From d6c6846fd9be049ecfcacd559448f22f664d4a38 Mon Sep 17 00:00:00 2001 From: David Ramirez Date: Tue, 18 Jun 2019 23:54:42 +0200 Subject: [PATCH 1/8] updated lates version with Re-enrollment workflow --- macOSUpgrade.sh | 210 ++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 203 insertions(+), 7 deletions(-) diff --git a/macOSUpgrade.sh b/macOSUpgrade.sh index efbbdb8..e2a92b8 100755 --- a/macOSUpgrade.sh +++ b/macOSUpgrade.sh @@ -53,6 +53,26 @@ # USER VARIABLES # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # +# This is the custom event name used to create the post install package +# for more information please see the project +# https://github.com/cubandave/re-enroll-mac-into-jamf-after-wipe +# You can also set a customEvent to enroll the computer into diffferent jamf Pro envrionments +autoPKGEnrollmentEventName=${11} +if [[ -z "$autoPKGEnrollmentEventName" ]] ;then + autoPKGEnrollmentEventName="makeenrollpkg" +fi + +# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # +# STATIC VARIABLES +# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # + +jamfBinary="/usr/local/jamf/bin/jamf" +jHelper="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper" + +# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # +# POLICY VARIABLES +# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # + ##Specify path to OS installer. Use Parameter 4 in the JSS, or specify here ##Example: /Applications/Install macOS High Sierra.app OSInstaller="$4" @@ -103,6 +123,42 @@ fi userDialog="$9" if [ "$userDialog" != "1" ]; then userDialog=0 ; fi +# Use this to controll the way that reenrollment to your jamf Pro server is done +# Fresh (fresh) +# Preserve computer name (keepname) +# Preserve computer name for SplashBuddy (keepnamesplash) +# ask for Computer Name (prename) +# ask for Computer Name (prenamesplash) + +# +reEnrollmentMethodChecks=`echo ${10} | tr '[:upper:]' '[:lower:]'` +# clear any previous checks +/bin/rm /private/tmp/reEnrollmentMethod* + +# check for and set the parameters for re enrollment +if [[ "$reEnrollmentMethodChecks" ]] ; then + if [[ "$reEnrollmentMethodChecks" == *"fresh"* ]]; then + fresh=true + fi + + if [[ "$reEnrollmentMethodChecks" == *"ask"* ]]; then + ask=true + fi + + if [[ "$reEnrollmentMethodChecks" == *"keep"* ]]; then + keep=true + fi + + if [[ "$reEnrollmentMethodChecks" == *"prename"* ]]; then + prename=true + fi + + # write a placeholder so the re-enroll package create knows to create the computername.txt file + if [[ "$reEnrollmentMethodChecks" == *"splashbuddy"* ]]; then + /usr/bin/touch /private/tmp/reEnrollmentMethod.splashbuddy + fi +fi + # Control for auth reboot execution. if [ "$versionMajor" -ge 14 ]; then # Installer of macOS 10.14 or later set cancel to auth reboot. @@ -193,13 +249,13 @@ wait_for_ac_power() { downloadInstaller() { /bin/echo "Downloading macOS Installer..." - /Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper \ + "$jHelper" \ -windowType hud -windowPosition $dlPosition -title "$title" -alignHeading center -alignDescription left -description "$dldescription" \ -lockHUD -icon "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/SidebarDownloadsFolder.icns" -iconSize 100 & ##Capture PID for Jamf Helper HUD jamfHUDPID=$! ##Run policy to cache installer - /usr/local/jamf/bin/jamf policy -event "$download_trigger" + "$jamfBinary" policy -event "$download_trigger" ##Kill Jamf Helper HUD post download kill_process "$jamfHUDPID" } @@ -261,14 +317,56 @@ verifyChecksum() { } cleanExit() { - kill_process "$caffeinatePID" + # if exiting on an error killall jamfHelper Windows + if [[ "$1" != 0 ]] ; then /usr/bin/killall jamfHelper ; fi ## Remove Script /bin/rm -f "$finishOSInstallScriptFilePath" 2>/dev/null /bin/rm -f "$osinstallersetupdDaemonSettingsFilePath" 2>/dev/null /bin/rm -f "$osinstallersetupdAgentSettingsFilePath" 2>/dev/null + /bin/kill "${caffeinatePID}" exit "$1" } +fn_askWhatToDoForComputerName () { + + keepMessage="Do you want to KEEP the computer name after erasing? + +Current Computer Name: $currentComputerName + +To rename click 'Other'. + +" + + renameMessage="Do you want to RENAME the computer name after erasing? + +Current Computer Name: $currentComputerName + +To not assign any name click 'No Name'. + +" + + + toKeepOrNotToKeep=`"$jHelper" -windowType hud -icon "$icon" -heading "Computer Name Setting" -description "$keepMessage" -button1 "Keep" -button2 "Other" -defaultButton 1 -timeout 300` + if [[ "$toKeepOrNotToKeep" = 0 ]]; then + keep=true + elif [[ "$toKeepOrNotToKeep" = 2 ]] || [[ "$toKeepOrNotToKeep" = 239 ]] ; then + toRenameOrNotToRename=`"$jHelper" -windowType hud -icon "$icon" -heading "Computer Name Setting" -description "$renameMessage" -button2 "Rename" -button1 "No Name" -timeout 300` + if [[ "$toRenameOrNotToRename" = 2 ]]; then + prename=true + elif [[ "$toRenameOrNotToRename" = 0 ]] || [[ "$toRenameOrNotToRename" = 239 ]] ; then + fresh=true + fi + fi + +} + +fn_askforNewComputerName () { + + newComputerName="$(sudo -u "$currentUser" /usr/bin/osascript -e 'Tell application "System Events" to display dialog "Please enter the new computer name" default answer "" with title "Set New Computer Name" with text buttons {"Cancel","OK"} default button 2' -e 'text returned of result')" +} + + + # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # SYSTEM CHECKS # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # @@ -433,17 +531,115 @@ fi # APPLICATION # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # +# prep for naming the computer after eraseinstall stage +if [[ "$reEnrollmentMethodChecks" ]] && [[ $eraseInstall == 1 ]] ; then + + /bin/echo "Script is configured for re-enrollment." + + ## if re-enrollment is enabled to ask what to do about the name + currentComputerName=`/usr/sbin/scutil --get ComputerName` + + if [[ $ask = true ]] && [[ ${currentUser} != "root" ]] ; then + /bin/echo "Asking what to do about the computer name." + fn_askWhatToDoForComputerName + elif [[ $ask = true ]] && [[ ${currentUser} = "root" ]]; then + #statements + keep=true + /bin/echo "The computer is at the login window. Defaulting to preserving the computer name." + fi + + if [[ $keep = true ]]; then + /bin/echo "Keeping the current computer name." + newComputerName="$currentComputerName" + fi + + if [[ $prename = true ]]; then + /bin/echo "Assigning a new computer name." + fn_askforNewComputerName + fi + + # Computername is assinged after eraseinstall + if [[ "$newComputerName" ]]; then + /bin/echo "Assinged computer name after eraseinstall: $newComputerName" + /bin/echo "$newComputerName" > /private/tmp/reEnrollmentMethod.newComputerName.txt + fi +fi # re-enrollment and erase install - prep for naming the computer after eraseinstall stage + + ##Launch jamfHelper if [ "$userDialog" -eq 0 ]; then /bin/echo "Launching jamfHelper as FullScreen..." - /Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType fs -title "" -icon "$icon" -heading "$heading" -description "$description" & + "$jHelper" -windowType fs -title "" -icon "$icon" -heading "$heading" -description "$description" & jamfHelperPID=$! else /bin/echo "Launching jamfHelper as Utility Window..." - /Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility -title "$title" -icon "$icon" -heading "$heading" -description "$description" -iconSize 100 & + "$jHelper" -windowType utility -title "$title" -icon "$icon" -heading "$heading" -description "$description" -iconSize 100 & jamfHelperPID=$! fi +# re-enrollment package creation stage +if [[ "$reEnrollmentMethodChecks" ]] && [[ $eraseInstall == 1 ]] ; then + # package creation + if [ "$versionMajor${versionMinor:=0}" -ge 134 ] ; then + autoEnrollPKGResult=`"$jamfBinary" policy -event "$autoPKGEnrollmentEventName"` + /bin/echo "Results from package creation policy: $autoPKGEnrollmentEventName" + /bin/echo "$autoEnrollPKGResult" + + # Make and array of the packages built with productbuild + IFS=$'\n' + productbuildPackages=($(/bin/echo "$autoEnrollPKGResult" | /usr/bin/grep productbuild | /usr/bin/awk -F 'Wrote product to ' '{ print $2 }')) + unset IFS + + # built in support for multiple packages + for packageName in "${productbuildPackages[@]}" ; do + /bin/echo "Adding package $packageName to post install" + installpackageOption+="--installpackage $packageName " + done + else + echo "startosinstall with installpackage is not supported on this version $version" + + "$jHelper" -windowType utility -title "$title" -icon "$icon" -heading "Re-enrollment Preperation Failed" -description "We were unable to prepare your computer for $macOSname with re-enrollment. + + Re-enrollment packages are not supported on $version. Minimum version is macOS 10.13.4" -iconSize 100 -button1 "OK" -defaultButton 1 fi + + + cleanExit 1 + fi + + # Error Reporting for failing to create package + if [[ -z "$productbuildPackages" ]]; then + /bin/echo "Error: Re-enrollment package cannot be found, failing out" + + + if [[ "$autoEnrollPKGResult" == *"DEP Crossover"* ]] ; then + "$jHelper" -windowType utility -title "$title" -icon "$icon" -heading "Re-enrollment Preperation Failed" -description "We were unable to prepare your computer for $macOSname with re-enrollment. + + The Mac is assigned for Device Enrollment to a different Jamf Pro Server in Apple Business Manager." -iconSize 100 -button1 "OK" -defaultButton 1 fi + + elif [[ "$autoEnrollPKGResult" == *"DEP multiple Jamf Pro"* ]] ; then + "$jHelper" -windowType utility -title "$title" -icon "$icon" -heading "Re-enrollment Preperation Failed" -description "We were unable to prepare your computer for $macOSname with re-enrollment. + + The Mac is assigned for Device Enrollment across multiple Jamf Pro Servers." -iconSize 100 -button1 "OK" -defaultButton 1 fi + + elif [[ "$autoEnrollPKGResult" == *"failed to get invitationCode"* ]] ; then + "$jHelper" -windowType utility -title "$title" -icon "$icon" -heading "Re-enrollment Preperation Failed" -description "We were unable to prepare your computer for $macOSname with re-enrollment. + + Failed to generate invitationCode for the re-enrollment package." -iconSize 100 -button1 "OK" -defaultButton 1 + + elif [[ "$autoEnrollPKGResult" == *"no JSS URL Will not create PKG"* ]] ; then + "$jHelper" -windowType utility -title "$title" -icon "$icon" -heading "Re-enrollment Preperation Failed" -description "We were unable to prepare your computer for $macOSname with re-enrollment. + + The package creation script is not configure correctly. No JSS URL configured." -iconSize 100 -button1 "OK" -defaultButton 1 + else + "$jHelper" -windowType utility -title "$title" -icon "$icon" -heading "Re-enrollment Preperation Failed" -description "We were unable to prepare your computer for $macOSname with re-enrollment. + + Re-enrollment package could not be found." -iconSize 100 -button1 "OK" -defaultButton 1 + fi + + cleanExit 1 + fi +fi # re-enrollment and erase install - re-enrollment package creation stage + ##Load LaunchAgent if [ "$fvStatus" = "FileVault is On." ] && \ [ "$currentUser" != "root" ] && \ @@ -463,9 +659,9 @@ fi osinstallLogfile="/var/log/startosinstall.log" if [ "$versionMajor" -ge 14 ]; then - eval "\"$OSInstaller/Contents/Resources/startosinstall\"" "$eraseopt" --agreetolicense --nointeraction --pidtosignal "$jamfHelperPID" >> "$osinstallLogfile" 2>&1 & + eval "\"$OSInstaller/Contents/Resources/startosinstall\"" "$eraseopt" "$installpackageOption" --agreetolicense --nointeraction --pidtosignal "$jamfHelperPID" >> "$osinstallLogfile" 2>&1 & else - eval "\"$OSInstaller/Contents/Resources/startosinstall\"" "$eraseopt" --applicationpath "\"$OSInstaller\"" --agreetolicense --nointeraction --pidtosignal "$jamfHelperPID" >> "$osinstallLogfile" 2>&1 & + eval "\"$OSInstaller/Contents/Resources/startosinstall\"" "$eraseopt" "$installpackageOption" --applicationpath "\"$OSInstaller\"" --agreetolicense --nointeraction --pidtosignal "$jamfHelperPID" >> "$osinstallLogfile" 2>&1 & fi /bin/sleep 3 From 129a108121fff04af5469ad831439703a75f3e7f Mon Sep 17 00:00:00 2001 From: David Ramirez Date: Thu, 20 Jun 2019 11:33:43 +0200 Subject: [PATCH 2/8] update for rc1 of re-enroll script --- README.md | 6 ++ macOSUpgrade.sh | 170 ++++++++++++++++++++++++------------------------ 2 files changed, 91 insertions(+), 85 deletions(-) diff --git a/README.md b/README.md index 588d38b..5d6202c 100644 --- a/README.md +++ b/README.md @@ -42,6 +42,8 @@ When you open the script you will find some user variables defined on lines 60-1 *Added in v2.6.0 - You can now specify to use the `--eraseInstall` parameter when using macOS Installer 10.13.4 or later and the client is running macOS 10.13 or later. Essentially this will wipe and reload the system to factory defaults. Yay \o/* +* Added in v2.7.0 - You can now automatically re-enroll a mac after the `--eraseInstall`. This will create a PKG and use `--installpackage` to `curl` the jamf binary and enroll the computer by `jamf enroll -invitation`. This also supports various methods of setting/preserving the computer name. To make use of this feature pair the macOSUpgrade work-flow script with the re-enroll scrips from, [re-enroll-mac-into-jamf-after-wipe](https://github.com/cubandave/re-enroll-mac-into-jamf-after-wipe). \(ノ◕ヮ◕\)ノ\*:・゚✧ * + **Staging the macOS Installer** @@ -75,6 +77,10 @@ pkgbuild --install-location /Applications --component "/path/to/macOSInstallerAp ![alt text](/imgs/fullScreen.png) +**Example of Utility Dialog** + +![alt text](/imgs/utility.png) + **Example of Utility Dialog** ![alt text](/imgs/utility.png) diff --git a/macOSUpgrade.sh b/macOSUpgrade.sh index e2a92b8..0e98623 100755 --- a/macOSUpgrade.sh +++ b/macOSUpgrade.sh @@ -31,7 +31,7 @@ # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # This script was designed to be used in a Self Service policy to ensure specific -# requirements have been met before proceeding with an inplace upgrade of the macOS, +# requirements have been met before proceeding with an in-place upgrade of the macOS, # as well as to address changes Apple has made to the ability to complete macOS upgrades # silently. # @@ -41,7 +41,7 @@ # - macOS Installer 10.12.4 or later # - eraseInstall option is ONLY supported with macOS Installer 10.13.4+ and client-side macOS 10.13+ # - Look over the USER VARIABLES and configure as needed. -# +# - To use the re-enroll functions look at https://github.com/cubandave/re-enroll-mac-into-jamf-after-wipe # # For more information, visit https://github.com/kc9wwh/macOSUpgrade # @@ -53,13 +53,15 @@ # USER VARIABLES # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # -# This is the custom event name used to create the post install package -# for more information please see the project -# https://github.com/cubandave/re-enroll-mac-into-jamf-after-wipe -# You can also set a customEvent to enroll the computer into diffferent jamf Pro envrionments +##This is the custom event name used to create the install package for automatically enrolling +##You can statically set this a policy by setting it here +##You can also make this dynamic to enroll the computer into different Jamf Pro environments +##For more information please see the project +##https://github.com/cubandave/re-enroll-mac-into-jamf-after-wipe autoPKGEnrollmentEventName=${11} if [[ -z "$autoPKGEnrollmentEventName" ]] ;then - autoPKGEnrollmentEventName="makeenrollpkg" + ##add your own event name here if you want this to be static + autoPKGEnrollmentEventName="" fi # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # @@ -123,41 +125,18 @@ fi userDialog="$9" if [ "$userDialog" != "1" ]; then userDialog=0 ; fi -# Use this to controll the way that reenrollment to your jamf Pro server is done -# Fresh (fresh) -# Preserve computer name (keepname) -# Preserve computer name for SplashBuddy (keepnamesplash) -# ask for Computer Name (prename) -# ask for Computer Name (prenamesplash) - -# +##Options for computer name handling for re-enroll workflows +##Use this to control the way that re-enrollment to your jamf Pro server is done +##Requires macOS Installer 10.13.4 or later +##(ask) - Use jamfHelper to ask the user what to do with the computer name +##(fresh) - Default to assigning no computer aget the wipe +##(keepname) - Default to automatcailly preserve computer name +##(prename) - Default to automatcailly asking for a new computer name +##(splashbuddy) - Add this to the parameter setting to aumatically create a ComputerName.txt and ..SplashBuddyFormDone +##For more information please see the project +##https://github.com/cubandave/re-enroll-mac-into-jamf-after-wipe +##make variable lower case reEnrollmentMethodChecks=`echo ${10} | tr '[:upper:]' '[:lower:]'` -# clear any previous checks -/bin/rm /private/tmp/reEnrollmentMethod* - -# check for and set the parameters for re enrollment -if [[ "$reEnrollmentMethodChecks" ]] ; then - if [[ "$reEnrollmentMethodChecks" == *"fresh"* ]]; then - fresh=true - fi - - if [[ "$reEnrollmentMethodChecks" == *"ask"* ]]; then - ask=true - fi - - if [[ "$reEnrollmentMethodChecks" == *"keep"* ]]; then - keep=true - fi - - if [[ "$reEnrollmentMethodChecks" == *"prename"* ]]; then - prename=true - fi - - # write a placeholder so the re-enroll package create knows to create the computername.txt file - if [[ "$reEnrollmentMethodChecks" == *"splashbuddy"* ]]; then - /usr/bin/touch /private/tmp/reEnrollmentMethod.splashbuddy - fi -fi # Control for auth reboot execution. if [ "$versionMajor" -ge 14 ]; then @@ -317,7 +296,7 @@ verifyChecksum() { } cleanExit() { - # if exiting on an error killall jamfHelper Windows + ##if exiting on an error killall jamfHelper Windows too if [[ "$1" != 0 ]] ; then /usr/bin/killall jamfHelper ; fi ## Remove Script /bin/rm -f "$finishOSInstallScriptFilePath" 2>/dev/null @@ -362,7 +341,27 @@ To not assign any name click 'No Name'. fn_askforNewComputerName () { - newComputerName="$(sudo -u "$currentUser" /usr/bin/osascript -e 'Tell application "System Events" to display dialog "Please enter the new computer name" default answer "" with title "Set New Computer Name" with text buttons {"Cancel","OK"} default button 2' -e 'text returned of result')" + newComputerName="$(sudo -u "$currentUser" /usr/bin/osascript -e 'display dialog "Please enter the new computer name" default answer "" with title "Set New Computer Name" with text buttons {"Cancel","OK"} default button 2' -e 'text returned of result')" +} + + +fn_Process_reEnrollmentMethodChecks () { + ##check for and set the parameters for re enrollment + if [[ "$reEnrollmentMethodChecks" ]] ; then + + ##clear any previous checks + /bin/rm /private/tmp/reEnrollmentMethod* + + if [[ "$reEnrollmentMethodChecks" == *"fresh"* ]]; then fresh=true ; fi + if [[ "$reEnrollmentMethodChecks" == *"ask"* ]]; then ask=true ; fi + if [[ "$reEnrollmentMethodChecks" == *"keep"* ]]; then keep=true ; fi + if [[ "$reEnrollmentMethodChecks" == *"prename"* ]]; then prename=true ; fi + + ##write a placeholder so the re-enroll package create knows to create the computername.txt file + if [[ "$reEnrollmentMethodChecks" == *"splashbuddy"* ]]; then + /usr/bin/touch /private/tmp/reEnrollmentMethod.splashbuddy + fi ##re-enroll has splashbuddy + fi } @@ -397,6 +396,42 @@ If you continue to experience this issue, please contact the IT Support Center." cleanExit 1 fi +##This is the beginning of the re-enroll work-flow to handle the computer name +if [[ "$reEnrollmentMethodChecks" ]] && [[ $eraseInstall == 1 ]] && [[ "$autoPKGEnrollmentEventName" ]] ; then + fn_Process_reEnrollmentMethodChecks + + /bin/echo "Script is configured for re-enrollment." + + ## if re-enrollment is enabled to ask what to do about the name + currentComputerName=`/usr/sbin/scutil --get ComputerName` + + if [[ $ask = true ]] && [[ ${currentUser} != "root" ]] ; then + /bin/echo "Asking what to do about the computer name." + fn_askWhatToDoForComputerName + elif [[ $ask = true ]] && [[ ${currentUser} = "root" ]]; then + #statements + keep=true + /bin/echo "The computer is at the login window. Defaulting to preserving the computer name." + fi + + if [[ $keep = true ]]; then + /bin/echo "Keeping the current computer name." + newComputerName="$currentComputerName" + fi + + if [[ $prename = true ]]; then + /bin/echo "Assigning a new computer name." + fn_askforNewComputerName + fi + + # Computername is assigned after eraseinstall + if [[ "$newComputerName" ]]; then + /bin/echo "Assinged computer name after eraseinstall: $newComputerName" + /bin/echo "$newComputerName" > /private/tmp/reEnrollmentMethod.newComputerName.txt + fi +fi # re-enrollment and erase install - prep for naming the computer after eraseinstall stage + + ##Check for existing OS installer loopCount=0 while [ "$loopCount" -lt 3 ]; do @@ -531,41 +566,6 @@ fi # APPLICATION # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # -# prep for naming the computer after eraseinstall stage -if [[ "$reEnrollmentMethodChecks" ]] && [[ $eraseInstall == 1 ]] ; then - - /bin/echo "Script is configured for re-enrollment." - - ## if re-enrollment is enabled to ask what to do about the name - currentComputerName=`/usr/sbin/scutil --get ComputerName` - - if [[ $ask = true ]] && [[ ${currentUser} != "root" ]] ; then - /bin/echo "Asking what to do about the computer name." - fn_askWhatToDoForComputerName - elif [[ $ask = true ]] && [[ ${currentUser} = "root" ]]; then - #statements - keep=true - /bin/echo "The computer is at the login window. Defaulting to preserving the computer name." - fi - - if [[ $keep = true ]]; then - /bin/echo "Keeping the current computer name." - newComputerName="$currentComputerName" - fi - - if [[ $prename = true ]]; then - /bin/echo "Assigning a new computer name." - fn_askforNewComputerName - fi - - # Computername is assinged after eraseinstall - if [[ "$newComputerName" ]]; then - /bin/echo "Assinged computer name after eraseinstall: $newComputerName" - /bin/echo "$newComputerName" > /private/tmp/reEnrollmentMethod.newComputerName.txt - fi -fi # re-enrollment and erase install - prep for naming the computer after eraseinstall stage - - ##Launch jamfHelper if [ "$userDialog" -eq 0 ]; then /bin/echo "Launching jamfHelper as FullScreen..." @@ -577,20 +577,20 @@ else jamfHelperPID=$! fi -# re-enrollment package creation stage -if [[ "$reEnrollmentMethodChecks" ]] && [[ $eraseInstall == 1 ]] ; then - # package creation +##Re-enrollment package creation stage +if [[ "$reEnrollmentMethodChecks" ]] && [[ $eraseInstall == 1 ]] || [[ "$autoPKGEnrollmentEventName" ]] && [[ $eraseInstall == 1 ]] ; then + ##package creation if [ "$versionMajor${versionMinor:=0}" -ge 134 ] ; then autoEnrollPKGResult=`"$jamfBinary" policy -event "$autoPKGEnrollmentEventName"` /bin/echo "Results from package creation policy: $autoPKGEnrollmentEventName" /bin/echo "$autoEnrollPKGResult" - # Make and array of the packages built with productbuild + ##Make and array of the packages built with productbuild - For future ideas IFS=$'\n' productbuildPackages=($(/bin/echo "$autoEnrollPKGResult" | /usr/bin/grep productbuild | /usr/bin/awk -F 'Wrote product to ' '{ print $2 }')) unset IFS - # built in support for multiple packages + ##Built in support for multiple packages - For future ideas for packageName in "${productbuildPackages[@]}" ; do /bin/echo "Adding package $packageName to post install" installpackageOption+="--installpackage $packageName " @@ -606,7 +606,7 @@ if [[ "$reEnrollmentMethodChecks" ]] && [[ $eraseInstall == 1 ]] ; then cleanExit 1 fi - # Error Reporting for failing to create package + ##Error Reporting for failing to create package if [[ -z "$productbuildPackages" ]]; then /bin/echo "Error: Re-enrollment package cannot be found, failing out" @@ -638,7 +638,7 @@ if [[ "$reEnrollmentMethodChecks" ]] && [[ $eraseInstall == 1 ]] ; then cleanExit 1 fi -fi # re-enrollment and erase install - re-enrollment package creation stage +fi ##re-enrollment and erase install - re-enrollment package creation stage ##Load LaunchAgent if [ "$fvStatus" = "FileVault is On." ] && \ From a7148c676ffab6ffaee3bd60692fa51cc947c190 Mon Sep 17 00:00:00 2001 From: David Ramirez Date: Thu, 20 Jun 2019 11:39:50 +0200 Subject: [PATCH 3/8] Update README.md --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 5d6202c..8b620e5 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,7 @@ Requirements: * macOS Installer 10.12.4 or later * `eraseInstall` option is ONLY supported with macOS Installer 10.13.4+ and client-side macOS 10.13+ * Look over the USER VARIABLES and configure as needed. +* To make use the re-enroll work-flow check out, [re-enroll-mac-into-jamf-after-wipe](https://github.com/cubandave/re-enroll-mac-into-jamf-after-wipe). *This workflow will **not** work if a user is not logged in since the `startosinstall` binary requires a user to be logged in. Tested with macOS 10.13.4 and you will get errors in that the process couldn't establish a connection to the WindowServer.* @@ -42,7 +43,7 @@ When you open the script you will find some user variables defined on lines 60-1 *Added in v2.6.0 - You can now specify to use the `--eraseInstall` parameter when using macOS Installer 10.13.4 or later and the client is running macOS 10.13 or later. Essentially this will wipe and reload the system to factory defaults. Yay \o/* -* Added in v2.7.0 - You can now automatically re-enroll a mac after the `--eraseInstall`. This will create a PKG and use `--installpackage` to `curl` the jamf binary and enroll the computer by `jamf enroll -invitation`. This also supports various methods of setting/preserving the computer name. To make use of this feature pair the macOSUpgrade work-flow script with the re-enroll scrips from, [re-enroll-mac-into-jamf-after-wipe](https://github.com/cubandave/re-enroll-mac-into-jamf-after-wipe). \(ノ◕ヮ◕\)ノ\*:・゚✧ * +*Added in v2.7.0 - You can now automatically re-enroll a mac after the `--eraseInstall`. This will create a PKG and use `--installpackage` to `curl` the jamf binary and enroll the computer by `jamf enroll -invitation`. This also supports various methods of setting/preserving the computer name. To make use of this feature pair the macOSUpgrade work-flow script with the re-enroll scripts from, [re-enroll-mac-into-jamf-after-wipe](https://github.com/cubandave/re-enroll-mac-into-jamf-after-wipe). \(ノ◕ヮ◕\)ノ\*:・゚✧* **Staging the macOS Installer** From 60c492f6aae9d95480163228510b44beefbc4ab6 Mon Sep 17 00:00:00 2001 From: David Ramirez Date: Fri, 21 Jun 2019 06:20:31 +0200 Subject: [PATCH 4/8] Update macOSUpgrade.sh minor spell check --- macOSUpgrade.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/macOSUpgrade.sh b/macOSUpgrade.sh index 0e98623..3f2cdd5 100755 --- a/macOSUpgrade.sh +++ b/macOSUpgrade.sh @@ -132,7 +132,7 @@ if [ "$userDialog" != "1" ]; then userDialog=0 ; fi ##(fresh) - Default to assigning no computer aget the wipe ##(keepname) - Default to automatcailly preserve computer name ##(prename) - Default to automatcailly asking for a new computer name -##(splashbuddy) - Add this to the parameter setting to aumatically create a ComputerName.txt and ..SplashBuddyFormDone +##(splashbuddy) - Add this to the parameter setting to aumatically create a ComputerName.txt and .SplashBuddyFormDone ##For more information please see the project ##https://github.com/cubandave/re-enroll-mac-into-jamf-after-wipe ##make variable lower case From fe728575b773cdf2174669b2560cb15615488e88 Mon Sep 17 00:00:00 2001 From: David Ramirez Date: Sat, 22 Jun 2019 05:01:54 +0200 Subject: [PATCH 5/8] fixes suggesed by travis.ci --- macOSUpgrade.sh | 27 ++++++++++++--------------- 1 file changed, 12 insertions(+), 15 deletions(-) diff --git a/macOSUpgrade.sh b/macOSUpgrade.sh index 3f2cdd5..5acd8bb 100755 --- a/macOSUpgrade.sh +++ b/macOSUpgrade.sh @@ -58,7 +58,7 @@ ##You can also make this dynamic to enroll the computer into different Jamf Pro environments ##For more information please see the project ##https://github.com/cubandave/re-enroll-mac-into-jamf-after-wipe -autoPKGEnrollmentEventName=${11} +autoPKGEnrollmentEventName="${11}" if [[ -z "$autoPKGEnrollmentEventName" ]] ;then ##add your own event name here if you want this to be static autoPKGEnrollmentEventName="" @@ -128,15 +128,15 @@ if [ "$userDialog" != "1" ]; then userDialog=0 ; fi ##Options for computer name handling for re-enroll workflows ##Use this to control the way that re-enrollment to your jamf Pro server is done ##Requires macOS Installer 10.13.4 or later +##NOTE: To Default to assigning no computer after the wipe put nothing in here ##(ask) - Use jamfHelper to ask the user what to do with the computer name -##(fresh) - Default to assigning no computer aget the wipe ##(keepname) - Default to automatcailly preserve computer name ##(prename) - Default to automatcailly asking for a new computer name ##(splashbuddy) - Add this to the parameter setting to aumatically create a ComputerName.txt and .SplashBuddyFormDone ##For more information please see the project ##https://github.com/cubandave/re-enroll-mac-into-jamf-after-wipe ##make variable lower case -reEnrollmentMethodChecks=`echo ${10} | tr '[:upper:]' '[:lower:]'` +reEnrollmentMethodChecks=$(echo "${10}" | tr '[:upper:]' '[:lower:]') # Control for auth reboot execution. if [ "$versionMajor" -ge 14 ]; then @@ -325,15 +325,13 @@ To not assign any name click 'No Name'. " - toKeepOrNotToKeep=`"$jHelper" -windowType hud -icon "$icon" -heading "Computer Name Setting" -description "$keepMessage" -button1 "Keep" -button2 "Other" -defaultButton 1 -timeout 300` + toKeepOrNotToKeep=$( "$jHelper" -windowType hud -icon "$icon" -heading "Computer Name Setting" -description "$keepMessage" -button1 "Keep" -button2 "Other" -defaultButton 1 -timeout 300 ) if [[ "$toKeepOrNotToKeep" = 0 ]]; then keep=true elif [[ "$toKeepOrNotToKeep" = 2 ]] || [[ "$toKeepOrNotToKeep" = 239 ]] ; then - toRenameOrNotToRename=`"$jHelper" -windowType hud -icon "$icon" -heading "Computer Name Setting" -description "$renameMessage" -button2 "Rename" -button1 "No Name" -timeout 300` + toRenameOrNotToRename=$( "$jHelper" -windowType hud -icon "$icon" -heading "Computer Name Setting" -description "$renameMessage" -button2 "Rename" -button1 "No Name" -timeout 300 ) if [[ "$toRenameOrNotToRename" = 2 ]]; then prename=true - elif [[ "$toRenameOrNotToRename" = 0 ]] || [[ "$toRenameOrNotToRename" = 239 ]] ; then - fresh=true fi fi @@ -341,7 +339,7 @@ To not assign any name click 'No Name'. fn_askforNewComputerName () { - newComputerName="$(sudo -u "$currentUser" /usr/bin/osascript -e 'display dialog "Please enter the new computer name" default answer "" with title "Set New Computer Name" with text buttons {"Cancel","OK"} default button 2' -e 'text returned of result')" + newComputerName=$( sudo -u "$currentUser" /usr/bin/osascript -e 'display dialog "Please enter the new computer name" default answer "" with title "Set New Computer Name" with text buttons {"Cancel","OK"} default button 2' -e 'text returned of result' ) } @@ -352,7 +350,6 @@ fn_Process_reEnrollmentMethodChecks () { ##clear any previous checks /bin/rm /private/tmp/reEnrollmentMethod* - if [[ "$reEnrollmentMethodChecks" == *"fresh"* ]]; then fresh=true ; fi if [[ "$reEnrollmentMethodChecks" == *"ask"* ]]; then ask=true ; fi if [[ "$reEnrollmentMethodChecks" == *"keep"* ]]; then keep=true ; fi if [[ "$reEnrollmentMethodChecks" == *"prename"* ]]; then prename=true ; fi @@ -403,7 +400,7 @@ if [[ "$reEnrollmentMethodChecks" ]] && [[ $eraseInstall == 1 ]] && [[ "$autoPKG /bin/echo "Script is configured for re-enrollment." ## if re-enrollment is enabled to ask what to do about the name - currentComputerName=`/usr/sbin/scutil --get ComputerName` + currentComputerName=$( /usr/sbin/scutil --get ComputerName ) if [[ $ask = true ]] && [[ ${currentUser} != "root" ]] ; then /bin/echo "Asking what to do about the computer name." @@ -581,7 +578,7 @@ fi if [[ "$reEnrollmentMethodChecks" ]] && [[ $eraseInstall == 1 ]] || [[ "$autoPKGEnrollmentEventName" ]] && [[ $eraseInstall == 1 ]] ; then ##package creation if [ "$versionMajor${versionMinor:=0}" -ge 134 ] ; then - autoEnrollPKGResult=`"$jamfBinary" policy -event "$autoPKGEnrollmentEventName"` + autoEnrollPKGResult=$( "$jamfBinary" policy -event "$autoPKGEnrollmentEventName" ) /bin/echo "Results from package creation policy: $autoPKGEnrollmentEventName" /bin/echo "$autoEnrollPKGResult" @@ -600,26 +597,26 @@ if [[ "$reEnrollmentMethodChecks" ]] && [[ $eraseInstall == 1 ]] || [[ "$autoPKG "$jHelper" -windowType utility -title "$title" -icon "$icon" -heading "Re-enrollment Preperation Failed" -description "We were unable to prepare your computer for $macOSname with re-enrollment. - Re-enrollment packages are not supported on $version. Minimum version is macOS 10.13.4" -iconSize 100 -button1 "OK" -defaultButton 1 fi + Re-enrollment packages are not supported on $version. Minimum version is macOS 10.13.4" -iconSize 100 -button1 "OK" -defaultButton 1 cleanExit 1 fi ##Error Reporting for failing to create package - if [[ -z "$productbuildPackages" ]]; then + if [[ -z "${productbuildPackages[@]}" ]]; then /bin/echo "Error: Re-enrollment package cannot be found, failing out" if [[ "$autoEnrollPKGResult" == *"DEP Crossover"* ]] ; then "$jHelper" -windowType utility -title "$title" -icon "$icon" -heading "Re-enrollment Preperation Failed" -description "We were unable to prepare your computer for $macOSname with re-enrollment. - The Mac is assigned for Device Enrollment to a different Jamf Pro Server in Apple Business Manager." -iconSize 100 -button1 "OK" -defaultButton 1 fi + The Mac is assigned for Device Enrollment to a different Jamf Pro Server in Apple Business Manager." -iconSize 100 -button1 "OK" -defaultButton 1 elif [[ "$autoEnrollPKGResult" == *"DEP multiple Jamf Pro"* ]] ; then "$jHelper" -windowType utility -title "$title" -icon "$icon" -heading "Re-enrollment Preperation Failed" -description "We were unable to prepare your computer for $macOSname with re-enrollment. - The Mac is assigned for Device Enrollment across multiple Jamf Pro Servers." -iconSize 100 -button1 "OK" -defaultButton 1 fi + The Mac is assigned for Device Enrollment across multiple Jamf Pro Servers." -iconSize 100 -button1 "OK" -defaultButton 1 elif [[ "$autoEnrollPKGResult" == *"failed to get invitationCode"* ]] ; then "$jHelper" -windowType utility -title "$title" -icon "$icon" -heading "Re-enrollment Preperation Failed" -description "We were unable to prepare your computer for $macOSname with re-enrollment. From a3f5f90db11a5fe3fffc8ace23ed52f40cb23da3 Mon Sep 17 00:00:00 2001 From: David Ramirez Date: Sat, 22 Jun 2019 05:06:45 +0200 Subject: [PATCH 6/8] more fixes by travis --- macOSUpgrade.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/macOSUpgrade.sh b/macOSUpgrade.sh index 5acd8bb..44ecd40 100755 --- a/macOSUpgrade.sh +++ b/macOSUpgrade.sh @@ -604,7 +604,8 @@ if [[ "$reEnrollmentMethodChecks" ]] && [[ $eraseInstall == 1 ]] || [[ "$autoPKG fi ##Error Reporting for failing to create package - if [[ -z "${productbuildPackages[@]}" ]]; then + # if [[ -z "${productbuildPackages[@]}" ]]; then + if [[ "${#productbuildPackages[@]}" = 0 ]]; then /bin/echo "Error: Re-enrollment package cannot be found, failing out" From e2887c396b85da2d18a0f9f95d4430bab10900f8 Mon Sep 17 00:00:00 2001 From: David Ramirez Date: Sat, 22 Jun 2019 05:10:35 +0200 Subject: [PATCH 7/8] spellcheck --- macOSUpgrade.sh | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/macOSUpgrade.sh b/macOSUpgrade.sh index 44ecd40..f2e5561 100755 --- a/macOSUpgrade.sh +++ b/macOSUpgrade.sh @@ -114,7 +114,7 @@ unsuccessfulDownload=0 ##Use Parameter 8 in the JSS. eraseInstall="$8" if [ "$eraseInstall" != "1" ]; then eraseInstall=0 ; fi -#macOS Installer 10.13.3 or ealier set 0 to it. +#macOS Installer 10.13.3 or earlier set 0 to it. if [ "$versionMajor${versionMinor:=0}" -lt 134 ]; then eraseInstall=0 fi @@ -130,9 +130,9 @@ if [ "$userDialog" != "1" ]; then userDialog=0 ; fi ##Requires macOS Installer 10.13.4 or later ##NOTE: To Default to assigning no computer after the wipe put nothing in here ##(ask) - Use jamfHelper to ask the user what to do with the computer name -##(keepname) - Default to automatcailly preserve computer name -##(prename) - Default to automatcailly asking for a new computer name -##(splashbuddy) - Add this to the parameter setting to aumatically create a ComputerName.txt and .SplashBuddyFormDone +##(keepname) - Default to automatically preserve computer name +##(prename) - Default to automatically asking for a new computer name +##(splashbuddy) - Add this to the parameter setting to automatically create a ComputerName.txt and .SplashBuddyFormDone ##For more information please see the project ##https://github.com/cubandave/re-enroll-mac-into-jamf-after-wipe ##make variable lower case @@ -354,7 +354,7 @@ fn_Process_reEnrollmentMethodChecks () { if [[ "$reEnrollmentMethodChecks" == *"keep"* ]]; then keep=true ; fi if [[ "$reEnrollmentMethodChecks" == *"prename"* ]]; then prename=true ; fi - ##write a placeholder so the re-enroll package create knows to create the computername.txt file + ##write a placeholder so the re-enroll package create knows to create the ComputerName.txt file if [[ "$reEnrollmentMethodChecks" == *"splashbuddy"* ]]; then /usr/bin/touch /private/tmp/reEnrollmentMethod.splashbuddy fi ##re-enroll has splashbuddy @@ -421,9 +421,9 @@ if [[ "$reEnrollmentMethodChecks" ]] && [[ $eraseInstall == 1 ]] && [[ "$autoPKG fn_askforNewComputerName fi - # Computername is assigned after eraseinstall + # Computer name is assigned after eraseinstall if [[ "$newComputerName" ]]; then - /bin/echo "Assinged computer name after eraseinstall: $newComputerName" + /bin/echo "Assigned computer name after eraseinstall: $newComputerName" /bin/echo "$newComputerName" > /private/tmp/reEnrollmentMethod.newComputerName.txt fi fi # re-enrollment and erase install - prep for naming the computer after eraseinstall stage @@ -582,7 +582,7 @@ if [[ "$reEnrollmentMethodChecks" ]] && [[ $eraseInstall == 1 ]] || [[ "$autoPKG /bin/echo "Results from package creation policy: $autoPKGEnrollmentEventName" /bin/echo "$autoEnrollPKGResult" - ##Make and array of the packages built with productbuild - For future ideas + ##Make and array of the packages built with 'productbuild' - For future ideas IFS=$'\n' productbuildPackages=($(/bin/echo "$autoEnrollPKGResult" | /usr/bin/grep productbuild | /usr/bin/awk -F 'Wrote product to ' '{ print $2 }')) unset IFS @@ -595,7 +595,7 @@ if [[ "$reEnrollmentMethodChecks" ]] && [[ $eraseInstall == 1 ]] || [[ "$autoPKG else echo "startosinstall with installpackage is not supported on this version $version" - "$jHelper" -windowType utility -title "$title" -icon "$icon" -heading "Re-enrollment Preperation Failed" -description "We were unable to prepare your computer for $macOSname with re-enrollment. + "$jHelper" -windowType utility -title "$title" -icon "$icon" -heading "Re-enrollment Preparation Failed" -description "We were unable to prepare your computer for $macOSname with re-enrollment. Re-enrollment packages are not supported on $version. Minimum version is macOS 10.13.4" -iconSize 100 -button1 "OK" -defaultButton 1 @@ -610,26 +610,26 @@ if [[ "$reEnrollmentMethodChecks" ]] && [[ $eraseInstall == 1 ]] || [[ "$autoPKG if [[ "$autoEnrollPKGResult" == *"DEP Crossover"* ]] ; then - "$jHelper" -windowType utility -title "$title" -icon "$icon" -heading "Re-enrollment Preperation Failed" -description "We were unable to prepare your computer for $macOSname with re-enrollment. + "$jHelper" -windowType utility -title "$title" -icon "$icon" -heading "Re-enrollment Preparation Failed" -description "We were unable to prepare your computer for $macOSname with re-enrollment. The Mac is assigned for Device Enrollment to a different Jamf Pro Server in Apple Business Manager." -iconSize 100 -button1 "OK" -defaultButton 1 elif [[ "$autoEnrollPKGResult" == *"DEP multiple Jamf Pro"* ]] ; then - "$jHelper" -windowType utility -title "$title" -icon "$icon" -heading "Re-enrollment Preperation Failed" -description "We were unable to prepare your computer for $macOSname with re-enrollment. + "$jHelper" -windowType utility -title "$title" -icon "$icon" -heading "Re-enrollment Preparation Failed" -description "We were unable to prepare your computer for $macOSname with re-enrollment. The Mac is assigned for Device Enrollment across multiple Jamf Pro Servers." -iconSize 100 -button1 "OK" -defaultButton 1 elif [[ "$autoEnrollPKGResult" == *"failed to get invitationCode"* ]] ; then - "$jHelper" -windowType utility -title "$title" -icon "$icon" -heading "Re-enrollment Preperation Failed" -description "We were unable to prepare your computer for $macOSname with re-enrollment. + "$jHelper" -windowType utility -title "$title" -icon "$icon" -heading "Re-enrollment Preparation Failed" -description "We were unable to prepare your computer for $macOSname with re-enrollment. Failed to generate invitationCode for the re-enrollment package." -iconSize 100 -button1 "OK" -defaultButton 1 elif [[ "$autoEnrollPKGResult" == *"no JSS URL Will not create PKG"* ]] ; then - "$jHelper" -windowType utility -title "$title" -icon "$icon" -heading "Re-enrollment Preperation Failed" -description "We were unable to prepare your computer for $macOSname with re-enrollment. + "$jHelper" -windowType utility -title "$title" -icon "$icon" -heading "Re-enrollment Preparation Failed" -description "We were unable to prepare your computer for $macOSname with re-enrollment. The package creation script is not configure correctly. No JSS URL configured." -iconSize 100 -button1 "OK" -defaultButton 1 else - "$jHelper" -windowType utility -title "$title" -icon "$icon" -heading "Re-enrollment Preperation Failed" -description "We were unable to prepare your computer for $macOSname with re-enrollment. + "$jHelper" -windowType utility -title "$title" -icon "$icon" -heading "Re-enrollment Preparation Failed" -description "We were unable to prepare your computer for $macOSname with re-enrollment. Re-enrollment package could not be found." -iconSize 100 -button1 "OK" -defaultButton 1 fi From d103a2454e2f7804492eb1e763a991e19c8dfd8b Mon Sep 17 00:00:00 2001 From: David Ramirez Date: Sat, 22 Jun 2019 06:42:17 +0200 Subject: [PATCH 8/8] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8b620e5..aca96ea 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ Requirements: * macOS Installer 10.12.4 or later * `eraseInstall` option is ONLY supported with macOS Installer 10.13.4+ and client-side macOS 10.13+ * Look over the USER VARIABLES and configure as needed. -* To make use the re-enroll work-flow check out, [re-enroll-mac-into-jamf-after-wipe](https://github.com/cubandave/re-enroll-mac-into-jamf-after-wipe). +* To make use of the re-enroll work-flow check out, [re-enroll-mac-into-jamf-after-wipe](https://github.com/cubandave/re-enroll-mac-into-jamf-after-wipe). *This workflow will **not** work if a user is not logged in since the `startosinstall` binary requires a user to be logged in. Tested with macOS 10.13.4 and you will get errors in that the process couldn't establish a connection to the WindowServer.*