Skip to content

shellcheck compliance #44

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
saitooo wants to merge 5 commits into
base: master
Choose a base branch
from
Open

shellcheck compliance #44

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
f6742e0
updated fvsetup.sh to comply with shellcheck
Oct 8, 2018
68a02e9
updated hide_mac_app.sh to comply with shellcheck
Oct 8, 2018
35ed6f7
changed install_agent.sh file mode from non executeable to executable…
Oct 8, 2018
989f162
changed install_agent_and_serviceaccount.sh file mode from non execut…
Oct 8, 2018
f204684
changed verify_serviceaccount.sh file mode from non executeable to ex…
Oct 8, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 15 additions & 15 deletions scripts/macos/fvsetup.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,29 +1,29 @@
#!/bin/bash
#!/usr/bin/env bash

# This script will enable filevault if not enabled, and add the users specified in fvusers.plist to filevault
# It is meant to be used by system admins and should be run as root
# This script will enable FileVault if not enabled, and add the users specified in fvusers.plist to FileVault.
# It is meant to be used by system admins and should be run with root permissions.
# fvusers.plist is a sample plist file. All passwords mentioned in the plist should be cleartext.
# For security purpose, make sure the plist file is deleted and users change their password post filevault configuration.
# For security purpose, make sure the plist file is deleted and users change their password post FileVault configuration.

set -e

STATUS_STR="FileVault is On."
ENABLED_MSG="Please reboot to complete the process"
USERADD_MSG="User added to filevault"
enabled=1
fvStatus=`fdesetup status`
fvStatus=$(fdesetup status)

if [[ $STATUS_STR != $fvStatus ]]; then
fdesetup enable -inputplist < fvusers.plist
enabled=0
if [[ "$STATUS_STR" != "$fvStatus" ]]; then
fdesetup enable -inputplist < fvusers.plist
enabled=0
else
fdesetup add -inputplist < fvusers.plist
fdesetup add -inputplist < fvusers.plist
fi
retcode=$?
echo "status: "$retcode
if [[ $retcode -eq 0 ]]; then
msg=$([ "$enabled" == 0 ] && echo "$ENABLED_MSG" || echo "$USERADD_MSG")
echo $msg
echo "status: $retcode"
if [[ "$retcode" -eq 0 ]]; then
msg=$([ "$enabled" == 0 ] && echo "$ENABLED_MSG" || echo "$USERADD_MSG")
echo "$msg"
else
echo "Error occurred"
fi
echo "Error occurred"
fi
6 changes: 3 additions & 3 deletions scripts/macos/hide_mac_app.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
#!/bin/bash
if [ $UID != 0 ]; then
(>&2 echo "Error: $0 must be run as root")
#!/usr/bin/env bash
if [[ "$UID" -ne 0 ]]; then
(>&2 echo "Error: $0 must be run with root permissions.")
exit 1
fi
defaults write /Library/LaunchAgents/com.jumpcloud.jcagent-tray Disabled -bool true
Expand Down
2 changes: 2 additions & 0 deletions scripts/macos/install_agent.sh
100644 → 100755
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
#!/usr/bin/env bash

# Replace YOUR_CONNECT_KEY with your actual key found on the new system aside in the admin console

curl -o /tmp/jumpcloud-agent.pkg "https://s3.amazonaws.com/jumpcloud-windows-agent/production/jumpcloud-agent.pkg"
Expand Down
39 changes: 19 additions & 20 deletions scripts/macos/install_agent_and_serviceaccount.sh
100644 → 100755
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,41 +1,40 @@
#!/usr/bin/env bash
#
# Populate the below variables before running the command
#

# Enter your connect key within the "" of YOUR_CONNECT_KEY="" with your orgs key found on the new system aside in the admin console
YOUR_CONNECT_KEY=""

# Enter the SECURETOKEN_ADMIN_USERNAME within the "" of SECURETOKEN_ADMIN_USERNAME=""
# Enter the SECURETOKEN_ADMIN_USERNAME within the "" of SECURETOKEN_ADMIN_USERNAME=""
SECURETOKEN_ADMIN_USERNAME=""

# Enter the SECURETOKEN_ADMIN_PASSWORD within the "" of SECURETOKEN_ADMIN_PASSWORD="" with the credentials of the admin with a secure token
# Enter the SECURETOKEN_ADMIN_PASSWORD within the "" of SECURETOKEN_ADMIN_PASSWORD="" with the credentials of the admin with a secure token
SECURETOKEN_ADMIN_PASSWORD=""

#--------------------Do not modify below this line--------------------

MacOSMinorVersion=$(sw_vers -productVersion | cut -d '.' -f 2)
MacOSPatchVersion=$(sw_vers -productVersion | cut -d '.' -f 3)

if [[ $MacOSMinorVersion -lt 13 ]]; then
echo "Error: Target system is not on macOS 10.13"
exit 2
if [[ "$MacOSMinorVersion" -lt 13 ]]; then
echo "Error: Target system is not on macOS 10.13"
exit 2
else

curl --silent --output /tmp/jumpcloud-agent.pkg "https://s3.amazonaws.com/jumpcloud-windows-agent/production/jumpcloud-agent.pkg" > /dev/null
mkdir -p /opt/jc
cat <<-EOF > /opt/jc/agentBootstrap.json
{
"publicKickstartUrl": "https://kickstart.jumpcloud.com:443",
"privateKickstartUrl": "https://private-kickstart.jumpcloud.com:443",
"connectKey": "$YOUR_CONNECT_KEY"
}
curl --silent --output /tmp/jumpcloud-agent.pkg "https://s3.amazonaws.com/jumpcloud-windows-agent/production/jumpcloud-agent.pkg" > /dev/null
mkdir -p /opt/jc
cat <<-EOF > /opt/jc/agentBootstrap.json
{
"publicKickstartUrl": "https://kickstart.jumpcloud.com:443",
"privateKickstartUrl": "https://private-kickstart.jumpcloud.com:443",
"connectKey": "$YOUR_CONNECT_KEY"
}
EOF


cat <<-EOF > /var/run/JumpCloud-SecureToken-Creds.txt
$SECURETOKEN_ADMIN_USERNAME;$SECURETOKEN_ADMIN_PASSWORD
cat <<-EOF > /var/run/JumpCloud-SecureToken-Creds.txt
$SECURETOKEN_ADMIN_USERNAME;$SECURETOKEN_ADMIN_PASSWORD
EOF

installer -pkg /tmp/jumpcloud-agent.pkg -target / &
installer -pkg /tmp/jumpcloud-agent.pkg -target / &
fi
exit 0

exit 0
36 changes: 19 additions & 17 deletions scripts/macos/verify_serviceaccount.sh
100644 → 100755
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,34 +1,36 @@
#!/usr/bin/env bash

MacOSMinorVersion=$(sw_vers -productVersion | cut -d '.' -f 2)
MacOSPatchVersion=$(sw_vers -productVersion | cut -d '.' -f 3)

if [[ $MacOSMinorVersion -lt 13 ]]; then
echo "Error: Target system is not on macOS 10.13"
exit 2
fi
# if [[ "$MacOSMinorVersion" -lt 13 ]]; then
# echo "Error: Target system is not on macOS 10.13"
# exit 2
# fi

JCSA_Username="_jumpcloudserviceaccount"
JCSA_FullName="JumpCloud Service Account"

sysadmin_name="sysadminctl"
if [[ $MacOSMinorVersion -eq 13 ]]; then
if [[ $MacOSPatchVersion -lt 4 ]]; then
sysadmin_name="/opt/jc/bin/sysadminkludge"
fi
if [[ "$MacOSMinorVersion" -eq 13 ]]; then
if [[ "$MacOSPatchVersion" -lt 4 ]]; then
sysadmin_name="/opt/jc/bin/sysadminkludge"
fi
fi

result=$($sysadmin_name -secureTokenStatus $JCSA_Username 2>&1 )
unknown_user=$(echo $result | grep "Unknown user $JCSA_Username")
enabled=$(echo $result | grep "Secure token is ENABLED for user $JCSA_FullName")
unknown_user=$(echo "$result" | grep "Unknown user $JCSA_Username")
enabled=$(echo "$result" | grep "Secure token is ENABLED for user $JCSA_FullName")

if [[ ! -z $unknown_user ]]; then
echo "Error: JumpCloud Service Account not installed"
exit 2
if [[ ! -z "$unknown_user" ]]; then
echo "Error: JumpCloud Service Account not installed."
exit 2
fi

if [[ -z $enabled ]]; then
echo "Error: JumpCloud Service Account does not have a secure token"
exit 3
if [[ -z "$enabled" ]]; then
echo "Error: JumpCloud Service Account does not have a secure token."
exit 3
fi

echo "Success: JumpCloud Service Account has been properly created"
echo "Success: JumpCloud Service Account has been properly created."
exit 0