I'm wondering if anyone found a solution for this yet.
We have environments where Xcode needs to be run without granting admin privileges. We used to manage this with creating a custom Xcode installer. The contents are the following:
#!/bin/sh defaults write /Library/Preferences/com.apple.dt.Xcode.plist IDELastGMLicenseAgreedTo -string "EA1327" defaults write /Library/Preferences/com.apple.dt.Xcode.plist IDEXcodeVersionForAgreedToGMLicense -string "7.2" installer -pkg /Applications/Xcode.app/Contents/Resources/Packages/MobileDevice.pkg -target / installer -pkg /Applications/Xcode.app/Contents/Resources/Packages/MobileDeviceDevelopment.pkg -target /
This works perfectly for 10.10 or below, but no more for 10.11. The bad boy why this doesn't work is SIP. The MobileDevice.pkg and MobileDeviceDevelopment.pkg packages want to write in /System/Library, which are SIP protected locations.
But now comes the really weird thing:
When I execute the installer -pkg command manually from the terminal, the packages install fine and Xcode will work.
When the packages are installed via GUI (double-clicking installer files) they are also installing fine.
The packages are signed with the Apple software update signing certificate, which is the reason why they can be installed in SIP protected locations. I assume that a postinstall script or JSS policy calls the installer packages a bit different that a GUI or Terminal trigger.
What I have tried to install the packages and DIDN'T work:
What DID work:
I have no idea how to deal this. Is anyone in a similar situation and the more important question: what am I missing here and what is the magic trick?
Solved! Go to Solution.