Create a Report for 32 Bit Apps

bassic
New Contributor III

I realise I am leaving this a little bit late with Catalina just around the corner, but what I really need is to be able to produce a spreadsheet of what 32 Bit Apps are installed on my Mac fleet, with details of which Mac they are on etc.

I am suprised there is not more chat on here about this- hopefully it's because there is an easy solution which I've overlooked!

I have rrouton's script to create a document on each Mac detailing the 32 bit Apps https://derflounder.wordpress.com/?s=32bit but I can't get this to work as an EA as others seem to be doing.

How is everyone else managing this? We do a lot of scientific computing here, and I suspect there are many 32 bit apps in use.

Thanks in advance!

1 ACCEPTED SOLUTION

bassic
New Contributor III

@amccarty You are the man! That worked perfectly- thanks so much for your help!

View solution in original post

50 REPLIES 50

amccarty
New Contributor III
New Contributor III

You could push out the "detect_installed_32_bit_apps.sh" via a policy to all computers so that it writes the apps to /var/log/32bit_apps_installed.log, then create an Extension Attribute with the following as the EA script:

#!/bin/bash

apps=$(cat /var/log/32bit_apps_installed.log)
echo "<result>$apps</result>"

Then you could obviously create a report based on that once the results are in your inventory.

bassic
New Contributor III

@amccarty You are the man! That worked perfectly- thanks so much for your help!

Bnikel
New Contributor II

How are you creating the report? I am creating a smart group with that EA listed. However I am not getting a list of applications.

tlarkin
Honored Contributor

I have a script that will dump all locally installed 32bit apps into a CSV on your desktop

here is a gist of it

kwoodard
Contributor III

@amccarty Can you share how you set this up? I'm still new to Jamf and I'm not understanding how you got all of this working.

hphan
New Contributor III

@kwoodard @Bnikel Hope the steps below help
1. Create the "detect_installed_32_bit_apps.sh" script under Computer Management > Script. The author is Der Flounder. He publishes a lot of useful materials on Apple stuff.
2. Create a computer policy with the "detect_installed_32_bit_apps.sh" script & Update Inventory
3. Create an extension attribute with the input type as Script and copy the script above from @amccarty

71f528ccc5404e8b9834c21b1975aada

7918d17f609e480f94a02a81165b3bd7

tlarkin
Honored Contributor

so I will say that dumping an entire log to an EA across your fleet is bad, and this is why. Every row in the log is a row in the database, multiplied by the number of clients you have. So, if you have 10 rows in the log, and 2,000 devices that is 20,000 rows in your EA table in the database for just this. The longer the log and the more devices the worse it gets. The jamf pro server is not really a data warehouse.

kwoodard
Contributor III

@tlarkin , how would you modify this too not be so potentially huge?

Thanks for the "how-to" on the report creation. Very helpful.

tlarkin
Honored Contributor

I would install your entire app catalog on a local system, and run code to report on 32bit apps. Then compound that with communications that end users need to test for their personal apps. Provide a tool to give them the data. Catalina has this built in to search for "legacy apps." If your deployment is small you can get away with shipping data to jamf pro via log or EA, but that does not scale. I don't have any specific numbers to give you, but I will say if you want to ship data and act on it, you should ship data to an actual data tool and not jamf.

bassic
New Contributor III

If it helps- in my shop I made it clear to all the users that 32 bit Apps would not work in Catalina, and then tweaked rrouton's script so that it placed the list of 32 bit Apps on the user's desktop, and made this available in Self Service, enabling the users to easily check this themselves.

This way I made it the user's responsibility to check there were no apps they needed that would stop working after the upgrade.

cpominville
Contributor

bassic, you da man!!!

tlarkin
Honored Contributor

You can also check out Legacy Software in System Profiler
03914c38e524418c850f58a899f6892a

acekicker77
New Contributor

Hi @amccarty @hphan thanks this has been great help. I am new to Jamf Pro and this is my first upgrade cycle.

I have followed the instructions below, however I can’t figure out what criteria to use for the new Computer Smart Group.

I thought I could just select the 32-bit apps EA but then what argument do I use in the operator and value fields?

32-bit apps | is not | ????

![optional image ALT text](
1de24d72509346c9a1ac6e1c4196e0b1
)

amccarty
New Contributor III
New Contributor III

@acekicker77 I take it you're trying to create a group which just adds computers with any 32 bit app installed?

If you leave the operator as "is not" and leave the value blank, all computers with 32 bit apps installed will be added to the group as their "32 bit app" EA record will not be blank in the inventory.

If you're trying to be more specific and find Apps you already know are 32 bit, set the operator as "is Like" and put in part of the app name, e.g "Adobe Application Manager", and it will add any machine with that particular app installed to the group.

tlarkin
Honored Contributor

a one liner with Spotlight can do this too

mdfind -name "kMDItemContentType = com.apple.application-bundle && kMDItemExecutableArchitectures != x86_64"

RIP Adobe software

kwoodard
Contributor III

Just saw this pop up in the Jamf newsletter...

How to find remaining 32-bit applications on macOS

tlarkin
Honored Contributor

Yeah still would not recommend storing each app as an EA on each end point, that won't scale to well

kwoodard
Contributor III

Then it begs the question why they (Jamf) are suggesting this as a course of action?

@shane.brown

tlarkin
Honored Contributor

Every line of output in an EA is a row of data in the database. You could potentially be putting in dozens, to hundreds of lines per a device into the database. jamf is not a data warehouse, and I have been stating this for years. EAs are a very neat thing, but their design is to tag data attributes to a system, not pull in tons of client data. If you abuse that at scale, you are gonna have a bad time.

mm2270
Legendary Contributor III

@kwoodard, Well, the link from Jamf you posted doesn't propose listing out all the apps on each Mac that are 32-bit. It's designed to return a simple integer of how many apps are 32-bit only, presumably to narrow down a list of Macs for follow up investigation. There's a huge difference between a full list of application names or paths and a single number being stored per device in the database.

kwoodard
Contributor III

From the article...

from here we can do a few things:

  • if there are any 32-bit applications found, populate an extension attribute
  • create an extension attribute that lists all application titles by comma-separated values
  • output a file to the desktop, email it as an attachment, or push the contents to an external destination (such as a Helpdesk ticketing system)

I would love to know how to do this. I do not have a way to install every piece of software onto one computer and run a command to find all the 32-bit applications. I have to many unique boxes with one off software installs that were not installed via Jamf.

mm2270
Legendary Contributor III

Ok, I stand corrected. I did not see that second bullet point when looking it over. It's interesting that the only script they post on the blog entry is the one to list the total number of 32-bit apps though. I wonder what Jamf's position on this is - if for example they really recommend listing out all the apps found or if going with the integer is better. It almost seems like they recommend the latter, but I don't know.

If it were me, I would probably use the integer method, and then do a follow up policy, scoped only to any Macs that show a value greater than 0, that ran a script to list out all the found 32-bit only apps, and perhaps upload them as a plain text attachment to the computer record for download later (using the API)
I guess it depends on how many legacy apps you expect to have, how many Macs you have in your fleet, how old the OSes on them are, and several other factors.

kwoodard
Contributor III

I have run the integer report and remoted into that box and ran the script that lists the titles. Some of my boxes have between 70-90 32-bit applications. I know a lot are pieces of Adobe. Some are old MS Office bits... The rest are a hodgepodge of old one-off applications like Test Gen. I need to get a list of these.

Ultimately, I want to have all of these loaded into Jamf and available via Self Service. My next big hurdle is getting our PC guys to STOP INSTALLING THINGS DIRECTLY onto a users Mac and to use Self Service instead. If something isn't on SS, LET ME KNOW SO I CAN ADD IT! (sorry, got a little carried away there...)

tlarkin
Honored Contributor

So, jamf is doing a few things here in this article:
- Using Spotlight to do an index search (which I agree with, I use meta data all the time)
- Creating an array of data of app name (but excluding path, or other valuable data)
- Dumping all this data in an EA, which runs at recon on every endpoint
- since it runs at every recon, you are gonna be running this forever until you turn it off

This will not work at scale. EAs are not meant to store data like a data warehouse, they are meant for simple string values, boolean, and integer data sets. As someone who has worked at scale with many jamf environments, this is something I would never recommend.

kwoodard
Contributor III

@tlarkin , what would you recommend then? Without being able to install all apps onto one computer to run this script, how would you proceed? How would you use Jamf to get this data from a large number of machines, where you are unable to physically touch some of them, or have software that has been installed directly on the computer and not uploaded to Jamf? I doubt I am alone with a situation like this.

tlarkin
Honored Contributor

In the past I have had a master Kitchen Sink Python script that will call the jamf API and return every single policy ID that is tied to a software install and then install it. Then run local code to build a CSV of all 32bit apps, their file path, and what they are. If your users are admin and can install anything, then not sure how you are supposed to be on the hook to validate all 32bit apps. I know you can put forth best effort for this but tossing your entire app install base into an EA, that runs every recon forever, just sounds like a whole lot of pain waiting to happen.

I have also been communicating to end users for the past 18 months that with Catalina 32 bit apps are probably going to be dead.

kwoodard
Contributor III

My end users for Mac, in general, never even read emails regarding stuff to be wary of with Mac's. I could talk to them till I'm blue in the face about needing to update 32-bit software to 64-bit software and all I would get from them is a deer in the headlights look...they don't know what it is, what it means, or care. So, the onus is on me to get this done. The folks that used to manage the Mac's on our campus are all PC guys and don't like to do anything with Mac's. Whenever they would get a ticket for something Mac related, it usually sat for a bit before they worked on it. Even know, if someone needs something installed, they just go and do it on the unit, without even thinking, "Hey, we have a tool that manages the Mac's! Perhaps we should have the Mac guy (me) add this to Jamf to make this easier in the future." So, I'm coming into a mess and am trying to get it going smoothly. I have a long way to go, but I'm learning and would rather follow best practices from the get-go. So far this has been the biggest issue I have run into and I have 90 replacement computers that are more than likely going to ship with Catalina installed, so I need this 32-bit inventory done ASAP. My thought when running this EA is to only run it for a week, to give all computers time to report in (I have a lot of laptops that are used offline), then disable it.

tlarkin
Honored Contributor

For your situation if time is the biggest factor, then you might be right, your only option might be the EA route. Just remember to turn it off when you're done.

jhuls
Contributor III

Am I missing something? I could have swore that when I read through Jamf's solution that it was stripping out the application names and only reported back the number of 32 bit applications. Aside from the fact that I don't find that number to be all that useful in the grand scheme of things, from a technical standpoint we're only talking about a single number being housed in the database from the EA, aren't we?

mm2270
Legendary Contributor III

@jhuls You are not incorrect, technically. The example script Jamf posts on that blog only captures the total number of 32 bit apps on the device as an integer, which has little impact to the database I'd imagine. But... as @kwoodard mentioned above, they do say the method explained can be used to list all installed 32-bit applications as well. I don't really recommend doing it, but Jamf's article doesn't specifically mention NOT to do it.
It's kind of left up to the reader to determine the best course of action and what they feel comfortable with.

tlarkin
Honored Contributor

So the data isn't really actionable, you cannot run reports on what 32bit apps are installed, only if they exist. Then what? If you don't know what apps, and you cannot report on it, and it is an EA, are you going to hand roll through all device records to find out which apps are 32bit? I typically try to build data I can use and is actionable, and scales to something better than me manually digging through device records.

I know not everyone is afforded their own decision making, but to me dropping a report on an end users Desktop, or installing all the software on a test system and running your own report ended up being the better methods for me to get actionable data. Otherwise, I would have not known all the details of the 32bit apps that were being installed.

Heavy_D
Contributor III

@bassic If you don't mind me asking how did you tweak the script to add it to the users Desktop when ran. I think this would be the best solution for us as well. But would like to make sure it puts the file on their desktop. Looking at the script the only thing I can think of is changing the Variable to the correct path but I am not sure.

bassic
New Contributor III

Hi @JarvisUno

I basically modded rrouton's script so that it creates the list of 32 bit apps, then moves it to the current logged in user's desktop. I then made this available in Self Service. I have to say it has worked pretty well here, but my users are mainly scientists, so are fairly technical. Here is the script I used-

!/bin/bash

Detect all 32-bit apps installed in /Applications, /Library

or /usr/local and output list to logfile stored in /var/log, then move to the logged in user's Desktop.

ThirtyTwoBit_app_logfile="/var/log/32bit_apps_installed.log"
ERROR=0

this script must be run with root privileges

if [[ "$(/usr/bin/id -u)" -eq 0 ]]; then

# Create log file if not present if [[ -f "$ThirtyTwoBit_app_logfile" ]]; then echo "$ThirtyTwoBit_app_logfile found. Proceeding..." else echo "Creating $ThirtyTwoBit_app_logfile log. Proceeding..." touch "$ThirtyTwoBit_app_logfile" fi

# Get a list of all installed applications ThirtyTwoBit_app_list=$(/usr/sbin/system_profiler SPApplicationsDataType)

if [[ -n "$ThirtyTwoBit_app_list" ]]; then

# get all non-64 Bit applications from the initial list ThirtyTwoBit_app_list=$(echo "$ThirtyTwoBit_app_list" | /usr/bin/grep -A3 "64-Bit (Intel): No")

# filter out all applications in /Applications, /Library and /usr/local ThirtyTwoBit_app_list=$(echo "$ThirtyTwoBit_app_list" | /usr/bin/grep -E "Location:[^/]*/(Applications|Library|usr/local)/")

# remove everything except the path ThirtyTwoBit_app_list=$(echo "$ThirtyTwoBit_app_list" | /usr/bin/sed -n 's/.Location:[[:space:]](.*)/1/p')

if [[ -n "$ThirtyTwoBit_app_list" ]]; then echo "$ThirtyTwoBit_app_list" > "$ThirtyTwoBit_app_logfile" echo "List of detected applications available in $ThirtyTwoBit_app_logfile" else echo "No 32-bit applications found in /Applications, /Library or /usr/local." > "$ThirtyTwoBit_app_logfile" fi

get logged in user

loggedInUser=/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }'

move the file to the desktop of logged in user

mv "/var/log/32bit_apps_installed.log" /Users/$loggedInUser/Desktop

exit 0 ## Success
exit 1 ## Failure

fi

else log "ERROR! You must be root in order to run this script!" ERROR=1
fi

exit $ERROR

Heavy_D
Contributor III

@bassic Ok, I cleaned it up a bit but does this look correct to you?

#!/bin/bash

# Detect all 32-bit apps installed in /Applications, /Library
# or /usr/local and output list to logfile stored in /var/log.


ThirtyTwoBit_app_logfile="/var/log/32bit_apps_installed.log"
ERROR=0

# this script must be run with root privileges
if [[ "$(/usr/bin/id -u)" -eq 0 ]]; then

    # Create log file if not present
    if [[ -f "$ThirtyTwoBit_app_logfile" ]]; then
       echo "$ThirtyTwoBit_app_logfile found. Proceeding..."
    else   
       echo "Creating $ThirtyTwoBit_app_logfile log. Proceeding..."
       touch "$ThirtyTwoBit_app_logfile"
    fi

    # Get a list of all installed applications
    ThirtyTwoBit_app_list=$(/usr/sbin/system_profiler SPApplicationsDataType)

    if [[ -n "$ThirtyTwoBit_app_list" ]]; then

        # get all non-64 Bit applications from the initial list
        ThirtyTwoBit_app_list=$(echo "$ThirtyTwoBit_app_list" | /usr/bin/grep -A3 "64-Bit (Intel): No")

        # filter out all applications in /Applications, /Library and /usr/local
        ThirtyTwoBit_app_list=$(echo "$ThirtyTwoBit_app_list" | /usr/bin/grep -E "Location:[^/]*/(Applications|Library|usr/local)/")

        # remove everything except the path
        ThirtyTwoBit_app_list=$(echo "$ThirtyTwoBit_app_list" | /usr/bin/sed -n 's/.*Location:[[:space:]]*(.*)/1/p')

        if [[ -n "$ThirtyTwoBit_app_list" ]]; then
            echo "$ThirtyTwoBit_app_list" > "$ThirtyTwoBit_app_logfile"
            echo "List of detected applications available in $ThirtyTwoBit_app_logfile"
        else
            echo "No 32-bit applications found in /Applications, /Library or /usr/local." > "$ThirtyTwoBit_app_logfile"
        fi
        # Get logged in user
        loggedInUser=/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }'

    #move the file to the desktop of logged in user
     mv "/var/log/32bit_apps_installed.log" /Users/$loggedInUser/Desktop

exit 0 ## Success
exit 1 ## Failure

fi

else log "ERROR! You must be root in order to run this script!" ERROR=1
fi

exit $ERROR

sdamiano
Contributor II

Instead of putting the log on the desktop, you can upload the .log file as an attachment to your jamf pro server.

#!/bin/sh

curl -sku $JSSUSERNAME:$JSSPW $YourURL/JSSResource/fileuploads/computers/id/$ID -F name=@/var/log/32_bit_apps_installed -X POST

This assumes that your script logic can already identify the computers ID in Jamf, and that your API user creds are passed securely, and that your API User has the create attachments permission.

Heavy_D
Contributor III

@sdamiano thanks for that, I like the idea of the end user seeing the apps that will no longer work when they upgrade to Catalina. I just want to make sure the syntax is sound before I start testing it.

sdamiano
Contributor II

@JarvisUno sounds good, and thats admirable. Not everyone has technically savvy users who would understand. You may still want to curl the file back to you/your jamf server just in case of user error or discrepancy.

Hugonaut
Valued Contributor II

here is a nice pretty applescript you could use, it will actually display to the end user a list of just the applications, path to application omitted. Looks nice if you need to alert end users upgrading themselves. My end product is very different but this gives you a nice base to work around, pop up message & dialog box with the applications.

#!/usr/bin/osascript

set theuser to do shell script "echo $USER"

do shell script "echo 'Applications You will Need to Update' >> /Users/$USER/Desktop/32bitapps.txt"
do shell script "echo '_____________________________' >> /Users/$USER/Desktop/32bitapps.txt"

do shell script "cat /var/log/32bit_apps_installed.log | sed 's|.*/||' >> /Users/$USER/Desktop/32bitapps.txt"

set appalert to read "/Users/" & theuser & "/Desktop/32bitapps.txt"

display dialog "Application Scan complete. Before upgrading to macOS, please be aware that some applications may not work. The following list, if populated, contains the name of Applications that will need to be updated when you upgrade to macOS Catalina." with title ("Applications Notice") buttons {"Okay"} default button "Okay" with icon alias (POSIX file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/ApplicationsFolderIcon.icns")

display dialog appalert with title ("Applications Notice") buttons {"Okay"} default button "Okay" with icon alias (POSIX file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/ApplicationsFolderIcon.icns")

do shell script "rm -rf /Users/$USER/Desktop/32bitapps.txt"
________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________


Virtual MacAdmins Monthly Meetup - First Friday, Every Month

jared_f
Valued Contributor

I think listing all the applications in an EA is fine if you aren't running it daily. I set it at once a month and made it available in Self Service for techs.