Deploying Munki with Mosyle MDM

Acknowledgements: This is a slightly modified workflow based on one proposed by Taz on MacAdmins Slack. Thanks, Taz!

You can use Mosyle to install Munki.


Switch to the macOS platform (if you're not already in there).


Then, click on Management.


Scroll down to and then click on Custom Commands.


Click Add new profile.


Name it whatever you want (e.g., Install Munki), and then put in a modified version of this code:

#!/bin/bash

# See if it's already been installed
if [[ ! -a '/Applications/Managed Software Center.app' ]]; then

   # Name of .pkg
   munkitools='munkitools-3.3.1.3537.pkg'

   # Desired hash output
   desired_hash='MD5 (munkitools-3.3.1.3537.pkg) = 208a04093704dd8039b89dfa671cbd8f'

   # Go to the /tmp directory
   cd /tmp

   # Download the latest Munki tools .pkg
   /usr/bin/curl -L -O https://github.com/munki/munki/releases/download/v3.3.1/"$munkitools"

   # Make sure the hosting server hasn't been compromised and/or the download isn't corrupted
   md5_test=$(/sbin/md5 $munkitools)

   if [[ "$md5_test" == "$desired_hash" ]]; then

      # Install the Munki tools .pkg
      /usr/sbin/installer -allowUntrusted -pkg /tmp/"$munkitools" -target /

      # Add in basic auth info
      /usr/bin/defaults write /private/var/root/Library/Preferences/ManagedInstalls AdditionalHttpHeaders -array "Authorization: Basic BASICAUTHCODE"

      # Wait until the setup assistant is done...
      until [ -f "/var/db/.AppleSetupDone" ]; do

         # If it's not done yet, wait 2 seconds to check again
         sleep 2

      done

      # Now that setup assistant is done, reboot the machine, since Munki requires a reboot after installation
      /sbin/shutdown -r now

   fi

fi

Assign this profile to whatever devices or groups you want, and then click Save.

Any other Munki preferences (e.g., SoftwareRepoURL) you'll want to deploy in a .mobileconfig profile. More details in Importing custom .mobileconfig profiles into Mosyle MDM.

P.S. I haven't done extensive testing on this, but you may be able to deploy Munki as a .pkg and not as a custom command that downloads the .pkg. You'll have to host it somewhere yourself (and Mosyle does not like the redirect URLs, so you'll legit have to host it), but you may want to try Management > Management Profiles > Install App > Add new profile. Then, under Installation source, pick Enterprise app, and then put in the URL of the hosted Munki installer .pkg.

To change the icon, just get a .png of whatever icon you want. Here's an example of how to generate that:

sips -s format png /Applications/Managed\ Software\ Center.app/Contents/Resources/Managed\ Software\ Center.icns --out MSC.png

Only caveat is that that won't work for scripting basic authentication.

One thought on “Deploying Munki with Mosyle MDM”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.