The most important thing you need is either a stable download URL, or some other way to determine where to download the latest version of the application. Some apps, like Chrome and Firefox, offer a singe download URL; others, like Adobe Reader and Flash Player, make you work for it a little bit harder.
Google Chrome
I automated the Google Chrome download-and-install process using two scripts: a postinstall script, run as part of the installer .pkg, and a pkgbuild script, which creates the installer .pkg file. Here are the contents of each:
./scripts/postinstall
#!/bin/bash
echo Downloading and installing latest Google Chrome.
curl https://dl.google.com/chrome/mac/stable/GGRO/googlechrome.dmg > /tmp/googlechrome.dmg
hdiutil attach /tmp/googlechrome.dmg -nobrowse
ditto /Volumes/Google\ Chrome/Google\ Chrome.app /Applications/Google\ Chrome.app
hdiutil detach /Volumes/Google\ Chrome
rm /tmp/googlechrome.dmg
echo Creating First Run file in user profiles.
for user in `ls /Users`; do
mkdir -p /Users/$user/Library/Application\ Support/Google/Chrome
touch /Users/$user/Library/Application\ Support/Google/Chrome/First\ Run
chown -R $user /Users/$user/Library/Application\ Support/Google
done
echo Modifying user template with First Run file.
mkdir -p /System/Library/User\ Template/English.lproj/Library/Application\ Support/Google/Chrome
touch /System/Library/User\ Template/English.lproj/Library/Application\ Support/Google/Chrome/First\ Run
chown -R root:wheel /System/Library/User\ Template/English.lproj/Library/Application\ Support/Google
chmod -R 700 /System/Library/User\ Template/English.lproj/Library/Application\ Support/Google
echo Creating Master Preferences file.
mkdir /Library/Google
cat > /Library/Google/Google\ Chrome\ Master\ Preferences <<EOF
{
"browser" : {
"check_default_browser" : false,
"show_update_promotion_info_bar" : false
},
"distribution" : {
"skip_first_run_ui" : true,
"suppress_first_run_bubble" : true,
"suppress_first_run_default_browser_prompt" : true,
"make_chrome_default" : false
},
"sync_promo" : {
"show_on_first_run_allowed" : false
}
}
EOF
chmod -R 644 /Library/Google
chown -R root:wheel /Library/Google
echo Creating Chrome PLIST.
cat > /Library/Preferences/com.google.Chrome.plist <<EOF
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>HomepageLocation</key>
<string>https://www.google.com/</string>
<key>RestoreOnStartup</key>
<integer>4</integer>
<key>RestoreOnStartupURLs</key>
<array>
<string>https://www.google.com/</string>
</array>
</dict>
</plist>
EOF
chmod 644 /Library/Preferences/com.google.Chrome.plist
chown root:wheel /Library/Preferences/com.google.Chrome.plist
echo Done.
exit 0
./pkgbuild.sh
#!/bin/bash
pkgbuild --identifier com.company.install_chrome --nopayload --scripts scripts "Install Google Chrome.pkg"
As you can see, the postinstall script downloads the latest Google Chrome .dmg from Google, and extracts the .app file. Then, it creates a file in each existing users' profiles, and then in the profile templates, so that users don't see the first-run pages on each new computer they log into. Then, the script creates a master settings file in the Chrome .app to enforce some IT-specified settings, as well as a .plist for the same purpose. This script runs when the installer .pkg, created by the pkgbuild.sh script, is installed via Jamf policy, using Jamf Remote, or manually by double-clicking on it. Whenever an update is available from Google, you can either let automatic updates install it at its leisure, or re-push the installer via Jamf to force all computers to install the latest version.
As you can see, the postinstall script downloads the latest Google Chrome .dmg from Google, and extracts the .app file. Then, it creates a file in each existing users' profiles, and then in the profile templates, so that users don't see the first-run pages on each new computer they log into. Then, the script creates a master settings file in the Chrome .app to enforce some IT-specified settings, as well as a .plist for the same purpose. This script runs when the installer .pkg, created by the pkgbuild.sh script, is installed via Jamf policy, using Jamf Remote, or manually by double-clicking on it. Whenever an update is available from Google, you can either let automatic updates install it at its leisure, or re-push the installer via Jamf to force all computers to install the latest version.
Mozilla Firefox
The pkgbuild.sh script for Firefox is pretty much identical to the one used for Chrome, so I will not re-copy it here. Here is the postinstall script I use for Firefox:
./scripts/postinstall
#!/bin/bash
echo Downloading and installing latest Firefox ESR.
curl -L "https://download.mozilla.org/?product=firefox-esr-latest&os=osx&lang=en-US" > /tmp/firefox.dmg
hdiutil attach /tmp/firefox.dmg -nobrowse
ditto /Volumes/Firefox/Firefox.app /Applications/Firefox.app
hdiutil detach /Volumes/Firefox
rm /tmp/firefox.dmg
echo Creating firefox.cfg file.
cat > /Applications/Firefox.app/Contents/Resources/firefox.cfg <<EOF
//This line must be left as a comment. Do not place any prefs here.
//https://support.mozilla.org/en-US/kb/customizing-firefox-using-autoconfig
//Set the default browser to the Google website.
pref("browser.startup.homepage", "http://www.google.com");
//Skip first-run pages, default browser prompts, etc.
pref("browser.startup.firstrunSkipsHomepage", true);
pref("startup.homepage_welcome_url", "");
pref("datareporting.policy.firstRunURL", "");
pref("browser.defaultbrowser.notificationbar", false);
pref("browser.shell.checkDefaultBrowser", false);
pref("browser.shell.didSkipDefaultBrowserCheckOnFirstRun", true);
EOF
echo Creating prefs .js files in defaults/pref.
cat > /Applications/Firefox.app/Contents/Resources/defaults/pref/autoconfig.js <<EOF
pref("general.config.filename", "firefox.cfg");
pref("general.config.obscure_value", 0);
EOF
cat > /Applications/Firefox.app/Contents/Resources/defaults/pref/channel-prefs.js <<EOF
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
pref("app.update.channel", "esr");
EOF
echo Setting permissions on Firefox.app.
chown -R root:wheel /Applications/Firefox.app
echo Done.
exit 0
Like the Google Chrome script, this downloads the latest version of Firefox, extracts the .app, and creates preferences/settings files to enforce IT-specified values. Updating can be done automatically, or by re-pushing the installer .pkg.
Like the Google Chrome script, this downloads the latest version of Firefox, extracts the .app, and creates preferences/settings files to enforce IT-specified values. Updating can be done automatically, or by re-pushing the installer .pkg.
Adobe Reader
Adobe Reader's installation is pretty straightforward, since there are no preference files to install. It uses the usual pkgbuild.sh, and this postinstall script:
./scripts/postinstall
#!/bin/bash
# First, we need to figure out what the latest version of Adobe Reader is.
# We can do this by querying the Adobe FTP server.
# Since curl sorts FTP results by filename, which here are also dates, and since there's a folder called "misc" at the bottom of the list,
# we know that the next-to-last result is the latest version. If this package breaks, check the FTP URL below to see if Adobe has changed this.
echo Querying Adobe FTP server to find latest version.
latestversion=$( curl ftp://ftp.adobe.com/pub/adobe/reader/mac/AcrobatDC/ | tail -n 2 | head -n 1 | awk '{ print $NF }' )
# Then, download the installation package for the latest version.
echo Downloading version $latestversion installer package.
curl 'ftp://ftp.adobe.com/pub/adobe/reader/mac/AcrobatDC/'"$latestversion"'/AcroRdrDCUpd'"$latestversion"'_MUI.pkg' > /tmp/adobereader.pkg
# Finally, install the package.
echo Installing Adobe Acrobat Reader DC $latestversion.
installer -pkg /tmp/adobereader.pkg -target /
echo Cleaning up Adobe Reader installer package.
rm /tmp/adobereader.pkg
echo Done.
exit 0
Adobe doesn't provide a single URL to download the latest version of Reader (presumably, they would prefer you download it manually.) Luckily, the FTP server returns results in a sorted manner, so we can filter them using head, tail, and awk to find what we need. This downloads a .pkg file, which we can install directly without needing to mount a .dmg and extract a .app.
# First, we need to figure out what the latest version of Adobe Reader is.
# We can do this by querying the Adobe FTP server.
# Since curl sorts FTP results by filename, which here are also dates, and since there's a folder called "misc" at the bottom of the list,
# we know that the next-to-last result is the latest version. If this package breaks, check the FTP URL below to see if Adobe has changed this.
echo Querying Adobe FTP server to find latest version.
latestversion=$( curl ftp://ftp.adobe.com/pub/adobe/reader/mac/AcrobatDC/ | tail -n 2 | head -n 1 | awk '{ print $NF }' )
# Then, download the installation package for the latest version.
echo Downloading version $latestversion installer package.
curl 'ftp://ftp.adobe.com/pub/adobe/reader/mac/AcrobatDC/'"$latestversion"'/AcroRdrDCUpd'"$latestversion"'_MUI.pkg' > /tmp/adobereader.pkg
# Finally, install the package.
echo Installing Adobe Acrobat Reader DC $latestversion.
installer -pkg /tmp/adobereader.pkg -target /
echo Cleaning up Adobe Reader installer package.
rm /tmp/adobereader.pkg
echo Done.
exit 0
Adobe doesn't provide a single URL to download the latest version of Reader (presumably, they would prefer you download it manually.) Luckily, the FTP server returns results in a sorted manner, so we can filter them using head, tail, and awk to find what we need. This downloads a .pkg file, which we can install directly without needing to mount a .dmg and extract a .app.
Adobe Flash Player
I was not actually able to find the correct download URL for Adobe Flash Player by myself. I found that Richard Trouton, on his GitHub, had already posted a ready-made script to download and install Flash Player. You can find his script here. I use this with a standard pkgbuild.sh, like those above, to create a package that can be pushed via Jamf.
No comments:
Post a Comment