AutoPkg is a great tool for downloading and packaging software for distribution. It also integrates nicely with Munki. After testing AutoPkg I looked into methods to further automate the updating process. I came across Sean Kaiser’s blog detailing how he created a script and triggered it using a launch daemon. I took his script as an example and began to build my own, with a few extra tweaks.
My AutoPkg Wrapper triggers AutoPkg to run once daily at 8:30am, dynamically checking for updates to user recipe overrides and sending an email in the event of a new package.
Without further ado I will walk you through setting up AutoPkg and automating it with my AutoPkg Wrapper.
Note: If you haven’t already, it is important to install Munki and AutoPkg.
Configuring AutoPkg
First we need to add the main recipe repository to AutoPkg, we do this by opening Terminal and typing:
autopkg repo-add http://github.com/autopkg/recipes.git
Note: AutoPkg requires Git to be installed, if it is not installed you will be prompted to install it from Apple Software Update.
Next we need to set the location of our Munki repository:
defaults write com.github.autopkg MUNKI_REPO "/PATH/TO/MUNKI_REPO"
AutoPkg uses recipe overrides to override default or unspecified recipe attributes. My Munki repositories follow a consistent naming convention and therefore I create recipe overrides for every AutoPkg recipe used. Below are the criteria for packages added to my Munki repositories:
- Packages are placed directly into pkgs and not into subdirectories.
- Packages are named in lowercase (e.g. Firefox.dmg > firefox.dmg).
- Packages do not contain the developer’s name (e.g. googlechrome.dmg > chrome.dmg).
- Packages are initially added to the development catalog.
- The pkginfo display_name attribute is set to match the package name with proper case and spaces (e.g. flashplayer.dmg > Flash Player).
- The unattended_installs pkginfo attribute is disabled.
- The developer and category pkginfo attributes are set.
Optionally you can download and install my collection of AutoPkg recipe overrides from GitHub:
git clone https://github.com/Error-freeIT/AutoPkg-Recipe-Overrides.git ~/Library/AutoPkg/RecipeOverrides
With AutoPkg configured let’s test a recipe:
autopkg run -v AdobeFlashPlayer.munki
Automating AutoPkg
If that worked it’s time to automate AutoPkg, download and run the autopkgwrapper installer:
git clone https://github.com/Error-freeIT/AutoPkg-Wrapper.git /tmp/autopkgwrapper && cd /tmp/autopkgwrapper && sudo ./install.sh
The install script requires administrator privileges and therefore will prompt for a password, as it copies the script and launch daemon into place and opens the script in Nano for configuration.
Update the ACCOUNT_NAME value to match the account name (a.k.a. username) containing the recipe overrides and update the EMAIL_FROM and EMAIL_TO addresses.
Note: To save changes in the Nano text editor press control + X, type y and hit return.
That’s it! Once set up you will be emailed when new items are added to the Munki repository. Standard workflow would then involve testing the new software and if the new software is stable, simply add it to your production catalog.
Troubleshooting The AutoPkg Wrapper
This AutoPkg Wrapper was intended to only be run as a launch daemon (by root) to manually run the AutoPkg Wrapper type:
sudo "/Library/Scripts/AutoPkg Wrapper/autopkgwrapper.sh"
You can update your email settings by typing:
sudo nano "/Library/Scripts/AutoPkg Wrapper/autopkgwrapper.sh"
By default the installed launch daemon is set to run daily at 8:30am, if you want to further customise how often the script is run I recommend editing the launch daemon with Lingon X.