Tag Archive

Script to find application architectures on your Mac

Posted on November 16, 2021 by alanysiu

Apple has once again switched architectures. It used to be a switch from PowerPC to Intel. Now it is a switch from Intel to Apple Silicon.

Vendors are in the process of switching from releasing Intel only or separate Intel and Silicon binaries to releasing universal binaries (that will work on both Intel and Silicon), and users are still often resorting to using Rosetta 2 to run Intel applications on Silicon Macs.

If you want to do a quick inventory on which applications you have installed are Intel only, Silicon only, or universal, you can go to Apple symbol > About This Mac > System Report > Software > Applications.

I’ve also written up a script that will comb through those apps and display them grouped together by architecture type, and also display a summary of how many apps of architecture type there are.

Script output translation:

  • arch_arm_i64 = Universal
  • arch_i64 = Intel
  • arch_other = Other
  • arch_i32 = 32-bit (Unsupported)
  • arch_arm = Apple Silicon

2

Updates to the AutoPkgReviewAndRun.py script

Posted on October 28, 2020 by alanysiu

3.5 years ago, I created a script to automate running AutoPkg recipes while also verifying trust info and prompting the user to approve or deny any changes.

With some prompting from some folks on the #autopkg channel of the MacAdmins Slack, I made a few changes to the script:

  • You can now run the script but have it only verify trust info without running the recipes in the recipe list (--verifyonly)
  • Conversely, you can have it only run the recipes in the recipe list without verifying them first (--runonly)
  • If you want, you can also specify a recipe list using either the --recipe-list or -l flag

More details in this pull request.

0

Running daily, weekly, and monthly scripts in macOS using periodic

Posted on August 26, 2020 by alanysiu

Background

I was looking for time-based project similar to Outset (which runs boot and login scripts stored in various directories), and apparently there’s one already baked into macOS that will run daily, weekly, and monthly scripts.

Shoutout to @elios on the MacAdmins Slack for letting me know about periodic

Launch Daemons

If you run sudo launchctl list | grep periodic-, you’ll see that these launch daemons are running:

com.apple.periodic-monthly
com.apple.periodic-weekly
com.apple.periodic-daily

And, though I don’t love SIP in general, it’s great for this, because you can’t actually disable the launch daemons:

sudo launchctl unload /System/Library/LaunchDaemons/com.apple.periodic-daily.plist
/System/Library/LaunchDaemons/com.apple.periodic-daily.plist: Operation not permitted while System Integrity Protection is engaged

So that means as long as you can enforce your daily, weekly, and monthly scripts being in the right place, with the right permissions, and with the right hash, they’ll be run regularly-ish.

Locations of Scripts

You can find scripts in /etc/periodic/daily, /etc/periodic/weekly, and /etc/periodic/monthly. You can also put your own scripts in there (root-owned, 755 permissions), and they’ll run alongside the ones that come with macOS.

According to /etc/defaults/periodic.conf, though, there’s another recommended place to put scripts:

# periodic script dirs
local_periodic="/usr/local/etc/periodic"

So that would be /usr/local/etc/periodic/daily, /usr/local/etc/periodic/weekly, and /usr/local/etc/periodic/monthly. Having your scripts separated from the built-in scripts may be a good idea, even though they’ll run fine alongside the built-in scripts.

Logging

If your script has any echo commands, the output will go to the appropriate log file (by default, those logs would be /var/log/daily.out, /var/log/weekly.out, and /var/log/monthly.out), but there won’t necessarily (again, with the default settings) be any other indicators in the daily, weekly, and monthly logs that your scripts ran.

The format of the log seems to be a date/time, all the echo statements from the scripts run, and then a closer like -- End of daily/weekly/monthly output --.

Invoking manually

If you don’t want to wait until the next day, week, or month, you can do some manual testing by running a command like this, for example: sudo periodic daily

No TCC/PPPC support

Allowing full disk access to a script relies on giving that access to the actual parent process. As far as I can tell, the parent process is the /usr/sbin/periodic binary, but that binary (although shipped with macOS) isn’t code-signed.

3

Python 3 script to add optional installs to the SelfServeManifest

Posted on June 24, 2020 by alanysiu

Two years ago, I wrote a bash script that adds a bunch of optional installs to the SelfServeManifest using /usr/libexec/PlistBuddy, which is a fine tool, but it can get bit messy sometimes. I did play around with using /usr/local/munki/manifestutil, but it got a bit convoluted, and I figured “Hey, why not just write it in Python 3, now that the default shell is zsh instead of bash and Python 2 is end-of-life?”

So, yeah, the rationale here is that you may want to have a bunch of applications installed as default applications for your users but still give users the option to remove those applications later, so this Python 3 script would just make it seem to Munki as if the user has already selected these optional installs to install… and then she can always use Managed Software Center to remove those optional installs later if she doesn’t want them any more.

0