Deploy Determinate with MDM
💡
Most users should use the standard getting started guide.
- Audience: IT administrators
- Technical assumptions: JAMF, Mosyle, or a similar MDM provider for macOS
Create a “self-service” application which executes the script at the end of this article.
Security considerations
This script behaves similarly to Installomator, and validates the package before installing:
- The package isn’t re-installed if there is no update.
- The package is signed by our Apple Developer ID (
X3JQ4VPJZ6).
A non-root user with administrative privileges needs to execute this script.
Handling updates
Re-run the installation script to update Determinate and Nix.
Uninstallation
To uninstall Determinate:
sudo /nix/nix-installer uninstallInstallation script
#!/bin/sh
set -eu
scratch=$(mktemp -p /tmp -d -t determinate.XXXXXXXXXX)
finish() {
rm -rf "$scratch"
}
trap finish EXIT
realScratch=$(realpath "$scratch")
TEAM_ID="X3JQ4VPJZ6"
(pkgutil --pkg-info-plist systems.determinate.Determinate 2> /dev/null || true) > "$realScratch/installed.plist"
installedVersion=$(defaults read "$realScratch/installed.plist" pkg-version 2> /dev/null|| true)
downloadUrl=$(curl -w "%{url_effective}\n" -I -L -s -S https://install.determinate.systems/determinate-pkg/stable/Universal -o /dev/null)
currentlyReleased=$(echo "$downloadUrl" | cut -d/ -f4)
echo "Installed: ${installedVersion:-n/a}"
echo "Current release: $currentlyReleased"
if [ "$installedVersion" = "$currentlyReleased" ]; then
echo "No update required."
exit 0
fi
echo "Downloading from $downloadUrl"
curl \
--proto '=https' \
--tlsv1.2 \
-sSf \
-L "$downloadUrl" \
-o "$realScratch/Determinate.pkg"
actualTeamId=$(spctl -a -vv -t install "$realScratch/Determinate.pkg" 2>&1 | awk -F '(' '/origin=/ {print $2 }' | tr -d '()')
echo "Expected team ID: $TEAM_ID"
echo "Actual team ID: $actualTeamId"
if [ "$actualTeamId" != "$TEAM_ID" ]; then
echo "Team ID did not match."
exit 1
fi
installer -verboseR -pkg "$realScratch/Determinate.pkg" -tgt "/"
echo "Complete"