Introducing Installomator

As a System Engineer at an Enterprise Reseller, I have to manage and create many Jamf Pro instances.

Some of them are tightly managed and require version control on the OS and the apps. But, many of them are managed less stringently and often the requirement for applications is “install the latest version.”

This is not a statement which management strategy is ‘better.’ There are pros and cons for each. There are situations where either is really not appropriate. You will likely have to use a mixed approach for different pieces of software. When you are doing the first, more controlled deployment strategy, you really want to use AutoPkg and not this script. You can stop reading here.

Apple’s vision of deployment with ‘Automated App Installation’ through MDM (formerly known as VPP) is similar to the ‘less controlled’ strategy. When you install Mac App Store through MDM commands, then you will get the latest version available.

Not all applications are available on the Mac App Store. And even when they are available, installing applications with VPP is still unreliable and hard to debug, or retry when it fails.

If you are managing with the “just install the latest version” philosophy, then you probably have one or more scripts that will download and install the latest version of some software from the vendor’s website. This avoids the overhead work of having to download, repackage and manage every new update in the management system. (This can be automated with AutoPkg, but if you can avoid it entirely…)

When I started thinking about this, we had at least four different scripts. Most of them were internal, but William Smith’s installer script for Microsoft applications was a huge inspiration. it made me thing that you could generalize much of this.

Security Considerations

The main danger when downloading application archives and installers directly from the vendor is that a malicious actor might intercept the traffic or even hijack the servers and replace the download with a manipulated software that contains and or installs malware. Since management processes run with root privileges, we have to extra careful which files and processes are installed.

For user driven installation, Apple introduced GateKeeper, signed applications and Notarization as a way to verify downloaded software before execution. When you download software with a script, then you are bypassing GateKeeper. This is usually considered a benefit, because in a managed deployment we don’t want to scare and annoy a user with the warning dialogs.

But we can use the GateKeeper verification process in our script to verify that the archive, application, or installer is signed and notarized. With the spctl command, we can run the verification from the script without the user interaction.

We can even go one step further than GateKeeper. GateKeeper is happy when a software is signed and notarized with any Apple Developer ID. Since this script is working with a curated list of software, we can verify that the application is actually signed with the expected vendor’s Developer ID.

This will catch situations where someone creates or steals a Developer ID to sign and notarize a manipulated application. Apple can and will eventually block that Developer ID, but there will be a window where the manipulated application may be downloaded and installed. This is not theoretical, but has happened already. (more than once)

Installomator

With these ideas in mind, I started working on a script to unify all these installer scripts. (‘The one to rule them all.’) I may have gone a little overboard, but it turned into Installomator.

You can run Installomator from the command line or from your management system.

> ./Installomator.sh desktoppr

The script requires a single argument. The argument is a label that chooses which application to download and install. (As of now, Installomator can handle 56 applications, you can see a list of applications in the repository.

Please read the readme in the GitHub repository for more details.

Jamf or not

I have tried to keep Installomator generic enough that it can be used with platforms other than Jamf Pro.

However, we will use it with Jamf Pro, and thus I took the opportunity to add some workflows that Jamf is missing.

Drag’n Drop installations

“Drag this app to the Applications folder” is a common instruction found on downloaded dmg or zip archives for the Mac. The fact that Jamf Pro has always required repackaging and cannot directly handle application dmgs or zips is mystifying. Also, highly ironic, since Jamf delivers their own management applications in a disk image.

Nevertheless, Installomator can deal with apps that are downloaded in zip, tbz, and dmg archives.

Blocking Processes

Jamf will also happily attempt to install over a running application. So, Installomator will check for blocking processes and either stop the installation at that time or prompt the user and give them a chance to quit the application. (Yes, this is inspired by the behavior of Munki.)

Vendor update processes

Since Installomator will download and install the latest version of the application from the vendor website, it can be used for updates as well as first installations.

If an application has a built-in update process that can be triggered by the script, This can be used instead for updates. So, for Microsoft applications, when the script detects that the app is already installed, it will run msupdate instead of downloading a full installer. This way the update process will use Microsoft’s optimized thin updates. (Credit to Isaac Ordonez, Mann consulting for the idea and first implementation.)

So far, this is only implemented for Microsoft applications and Google Chrome. (and quite experimental)

Extensible

So far, the script can install 56 different applications or application suites. More application descriptions can be added fairly easily, by adding the proper variables. You can find more detailed explanations in the ReadMe, and of course, the existing applications serve as examples.

Not all applications are suitable to be installed with Installomator. To be able to install an application, the download URL must be accessible without requiring a login, and there must be some, fairly simple process to determine the URL for the latest version.

Installomator will only install the application itself, it will not configure any settings. You will have to use profiles, or additional scripts and installers for that.

When you add an application for your own workflow, please contribute as an issue or pull request! Thank you!

Installomator and AutoPkg

Obviously, much of Installomator’s workflow has been heavily inspired by AutoPkg. I have been using AutoPkg for a long time and provide a repository of recipes. And I plan to continue to use AutoPkg.

As mentioned before, Installomator is not suitable for every type of deployment. If you require control over the versions of the software deployed, then you need to download, re-package and manage the packages in your management system. This is obviously what AutoPkg was designed for.

Also, not every software can be installed with Installomator, mostly because the installer is not available as a direct download. In these cases, AutoPkg will be useful to automate the management and deployment, even when you management style is less controlling.

Going Forward

We have been using Installomator for the past few weeks in our own deployment and with one customer. We are now at a point, where we believe it is stable enough to share it and get feedback from other MacAdmins. (I have already shared it with a few, and many thanks to those that have given valuable feedback.)

We have been using this script with two smaller deployments and want to roll it out to more of our customers. But we probably haven’t hit all the weird edge cases yet. So, proceed with caution.

Consider this a beta release.

(Sidenote: I have tested the script with 10.14.6 and 10.15.x. Because it uses the notarization verification which is available in 10.14.4 and higher it will probably not run well on older macOS versions. Might be possible to adapt it though.)

If you are as excited about the script as we are, please start testing in your environment and provide feedback. But please, as with anything MacAdmin, don’t just go and push the script to hundreds or thousands of devices, but test, test, test first.

Then please provide any enhancements back on the GitHub repository. I have also created an #installomator channel on the MacAdmin Slack for discussion and questions.

Weekly News Summary for Admins — 2020-05-08

This week we learned that JNUC is also going virtual (20 Sep–1 Oct), as well as the dates for the virtual WWDC (starts 22 June). The good thing about having virtual conferences is that we all can go!

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

Headlines

On Scripting OS X

My five-minute presentation from the Texas Apple Admin Virtual Meeting this week. Thanks again for having me!

News and Opinion

macOS Catalina 10.15 and iOS 13 Updates

Coronavirus and Remote Work

MacAdmins on Twitter

Bugs and Security

Support and HowTos

Scripting and Automation

Apple Support

Updates and Releases

To Listen

Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Weekly News Summary for Admins — 2020-05-01

In this time where days and dates seem to lose all meaning and context: we made it to May…

New beta releases for macOS 10.15.5 and iOS 13.5 (changed from the initial and weird 13.4.5). Oh, and Microsoft is re-branding Office 365 as Microsoft 365.

The Houston Apple Admins group are hosting a virtual meetup next week, 5 May 2020 from 12–1p.m Central time (19:00–20:00 Central European time). I’ve been told everyone is welcome. I have the honor of being among their list of speakers for short 5–10 minute ‘lightning presentations.’ (It’s like speed dating, but with MacAdmin topics.) See you virtually there!

Stay Safe, everyone!

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

News and Opinion

macOS Catalina 10.15 and iOS 13 Updates

  • Mr. Macintosh:Article Update! Apple has removed the “Restore from Snapshot” Feature from the macOS Catalina New Features Page. Having the ability to restore from a snapshot taken just before a macOS update was very useful. I hope this feature returns soon.”

Coronavirus and Remote Work

MacAdmins on Twitter

Bugs and Security

Support and HowTos

Scripting and Automation

Apple Support

Updates and Releases

To Listen

Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Weekly News Summary for Admins — 2020-04-24

One of those “in between” weeks, where nothing particular happens, but enough to fill a newsletter. As usual, many thanks to everyone who shares their knowledge in a post.

Stay safe!

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

News and Opinion

macOS Catalina 10.15 and iOS 13 Updates

Coronavirus and Remote Work

MacAdmins on Twitter

  • Adam Codega: “You can place custom Teams video call backgrounds in ~/Library/Application \Support/Microsoft/Teams/Backgrounds/Uploads I imagine an upload GUI button will be coming soon. If you place it manually, Teams displays a broken thumbnail icon because of .DS_Store in the folder.”
  • Erik Gomez: “How I explained my job today: Imagine managing 80,000 servers, each one a unique node with a very opinionated System Administrator who indirectly and directly tries to break everything you do.”
  • Tim Perfitt: “The new T2 Macs had a bit of twist for Winclone. If you are migrating a Boot Camp partition from a non-T2 mac to a T2 Mac, the restored Boot Camp partition doesn’t have the Apple SSD driver need to boot and it blue screens.”
  • Carl Ashley: “Python versions 2.7.18, 3.7.7, and 3.8.2 from python.org are now codesigned bugs.python.org/msg366846

Bugs and Security

Support and HowTos

Scripting and Automation

Apple Support

Updates and Releases

To Listen

Support this News Summary

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Use Swift Package Manager and Swift’s ArgumentParser to build a Command Line Tool

Update 2023-08-28: There is a newer post with more, updated information on this topic.

Apple recently published the Swift Package ArgumentParser. As the name implies, this provides a library of commands to parse arguments in a command line tool.

For MacAdmins, Swift can be a useful choice to build tools, especially now that built-in Python is going away in some ‘future macOS.’ While you can (and should) ‘bring your own Python’ for MacAdmin tools, using Swift is interesting alternative.

I have talked about this in detail in my 2018 MacSysAdmin presentation “Swift for Apple Admins” and towards the end of my 2019 MacSysAdmin presentation “Moving to zsh.”

A powerful and ‘official’ library to parse arguments has been a glaring hole when writing Swift command line tools. Now, ArgumentParser can fill this gap. But, to use the ArgumentParser package, you need to use Swift Package Manager (SPM). Previously you could only use SPM from the command line. With Xcode 11 there is some support for Swift Package Manager in the UI. Either way, it is still an extra hurdle for a MacAdmin before they can build their tool.

In this post I will show how to build a simple command line tool using Swift Package Manager and the ArgumentParser package. And we will do it entirely from the command line, but also be able to use Xcode.

Preparation

You will need Xcode 11 or higher, preferably the latest version that works on your version of macOS. You can get Xcode from the Mac App Store or from the Apple Developer Portal.

Once you have downloaded Xcode, launch it to accept the license agreement and finish the additional installations, then we are ready to go.

What will we build?

I will build a simple command line to read user preferences. In macOS the value of a setting can come from a number of different ‘domains.’ A preference can be set by the user, for the computer, or from an MDM server with a configuration profile.

The built-in defaults command will read preferences, but only from the user level, or from a specified file path. This ignores one of the main features of macOS’ preferences system. The defaults tool will not realize or show if a value is being managed by a higher level, such as a configuration profile.

This is the simplified introduction into macOS Preferences and domains. You can learn all about preferences and profiles in my book “Property Lists, Preferences and Profiles for Apple Administrators.”

We will build a simple command line tool which can show the consolidated value of a setting, no matter where the value comes from.

I have built such a tool using python and eventually I will want to re-build that with Swift. But for our demo, we will just have a very simple subset of the functionality, so we will call our simple Swift tool just prf.

Create a Project with Swift Package Manager

Open Terminal. Change Directory for the place where you store your code projects. (For me that is ~/Projects.) Then create a new empty directory for the project and change into it.

> mkdir swift-prf
> cd swift-prf

Then we run the swift command to set us up with an template SPM project.

> swift package init --type executable --name prf

The set the type as executable because we want to build a command line tool. We also set the name to just prf. When you don’t give a name, it will use the name of the enclosing directory.

This will create a bunch of files. Our main code is in Sources/prf/main.swift. Right now, that is a single line print("Hello, world!').

You can build and run the project from Terminal with swift run:

> swift run
[3/3] Linking prf
Hello, world!

Adding the ArgumentParser Package

Before we can write our own code, we need to add the ArgumentParser package to the project. The configuration for this is in the Package.swift file in the root of the project. Open that file with your favored text editor.

In the dependencies array that starts in line 8, add a line for the swift-argument-parser package like this:

    dependencies: [
        // Dependencies declare other packages that this package depends on.
        // .package(url: /* package url */, from: "1.0.0"),
        .package(url: "https://github.com/apple/swift-argument-parser", from: "0.0.5"),
    ],

Version 0.0.5 is the latest version as I write this post.

Then further down in the code there is .target named "prf" which contains another dependencies array. Add the ArgumentParser package there as well:

        .target(
            name: "prf",
            dependencies: [.product(name: "ArgumentParser", package: "swift-argument-parser")]),

Leave the rest of the Package.swift file as it is.

You can now run the tool again. You will see that swift will download and compile the package:

> swift run  
Fetching https://github.com/apple/swift-argument-parser
Cloning https://github.com/apple/swift-argument-parser
Resolving https://github.com/apple/swift-argument-parser at 0.0.5
[32/32] Linking prf
Hello, world!

We will still get the same output, because we haven’t changed the code of our tool yet. But now we can use the ArgumentParser package.

The Code for the Tool

Open Sources/prf/main.swift in you favorite text editor, delete the single print line and add the following:

// prf

// a simple tool to read preferences

import Foundation
import ArgumentParser

struct ReadPreference: ParsableCommand {
  
  @Argument()
  var domain: String
  
  @Argument()
  var key: String
  
  func run() throws {
    let plist = CFPreferencesCopyAppValue(key as CFString, domain as CFString)
    print(plist?.description ?? "<no value>")
  }
}

ReadPreference.main()

Then try to run it again:

> swift run  
[3/3] Linking prf
Error: Missing expected argument '<domain>'
Usage: read-preference <domain> <key>

At first glance this looks like an error, but when you look at it closely, you see that the tool is complaining that expected arguments are missing. Right now, the prf tool expects two positional arguments, the preference domain and the key. You can pass arguments into swift run but when you do, you need to provide the tool name as well;

> swift run prf com.apple.loginwindow lastUserName        
armin

Now, you might want to confirm this and read the same preference with defaults read com.apple.loginwindow and you will not find the lastUserName key and value there. This is because this value is not stored on the user level, but on the computer level, when you run defaults read /Library/Preferences/com.apple.loginwindow you see the value. So we see, that our simple prf tool properly finds and displays the consolidated value!

What the Code does

When we look at the code we see that the main work happens in the run() function of a ReadPreference struct that inherits most of its behavior from ParsableCommand struct from the ArgumentParser library.

In that function we use the CFPreferencesCopyAppValue function which gets a consolidated preference value for a key and identifier pair.

The two properties of this struct are labelled with Swift Property Wrappers: @Argument() this tells the ArgumentParser code that these are expected positional arguments that will be filled into these properties.

Everything else happens automatically.

Because we have two properties with the @Argument() wrapper, the command line tool will expect two arguments, otherwise it will return an error. This is what we saw earlier.

Get Xcode in the Mix

All we’ve needed so far is the swift command in Terminal and a text editor. Conceivably, this may be enough for building a decently complex tool. But, if you prefer to edit in Xcode, you can still do that. You can create an Xcode project file with:

> swift package generate-xcodeproj
generated: ./prf.xcodeproj

And then you can open that and edit, build, and run your tool in Xcode.

In Xcode you can provide arguments to the tool in the Scheme Editor. However, it is quite cumbersome to keep changing those for iterative testing. That’s when falling back to to swift run prf in the command line is very useful.

When you change the configuration in the Packages.swift files to remove or add more dependencies, you should re-generate the Xcode project file with swift package generate-xcodeproj.

Where to go from here

As you can tell from the version number, ArgumentParser is still very ‘young’ and it doesn’t have quite as deep a feature set as Python’s argparse. But there is, even now, much, much more to the ArgumentParser library than we are using in this simple example. There are verbs, options with long and short flags, and help messages and many other things. You can find the details in the package’s documentation.

There is also much more to Swift Package Manager and how to use it. You can learn more about SPM in its documentation.

Nevertheless, this should give you enough to get you started.

I am looking forward to the tools you build!

Weekly News Summary for Admins — 2020-04-17

New iPhone SE release! It looks like a nice upgrade to the iPhone 8 physical design. If you were hoping that ‘SE’ would continue to mean ‘small,’ then you will be disappointed. As John Gruber notes, this is the first time an iPhone model carries the exact same name as a previous model. To distinguish them, I’d suggest calling the new model “iPhone SE/20.”

We also got a new series of beta system releases from Apple.

Please read Babo D’s excellent summary of some of the changes to the softwareupdate management in macOS. This will affect every MacAdmin.

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

📈Headlines

📰News and Opinion

⚙️macOS Catalina 10.15 and iOS 13 Updates

🦠Coronavirus and Remote Work

🐦MacAdmins on Twitter

  • William Smith: “MacAdmins, Only six more updates coming for Office 2016 for Mac and then no more! It end-of-lifes in October 2020 with no plans for further support. Put together your plan now to move to Office 2019 ASAP. macadmins.software/calendar/

🐞Bugs and Security

🔨Support and HowTos

🤖Scripting and Automation

🍏Apple Support

♻️Updates and Releases

📺To Watch

🎧To Listen

🎈Just for Fun

📚 Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Random Desktop Background Color with desktoppr

File this one under: probably useless, but fun.

I recently updated desktoppr with the feature to control the scaling of a custom desktop picture. Because a scaled desktop picture might not cover the entire screen, macOS also allows you to choose a custom color to fill the remaining area. desktoppr v0.3 can be used to control both of these settings.

So, I thought I could use this to just set a random single color as the desktop background, similar to how I did it for Terminal windows.

macOS does not allow you to set no desktop picture. So I created a PNG file that is only a transparent background. This image is basically an invisible desktop picture and all you see on screen is the fill color. Then, you can set any fill color with desktoppr color.

I have added a randombackgroundcolor script to the examples in the desktoppr repository on GitHub.

It’s a bit silly, but also kind of fun. Enjoy!

Weekly News Summary for Admins — 2020-04-10

It wouldn’t be Apple Update week without a supplemental update a week later… We got i[Pad]OS 13.4.1 and a macOS 10.15.4 Supplemental update this week. Time to re-download your installers!

Also in other news, several MacAdmin conferences are reacting to the Coronavirus pandemic. We have cancellations, but also also new approaches to virtual conferences, which is exciting as it opens to audience to a much larger audience.

Stay safe!

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

macOS Catalina 10.15 and iOS 13 Updates

Conference Updates

Coronavirus and Remote Work

MacAdmins on Twitter

  • Nathan McNulty: “Re: NYC blocking Zoom” (Thread)
  • Mike Lynn: “There’s a lot of stuff in that Platform Security guide. I just learned today we have the 802.11w and WPA3 hardware requirements in there, for instance.”
  • Tim Perfitt: “starting a new project tomorrow codenamed SCONE. smart card over network environment. insert a smart card into a reader on one mac and use it to authenticate or sign things on any mac on the network.” (short thread)
  • Dana Keeler: “Firefox 75 released yesterday, and with it, you can use client auth certificates from your OS certificate store! Set ”security.osclientcerts.autoload“ to true in about:config to try it out! Windows and macOS (Mojave and later)”
  • Cabel: “Did you know you can share any iCloud Drive file publicly? And if you share an iCloud Drive file with someone else using iCloud Drive, when they hit save, you get their changes automatically? No, you don’t know any of this, because the menu item to do this is ‘Add People’”

Bugs and Security

Support and HowTos

Scripting and Automation

Apple Support

To Listen

Just for Fun

Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Advanced Quoting in Shell Scripts

Quoting strings and variable substitutions is a bit of a dark art in shell scripts. It looks simple and straightforward enough, but there are lots of small devils in the details, that can come out and haunt you.

Basics: why we quote strings

In shell scripts (sh, bash, and zsh) you use the equals character = to assign a string value to a variable:

> name=John
> dirpath=/Library

As long as there are no special characters in the literal string, there is no need to quote the string.

When you use the variable, you prefix a $ symbol:

> echo $name
John
> cd $dirpath
> pwd
/Library

When the literal string contains special characters, you need to either escape the special characters with the backslash \ or quote the entire string with either single quotes ' or double quotes ". Space is proverbial ‘killer character’, especially for file paths. (More details in this post.)

name='John Doe'
dirpath="/Library/Application Support"

The difference between single quotes and double quotes is important. Single quotes escape every special character except the single quote itself. A single quoted string of '#$"\!' will represent exactly those characters.

Double quotes escape most characters, except the double quote " the backtick `, the dollar sign $, the backslash \, and the exclamation mark !. (There are slight differences between the shells on this.)

This allows us to use old-style command substitution with backticks and variable substitution (dollar sign) within double quoted strings:

> echo "Hello, $name"
Hello, John Doe
> echo "The Computer Name is `scutil --get ComputerName`"

Though you should be using the $(…) syntax for command substitution instead of backticks `. The parenthesis syntax is more readable and can be nested.

In general, it is a good rule to always quote literal strings. Whether you should use double quotes or single quotes depends on the use case.

Combining literal strings with special characters

Things can start getting complicated when you want special characters with their special functionality. For example, when you want to refer to the path ~/Library/Application Support, you should put it in quotes, because of the space. But when you put the ~ in the quotes, it will not be substituted to the user’s home directory path.

There are a few ways to solve this problem. You could escape the space with a backslash. You could use the $HOME variable instead (but be sure you are in a context where this is set). But the easiest is to move the special character out of the quotes:

dirpath=~"/Library/Application Support"

Quotes in quotes

Sometimes it is necessary to have a set of quotes within quotes. A common situation for MacAdmins is the following osascript:

osascript -e 'display dialog "Hello, World"'

The osascript command can be used to run Apple commands or scripts. Since AppleScript uses double quotes for literal strings, the entire AppleScript command is passed in single quotes. This keep the command string together and the double quotes in single quotes don’t confuse the shell.

This works fine, until you want to do something like this:

computerName=$(scutil --get ComputerName)
newName=$(osascript -e 'text returned of (display dialog "Enter Computer Name" default answer "$computerName")')

Again, we put the AppleScript command in single quotes, so we can use double quotes inside. But now, the single quotes are also blocking the variable substitution and we get the literal $computerName in the dialog.

There are a few solutions out of this, I will demonstrate three:

First, you could close the single quotes before the variable substitution and re-open them after:

osascript -e 'text returned of (display dialog "Enter Computer Name" default answer "'$computerName'")'

This will in this form as long as $computerName contains no spaces. This is unlikely as the default computer name is something like Armin's MacBook Pro. The shell will consider that space a separator before a new argument, breaking the AppleScript command into meaningless pieces and failing the osascript command. We can avoid that by putting the substitution itself in double quotes:

osascript -e 'text returned of (display dialog "Enter Computer Name" default answer "'"$computerName"'")'

This works and is entirely legal syntax, but not very legible.

Escaping the escape characters

Another solution is to use double quotes for the entire AppleScript command, we can use variable substitution inside. But then we have to deal with the double quotes required for the AppleScript string literal. The good news here is that we can escape those with the backslash:

osascript -e "text returned of (display dialog \"Enter Computer Name\" default answer \"$computerName\")"

This doesn’t win prizes for legibility either, but I consider it an improvement over the previous approach.

Here Docs

The above approaches with work in sh, bash, and zsh. But bash and zsh have another tool available that can work here. The ‘here doc’ syntax can be used to include an entire block of AppleScript code in a bash or zsh script:

#!/bin/bash

computerName=$(scutil --get ComputerName)

newName=$(osascript <<EndOfScript
    text returned of (display dialog "Enter Computer Name" default answer "$computerName")
EndOfScript
)

echo "New name: $newName"

The syntax is a bit weird. The <<EndOfScript says: take all the text until the next appearance of EndOfScript and pipe it into the preceding command, in this case osascript.

The ‘marker’ EndOfScript is entirely arbitrary. Many people choose EOF but I prefer something a little more descriptive. Whatever label you choose the ending marker has to stand alone in its line. This is why the parenthesis ) which closes the command substition $( has to stand alone in the next line.

You can still use variable substitution in a here doc, so the variable $computerName will be substituted before the here doc is piped into osascript.

Weekly News Summary for Admins — 2020-04-03

In this time where days just blur into each other: we made it to April, everyone!

The video conferencing software Zoom is enjoying new popularity, but also (deservedly) new scrutiny. MacAdmins have been complaining about their absolutely insane installer package for years. Now, the security people are on it.

I repeat my offer: I will donate a code for my book “Packaging for Apple Administrators” to any engineer at Zoom who is working on improving the installer. (The book has helped engineers at other companies.)

Stay Safe!

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

News and Opinion

MacAdmins on Twitter

  • Bruvik: “Turns out – it is impossible to enter the | symbol on a virtualbox machine on a mac if you have both the guest and host keyboard layout set to norwegian”
  • Tim Perfitt: “triple boot successful both with boot files on efi partition and on the volume. next up, quad boot with 2 versions of windows.” (read the thread!)
  • Rich Trouton: “Need to quickly check to see if your web server’s system clock has drifted? Here’s a one-liner to check using curl to see if a web server’s system clock has the correct time by comparing it against Google’s”
  • Tim Perfitt: “Boot Camp on ARM-based Macs? Possible.”
  • Rosyna Keller: “This is a tweetstorm discussing the new features of altool 4.01 (included with Xcode 11.4), changes to the notarization documentation, and a change to notary service requirements, with the far majority coming directly from user requests We’ll start with altool 4.01.” (Thread)
  • BBEdit: “ICYMI from yesterday’s 13.1 beta change notes, there’s a little taste of home for TextWrangler customers who are making the switch.” (Image)
  • Tom Bridge: “Every. Single. Day. I have to explain how the Screen Recording, Mic and Camera permissions work. Every day. Sometimes a dozen times a day. This sucks.”

Zoom Security and Installer

Note: several MacAdmins have known and complained about this for a long time.

Coronavirus and Remote Work

Bugs and Security

Support and HowTos

Scripting and Automation

Apple Support

Updates and Releases

To Listen

Just for Fun

Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!