Welcome to the new unified Determinate docs experience!
GuidesDeploy Determinate with MDM

Deploy Determinate with MDM

💡

Most users should use the standard getting started guide.

  • Audience: IT administrators
  • Technical assumptions: JAMF, Mosyle, or a similar MDM provider for macOS

Create a “self-service” application which executes the script at the end of this article.

Security considerations

This script behaves similarly to Installomator, and validates the package before installing:

  • The package isn’t re-installed if there is no update.
  • The package is signed by our Apple Developer ID (X3JQ4VPJZ6).

A non-root user with administrative privileges needs to execute this script.

Handling updates

Re-run the installation script to update Determinate and Nix.

Uninstallation

To uninstall Determinate:

Uninstall Nix
sudo /nix/nix-installer uninstall

Installation script

install-via-mdm.sh
#!/bin/sh
 
set -eu
 
scratch=$(mktemp -p /tmp -d -t determinate.XXXXXXXXXX)
finish() {
  rm -rf "$scratch"
}
trap finish EXIT
 
realScratch=$(realpath "$scratch")
 
TEAM_ID="X3JQ4VPJZ6"
 
(pkgutil --pkg-info-plist systems.determinate.Determinate 2> /dev/null || true) > "$realScratch/installed.plist"
 
installedVersion=$(defaults read "$realScratch/installed.plist" pkg-version  2> /dev/null|| true)
 
downloadUrl=$(curl -w "%{url_effective}\n" -I -L -s -S https://install.determinate.systems/determinate-pkg/stable/Universal -o /dev/null)
currentlyReleased=$(echo "$downloadUrl" | cut -d/ -f4)
 
echo "Installed: ${installedVersion:-n/a}"
echo "Current release: $currentlyReleased"
 
if [ "$installedVersion" = "$currentlyReleased" ]; then
    echo "No update required."
    exit 0
fi
 
echo "Downloading from $downloadUrl"
 
curl \
    --proto '=https' \
    --tlsv1.2 \
    -sSf \
    -L "$downloadUrl" \
    -o "$realScratch/Determinate.pkg"
 
actualTeamId=$(spctl -a -vv -t install "$realScratch/Determinate.pkg" 2>&1 | awk -F '(' '/origin=/ {print $2 }' | tr -d '()')
 
echo "Expected team ID: $TEAM_ID"
echo "Actual team ID: $actualTeamId"
if [ "$actualTeamId" != "$TEAM_ID" ]; then
    echo "Team ID did not match."
    exit 1
fi
 
installer -verboseR -pkg "$realScratch/Determinate.pkg" -tgt "/"
 
echo "Complete"
Easy caching with Determinate CILog in with AWS STS