macOS scan¶
Basic operation¶
The macOS scanner for OctoSAM Inventory is a bash/zsh shell script that generates a zip archive with the filename extension .scam. The current scanner can be found in the subdirectory Native/octoscan-mac of the OctoSAM delivery archive.
Shell scripting is used to minimize dependencies on the operating system level. Only the shell script is needed to scan a system.
The scanner depends mainly on the standard macOS system_profiler utility. A couple of other standard macOS tools are also used to provide further information.
Invocation and collection of generated files¶
Typically the scanner is invoked using existing management infrastructure. It's highly recommended to start the scanner in the user's context (for example as a Launch Agent etc.) as that gives you valuable device affinity information.
Standalone invocation¶
Copy the shell script octoscan.py on a USB stick. On the target Mac, open Terminal and navigate to the mounted stick and call the scanner.
$ cd /Volumes/MYSTICK
./octoscan.sh
a .scam File will be created in the current directory. Manually copy the file to the OctoSAM import folder.
Network integration and automation¶
FILE=$(./octoscan.sh -o /tmp)
The program emits the generated filename to stdout, use the variable ${FILE}to further process the file.
It's up to you to transfer the generated files to the OctoSAM Import Service import folder. Choose the method best suited to your environment. Whenever possible use existing infrastructure to copy the files.
Using an OctoSAM upload server¶
In Mac environments, copying the scan files to a central Windows share can be a challenge. It's recommended to use the OctoSAM provided upload server instead. The upload server provide a facility to upload the generated files over http(s).
Octosoft provides upload servers for Windows/IIS and Linux/nginx
Use the curl utility (or any other tool that supports http(s) file uploads) to upload the generated file.
FILE="$(./octoscan.sh -o /tmp)"
if curl -F "upload=@${FILE}" https://youruploadserver.yourdomain:/upload/
then
rm "${FILE}"
fi
Optional notarized Apple package¶
Depending on your system architecture and Mac management philosophy, it's sometimes easier to use a standard package to install and configure the scanner on your Macs.
On request, Octosoft provides a pre-configured and notarized macOS package that installs the scanner with a site-specific configuration.
Notarized scanner package install¶
The notarized package is a .pkg file that installs an app package on the target system.
The structure of the installed package adheres to the macOS standard application bundle layout. The name of the installed package differes with your OctoSAM license shortname and tag configuration.
The package installs a Launch Agent configuration to start the scanner after a user logon. The scan is performed only for ordinary users. Login of user root does not produce a scan.
Progress of the scan can be observed in the the per-user folder ~Library/Caches/ch.octosoft.octoscan/
Notarized package scanner wrapper script¶
The Launch Agent starts a wrapper script that first tests if a new scan is due. Typically the scanner gets called only after a configured time has passed since the last scan. This wait period is site-specific in the range between 4 and 72 hours. A shorter wait period generates more files and therefore a higher load on the OctoSAM server components.
The .scam file produced by the scanner gets uploaded to an OctoCollect upload server using the curl command. The wrapper script also has some retry logic to retry failed uploads.
Rosetta requirement¶
On Apple Silicone based computers, the .pkg currently requests the Installation of Rosetta even though no binary programs are installed. All installed programs are shell or Apple Script scripts provided in source code.