Monthly Archives: February 2015

Syntax highlighting of munki pkginfo files

Do you ever fire up TextWrangler and open a pkginfo file used in munki to adjust or add a key but when you go to actually add that key you can’t remember the exact format of the syntax?  Was it “update_for” or “update-for”?  It kinda matters.  Lucky for us there is a syntax highlighting feature in TextWrangler (and BBEdit) that allows for customization called Language Modules.

I’ve created a munki Language Module, available on github,  that lets you breath a little easier in knowing your syntax typo is not the reason munki is looping…that’s something else you’ve done.

Using the Language Module is fairly easy.  To install:

  1. Download and copy the munki_langauage_module.plist to ~/Library/Application Support/TextWrangler/Language Modules/
  2. Restart TextWrangler.
  3. Adjust keyword and predefined syntax highlighting colors in the TextWrangler preferences if you so choose.

This module sets TextWrangler to detect all files that end in .plist as munki pkgsinfo files.
If that is not desirable and you’d rather have standard XML highlighting, then remove the BBLMSuffixMap key from the plist or change the syntax highlight language when you open the file.

Inside TextWrangler you can manually choose the language syntax highlighting from the options at the bottom of the TextWrangler window. Choose “Munki Pkgsinfo” to apply the highlighting.  That’s it!

Below is an example of the difference between a syntax highlighted file on the left and a plain text file on the right.

side-by-side

Tagged ,

Profile Behavior Changes in Yosemite

Forced. Often. Once. If you’ve used MCX and/or Profiles before you’re familiar with those terms and what they mean when a Profile is installed on a system.

I thought I did, too, until I stumbled upon a fundamental change of the rules in how Yosemite now behaves in the case of Often. Granted, anything besides “Forced” isn’t necessarily supported by Apple as their own Profile Manager tool only spits out Force management frequency profiles. Previously, adjustments could be made to Profiles to allow for a less heavy handed frequency of management. It appears our grace period for one type of manual change is over.  A tool to help create custom Profiles is called mcxToProfile.  Check out Tim Sutton’s documentation and tool — mcxToProfile as we’ll be using it later in this example.

See for yourself
As an easily observable example lets use a simple preference structure.
First, create a plist file with the keys you want to manage.

 defaults write my.great.app setting1 -string foobar
 defaults write my.great.app setting2 -bool false
 defaults read my.great.app
 {
 setting1 = foobar;
 setting2 = 0;
 }
 

Use Tim’s mcxToProfile tool to create a Profile to manage the domain “often”.

mcxToProfile.py --plist ~/Library/Preferences/my.great.app.plist --identifier MyGreatApp --manage Often

Copy the profile to a test machine or VM running Yosemite and install it.

sudo profiles -IF MyGreatApp.mobileconfig

You can see the preferences have been applied by running

defaults read my.great.app

Make some preference changes after the Profile was installed:

 defaults write my.great.app setting3 -string Chickens
 defaults write my.great.app setting4 -int 42
 defaults read my.great.app
  {
  setting1 = foobar;
  setting2 = 0;
  setting3 = Chickens;
  setting4 = 42;
  }

Log out and back into OS X and read the plist again.

 defaults read my.great.app
  {
  setting1 = foobar;
  setting2 = 0;
  }

The user’s settings have been eradicated even though they aren’t the keys being managed.

For a real world example lets look at how it works when we manage the Dock with a profile.

First, create a plist file with the keys you want to manage. This example sets the Dock to anchor to the right side of the screen.

defaults write ~/Desktop/com.apple.dock orientation -string right

That will result in a plist that only has the key specified in the defaults command:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>orientation</key>
    <string>right</string>
</dict>
</plist>

Create a Profile to manage the domain “often”.

mcxToProfile.py --plist ~/Desktop/com.apple.dock.plist --identifier MyDockSettings --manage Often

The payload content in the resulting .mobileconfig is

 <key>PayloadContent</key>
 <dict>
   <key>com.apple.dock</key>
   <dict>
     <key>Set-Once</key>
     <array>
       <dict>
         <key>mcx_preference_settings</key>
         <dict>
           <key>orientation</key>
           <string>right</string>
         </dict>
       </dict>
     </array>
   </dict>
 </dict>

Copy the profile to a test machine or VM running Yosemite and install it.

sudo profiles -IF MyDockSettings.mobileconfig

When the Profile payload applies you will see the Dock quit and reappear pinned to the right of the screen. Now make a manual change to the Dock, for instance, drag and drop a couple apps to the Dock. Log out and back into OS X. The apps you added are gone. The Dock has reverted to the way it was when the Profile was installed. This will happen every time you log out and back into OS X.

So now what?
An informal survey in the IRC channel ##osx-server on Freenode showed that the Often management frequency isn’t used that..well..often. The only admins in the know of that frequency would be those that use Tim’s mcxToProfile tool or hand craft their own. But if you happen to have that frequency there are a couple options.

  • Change the frequency. Set-Once with a timestamp still appears to function correctly (for now). And Forced should work as long as the application you’re trying to manage uses the OS’s APIs for reading preferences.
  • Use a different tool. Use outset to run scripts to make the change on the frequency you need. LaunchAgents or LaunchDaemons are viable as well.

tl;dr – Don’t use Often in Yosemite. Profiles set to apply “Often” reset setting changes made after the profile was installed every “often” time it is applied. If a plist didn’t exist before the Profile was installed the resulting plist contains only the keys that are in the profile — collateral damaged keys be damned.

Tagged , ,