├── puppettag ├── hardware_tag.txt ├── README.md ├── preinstall └── Makefile ├── ssltrust ├── .gitignore ├── scripts │ └── postinstall └── Makefile ├── yo_trigger ├── pkgroot │ ├── Library │ │ ├── Management │ │ │ └── Triggers │ │ │ │ └── yo │ │ └── LaunchAgents │ │ │ └── com.github.groob.yo-trigger.plist │ └── usr │ │ └── local │ │ └── bin │ │ └── yo-trigger ├── Makefile ├── scripts │ └── postinstall └── README.md ├── puppet-clientcert ├── .gitignore ├── Makefile ├── preinstall ├── scripts │ ├── preinstall │ └── postinstall └── postinstall ├── puppetdb-terminus ├── .gitignore ├── scripts │ └── preinstall └── Makefile ├── yo_office2016 ├── pkgroot │ ├── tmp │ │ ├── yo-message │ │ └── yo-icon.png │ └── Library │ │ └── YoNotification │ │ └── yo ├── scripts │ └── postinstall └── Makefile ├── README.md ├── logstash_forwarder ├── .gitignore ├── pkgroot │ ├── etc │ │ └── logstash-forwarder │ │ │ └── config │ │ │ ├── 01-munki.conf │ │ │ └── 00-base.conf │ └── Library │ │ └── LaunchDaemons │ │ └── com.elastic.logstash-forwarder.plist ├── scripts │ └── postinstall └── Makefile ├── r10k ├── postinstall └── Makefile ├── Dock ├── README.md ├── dock-2014-05-23 ├── dock-2014-07-14 └── Makefile ├── java_se_fix ├── README.md ├── scripts │ └── postinstall ├── Makefile └── pkgroot │ └── Library │ └── Management │ └── java_se_fix │ └── modify_java.py ├── .gitignore ├── BoxEdit_kickstart ├── box-edit-2014-07-22 └── Makefile ├── puppet-config ├── pkgroot │ └── etc │ │ └── puppet │ │ ├── puppetdb.conf │ │ ├── puppet.conf │ │ └── routes.yaml ├── scripts │ ├── postinstall │ └── preinstall └── Makefile ├── puppetrepo ├── makepkg.sh ├── preinstall ├── postinstall ├── r10k.yaml ├── edu.whitby.puppet.schedule.plist └── Makefile ├── set_desktops ├── set_wallpaper-20140320 ├── Makefile └── set_desktops.py ├── dockutil ├── README.md ├── Makefile └── dockutil ├── setName ├── Makefile └── postinstall ├── setTime ├── Makefile └── postinstall ├── scriptRunner ├── README.md ├── com.grahamgilbert.scriptrunner.plist └── Makefile ├── BoxEdit_uninstall ├── scripts │ └── postinstall └── Makefile ├── Umbrella-MacRoamingClient ├── postinstall_script ├── README.md └── installcheck_script ├── munki_postflight ├── postflight └── Makefile ├── munki_condition_shard ├── Makefile └── pkgroot │ └── usr │ └── local │ └── munki │ └── conditions │ └── shard └── Munki-nopkg ├── Auth ├── OpenSysPrefs │ ├── installcheck.py │ ├── uninstall.py │ ├── postinstall.py │ └── OpenSysPrefs-1.0.plist ├── UnlockEnergySaver │ ├── installcheck.py │ ├── uninstall.py │ └── postinstall.py ├── UnlockDateTime │ ├── installcheck.py │ ├── uninstall.py │ └── postinstall.py ├── UnlockNetwork │ ├── installcheck.py │ ├── postinstall.py │ └── uninstall.py └── UnlockPrinting │ ├── installcheck.py │ ├── postinstall.py │ ├── uninstall.py │ └── UnlockPrinting-1.0.plist └── Xcode └── XcodeCLITools-2014.07.15.plist /puppettag/hardware_tag.txt: -------------------------------------------------------------------------------- 1 | role=student 2 | -------------------------------------------------------------------------------- /ssltrust/.gitignore: -------------------------------------------------------------------------------- 1 | *.crt 2 | *.DS_Store 3 | out 4 | -------------------------------------------------------------------------------- /yo_trigger/pkgroot/Library/Management/Triggers/yo: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /puppet-clientcert/.gitignore: -------------------------------------------------------------------------------- 1 | *.pem 2 | *.crt 3 | *.key 4 | -------------------------------------------------------------------------------- /puppetdb-terminus/.gitignore: -------------------------------------------------------------------------------- 1 | out 2 | tmp 3 | pkgroot 4 | -------------------------------------------------------------------------------- /yo_office2016/pkgroot/tmp/yo-message: -------------------------------------------------------------------------------- 1 | "Office 2016 is available now" 2 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | mac-scripts 2 | =========== 3 | 4 | OS X Management Scripts 5 | -------------------------------------------------------------------------------- /yo_office2016/pkgroot/Library/YoNotification/yo: -------------------------------------------------------------------------------- 1 | "Office 2016 is now available" 2 | -------------------------------------------------------------------------------- /logstash_forwarder/.gitignore: -------------------------------------------------------------------------------- 1 | pkgroot/usr/local/bin/logstash-forwarder 2 | *.crt 3 | -------------------------------------------------------------------------------- /r10k/postinstall: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | /usr/bin/gem install r10k CFPropertyList sqlite3 4 | -------------------------------------------------------------------------------- /puppetdb-terminus/scripts/preinstall: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | /bin/rm -rf /Library/Ruby/Site/2.0.0/puppet 3 | -------------------------------------------------------------------------------- /Dock/README.md: -------------------------------------------------------------------------------- 1 | Makefile and script by Graham Gilbert: 2 | https://github.com/grahamgilbert/automate_psu_2014 3 | -------------------------------------------------------------------------------- /java_se_fix/README.md: -------------------------------------------------------------------------------- 1 | http://michaellynn.github.io/2015/08/10/even-more-oracle-java-compatibility/ 2 | 3 | 4 | -------------------------------------------------------------------------------- /java_se_fix/scripts/postinstall: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | /usr/bin/python /Library/Management/java_se_fix/modify_java.py 4 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.pkg 2 | *.zip 3 | /puppetrepo/environments 4 | /puppetrepo/hieradata 5 | */logstash-forwarder 6 | *.DS_Store 7 | -------------------------------------------------------------------------------- /BoxEdit_kickstart/box-edit-2014-07-22: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | /usr/bin/open '/Applications/Box Edit.app' 4 | 5 | exit 0 6 | 7 | -------------------------------------------------------------------------------- /puppettag/README.md: -------------------------------------------------------------------------------- 1 | Use the command 2 | TAG= make pkg 3 | to create a custom role=${TAG} fact package. 4 | -------------------------------------------------------------------------------- /yo_office2016/pkgroot/tmp/yo-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/whitby/mac-scripts/HEAD/yo_office2016/pkgroot/tmp/yo-icon.png -------------------------------------------------------------------------------- /puppet-config/pkgroot/etc/puppet/puppetdb.conf: -------------------------------------------------------------------------------- 1 | [main] 2 | soft_write_failure = true 3 | server = puppetdb.whitbylab.org 4 | port = 8081 5 | -------------------------------------------------------------------------------- /puppetrepo/makepkg.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | rm -rf ./hieradata 4 | rm -rf ./environments 5 | r10k deploy environment -p -c r10k.yaml 6 | -------------------------------------------------------------------------------- /yo_trigger/pkgroot/usr/local/bin/yo-trigger: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | MESSAGE=`(cat /tmp/yo-message)` 3 | /usr/local/bin/yo -t "$MESSAGE" -i /tmp/yo-icon.png 4 | -------------------------------------------------------------------------------- /set_desktops/set_wallpaper-20140320: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | sleep 15 4 | /usr/bin/python /Library/Management/bin/set_desktops.py --path "/Library/Desktop Pictures/Elephant.jpg" 5 | -------------------------------------------------------------------------------- /yo_office2016/scripts/postinstall: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | /usr/bin/touch /Library/Management/Triggers/yo 3 | sleep 2 4 | /usr/bin/srm /tmp/yo-icon.png 5 | /usr/bin/srm /tmp/yo-message 6 | -------------------------------------------------------------------------------- /puppet-config/scripts/postinstall: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | UUID=$(/usr/bin/facter sp_platform_uuid|tr '[:upper:]' '[:lower:]') 3 | /usr/bin/sed -i '' "/certname/s/puppet/${UUID}/" /etc/puppet/puppet.conf 4 | -------------------------------------------------------------------------------- /dockutil/README.md: -------------------------------------------------------------------------------- 1 | Dockutil is a CLI tool for managing dock items. 2 | https://github.com/kcrawford/dockutil 3 | 4 | Makefile by Graham Gilbert 5 | https://github.com/grahamgilbert/automate_psu_2014 6 | -------------------------------------------------------------------------------- /r10k/Makefile: -------------------------------------------------------------------------------- 1 | USE_PKGBUILD=1 2 | include /usr/local/share/luggage/luggage.make 3 | TITLE=r10k 4 | PACKAGE_VERSION=1.0.0 5 | REVERSE_DOMAIN=edu.whitby 6 | PAYLOAD= \ 7 | pack-script-postinstall 8 | 9 | -------------------------------------------------------------------------------- /setName/Makefile: -------------------------------------------------------------------------------- 1 | USE_PKGBUILD=1 2 | include /usr/local/share/luggage/luggage.make 3 | TITLE=setName 4 | PACKAGE_VERSION=1.0.0 5 | REVERSE_DOMAIN=edu.whitby 6 | PAYLOAD= \ 7 | pack-script-postinstall 8 | 9 | -------------------------------------------------------------------------------- /setTime/Makefile: -------------------------------------------------------------------------------- 1 | USE_PKGBUILD=1 2 | include /usr/local/share/luggage/luggage.make 3 | TITLE=setTime 4 | PACKAGE_VERSION=1.0.0 5 | REVERSE_DOMAIN=edu.whitby 6 | PAYLOAD= \ 7 | pack-script-postinstall 8 | 9 | -------------------------------------------------------------------------------- /puppettag/preinstall: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | mkdir -p /etc/facter/facts.d 4 | 5 | if [ -e /etc/facter/facts.d/hardware_tag.txt ]; then 6 | rm "/etc/facter/facts.d/mac_role.txt" 7 | fi 8 | 9 | exit 0 10 | -------------------------------------------------------------------------------- /scriptRunner/README.md: -------------------------------------------------------------------------------- 1 | scriptRunner is a script by [natewalk](https://github.com/natewalck/Scripts) 2 | taken from Graham Gilbert's session from PSU 2014. https://github.com/grahamgilbert/automate_psu_2014 3 | -------------------------------------------------------------------------------- /ssltrust/scripts/postinstall: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | /usr/bin/security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" "/private/tmp/certs/root-ca.crt" 4 | /usr/bin/srm "/private/tmp/certs/root-ca.crt" 5 | -------------------------------------------------------------------------------- /dockutil/Makefile: -------------------------------------------------------------------------------- 1 | USE_PKGBUILD=1 2 | include /usr/local/share/luggage/luggage.make 3 | 4 | TITLE=dockutil 5 | PACKAGE_NAME=${TITLE} 6 | REVERSE_DOMAIN=com.grahamgilbert 7 | PACKAGE_VERSION=1.0 8 | PAYLOAD=\ 9 | pack-usr-local-bin-dockutil -------------------------------------------------------------------------------- /logstash_forwarder/pkgroot/etc/logstash-forwarder/config/01-munki.conf: -------------------------------------------------------------------------------- 1 | { 2 | 3 | "files": [ 4 | { 5 | "paths": [ "/Library/Managed Installs/Logs/Install.log" ], 6 | "fields": { "type": "munki_install" } 7 | } 8 | ] 9 | } 10 | -------------------------------------------------------------------------------- /puppet-config/pkgroot/etc/puppet/puppet.conf: -------------------------------------------------------------------------------- 1 | [main] 2 | certname = puppet 3 | storeconfigs = true 4 | storeconfigs_backend = puppetdb 5 | # Optional settings to submit reports to PuppetDB: 6 | report = true 7 | reports = puppetdb 8 | -------------------------------------------------------------------------------- /java_se_fix/Makefile: -------------------------------------------------------------------------------- 1 | PKGVERSION=1.0.0 2 | PKGNAME="java_se_fix" 3 | PKGID=edu.whitby.java_se_fix 4 | 5 | build: 6 | mkdir -p out 7 | pkgbuild --root pkgroot --identifier ${PKGID} --version ${PKGVERSION} --scripts scripts out/${PKGNAME}-${PKGVERSION}.pkg 8 | 9 | -------------------------------------------------------------------------------- /logstash_forwarder/pkgroot/etc/logstash-forwarder/config/00-base.conf: -------------------------------------------------------------------------------- 1 | { 2 | "network": { 3 | "servers": [ "logstash.whitbylab.org:31415" ], 4 | "ssl ca": "/etc/logstash-forwarder/ca.crt", 5 | "timeout": 15 6 | }, 7 | 8 | "files": [{}] 9 | } 10 | -------------------------------------------------------------------------------- /setTime/postinstall: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Time Settings 4 | TimeServer1=time.apple.com 5 | TimeZone=America/New_York 6 | "$3"/usr/sbin/systemsetup -setnetworktimeserver $TimeServer1 7 | "$3"/usr/sbin/systemsetup -settimezone $TimeZone 8 | "$3"/usr/sbin/ntpd -g 9 | -------------------------------------------------------------------------------- /puppet-config/pkgroot/etc/puppet/routes.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apply: 3 | catalog: 4 | terminus: compiler 5 | cache: puppetdb 6 | resource: 7 | terminus: ral 8 | cache: puppetdb 9 | facts: 10 | terminus: facter 11 | cache: puppetdb_apply 12 | -------------------------------------------------------------------------------- /yo_office2016/Makefile: -------------------------------------------------------------------------------- 1 | PKGVERSION=1.0.5 2 | PKGNAME="yo_office2016" 3 | PKGID=edu.whitby.yo.office2016 4 | 5 | build: 6 | mkdir -p out 7 | pkgbuild --root pkgroot --identifier ${PKGID} --version ${PKGVERSION} --scripts scripts out/${PKGNAME}-${PKGVERSION}.pkg 8 | 9 | -------------------------------------------------------------------------------- /yo_trigger/Makefile: -------------------------------------------------------------------------------- 1 | PKGVERSION=1.0.3 2 | PKGNAME="yo_trigger" 3 | PKGID=com.github.groob.yo_trigger 4 | 5 | build: 6 | mkdir -p out 7 | pkgbuild --root pkgroot --identifier ${PKGID} --version ${PKGVERSION} --scripts scripts out/${PKGNAME}-${PKGVERSION}.pkg 8 | 9 | -------------------------------------------------------------------------------- /puppetrepo/preinstall: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | ENVDIR="/etc/puppet/environments" 3 | HIERADIR="/etc/puppet/hieradata" 4 | 5 | if [ -d "$ENVDIR" ]; then 6 | /bin/rm -rf $ENVDIR 7 | fi 8 | if [ -d "$HIERADIR" ]; then 9 | /bin/rm -rf $HIERADIR 10 | fi 11 | 12 | exit 0 13 | -------------------------------------------------------------------------------- /setName/postinstall: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | the_command=$(ioreg -c IOPlatformExpertDevice | awk -F '\"' '/IOPlatformSerialNumber/ {print $4}') 4 | /usr/sbin/scutil --set ComputerName "$the_command.whitbyschool.net" 5 | /usr/sbin/scutil --set HostName "$the_command.whitbyschool.net" 6 | -------------------------------------------------------------------------------- /BoxEdit_uninstall/scripts/postinstall: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | if [ -d '/Applications/Box Edit.app' ]; then 4 | rm -rf '/Applications/Box Edit.app' 5 | fi 6 | 7 | if [ -d '/Library/Internet Plug-Ins/Box Edit.plugin' ]; then 8 | rm -rf '/Library/Internet Plug-Ins/Box Edit.plugin' 9 | fi 10 | -------------------------------------------------------------------------------- /Umbrella-MacRoamingClient/postinstall_script: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | PKG_VERSION=1.5.25 4 | INSTALLER_DIR="/tmp/umbrella" 5 | 6 | cd $INSTALLER_DIR && \ 7 | /usr/sbin/installer -verbose -pkg RoamingClient_MAC_$PKG_VERSION.pkg -target / 8 | 9 | rm -rf $INSTALLER_DIR 10 | 11 | exit 0 12 | -------------------------------------------------------------------------------- /yo_trigger/scripts/postinstall: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | /bin/launchctl stop com.github.groob.yo-trigger 4 | /bin/launchctl unload /Library/LaunchAgents/com.github.groob.yo-trigger.plist 5 | /bin/launchctl load /Library/LaunchAgents/com.github.groob.yo-trigger.plist 6 | /bin/launchctl start com.github.groob.yo-trigger 7 | -------------------------------------------------------------------------------- /puppetrepo/postinstall: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | ENVIRONMENT=production 3 | 4 | /bin/cp -fr /etc/puppet/environments/$ENVIRONMENT/hiera.yaml /etc/puppet/hiera.yaml 5 | /usr/bin/puppet apply --environment $ENVIRONMENT --environmentpath=/etc/puppet/environments /etc/puppet/environments/$ENVIRONMENT/manifests/site.pp 6 | 7 | exit 0 8 | 9 | -------------------------------------------------------------------------------- /logstash_forwarder/scripts/postinstall: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | /bin/launchctl stop com.elastic.logstash-forwarder 4 | /bin/launchctl unload /Library/LaunchDaemons/com.elastic.logstash-forwarder.plist 5 | /bin/launchctl load /Library/LaunchDaemons/com.elastic.logstash-forwarder.plist 6 | /bin/launchctl start com.elastic.logstash-forwarder 7 | -------------------------------------------------------------------------------- /puppet-config/scripts/preinstall: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | if [ -f /etc/puppet/puppet.conf ]; then 3 | /bin/rm -f /etc/puppet/puppet.conf 4 | fi 5 | if [ -f /etc/puppet/routes.yaml ]; then 6 | /bin/rm -f /etc/puppet/routes.yaml 7 | fi 8 | if [ -f /etc/puppet/puppetdb.conf ]; then 9 | /bin/rm -f /etc/puppet/puppetdb.conf 10 | fi 11 | 12 | -------------------------------------------------------------------------------- /logstash_forwarder/Makefile: -------------------------------------------------------------------------------- 1 | PKGVERSION=0.4.0 2 | PKGNAME=logstash_forwarder 3 | PKGID=com.elastic.logstash-forwarder 4 | all: clean build 5 | 6 | clean: 7 | rm out/${PKGNAME}-${PKGVERSION}.pkg 8 | build: 9 | pkgbuild --root pkgroot --identifier ${PKGID} --version ${PKGVERSION} --scripts scripts out/${PKGNAME}-${PKGVERSION}.pkg 10 | -------------------------------------------------------------------------------- /puppetrepo/r10k.yaml: -------------------------------------------------------------------------------- 1 | :cachedir: '/Users/vvrantchan/Dropbox/code/hub/whitby_puppet/r10k/cache' 2 | :sources: 3 | :plops: 4 | remote: 'git@github.com:whitby/puppet-environment' 5 | basedir: './environments' 6 | purge: true 7 | :hiera: 8 | remote: 'git@bitbucket.org:whitbyschool/hieradata' 9 | basedir: './hieradata' 10 | purge: true 11 | -------------------------------------------------------------------------------- /Umbrella-MacRoamingClient/README.md: -------------------------------------------------------------------------------- 1 | ``` 2 | sudo hdiutil create -srcfolder Umbrella UmbrellaRoamingClient.dmg 3 | munkiimport --subdirectory=whitby/opendns UmbrellaRoamingClient.dmg --item="RoamingClient_MAC_1.5.25.pkg" --destinationpath="/tmp/umbrella" --catalog testing --unattended-install --installcheck_script="./installcheck_script" --postinstall_script="./postinstall_script" 4 | ``` 5 | -------------------------------------------------------------------------------- /puppet-config/Makefile: -------------------------------------------------------------------------------- 1 | PKGNAME=puppet-config 2 | PKGVERSION=1.0.0 3 | PKGID=edu.whitby.puppetconfig 4 | all: clean build 5 | 6 | clean: 7 | if [ -f out/${PKGNAME}-${PKGVERSION}.pkg ]; then rm out/${PKGNAME}-${PKGVERSION}.pkg; fi; 8 | 9 | build: clean 10 | pkgbuild --root pkgroot --identifier ${PKGID} --version ${PKGVERSION} --scripts scripts out/${PKGNAME}-${PKGVERSION}.pkg 11 | -------------------------------------------------------------------------------- /puppet-clientcert/Makefile: -------------------------------------------------------------------------------- 1 | PKGNAME=puppet-clientcert 2 | PKGVERSION=1.0.0 3 | PKGID=edu.whitby.puppetcert 4 | all: clean build 5 | 6 | clean: 7 | if [ -f out/${PKGNAME}-${PKGVERSION}.pkg ]; then rm out/${PKGNAME}-${PKGVERSION}.pkg; fi; 8 | 9 | build: clean 10 | pkgbuild --root pkgroot --identifier ${PKGID} --version ${PKGVERSION} --scripts scripts out/${PKGNAME}-${PKGVERSION}.pkg 11 | -------------------------------------------------------------------------------- /BoxEdit_uninstall/Makefile: -------------------------------------------------------------------------------- 1 | PKGNAME=BoxEdit_kickstart 2 | PKGVERSION=2.0.0 3 | PKGID=edu.whitby.BoxEdit_kickstart 4 | all: clean build 5 | 6 | clean: 7 | if [ -f out/${PKGNAME}-${PKGVERSION}.pkg ]; then rm out/${PKGNAME}-${PKGVERSION}.pkg; fi; 8 | 9 | build: clean 10 | pkgbuild --root pkgroot --identifier ${PKGID} --version ${PKGVERSION} --scripts scripts out/${PKGNAME}-${PKGVERSION}.pkg 11 | -------------------------------------------------------------------------------- /munki_postflight/postflight: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Run the MunkiWebAdmin postflight script if it's present. 3 | 4 | if [ -f /usr/local/munki/mwa-postflight ] 5 | then 6 | /usr/local/munki/mwa-postflight 7 | fi 8 | # Run the Sal postflight script if it's present. 9 | 10 | if [ -f /usr/local/munki/sal-postflight ] 11 | then 12 | /usr/local/munki/sal-postflight 13 | fi 14 | 15 | exit 0 16 | -------------------------------------------------------------------------------- /munki_condition_shard/Makefile: -------------------------------------------------------------------------------- 1 | PKGNAME=munki_conditional_shard 2 | PKGVERSION=1.0.0 3 | PKGID=edu.whitby.munki_conditional_shard 4 | all: clean build 5 | 6 | clean: 7 | if [ -f out/${PKGNAME}-${PKGVERSION}.pkg ]; then rm out/${PKGNAME}-${PKGVERSION}.pkg; fi; 8 | 9 | build: clean 10 | pkgbuild --root pkgroot --identifier ${PKGID} --version ${PKGVERSION} --scripts scripts out/${PKGNAME}-${PKGVERSION}.pkg 11 | -------------------------------------------------------------------------------- /munki_postflight/Makefile: -------------------------------------------------------------------------------- 1 | USE_PKGBUILD=1 2 | include /usr/local/share/luggage/luggage.make 3 | PACKAGE_VERSION=0.0.1 4 | TITLE=munki_postflight 5 | PACKAGE_NAME=munki_postflight 6 | REVERSE_DOMAIN=edu.whitby 7 | PAYLOAD=\ 8 | pack-postflight 9 | 10 | pack-postflight: l_usr_local 11 | @sudo mkdir -p ${WORK_D}/usr/local/munki 12 | @sudo ${INSTALL} -m 755 -g wheel -o root postflight ${WORK_D}/usr/local/munki/ 13 | 14 | -------------------------------------------------------------------------------- /puppet-clientcert/preinstall: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | UUID=$(/usr/bin/facter sp_platform_uuid) 3 | if [ -f /etc/puppet/ssl/certs/ca.pem ]; then 4 | /bin/rm -f /etc/puppet/ssl/certs/ca.pem 5 | fi 6 | if [ -f /etc/puppet/ssl/certs/${UUID}.pem ]; then 7 | /bin/rm -f /etc/puppet/ssl/certs/${UUID}.pem 8 | fi 9 | if [ -f /etc/puppet/ssl/private_keys/${UUID}.pem ]; then 10 | /bin/rm -f /etc/puppet/ssl/private_keys/${UUID}.pem 11 | fi 12 | 13 | -------------------------------------------------------------------------------- /puppet-clientcert/scripts/preinstall: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | UUID=$(/usr/bin/facter sp_platform_uuid) 3 | if [ -f /etc/puppet/ssl/certs/ca.pem ]; then 4 | /bin/rm -f /etc/puppet/ssl/certs/ca.pem 5 | fi 6 | if [ -f /etc/puppet/ssl/certs/${UUID}.pem ]; then 7 | /bin/rm -f /etc/puppet/ssl/certs/${UUID}.pem 8 | fi 9 | if [ -f /etc/puppet/ssl/private_keys/${UUID}.pem ]; then 10 | /bin/rm -f /etc/puppet/ssl/private_keys/${UUID}.pem 11 | fi 12 | 13 | -------------------------------------------------------------------------------- /ssltrust/Makefile: -------------------------------------------------------------------------------- 1 | PKGVERSION=1.0.2 2 | PKGNAME=ssl_trust 3 | PKGID=edu.whitby.internalca 4 | all: clean build 5 | 6 | clean: 7 | rm out/${PKGNAME}-${PKGVERSION}.pkg 8 | build: 9 | pkgbuild --root pkgroot --identifier ${PKGID} --version ${PKGVERSION} --scripts scripts /tmp/${PKGNAME}-${PKGVERSION}.pkg 10 | productbuild --package /tmp/${PKGNAME}-${PKGVERSION}.pkg out/${PKGNAME}-${PKGVERSION}.pkg 11 | rm /tmp/${PKGNAME}-${PKGVERSION}.pkg 12 | -------------------------------------------------------------------------------- /puppet-clientcert/scripts/postinstall: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | UUID=$(/usr/bin/facter sp_platform_uuid) 3 | /bin/cp /private/tmp/puppetcerts/ca.pem /etc/puppet/ssl/certs/ca.pem 4 | /bin/cp /private/tmp/puppetcerts/puppetcert.pem /etc/puppet/ssl/certs/${UUID}.pem 5 | /bin/cp /private/tmp/puppetcerts/private_key.pem /etc/puppet/ssl/private_keys/${UUID}.pem 6 | 7 | /usr/bin/srm -rf /private/tmp/puppetcerts 8 | /usr/sbin/chown -R puppet:puppet /etc/puppet/ssl/ 9 | /bin/chmod -R 0600 /etc/puppet/ssl/ 10 | 11 | -------------------------------------------------------------------------------- /puppet-clientcert/postinstall: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | UUID=$(/usr/bin/facter sp_platform_uuid) 3 | /bin/cp /private/tmp/puppetcerts/ca.pem /etc/puppet/ssl/certs/ca.pem 4 | /bin/cp /private/tmp/puppetcerts/puppetcert.pem /etc/puppet/ssl/certs/${UUID}.pem 5 | /bin/cp /private/tmp/puppetcerts/private_key.pem /etc/puppet/ssl/private_keys/${UUID}.pem 6 | 7 | /usr/bin/srm -rf /private/tmp/puppetcerts 8 | /usr/sbin/chown puppetdb:puppetdb /etc/puppetdb/ssl/*.pem 9 | /bin/chmod 0600 /etc/puppetdb/ssl/*.pem 10 | 11 | -------------------------------------------------------------------------------- /Umbrella-MacRoamingClient/installcheck_script: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | PKG_VERSION=1.5.25.gcbb1ac6 4 | DNSUPDATER='/Library/Application Support/OpenDNS Roaming Client/dns-updater' 5 | if [ ! -e "$DNSUPDATER" ]; then 6 | #if file doesn't exist, exit. Munki will install OpenDNS 7 | exit 0 8 | else 9 | version=`"$DNSUPDATER" --version` 10 | if [ ${version:-0} \< $PKG_VERSION ]; then 11 | #version is less than the package version. Munki will install OpenDNS 12 | exit 0 13 | else 14 | # The latest version is already installed. skip 15 | exit 1 16 | fi 17 | fi 18 | 19 | 20 | 21 | -------------------------------------------------------------------------------- /Dock/dock-2014-05-23: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | DOCKUTIL=/usr/local/bin/dockutil 4 | 5 | $DOCKUTIL --remove all 6 | 7 | $DOCKUTIL --add '/Applications/Google chrome.app' --no-restart 8 | 9 | $DOCKUTIL --add '/Applications/Safari.app' --no-restart 10 | 11 | $DOCKUTIL --add '/Applications/Microsoft Office 2011/Microsoft Word.app' --no-restart 12 | 13 | $DOCKUTIL --add '/Applications/Microsoft Office 2011/Microsoft Excel.app' --no-restart 14 | 15 | $DOCKUTIL --add '/Applications/Keynote.app' --no-restart 16 | 17 | $DOCKUTIL --add '/Applications' --no-restart 18 | 19 | $DOCKUTIL --add '~/Downloads' 20 | 21 | exit 0 22 | -------------------------------------------------------------------------------- /Dock/dock-2014-07-14: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | DOCKUTIL=/usr/local/bin/dockutil 4 | 5 | $DOCKUTIL --remove all 6 | 7 | $DOCKUTIL --add '/Applications/Mission Control.app' --no-restart 8 | $DOCKUTIL --add '/Applications/Launchpad.app' --no-restart 9 | $DOCKUTIL --add '/Applications/Managed Software Center.app' --no-restart 10 | $DOCKUTIL --add '/Applications/Safari.app' --no-restart 11 | $DOCKUTIL --add '/Applications/iBooks.app' --no-restart 12 | $DOCKUTIL --add '/Applications/Maps.app' --no-restart 13 | $DOCKUTIL --add '/Applications/System Preferences.app' --no-restart 14 | $DOCKUTIL --add '~/Downloads' 15 | 16 | exit 0 17 | 18 | -------------------------------------------------------------------------------- /Munki-nopkg/Auth/OpenSysPrefs/installcheck.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | import subprocess 4 | import sys 5 | import plistlib 6 | 7 | # Group System Preferences should be opened to 8 | group = 'everyone' 9 | 10 | command = ['/usr/bin/security', 'authorizationdb', 'read', 'system.preferences'] 11 | 12 | task = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 13 | (out, err) = task.communicate() 14 | 15 | formatted = plistlib.readPlistFromString(out) 16 | # if group matches, exit 1 as we don't need to install 17 | if formatted['group'] == group: 18 | sys.exit(1) 19 | else: 20 | # if it doesn't we're exiting with 0 as we need to perform the install 21 | sys.exit(0) -------------------------------------------------------------------------------- /scriptRunner/com.grahamgilbert.scriptrunner.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Label 6 | com.grahamgilbert.scriptrunner 7 | ProgramArguments 8 | 9 | /usr/local/bin/scriptRunner.py 10 | --once 11 | /Library/Management/scriptRunner/once 12 | --every 13 | /Library/Management/scriptRunner/every 14 | 15 | RunAtLoad 16 | 17 | 18 | 19 | -------------------------------------------------------------------------------- /Munki-nopkg/Auth/UnlockEnergySaver/installcheck.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | import subprocess 4 | import sys 5 | import plistlib 6 | 7 | # Group System Preferences should be opened to 8 | group = 'everyone' 9 | 10 | command = ['/usr/bin/security', 'authorizationdb', 'read', 'system.preferences.energysaver'] 11 | 12 | task = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 13 | (out, err) = task.communicate() 14 | 15 | formatted = plistlib.readPlistFromString(out) 16 | # if group matches, exit 1 as we don't need to install 17 | if formatted['group'] == group: 18 | sys.exit(1) 19 | else: 20 | # if it doesn't we're exiting with 0 as we need to perform the install 21 | sys.exit(0) -------------------------------------------------------------------------------- /Munki-nopkg/Auth/UnlockDateTime/installcheck.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | import subprocess 4 | import sys 5 | import plistlib 6 | 7 | # Group Date and Time System Preferences should be opened to 8 | group = 'everyone' 9 | 10 | command = ['/usr/bin/security', 'authorizationdb', 'read', 'system.preferences.datetime'] 11 | 12 | task = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 13 | (out, err) = task.communicate() 14 | 15 | formatted = plistlib.readPlistFromString(out) 16 | # if group matches, exit 1 as we don't need to install 17 | if formatted['group'] == group: 18 | sys.exit(1) 19 | else: 20 | # if it doesn't we're exiting with 0 as we need to perform the install 21 | sys.exit(0) -------------------------------------------------------------------------------- /puppetdb-terminus/Makefile: -------------------------------------------------------------------------------- 1 | RELEASE=2.3.4 2 | PKGVERSION=${RELEASE} 3 | PKGID=edu.whitby.puppetdb-terminus 4 | all: clean build 5 | 6 | download: clean 7 | mkdir -p tmp/puppetdb 8 | curl -L -o tmp/${RELEASE}.tar.gz https://github.com/puppetlabs/puppetdb/archive/${RELEASE}.tar.gz 9 | tar -xf tmp/${RELEASE}.tar.gz -C tmp/puppetdb --strip-components=1 10 | 11 | 12 | clean: 13 | rm -rf tmp 14 | rm -rf pkgroot 15 | if [ -f out/puppetdb-terminus-${PKGVERSION}.pkg ]; then rm out/puppetdb-terminus-${PKGVERSION}.pkg; fi; 16 | 17 | build: download 18 | mkdir -p pkgroot/Library/Ruby/Site/2.0.0 19 | mkdir -p out 20 | mv tmp/puppetdb/puppet/lib/puppet pkgroot/Library/Ruby/Site/2.0.0/ 21 | pkgbuild --root pkgroot --identifier ${PKGID} --version ${PKGVERSION} --scripts scripts out/puppetdb-terminus-${PKGVERSION}.pkg 22 | 23 | -------------------------------------------------------------------------------- /puppetrepo/edu.whitby.puppet.schedule.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Label 6 | edu.whitby.puppet.schedule 7 | ProgramArguments 8 | 9 | /usr/bin/puppet 10 | apply 11 | --environment 12 | production 13 | --environmentpath=/etc/puppet/environments 14 | /etc/puppet/environments/production/manifests/site.pp 15 | 16 | RunAtLoad 17 | 18 | StartInterval 19 | 600 20 | 21 | 22 | 23 | -------------------------------------------------------------------------------- /yo_trigger/README.md: -------------------------------------------------------------------------------- 1 | Trigger Yo notifications from a munki postinstall script. 2 | 3 | # How it works 4 | 5 | This script installs: 6 | 1. An empty file at `/Library/Management/Triggers/yo` 7 | 2. A LaunchAgent that watches the above path 8 | 3. A small bash script: `/usr/local/bin/yo-trigger` 9 | 10 | ```bash 11 | #!/bin/bash 12 | MESSAGE=`(cat /tmp/yo-message)` 13 | /usr/local/bin/yo -t "$MESSAGE" -i /tmp/yo-icon.png 14 | ``` 15 | 16 | To trigger a notification, deploy your message in a file called `/tmp/yo-message`, and optionally an icon, named `yo-icon.png` 17 | Touch the `/Library/Management/Triggers/yo` file in a postinstall script to launch a notification. 18 | 19 | An example notification package: 20 | https://github.com/whitby/mac-scripts/tree/master/yo_office2016 21 | 22 | **Disclaimer:** This is a very simple and limited workaround. 23 | -------------------------------------------------------------------------------- /yo_trigger/pkgroot/Library/LaunchAgents/com.github.groob.yo-trigger.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Disabled 6 | 7 | EnvironmentVariables 8 | 9 | PATH 10 | /usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/Applications/Server.app/Contents/ServerRoot/usr/bin:/Applications/Server.app/Contents/ServerRoot/usr/sbin:/usr/local/go/bin:/usr/local/munki:/usr/local/sbin 11 | 12 | Label 13 | com.github.groob.yo-trigger 14 | ProgramArguments 15 | 16 | /usr/local/bin/yo-trigger 17 | 18 | WatchPaths 19 | 20 | /Library/Management/Triggers/yo 21 | 22 | 23 | 24 | -------------------------------------------------------------------------------- /Munki-nopkg/Auth/OpenSysPrefs/uninstall.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | import subprocess 4 | import sys 5 | import plistlib 6 | 7 | # Set the group back to admin 8 | group = 'admin' 9 | 10 | command = ['/usr/bin/security', 'authorizationdb', 'read', 'system.preferences'] 11 | 12 | task = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 13 | (out, err) = task.communicate() 14 | formatted = plistlib.readPlistFromString(out) 15 | 16 | # If the group doesn't match, we're going to correct it. 17 | if formatted['group'] != group: 18 | formatted['group'] = group 19 | # Convert back to plist 20 | input_plist = plistlib.writePlistToString(formatted) 21 | # Write the plist back to the authorizationdb 22 | command = ['/usr/bin/security', 'authorizationdb', 'write', 'system.preferences'] 23 | task = subprocess.Popen(command, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 24 | (out, err) = task.communicate(input=input_plist) -------------------------------------------------------------------------------- /puppetrepo/Makefile: -------------------------------------------------------------------------------- 1 | USE_PKGBUILD=1 2 | include /usr/local/share/luggage/luggage.make 3 | TITLE=puppetrepo 4 | PACKAGE_VERSION=3.3.8 5 | REVERSE_DOMAIN=edu.whitby 6 | PAYLOAD= \ 7 | pack-script-postinstall \ 8 | pack-environments \ 9 | pack-hieradata \ 10 | pack-Library-LaunchDaemons-edu.whitby.puppet.schedule.plist 11 | 12 | l_etc: 13 | @sudo mkdir -p ${WORK_D}/etc 14 | @sudo chown root:wheel ${WORK_D}/etc 15 | @sudo chmod 755 ${WORK_D}/etc 16 | 17 | l_etc_puppet: l_etc 18 | @sudo mkdir -p ${WORK_D}/etc/puppet 19 | @sudo chown puppet:puppet ${WORK_D}/etc/puppet 20 | @sudo chmod 755 ${WORK_D}/etc/puppet 21 | 22 | pack-environments: l_etc_puppet 23 | @sudo cp -R ./environments ${WORK_D}/etc/puppet/ 24 | @sudo chown -R puppet:puppet ${WORK_D}/etc/puppet/ 25 | @sudo chmod -R 755 ${WORK_D}/etc/puppet 26 | 27 | pack-hieradata: l_etc_puppet 28 | @sudo cp -R ./hieradata ${WORK_D}/etc/puppet/ 29 | @sudo chown -R puppet:puppet ${WORK_D}/etc/puppet/ 30 | @sudo chmod -R 755 ${WORK_D}/etc/puppet 31 | -------------------------------------------------------------------------------- /Munki-nopkg/Auth/UnlockDateTime/uninstall.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | import subprocess 4 | import sys 5 | import plistlib 6 | 7 | # Set the group back to admin 8 | group = 'admin' 9 | 10 | command = ['/usr/bin/security', 'authorizationdb', 'read', 'system.preferences.datetime'] 11 | 12 | task = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 13 | (out, err) = task.communicate() 14 | formatted = plistlib.readPlistFromString(out) 15 | 16 | # If the group doesn't match, we're going to correct it. 17 | if formatted['group'] != group: 18 | formatted['group'] = group 19 | # Convert back to plist 20 | input_plist = plistlib.writePlistToString(formatted) 21 | # Write the plist back to the authorizationdb 22 | command = ['/usr/bin/security', 'authorizationdb', 'write', 'system.preferences.datetime'] 23 | task = subprocess.Popen(command, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 24 | (out, err) = task.communicate(input=input_plist) -------------------------------------------------------------------------------- /Munki-nopkg/Auth/UnlockEnergySaver/uninstall.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | import subprocess 4 | import sys 5 | import plistlib 6 | 7 | # Set the group back to admin 8 | group = 'admin' 9 | 10 | command = ['/usr/bin/security', 'authorizationdb', 'read', 'system.preferences.energysaver'] 11 | 12 | task = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 13 | (out, err) = task.communicate() 14 | formatted = plistlib.readPlistFromString(out) 15 | 16 | # If the group doesn't match, we're going to correct it. 17 | if formatted['group'] != group: 18 | formatted['group'] = group 19 | # Convert back to plist 20 | input_plist = plistlib.writePlistToString(formatted) 21 | # Write the plist back to the authorizationdb 22 | command = ['/usr/bin/security', 'authorizationdb', 'write', 'system.preferences.energysaver'] 23 | task = subprocess.Popen(command, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 24 | (out, err) = task.communicate(input=input_plist) -------------------------------------------------------------------------------- /Munki-nopkg/Auth/UnlockDateTime/postinstall.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | import subprocess 4 | import sys 5 | import plistlib 6 | 7 | # Group System Preferences should be opened to 8 | group = 'everyone' 9 | 10 | command = ['/usr/bin/security', 'authorizationdb', 'read', 'system.preferences.datetime'] 11 | 12 | task = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 13 | (out, err) = task.communicate() 14 | formatted = plistlib.readPlistFromString(out) 15 | 16 | # If the group doesn't match, we're going to correct it. 17 | if formatted['group'] != group: 18 | formatted['group'] = group 19 | # Convert back to plist 20 | input_plist = plistlib.writePlistToString(formatted) 21 | # Write the plist back to the authorizationdb 22 | command = ['/usr/bin/security', 'authorizationdb', 'write', 'system.preferences.datetime'] 23 | task = subprocess.Popen(command, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 24 | (out, err) = task.communicate(input=input_plist) -------------------------------------------------------------------------------- /puppettag/Makefile: -------------------------------------------------------------------------------- 1 | USE_PKGBUILD=1 2 | include /usr/local/share/luggage/luggage.make 3 | TITLE=puppet_tag_${TAG} 4 | PACKAGE_VERSION=1.0.0 5 | REVERSE_DOMAIN=edu.whitby 6 | PAYLOAD= \ 7 | pack-script-preinstall \ 8 | pack-custom-fact 9 | 10 | l_etc: 11 | @sudo mkdir -p ${WORK_D}/etc 12 | @sudo chown root:wheel ${WORK_D}/etc 13 | @sudo chmod 755 ${WORK_D}/etc 14 | 15 | l_etc_facter: l_etc 16 | @sudo mkdir -p ${WORK_D}/etc/facter 17 | @sudo chown root:wheel ${WORK_D}/etc/facter 18 | @sudo chmod 755 ${WORK_D}/etc/facter 19 | 20 | l_etc_facter_facts_d: l_etc_facter 21 | @sudo mkdir -p ${WORK_D}/etc/facter/facts.d 22 | @sudo chown root:wheel ${WORK_D}/etc/facter/facts.d 23 | @sudo chmod 755 ${WORK_D}/etc/facter/facts.d 24 | 25 | pack-custom-fact: l_etc_facter_facts_d 26 | @sudo echo "role=${TAG}" > ./hardware_tag.txt 27 | @sudo cp ./hardware_tag.txt ${WORK_D}/etc/facter/facts.d/ 28 | @sudo chown root:wheel ${WORK_D}/etc/facter/facts.d/hardware_tag.txt 29 | @sudo chmod 755 ${WORK_D}/etc/facter/facts.d/hardware_tag.txt 30 | 31 | -------------------------------------------------------------------------------- /Munki-nopkg/Auth/OpenSysPrefs/postinstall.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | import subprocess 4 | import sys 5 | import plistlib 6 | 7 | # Group System Preferences should be opened to 8 | group = 'everyone' 9 | 10 | command = ['/usr/bin/security', 'authorizationdb', 'read', 'system.preferences'] 11 | 12 | task = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 13 | (out, err) = task.communicate() 14 | formatted = plistlib.readPlistFromString(out) 15 | 16 | # If the group doesn't match, we're going to correct it. 17 | if formatted['group'] != group: 18 | #input_plist = {} 19 | formatted['group'] = group 20 | # Convert back to plist 21 | input_plist = plistlib.writePlistToString(formatted) 22 | # Write the plist back to the authorizationdb 23 | command = ['/usr/bin/security', 'authorizationdb', 'write', 'system.preferences'] 24 | task = subprocess.Popen(command, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 25 | (out, err) = task.communicate(input=input_plist) -------------------------------------------------------------------------------- /Munki-nopkg/Auth/UnlockEnergySaver/postinstall.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | import subprocess 4 | import sys 5 | import plistlib 6 | 7 | # Group System Preferences should be opened to 8 | group = 'everyone' 9 | 10 | command = ['/usr/bin/security', 'authorizationdb', 'read', 'system.preferences.energysaver'] 11 | 12 | task = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 13 | (out, err) = task.communicate() 14 | formatted = plistlib.readPlistFromString(out) 15 | 16 | # If the group doesn't match, we're going to correct it. 17 | if formatted['group'] != group: 18 | #input_plist = {} 19 | formatted['group'] = group 20 | # Convert back to plist 21 | input_plist = plistlib.writePlistToString(formatted) 22 | # Write the plist back to the authorizationdb 23 | command = ['/usr/bin/security', 'authorizationdb', 'write', 'system.preferences.energysaver'] 24 | task = subprocess.Popen(command, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 25 | (out, err) = task.communicate(input=input_plist) -------------------------------------------------------------------------------- /logstash_forwarder/pkgroot/Library/LaunchDaemons/com.elastic.logstash-forwarder.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Disabled 6 | 7 | EnvironmentVariables 8 | 9 | PATH 10 | /usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/sbin 11 | 12 | KeepAlive 13 | 14 | SuccessfulExit 15 | 16 | 17 | Label 18 | com.elastic.logstash-forwarder 19 | ProgramArguments 20 | 21 | /usr/local/bin/logstash-forwarder 22 | -config 23 | /etc/logstash-forwarder/config 24 | 25 | RunAtLoad 26 | 27 | StandardErrorPath 28 | /var/log/logstash-forwarder.log 29 | StandardOutPath 30 | /var/log/logstash-forwarder.log 31 | WorkingDirectory 32 | /var/run 33 | 34 | 35 | -------------------------------------------------------------------------------- /Dock/Makefile: -------------------------------------------------------------------------------- 1 | USE_PKGBUILD=1 2 | include /usr/local/share/luggage/luggage.make 3 | 4 | TITLE=Dock 5 | PACKAGE_NAME=${TITLE} 6 | REVERSE_DOMAIN=com.grahamgilbert 7 | PACKAGE_VERSION=1.1 8 | PAYLOAD=\ 9 | pack-Library-Management-scriptRunner-once-dock-2014-07-14 10 | 11 | l_Library_Management: l_Library 12 | @sudo mkdir -p ${WORK_D}/Library/Management 13 | @sudo chown root:wheel ${WORK_D}/Library/Management 14 | @sudo chmod 755 ${WORK_D}/Library/Management 15 | 16 | l_Library_Management_bin: l_Library_Management 17 | @sudo mkdir -p ${WORK_D}/Library/Management/bin 18 | @sudo chown root:wheel ${WORK_D}/Library/Management/bin 19 | @sudo chmod 755 ${WORK_D}/Library/Management/bin 20 | 21 | l_Library_Management_scriptRunner: l_Library_Management 22 | @sudo mkdir -p ${WORK_D}/Library/Management/scriptRunner 23 | @sudo chown root:wheel ${WORK_D}/Library/Management/scriptRunner 24 | @sudo chmod 755 ${WORK_D}/Library/Management/scriptRunner 25 | 26 | l_Library_Management_scriptRunner_once: l_Library_Management_scriptRunner 27 | @sudo mkdir -p ${WORK_D}/Library/Management/scriptRunner/once 28 | @sudo chown root:wheel ${WORK_D}/Library/Management/scriptRunner/once 29 | @sudo chmod 755 ${WORK_D}/Library/Management/scriptRunner/once 30 | 31 | pack-Library-Management-scriptRunner-once-%: % l_Library_Management_scriptRunner_once 32 | @sudo ${INSTALL} -m 755 -g wheel -o root "${<}" ${WORK_D}/Library/Management/scriptRunner/once 33 | -------------------------------------------------------------------------------- /BoxEdit_kickstart/Makefile: -------------------------------------------------------------------------------- 1 | USE_PKGBUILD=1 2 | include /usr/local/share/luggage/luggage.make 3 | 4 | TITLE=BoxEdit_kickstart 5 | PACKAGE_NAME=${TITLE} 6 | REVERSE_DOMAIN=edu.whitby 7 | PACKAGE_VERSION=1.0 8 | PAYLOAD=\ 9 | pack-Library-Management-scriptRunner-once-box-edit-2014-07-22 10 | 11 | l_Library_Management: l_Library 12 | @sudo mkdir -p ${WORK_D}/Library/Management 13 | @sudo chown root:wheel ${WORK_D}/Library/Management 14 | @sudo chmod 755 ${WORK_D}/Library/Management 15 | 16 | l_Library_Management_bin: l_Library_Management 17 | @sudo mkdir -p ${WORK_D}/Library/Management/bin 18 | @sudo chown root:wheel ${WORK_D}/Library/Management/bin 19 | @sudo chmod 755 ${WORK_D}/Library/Management/bin 20 | 21 | l_Library_Management_scriptRunner: l_Library_Management 22 | @sudo mkdir -p ${WORK_D}/Library/Management/scriptRunner 23 | @sudo chown root:wheel ${WORK_D}/Library/Management/scriptRunner 24 | @sudo chmod 755 ${WORK_D}/Library/Management/scriptRunner 25 | 26 | l_Library_Management_scriptRunner_once: l_Library_Management_scriptRunner 27 | @sudo mkdir -p ${WORK_D}/Library/Management/scriptRunner/once 28 | @sudo chown root:wheel ${WORK_D}/Library/Management/scriptRunner/once 29 | @sudo chmod 755 ${WORK_D}/Library/Management/scriptRunner/once 30 | 31 | pack-Library-Management-scriptRunner-once-%: % l_Library_Management_scriptRunner_once 32 | @sudo ${INSTALL} -m 755 -g wheel -o root "${<}" ${WORK_D}/Library/Management/scriptRunner/once 33 | -------------------------------------------------------------------------------- /Munki-nopkg/Auth/UnlockNetwork/installcheck.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | import subprocess 4 | import sys 5 | import plistlib 6 | import platform 7 | 8 | # Group System Preferences should be opened to 9 | group = 'everyone' 10 | 11 | # Get the OS Version 12 | v = platform.mac_ver()[0][:4] 13 | 14 | command = ['/usr/bin/security', 'authorizationdb', 'read', 'system.preferences.network'] 15 | 16 | task = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 17 | (out, err) = task.communicate() 18 | 19 | formatted = plistlib.readPlistFromString(out) 20 | 21 | command = ['/usr/bin/security', 'authorizationdb', 'read', 'system.services.systemconfiguration.network'] 22 | 23 | task = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 24 | (out, err) = task.communicate() 25 | 26 | formatted2 = plistlib.readPlistFromString(out) 27 | 28 | # Need to check the group for 10.9, and the rule for 10.8 29 | # if group matches for both rights, exit 1 as we don't need to install 30 | if v == '10.9': 31 | if formatted['group'] == group and formatted2['group'] == group: 32 | sys.exit(1) 33 | else: 34 | # if it doesn't we're exiting with 0 as we need to perform the install 35 | sys.exit(0) 36 | 37 | if v == '10.8': 38 | if formatted['group'] == group and formatted2['rule'] == 'allow': 39 | sys.exit(1) 40 | else: 41 | # if it doesn't we're exiting with 0 as we need to perform the install 42 | sys.exit(0) -------------------------------------------------------------------------------- /Munki-nopkg/Auth/UnlockPrinting/installcheck.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | import subprocess 4 | import sys 5 | import plistlib 6 | 7 | # Group Printing System Preferences should be opened to 8 | group = 'everyone' 9 | 10 | command = ['/usr/bin/security', 'authorizationdb', 'read', 'system.preferences.printing'] 11 | 12 | task = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 13 | (out, err) = task.communicate() 14 | 15 | formatted = plistlib.readPlistFromString(out) 16 | 17 | # Get all of the groups nested under lpadmin 18 | command = ['/usr/bin/dscl', '/Local/Default', 'read', '/Groups/lpadmin', 'NestedGroups'] 19 | task = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 20 | (out, err) = task.communicate() 21 | 22 | list = out.strip().split(" ") 23 | 24 | # Get the GUID of the desired group 25 | 26 | command = ['/usr/bin/dscl', '/Local/Default', 'read', '/Groups/'+group, 'GeneratedUID'] 27 | task = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 28 | (out, err) = task.communicate() 29 | guid = out.strip().replace('GeneratedUID: ', '') 30 | 31 | # Iterate over all of the groups, if one of them is the specified group, we this part doesn't need to be installed. 32 | for pos,item in enumerate(list): 33 | if item != 'NestedGroups:': 34 | if item == guid: 35 | groupPresent = True 36 | 37 | # if group matches, exit 1 as we don't need to install 38 | if formatted['group'] == group and groupPresent == True: 39 | sys.exit(1) 40 | else: 41 | # if it doesn't we're exiting with 0 as we need to perform the install 42 | sys.exit(0) -------------------------------------------------------------------------------- /set_desktops/Makefile: -------------------------------------------------------------------------------- 1 | USE_PKGBUILD=1 2 | include /usr/local/share/luggage/luggage.make 3 | 4 | TITLE=set_desktops 5 | PACKAGE_NAME=${TITLE} 6 | REVERSE_DOMAIN=com.grahamgilbert 7 | PACKAGE_VERSION=1.1 8 | PAYLOAD=\ 9 | pack-Library-Management-scriptRunner-once-set_wallpaper-20140320 \ 10 | pack-Library-Management-bin-set_desktops.py 11 | 12 | l_Library_Management: l_Library 13 | @sudo mkdir -p ${WORK_D}/Library/Management 14 | @sudo chown root:wheel ${WORK_D}/Library/Management 15 | @sudo chmod 755 ${WORK_D}/Library/Management 16 | 17 | l_Library_Management_bin: l_Library_Management 18 | @sudo mkdir -p ${WORK_D}/Library/Management/bin 19 | @sudo chown root:wheel ${WORK_D}/Library/Management/bin 20 | @sudo chmod 755 ${WORK_D}/Library/Management/bin 21 | 22 | pack-Library-Management-bin-%: % l_Library_Management_bin 23 | @sudo ${INSTALL} -m 755 -g wheel -o root "${<}" ${WORK_D}/Library/Management/bin 24 | 25 | l_Library_Management_scriptRunner: l_Library_Management 26 | @sudo mkdir -p ${WORK_D}/Library/Management/scriptRunner 27 | @sudo chown root:wheel ${WORK_D}/Library/Management/scriptRunner 28 | @sudo chmod 755 ${WORK_D}/Library/Management/scriptRunner 29 | 30 | l_Library_Management_scriptRunner_once: l_Library_Management_scriptRunner 31 | @sudo mkdir -p ${WORK_D}/Library/Management/scriptRunner/once 32 | @sudo chown root:wheel ${WORK_D}/Library/Management/scriptRunner/once 33 | @sudo chmod 755 ${WORK_D}/Library/Management/scriptRunner/once 34 | 35 | pack-Library-Management-scriptRunner-once-%: % l_Library_Management_scriptRunner_once 36 | @sudo ${INSTALL} -m 755 -g wheel -o root "${<}" ${WORK_D}/Library/Management/scriptRunner/once 37 | -------------------------------------------------------------------------------- /set_desktops/set_desktops.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | '''Uses Cocoa classes via PyObjC to set a desktop picture on all screens. 4 | Tested on Mountain Lion and Mavericks. Inspired by Greg Neagle's work: https://gist.github.com/gregneagle/6957826 5 | 6 | See: 7 | https://developer.apple.com/library/mac/documentation/cocoa/reference/applicationkit/classes/NSWorkspace_Class/Reference/Reference.html 8 | 9 | https://developer.apple.com/library/mac/documentation/Cocoa/Reference/Foundation/Classes/NSURL_Class/Reference/Reference.html 10 | 11 | https://developer.apple.com/library/mac/documentation/cocoa/reference/applicationkit/classes/NSScreen_Class/Reference/Reference.html 12 | ''' 13 | 14 | from AppKit import NSWorkspace, NSScreen 15 | from Foundation import NSURL 16 | import argparse 17 | import sys 18 | 19 | parser = argparse.ArgumentParser(description='Sets the desktop picture on all screens') 20 | parser.add_argument('--path', help='The path of the image') 21 | args = vars(parser.parse_args()) 22 | 23 | if args['path']: 24 | picture_path = args['path'] 25 | else: 26 | print >> sys.stderr, 'You must supply a path for the desktop picture' 27 | exit(-1) 28 | 29 | # generate a fileURL for the desktop picture 30 | file_url = NSURL.fileURLWithPath_(picture_path) 31 | 32 | # make image options dictionary 33 | # we just make an empty one because the defaults are fine 34 | options = {} 35 | 36 | # get shared workspace 37 | ws = NSWorkspace.sharedWorkspace() 38 | 39 | # iterate over all screens 40 | for screen in NSScreen.screens(): 41 | # tell the workspace to set the desktop picture 42 | (result, error) = ws.setDesktopImageURL_forScreen_options_error_( 43 | file_url, screen, options, None) 44 | if error: 45 | print error 46 | exit(-1) -------------------------------------------------------------------------------- /munki_condition_shard/pkgroot/usr/local/munki/conditions/shard: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | import hashlib 3 | import subprocess 4 | import os 5 | import plistlib 6 | 7 | from Foundation import CFPreferencesCopyAppValue 8 | 9 | MOD_VALUE = 10000 10 | # Read the location of the ManagedInstallDir from ManagedInstall.plist 11 | BUNDLE_ID = 'ManagedInstalls' 12 | pref_name = 'ManagedInstallDir' 13 | managedinstalldir = CFPreferencesCopyAppValue(pref_name, BUNDLE_ID) 14 | # Make sure we're outputting our information to "ConditionalItems.plist" 15 | conditionalitemspath = os.path.join(managedinstalldir, 'ConditionalItems.plist') 16 | 17 | 18 | def get_serial(): 19 | '''Returns the serial number of this Mac''' 20 | cmd = ['/usr/sbin/ioreg', '-c', 'IOPlatformExpertDevice', '-d', '2'] 21 | output = subprocess.check_output(cmd) 22 | for line in output.splitlines(): 23 | if 'IOPlatformSerialNumber' in line: 24 | return line.split(' = ')[1].replace('\"','') 25 | return None 26 | 27 | def get_shard(): 28 | serial = get_serial() 29 | sha256 = int(hashlib.sha256(serial).hexdigest(),16) 30 | shard = ((sha256 % MOD_VALUE) * 100) / float(MOD_VALUE) 31 | newdict = dict(shard = int(shard)) 32 | 33 | # CRITICAL! 34 | if os.path.exists(conditionalitemspath): 35 | # "ConditionalItems.plist" exists, so read it FIRST (existing_dict) 36 | existing_dict = plistlib.readPlist(conditionalitemspath) 37 | # Create output_dict which joins new data generated in this script with existing data 38 | output_dict = dict(existing_dict.items() + newdict.items()) 39 | else: 40 | # "ConditionalItems.plist" does not exist, 41 | # output only consists of data generated in this script 42 | output_dict = newdict 43 | 44 | # Write out data to "ConditionalItems.plist" 45 | plistlib.writePlist(output_dict, conditionalitemspath) 46 | 47 | get_shard() 48 | -------------------------------------------------------------------------------- /java_se_fix/pkgroot/Library/Management/java_se_fix/modify_java.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | import plistlib, os.path, os 3 | 4 | # Based off of https://forums.developer.apple.com/message/6741 5 | # and http://apple.stackexchange.com/a/136976 6 | 7 | def jdk_info_plists(): 8 | # Find all the JDK Info.plist files 9 | JDK_ROOT = "/Library/Java/JavaVirtualMachines" 10 | if (os.path.exists(JDK_ROOT) and os.path.isdir(JDK_ROOT)): 11 | # It's present, let's look for installs 12 | for file in os.listdir(JDK_ROOT): 13 | jdk_dir = os.path.join(JDK_ROOT, file) 14 | if (os.path.isdir(jdk_dir)): 15 | # Check for Info.plist 16 | info_plist = os.path.join(jdk_dir, "Contents", "Info.plist") 17 | if (os.path.isfile(info_plist)): 18 | yield info_plist 19 | 20 | for info_plist in jdk_info_plists(): 21 | # Change all the plists of all the installed JDKs 22 | info = plistlib.readPlist(info_plist) 23 | # Convert the capabilities into a set 24 | capabilities = set(info['JavaVM']['JVMCapabilities']) 25 | capabilities.add('JNI') 26 | capabilities.add('BundledApp') 27 | # Update our changes 28 | info['JavaVM']['JVMCapabilities'] = sorted(capabilities) 29 | # Write back our changes 30 | plistlib.writePlist(info, info_plist) 31 | # Create a symlink to fix legacy applications 32 | # Find the Contents directory 33 | contents_path = os.path.dirname(info_plist) 34 | # make the bundle/Libraries subpath 35 | bundle_libraries = os.path.join(contents_path, "Home", "bundle", "Libraries") 36 | try: 37 | # Just in case you run this script multiple times, we'll fail if the directory already exists 38 | os.makedirs(os.path.join(bundle_libraries)) 39 | except: 40 | pass 41 | # create the symlink between libjvm.dylib and libserver.dylib 42 | libjvm_dylib = os.path.join(contents_path, "Home", "jre", "lib", "server", "libjvm.dylib") 43 | libserver_dylib = os.path.join(bundle_libraries, "libserver.dylib") 44 | try: 45 | # Just in case you run this script multiple times, we'll fail if the file already exists 46 | os.symlink(libjvm_dylib, libserver_dylib) 47 | except: 48 | pass 49 | -------------------------------------------------------------------------------- /scriptRunner/Makefile: -------------------------------------------------------------------------------- 1 | USE_PKGBUILD=1 2 | include /usr/local/share/luggage/luggage.make 3 | TITLE=scriptRunnerPkg 4 | PACKAGE_NAME=${TITLE} 5 | REVERSE_DOMAIN=com.grahamgilbert 6 | PACKAGE_VERSION=1.1 7 | PAYLOAD=\ 8 | pack-scriptRunner \ 9 | pack-Library-LaunchAgents-com.grahamgilbert.scriptrunner.plist \ 10 | pack-once_touch \ 11 | pack-every_touch 12 | 13 | REPO_URL=https://github.com/natewalck/Scripts.git 14 | 15 | pack-scriptRunner: l_usr_local_bin 16 | @sudo git clone ${REPO_URL} natewalck-scripts 17 | @sudo ${CP} natewalck-scripts/scriptRunner.py ${WORK_D}/usr/local/bin/scriptRunner.py 18 | @sudo chmod 755 ${WORK_D}/usr/local/bin/scriptRunner.py 19 | @sudo chown root:wheel ${WORK_D}/usr/local/bin/scriptRunner.py 20 | @sudo rm -rf natewalck-scripts 21 | 22 | l_Library_Management: l_Library 23 | @sudo mkdir -p ${WORK_D}/Library/Management 24 | @sudo chown root:wheel ${WORK_D}/Library/Management 25 | @sudo chmod 755 ${WORK_D}/Library/Management 26 | 27 | l_Library_Management_bin: l_Library_Management 28 | @sudo mkdir -p ${WORK_D}/Library/Management/bin 29 | @sudo chown root:wheel ${WORK_D}/Library/Management/bin 30 | @sudo chmod 755 ${WORK_D}/Library/Management/bin 31 | 32 | l_Library_Management_scriptRunner: l_Library_Management 33 | @sudo mkdir -p ${WORK_D}/Library/Management/scriptRunner 34 | @sudo chown root:wheel ${WORK_D}/Library/Management/scriptRunner 35 | @sudo chmod 755 ${WORK_D}/Library/Management/scriptRunner 36 | 37 | l_Library_Management_scriptRunner_once: l_Library_Management_scriptRunner 38 | @sudo mkdir -p ${WORK_D}/Library/Management/scriptRunner/once 39 | @sudo chown root:wheel ${WORK_D}/Library/Management/scriptRunner/once 40 | @sudo chmod 755 ${WORK_D}/Library/Management/scriptRunner/once 41 | 42 | l_Library_Management_scriptRunner_every: l_Library_Management_scriptRunner 43 | @sudo mkdir -p ${WORK_D}/Library/Management/scriptRunner/every 44 | @sudo chown root:wheel ${WORK_D}/Library/Management/scriptRunner/every 45 | @sudo chmod 755 ${WORK_D}/Library/Management/scriptRunner/every 46 | 47 | pack-once_touch: l_Library_Management_scriptRunner_once 48 | @sudo touch ${WORK_D}/Library/Management/scriptRunner/once/.present 49 | 50 | pack-every_touch: l_Library_Management_scriptRunner_every 51 | @sudo touch ${WORK_D}/Library/Management/scriptRunner/every/.present -------------------------------------------------------------------------------- /Munki-nopkg/Auth/UnlockPrinting/postinstall.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | import subprocess 4 | import sys 5 | import plistlib 6 | 7 | # Group System Preferences should be opened to 8 | group = 'everyone' 9 | 10 | command = ['/usr/bin/security', 'authorizationdb', 'read', 'system.preferences.printing'] 11 | 12 | task = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 13 | (out, err) = task.communicate() 14 | formatted = plistlib.readPlistFromString(out) 15 | 16 | # If the group doesn't match, we're going to correct it. 17 | if formatted['group'] != group: 18 | formatted['group'] = group 19 | # Convert back to plist 20 | input_plist = plistlib.writePlistToString(formatted) 21 | # Write the plist back to the authorizationdb 22 | command = ['/usr/bin/security', 'authorizationdb', 'write', 'system.preferences.printing'] 23 | task = subprocess.Popen(command, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 24 | (out, err) = task.communicate(input=input_plist) 25 | 26 | 27 | # Get all of the groups nested under lpadmin 28 | command = ['/usr/bin/dscl', '/Local/Default', 'read', '/Groups/lpadmin', 'NestedGroups'] 29 | task = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 30 | (out, err) = task.communicate() 31 | 32 | list = out.strip().split(" ") 33 | 34 | # Get the GUID of the desired group 35 | 36 | command = ['/usr/bin/dscl', '/Local/Default', 'read', '/Groups/'+group, 'GeneratedUID'] 37 | task = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 38 | (out, err) = task.communicate() 39 | guid = out.strip().replace('GeneratedUID: ', '') 40 | 41 | # Iterate over all of the groups, if one of them is the specified group, we this part doesn't need to be installed. 42 | groupPresent = False 43 | for pos,item in enumerate(list): 44 | if item != 'NestedGroups:': 45 | if item == guid: 46 | groupPresent = True 47 | 48 | # if groupPresent isn't True, then we need to add the desired group to lpadmin 49 | 50 | if groupPresent != True: 51 | command = ['/usr/sbin/dseditgroup', '-o', 'edit', '-n', '/Local/Default', '-a', group, '-t', 'group', 'lpadmin'] 52 | task = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 53 | (out, err) = task.communicate() -------------------------------------------------------------------------------- /Munki-nopkg/Auth/UnlockPrinting/uninstall.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | import subprocess 4 | import sys 5 | import plistlib 6 | 7 | # Group System Preferences was be opened to 8 | group = 'everyone' 9 | 10 | command = ['/usr/bin/security', 'authorizationdb', 'read', 'system.preferences.printing'] 11 | 12 | task = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 13 | (out, err) = task.communicate() 14 | formatted = plistlib.readPlistFromString(out) 15 | 16 | 17 | originalGroup = 'admin' 18 | # If the group doesn't match, we're going to correct it. 19 | if formatted['group'] != originalGroup: 20 | formatted['group'] = originalGroup 21 | # Convert back to plist 22 | input_plist = plistlib.writePlistToString(formatted) 23 | # Write the plist back to the authorizationdb 24 | command = ['/usr/bin/security', 'authorizationdb', 'write', 'system.preferences.printing'] 25 | task = subprocess.Popen(command, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 26 | (out, err) = task.communicate(input=input_plist) 27 | 28 | 29 | # Get all of the groups nested under lpadmin 30 | command = ['/usr/bin/dscl', '/Local/Default', 'read', '/Groups/lpadmin', 'NestedGroups'] 31 | task = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 32 | (out, err) = task.communicate() 33 | 34 | list = out.strip().split(" ") 35 | 36 | # Get the GUID of the desired group 37 | 38 | command = ['/usr/bin/dscl', '/Local/Default', 'read', '/Groups/'+group, 'GeneratedUID'] 39 | task = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 40 | (out, err) = task.communicate() 41 | guid = out.strip().replace('GeneratedUID: ', '') 42 | 43 | # Iterate over all of the groups, if one of them is the specified group, we this part doesn't need to be installed. 44 | groupPresent = False 45 | for pos,item in enumerate(list): 46 | if item != 'NestedGroups:': 47 | if item == guid: 48 | groupPresent = True 49 | 50 | # if groupPresent isn't True, then we don't need to uninstall! 51 | 52 | if groupPresent == True: 53 | command = ['/usr/bin/dscl', '/Local/Default', '-delete', '/Groups/lpadmin', 'NestedGroups', guid] 54 | task = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 55 | (out, err) = task.communicate() -------------------------------------------------------------------------------- /Munki-nopkg/Auth/UnlockNetwork/postinstall.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | import subprocess 4 | import sys 5 | import plistlib 6 | import platform 7 | 8 | # Group System Preferences should be opened to 9 | group = 'everyone' 10 | 11 | # Get the OS Version 12 | v = platform.mac_ver()[0][:4] 13 | 14 | command = ['/usr/bin/security', 'authorizationdb', 'read', 'system.services.systemconfiguration.network'] 15 | 16 | task = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 17 | (out, err) = task.communicate() 18 | formatted = plistlib.readPlistFromString(out) 19 | 20 | # If we're on 10.9 and the group doesn't match, we're going to correct it. 21 | if v == '10.9': 22 | if formatted['group'] != group: 23 | formatted['group'] = group 24 | # Convert back to plist 25 | input_plist = plistlib.writePlistToString(formatted) 26 | # Write the plist back to the authorizationdb 27 | command = ['/usr/bin/security', 'authorizationdb', 'write', 'system.services.systemconfiguration.network'] 28 | task = subprocess.Popen(command, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 29 | (out, err) = task.communicate(input=input_plist) 30 | 31 | # If we're on 10.8 and the rule doesn't match, we're going to correct it. 32 | if v == '10.8': 33 | if formatted['rule'] != 'allow': 34 | formatted['rule'] = 'allow' 35 | # Convert back to plist 36 | input_plist = plistlib.writePlistToString(formatted) 37 | # Write the plist back to the authorizationdb 38 | command = ['/usr/bin/security', 'authorizationdb', 'write', 'system.services.systemconfiguration.network'] 39 | task = subprocess.Popen(command, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 40 | (out, err) = task.communicate(input=input_plist) 41 | 42 | command = ['/usr/bin/security', 'authorizationdb', 'read', 'system.preferences.network'] 43 | 44 | task = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 45 | (out, err) = task.communicate() 46 | formatted = plistlib.readPlistFromString(out) 47 | 48 | # If the group doesn't match, we're going to correct it. 49 | if formatted['group'] != group: 50 | formatted['group'] = group 51 | # Convert back to plist 52 | input_plist = plistlib.writePlistToString(formatted) 53 | # Write the plist back to the authorizationdb 54 | command = ['/usr/bin/security', 'authorizationdb', 'write', 'system.preferences.network'] 55 | task = subprocess.Popen(command, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 56 | (out, err) = task.communicate(input=input_plist) -------------------------------------------------------------------------------- /Munki-nopkg/Auth/UnlockNetwork/uninstall.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | import subprocess 4 | import sys 5 | import plistlib 6 | import platform 7 | 8 | # Group System Preferences should be opened to 9 | group = 'admin' 10 | 11 | # Get the OS Version 12 | v = platform.mac_ver()[0][:4] 13 | 14 | command = ['/usr/bin/security', 'authorizationdb', 'read', 'system.services.systemconfiguration.network'] 15 | 16 | task = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 17 | (out, err) = task.communicate() 18 | formatted = plistlib.readPlistFromString(out) 19 | 20 | # If we're on 10.9 and the group doesn't match, we're going to correct it. 21 | if v == '10.9': 22 | if formatted['group'] != group: 23 | formatted['group'] = group 24 | # Convert back to plist 25 | input_plist = plistlib.writePlistToString(formatted) 26 | # Write the plist back to the authorizationdb 27 | command = ['/usr/bin/security', 'authorizationdb', 'write', 'system.services.systemconfiguration.network'] 28 | task = subprocess.Popen(command, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 29 | (out, err) = task.communicate(input=input_plist) 30 | 31 | # If we're on 10.8 and the rule doesn't match, we're going to correct it. 32 | if v == '10.8': 33 | if formatted['rule'] != 'root-or-entitled-admin-or-app-specific-admin': 34 | formatted['rule'] = 'root-or-entitled-admin-or-app-specific-admin' 35 | # Convert back to plist 36 | input_plist = plistlib.writePlistToString(formatted) 37 | # Write the plist back to the authorizationdb 38 | command = ['/usr/bin/security', 'authorizationdb', 'write', 'system.services.systemconfiguration.network'] 39 | task = subprocess.Popen(command, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 40 | (out, err) = task.communicate(input=input_plist) 41 | 42 | command = ['/usr/bin/security', 'authorizationdb', 'read', 'system.preferences.network'] 43 | 44 | task = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 45 | (out, err) = task.communicate() 46 | formatted = plistlib.readPlistFromString(out) 47 | 48 | # If the group doesn't match, we're going to correct it. 49 | if formatted['group'] != group: 50 | formatted['group'] = group 51 | # Convert back to plist 52 | input_plist = plistlib.writePlistToString(formatted) 53 | # Write the plist back to the authorizationdb 54 | command = ['/usr/bin/security', 'authorizationdb', 'write', 'system.preferences.network'] 55 | task = subprocess.Popen(command, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 56 | (out, err) = task.communicate(input=input_plist) -------------------------------------------------------------------------------- /Munki-nopkg/Xcode/XcodeCLITools-2014.07.15.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | _metadata 6 | 7 | created_by 8 | grahamgilbert 9 | creation_date 10 | 2014-07-15T16:37:46Z 11 | munki_version 12 | 2.0.0.2091 13 | os_version 14 | 10.9.4 15 | 16 | autoremove 17 | 18 | catalogs 19 | 20 | production 21 | 22 | description 23 | Installs Xcode CLI Tools 24 | installer_type 25 | nopkg 26 | minimum_os_version 27 | 10.9 28 | name 29 | XcodeCLITools 30 | postinstall_script 31 | #!/bin/sh 32 | 33 | 34 | # This script was written by Tim Sutton - https://github.com/timsutton/osx-vm-templates/blob/master/scripts/xcode-cli-tools.sh 35 | 36 | # Get and install Xcode CLI tools 37 | OSX_VERS=$(sw_vers -productVersion | awk -F "." '{print $2}') 38 | 39 | # on 10.9, we can leverage SUS to get the latest CLI tools 40 | if [ "$OSX_VERS" -ge 9 ]; then 41 | 42 | # create the placeholder file that's checked by CLI updates' .dist code 43 | # in Apple's SUS catalog 44 | touch /tmp/.com.apple.dt.CommandLineTools.installondemand.in-progress 45 | 46 | # find the update with "Developer" in the name 47 | PROD=$(softwareupdate -l | grep -B 1 "Developer" | head -n 1 | awk -F"*" '{print $2}') 48 | 49 | # install it 50 | # amazingly, it won't find the update if we put the update ID in double-quotes 51 | softwareupdate -i $PROD -v 52 | 53 | # on 10.7/10.8, we instead download from public download URLs, which can be found in 54 | # the dvtdownloadableindex: 55 | # https://devimages.apple.com.edgekey.net/downloads/xcode/simulators/index-3905972D-B609-49CE-8D06-51ADC78E07BC.dvtdownloadableindex 56 | else 57 | [ "$OSX_VERS" -eq 7 ] && DMGURL=http://devimages.apple.com/downloads/xcode/command_line_tools_for_xcode_os_x_lion_april_2013.dmg 58 | [ "$OSX_VERS" -eq 8 ] && DMGURL=http://devimages.apple.com/downloads/xcode/command_line_tools_for_osx_mountain_lion_april_2014.dmg 59 | 60 | TOOLS=clitools.dmg 61 | curl "$DMGURL" -o "$TOOLS" 62 | TMPMOUNT=`/usr/bin/mktemp -d /tmp/clitools.XXXX` 63 | hdiutil attach "$TOOLS" -mountpoint "$TMPMOUNT" 64 | installer -pkg "$(find $TMPMOUNT -name '*.mpkg')" -target / 65 | hdiutil detach "$TMPMOUNT" 66 | rm -rf "$TMPMOUNT" 67 | rm "$TOOLS" 68 | exit 69 | fi 70 | 71 | unattended_install 72 | 73 | unattended_uninstall 74 | 75 | version 76 | 2014.7.15 77 | installs 78 | 79 | 80 | CFBundleShortVersionString 81 | 1.310.2.37 82 | CFBundleVersion 83 | 310.2.37 84 | path 85 | /Library/Developer/CommandLineTools/Library/PrivateFrameworks/LLDB.framework 86 | type 87 | bundle 88 | version_comparison_key 89 | CFBundleShortVersionString 90 | 91 | 92 | 93 | 94 | 95 | -------------------------------------------------------------------------------- /Munki-nopkg/Auth/OpenSysPrefs/OpenSysPrefs-1.0.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | autoremove 6 | 7 | catalogs 8 | 9 | production 10 | 11 | description 12 | Opens System Preferences to Everyone 13 | display_name 14 | Open System Preferences 15 | name 16 | OpenSysPrefs 17 | installer_type 18 | nopkg 19 | minimum_os_version 20 | 10.8.0 21 | unattended_install 22 | 23 | version 24 | 1.0 25 | installcheck_script 26 | #!/usr/bin/env python 27 | 28 | import subprocess 29 | import sys 30 | import plistlib 31 | 32 | # Group System Preferences should be opened to 33 | group = 'everyone' 34 | 35 | command = ['/usr/bin/security', 'authorizationdb', 'read', 'system.preferences'] 36 | 37 | task = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 38 | (out, err) = task.communicate() 39 | 40 | formatted = plistlib.readPlistFromString(out) 41 | # if group matches, exit 1 as we don't need to install 42 | if formatted['group'] == group: 43 | sys.exit(1) 44 | else: 45 | # if it doesn't we're exiting with 0 as we need to perform the install 46 | sys.exit(0) 47 | minimum_os_version 48 | 10.4.0 49 | postinstall_script 50 | #!/usr/bin/env python 51 | 52 | import subprocess 53 | import sys 54 | import plistlib 55 | 56 | # Group System Preferences should be opened to 57 | group = 'everyone' 58 | 59 | command = ['/usr/bin/security', 'authorizationdb', 'read', 'system.preferences'] 60 | 61 | task = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 62 | (out, err) = task.communicate() 63 | formatted = plistlib.readPlistFromString(out) 64 | 65 | # If the group doesn't match, we're going to correct it. 66 | if formatted['group'] != group: 67 | #input_plist = {} 68 | formatted['group'] = group 69 | # Convert back to plist 70 | input_plist = plistlib.writePlistToString(formatted) 71 | # Write the plist back to the authorizationdb 72 | command = ['/usr/bin/security', 'authorizationdb', 'write', 'system.preferences'] 73 | task = subprocess.Popen(command, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 74 | (out, err) = task.communicate(input=input_plist) 75 | uninstall_method 76 | uninstall_script 77 | uninstall_script 78 | #!/usr/bin/env python 79 | 80 | import subprocess 81 | import sys 82 | import plistlib 83 | 84 | # Set the group back to admin 85 | group = 'admin' 86 | 87 | command = ['/usr/bin/security', 'authorizationdb', 'read', 'system.preferences'] 88 | 89 | task = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 90 | (out, err) = task.communicate() 91 | formatted = plistlib.readPlistFromString(out) 92 | 93 | # If the group doesn't match, we're going to correct it. 94 | if formatted['group'] != group: 95 | formatted['group'] = group 96 | # Convert back to plist 97 | input_plist = plistlib.writePlistToString(formatted) 98 | # Write the plist back to the authorizationdb 99 | command = ['/usr/bin/security', 'authorizationdb', 'write', 'system.preferences'] 100 | task = subprocess.Popen(command, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 101 | (out, err) = task.communicate(input=input_plist) 102 | 103 | 104 | 105 | -------------------------------------------------------------------------------- /Munki-nopkg/Auth/UnlockPrinting/UnlockPrinting-1.0.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | autoremove 6 | 7 | catalogs 8 | 9 | production 10 | 11 | description 12 | Allows users to manage Printing in System Preferences 13 | display_name 14 | Manage Printers 15 | name 16 | UnlockPrinters 17 | installer_type 18 | nopkg 19 | minimum_os_version 20 | 10.8.0 21 | unattended_install 22 | 23 | version 24 | 1.0 25 | installcheck_script 26 | #!/usr/bin/env python 27 | 28 | import subprocess 29 | import sys 30 | import plistlib 31 | 32 | # Group Printing System Preferences should be opened to 33 | group = 'everyone' 34 | 35 | command = ['/usr/bin/security', 'authorizationdb', 'read', 'system.preferences.printing'] 36 | 37 | task = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 38 | (out, err) = task.communicate() 39 | 40 | formatted = plistlib.readPlistFromString(out) 41 | 42 | # Get all of the groups nested under lpadmin 43 | command = ['/usr/bin/dscl', '/Local/Default', 'read', '/Groups/lpadmin', 'NestedGroups'] 44 | task = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 45 | (out, err) = task.communicate() 46 | 47 | list = out.strip().split(" ") 48 | 49 | # Get the GUID of the desired group 50 | 51 | command = ['/usr/bin/dscl', '/Local/Default', 'read', '/Groups/'+group, 'GeneratedUID'] 52 | task = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 53 | (out, err) = task.communicate() 54 | guid = out.strip().replace('GeneratedUID: ', '') 55 | 56 | # Iterate over all of the groups, if one of them is the specified group, we this part doesn't need to be installed. 57 | for pos,item in enumerate(list): 58 | if item != 'NestedGroups:': 59 | if item == guid: 60 | groupPresent = True 61 | 62 | # if group matches, exit 1 as we don't need to install 63 | if formatted['group'] == group and groupPresent == True: 64 | sys.exit(1) 65 | else: 66 | # if it doesn't we're exiting with 0 as we need to perform the install 67 | sys.exit(0) 68 | minimum_os_version 69 | 10.4.0 70 | postinstall_script 71 | #!/usr/bin/env python 72 | 73 | import subprocess 74 | import sys 75 | import plistlib 76 | 77 | # Group System Preferences should be opened to 78 | group = 'everyone' 79 | 80 | command = ['/usr/bin/security', 'authorizationdb', 'read', 'system.preferences.printing'] 81 | 82 | task = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 83 | (out, err) = task.communicate() 84 | formatted = plistlib.readPlistFromString(out) 85 | 86 | # If the group doesn't match, we're going to correct it. 87 | if formatted['group'] != group: 88 | formatted['group'] = group 89 | # Convert back to plist 90 | input_plist = plistlib.writePlistToString(formatted) 91 | # Write the plist back to the authorizationdb 92 | command = ['/usr/bin/security', 'authorizationdb', 'write', 'system.preferences.printing'] 93 | task = subprocess.Popen(command, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 94 | (out, err) = task.communicate(input=input_plist) 95 | 96 | 97 | # Get all of the groups nested under lpadmin 98 | command = ['/usr/bin/dscl', '/Local/Default', 'read', '/Groups/lpadmin', 'NestedGroups'] 99 | task = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 100 | (out, err) = task.communicate() 101 | 102 | list = out.strip().split(" ") 103 | 104 | # Get the GUID of the desired group 105 | 106 | command = ['/usr/bin/dscl', '/Local/Default', 'read', '/Groups/'+group, 'GeneratedUID'] 107 | task = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 108 | (out, err) = task.communicate() 109 | guid = out.strip().replace('GeneratedUID: ', '') 110 | 111 | # Iterate over all of the groups, if one of them is the specified group, we this part doesn't need to be installed. 112 | groupPresent = False 113 | for pos,item in enumerate(list): 114 | if item != 'NestedGroups:': 115 | if item == guid: 116 | groupPresent = True 117 | 118 | # if groupPresent isn't True, then we need to add the desired group to lpadmin 119 | 120 | if groupPresent != True: 121 | command = ['/usr/sbin/dseditgroup', '-o', 'edit', '-n', '/Local/Default', '-a', group, '-t', 'group', 'lpadmin'] 122 | task = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 123 | (out, err) = task.communicate() 124 | uninstall_method 125 | uninstall_script 126 | uninstall_script 127 | #!/usr/bin/env python 128 | 129 | import subprocess 130 | import sys 131 | import plistlib 132 | 133 | # Group System Preferences was be opened to 134 | group = 'everyone' 135 | 136 | command = ['/usr/bin/security', 'authorizationdb', 'read', 'system.preferences.printing'] 137 | 138 | task = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 139 | (out, err) = task.communicate() 140 | formatted = plistlib.readPlistFromString(out) 141 | 142 | 143 | originalGroup = 'admin' 144 | # If the group doesn't match, we're going to correct it. 145 | if formatted['group'] != originalGroup: 146 | formatted['group'] = originalGroup 147 | # Convert back to plist 148 | input_plist = plistlib.writePlistToString(formatted) 149 | # Write the plist back to the authorizationdb 150 | command = ['/usr/bin/security', 'authorizationdb', 'write', 'system.preferences.printing'] 151 | task = subprocess.Popen(command, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 152 | (out, err) = task.communicate(input=input_plist) 153 | 154 | 155 | # Get all of the groups nested under lpadmin 156 | command = ['/usr/bin/dscl', '/Local/Default', 'read', '/Groups/lpadmin', 'NestedGroups'] 157 | task = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 158 | (out, err) = task.communicate() 159 | 160 | list = out.strip().split(" ") 161 | 162 | # Get the GUID of the desired group 163 | 164 | command = ['/usr/bin/dscl', '/Local/Default', 'read', '/Groups/'+group, 'GeneratedUID'] 165 | task = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 166 | (out, err) = task.communicate() 167 | guid = out.strip().replace('GeneratedUID: ', '') 168 | 169 | # Iterate over all of the groups, if one of them is the specified group, we this part doesn't need to be installed. 170 | groupPresent = False 171 | for pos,item in enumerate(list): 172 | if item != 'NestedGroups:': 173 | if item == guid: 174 | groupPresent = True 175 | 176 | # if groupPresent isn't True, then we don't need to uninstall! 177 | 178 | if groupPresent == True: 179 | command = ['/usr/bin/dscl', '/Local/Default', '-delete', '/Groups/lpadmin', 'NestedGroups', guid] 180 | task = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 181 | (out, err) = task.communicate() 182 | 183 | 184 | 185 | -------------------------------------------------------------------------------- /dockutil/dockutil: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | # Copyright 2008 Kyle Crawford 4 | 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # Send bug reports and comments to kcrwfrd at gmail 18 | 19 | # Possible future enhancements 20 | # tie in with application identifier codes for locating apps and replacing them in the dock with newer versions? 21 | 22 | import sys, plistlib, subprocess, os, getopt, re, pipes 23 | from random import randrange 24 | 25 | 26 | # default verbose printing to off 27 | verbose = False 28 | version = '1.1.4' 29 | 30 | def usage(e=None): 31 | """Displays usage information and error if one occurred""" 32 | name = os.path.basename(sys.argv[0]) 33 | 34 | print "usage: %s -h" % (name,) 35 | print "usage: %s --add | [--label