Skip to main content

For everybody using Munki with Jamf here is a schema for it. It borrows heavily form the manifest made by the guys from the ProfileCreator Github.



It only misses references to their Github and version hints



{
"$schema": "http://json-schema.org/schema#",
"title": "Munki",
"description": "Preference Domain: ManagedInstalls",


"type": "object",
"properties": {
"SoftwareRepoURL": {
"type": "string",
"description": "Base URL for Munki repository.",
"options": {
"inputAttributes": {
"placeholder": "http://munki/repo"
}
}
},
"ClientIdentifier": {
"type": "string",
"description": "Identifier for Munki client. Usually is the same as a manifest name on the Munki server. If this is empty or undefined, Munki will attempt the following identifiers, in order: fully-qualified hostname, "short" hostname, serial number and finally, "site_default"."
},
"ManagedInstallDir": {
"type": "string",
"default": "/Library/Managed Installs",
"description": "Folder where Munki keeps its data on the client.",
"options": {
"inputAttributes": {
"placeholder": "/Library/Managed Installs"
}
}
},
"LocalOnlyManifest": {
"type": "string",
"description": "Defines the name of your LocalOnlyManifest. Setting this activates the feature. Unsetting it means Munki will remove the file on the next run."
},
"SupressAutoInstall": {
"type": "boolean",
"description": "Munki will not automatically install or remove items."
},
"SupressLoginwindowInstall": {
"type": "boolean",
"description": "Munki will not install items while idle at the loginwindow except for those marked for unattended_install or unattended_uninstall."
},
"InstallAppleSoftwareUpdates": {
"type": "boolean",
"description": "Install updates from an Apple Software Update server, in addition to "regular" Munki updates."
},
"AppleSoftwareUpdatesOnly": {
"type": "boolean",
"description": "Only install updates from an Apple Software Update server. No Munki repository is needed or used."
},
"UnattendedAppleUpdates": {
"type": "boolean",
"description": "Updates that declare no "must-close" applications, or have one or more "must-close" applications, none of which is running, and do not require a logout or restart will be installed as part of a normal periodic background run without notifying the user."
},
"PerformAuthRestarts": {
"type": "boolean",
"description": "Munki will attempt to perform a filevault auth restart."
},
"RecoveryKeyFile": {
"type": "string",
"description": "Absolute path to a plist file containing filevault credentials in key/value format. Used to perform auth restarts."
},
"SupressUserNotifcation": {
"type": "boolean",
"description": "Managed Software Center will never notify the user of available updates."
},
"SupressStopButtonOnInstall": {
"type": "boolean",
"description": "Managed Software Center will hide the stop button while installing or removing software, preventing users from interrupting the install."
},
"InstallRequiresLogout": {
"type": "boolean",
"description": "Managed Software Center will require a logout for all installs or removals."
},
"ShowRemovalDetail": {
"type": "boolean",
"description": "Managed Software Center will display detail for scheduled removals."
},
"ShowOptionalInstallsForHigherOSVersions": {
"type": "boolean",
"description": "Managed Software Center.app will show optional installs and updates that apply to macOS versions higher than the currently installed version."
},
"DaysBetweenNotifications": {
"type": "integer",
"default": 1,
"minimum": 0,
"description": "Number of days between user notifications from Managed Software Center. Set to 0 to have Managed Software Center notify every time a background check runs if there are available updates."
},
"UseNotificationCenterDays": {
"type": "integer",
"default": 3,
"minimum": 0,
"description": "Number of days Notification Center notifications should be used before switching to launching Managed Software Center."
},
"PackageVerificationMode": {
"type": "string",
"description": "Controls how Munki verifies the integrity of downloaded packages. (none = No integrity check is performed, hash = Integrity check is performed if package info contains checksum information, hash_strict = Integrity check is performed, and fails if package info does not contain checksum information.)",
"default": "none",
"enum": [
"none",
"hash",
"hash_strict"
]
},
"FollowHTTPRedirects": {
"type": "string",
"description": "Defines whether Munki will follow all, some or no redirects from the web server. (none = The default behaviour. No redirects are followed. https = Only redirects to URLs using HTTPS are followed. all = Redirects to both HTTP and HTTPS URLs are followed.)",
"default": "none",
"enum": [
"none",
"https",
"all"
]
},
"AdditionalHttpHeaders":{
"type": "array",
"description": "This key provides the ability to specify custom HTTP headers to be sent with all curl() HTTP requests.",
"items": {
"type": "string",
"title": "HTTPHeader",
"options": {
"inputAttributes": {
"placeholder": "HTTPHeader"
}
}
}

},
"IgnoreSystemProxies": {
"type": "boolean",
"description": "HTTP and/or HTTPS proxies set system-wide will be ignored, connections will be made directly."
},
"PackageURL": {
"type": "string",
"description": "Base URL for Munki pkgs. Useful if your packages are served from a different server than your catalogs or manifests.",
"options": {
"inputAttributes": {
"placeholder": "<SoftwareRepoURL>/pkgs"
}
}
},
"CatalogURL": {
"type": "string",
"description": "Base URL for Munki catalogs. Useful if your catalogs are served from a different server than your packages or manifests.",
"options": {
"inputAttributes": {
"placeholder": "<SoftwareRepoURL>/catalogs"
}
}
},
"IconURL": {
"type": "string",
"description": "Base URL for product icons. Useful if your icons are served from a different server or different directory than the default.",
"options": {
"inputAttributes": {
"placeholder": "<SoftwareRepoURL>/icons"
}
}
},
"ClientResourceURL": {
"type": "string",
"description": "Base URL for custom client resources for Managed Software Center. Useful if your resources are served from a different server or different directory than the default.",
"options": {
"inputAttributes": {
"placeholder": "<SoftwareRepoURL>/client_resources"
}
}
},
"ClientResourcesFilename": {
"type": "string",
"description": "Specific filename to use when requesting custom client resources.",
"options": {
"inputAttributes": {
"placeholder": "site_default.zip"
}
}
},
"HelpURL": {
"type": "string",
"description": "URL to open/display when the user selects "Managed Software Center Help" from Managed Software Center's Help menu."
},
"LicenseInfoURL": {
"type": "string",
"description": "URL for Munki to query a webserver to determine if there are available seats for licensed software (or any software you wish to make available via optional_installs, yet control the number of deployed copies).",
"options": {
"inputAttributes": {
"placeholder": "http://sal.example.com/licenses/available/youreallyreallyreallyreallylongkey"
}
}
},
"SoftwareUpdateServerURL": {
"type": "string",
"description": "Catalog URL for Apple Software Updates. If undefined or empty, Munki will use the same catalog that the OS uses."
},
"UseClientCertificate": {
"type": "boolean",
"description": "Use an SSL client certificate when communicating with the Munki server. Requires an https:// URL for the Munki repo."
},
"UseClientCertificateCNAsClientIdentifier": {
"type": "boolean",
"description": "Use the CN of the client certificate as the Client Identifier. Used in combination with the UseClientCertificate key."
},
"ClientCertificatePath": {
"type": "string",
"description": "Absolute path to a client certificate. There are 3 defaults for this key. Concatenated cert/key PEM file accepted.",
"options": {
"inputAttributes": {
"placeholder": "/Library/Managed Installs/certs/[munki.pem|client.pem|cert.pem]"
}
}
},
"ClientKeyPath": {
"type": "string",
"description": "Absolute path to a client private key.",
"options": {
"inputAttributes": {
"placeholder": "/Library/Managed Installs/certs/[munki.key|client.key|cert.key]"
}
}
},
"ClientRepoCAPath": {
"type": "string",
"description": "Path to the directory that stores your CA certificate(s).",
"options": {
"inputAttributes": {
"placeholder": "/Library/Managed Installs/certs"
}
}
},
"SoftwareRepoCACertificate": {
"type": "string",
"description": "Absolute path to your CA Certificate.",
"options": {
"inputAttributes": {
"placeholder": "/Library/Managed Installs/certs/ca.pem"
}
}
},
"LogFile": {
"type": "string",
"default": "/Library/Managed Installs/Logs/ManagedSoftwareUpdate.log",
"description": "Primary log is written to this file. Other logs are written into the same directory as this file.",
"options": {
"inputAttributes": {
"placeholder": "/Library/Managed Installs/Logs/ManagedSoftwareUpdate.log"
}
}
},
"LogToSyslog": {
"type": "boolean",
"description": "Log to syslog in addition to ManagedSoftwareUpdate.log."
},
"LoggingLevel": {
"type": "integer",
"default": 1,
"minimum": 0,
"maximum": 4,
"description": "Higher values cause more detail to be written to the primary log."
},
"MSULogEnabled": {
"type": "boolean",
"description": "Log user actions in the GUI."
},
"MSUDebugLogEnabled": {
"type": "boolean",
"description": "Debug logging for Managed Software Center."
},
"AccessKey": {
"type": "string",
"description": "Munki has a feature which enables Mac administrators to use middleware to change munki's HTTP request. S3-Auth uses this feature to create the HTTP headers necessary to authenticate to S3.",
"options": {
"inputAttributes": {
"placeholder": "AKIAIX2QPWZ7EXAMPLE"
}
}
},
"Region": {
"type": "string",
"description": "Munki has a feature which enables Mac administrators to use middleware to change munki's HTTP request. S3-Auth uses this feature to create the HTTP headers necessary to authenticate to S3.",
"options": {
"inputAttributes": {
"placeholder": "ex us-west-2"
}
}
},
"SecretKey": {
"type": "string",
"description": "Munki has a feature which enables Mac administrators to use middleware to change munki's HTTP request. S3-Auth uses this feature to create the HTTP headers necessary to authenticate to S3.",
"options": {
"inputAttributes": {
"placeholder": "z5MFJCcEyYBmh2BxbrlZBWNJ4izEXAMPLE"
}
}
}
},
"required":[
"SoftwareRepoURL"
]
}

Nice work.
You may want to post about this on this other thread, that seemed to start the main discussion on custom application schemas. @mscottblake created a central github location where all custom schema repos can be linked out to. He can send you an invite to join the group to post yours there if you'd like.


Reply