Mac OSX 10.12 Sierra Unzip installer/config files

WretchedKat · March 28, 2018, 5:07pm

Hey all,

I’m trying to unzip an installer/configuration files on Macs that are on our network and run the installer.
The following is what I’m running from Bigfix:

extract SophosInstallzip.tmp

if {not exists folder "/Applications"}
wait mkdir -p "/Applications"
endif

if {not active of action OR exists file whose (name of it ends with ".tmp") of folder "__Download" of client folder of current site}
delete "{pathname of file whose (name of it ends with ".tmp") of folder "__Download" of client folder of current site}"
wait  /bin/sh -c "find {concatenation "\ " of substrings separated by " " of pathname of client folder of current site}/__Download/* -exec cp -Rfp {"%7b%7d"} {concatenation "\ " of substrings separated by " " of "/Applications"} \;"
endif

wait /bin/sh -c sudo unzip /Applications/SophosInstall.zip -d /Applications
wait /bin/sh -c sudo /Applications/Sophos\ Installer.app/Contents/MacOS/Sophos\ Installer --install

It will put the .zip in the correct location (/Applications), but does not unzip it.
However if I use the same command on the local Mac via terminal it will work.

I remembered that there was a change in root access for 10.11 and up, System Integrity Protection (https://support.apple.com/en-us/HT204899), however “/Applications” is a path that third-party apps and installers can continue to write to according to their article (link above).

Anyone know how to get around this without disabling SIP? That is not an option as far as I’m concerned.
I’m wondering if even “/Applications” is being protected by SIP now, or if there’s just another way to unzip with Bigfix as the middleman.

Any help is appreciated, thanks.

AlanM · March 28, 2018, 6:50pm

You don’t need to use sudo first as you are already root in the action context.

You haven’t indicated what is failing here though, can you provide a client log so people can help?

jgstew · March 28, 2018, 7:00pm

I’m am almost certain disabling SIP wouldn’t help.

what is this about?

That seems odd. This just copies everything in __Downloads to /Applications ?

I would generally use /tmp instead for staging things.

You also don’t seem to be deleting the .zip at the end from applications.

try this instead: (bigfix should already be running as root)

wait bash -c "unzip /Applications/SophosInstall.zip -d /Applications"

This is technically closer to what is being done when you enter commands in Terminal on the Mac.

On the mac, bash and sh should be identical, but that is not the case on other platforms, which surprised me, so I tend to be explicit about calling bash these days.

WretchedKat · March 28, 2018, 7:22pm

I had already tried running without the “sudo” in front and I had just tried it to see if it made any difference.
I went ahead and changed the wait command to what you said above and it still didn’t unzip the contents of the .zip

WretchedKat · March 28, 2018, 7:28pm

What’s failing is that bigfix isn’t actually unzipping the .zip
The Fixlet will complete successfully, but the installer and configuration files aren’t unzipped after it runs.

Where can I get the client log?

WretchedKat · March 28, 2018, 7:30pm

As far as the portion you mentioned that seems odd. That’s what the Bigfix Mac Software Deployment Wizard auto filled into the fixlet.

WretchedKat · March 28, 2018, 7:47pm

Okay, I missed the quotes you had around the wait command. I went ahead and added those in and this time it unzipped the contents of the .zip, however it didn’t run the installer.

WretchedKat · March 28, 2018, 8:21pm

Okay, another update here.

I created a package with the installer and configuration files needed to run along side it as the payload. I then created a fixlet in Bigfix that deploys said package that then unloads the payload in /Applications.
This part works perfectly.

So now I have the installer app and files needed on the device, however I am having trouble getting the installation to run.

The following command is what works when used from the devices terminal:

sudo "/Applications/Sophos Installer.app/Contents/MacOS/Sophos Installer" --install

The command I’m using from Bigfix is:

wait bash -c "/Applications/Sophos Installer.app/Contents/MacOS/Sophos Installer" --install

This doesn’t run the installer though, any ideas @jgstew @AlanM?

Thanks for the help, it is much appreciated ^^

jgstew · March 28, 2018, 9:05pm

Everything needs to be in the quotes:

wait bash -c "/Applications/Sophos\ Installer.app/Contents/MacOS/Sophos\ Installer --install"

Think of it like this:

wait bash -c "_Everything_You_Put_In_Terminal_"

The only issue is that you would need to escape any quotes ( " )

WretchedKat · March 30, 2018, 7:12pm

Got it, thanks jgstew!

jgstew · April 13, 2018, 8:58pm

I was just messing this up yesterday and wasn’t sure why it wasn’t working. Eventually I remembered this.

WretchedKat · April 16, 2018, 12:41pm

Haha! That command has been very helpful to be able to just drop something into the terminal!

I was actually running into an issue last week myself, I was trying to uninstall bigfix on a mac using the following command:

wait bash -c "/Library/BESAgent/BESAgent.app/Contents/MacOS/BESAgentUninstaller.sh"

I’m guessing it’s a permissions issue or something that’s causing it not to work. If run on the local computer from terminal it works. Any ideas or insight on uninstalling bigfix from a mac client?