try to sign and notarize a new suite package

macadmins · May 25, 2022 · 3cf5cf8 · 3cf5cf8
1 parent 43da836
commit 3cf5cf8
Show file tree

Hide file tree

Showing 2 changed files with 117 additions and 0 deletions.
diff --git a/build_assets/postinstall-suite b/build_assets/postinstall-suite
@@ -0,0 +1,67 @@
+#!/bin/zsh
+#
+# Copyright 2021-Present Erik Gomez.
+#
+# Licensed under the Apache License, Version 2.0 (the 'License');
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an 'AS IS' BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# If you change your agent/daemon files name, update the following lines
+launch_agent_plist_name='com.github.macadmins.Nudge.plist'
+launch_daemon_plist_name='com.github.macadmins.Nudge.logger.plist'
+
+# Base paths
+launch_agent_base_path='Library/LaunchAgents/'
+launch_daemon_base_path='Library/LaunchDaemons/'
+
+# Load agent and daemon if installing to a running system
+if [[ $3 == "/" ]] ; then
+  ## Agent
+  # Fail the install if the admin forgets to change their paths and they don't exist.
+  if [ ! -e "$3/${launch_agent_base_path}${launch_agent_plist_name}" ]; then
+    echo "LaunchAgent missing, exiting"
+    exit 1
+  fi
+
+  # Current console user information
+  console_user=$(/usr/bin/stat -f "%Su" /dev/console)
+  console_user_uid=$(/usr/bin/id -u "$console_user")
+
+  # Only enable the LaunchAgent if there is a user logged in, otherwise rely on built in LaunchAgent behavior
+  if [[ -z "$console_user" ]]; then
+    echo "Did not detect user"
+  elif [[ "$console_user" == "loginwindow" ]]; then
+    echo "Detected Loginwindow Environment"
+  elif [[ "$console_user" == "_mbsetupuser" ]]; then
+    echo "Detect SetupAssistant Environment"
+  elif [[ "$console_user" == "root" ]]; then
+    echo "Detect root as currently logged-in user"
+  else
+    # Unload the agent so it can be triggered on re-install
+    /bin/launchctl asuser "${console_user_uid}" /bin/launchctl unload -w "$3${launch_agent_base_path}${launch_agent_plist_name}"
+    # Kill Nudge just in case (say someone manually opens it and not launched via launchagent
+    /usr/bin/killall Nudge
+    # Load the launch agent
+    /bin/launchctl asuser "${console_user_uid}" /bin/launchctl load -w "$3${launch_agent_base_path}${launch_agent_plist_name}"
+  fi
+
+  ## Daemon Logger
+  # Fail the install if the admin forgets to change their paths and they don't exist.
+  if [ ! -e "$3/${launch_daemon_base_path}${launch_daemon_plist_name}" ]; then
+    echo "LaunchDaemon missing, exiting"
+    exit 1
+  fi
+
+  # Unload the agent so it can be triggered on re-install
+  /bin/launchctl unload -w "$3${launch_daemon_base_path}${launch_daemon_plist_name}"
+  # Load the launch agent
+  /bin/launchctl load -w "$3${launch_daemon_base_path}${launch_daemon_plist_name}"
+fi
diff --git a/build_nudge.zsh b/build_nudge.zsh
@@ -215,3 +215,53 @@ else
   # Move the signed pkg
   /bin/mv "$NUDGE_LD_PKG_PATH/build/Nudge_Logger-1.0.1.pkg" "$OUTPUTSDIR"
 fi
+
+# Create the Suite package
+echo "Moving Nudge.app to payload folder"
+SUITE_PKG_PATH="$TOOLSDIR/NudgePkgSuite"
+if [ -e $SUITE_PKG_PATH ]; then
+  /bin/rm -rf $SUITE_PKG_PATH
+fi
+/bin/mkdir -p "$SUITE_PKG_PATH/payload/Applications/Utilities"
+/bin/mkdir -p "$SUITE_PKG_PATH/payload/Library/LaunchAgents"
+/bin/mkdir -p "$SUITE_PKG_PATH/payload/Library/LaunchDaemons"
+/bin/mkdir -p "$SUITE_PKG_PATH/scripts"
+/usr/bin/sudo /usr/sbin/chown -R ${CONSOLEUSER}:wheel "$SUITE_PKG_PATH"
+/bin/mv "${BUILDSDIR}/Release/Nudge.app" "$SUITE_PKG_PATH/payload/Applications/Utilities/Nudge.app"
+/bin/cp "${TOOLSDIR}/build_assets/preinstall-app" "$SUITE_PKG_PATH/scripts/preinstall"
+echo "Moving LaunchAgent to payload folder"
+/bin/cp "${TOOLSDIR}/build_assets/com.github.macadmins.Nudge.plist" "$SUITE_PKG_PATH/payload/Library/LaunchAgents"
+echo "Moving LaunchDaemon to logging payload folder"
+/bin/cp "${TOOLSDIR}/build_assets/com.github.macadmins.Nudge.logger.plist" "$SUITE_PKG_PATH/payload/Library/LaunchDaemons"
+/bin/cp "${TOOLSDIR}/build_assets/postinstall-suite" "$SUITE_PKG_PATH/scripts/postinstall"
+
+# Create the json file for signed munkipkg Nudge Suite pkg
+/bin/cat << SIGNED_JSONFILE > "$SUITE_PKG_PATH/build-info.json"
+{
+  "ownership": "recommended",
+  "suppress_bundle_relocation": true,
+  "identifier": "com.github.macadmins.Nudge.Suite",
+  "postinstall_action": "none",
+  "distribution_style": true,
+  "version": "$AUTOMATED_NUDGE_BUILD",
+  "name": "Nudge_Suite-$AUTOMATED_NUDGE_BUILD.pkg",
+  "install_location": "/",
+  "signing_info": {
+    "identity": "$SIGNING_IDENTITY",
+    "timestamp": true
+  }
+}
+SIGNED_JSONFILE
+
+# Create the signed Nudge Suite pkg
+"${MP_BINDIR}/munki-pkg-${MP_SHA}/munkipkg" "$SUITE_PKG_PATH"
+PKG_RESULT="$?"
+if [ "${PKG_RESULT}" != "0" ]; then
+  echo "Could not sign package: ${PKG_RESULT}" 1>&2
+else
+  # Notarize Nudge Suite package
+  $XCODE_NOTARY_PATH submit "$SUITE_PKG_PATH/build/Nudge_Suite-$AUTOMATED_NUDGE_BUILD.pkg" --keychain-profile "nudge" --wait
+  $XCODE_STAPLER_PATH staple "$SUITE_PKG_PATH/build/Nudge_Suite-$AUTOMATED_NUDGE_BUILD.pkg"
+  # Move the Nudge Suite signed/notarized pkg
+  /bin/mv "$SUITE_PKG_PATH/build/Nudge_Suite-$AUTOMATED_NUDGE_BUILD.pkg" "$OUTPUTSDIR"
+fi