Frequently Asked Questions (FAQ)#

Why patcherctl?

The package (and binary) for Patcher is called patcherctl because the name patcher was already taken on PyPI. Despite this, the project itself is referred to as Patcher.

Does this tool work on Windows?

Not presently. This tool is designed specifically for MacAdmins in mind. However, running the tool within a Docker container has been considered and may be pursued further.

What are the system requirements?

Patcher has been tested on macOS 13 (Ventura) and higher. Patcher may work as expected in earlier operating systems, however it has not been tested.

Refer to Jamf Pro Documentation for system requirements for managing Computers and Mobile Devices.

How do I contribute or report bugs?

First off, we welcome contributions of all types; bug reports, feature requests, etc. Visit our Contributing page for details.

Alternatively, if you have a question find us on the MacAdmins slack: #patcher.

Does Patcher support multiple Jamf Pro environments?

Yes and no and no and yes. The tool can be reset and different Jamf URL’s provided, however this has only ever been tested in an environment with a single Jamf instance with two sites. Proceed with caution.

What logs does the tool generate, and where can I find them?

All logs generated by the command line tool are output to Patcher’s Application Support directory in the user library (~/Library/Application Support/Patcher/logs). If you are utilizing the LaunchAgent, additional logs are output to the same directory.

For more information, see Interpreting Patcher Logs on the Troubleshooting page.

Why doesn’t Patcher use libraries like requests or aiohttp?

Good catch! Patcher avoids these libraries due to challenges related to AIA (Authority Information Access) fetching. Many MacAdmins use security software that controls SSL traffic or validation, potentially casing issues with these libraries unless users modify their trusted SSL certificates. Modifying trusted SSL certificates can introduce security risks and was not a risk we were interested in taking.

Instead, this project uses a combination of asyncio and subprocess to make API calls via curl. This ensures:

  1. Support for AIA Fetching: curl handles AIA fetching, which resolves issues with intermediate certificates in SSL chains.

  2. Security Compliance: No need to modify the default trusted certificates, which helps to keep your device’s security intact.

  3. Smooth Integration: The solution works seamlessly in environments with strict SSL traffic controls, typical for MacAdmins.

Curious as how this is accomplished? Check out the BaseAPIClient class.