wip

Author: brunohccz

.github/workflows/release.yaml

@@ -0,0 +1,110 @@
+name: Build and Release JamfMigrationTool
+
+on:
+  push:
+    tags:
+      - "v*"
+
+jobs:
+  build:
+    name: Build JamfMigrationTool
+    runs-on: macos-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Xcode
+        uses: maxim-lobanov/setup-xcode@v1
+        with:
+          xcode-version: latest-stable
+
+      - name: Import developer id installer certificate
+        uses: apple-actions/import-codesign-certs@v1
+        with:
+          p12-file-base64: ${{ secrets.INSTALLER_CERTIFICATE_P12 }}
+          p12-password: ${{ secrets.CERTIFICATE_PASSWORD }}
+          keychain: build
+          keychain-password: "temp-password"
+
+      - name: Import developer id application certificate
+        uses: apple-actions/import-codesign-certs@v1
+        with:
+          p12-file-base64: ${{ secrets.CERTIFICATE_P12 }}
+          p12-password: ${{ secrets.CERTIFICATE_PASSWORD }}
+          create-keychain: false
+          keychain: build
+          keychain-password: "temp-password"
+
+      - name: Build the project
+        run: |
+          xcodebuild -scheme JamfMigrationTool -configuration Release clean build CODE_SIGN_IDENTITY='Developer ID Application' CODE_SIGN_INJECT_BASE_ENTITLEMENTS=NO OTHER_CODE_SIGN_FLAGS='--timestamp' -derivedDataPath build
+
+      - name: Create .pkg installer
+        run: |
+          rm -rf package-root
+          mkdir -p package-root/usr/local/bin
+          cp build/Build/Products/Release/JamfMigrationTool package-root/usr/local/bin/
+          pkgbuild \
+            --root "package-root" \
+            --install-location "/" \
+            --identifier "tech.rocketman.jamfmigrationtool" \
+            --version "${{ github.ref_name }}" \
+            --sign "${{ secrets.APPLE_INSTALLER_SIGNING_IDENTITY }}" \
+            "JamfMigrationTool-${{ github.ref_name }}.pkg"
+
+      - name: Verify Signature
+        run: |
+          pkgutil --check-signature "JamfMigrationTool-${{ github.ref_name }}.pkg"
+
+      - name: Notarize .pkg installer
+        run: |
+          xcrun notarytool store-credentials "notarytool-profile" \
+            --apple-id "${{ secrets.APPLE_ID }}" \
+            --password "${{ secrets.APPLE_APP_PASSWORD }}" \
+            --team-id "${{ secrets.TEAM_ID }}"
+
+          output=$(xcrun notarytool submit "JamfMigrationTool-${{ github.ref_name }}.pkg" --keychain-profile "notarytool-profile" --wait)
+          echo $output
+
+          extracted_id=$(echo "$output" | awk '/status: Invalid/ {getline; if ($1 == "id:") print $2}')
+
+          if [ -n "$extracted_id" ]; then
+            echo "ID: $extracted_id"
+            xcrun notarytool log $extracted_id --keychain-profile "notarytool-profile"
+            exit 1
+          else
+            # Staple the notarization
+            xcrun stapler staple "JamfMigrationTool-${{ github.ref_name }}.pkg"
+          fi
+
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: JamfMigrationTool
+          path: |
+            build/Build/Products/Release/JamfMigrationTool
+            JamfMigrationTool-${{ github.ref_name }}.pkg
+
+  release:
+    name: Create GitHub Release
+    needs: build
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Download artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: JamfMigrationTool
+
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@v1
+        with:
+          files: |
+            JamfMigrationTool
+            JamfMigrationTool-${{ github.ref_name }}.pkg
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

JamfMigrationTool.xcodeproj/project.pbxproj

@@ -248,21 +248,29 @@
 		91356BD62DCE660300F9415E /* Debug */ = {
 			isa = XCBuildConfiguration;
 			buildSettings = {
-				CODE_SIGN_STYLE = Automatic;
-				DEVELOPMENT_TEAM = 538U58ZTWN;
+				"CODE_SIGN_IDENTITY[sdk=macosx*]" = "Developer ID Installer";
+				CODE_SIGN_STYLE = Manual;
+				DEVELOPMENT_TEAM = "";
+				"DEVELOPMENT_TEAM[sdk=macosx*]" = 538U58ZTWN;
 				ENABLE_HARDENED_RUNTIME = YES;
+				PRODUCT_BUNDLE_IDENTIFIER = tech.rocketman.jamfmigrationtool;
 				PRODUCT_NAME = "$(TARGET_NAME)";
+				PROVISIONING_PROFILE_SPECIFIER = "";
 				SWIFT_VERSION = 5.0;
 			};
 			name = Debug;
 		};
 		91356BD72DCE660300F9415E /* Release */ = {
 			isa = XCBuildConfiguration;
 			buildSettings = {
-				CODE_SIGN_STYLE = Automatic;
-				DEVELOPMENT_TEAM = 538U58ZTWN;
+				"CODE_SIGN_IDENTITY[sdk=macosx*]" = "Developer ID Installer";
+				CODE_SIGN_STYLE = Manual;
+				DEVELOPMENT_TEAM = "";
+				"DEVELOPMENT_TEAM[sdk=macosx*]" = 538U58ZTWN;
 				ENABLE_HARDENED_RUNTIME = YES;
+				PRODUCT_BUNDLE_IDENTIFIER = tech.rocketman.jamfmigrationtool;
 				PRODUCT_NAME = "$(TARGET_NAME)";
+				PROVISIONING_PROFILE_SPECIFIER = "";
 				SWIFT_VERSION = 5.0;
 			};
 			name = Release;

JamfMigrationTool/main.swift

@@ -7,5 +7,164 @@
 
 import Foundation
 
-print("Hello, World!")
+// Constants
+let abeProfileIdentifier = "com.apple.profile.mdm"
+let logoPath = "/Library/Application Support/Rocketman/funcfi-logo-small.png"
 
+// Check if ABE profile exists
+func checkProfileExists(identifier: String) -> Bool {
+    let process = Process()
+    let pipe = Pipe()
+
+    process.executableURL = URL(fileURLWithPath: "/usr/bin/profiles")
+    process.arguments = ["list"]
+    process.standardOutput = pipe
+
+    do {
+        try process.run()
+        process.waitUntilExit()
+
+        let data = pipe.fileHandleForReading.readDataToEndOfFile()
+        if let output = String(data: data, encoding: .utf8) {
+            return output.contains(identifier)
+        }
+    } catch {
+        print("Error checking profiles: \(error)")
+    }
+
+    return false
+}
+
+// Try to remove ABE profile
+func removeProfile(identifier: String) -> Bool {
+    let process = Process()
+
+    process.executableURL = URL(fileURLWithPath: "/usr/bin/profiles")
+    process.arguments = ["remove", "-identifier", identifier]
+
+    do {
+        try process.run()
+        process.waitUntilExit()
+
+        // Wait a moment for the system to update
+        sleep(2)
+
+        // Check if profile was successfully removed
+        return !checkProfileExists(identifier: identifier)
+    } catch {
+        print("Error removing profile: \(error)")
+        return false
+    }
+}
+
+// Show dialog to user
+func showDialog(title: String, message: String, buttonText: String, iconPath: String) -> Bool {
+    let process = Process()
+    let dialogPath = "/usr/local/bin/dialog"
+
+    // Check if dialog exists
+    if !FileManager.default.fileExists(atPath: dialogPath) {
+        print("SwiftDialog not found at \(dialogPath)")
+        return false
+    }
+
+    process.executableURL = URL(fileURLWithPath: dialogPath)
+    process.arguments = [
+        "--title", title,
+        "--message", message,
+        "--icon", iconPath,
+        "--button1text", buttonText,
+    ]
+
+    do {
+        try process.run()
+        process.waitUntilExit()
+        return process.terminationStatus == 0
+    } catch {
+        print("Error showing dialog: \(error)")
+        return false
+    }
+}
+
+// Start Jamf enrollment
+func startJamfEnrollment() {
+    let process = Process()
+
+    process.executableURL = URL(fileURLWithPath: "/usr/bin/profiles")
+    process.arguments = ["renew", "-type", "enrollment"]
+
+    do {
+        try process.run()
+        process.waitUntilExit()
+    } catch {
+        print("Error starting Jamf enrollment: \(error)")
+    }
+}
+
+// Check if running with admin privileges
+func isRunningAsAdmin() -> Bool {
+    let process = Process()
+    let pipe = Pipe()
+
+    process.executableURL = URL(fileURLWithPath: "/usr/bin/id")
+    process.arguments = ["-u"]
+    process.standardOutput = pipe
+
+    do {
+        try process.run()
+        process.waitUntilExit()
+
+        let data = pipe.fileHandleForReading.readDataToEndOfFile()
+        if let output = String(data: data, encoding: .utf8)?.trimmingCharacters(
+            in: .whitespacesAndNewlines),
+            let uid = Int(output)
+        {
+            return uid == 0
+        }
+    } catch {
+        print("Error checking privileges: \(error)")
+    }
+
+    return false
+}
+
+// Main function
+func main() {
+    print("Starting migration from Apple Business Essentials to Jamf Pro...")
+
+    // Check for admin privileges
+    guard isRunningAsAdmin() else {
+        print("Error: This tool must be run with administrator privileges")
+        exit(1)
+    }
+
+    // Try to remove ABE profile
+    let removed = removeProfile(identifier: abeProfileIdentifier)
+
+    if removed {
+        print("ABE profile successfully removed.")
+
+        // Show dialog to user
+        let dialogShown = showDialog(
+            title: "Migrating to Jamf Pro",
+            message: "Your Mac needs to be migrated to Jamf Pro. Please press Continue when ready.",
+            buttonText: "Continue",
+            iconPath: logoPath
+        )
+
+        if dialogShown {
+            // Start Jamf enrollment
+            print("Starting Jamf enrollment...")
+            startJamfEnrollment()
+        } else {
+            print("Failed to show dialog. Please enroll in Jamf Pro manually.")
+        }
+    } else {
+        print(
+            "ABE profile could not be removed directly."
+        )
+    }
+}
+
+// Run the main function
+main()