was also not successful.

Any help would be appreciated. Not sure what else to try.

Thanks in advance,

Marcos

1 ACCEPTED SOLUTION

mm2270
Legendary Contributor III

@mmunoz2 I have no idea why you're making an installer like that. Why not build this in Composer? Regular installer packages built in Composer or Packages.app can tap into the Apple security framework natively. No need to code anything special for this.
If you look at the documentation provided by the developer for Platypus, he strongly recommends not trying to do any sudo commands in a Platypus built app, because that just isn't what its designed for. In other words, you're using the wrong tool for this. Regular pkg installers handle prompting the user who double clicked it for a password already and escalate its privileges to root to do the install. Since the users are already admins, this whole thing should take a matter of minutes to build. As @bpavlov already said, why are you reinventing this?

View solution in original post

6 REPLIES 6

bpavlov
Honored Contributor

Why not just let the person install the pkg if they already have admin access? Why re-create the wheel? Also, if you're on this forum I assume you have access to the Casper Suite which means you can make use of Self Service to do this as well if you really don't want to distribute pkgs.

MarcosMunoz
New Contributor III

I was given that requirement and I had the same argument. But, lost that fight. The the package is being hosted outside of our servers and I don't have the option to use Self Service in this instance. I would definitely avoid all of this headache and use the tools available to me, if I could. Thanks.

bpavlov
Honored Contributor

That's a sad state of affairs for you then. Sucks when common sense does not prevail.

I don't think PKGs will install reliability off a network share so that might be part of the problem. At least for me I always get an error if I try to run a pkg from a mounted server share. I think the package would need to be copied to the client first before it's run.

MarcosMunoz
New Contributor III

It really is. Puts me in a bind. The package is being hosted on a web server and the users are being given a link to download the package locally before installing it. So, it helps. But, not much.

mm2270
Legendary Contributor III

@mmunoz2 I have no idea why you're making an installer like that. Why not build this in Composer? Regular installer packages built in Composer or Packages.app can tap into the Apple security framework natively. No need to code anything special for this.
If you look at the documentation provided by the developer for Platypus, he strongly recommends not trying to do any sudo commands in a Platypus built app, because that just isn't what its designed for. In other words, you're using the wrong tool for this. Regular pkg installers handle prompting the user who double clicked it for a password already and escalate its privileges to root to do the install. Since the users are already admins, this whole thing should take a matter of minutes to build. As @bpavlov already said, why are you reinventing this?

MarcosMunoz
New Contributor III

Thank you @mm2270 & @bpavlov for stopping me dead in my tracks. I had become so focused on just trying to accomplish the task that I hadn't taken a step back to see the big picture.

I was definitely using the wrong approach/tool for this. After switching gears and using Packages.app, I was able to complete this build, as you said @mm2270 in "... a matter of minutes".

Thanks again guys.