Automated Managed Mac Estate – AutoPkgr – Part 3
You should now have a working Munki repo, server and client tools tested from Part 2.
In Part 3 of our series, we’re going to explore AutoPkgr which can be used to automate the download and upload to the munki repository automatically on a schedule.
So you’re probably wondering what is AutoPkgr?
AutoPkgr is an awesomely powerful tool for automating macOS software packaging and distribution, but it requires its users to be comfortable with command-line tools and methods. If you’re not yet comfortable with the command-line, or if you just want to get AutoPkg set up from scratch quickly and reliably, AutoPkgr is for you. It has been written by the Linde Group.
The AutoPkgr GitHub project can be found here.
- Latest Version of AutoPkgr downloaded and installed on a Mac, (I’m using the same Mac as my Munki repo from Part 2), available here
When you first run AutoPkgr you’ll be asked to install Git if not present on the machine. You are looking for the initial screen to be the following:
Automating your downloads and uploads to Munki Repo
So now that you’ve got AutoPkgr installed we can dive right into automating the downloads and upload to your munki repo, for this example, I am going to be using Google Chrome.
- Click Repos & Recipes
- Next, filter your results by “munki”
- .munki are essentially recipes with the Logic that states the download needs to be formatted for the munki repository
- Find the software you require, i.e. GoogleChrome.munki, and Right-Click and click “Create Override”
- When a pop-up appears to name the override, click OK
- You’ll then see two versions of the munki recipe one from the GitHub Repository and the local one you’ve just created.
- It’s always a good idea to review the code that is listed in public repositories just to ensure you are comfortable with what is being executed.
- Now navigate to your Recipe Override folder in Finder, the default location is “~/Library/AutoPkg/Recipie/Overrides”
- Open the recipe with your favourite text editors and review/make any changes if required.
- Once you’re happy with the code and the recipie override is just the way you want it, you’ll need to give this override the recipie the relevant parent-trust permission, open Terminal and type the following command:
- Also review how parent-trust-info works by clicking the link here
autopkg update-trust-info GoogleChrome.munki
- Once you see the “wrote updated” message your local recipie is now ready to be executed. In AutoPkgr tick your “local” software, and Click Run Recipies Now
- Now check your Munki Repo and your new application will now be present and the catalog files updated.
- Follow this for each app you wish to auto-update.
Scheduling AutoPkgr to Run
You can schedule how often AutoPkgr runs to avoid clicking the “Run Recipies Now” button manually. These settings are available on the Schedule tab.
You can also set up AutoPkgr Notifications, I find it particularly useful to enable email notifications which I recive after my auto schedule has run, these settings can be confirgured in the Notifications tab.
Optional – VirusTotalAnalyzer
This is a particular useful add-on to AutoPkgr which checks the downloaded files against the VirusTotalAnalyzer database and gives you a score recommendation in your email notfication (as above).
To enable this, click “Folders & Integrations“, click “Install VirusTotalAnalyzer”
That sums up Part 3 in our series, AutoPkgr does take some time to get used to so read the guides and wiki on GitHub, once you have it setup and working for you then it will work great and save you a mass amount of time having to download applications, package them etc. The only thing to remember is to review code that is available in the public repositories, especially if you’re deploying an application to your estate you want to be comfortable with what is being run.
Let me know how you get on! Stay tuned for the last part of the series that will cover dataJAR’s jamJAR project that will automate this use of munki and AutoPkgr to use in jamf Pro and show user notifications on their devices when software has been installed or patched.