MacBook picture

Deploy an App Using a Jamf Pro MDM Command

by

in

The Scenario:

Imagine that you have a Mac whose Jamf binary is no longer communicating with your Jamf Pro server or you just want to install something the hard way for the lolz.

You can use a MDM command to install a package on a macOS endpoint. In this example, I am going to push an app to a smart group using the Jamf Pro Swagger UI.

 

Prerequites:

  • The URL to application hosted online and accessible publicly
  • hash
  • hash type
  • display image URL
  • full-size image URL
  • bundle ID
  • bundle version
  • subtitle
  • size of app in bytes
  • is the app managed?
  • array of devices you are installing the app on OR smart-group ID you are targeting

Here is the JSON for the default request body manifest shown by the Jamf Pro Swagger UI:

{
"manifest": {
"url": "https://example.jamf.com/this/package",
"hash": "dcb02a41cd6d842943459a88c96a5f72",
"hashType": "MD5",
"displayImageUrl": "https://example.jamf.com/img/display/this/package.jpg",
"fullSizeImageUrl": "https://example.jamf.com/img/full/this/package.jpg",
"bundleId": "com.jamf.example",
"bundleVersion": "0.1.0",
"subtitle": "Subtitle",
"title": "Title",
"sizeInBytes": 12345
},
"installAsManaged": false,
"devices": [
1,
2,
3
],
"groupId": "1"
}

 

Get the stuff:

url:
In this example, I am going to push Nudge to a smart group. I am going to copy the URL from the Github repo. We now have the “url” for the JSON manifest.

"url": "https://github.com/macadmins/nudge/releases/download/v2.0.12.81807/Nudge_Essentials-2.0.12.81807.pkg",

hash and hash type:
It’s not clear if SHA256 is accepted, but since MD5 is specified in the Jamf Pro Swagger UI, I stuck with that.

To get the MD5 hash for the Nudge pkg above using the following command in Terminal:

md5 -q /path/to/Nudge_Essentials-2.0.12.81807.pkg
84f9530df39c3ac84336e2bd4d17ea23

This gives us the next two objects in the manifest:

"hash": "84f9530df39c3ac84336e2bd4d17ea23",
"hashType": "MD5",

displayImageUrl and fullSizeImageUrl:
We’ll use the Nudge logo from the repo for the displayImageUrl and fullSizeImageUrl:
https://github.com/macadmins/nudge/blob/main/assets/NudgeIcon.png

"displayImageUrl": "https://github.com/macadmins/nudge/blob/main/assets/NudgeIcon.png",
"fullSizeImageUrl": "https://github.com/macadmins/nudge/blob/main/assets/NudgeIcon.png",

bundleID and bundleVersion:
There are several ways to get the bundle ID and bundle version of an application. My go-to method is to use Mother’s Ruin Suspicious Package if the app is not yet installed on my Mac or to locate the Info.plist file inside the .app directory (which is also visible via Suspicious Package).

image of Suspicious Pkg "All Files" tab highlighting version and identifier
image of Suspicious Pkg "All Files" tab using spotlight to preview Info.plist from the payload of the package

Now that we have that info, we have the next bit of the manifest:

"bundleId": "com.macadmins.Nudge",
"bundleVersion": "2.0.12.81807",

subtitle and title:
For title, I am going to use “Nudge” and I will use a shortened version of the about statement from the repo for the subtitle.

"subtitle": "A tool for macOS updates.",
"title": "Nudge",

sizeInBytes:
To get the size in bytes, I run the following command in Terminal:

% stat -f%z /path/to/Nudge_Essentials-2.0.12.81807.pkg
1470981

Now have this part:

"sizeInBytes": 1470981

installAsManaged:
Because I know that I can manage Nudge using App Installers, I am going to set installAsManaged to true. Disclaimer, you could just skip this whole ordeal for apps listed in Jamf’s App Installers since those apps are installed using MDM. You can refer to Apple on what makes an app “managed.”

"installAsManaged": true,

devices and/or groupId:
If you only mean to install an app to a few machines, you can list those devices in an array.

"devices": [
1,
2,
3
],

In my example, I am going to target a smart group.

"groupId": "1"

 

Put it all together:

Now I have all the pieces I need for my JSON manifest.

{
"manifest": {
"url": "https://github.com/macadmins/nudge/releases/download/v2.0.12.81807/Nudge_Essentials-2.0.12.81807.pkg",
"hash": "84f9530df39c3ac84336e2bd4d17ea23",
"hashType": "MD5",
"displayImageUrl": "https://github.com/macadmins/nudge/blob/main/assets/NudgeIcon.png",
"fullSizeImageUrl": "https://github.com/macadmins/nudge/blob/main/assets/NudgeIcon.png",
"bundleId": "com.macadmins.Nudge",
"bundleVersion": "2.0.12.81807",
"subtitle": "A tool for macOS updates.",
"title": "Nudge",
"sizeInBytes": 1470981
},
"installAsManaged": true,
"groupId": "1"
}

I can copy and paste this manifest into the Jamf Pro Swagger UI or write a script and include this to push Nudge to my smart group. The API command we are using is listed under “mdm.”

/v1/deploy-package

For those unfamiliar with the Jamf Pro Swagger UI, you can locate it by appending “/api/” to your Jamf Pro server URL which will list the API docs for both the classic and jamf pro APIs. For this, I used the Jamf Pro API (i.e. https://mycompany.jamfcloud.com/api/doc/).

When you deploy an app using MDM, you will see the command listed under History > Management History on the Mac’s computer record in Jamf.