The Okta Device Registration Task requires Python 3 to be installed on the device. Otherwise, the deployment for device trust will fail with errors such as:
Script result: xcrun: error: invalid active developer path (/Library/Developer/CommandLineTools), missing xcrun at: /Library/Developer/CommandLineTools/usr/bin/xcrun
- Device Trust
- Okta Classic Engine
- macOS
Python comes pre-installed on macOS. If macOS is using Python 2.7 (macOS 10.15.xx and 11.xx only), the above error can happen, as Python 2.7 has reached end-of-life (EOL). To prevent any issues, Apple recommends updating workflows to Python 3.
Okta has updated the Device Registration Task to Python 3. For systems where the Python 2 version of our script is no longer working, we recommend moving over to the new Python 3 workflow
At this moment, Okta provides only the Device Registration Task for Python 3.
- To work, ensure that Python 3 and the Xcode command-line tools can run on that device.
Before updating Python
Check the current version of Python:
- Open a Terminal.
- Enter python --version, and then press Enter.
- If the Python version is not above 3.x.x, update to the latest version.
- Verify that the Python 3 dependencies for our script are installed correctly.
#!/bin/sh echo "Running pip3 install --upgrade pip" sudo pip3 install --upgrade pip echo "Running pip3 install pyobjc-framework-SystemConfiguration" sudo pip3 install pyobjc-framework-SystemConfiguration echo "pip3 install pyOpenSSL" sudo pip3 install pyOpenSSL exit
Set up Python 3 in the organization
- If Python 3 is already deployed to the existing systems, then please move to the next section to make sure the Python dependencies for our script are installed correctly.
- If Python 3 is not already set up in the environment, here are some steps to set up Python 3 on the machines:
- In the latest macOS version, the system is already shipping with a Python 3 alias, which requires Xcode command line tools to install Python 3. Below is a helper script that can be run as a pre-requisite on the machines to install Python 3:
#!/bin/sh echo "Checking the existence of the Apple Command Line Developer Tools" /usr/bin/xcode-select -p &> /dev/null # if [[ $? -ne 0 ]]; then # echo "Apple Command Line Developer Tools not found." touch /tmp/.com.apple.dt.CommandLineTools.installondemand.in-progress; installationPKG=$(/usr/sbin/softwareupdate --list | /usr/bin/grep -B 1 -E 'Command Line Tools' | /usr/bin/tail -2 | /usr/bin/awk -F'*' '/^ *\\*/ {print $2}' | /usr/bin/sed -e 's/^ *Label: //' -e 's/^ *//' | /usr/bin/tr -d '\n') echo "Installing ${installationPKG}" /usr/sbin/softwareupdate --install "${installationPKG}" --verbose # else # echo "Apple Command Line Developer Tools are already installed." # fi exit
Device Trust Python 3 Requirements
The updated script for Python 3 requires the “python3“ and “pip3“ aliases on the machines to point to the correct Python 3 installation.
Use the following script to set up the required dependencies for our script:
#!/bin/sh
echo "Running pip3 install --upgrade pip"
sudo pip3 install --upgrade pip
echo "Running pip3 install pyobjc-framework-SystemConfiguration"
sudo pip3 install pyobjc-framework-SystemConfiguration
echo "pip3 install pyOpenSSL"
sudo pip3 install pyOpenSSL
exit
Related References
