Improved detection if signature was missing

@scriptingosx: Wandering if we should just detect if Team IDs match anyway, and continue the installation no matter the gatekeeper setting for allowing App Store apps only.

CHANGELOG.md

@@ -1,3 +1,5 @@
+- if `spctl`-check is `rejected` then we now show an error that it can be due to Gatekeepr only allowing apps from App Store only. Installomator requires that all identified developers are accepted as well.
+
 ## v9.1
 
 **Note**: Both Google and Mozilla recommend using the pkg installers instead of the dmg downloads for managed deployments. So far, Installomator has provided labels for both. (`googlechrome` and `googlechromepkg` or `firefox` and `firefoxpkg`, respectively) Since there are problems with the dmg downloads, a future release of Installomator will _disable_ the `firefox` and `googlechrome` dmg labels. You should switch to using the respective pkg labels instead.

fragments/functions.sh

@@ -425,6 +425,13 @@ installAppWithPath() { # $1: path to app to install in $targetDir
 
     if [[ $appVerifyStatus -ne 0 ]] ; then
     #if ! teamID=$(spctl -a -vv "$appPath" 2>&1 | awk '/origin=/ {print $NF }' | tr -d '()' ); then
+        if [[ "$(echo $appVerify | head -1 | grep -oi rejected)" = "rejected" ]]; then
+            if [[ "$(echo $appVerify | tail -1)" = "source=no usable signature" ]]; then
+                printlog "Gatekeeper check rejected. No usable signature." ERROR
+            else
+                printlog "Gatekeeper check rejected. Could be that gatekeeper settings only accept App Store apps." ERROR
+            fi
+        fi
         cleanupAndExit 4 "Error verifying $appPath error:\n$logoutput" ERROR
     fi
     printlog "Debugging enabled, App Verification output was:\n$logoutput" DEBUG
@@ -578,6 +585,13 @@ installFromPKG() {
 
     if [[ $spctlStatus -ne 0 ]] ; then
     #if ! spctlout=$(spctl -a -vv -t install "$archiveName" 2>&1 ); then
+        if [[ "$(echo $spctlOut | head -1 | grep -oi rejected)" = "rejected" ]]; then
+            if [[ "$(echo $spctlOut | tail -1)" = "source=no usable signature" ]]; then
+                printlog "Gatekeeper check rejected. No usable signature." ERROR
+            else
+                printlog "Gatekeeper check rejected. Could be that gatekeeper settings only accept App Store apps." ERROR
+            fi
+        fi
         cleanupAndExit 4 "Error verifying $archiveName error:\n$logoutput" ERROR
     fi
 

fragments/labels/dbeaverce.sh

@@ -1,13 +1,7 @@
 dbeaverce)
     name="DBeaver"
     type="dmg"
-    if [[ $(arch) == "arm64" ]]; then
-        downloadURL="https://dbeaver.io/files/dbeaver-ce-latest-macos-aarch64.dmg"
-        appNewVersion="$(curl -fsIL "${downloadURL}" | grep -i ^location | sed 's/^.*[^0-9]\([0-9]*\.[0-9]*\.[0-9]*\).*$/\1/' | head -1)"
-    elif [[ $(arch) == "i386" ]]; then
-        downloadURL="https://dbeaver.io/files/dbeaver-ce-latest-macos.dmg"
-        appNewVersion="$(curl -fsIL "${downloadURL}" | grep -i ^location | sed 's/^.*[^0-9]\([0-9]*\.[0-9]*\.[0-9]*\).*$/\1/' | head -1)"
-    fi
+    downloadURL="https://dbeaver.io/files/dbeaver-ce-latest-macos.dmg"
     expectedTeamID="42B6MDKMW8"
     blockingProcesses=( dbeaver )
     ;;

fragments/labels/forticlient_ztna.sh

@@ -1,9 +0,0 @@
-forticlient_ztna)
-    name="FortiClient ZTNA"
-    type="pkgInDmg"
-    pkgName="Install.mpkg"
-    packageID="com.fortinet.forticlient."
-    downloadURL="https://links.fortinet.com/forticlient/mac/fabricagent"
-    appNewVersion="$(curl -fsL "$downloadURL" --remote-header-name --remote-name -w "%{url_effective}\n" -r 0-0 | cut -d "_" -f2)"
-    expectedTeamID="AH4XFXJ7DK"
-    ;;

fragments/labels/propresenter7.sh

@@ -1,9 +0,0 @@
-propresenter7)
-    name="ProPresenter 7"
-    appName="ProPresenter.app"
-    type="zip"
-    blockingProcesses="ProPresenter"
-    downloadURL=$(curl -s "https://api.renewedvision.com/v1/pro/upgrade?platform=macos&osVersion=12&appVersion=771&buildNumber=117899527&includeNotes=false" | grep -Eo '"downloadUrl":.*?[^\]",' | head -n 1 | cut -d \" -f 4 | sed -e 's/\\//g')
-    appNewVersion=$(curl -s "https://api.renewedvision.com/v1/pro/upgrade?platform=macos&osVersion=12&appVersion=771&buildNumber=117899527&includeNotes=false" | grep -Eo '"version":.*?[^\]",' | head -n 1 | cut -d \" -f 4)
-    expectedTeamID="97GAAZ6CPX"
-    ;;

fragments/labels/ringcentralapp.sh

@@ -1,12 +1,8 @@
 ringcentralapp)
     # credit: Isaac Ordonez, Mann consulting (@mannconsulting)
-    name="Ringcentral"
-    type="pkg"
-    if [[ $(arch) != "i386" ]]; then
-        downloadURL="https://app.ringcentral.com/download/RingCentral-arm64.pkg"
-    else
-        downloadURL="https://app.ringcentral.com/download/RingCentral.pkg"
-    fi
+    name="Glip"
+    type="dmg"
+    downloadURL="https://downloads.ringcentral.com/glip/rc/GlipForMac"
     expectedTeamID="M932RC5J66"
-    blockingProcesses=( "Ringcentral" )
+    blockingProcesses=( "Glip" )
     ;;

grammarly.sh

@@ -0,0 +1,9 @@
+grammarly)
+    name="Grammarly Desktop"
+    type="dmg"
+    packageID="com.grammarly.ProjectLlama"
+    downloadURL=$(curl -fsL "https://download-mac.grammarly.com/appcast.xml" | xpath '//rss/channel/item[1]/enclosure/@url' 2>/dev/null  | cut -d '"' -f 2)
+    expectedTeamID="W8F64X92K3"
+    appNewVersion=$(curl -is "https://download-mac.grammarly.com/appcast.xml" | grep sparkle:version | tr ',' '\n' | grep sparkle:version | cut -d '"' -f 4)
+    appName="Grammarly Installer.app"
+    ;;