Improved detection if signature was missing

@scriptingosx: Wandering if we should just detect if Team IDs match anyway, and continue the installation no matter the gatekeeper setting for allowing App Store apps only.

CHANGELOG.md

@@ -1,3 +1,5 @@
+- if `spctl`-check is `rejected` then we now show an error that it can be due to Gatekeepr only allowing apps from App Store only. Installomator requires that all identified developers are accepted as well.
+
 ## v9.1
 
 **Note**: Both Google and Mozilla recommend using the pkg installers instead of the dmg downloads for managed deployments. So far, Installomator has provided labels for both. (`googlechrome` and `googlechromepkg` or `firefox` and `firefoxpkg`, respectively) Since there are problems with the dmg downloads, a future release of Installomator will _disable_ the `firefox` and `googlechrome` dmg labels. You should switch to using the respective pkg labels instead.

Installomator.sh

@@ -80,6 +80,7 @@ LOGO=appstore
 #   - mosyleb       Mosyle Business
 #   - mosylem       Mosyle Manager (Education)
 #   - addigy        Addigy
+#   - microsoft     Microsoft Endpoint Manager (Intune)
 # path can also be set in the command call, and if file exists, it will be used.
 # Like 'LOGO="/System/Applications/App\ Store.app/Contents/Resources/AppIcon.icns"'
 # (spaces have to be escaped).
@@ -4831,6 +4832,11 @@ case $LOGO in
         LOGO="/Library/Addigy/macmanage/MacManage.app/Contents/Resources/atom.icns"
         if [[ -z $MDMProfileName ]]; then; MDMProfileName="MDM Profile"; fi
         ;;
+    microsoft)
+        # Microsoft Endpoint Manager (Intune)
+        LOGO="/Library/Intune/Microsoft Intune Agent.app/Contents/Resources/AppIcon.icns"
+        if [[ -z $MDMProfileName ]]; then; MDMProfileName="Management Profile"; fi
+        ;;
 esac
 if [[ ! -a "${LOGO}" ]]; then
     if [[ $(sw_vers -buildVersion) > "19" ]]; then

fragments/functions.sh

@@ -425,6 +425,13 @@ installAppWithPath() { # $1: path to app to install in $targetDir
 
     if [[ $appVerifyStatus -ne 0 ]] ; then
     #if ! teamID=$(spctl -a -vv "$appPath" 2>&1 | awk '/origin=/ {print $NF }' | tr -d '()' ); then
+        if [[ "$(echo $appVerify | head -1 | grep -oi rejected)" = "rejected" ]]; then
+            if [[ "$(echo $appVerify | tail -1)" = "source=no usable signature" ]]; then
+                printlog "Gatekeeper check rejected. No usable signature." ERROR
+            else
+                printlog "Gatekeeper check rejected. Could be that gatekeeper settings only accept App Store apps." ERROR
+            fi
+        fi
         cleanupAndExit 4 "Error verifying $appPath error:\n$logoutput" ERROR
     fi
     printlog "Debugging enabled, App Verification output was:\n$logoutput" DEBUG
@@ -578,6 +585,13 @@ installFromPKG() {
 
     if [[ $spctlStatus -ne 0 ]] ; then
     #if ! spctlout=$(spctl -a -vv -t install "$archiveName" 2>&1 ); then
+        if [[ "$(echo $spctlOut | head -1 | grep -oi rejected)" = "rejected" ]]; then
+            if [[ "$(echo $spctlOut | tail -1)" = "source=no usable signature" ]]; then
+                printlog "Gatekeeper check rejected. No usable signature." ERROR
+            else
+                printlog "Gatekeeper check rejected. Could be that gatekeeper settings only accept App Store apps." ERROR
+            fi
+        fi
         cleanupAndExit 4 "Error verifying $archiveName error:\n$logoutput" ERROR
     fi
 

fragments/header.sh

@@ -80,6 +80,7 @@ LOGO=appstore
 #   - mosyleb       Mosyle Business
 #   - mosylem       Mosyle Manager (Education)
 #   - addigy        Addigy
+#   - microsoft     Microsoft Endpoint Manager (Intune)
 # path can also be set in the command call, and if file exists, it will be used.
 # Like 'LOGO="/System/Applications/App\ Store.app/Contents/Resources/AppIcon.icns"'
 # (spaces have to be escaped).

fragments/main.sh

@@ -55,6 +55,11 @@ case $LOGO in
         LOGO="/Library/Addigy/macmanage/MacManage.app/Contents/Resources/atom.icns"
         if [[ -z $MDMProfileName ]]; then; MDMProfileName="MDM Profile"; fi
         ;;
+    microsoft)
+        # Microsoft Endpoint Manager (Intune)
+        LOGO="/Library/Intune/Microsoft Intune Agent.app/Contents/Resources/AppIcon.icns"
+        if [[ -z $MDMProfileName ]]; then; MDMProfileName="Management Profile"; fi
+        ;;
 esac
 if [[ ! -a "${LOGO}" ]]; then
     if [[ $(sw_vers -buildVersion) > "19" ]]; then

fragments/version.sh

@@ -1 +1 @@
-9.1
+10dev