Tag: munki
-
Using Munki to “nudge” for Rapid Security Response updates (like 13.3.1 (a))
For many MacAdmins, Nudge has been an amazing tool for bothering users to update their Macs to the latest patch. Apple threw a wrench in things by the way it implemented the 13.3.1 (a) Rapid Security Response update, so Nudge doesn’t currently (as of this writing) support Rapid Security Response updates. There would be challenges…
-
Enforcing an older force_install_after_date when importing a new Munki item version
Problem Munki has the ability to force updates to install by a certain date, using the force_install_after_date flag, but what do you do when you have an older version you want enforced, but you also want to import a newer version into the Munki repo? If you have Slack 4.29 you want force-installed in two…
-
Managed Software Center may get stuck on “Starting Adobe installer…”
If you import an Adobe installer into your Munki repo, you may get it stuck on the installation part where Managed Software Center (or Munki’s logs) will just say Starting Adobe installer… and get stuck on that perpetually (I waited “only” a half hour, but it could possibly stay indefinitely). I searched in the MacAdmins…
-
Popping a Munki optional install to the top of Managed Software Center
Most of the time, having optional installs in Managed Software Center be in alphabetical order is fine. Users can scroll through the list or search for optional installs by name. But if you have a long list of optional installs, you may want one or two items that are at the end of the alphabet…
-
Making sharding work with Munki catalogs in mind
Some Munki admins use sharding to roll out to various portions of their fleet. Most versions of sharding create a random-looking (but not actually random) integer either between 0 and 99 or 1 and 100 that is based on a hash of the Mac’s serial number. Where that can be tricky is when you want…
-
Chrome mid-update versions and Munki
Most of the time, if you want to patch Chrome using Munki, you just use add Chrome as a managed update or managed install to the relevant manifests in your Munki repo, and then have the AutoPkg Chrome.munki recipe import the new version of Chrome into your Munki repo from time to time (daily, weekly,…
-
Using a nopkg to “nudge” in Munki for Silicon Macs
Context This is really just a proof-of-concept, but as of this writing both Nudge and Munki use the softwareupdate binary to try to download updates to see what’s available. With the Silicon chip Macs, Apple has now made it so that softwareupdate will prompt you for a password for downloading pending updates, even if you’re…
-
Unloading Santa’s system extension when uninstalling using Munki
What the problem is System extensions in place of kernel extensions For macOS 10.15+, Apple has deprecated kernel extensions in favor of system extensions, but system extensions can’t be unloaded silently by script. If you try to unload Santa’s system extension using the command: systemextensionsctl uninstall EQHXZ8M8AV com.google.santa.daemon you’ll get this: At this time, this…
-
Managing macOS Notification Center settings using a Jamf profile
There’s a feature request called Add support for new Notification Settings payloads for Catalina, originally created 19 August, 2019 and currently marked as partially implemented in Jamf Pro 10.19.0, the details being Starting in Jamf Pro 10.19.0, admins may automatically whitelist notifications in macOS Catalina for the Jamf Management Framework and Self Service application bundle..…
-
Rolling back versions in Munki and using blocking applications arrays
Downgrading software in Munki can be a bit tricky. One of the tricks you can use is to remove the higher version number from your Munki repo, and replace an .app bundle–based installs array with a binary-based one. So, after removing the higher version from your repo, replacing the lower version’s pkginfo with something like…
-
Munki can get into a notification loop if root is using the Persian calendar
The Problem At some point, this blog post may be obsolete, because I’m hoping this will be fixed soon, but in the meantime, I’ve filed an issue on GitHub: Using Persian calendar results in notification loop at every next Munki run If you have users who claim to see notifications multiple times a day, even…
-
Fix for VirtualBox Extension Pack postinstall script hanging in Munki
The problem If you’ve been running the VirtualBoxExtPack.munki.recipe AutoPkg recipe, and you’ve noticed the VirtualBox Extension Pack postinstall script in Munki hanging indefinitely (30 minutes and beyond), it’s because the license hash has changed. The fix According to @jessepeterson (the maintainer of that AutoPkg recipe), the license hash doesn’t change very often, but it did…
-
How to deploy a .pkg via Munki if a config file has to be in the same directory
Vendors package software in funny ways sometimes. Every now and then, you might come across a vendor .pkg that comes with some kind of .xml or .cfg or .txt that has to be in the same directory as the .pkg. It’s likely because there’s some postinstall script in the .pkg itself that references that text…
-
Some basics of DEPNotify and a sample script
If you’ve been doing Munki admin’ing for a short while, you’ve probably heard people talk about DEPNotify, whose README says is “a small light weight notification app that was designed to let your users know what’s going on during a DEP enrollment.” Aforementioned DEPNotify README is fairly comprehensive in terms of going over all the…
-
Python script to list software available in a Munki repo
I created a small project (for fun) to list out software available in a Munki repo. It’s called MunkiItemsList. On a basic level, it looks for all the items that are listed in any optional installs manifest, and then lists out the display name, description, and highest version available. There are some additional options described…