When you upload a package to Jamf Pro, and you are using a JCDS as a distribution point, a manifest file gets automatically created. If your environment uses an HTTPS server that is NOT a Jamf Pro HTTPS-capable distribution point to host your packages, the requirements are to create a
custom manifest file and upload it along with the
Signed Distribution Package into Jamf Pro.
Before we start with covering the manifest file, I want to highlight that we need a Signed Distribution Package. This package must be signed using a certificate that is trusted by the device at the time of enrollment. You can use a certificate generated from either the
Apple Developer account or from the
Jamf Pro built-in certificate authority (CA) see below instructions.
How to create a Signing Certificate
Once you have the signing certificate, you can build a Signed Distribution Package. Who else rather than Scripting OS X can explain this best? Here you can find his great instruction.
How to Build a Signed Distribution Package
Use a GitHub Repo
After we have built the signed distribution package we need to make sure we can deploy the package during Automated Device Enrollment, by publishing to an open HTTPS distribution point. In this example, we are going to use GitHub as a HTTPS distribution point.
Within GitHub create a public repository, add a Folder and include the Signed Distribution Package you have created and want to deploy. Make sure this is committed/uploaded to the GitHub repository and that the repo is public!
To get the download URL you can easily go with the browser to the folder and click on the Signed Distribution Package.
You can click on
View raw and the package will download. If you Right+Click or Ctrl+Click on
View raw you can select
Copy Link. To get the download URL, which looks like this
which we need to create the manifest.
As I mentioned before, every Signed Distribution Package must have a corresponding
manifest file. The manifest file is an XML property list (.plist file). This file contains the URL to download the package from an HTTPS server and other required information for the package. To use the package with a manifest, make sure that the website is accessible. Upload the package file (with a .pkg filename extension) to an area of your website where users have access.
The following fields are required in the file
- kind Must be set to
- md5-size The size of the pkg in bytes
- md5s fingerprint (checksum) of the PKG
- URL The fully qualified HTTPS URL where to download the package
For more information about creating and hosting a manifest file, see the Preparing to distribute in-house macOS apps in Apple’s Deployment Reference for Mac - Distribute custom packages for Mac.
I have prepared a GitHub repository where you can find a script that creates a custom manifest.Included is a Signed Distribution Package which you can use for testing.
This package will install an image at this location
You can find and download the manifest GitHub repository here
To create a custom manifest we need to run the
CreatePKGManifest.sh script and provide a path to a local
Signed Distribution Package ($1) and a
download URL($2) where the same package is available for download.
We need to type in the following command in the terminal
./CreatePKGManifest.sh /path/to/local/SignedDistributionPackage downloadURL
For this example we are using the Signed Distribution Package that’s included in the GitHub repo
To get the download URL you can easily go with the browser to the online repository go to the Example-pkg folder and click on the Signed Distribution Package
To test if this package can be downloaded, you can click on
View raw and the package will download. But now we only want to have the download URL, you can Right+Click or Ctrl+Click on
View raw and here you can select
Copy Link. The copied link will look like this
Now we have the needed info
The terminal command will look like this
./CreatePKGManifest.sh example-pkg/Branding-1.0-Distribution.pkg https://github.com/mvdbent/Manifest/raw/main/Example-pkg/Branding-1.0-Distribution.pkg
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
The script created in
manifest.plist which included information like the kind
the md5-size of the pkg in bytes
the md5s fingerprint (checksum) of the PKG
and the fully qualified download URL where you can download the package
Now we have we need to deploy the
Branding-1.0-Distribution.pkg package during enrollment with the just created
custom manifest file.
Upload Package and manifest into Jamf Pro
You still need to upload the
Branding-1.0-Distribution.pkg package into Jamf Pro so you can select this within the prestage. The only thing you need to add to the package is the manifest file.
Go to Settings -> Computer management -> Packages and select
Branding-1.0-Distribution.pkg click on Edit. Upload the
custom manifest file and Save.
The next step is to create a pre-stage and add the
Branding-1.0-Distribution.pkg package to the enrollment packages.
Go to Computers -> PreStage Enrollments open an existing or create a new PreStage.
Go to the payload Enrollment Packages and add the
You can leave the Distribution Point on “None” because we use the download URL which is included in the manifest of the
To verify if you have the right package you must see a note below the package that says This package contains a custom manifest file.
Note Only add packages that are essential to the enrollment user experience to a PreStage enrollment. Too many packages may cause unexpected enrollment issues or take additional time to download if there is a poor network connection.
The only thing for you to do is test, test test!
Test your deployment workflow and check if the package will be installed on the device you are enrolling.
If you want to check if the installation of the
Branding-1.0-Distribution.pkg package is successfull, you can filter the log events in the terminal, by running the following command
log show --info --debug --predicate 'subsystem == "com.apple.ManagedClient" AND category == "MCXToolsInterface"' --last 1h | grep com.jamf.ce.Branding
As you can see I used the
grep argument with the bundle identifier from the package to easy search. If you want to see more logs, just simply remove the category part
AND category == "MCXToolsInterface" from the command to get more logs.
Or use the
/Applications/Utilities/Console.app and search the
install.log and you can always just simply look up the files, or application you want to install.
If you used the Example package
Branding-1.0-Distribution.pkg you can check if the image is installed at this location
Hope you liked the post!