I’m trying to unzip an installer/configuration files on Macs that are on our network and run the installer.
The following is what I’m running from Bigfix:
extract SophosInstallzip.tmp
if {not exists folder "/Applications"}
wait mkdir -p "/Applications"
endif
if {not active of action OR exists file whose (name of it ends with ".tmp") of folder "__Download" of client folder of current site}
delete "{pathname of file whose (name of it ends with ".tmp") of folder "__Download" of client folder of current site}"
wait /bin/sh -c "find {concatenation "\ " of substrings separated by " " of pathname of client folder of current site}/__Download/* -exec cp -Rfp {"%7b%7d"} {concatenation "\ " of substrings separated by " " of "/Applications"} \;"
endif
wait /bin/sh -c sudo unzip /Applications/SophosInstall.zip -d /Applications
wait /bin/sh -c sudo /Applications/Sophos\ Installer.app/Contents/MacOS/Sophos\ Installer --install
It will put the .zip in the correct location (/Applications), but does not unzip it.
However if I use the same command on the local Mac via terminal it will work.
I remembered that there was a change in root access for 10.11 and up, System Integrity Protection (https://support.apple.com/en-us/HT204899), however “/Applications” is a path that third-party apps and installers can continue to write to according to their article (link above).
Anyone know how to get around this without disabling SIP? That is not an option as far as I’m concerned.
I’m wondering if even “/Applications” is being protected by SIP now, or if there’s just another way to unzip with Bigfix as the middleman.
This is technically closer to what is being done when you enter commands in Terminal on the Mac.
On the mac, bash and sh should be identical, but that is not the case on other platforms, which surprised me, so I tend to be explicit about calling bash these days.
I had already tried running without the “sudo” in front and I had just tried it to see if it made any difference.
I went ahead and changed the wait command to what you said above and it still didn’t unzip the contents of the .zip
What’s failing is that bigfix isn’t actually unzipping the .zip
The Fixlet will complete successfully, but the installer and configuration files aren’t unzipped after it runs.
Okay, I missed the quotes you had around the wait command. I went ahead and added those in and this time it unzipped the contents of the .zip, however it didn’t run the installer.
I created a package with the installer and configuration files needed to run along side it as the payload. I then created a fixlet in Bigfix that deploys said package that then unloads the payload in /Applications.
This part works perfectly.
So now I have the installer app and files needed on the device, however I am having trouble getting the installation to run.
The following command is what works when used from the devices terminal:
I’m guessing it’s a permissions issue or something that’s causing it not to work. If run on the local computer from terminal it works. Any ideas or insight on uninstalling bigfix from a mac client?