Automate Package Creation for JAMF
READER BEWARE: THE FOLLOWING WRITTEN ENTIRELY BY AI WITHOUT HUMAN EDITING.
This guide shows how to package the Colima CLI with macOS pkgbuild for distribution via Jamf. It produces a simple, versioned installer that:
- Installs the
colimabinary to/usr/local/bin - Optionally creates a symlink in
/opt/homebrew/bin(useful on Apple Silicon) - Is architecture-aware (arm64 and x86_64)
Notes:
- Colima itself does not bundle Lima/QEMU. If your workloads need them, deploy those separately (e.g., via Jamf or a second pkg).
- Tested on macOS 12+.
Prerequisites
- A Mac build machine (CI or local).
curl,tar,pkgbuild(Xcode Command Line Tools).- The Colima release version you want to deploy (see https://github.com/abiosoft/colima/releases).
Directory layout
We’ll create a minimal payload and scripts directory that pkgbuild expects:
colima-pkg/
payload/
usr/
local/
bin/
colima # binary (installed by pkg)
scripts/
preinstall # optional cleanup
postinstall # fix perms and create symlink for Homebrew path
Build script (one-command build) Create and run the following script to download, stage, and build the pkg for the local architecture:
#!/usr/bin/env bash
set -euo pipefail
VERSION="${VERSION:-0.6.14}" # set desired Colima version or export VERSION
IDENTIFIER="com.example.colima"
PKG_NAME="colima-${VERSION}.pkg"
WORKDIR="$(pwd)/colima-pkg"
PAYLOAD="${WORKDIR}/payload"
SCRIPTS="${WORKDIR}/scripts"
# Detect architecture and map to release asset names
case "$(uname -m)" in
arm64) ARCH="arm64" ;;
x86_64) ARCH="x86_64" ;;
*) echo "Unsupported architecture: $(uname -m)"; exit 1 ;;
esac
URL="https://github.com/abiosoft/colima/releases/download/v${VERSION}/colima-Darwin-${ARCH}.tar.gz"
echo "Building Colima pkg v${VERSION} for ${ARCH}"
rm -rf "${WORKDIR}" "${PKG_NAME}"
mkdir -p "${PAYLOAD}/usr/local/bin" "${SCRIPTS}"
# Fetch and extract the binary
TMPDIR="$(mktemp -d)"
trap 'rm -rf "${TMPDIR}"' EXIT
curl -fsSL -o "${TMPDIR}/colima.tgz" "${URL}"
tar -xzf "${TMPDIR}/colima.tgz" -C "${TMPDIR}"
# Stage binary into payload
install -m 0755 "${TMPDIR}/colima" "${PAYLOAD}/usr/local/bin/colima"
# Write preinstall (cleanup old paths/symlinks)
cat > "${SCRIPTS}/preinstall" <<'EOS'
#!/bin/sh
set -e
# Remove a stale Homebrew symlink if it points to an unexpected target
if [ -L "/opt/homebrew/bin/colima" ] && [ ! -e "/opt/homebrew/bin/colima" ]; then
rm -f "/opt/homebrew/bin/colima"
fi
# Ensure target directories exist
mkdir -p /usr/local/bin
EOS
chmod 755 "${SCRIPTS}/preinstall"
# Write postinstall (fix perms, optional Homebrew symlink)
cat > "${SCRIPTS}/postinstall" <<'EOS'
#!/bin/sh
set -e
BIN="/usr/local/bin/colima"
if [ -f "$BIN" ]; then
chown root:wheel "$BIN" || true
chmod 0755 "$BIN" || true
fi
# If Homebrew is in /opt/homebrew (Apple Silicon default), provide a convenience symlink
if [ -d "/opt/homebrew/bin" ]; then
ln -fnsv "$BIN" "/opt/homebrew/bin/colima" || true
fi
# Basic smoke test (non-fatal)
if command -v "$BIN" >/dev/null 2>&1; then
"$BIN" version >/dev/null 2>&1 || true
fi
EOS
chmod 755 "${SCRIPTS}/postinstall"
# Build the pkg
pkgbuild \
--root "${PAYLOAD}" \
--scripts "${SCRIPTS}" \
--install-location "/" \
--identifier "${IDENTIFIER}" \
--version "${VERSION}" \
"${PKG_NAME}"
echo "Built ${PKG_NAME}"
Usage:
- Save as
build-colima-pkg.sh. - Run:
chmod +x build-colima-pkg.sh && ./build-colima-pkg.sh - Optionally override the version:
VERSION=0.6.15 ./build-colima-pkg.sh
Testing locally
- Install:
sudo installer -pkg colima-<version>.pkg -target / - Verify:
/usr/local/bin/colima version- On Apple Silicon (if Homebrew is present):
/opt/homebrew/bin/colima version
Jamf distribution
- Upload the generated
.pkgto Jamf (Packages). - Create a Policy:
- Payload: “Packages” → add your
colima-<version>.pkg. - Scope to your target Smart/Static Groups.
- (Optional) Add a “Files and Processes” command to pre-create config/state or to run a one-time
colima versioncheck.
- Payload: “Packages” → add your
- Trigger via Self Service or Recurring Check-in as desired.
Updates and rollback
- Rebuild with a newer VERSION and upload as a new package. Jamf will replace the binary.
- To remove Colima via a Jamf script:
rm -f /usr/local/bin/colima /opt/homebrew/bin/colima
Troubleshooting
- Ensure PATH on managed devices includes either
/usr/local/binor/opt/homebrew/bin. - If users need Lima/QEMU for specific VM backends, deploy them as separate pkgs or via a Jamf script (e.g., using your org’s curated binaries).