Create a Munki installs array for multiple files at once

Munki uses several different methods to decide what needs to be installed on a Mac. When deploying applications or files, an “installs” array is, in my opinion, the best way to make sure they remain installed and unaltered.

Munki automatically creates an installs array when you import an application or a DMG containing an application. But when you import a package, by default the receipts are used to determine installation status.

This means to have Munki check for the existence of items deployed by a package and not rely on the receipts, an installs array must be manually constructed.

Creating an installs array for multiple files can be tedious, so I wrote a script to simplify the process. Read on the for the details.

Inspiration

I got the idea for this script when building a package to deploy a large number of branding assets to our fleet.

We depend on these assets to be in a specific place and unmodified for use in dialogs and notices. Since a user could modify or delete these files, having Munki use the package receipt to make sure they remain installed is not an option.

As I built the installs array for a dozen items by hand I thought there had to be a better way.

makepkginfo

Munki’s makepkginfo tool can be used with the -f option to manually create an installs array for an individual file or application.

This is easy enough when working with one or two items, but can take a significant amount of time when working with numerous files.

It also requires extracting just the installs section from the output the tool generates.

Simplifying the process

My script CreateInstallsArray.sh is intended to take a single directory as input and create a unified installs array containing every file found inside.

The path to a single file or an application bundle can also be supplied and the script will generate the appropriate output.

For files this will include the md5checksum as the evaluation method.

Output

The extraneous output from makepkginfo is removed automatically leaving only what is needed for insertion into the Munki PkgInfo file.

.DS_Store files are ignored automatically, but make sure to check the output for any other hidden files you want to exclude.

Compare the two examples below to see the difference between outputs from makepkginfo -f and CreateInstallsArray.sh:

(Click to expand)

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>_metadata</key>
	<dict>
		<key>created_by</key>
		<string>kevin</string>
		<key>creation_date</key>
		<date>2024-09-02T22:25:42Z</date>
		<key>munki_version</key>
		<string>6.3.1.4580</string>
		<key>os_version</key>
		<string>14.6.1</string>
	</dict>
	<key>autoremove</key>
	<false/>
	<key>catalogs</key>
	<array>
		<string>testing</string>
	</array>
	<key>installs</key>
	<array>
		<dict>
			<key>md5checksum</key>
			<string>d41d8cd98f00b204e9800998ecf8427e</string>
			<key>path</key>
			<string>/Users/Shared/example.png</string>
			<key>type</key>
			<string>file</string>
		</dict>
	</array>
	<key>version</key>
	<string>1.0.0.0.0 (Please edit me!)</string>
</dict>
</plist>
	<key>installs</key>
	<array>
		<dict>
			<key>md5checksum</key>
			<string>d41d8cd98f00b204e9800998ecf8427e</string>
			<key>path</key>
			<string>/Users/Shared/example.png</string>
			<key>type</key>
			<string>file</string>
		</dict>
	</array>

Results will be written to an InstallsArray.xml file on your desktop.

The script

You can find the latest version of CreateInstallsArray.sh on my GitHub page: https://github.com/kevinmcox/macOS-Admin-Scripts/blob/main/CreateInstallsArray.sh

A note on text colors

My daughter got interested in what I was working on and asked to give me a hand. We think the results are very pretty. 😀

 

Leave a Reply

Your email address will not be published. Required fields are marked *