#!/bin/bash set -euo pipefail TARGET_DIR="/Library/Application Support/SafeDNS" TARGET_FILE="$TARGET_DIR/config.plist" STATUS_FILE="/Library/Group Containers/group.com.safedns.agent.macos.enterprise/MDMStatus.txt" LOG_FILE="/var/log/safedns-installer.log" AUTH_KEY="123zZGNlOGYtN2Nokd00M2ZlLWAKD2UtNTU000NlNjc5Maaa" DEVICE_NAME=$(scutil --get ComputerName 2>/dev/null || hostname) PROFILE_VERSION=$(date '+%Y.%m.%d') log_file() { echo "$(date '+%Y-%m-%d %H:%M:%S') [$1] $2" >> "$LOG_FILE" } log_info() { echo "== $1"; log_file "INFO" "$1"; } log_ok() { echo "✔ $1"; log_file "OK" "$1"; } log_warn() { echo "⚠ $1"; log_file "WARN" "$1"; } log_err() { echo "✘ $1"; log_file "ERR" "$1"; } log_info "Starting SafeDNS configuration plist creation" mkdir -p "$TARGET_DIR" chown root:wheel "$TARGET_DIR" chmod 755 "$TARGET_DIR" log_ok "Directory prepared: $TARGET_DIR" printf '%s\n' " AuthKeyBase64 $AUTH_KEY deviceName $DEVICE_NAME profileVersion $PROFILE_VERSION " > "$TARGET_FILE" chown root:wheel "$TARGET_FILE" chmod 644 "$TARGET_FILE" # chmod 600 "$TARGET_FILE" log_ok "config.plist written to $TARGET_FILE" if plutil -lint "$TARGET_FILE" | grep -q "OK"; then mkdir -p "$(dirname "$STATUS_FILE")" { echo "Product: SafeDNS" echo "Action: install" echo "Status: install_completed" echo "DeviceName: $DEVICE_NAME" echo "ProfileVersion: $PROFILE_VERSION" echo "Timestamp: $(date '+%Y-%m-%d %H:%M:%S')" echo "LogFile: $LOG_FILE" } > "$STATUS_FILE" log_ok "SafeDNS config.plist created successfully" log_ok "Install status written to $STATUS_FILE" else mkdir -p "$(dirname "$STATUS_FILE")" { echo "Product: SafeDNS" echo "Action: install" echo "Status: install_failed" echo "DeviceName: $DEVICE_NAME" echo "ProfileVersion: $PROFILE_VERSION" echo "Timestamp: $(date '+%Y-%m-%d %H:%M:%S')" echo "LogFile: $LOG_FILE" } > "$STATUS_FILE" log_err "Invalid config.plist format" exit 1 fi log_ok "SafeDNS install script completed"