Jamf Nation Community

CSHGreenwich · ‎06-12-2014

I used to be able to package Firefox with no issue. We just want a vanilla install through Self Service for new students when they return in the Fall. I have tried just doing the copy to applications with out opening it. Fairly new to casper so just simple suggestions please.

rtrouton · ‎06-12-2014

I recommend using Autopkg to create the Firefox installer:

http://derflounder.wordpress.com/2013/11/10/using-autopkg-to-download-and-create-installers-for-fire...

mpermann · ‎06-12-2014

If you have Firefox 30.0 in the Applications folder all you really need to do is to open Composer on the computer that has Firefox and drag the Application into the Sources sidebar. Then set the permissions appropriately and build it as either a .dmg or .pkg file. Now upload the resulting file into the JSS using Casper Admin and then create a policy in the JSS that makes the file available in Self Service.

daz_wallace · ‎06-13-2014

I second Rich's suggestion of AutoPKG. Great tool and multiple uses (Java and flash plugins anyone!).

If you are going to package Firefox from the Apps Folder, either open it once to clear the Quarantine flag, or manually using:

xattr -d com.apple.quarantine /PATH/TO/APPLICATION

This will stop the 'This app was downloaded from the internet. Are you sure you wanna open it' warning.

Hope that helps!

Darren

scottb · ‎06-13-2014

So, out of curiosity, there have been two such posts this week. Did something change in Firefox or is this coincidental? Just curious...

rtrouton · ‎06-13-2014

@boettchs,

Something changed in Firefox 30, but likely not in the way you're thinking of. Details here:

http://derflounder.wordpress.com/2014/06/13/firefox-30-blocks-access-on-non-windows-platforms-to-sha...

ernstcs · ‎06-17-2014

@rtrouton is there a way to script that false to true toggle for the Firefox config? =D

One of my co-workers who admins our Sharepoint site found your post. He says he owes you a beer.

rtrouton · ‎06-17-2014

@ernstcs,

There may be a way to script it, but I'm not aware of it. I'm handling this issue through documentation and user education.

mm2270 · ‎06-17-2014

I have no need to make the changes listed above for where am I, but I decided to poke at this to see if it could be scripted. Looks possible (see script below) but it requires that Firefox is not running since it seems any changes to the file from outside Firefox will get overwritten with the application's cache when its quit.
Its also user specific since its stored in the Firefox profile folders prefs.js file.

I whipped this up, but haven't done any extensive testing. Rough, so probably could use some tweaking and polishing if you plan to use it.

#!/bin/bash

loggedInUser=$( ls -l /dev/console | awk '{print $3}' )
userFFprofile=$( ls "/Users/$loggedInUser/Library/Application Support/Firefox/Profiles/" | grep ".default$" )
userFFPrefsJS="/Users/$loggedInUser/Library/Application Support/Firefox/Profiles/${userFFprofile}/prefs.js"


function setAuthtoTrue ()
{

## Capture existing permissions settings on the prefs.js file so we can reset it later
permSettings=$( ls -l "${userFFPrefsJS}" | awk '{print $3":"$4}' )

ffRunning=$( ps axc | grep -i "firefox$" )

if [[ "$ffRunning" == "" ]]; then
    ## Echo in the network.negotiate settings to the prefs.js file
    echo "Making changes to prefs.js file"
    echo "user_pref("network.negotiate-auth.allow-insecure-ntlm-v1", true);" >> "${userFFPrefsJS}"
    if [[ "$?" == "0" ]]; then
        echo "Changes successful. Correcting permissions on prefs.js file"
        ## Correct permissions on the prefs.js file
        chown "${permSettings}" "${userFFPrefsJS}"
        exit 0
    else
        echo "Changes could not be made at this time"
        exit 1
    fi
else
    echo "Firefox is running. Any changes made programmatically can be overwritten by application cache. Exiting."
    exit 0
fi

}

if [[ -e "${userFFPrefsJS}" ]]; then
    if [[ $(grep "network.negotiate-auth.allow-insecure-ntlm-v1" "${userFFPrefsJS}") == "" ]]; then
        echo "NTLMv1 auth is set to false."
        setAuthtoTrue
    else
        echo "NTLMv1 auth is set to true. No changes needed."
        exit 0
    fi
else
    echo "No user level prefs.js located. Firefox may not have been launched and configured on this Mac"
    exit 0
fi

It seems that although the setting shows up in the about:config location in Firefox when its not set, the prefs.js file doesn't contain it when set to false, only when set to true, so the script just checks to see if we can grep that line from the prefs.js file and then takes appropriate action if Firefox isn't running.

Aaron · ‎06-17-2014

Oh wow, this is less than optimal.

Thanks for the heads up though, this would have been a nightmare to diagnose otherwise.

signetmac · ‎06-24-2014

this is my scripted fix for this. A lot less fancy:

#!/bin/bash

useris=$(who | grep -v support | awk '{print $1}' | awk "NR==1{print;exit}")
firefoxPath=$(grep "Path=" /Users/"$useris"/Library/Application Support/Firefox/profiles.ini | awk -F '=' '{print $2}')

echo 'user_pref("network.negotiate-auth.allow-insecure-ntlm-v1", true);' >> /Users/"$useris"/Library/Application Support/Firefox/"$firefoxPath"/user.js

According to Mozilla:

In the profile directory are two user pref files: prefs.js and user.js. prefs.js is automatically generated by the application and should not be edited manually, whereas user.js is an optional file the user can create to override preferences initialized by other preferences files.

https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/A_brief_guide_to_Mozilla_preferences

Jamf Nation Community

Firefox 30.0 Using JSS 8.73