Welcome to the new unified Determinate docs experience!
Advanced
Deploy Determinate with MDM

Deploy Determinate with MDM

💡

This is an advanced topic. Most users should use the standard getting started guide.

Create a "self-service" application which executes the script at the end of this article.

Security considerations

This script behaves similarly to Installomator (opens in a new tab), and validates the package before installing:

  • The package is not re-installed if there is no update.
  • The package is signed by our Apple Developer ID (X3JQ4VPJZ6).

This script must be executed by a non-root user with administrative privileges.

Handling updates

Re-run the installation script to update Determinate and Nix.

Uninstallation

Run sudo /nix/nix-installer uninstall to uninstall Determinate.

Installation script

#!/bin/sh
 
set -eu
 
scratch=$(mktemp -p /tmp -d -t determinate.XXXXXXXXXX)
finish() {
  rm -rf "$scratch"
}
trap finish EXIT
 
realScratch=$(realpath "$scratch")
 
TEAM_ID="X3JQ4VPJZ6"
 
(pkgutil --pkg-info-plist systems.determinate.Determinate 2> /dev/null || true) > "$realScratch/installed.plist"
 
 
installedVersion=$(defaults read "$realScratch/installed.plist" pkg-version  2> /dev/null|| true)
 
downloadUrl=$(curl -w "%{url_effective}\n" -I -L -s -S https://install.determinate.systems/determinate-pkg/stable/Universal -o /dev/null)
currentlyReleased=$(echo "$downloadUrl" | cut -d/ -f4)
 
echo "Installed: ${installedVersion:-n/a}"
echo "Current release: $currentlyReleased"
 
if [ "$installedVersion" = "$currentlyReleased" ]; then
    echo "No update required."
    exit 0
fi
 
echo "Downloading from $downloadUrl"
 
curl \
    --proto '=https' \
    --tlsv1.2 \
    -sSf \
    -L "$downloadUrl" \
    -o "$realScratch/Determinate.pkg"
 
actualTeamId=$(spctl -a -vv -t install "$realScratch/Determinate.pkg" 2>&1 | awk -F '(' '/origin=/ {print $2 }' | tr -d '()')
 
echo "Expected team ID: $TEAM_ID"
echo "Actual team ID: $actualTeamId"
if [ "$actualTeamId" != "$TEAM_ID" ]; then
    echo "Team ID did not match."
    exit 1
fi
 
installer -verboseR -pkg "$realScratch/Determinate.pkg" -tgt "/"
 
echo "Complete"
Managed garbage collectionLog in with AWS STS