Using munki to deploy paid App Store app's

careybell
New Contributor III

Background: Started new company. We are not using DEP, VPP, or Casper. Looking to change this at some point but hey, its my second day.

Question: We currently use munki to deploy approved app's and have a request for a paid app that is only found in the App Store. Anyone have thoughts on how to deploy this app via munki? We can purchase the app via our institutional AppleID, not a problem. The problem is getting into munki.
Users do no have access to the App Store
Users are not admin's.

Thanks for any thoughts you might have.

7 REPLIES 7

davidacland
Honored Contributor II

You'll need to either re-package it or use Rich Trouton's method of capturing the .pkg that the App Store downloads before installing.

VPP deployment is so much easier though so I'd definitely recommend looking to get that set up if you are going to get more requests like this.

jarednichols
Honored Contributor

To be clear, methods that strip ties to Apple IDs with software from the MAS are unsupported and may break at any point in the future.

Use at your own risk.

gregneagle
Valued Contributor

Have you looked at this?

https://github.com/munki/munki/wiki/App-Store-Apps

Just buy the app with your institutional ID, download it using the App Store, and import it into Munki.

careybell
New Contributor III
You'll need to either re-package it or use Rich Trouton's method of capturing the .pkg that the App Store downloads before installing.

Thanks for the reply. Can you expand on the "Rich Trouton's method"?

VPP deployment is so much easier though so I'd definitely recommend looking to get that set up if you are going to get more requests like this.

Agree 100%. Like I said, I will work on this part.

To be clear, methods that strip ties to Apple IDs with software from the MAS are unsupported and may break at any point in the future. Use at your own risk.

Yes sir! Understood. :^)

careybell
New Contributor III
Just buy the app with your institutional ID, download it using the App Store, and import it into Munki.

Thanks for the reply. The problem is with those app's that require receipt validation.

gregneagle
Valued Contributor

"The problem is with those app's that require receipt validation." An important new bit of information. Apple's response is that you should use VPPv2 distribution.

The only other options I know of are:

1) Contact the vendor directly to see if they will sell you the software outside of the App Store

2) Visit each machine and buy it locally from the App Store.

jelockwood
Contributor

@careybell @gregneagle 

I more recently than this thread was originally written, tried on a couple of occasions to come up with a solution to do this. I like @careybell have both Jamf Pro and Munki running.

For the benefit of others I will repeat what previous contributors to this thread will be aware of.

Munki itself has no integration to the App Store, it could potentially deploy an App Store app but that would as discussed contain the MAS receipt. Munki itself would not handle updating such apps. For what it's worth I have seen an AutoPkg recipe which would monitor a Mac /Applications folder for a specific app downloaded from the App Store and then add any new version to the Munki repo, so a single Mac would have to have a user updating from the App Store and then AutoPkg would be able to add the updates for others. I still regard this approach as more trouble than its worth.

So what I have tried a couple of times and now feel I have solved was to create a shell script that can be added to Munki as part of a payload free pkginfo. The script would send a command to Jamf Self Service to tell it to install a specific VPP app from those listed in Self Service. Jamf can and should be configured to auto update these VPP apps.

See 

https://community.jamf.com/t5/jamf-pro/script-to-launch-self-service-from-policy/m-p/190052/highligh...

Modifying the above script to install an app and execute and install is easy, the script does the hardworking of making sure the command is executed by the user but with sudo privileges even though the user may not have sudo privileges. Both Jamf and Munki would normally execute the command as root and hence it would fail if this was not solved.

What I would still like to do to tidy the process up a little more is to add a way to quit Self Service after the install but without interrupting the install.