Merge pull request #40 from palantir/posix

converted to POSIX Shell
palantir · Feb 2, 2024 · cd46245 · cd46245
2 parents fc1667b + db2c89e
commit cd46245
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 63 deletions.
diff --git a/scripts/Add or Remove Group Membership.zsh → scripts/Add or Remove Group Membership.sh b/scripts/Add or Remove Group Membership.zsh → scripts/Add or Remove Group Membership.sh
@@ -1,13 +1,12 @@
-#!/bin/zsh
+#!/bin/sh
 
 ###
 #
-#            Name:  Add or Remove Group Membership.zsh
-#     Description:  Adds target user or group to specified group membership, or
-#                   removes said membership.
+#            Name:  Add or Remove Group Membership.sh
+#     Description:  Adds target user or group to specified group membership, or removes said membership.
 #         Created:  2016-06-06
-#   Last Modified:  2021-02-08
-#         Version:  4.0
+#   Last Modified:  2023-11-13
+#         Version:  4.1
 #
 #
 # Copyright 2016 Palantir Technologies, Inc.
@@ -34,16 +33,16 @@
 
 
 # Jamf Pro script parameter: "Target ID"
-targetID="$4"
+targetID="${4}"
 # Jamf Pro script parameter: "Target Type"
 # Must be either "user" or "group".
-targetType="$5"
+targetType="${5}"
 # Jamf Pro script parameter: "Target Membership"
 # Enter the name of a user group.
-targetMembership="$6"
+targetMembership="${6}"
 # Jamf Pro script parameter: "Script Action"
 # Must be either "add" or "remove".
-scriptAction="$7"
+scriptAction="${7}"
 
 
 
@@ -52,19 +51,13 @@ scriptAction="$7"
 
 
 # Exits if any required Jamf Pro arguments are undefined.
-function check_jamf_pro_arguments {
-  jamfProArguments=(
-    "$targetID"
-    "$targetType"
-    "$targetMembership"
-    "$scriptAction"
-  )
-  for argument in "${jamfProArguments[@]}"; do
-    if [[ -z "$argument" ]]; then
-      echo "❌ ERROR: Undefined Jamf Pro argument, unable to proceed."
-      exit 74
-    fi
-  done
+check_jamf_pro_arguments () {
+
+  if [ -z "$targetID" ] || [ -z "$targetType" ] || [ -z "$targetMembership" ] || [ -z "$scriptAction" ]; then
+    echo "❌ ERROR: Undefined Jamf Pro argument, unable to proceed."
+    exit 74
+  fi
+
 }
 
 
@@ -73,14 +66,14 @@ function check_jamf_pro_arguments {
 
 
 
-# Verify script prrequisites.
+# Verify script prerequisites.
 check_jamf_pro_arguments
 
 
 # Populate binary arguments for specified script action, or exit if undefined.
-if [[ "$scriptAction" = "add" ]]; then
+if [ "$scriptAction" = "add" ]; then
   actionFlag="a"
-elif [[ "$scriptAction" = "remove" ]]; then
+elif [ "$scriptAction" = "remove" ]; then
   actionFlag="d"
 else
   echo "❌ ERROR: Script Action is unexpected value, unable to proceed. Please check Script Action parameter in Jamf Pro policy."
@@ -89,27 +82,27 @@ fi
 
 
 # Exit if Target Type is an incorrect value.
-if [[ "$targetType" != "user" ]] && [[ "$targetType" != "group" ]]; then
-  echo "❌ ERROR: Target Type $targetType is unexpected value, unable to proceed. Please check Target Type parameter in Jamf Pro policy."
+if [ "$targetType" != "user" ] && [ "$targetType" != "group" ]; then
+  echo "❌ ERROR: Target Type ${targetType} is unexpected value, unable to proceed. Please check Target Type parameter in Jamf Pro policy."
   exit 1
 fi
 
 
 # Exit if specified group does not exist.
 if ! /usr/sbin/dseditgroup -o read "$targetMembership" 1>"/dev/null"; then
-  echo "Specified group ($targetMembership) does not exist, no action required."
+  echo "Specified group (${targetMembership}) does not exist, no action required."
   exit 0
-elif [[ "$targetType" = "user" ]]; then
+elif [ "$targetType" = "user" ]; then
   if /usr/sbin/dseditgroup -o checkmember -m "$targetID" "$targetMembership"; then
     # If action is add, exit if target user is already in the specified group.
-    if [[ "$scriptAction" = "add" ]]; then
-      echo "Target user is already a member of $targetMembership, no action required."
+    if [ "$scriptAction" = "add" ]; then
+      echo "Target user is already a member of ${targetMembership}, no action required."
       exit 0
     fi
   else
     # If action is remove, exit if target user is not in the specified group.
-    if [[ "$scriptAction" = "remove" ]]; then
-      echo "Target user is not a member of $targetMembership, no action required."
+    if [ "$scriptAction" = "remove" ]; then
+      echo "Target user is not a member of ${targetMembership}, no action required."
       exit 0
     fi
   fi
@@ -121,7 +114,7 @@ fi
   -"$actionFlag" "$targetID" \
   -t "$targetType" \
   "$targetMembership"
-echo "Modified $targetID group membership for $targetMembership (action: $scriptAction)."
+echo "Modified ${targetID} group membership for ${targetMembership} (action: ${scriptAction})."
 
 
 exit 0
diff --git a/scripts/Encrypt APFS Volume.zsh → scripts/Encrypt APFS Volume.sh b/scripts/Encrypt APFS Volume.zsh → scripts/Encrypt APFS Volume.sh
@@ -1,14 +1,12 @@
-#!/bin/zsh
+#!/bin/sh
 
 ###
 #
-#            Name:  Encrypt APFS Volume.zsh
-#     Description:  Encrypts APFS volume /Volumes/$targetVolume with a
-#                   randomized password, then saves this password to the System
-#                   keychain.
+#            Name:  Encrypt APFS Volume.sh
+#     Description:  Encrypts target APFS volume with a randomized password, then saves this password to the System keychain to allow volume to mount automatically on login.
 #         Created:  2016-04-05
-#   Last Modified:  2020-07-08
-#         Version:  5.0.1
+#   Last Modified:  2023-11-13
+#         Version:  5.1
 #
 #
 # Copyright 2016 Palantir Technologies, Inc.
@@ -35,8 +33,7 @@
 
 
 # Jamf Pro script parameter: "Target Volume"
-targetVolume="$4"
-# Do not change these values.
+targetVolume="${4}"
 newVolumeInfo=$(/usr/sbin/diskutil info "$targetVolume")
 volumeFileSystemPersonality=$(echo "$newVolumeInfo" | /usr/bin/awk -F: '/File System Personality/ {print $NF}' | /usr/bin/sed 's/^ *//')
 targetVolumePassphrase=$(LC_CTYPE=C /usr/bin/tr -dc 'A-NP-Za-km-z0-9' < "/dev/urandom" | /usr/bin/head -c 20)
@@ -48,7 +45,7 @@ targetVolumePassphrase=$(LC_CTYPE=C /usr/bin/tr -dc 'A-NP-Za-km-z0-9' < "/dev/ur
 
 
 # Exits if any required Jamf Pro arguments are undefined.
-function check_jamf_pro_arguments {
+check_jamf_pro_arguments () {
   if [ -z "$targetVolume" ]; then
     echo "❌ ERROR: Undefined Jamf Pro argument, unable to proceed."
     exit 74
@@ -57,41 +54,31 @@ function check_jamf_pro_arguments {
 
 
 # Checks for presence of volume.
-function check_volume {
+check_volume () {
   if /usr/sbin/diskutil list | /usr/bin/grep -q "$targetVolume"; then
     volumeIdentifier=$(/usr/sbin/diskutil list | /usr/bin/grep "$targetVolume" | /usr/bin/awk '{print $NF}')
   else
-    echo "❌ ERROR: Volume $targetVolume missing, unable to proceed."
+    echo "❌ ERROR: Volume ${targetVolume} missing, unable to proceed."
     exit 72
   fi
 }
 
 
-# Unmounts Recovery volume (if mounted).
-function unmount_recovery_volume {
-  recoveryVolumeIdentifier=$(/usr/sbin/diskutil list | /usr/bin/awk '/Recovery HD/ {print $NF}')
-  if /sbin/mount | /usr/bin/grep -q "$recoveryVolumeIdentifier"; then
-    /usr/sbin/diskutil unmount "$recoveryVolumeIdentifier"
-    echo "Unmounted Recovery volume."
-  fi
-}
-
-
 # Encrypts new volume with randomly-generated password.
-function encrypt_volume {
+encrypt_volume () {
   /usr/sbin/diskutil \
     apfs encryptVolume \
     "$volumeIdentifier" \
     -user disk \
     -passphrase "$targetVolumePassphrase"
   sleep 5
   targetVolumeUUID=$(/usr/sbin/diskutil info "$targetVolume" | /usr/bin/awk '/Volume UUID/ {print $3}')
-  echo "Volume $targetVolume is encrypting with a randomized password."
+  echo "Volume ${targetVolume} is encrypting with a randomized password."
 }
 
 
 # Saves encrypted volume password to the System keychain.
-function save_volume_password_to_system_keychain {
+save_volume_password_to_system_keychain () {
   /usr/bin/security add-generic-password \
     -a "$targetVolumeUUID" \
     -l "$targetVolume" \
@@ -100,7 +87,7 @@ function save_volume_password_to_system_keychain {
     -A \
     -D "encrypted volume password" \
     "/Library/Keychains/System.keychain"
-  echo "$targetVolume password saved to the System keychain."
+  echo "${targetVolume} password saved to the System keychain."
 }
 
 
@@ -115,10 +102,10 @@ check_volume
 
 
 # Encrypt APFS volume.
-if [[ "$volumeFileSystemPersonality" = *"APFS"* ]]; then
+if echo "$volumeFileSystemPersonality" | /usr/bin/grep -q "APFS"; then
   encrypt_volume
 else
-  echo "❌ ERROR: Unsupported file system ($volumeFileSystemPersonality), unable to proceed."
+  echo "❌ ERROR: Unsupported file system (${volumeFileSystemPersonality}), unable to proceed."
   exit 1
 fi