punkfairie/install.fairie
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
install.fairie/home/.chezmoiscripts/universal/run_before_01-macos-privileges.sh.tmpl
Brian Zalewski 38341af5f0 Latest
2023-12-06 02:50:29 +00:00

51 lines
2.7 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
# @file Ensure Terminal Permissions
# @brief Ensures the macOS terminal used for the provisioning process has full disk access permissions
# @description
# This script ensures the terminal running the provisioning process has full disk access permissions. It also
# prints information regarding the process of how to enable the permission as well as information related to
# the specific reasons that the terminal needs full disk access. More specifically, the scripts need full
# disk access to modify various system files and permissions.
#
# ## Sources
#
# * [Detecting Full Disk Access permission on macOS](https://www.dzombak.com/blog/2021/11/macOS-Scripting-How-to-tell-if-the-Terminal-app-has-Full-Disk-Access.html)
{{ includeTemplate "universal/profile-before" }}
{{ includeTemplate "universal/logg-before" }}
# @description Prints information describing why full disk access is required for the script to run on macOS.
printFullDiskAccessNotice() {
if [ -d /Applications ] && [ -d /System ]; then
logg md "${XDG_DATA_HOME:-$HOME/.local/share}/chezmoi/docs/terminal/full-disk-access.md"
fi
}
# @description Ensures the terminal running the provisioning process script has full disk access on macOS. It does this
# by attempting to read a file that requires full disk access. If it does not, the program opens the preferences
# pane where the user can grant access so that the script can continue.
ensureFullDiskAccess() {
if [ -d /Applications ] && [ -d /System ]; then
if ! plutil -lint /Library/Preferences/com.apple.TimeMachine.plist > /dev/null ; then
logg star 'Opening Full Disk Access preference pane.. Grant full-disk access for the terminal you would like to run the provisioning process with.' && open "x-apple.systempreferences:com.apple.preference.security?Privacy_AllFiles"
logg prompt 'Press ENTER to check for Full Disk Access again' && read -r
ensureFullDiskAccess
else
logg success 'Current terminal has full disk access'
fi
fi
}
# @description Applies changes that require input from the user such as using Touch ID on macOS when
# importing certificates into the system keychain.
#
# * Ensures CloudFlare Teams certificate is imported into the system keychain
importCloudFlareCert() {
if [ -d /Applications ] && [ -d /System ] && [ -z "$HEADLESS_INSTALL" ]; then
logg info 'Importing Cloudflare_CA.crt into System.keychain' && sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain "$HOME/.local/etc/ssl/cloudflare/Cloudflare_CA.crt"
fi
}
printFullDiskAccessNotice
ensureFullDiskAccess
importCloudFlareCert
Reference in a new issue View git blame Copy permalink