mtan93/Installomator
1
0
Fork 0
mirror of https://github.com/mtan93/Installomator.git synced 2026-03-08 05:31:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'dev' into Theile-labels-9.0

Browse Source
This commit is contained in:
Søren Theilgaard
2022-01-09 21:32:59 +01:00
committed by GitHub
parent 9b47ed2e3f 188689f1fd
commit 18e3024604
14 changed files with 149 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGELOG.md
View File

@@ -1,7 +1,11 @@
## v9?
- We have moved the root check to the beginning of the script, and improved DEBUG handling with two different modes. `DEBUG=0` is still for production, and `1` is still for the DEBUG we previously knew downloading to the directory it is running from, but `2` will download to temporary folder, will detect updates, but will not install anything, but it will notify the user (almost as running the script without root before).
- `pkgName` can now be searched for. An example is logitechoptions.
- `pkgName` in a label can now be searched for. An example is logitechoptions, where only the name of the pkg is given, and not the exact file path to it.
- `LSMinimumSystemVersion` will now be honered, if the `Info.plist` in the app is specifying this. That means that an app that has this parameter in that file and it shows that the app requires a newer version of the OS than is currently installed, then we will not install it.
- New variable `RETURN_LABEL_NAME`. If given the value `1`, like `RETURN_LABEL_NAME=1` then Installomator only returns the name of the label. It makes for a better user friendly message for displaying in DEPNotify if that is integrated.
- Changed logic if `IGNORE_APP_STORE_APPS=yes`. Before this version a label like `microsoftonedrive` that was installed from App Store, and that we want to replace with the “ordinary” version, Installomator would still use `updateTool`, even though `IGNORE_APP_STORE_APPS=yes`. So we would have to have `INSTALL=force` in order to have the app replaced, as `updateTool` would be used. But now if `IGNORE_APP_STORE_APPS=yes` then `updateTool` will be not set, and the App Store app will be replaced. BUT if the installed software was not from App Store, then `updateTool` will not be used, and it would be a kind of a forced install (in the example of `microsoftonedrive`), except if the version is the same (where installation is skipped).
- Added variable `SYSTEMOWNER` that is used when copying files when installing. Default `0` is to change owner of the app to the current user on the Mac, like this user was installing this app themselves. When using `1` we will put “root:wheel” on the app, which can be useful for shared machines.
## v8.0

1
Labels.txt
View File

@@ -328,6 +328,7 @@ textmate
theunarchiver
things
thunderbird
tidal
toggltrack
tom4aconverter
torbrowser

6
README.md
View File

@@ -262,6 +262,12 @@ __options:__
- `no`: If installed app is from App Store (which include VPP installed apps) it will not be touched, no matter it's version (default)
- `yes`: Replace App Store (and VPP) version of app and handle future updates using Installomator, even if latest version. Shouldnt give any problems for the user in most cases. Known bad example: Slack will loose all settings.
### Owner of copied apps
Default is `SYSTEMOWNER=0`
__options:__
- `0`: Current user will be owner of copied apps, just like if they installed it themselves (default).
- `1`: root:wheel will be set on the copied app. Useful for shared machines.
### Install behavior (force installation)
Since we now make a version checking, and only installs the software if the version is different, an `INSTALL` variable can be used to force the installation:

3
fragments/arguments.sh
View File

@@ -1,7 +1,8 @@
# MARK: check minimal macOS requirement
autoload is-at-least
if ! is-at-least 10.14 $(sw_vers -productVersion); then
installedOSversion=$(sw_vers -productVersion)
if ! is-at-least 10.14 $installedOSversion; then
printlog "Installomator requires at least macOS 10.14 Mojave."
exit 98
fi

74
fragments/functions.sh
View File

@@ -18,6 +18,10 @@ cleanupAndExit() { # $1 = exit code, $2 message
# If we closed any processes, reopen the app again
reopenClosedProcess
printlog "################## End Installomator, exit code $1 \n\n"
# if label is wrong and we wanted name of the label, then return ##################
if [[ $RETURN_LABEL_NAME -eq 1 ]]; then
echo "#"
fi
exit "$1"
}
@@ -66,7 +70,7 @@ log_location="/private/var/log/Installomator.log"
printlog(){
timestamp=$(date +%F\ %T)
if [[ "$(whoami)" == "root" ]]; then
echo "$timestamp" "$label" "$1" | tee -a $log_location
else
@@ -78,7 +82,7 @@ printlog(){
downloadURLFromGit() { # $1 git user name, $2 git repo name
gitusername=${1?:"no git user name"}
gitreponame=${2?:"no git repo name"}
if [[ $type == "pkgInDmg" ]]; then
filetype="dmg"
elif [[ $type == "pkgInZip" ]]; then
@@ -86,7 +90,7 @@ downloadURLFromGit() { # $1 git user name, $2 git repo name
else
filetype=$type
fi
if [ -n "$archiveName" ]; then
downloadURL=$(curl --silent --fail "https://api.github.com/repos/$gitusername/$gitreponame/releases/latest" \
| awk -F '"' "/browser_download_url/ && /$archiveName\"/ { print \$4; exit }")
@@ -108,7 +112,7 @@ versionFromGit() {
# $1 git user name, $2 git repo name
gitusername=${1?:"no git user name"}
gitreponame=${2?:"no git repo name"}
appNewVersion=$(curl --silent --fail "https://api.github.com/repos/$gitusername/$gitreponame/releases/latest" | grep tag_name | cut -d '"' -f 4 | sed 's/[^0-9\.]//g')
if [ -z "$appNewVersion" ]; then
printlog "could not retrieve version number for $gitusername/$gitreponame"
@@ -122,7 +126,7 @@ versionFromGit() {
# Handling of differences in xpath between Catalina and Big Sur
xpath() {
# the xpath tool changes in Big Sur and now requires the `-e` option
# the xpath tool changes in Big Sur and now requires the `-e` option
if [[ $(sw_vers -buildVersion) > "20A" ]]; then
/usr/bin/xpath -e $@
# alternative: switch to xmllint (which is not perl)
@@ -142,7 +146,7 @@ getAppVersion() {
printlog "Custom App Version detection is used, found $appversion"
return
fi
# pkgs contains a version number, then we don't have to search for an app
if [[ $packageID != "" ]]; then
appversion="$(pkgutil --pkg-info-plist ${packageID} 2>/dev/null | grep -A 1 pkg-version | tail -1 | sed -E 's/.*>([0-9.]*)<.*/\1/g')"
@@ -154,7 +158,7 @@ getAppVersion() {
printlog "No version found using packageID $packageID"
fi
fi
# get app in /Applications, or /Applications/Utilities, or find using Spotlight
if [[ -d "/Applications/$appName" ]]; then
applist="/Applications/$appName"
@@ -211,7 +215,7 @@ checkRunningProcesses() {
if pgrep -xq "$x"; then
printlog "found blocking process $x"
appClosed=1
case $BLOCKING_PROCESS_ACTION in
quit|quit_kill)
printlog "telling app $x to quit"
@@ -298,7 +302,7 @@ checkRunningProcesses() {
reopenClosedProcess() {
# If Installomator closed any processes, let's get the app opened again
# credit: Søren Theilgaard (@theilgaard)
# don't reopen if REOPEN is not "yes"
if [[ $REOPEN != yes ]]; then
printlog "REOPEN=no, not reopening anything"
@@ -310,7 +314,7 @@ reopenClosedProcess() {
printlog "DEBUG mode 1, not reopening anything"
return
fi
if [[ $appClosed == 1 ]]; then
printlog "Telling app $appName to open"
#runAsUser osascript -e "tell app \"$appName\" to open"
@@ -345,8 +349,7 @@ installAppWithPath() { # $1: path to app to install in $targetDir
cleanupAndExit 5 "Team IDs do not match"
fi
# versioncheck
# credit: Søren Theilgaard (@theilgaard)
# app versioncheck
appNewVersion=$(defaults read $appPath/Contents/Info.plist $versionKey)
if [[ -n $appNewVersion && $appversion == $appNewVersion ]]; then
printlog "Downloaded version of $name is $appNewVersion, same as installed."
@@ -364,6 +367,21 @@ installAppWithPath() { # $1: path to app to install in $targetDir
printlog "Downloaded version of $name is $appNewVersion (replacing version $appversion)."
fi
# macOS versioncheck
minimumOSversion=$(defaults read $appPath/Contents/Info.plist LSMinimumSystemVersion)
if [[ $minimumOSversion =~ '[0-9.]*' ]]; then
printlog "App has LSMinimumSystemVersion: $minimumOSversion"
if ! is-at-least $minimumOSversion $installedOSversion; then
printlog "App requires higher System Version than installed: $installedOSversion"
message="Cannot install $name, version $appNewVersion, as it is not compatible with the running system version."
if [[ $currentUser != "loginwindow" && $NOTIFY == "all" ]]; then
printlog "notifying"
displaynotification "$message" "Error updating $name!"
fi
cleanupAndExit 6 "Installed macOS is too old for this app."
fi
fi
# skip install for DEBUG 1
if [ "$DEBUG" -eq 1 ]; then
printlog "DEBUG mode 1 enabled, skipping remove, copy and chown steps"
@@ -375,10 +393,10 @@ installAppWithPath() { # $1: path to app to install in $targetDir
printlog "DEBUG mode 2 enabled, exiting"
cleanupAndExit 0
fi
# Test if variable CLIInstaller is set
if [[ -z $CLIInstaller ]]; then
# remove existing application
if [ -e "$targetDir/$appName" ]; then
printlog "Removing existing $targetDir/$appName"
@@ -392,11 +410,12 @@ installAppWithPath() { # $1: path to app to install in $targetDir
fi
# set ownership to current user
if [ "$currentUser" != "loginwindow" ]; then
if [[ "$currentUser" != "loginwindow" && $SYSTEMOWNER -ne 1 ]]; then
printlog "Changing owner to $currentUser"
chown -R "$currentUser" "$targetDir/$appName"
else
printlog "No user logged in, not changing user"
printlog "No user logged in or SYSTEMOWNER=1, setting owner to root:wheel"
chown -R root:wheel "$targetDir/$appName"
fi
elif [[ ! -z $CLIInstaller ]]; then
@@ -441,12 +460,12 @@ installFromDMG() {
installFromPKG() {
# verify with spctl
printlog "Verifying: $archiveName"
if ! spctlout=$(spctl -a -vv -t install "$archiveName" 2>&1 ); then
printlog "Error verifying $archiveName"
cleanupAndExit 4
fi
teamID=$(echo $spctlout | awk -F '(' '/origin=/ {print $2 }' | tr -d '()' )
# Apple signed software has no teamID, grab entire origin instead
@@ -465,10 +484,11 @@ installFromPKG() {
# Check version of pkg to be installed if packageID is set
if [[ $packageID != "" && $appversion != "" ]]; then
printlog "Checking package version."
pkgutil --expand "$archiveName" "$archiveName"_pkg
#printlog "$(cat "$archiveName"_pkg/Distribution | xpath '//installer-gui-script/pkg-ref[@id][@version]' 2>/dev/null)"
appNewVersion=$(cat "$archiveName"_pkg/Distribution | xpath '//installer-gui-script/pkg-ref[@id][@version]' 2>/dev/null | grep -i "$packageID" | tr ' ' '\n' | grep -i version | cut -d \" -f 2) #sed -E 's/.*\"([0-9.]*)\".*/\1/g'
rm -r "$archiveName"_pkg
baseArchiveName=$(basename $archiveName)
expandedPkg="$tmpDir/${baseArchiveName}_pkg"
pkgutil --expand "$archiveName" "$expandedPkg"
appNewVersion=$(cat "$expandedPkg"/Distribution | xpath 'string(//installer-gui-script/pkg-ref[@id][@version]/@version)' 2>/dev/null )
rm -r "$expandedPkg"
printlog "Downloaded package $packageID version $appNewVersion"
if [[ $appversion == $appNewVersion ]]; then
printlog "Downloaded version of $name is the same as installed."
@@ -484,7 +504,7 @@ installFromPKG() {
fi
fi
fi
# skip install for DEBUG 1
if [ "$DEBUG" -eq 1 ]; then
printlog "DEBUG enabled, skipping installation"
@@ -494,7 +514,7 @@ installFromPKG() {
# skip install for DEBUG 2
if [ "$DEBUG" -eq 2 ]; then
printlog "DEBUG mode 2 enabled, exiting"
cleanupAndExit 0
cleanupAndExit 0
fi
# install pkg
@@ -508,17 +528,17 @@ installFromPKG() {
installFromZIP() {
# unzip the archive
printlog "Unzipping $archiveName"
# tar -xf "$archiveName"
# note: when you expand a zip using tar in Mojave the expanded
# app will never pass the spctl check
# unzip -o -qq "$archiveName"
# note: githubdesktop fails spctl verification when expanded
# with unzip
ditto -x -k "$archiveName" "$tmpDir"
installAppWithPath "$tmpDir/$appName"
}

53
fragments/header.sh
View File

@@ -23,8 +23,8 @@ export PATH=/usr/bin:/bin:/usr/sbin:/sbin
# set to 0 for production, 1 or 2 for debugging
# while debugging, items will be downloaded to the parent directory of this script
# also no actual installation will be performed
# debug mode 1 will download to the directory the script is run in, but will not check version
# debug mode 2 will download to the temp directory, check for blocking processes, check version, but will not install anything or remove the current version
# debug mode 1 will download to the directory the script is run in, but will not check the version
# debug mode 2 will download to the temp directory, check for blocking processes, check the version, but will not install anything or remove the current version
DEBUG=1
# notify behavior
@@ -39,14 +39,14 @@ NOTIFY=success
BLOCKING_PROCESS_ACTION=tell_user
# options:
# - ignore continue even when blocking processes are found
# - quit app will be told to quit nicely, if running
# - quit app will be told to quit nicely if running
# - quit_kill told to quit twice, then it will be killed
# Could be great for service apps, if they do not respawn
# Could be great for service apps if they do not respawn
# - silent_fail exit script without prompt or installation
# - prompt_user show a user dialog for each blocking process found
# abort after three attempts to quit
# (only if user accepts to quit the apps, otherwise
# the update is cancelled).
# (only if the user accepts to quit the apps, otherwise
# the update is canceled).
# - prompt_user_then_kill
# show a user dialog for each blocking process found,
# attempt to quit two times, kill the process finally
@@ -54,10 +54,10 @@ BLOCKING_PROCESS_ACTION=tell_user
# Like prompt-user, but clicking "Not Now", will just wait an hour,
# and then it will ask again.
# WARNING! It might block the MDM agent on the machine, as
# the scripts gets stuct in waiting until the hour has passed,
# the scripts get stuck in waiting until the hour has passed,
# possibly blocking for other management actions in this time.
# - tell_user User will be showed a notification about the important update,
# but user is only allowed to quit and continue, and then we
# - tell_user User will be shown a notification about the important update,
# but the user is only allowed to quit and continue, and then we
# ask the app to quit.
# - tell_user_then_kill
# Show dialog 2 times, and if the quitting fails, the
@@ -81,18 +81,25 @@ LOGO=appstore
# App Store apps handling
IGNORE_APP_STORE_APPS=no
# options:
# - no If installed app is from App Store (which include VPP installed apps)
# it will not be touched, no matter it's version (default)
# - yes Replace App Store (and VPP) version of app and handle future
# - no If the installed app is from App Store (which include VPP installed apps)
# it will not be touched, no matter its version (default)
# - yes Replace App Store (and VPP) version of the app and handle future
# updates using Installomator, even if latest version.
# Shouldnt give any problems for the user in most cases.
# Known bad example: Slack will loose all settings.
# Known bad example: Slack will lose all settings.
# Owner of copied apps
SYSTEMOWNER=0
# options:
# - 0 Current user will be owner of copied apps, just like if they
# installed it themselves (default).
# - 1 root:wheel will be set on the copied app.
# Useful for shared machines.
# install behavior
INSTALL=""
# options:
# - When not set, software will only be installed
# - When not set, the software will only be installed
# if it is newer/different in version
# - force Install even if its the same version
@@ -100,9 +107,17 @@ INSTALL=""
# Re-opening of closed app
REOPEN="yes"
# options:
# - yes App wil be reopened if it was closed
# - yes App will be reopened if it was closed
# - no App not reopened
# Only let Installomator return the name of the label
# RETURN_LABEL_NAME=0
# options:
# - 1 Installomator will return the name of the label and exit, so last line of
# output will be that name. When Installomator is locally installed and we
# use DEPNotify, then DEPNotify can present a more nice name to the user,
# instead of just the label name.
# NOTE: How labels work
@@ -126,7 +141,7 @@ REOPEN="yes"
#
# - packageID: (optional)
# The package ID of a pkg
# If given, will be used to find version of installed software, instead of searching for an app.
# If given, will be used to find the version of installed software, instead of searching for an app.
# Usefull if a pkg does not install an app.
# See label installomator_st
#
@@ -136,7 +151,7 @@ REOPEN="yes"
#
# - appNewVersion: (optional)
# Version of the downloaded software.
# If given, it will be compared to installed version, to see if download is different.
# If given, it will be compared to the installed version, to see if the download is different.
# It does not check for newer or not, only different.
#
# - versionKey: (optional)
@@ -207,10 +222,10 @@ REOPEN="yes"
#
# - CLIInstaller:
# - CLIArguments:
# If the downloaded dmg is actually an installer that we can call using CLI, we can
# If the downloaded dmg is an installer that we can call using CLI, we can
# use these two variables for what to call.
# We need to define `name` for the installed app (to be version checked), as well as
# `installerTool` for the installer app (if named differently that `name`. Installomator
# `installerTool` for the installer app (if named differently than `name`. Installomator
# will add the path to the folder/disk image with the binary, and it will be called like this:
`$CLIInstaller $CLIArguments`
# For most installations `CLIInstaller` should contain the `installerTool` for the CLI call

8
fragments/labels/boxdrive.sh
View File

@@ -1,12 +1,6 @@
boxdrive)
# credit: Isaac Ordonez, Mann consulting (@mannconsulting)
name="Box"
type="pkg"
if [[ $(arch) == "arm64" ]]; then
#Note: https://support.box.com/hc/en-us/articles/1500004479962-Box-Drive-support-on-devices-with-M1-chips
downloadURL="https://e3.boxcdn.net/desktop/pre-releases/mac/BoxDrive.2.20.140-M1-beta.pkg"
elif [[ $(arch) == "i386" ]]; then
downloadURL="https://e3.boxcdn.net/box-installers/desktop/releases/mac/Box.pkg"
fi
downloadURL="https://e3.boxcdn.net/box-installers/desktop/releases/mac/Box.pkg"
expectedTeamID="M683GB7CPW"
;;

7
fragments/labels/iina Normal file
View File

@@ -0,0 +1,7 @@
iina)
name="IINA"
type="dmg"
downloadURL=$(downloadURLFromGit iina iina )
appNewVersion=$(versionFromGit iina iina )
expectedTeamID="67CQ77V27R"
;;

7
fragments/labels/itsycal.sh Normal file
View File

@@ -0,0 +1,7 @@
itsycal)
name="Itsycal"
type="zip"
downloadURL=$(curl -fs https://s3.amazonaws.com/itsycal/itsycal-apple-silicon.xml | xpath '(//rss/channel/item/enclosure/@url)[1]' 2>/dev/null | head -1 | cut -d '"' -f 2)
appNewVersion=$(curl -fs https://s3.amazonaws.com/itsycal/itsycal-apple-silicon.xml | xpath '(//rss/channel/item/enclosure/@sparkle:shortVersionString)[1]' 2>/dev/null | head -1 | cut -d '"' -f 2)
expectedTeamID="HFT3T55WND"
;;

13
fragments/labels/pritunl.sh Normal file
View File

@@ -0,0 +1,13 @@
pritunl)
name="Pritunl"
type="pkgInZip"
packageID="com.pritunl.pkg.Pritunl"
if [[ $(arch) == "arm64" ]]; then
archiveName="Pritunl.arm64.pkg.zip"
elif [[ $(arch) == "i386" ]]; then
archiveName="Pritunl.pkg.zip"
fi
downloadURL=$(downloadURLFromGit pritunl pritunl-client-electron)
appNewVersion=$(versionFromGit pritunl pritunl-client-electron)
expectedTeamID="U22BLATN63"
;;

8
fragments/labels/secretive.sh Normal file
View File

@@ -0,0 +1,8 @@
secretive)
name="Secretive"
type="zip"
downloadURL=$(downloadURLFromGit maxgoedjen secretive)
appNewVersion=$(versionFromGit maxgoedjen secretive)
expectedTeamID="Z72PRUAWF6"
;;

4
fragments/labels/textexpander.sh
View File

@@ -1,7 +1,7 @@
textexpander)
name="TextExpander"
type="dmg"
downloadURL="https://textexpander.com/cgi-bin/redirect.pl?cmd=download&platform=osx"
appNewVersion=$( curl -fsIL "https://textexpander.com/cgi-bin/redirect.pl?cmd=download&platform=osx" | grep -i "^location" | awk '{print $2}' | tail -1 | cut -d "_" -f2 | sed -nre 's/^[^0-9]*(([0-9]+\.)*[0-9]+).*/\1/p' )
downloadURL="https://cgi.textexpander.com/cgi-bin/redirect.pl?cmd=download&platform=osx"
appNewVersion=$( curl -fsIL "https://cgi.textexpander.com/cgi-bin/redirect.pl?cmd=download&platform=osx" | grep -i "^location" | awk '{print $2}' | tail -1 | cut -d "_" -f2 | sed -nre 's/^[^0-9]*(([0-9]+\.)*[0-9]+).*/\1/p' )
expectedTeamID="7PKJ6G4DXL"
;;

7
fragments/labels/tidal.sh Normal file
View File

@@ -0,0 +1,7 @@
tidal)
name="TIDAL"
type="dmg"
downloadURL="https://download.tidal.com/desktop/TIDAL.dmg"
appNewVersion=$(curl -fs https://update.tidal.com/updates/latest\?v\=1 | cut -d '"' -f4 | sed -E 's/https.*\/TIDAL\.([0-9.]*)\.zip/\1/g')
expectedTeamID="GK2243L7KB"
;;

12
fragments/main.sh
View File

@@ -5,6 +5,13 @@
;;
esac
# Are we only asked to return label name
if [[ $RETURN_LABEL_NAME -eq 1 ]]; then
printlog "Only returning label name."
printlog "$name"
echo "$name"
exit
fi
# MARK: application download and installation starts here
@@ -116,9 +123,8 @@ getAppVersion
printlog "appversion: $appversion"
# MARK: Exit if new version is the same as installed version (appNewVersion specified)
# credit: Søren Theilgaard (@theilgaard)
if [[ $INSTALL == "force" ]]; then
printlog "Using force to install, so not using updateTool."
if [[ "$type" != "updateronly" && ($INSTALL == "force" || $IGNORE_APP_STORE_APPS == "yes") ]]; then
printlog "Label is not of type “updateronly”, and its set to use force to install or ignoring app store apps, so not using updateTool."
updateTool=""
fi
if [[ -n $appNewVersion ]]; then