#!/bin/bash

export PATH="$PATH:/usr/bin"
munki_repo="https://munki.hovedkvarteret.no/repo"

string_version=$(/usr/bin/sw_vers -productVersion)
IFS="." read -r -a version <<< "$string_version"

major=${version[0]}
minor=${version[1]}
patch=${version[2]}

# If below 10.15.7, use insecure curl -- Removed 2025-11-17 as macOS 10.15 is no longer supported

managed_installs="/Library/Preferences/ManagedInstalls.plist"
msc_app="/Applications/Managed Software Center.app"
munki_launch_daemon="/Library/LaunchDaemons/com.googlecode.munki.managedsoftwareupdate-check.plist"
current_manifest="$(defaults read $managed_installs ClientIdentifier)"
current_repo_url="$(defaults read $managed_installs SoftwareRepoURL)"
if
	stat "$managed_installs" &> /dev/null &&
	stat "$msc_app" &> /dev/null &&
	stat "$munki_launch_daemon" &> /dev/null &&
	[[ "$current_manifest" != "hk-unassigned"
	&& "$current_manifest" != ""
	&& "$current_repo_url" == "$munki_repo"
	]]; then
	# Munki install looks good, we don't need to do anything
	exit 0
fi

# Get latest munkitools
munki_installed_before="false"
if ls /var/db/receipts | grep com.googlecode.munki.core.plist; then
	munki_installed_before="true"
fi

release_url="https://api.github.com/repos/munki/munki/releases/latest"
# Get the pkg url from the release site. Assumes there is only one artifact
# attached (ignoring the source code downloads).

# Removed Mac Admins community signed releases as this is now embedded in munki-repo on GitHub. 2025-11-17

# Set download name and location, and then downloading the correct Munki installer
pkg_url=$(/usr/bin/curl -s "$release_url" | grep -E 'browser_download_url.*munkitools-.*\.pkg' | head -n1 | sed -E 's/.*"([^"]+)".*/\1/')
pkg_download="/tmp/$(basename "$pkg_url")"
/usr/bin/curl -sLo "${pkg_download}" "${pkg_url}"

# Install munki package
/usr/sbin/installer -pkg "${pkg_download}" -target /

# Install Rosetta if necessary
# Rosetta will probably be dreprecated in the future, but for now we keep it here
arch=$(/usr/bin/arch)
if [[ "$arch" = "arm64" ]]; then
	/usr/sbin/softwareupdate --install-rosetta --agree-to-license
fi

# Set repo URL
defaults write /Library/Preferences/ManagedInstalls SoftwareRepoURL $munki_repo

# Find and set manifest (ClientIdentifier)
serial=$(system_profiler SPHardwareDataType | grep Serial | awk '{ print $NF }');
manifest=$(/usr/bin/curl -X GET -sGd serial=$serial https://zookeeper.hovedkvarteret.no/munki/getmanifest)

if [[ "$manifest" == "" ]]; then
	echo "No ClientIdentifier found by serial number. Using hk-unassigned"
	manifest="hk-unassigned"
fi

/usr/bin/curl -sf ${munki_repo}/manifests/${manifest} > /dev/null
if [[ "$?" == "0" ]]; then
	echo "Setting Munki ClientIdentifier to $manifest"
	defaults write /Library/Preferences/ManagedInstalls ClientIdentifier $manifest
else
	echo "ClientIdentifier \"$manifest\" does not exist. Please set ClientIdentifier with:"
	echo "sudo defaults write /Library/Preferences/ManagedInstalls ClientIdentifier xx-client"
	exit 1
fi

echo "Running managedsoftwareupdate --auto"
# Runs a background process and disowns it, so this script itself finishes
# immideatly after starting the process, which finishes the package
# installation, which frees up the installer so that the pkgs munki installs are
# able to install without waiting for this one to finish.
/usr/local/munki/managedsoftwareupdate --auto & disown