make-package.sh

#!/bin/bash

mkdir -p scripts

cat << EOF
#!/bin/bash

[[ $3 != "/" ]] && exit 0

/bin/launchctl load /Library/LaunchDaemons/com.acme.osqueryd.plist

exit 0
EOF > scripts/postinstall

chmod a+x scripts/postinstall

mkdir -p out
mkdir -p root/etc/osquery
mkdir -p root/Library/LaunchDaemons

# creates a launchdaemon with your config
cat << EOF
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
       	<key>Label</key>
       	<string>com.acme.osqueryd</string>
       	<key>ProgramArguments</key>
       	<array>
       		<string>/usr/local/bin/osqueryd</string>
       		<string>--flagfile=/etc/osquery/osquery.flags</string>
       	</array>
    <key>RunAtLoad</key>
    <true/>
    <key>StandardErrorPath</key>
    <string>/var/log/osquery/osquery-error.log</string>
       	<key>StandardOutPath</key>
    <string>/var/log/osquery/osquery-output.log</string>
</dict>
</plist>
EOF > root/Library/LaunchDaemons/com.acme.osqueryd.plist

# create a desired flag file. use whatever options work for you
cat << EOF
--disable_distributed=false
--distributed_plugin=tls
--distributed_interval=10
--distributed_tls_max_attempts=3
--distributed_tls_read_endpoint=/api/v1/osquery/distributed/read
--distributed_tls_write_endpoint=/api/v1/osquery/distributed/write

--logger_plugin=tls
--logger_tls_endpoint=/api/v1/osquery/log
--logger_tls_period=10
EOF > root/etc/osquery/osquery.flags

# create a mac .pkg file
pkgbuild --root root --scripts scripts --identifier com.acme.osqueryd --version 1.0.0 out/osquery_config-1.0.0.pkg