I'm looking for advice on getting homebrew on new employee machines automatically. We have a work flow we would like to keep to as few clicks as possible.
I am trying to get the process of pulling down XCode CLI, installing homebrew, adding cask, and then installing third party apps for new employee machines.
I have the XCode CLI component down but having problems with installing homebrew and adding cask. Curious if anyone has a working script to make this happen. I am deploying this process through self service.
Best answer by jhbush
This may be of some help to you.
#!/bin/bash
# Script to install Homebrew on a Mac.
# Author: richard at richard - purves dot com
# Version: 1.0 - 21st May 2017
# Set up variables and functions here
consoleuser="$(python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");')"
brandid="com.application.id"
tn="/path/to/terminal-notifier.app/Contents/MacOS/terminal-notifier"
cd="/path/to/cocoaDialog.app/Contents/MacOS/cocoaDialog"
# Logging stuff starts here
LOGFOLDER="/private/var/log/"
LOG=$LOGFOLDER"Homebrew.log"
if [ ! -d "$LOGFOLDER" ];
then
mkdir $LOGFOLDER
fi
function logme()
{
# Check to see if function has been called correctly
if [ -z "$1" ]
then
echo $( date )" - logme function call error: no text passed to function! Please recheck code!"
echo $( date )" - logme function call error: no text passed to function! Please recheck code!" >> $LOG
exit 1
fi
# Log the passed details
echo -e $( date )" - $1" >> $LOG
echo -e $( date )" - $1"
}
function notify()
{
su -l "$consoleuser" -c " "'"'$tn'"'" -sender "'"'$brandid'"'" -title "'"'$title'"'" -message "'"'$1'"'" "
logme "$1"
}
# Check and start logging - done twice for local log and for JAMF
logme "Homebrew Installation"
# Let's start here by caffinating the mac so it stays awake or bad things happen.
caffeinate -d -i -m -u &
caffeinatepid=$!
logme "Caffinating the mac under process id: $caffeinatepid"
# Have the xcode command line tools been installed?
notify "Checking for Xcode Command Line Tools installation"
check=$( pkgutil --pkgs | grep com.apple.pkg.CLTools_Executables | wc -l | awk '{ print $1 }' )
if [[ "$check" != 1 ]];
then
notify "Installing Xcode Command Tools"
# This temporary file prompts the 'softwareupdate' utility to list the Command Line Tools
touch /tmp/.com.apple.dt.CommandLineTools.installondemand.in-progress
clt=$(softwareupdate -l | grep -B 1 -E "Command Line (Developer|Tools)" | awk -F"*" '/^ +\\*/ {print $2}' | sed 's/^ *//' | tail -n1)
softwareupdate -i "$clt"
rm -f /tmp/.com.apple.dt.CommandLineTools.installondemand.in-progress
/usr/bin/xcode-select --switch /Library/Developer/CommandLineTools
fi
# Is homebrew already installed?
which -s brew
if [[ $? = 1 ]];
then
# Install Homebrew. This doesn't like being run as root so we must do this manually.
notify "Installing Homebrew"
# Curl down the latest tarball and install to /usr/local
curl -L https://github.com/Homebrew/brew/tarball/master | tar xz --strip 1 -C /usr/local
# Manually make all the appropriate directories and set permissions
mkdir -p /usr/local/Cellar /usr/local/Homebrew /usr/local/Frameworks /usr/local/bin /usr/local/etc /usr/local/include /usr/local/lib /usr/local/opt /usr/local/sbin /usr/local/share /usr/local/share/zsh /usr/local/share/zsh/site-functions /usr/local/var
chown -R $consoleuser /usr/local
chmod g+rwx /usr/local/Cellar /usr/local/Homebrew /usr/local/Frameworks /usr/local/bin /usr/local/etc /usr/local/include /usr/local/lib /usr/local/opt /usr/local/sbin /usr/local/share /usr/local/share/zsh /usr/local/share/zsh/site-functions /usr/local/var
chmod 755 /usr/local/share/zsh /usr/local/share/zsh/site-functions
chgrp admin /usr/local/Cellar /usr/local/Homebrew /usr/local/Frameworks /usr/local/bin /usr/local/etc /usr/local/include /usr/local/lib /usr/local/opt /usr/local/sbin /usr/local/share /usr/local/share/zsh /usr/local/share/zsh/site-functions /usr/local/var
# Create a system wide cache folder
mkdir -p /Library/Caches/Homebrew
chmod g+rwx /Library/Caches/Homebrew
chown $consoleuser:wheel /Library/Caches/Homebrew
# Install the MD5 checker or the recipes will fail
su -l "$consoleuser" -c "/usr/local/bin/brew install md5sha1sum"
su -l "$consoleuser" -c "echo "'"export PATH=/usr/local/opt/openssl/bin:$PATH"'" >> ~/.bash_profile"
# Remove temporary folder
rm -rf /usr/local/Homebrew
else
# Run an update and quit
notify "Updating Homebrew"
su -l "$consoleuser" -c "/usr/local/bin/brew update" 2>&1 | tee -a ${LOG}
exit 0
fi
# Make sure everything is up to date
notify "Updating Homebrew"
su -l "$consoleuser" -c "/usr/local/bin/brew update" 2>&1 | tee -a ${LOG}
# Notify user that all is completed
notify "Installation complete"
# No more caffeine please. I've a headache.
kill "$caffeinatepid"
exit 0
@kenny.botelho
Your autobrew script is running homebrew installation as root, that's not recommended for good reasons. You are than changing the permissions of everything in /usr/local to be owned by that user, that is not not good security hygine.
@JustGoogleIt85
Cool script however the part below is unnecessary. Touch fails if the file already exists.
if [[ -f ~/.zshrc ]] ; then
log ".zshrc already exists"
echo "" >> ~/.zshrc
else
log "Creating .zshrc"
touch ~/.zshrc
fi
if [[ -f ~/.bash_profile ]] ; then
log ".bash_profile already exists"
echo "" >> ~/.bash_profile
else
log "Creating .bash_profile"
touch ~/.bash_profile
fi
@bobbyjohn That's actually the whole point of AutoBrew. So you CAN perform the Homebrew install as root, and it's not much different than running the original installer and interactively running through the sudo prompts. The chown is also standard practice for Homebrew installation repairs. Could you perhaps share a bit more about good security hygiene for /usr/local/ ?
/usr/local can contain binaries and other files that are owned by root and should not be writable by any other user and may cause privilege escalations or denial of service. The Jamf executable for example, can be in /usr/local and should be owned by ROOT only while others have permission to execute it. What happens when the current user is able to modify it? They can modify it, leading to priv escalation or delete it and so on. Maybe its not part of your specific threat model but say its a school where the student doesn't have root access but can get it with this? Or maybe just delete the binary because why not?
It is VERY different than the original installer because the original installer changes ownership of individual folders specific to its need.
@darren.leong
The script works fine, due to where. the error is happening (SSL_read function) its something to do with issues at layer 4 or lower. Maybe some caching is preventing it, some security policy, something else? Try doing wget of the repo.
I've updated the source to now have more precision permission changes with the Homebrew install. This would mimic the behavior of how the "original installer changes ownership of individual folders specific to its need."
@honestpuck I am trying the one you posted at the URL and I'm still getting this error:
Mon May 18 14:55:08 EDT 2020 - Updating Homebrew
Error: /usr/local is not writable. You should change the
ownership and permissions of /usr/local back to your
user account:
sudo chown -R $(whoami) /usr/local
@kenny.botelho Your Autobrew script seems to be failing whenever we try to install it... looks like Xcode related...
xcode-select: note: no developer tools were found at '/Applications/Xcode.app', requesting install. Choose an option in the dialog to download the command line developer tools.
Failed during: git config --replace-all homebrew.analyticsmessage true
==> Next steps:
- Run `brew help` to get started
- Further documentation:
chown: /usr/local/bin/brew: No such file or directory
chown: /usr/local/share/doc/homebrew: No such file or directory
chown: /usr/local/share/man/man1/brew.1: No such file or directory
chown: /usr/local/share/zsh/site-functions/_brew: No such file or directory
chown: /usr/local/etc/bash_completion.d/brew: No such file or directory
bash: /usr/local/bin/brew: No such file or directory
bash: /usr/local/bin/brew: No such file or directory
bash: /usr/local/bin/brew: No such file or directory
AutoBrew Installation Failed
