forked from lifeunexpected/Scripts
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathMunki.Notarize.Specific.Git.Version.zsh
147 lines (129 loc) · 4.73 KB
/
Munki.Notarize.Specific.Git.Version.zsh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
#!/bin/zsh
# Made by Lux
# https://github.com/lifeunexpected
# PS: you first need to modify MunkiPythonNotarizeAndSign.zsh if you dont do that this script wont work!
# Copy both Munki.Notarize.zsh and Munki.Notarize.Specific.Git.Version.zsh too munki/code/tools/
# This is based on Greag Neagles original script and we are just doing some small modifications.
# 1: Copy script to Munki folder
# 2: In terminal "cd FolderWheremunki" git repo is located
# 3: run script with the commands you want
# 4 Enter Password
# Defaults.
PKGID="com.googlecode.munki"
OUTPUTDIR="$(pwd)"
CHECKOUTREV="HEAD"
BRANCH="main"
# Delete old munki-git folder from munki root folder if exist
sudo rm -rf $OUTPUTDIR/munki-git
usage() {
cat <<EOF
Usage: $(basename "$0") [-b branch ] [-r revision] [<make_munki_mpkg.sh options>]"
-b branch Git branch to clone (main is the default)
-r revision Git revision to check out (HEAD is the default)
The remaining options are passed to make_munki_pkg.sh:
-i id Specify the base package bundle ID
-o dir Specify the output directory
-n orgname Specify the name of the organization
-p Build Python.framework even if one exists
-B Include a package that sets Munki's bootstrap mode
-m Build the package in a manner suitable for install via MDM;
specifically, attempt to start all the launchd agents and
daemons without requiring a restart. Such a package is not
suited for upgrade installs or install via Munki itself.
-c plist Build a configuration package using the preferences defined in a
plist file
-R Include a pkg to install Rosetta2 on ARM-based hardware.
-s cert_cn Sign distribution package with a Developer ID Installer
certificate from keychain. Provide the certificate's Common
Name. Ex: "Developer ID Installer: Munki (U8PN57A5N2)"
-S cert_cn Sign apps with a Developer ID Application certificated from
keychain. Provide the certificate's Common Name.
Ex: "Developer ID Application: Munki (U8PN57A5N2)"
-T pemfile Include a pkg to install a client certificate for server mTLS
mutual authentication, at /Library/Managed Installs/certs/.
EOF
}
ADDITIONALARGS=""
while getopts "b:r:i:o:n:c:s:S:T:pBmhR" option
do
case $option in
"b")
BRANCH="$OPTARG"
;;
"r")
CHECKOUTREV="$OPTARG"
;;
"i")
ADDITIONALARGS="${ADDITIONALARGS} -i \"$OPTARG\""
;;
"o")
ADDITIONALARGS="${ADDITIONALARGS} -o \"$OPTARG\""
;;
"n")
ADDITIONALARGS="${ADDITIONALARGS} -n \"$OPTARG\""
;;
"c")
ADDITIONALARGS="${ADDITIONALARGS} -c \"$OPTARG\""
;;
"s")
ADDITIONALARGS="${ADDITIONALARGS} -s \"$OPTARG\""
;;
"S")
ADDITIONALARGS="${ADDITIONALARGS} -S \"$OPTARG\""
;;
"p")
ADDITIONALARGS="${ADDITIONALARGS} -p"
;;
"B")
ADDITIONALARGS="${ADDITIONALARGS} -B"
;;
"m")
ADDITIONALARGS="${ADDITIONALARGS} -m"
;;
"R")
ADDITIONALARGS="${ADDITIONALARGS} -R"
;;
"T")
ADDITIONALARGS="${ADDITIONALARGS} -T \"$OPTARG\""
;;
"h" | *)
usage
exit 1
;;
esac
done
shift $(($OPTIND - 1))
if [ $# -ne 0 ]; then
usage
exit 1
fi
MUNKIDIR="$(pwd)/munki-git"
# Sanity checks.
if ! which git 1>/dev/null ; then
echo "Could not find git in command path. Maybe it's not installed?" 1>&2
echo "You can get a Git package here:" 1>&2
echo " https://git-scm.com/download/mac"
exit 1
fi
echo "Cloning munki repo branch $BRANCH from github..."
git clone --branch "$BRANCH" --no-checkout -- https://github.com/munki/munki.git "$MUNKIDIR"
CLONE_RESULT="$?"
if [ "$CLONE_RESULT" != "0" ]; then
echo "Error cloning munki repo: $CLONE_RESULT" 1>&2
exit 1
fi
echo "Checking out revision $CHECKOUTREV..."
cd "$MUNKIDIR"
git checkout "$CHECKOUTREV"
CHECKOUT_RESULT="$?"
if [ "$CHECKOUT_RESULT" != "0" ]; then
echo "Error checking out $CHECKOUTREV: $CHECKOUT_RESULT" 1>&2
exit 1
fi
# Copy notarization script to munki-git folder
cp $OUTPUTDIR/code/tools/Munki.Notarize.zsh $MUNKIDIR/code/tools/
cp $OUTPUTDIR/code/tools/MunkiClientSettings.plist $MUNKIDIR/code/tools/
# now use the version of the MunkiPythonNotarizeAndSignedPrivate.zsh script in the Git repo to get the files notarized
CMD="\"$MUNKIDIR/code/tools/Munki.Notarize.zsh\" -r \"$MUNKIDIR\" -o \"$OUTPUTDIR\" $ADDITIONALARGS"
eval $CMD
exit $?