It has been a long time coming that in Jamf and Apple land, that we can pre-install packages to the Mac during the enrollment process (DEP, now called Apple Device Enrollment). In our environment, we are switching from the old, bind to the AD domain method and allow password syncs to break even while using Nomad era, to the new (re-branded Nomad) Jamf Connect (See: https://www.jamf.com/products/jamf-connect/). Naturally, we would like to reply the Jamf Connect Login before anything else and use it’s Notify script to streamline the install progress and provide the user information as the installs complete.
The specific error that you see under the Management Commands for the specific computer you are trying to enroll is “No manifest could be created for the package.”
Jamf Pro 10.19-10.21 have an issue that seems related to PI-007954 where Jamf Admin is not automatically calculating the size of the package and creating a correct manifest for it. The manifest is required in order for macOS to install the packages defined in PreStage Enrollments. Since this does not get generated automatically correctly, we must manually build one and upload it for each package we are going to use during the PreStage Enrollment.
There was not much information about this in the community forums on Jamf Nation, nor from Jamf themselves. After talking to support, here is what you need to do:
- Download the source for appmanifest from here: https://github.com/micromdm/tools/archive/v1.zip
- Extract the zipped folder and navigate to appmanifest in the terminal.
- Make sure you have go installed using HomeBrew (brew install go)
- Run go build appmanifest.go
- You should now have a binary called appmanifest that you can move to a more suitable place. I moved mine to the Desktop where the packages generated from Composer are. Run chmod +x appmanifest to make it executable.
cd tools-1/appmanifest/ brew install go go build appmanifest.go mv appmanifest ~/Desktop/
Generate the Package Manifest
- Upload the package using Jamf Admin or some other manual process. Reminder that all packages that you want to use in PreStage Enrollment must be stored on a publicly accessible https distribution point that is not using any authentication. I may do a writeup of how I set that up later since I did not want all of my packages on the public server.
- Run the command: ./appmanifest -url <urlofpackage> <pathoflocalpackage> > <pathandfilenametosavemanifest>
- Upload the manifest plist to the package in Jamf Pro’s Settings -> Computer Managment -> Packages.
./appmanifest -url https://jamfdist.server.com/Packages/JamfConnectLogin-1.11.4.pkg ~/Desktop/JamfConnectLogin-1.11.4.pkg > ~/Desktop/JamfConnectLogin-1.11.4.plist
Example Package Manifest Upload
That is it! Now you should be able to test once you add the package to you PreStage enrollment profile. We were up and running in no time. Hopefully this issue will be resolved soon, but at least we can work around it for now.