Homebrew Self-Service Install

CSCC-JS
Contributor II

Working on a Self-Service Homebrew option.

Trying to find a way to run brew update, upgrade, and cleanup in the install script not as sudo. See script bellow.

#!/bin/zsh

# Install Apple Xcode CLT
rm -rf /Library/Developer/CommandLineTools
xcode-select --install

# Install Homebrew
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

# Find a way to run bellow without sudo

# brew update
# brew upgrade
# brew cleanup

exit 0
27 REPLIES 27

wmehilos
Contributor

honestpuck
New Contributor III

I also have a solution:

homebrew.sh

Once you install Homebrew running brew commands doesn't require sudo or administrator rights for the user.

MikeF
Contributor II

I have been fighting this fot a day now. Your script solved all my problems. Thanks

Rokas
New Contributor III

@honestpuck

Thanks for great script, but then in install via JAMF self service and after I try to install something with brew I get this, is it expected behaviour or I'm doing something wrong:

brew install midnight-commander
Error: The following directories are not writable by your user:
/usr/local/share
/usr/local/share/man
/usr/local/share/man/man1
/usr/local/share/zsh
/usr/local/share/zsh/site-functions

You should change the ownership of these directories to your user.
  sudo chown -R $(whoami) /usr/local/share /usr/local/share/man /usr/local/share/man/man1 /usr/local/share/zsh /usr/local/share/zsh/site-functions

And make sure that your user has write permission.
  chmod u+w /usr/local/share /usr/local/share/man /usr/local/share/man/man1 /usr/local/share/zsh /usr/local/share/zsh/site-functions

honestpuck
New Contributor III

@Rokas 

I'm assuming this is an Intel Mac, which OS are you running? Have you had a look at the log for when the policy ran the homebrew install script? Are you attempting the midnight-commander install from a policy or the command line?

sdagley
Honored Contributor II

@Rokas When you're running a script from Jamf it's running as root, and I expect Homebrew installed via @honestpuck's script needs installs to be done from the logged in user's account. See this article on how you can do that: https://scriptingosx.com/2020/08/running-a-command-as-another-user/

Rokas
New Contributor III

@sdagley script already contains parts to run as user and it installs brew on user level successfully, just doesn't change some directory permissions for some reason..

Jason33
Contributor II

So I'm able to install Homebrew, and can do installs, however, since the user is not an admin, when I get prompted at the end of the process to enter password to move the app to the /Applications folder, it fails. There a way around this?

honestpuck
New Contributor III

@Jason33 

It's not possible to install scripts into /Applications via Homebrew if the user is not an admin. You should package the application and install it via Jamf. This is not a limitation of any script to install Homebrew but built in to the Apple security.

jlombardo
New Contributor III
I live in a world where everyone at my company is an admin.

Pray for me

foo_BeBu
New Contributor III

I found a part of a script which might help you installing brew with jamf:

 

# Jamf will have to execute all of the directory creation functions Homebrew normally does so we can bypass the need for sudo
	  	#Make Brew Folders
		/usr/bin/logger -t "Brew: ${0##*/}" "Brew not found, preparing..."
		/bin/mkdir -p /usr/local/Cellar /usr/local/Homebrew /usr/local/Frameworks /usr/local/bin /usr/local/etc /usr/local/include /usr/local/lib /usr/local/opt /usr/local/sbin /usr/local/share /usr/local/share/man /usr/local/share/zsh /usr/local/share/zsh/site-functions /usr/local/var
	
		#Set Permissions
		/bin/chmod g+rwx /usr/local/Cellar /usr/local/Homebrew /usr/local/Frameworks /usr/local/bin /usr/local/etc /usr/local/include /usr/local/lib /usr/local/opt /usr/local/sbin /usr/local/share /usr/local/share/man /usr/local/share/zsh /usr/local/share/zsh/site-functions /usr/local/var /usr/local/var/homebrew/linked
		/bin/chmod 755 /usr/local/share/zsh /usr/local/share/zsh/site-functions
	
		#Set owner on folders
		/usr/sbin/chown $USERIS /usr/local/Cellar /usr/local/Homebrew /usr/local/Frameworks /usr/local/bin /usr/local/etc /usr/local/include /usr/local/lib /usr/local/opt /usr/local/sbin /usr/local/share /usr/local/share/man /usr/local/share/zsh /usr/local/share/zsh/site-functions /usr/local/var /usr/local/var/homebrew/linked
		/usr/bin/chgrp admin /usr/local/Cellar /usr/local/Homebrew /usr/local/Frameworks /usr/local/bin /usr/local/etc /usr/local/include /usr/local/lib /usr/local/opt /usr/local/sbin /usr/local/share /usr/local/share/man /usr/local/share/zsh /usr/local/share/zsh/site-functions /usr/local/var /usr/local/var/homebrew/linked
		/bin/mkdir -p /Users/$USERIS/Library/Caches/Homebrew
		/bin/chmod g+rwx /Users/$USERIS/Library/Caches/Homebrew
		/usr/sbin/chown $USERIS /Users/$USERIS/Library/Caches/Homebrew
	
		#Group Folder Permissions
		/usr/sbin/chown $USERIS /usr/local/bin /usr/local/etc /usr/local/Frameworks /usr/local/include /usr/local/lib /usr/local/sbin /usr/local/share /usr/local/var /usr/local/etc/bash_completion.d /usr/local/lib/pkgconfig /usr/local/var/log /usr/local/share/aclocal /usr/local/share/doc /usr/local/share/info /usr/local/share/locale /usr/local/share/man /usr/local/share/man/man1 /usr/local/share/man/man2 /usr/local/share/man/man3 /usr/local/share/man/man4 /usr/local/share/man/man5 /usr/local/share/man/man6 /usr/local/share/man/man7 /usr/local/share/man/man8 &> /dev/null
		/usr/bin/chgrp admin /usr/local/bin /usr/local/etc /usr/local/Frameworks /usr/local/include /usr/local/lib /usr/local/sbin /usr/local/share /usr/local/var /usr/local/etc/bash_completion.d /usr/local/lib/pkgconfig /usr/local/var/log /usr/local/share/aclocal /usr/local/share/doc /usr/local/share/info /usr/local/share/locale /usr/local/share/man /usr/local/share/man/man1 /usr/local/share/man/man2 /usr/local/share/man/man3 /usr/local/share/man/man4 /usr/local/share/man/man5 /usr/local/share/man/man6 /usr/local/share/man/man7 /usr/local/share/man/man8 &> /dev/null

 

 

@foo_BeBuAutoBrew can take care of all of this for you 🙂 

@kenny_botelho thank you for this script.  It saved me a bunch of time and work.

foo_BeBu
New Contributor III

I found a script from @honestpuck which helped me a lot as well: 

https://github.com/Honestpuck/homebrew.sh 

here you have the installation of homebrew for Intel & M1 and installation scripts for brews and casks as well. All you need is to define $4 as package you want in your policy. 

honestpuck
New Contributor III

Glad you found it useful. Always open to bug reports and suggestions for improvement.

lsv
New Contributor II

This could be a silly question, but is there a way to have the end user fill the variable when running the brew-install-program.sh and brew-install-cask.sh scripts?

honestpuck
New Contributor III

The user can run `brew install <software>` or `brew cask install <software>` from the command line. `brew-install-program.sh` is for when you want to do it from a policy.

lsv
New Contributor II

The issue that our end users are experiencing is that they are prompted for admin credentials when they run `brew install <software>` or `brew cask install <software>`.

 

I could be overthinking the process, but I was thinking we could implement a policy containing `brew-install-program.sh` where the end user would simply input the program they want to install and it would populate the program into the script. Hopefully that makes sense.

honestpuck
New Contributor III
I think you will find they are being prompted for their personal password,
not an admin one. If they are prompted for admin rights then the homebrew
install broke somehow.

lsv
New Contributor II

Unfortunately it looks like people are still prompted to input a password via terminal and then booted out for not being in the sudoers file. From what I can tell the install process for homebrew went as expected with no errors in the policy logs.

jlombardo
New Contributor III

When I run the script (homebrew-3.3.sh) in Jamf and try to install, it hangs and never seems to finish.  I run a script, before homebrew-3.3.sh, that installs Xcode and that does successfull complete... Terminal just gets stuck at "Running script Homebrew3.3.sh..."

 

Any advice on how to get passed this?  

foo_BeBu
New Contributor III

Is there a active user session? Do you have mobile accounts or local users? Which kind of machine are you running this script on? 
I’ll try the updated version later - If I encounter the same issue as you, we might dive deeper into the code to fix it. 
as for the moment I posted in this thread, everything worked like charm for me. 

jlombardo
New Contributor III

I am using a test mac with full admin rights to test.  Local users.  I am in the middle of formatting back to Catalina but I was testing this on BS 11.5 and Catalina and this issue occurred.

I am going to try install Xcode in a separate policy before running Homebrew script

foo_BeBu
New Contributor III

Could you please try to run the script locally on a machine with “sh -x ./path/to/script.sh “ ? Maybe you find something. 
also it takes a while till it’s installed completely. 

@jlombardo, have you tired AutoBrew ?

jlombardo
New Contributor III

Sorry putting out backup and emergency patch fires, I will look into this and follow up.

honestpuck
New Contributor III

The first thing we would need to know to fix this is what does the log say? What appears in the Jamf policy log? What is in `/private/var/log/Homebrew.log`?