Homebrew Self-Service Install

CSCC-JS
Contributor II

Working on a Self-Service Homebrew option.

Trying to find a way to run brew update, upgrade, and cleanup in the install script not as sudo. See script bellow.

#!/bin/zsh

# Install Apple Xcode CLT
rm -rf /Library/Developer/CommandLineTools
xcode-select --install

# Install Homebrew
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

# Find a way to run bellow without sudo

# brew update
# brew upgrade
# brew cleanup

exit 0
38 REPLIES 38

wmehilos
Contributor

honestpuck
Contributor

I also have a solution:

homebrew.sh

Once you install Homebrew running brew commands doesn't require sudo or administrator rights for the user.

MikeF
Contributor II

I have been fighting this fot a day now. Your script solved all my problems. Thanks

Rokas
New Contributor III

@honestpuck

Thanks for great script, but then in install via JAMF self service and after I try to install something with brew I get this, is it expected behaviour or I'm doing something wrong:

brew install midnight-commander
Error: The following directories are not writable by your user:
/usr/local/share
/usr/local/share/man
/usr/local/share/man/man1
/usr/local/share/zsh
/usr/local/share/zsh/site-functions

You should change the ownership of these directories to your user.
  sudo chown -R $(whoami) /usr/local/share /usr/local/share/man /usr/local/share/man/man1 /usr/local/share/zsh /usr/local/share/zsh/site-functions

And make sure that your user has write permission.
  chmod u+w /usr/local/share /usr/local/share/man /usr/local/share/man/man1 /usr/local/share/zsh /usr/local/share/zsh/site-functions

@Rokas 

I'm assuming this is an Intel Mac, which OS are you running? Have you had a look at the log for when the policy ran the homebrew install script? Are you attempting the midnight-commander install from a policy or the command line?

sdagley
Honored Contributor III

@Rokas When you're running a script from Jamf it's running as root, and I expect Homebrew installed via @honestpuck's script needs installs to be done from the logged in user's account. See this article on how you can do that: https://scriptingosx.com/2020/08/running-a-command-as-another-user/

Rokas
New Contributor III

@sdagley script already contains parts to run as user and it installs brew on user level successfully, just doesn't change some directory permissions for some reason..

Jason33
Contributor III

So I'm able to install Homebrew, and can do installs, however, since the user is not an admin, when I get prompted at the end of the process to enter password to move the app to the /Applications folder, it fails. There a way around this?

@Jason33 

It's not possible to install scripts into /Applications via Homebrew if the user is not an admin. You should package the application and install it via Jamf. This is not a limitation of any script to install Homebrew but built in to the Apple security.

I live in a world where everyone at my company is an admin.

Pray for me

Rather than installing to the default system/Applications folder (which requires sudo credentials) a user can install brew apps to the user/Applications folder with no password like this:

brew install --cask --appdir=~/Applications {app name}

For example installing iTerm2 with brew cask to the user/Applications folder

brew install --cask --appdir=~/Applications iterm2

 

CreativeB
New Contributor III

I found a part of a script which might help you installing brew with jamf:

 

# Jamf will have to execute all of the directory creation functions Homebrew normally does so we can bypass the need for sudo
	  	#Make Brew Folders
		/usr/bin/logger -t "Brew: ${0##*/}" "Brew not found, preparing..."
		/bin/mkdir -p /usr/local/Cellar /usr/local/Homebrew /usr/local/Frameworks /usr/local/bin /usr/local/etc /usr/local/include /usr/local/lib /usr/local/opt /usr/local/sbin /usr/local/share /usr/local/share/man /usr/local/share/zsh /usr/local/share/zsh/site-functions /usr/local/var
	
		#Set Permissions
		/bin/chmod g+rwx /usr/local/Cellar /usr/local/Homebrew /usr/local/Frameworks /usr/local/bin /usr/local/etc /usr/local/include /usr/local/lib /usr/local/opt /usr/local/sbin /usr/local/share /usr/local/share/man /usr/local/share/zsh /usr/local/share/zsh/site-functions /usr/local/var /usr/local/var/homebrew/linked
		/bin/chmod 755 /usr/local/share/zsh /usr/local/share/zsh/site-functions
	
		#Set owner on folders
		/usr/sbin/chown $USERIS /usr/local/Cellar /usr/local/Homebrew /usr/local/Frameworks /usr/local/bin /usr/local/etc /usr/local/include /usr/local/lib /usr/local/opt /usr/local/sbin /usr/local/share /usr/local/share/man /usr/local/share/zsh /usr/local/share/zsh/site-functions /usr/local/var /usr/local/var/homebrew/linked
		/usr/bin/chgrp admin /usr/local/Cellar /usr/local/Homebrew /usr/local/Frameworks /usr/local/bin /usr/local/etc /usr/local/include /usr/local/lib /usr/local/opt /usr/local/sbin /usr/local/share /usr/local/share/man /usr/local/share/zsh /usr/local/share/zsh/site-functions /usr/local/var /usr/local/var/homebrew/linked
		/bin/mkdir -p /Users/$USERIS/Library/Caches/Homebrew
		/bin/chmod g+rwx /Users/$USERIS/Library/Caches/Homebrew
		/usr/sbin/chown $USERIS /Users/$USERIS/Library/Caches/Homebrew
	
		#Group Folder Permissions
		/usr/sbin/chown $USERIS /usr/local/bin /usr/local/etc /usr/local/Frameworks /usr/local/include /usr/local/lib /usr/local/sbin /usr/local/share /usr/local/var /usr/local/etc/bash_completion.d /usr/local/lib/pkgconfig /usr/local/var/log /usr/local/share/aclocal /usr/local/share/doc /usr/local/share/info /usr/local/share/locale /usr/local/share/man /usr/local/share/man/man1 /usr/local/share/man/man2 /usr/local/share/man/man3 /usr/local/share/man/man4 /usr/local/share/man/man5 /usr/local/share/man/man6 /usr/local/share/man/man7 /usr/local/share/man/man8 &> /dev/null
		/usr/bin/chgrp admin /usr/local/bin /usr/local/etc /usr/local/Frameworks /usr/local/include /usr/local/lib /usr/local/sbin /usr/local/share /usr/local/var /usr/local/etc/bash_completion.d /usr/local/lib/pkgconfig /usr/local/var/log /usr/local/share/aclocal /usr/local/share/doc /usr/local/share/info /usr/local/share/locale /usr/local/share/man /usr/local/share/man/man1 /usr/local/share/man/man2 /usr/local/share/man/man3 /usr/local/share/man/man4 /usr/local/share/man/man5 /usr/local/share/man/man6 /usr/local/share/man/man7 /usr/local/share/man/man8 &> /dev/null

 

 

@CreativeBAutoBrew can take care of all of this for you 🙂 

@kenny_botelho thank you for this script.  It saved me a bunch of time and work.

CreativeB
New Contributor III

I found a script from @honestpuck which helped me a lot as well: 

https://github.com/Honestpuck/homebrew.sh 

here you have the installation of homebrew for Intel & M1 and installation scripts for brews and casks as well. All you need is to define $4 as package you want in your policy. 

honestpuck
Contributor

Glad you found it useful. Always open to bug reports and suggestions for improvement.

lsv
New Contributor III

This could be a silly question, but is there a way to have the end user fill the variable when running the brew-install-program.sh and brew-install-cask.sh scripts?

The user can run `brew install <software>` or `brew cask install <software>` from the command line. `brew-install-program.sh` is for when you want to do it from a policy.

lsv
New Contributor III

The issue that our end users are experiencing is that they are prompted for admin credentials when they run `brew install <software>` or `brew cask install <software>`.

 

I could be overthinking the process, but I was thinking we could implement a policy containing `brew-install-program.sh` where the end user would simply input the program they want to install and it would populate the program into the script. Hopefully that makes sense.

I think you will find they are being prompted for their personal password,
not an admin one. If they are prompted for admin rights then the homebrew
install broke somehow.

lsv
New Contributor III

Unfortunately it looks like people are still prompted to input a password via terminal and then booted out for not being in the sudoers file. From what I can tell the install process for homebrew went as expected with no errors in the policy logs.

jlombardo
Contributor

When I run the script (homebrew-3.3.sh) in Jamf and try to install, it hangs and never seems to finish.  I run a script, before homebrew-3.3.sh, that installs Xcode and that does successfull complete... Terminal just gets stuck at "Running script Homebrew3.3.sh..."

 

Any advice on how to get passed this?  

CreativeB
New Contributor III

Is there a active user session? Do you have mobile accounts or local users? Which kind of machine are you running this script on? 
I’ll try the updated version later - If I encounter the same issue as you, we might dive deeper into the code to fix it. 
as for the moment I posted in this thread, everything worked like charm for me. 

I am using a test mac with full admin rights to test.  Local users.  I am in the middle of formatting back to Catalina but I was testing this on BS 11.5 and Catalina and this issue occurred.

I am going to try install Xcode in a separate policy before running Homebrew script

CreativeB
New Contributor III

Could you please try to run the script locally on a machine with “sh -x ./path/to/script.sh “ ? Maybe you find something. 
also it takes a while till it’s installed completely. 

@jlombardo, have you tired AutoBrew ?

Sorry putting out backup and emergency patch fires, I will look into this and follow up.

The first thing we would need to know to fix this is what does the log say? What appears in the Jamf policy log? What is in `/private/var/log/Homebrew.log`?

It has been crazy lately but I hope to test this out soon.

bcbackes
Contributor II

Old thread but found another thread with a working script to install Homebrew. Look for Franton's post: https://community.jamf.com/t5/jamf-pro/deploy-homebrew/td-p/202523 

@franton script stopped working a while back and I have picked it up. The
latest version is at: https://github.com/Honestpuck/homebrew.sh

// Tony Williams

franton
Valued Contributor III

Yeah what @honestpuck said. I try not to deprive devs of admin rights anymore.

bcbackes
Contributor II

@honestpuck Checking out your github right now. Some very interesting things - I like the EA and will definitely try that. I'm going to give your installer a try as well with a standard user. 

Do you happen to have an uninstall script for removing Homebrew? When I setup install workflows I try to create uninstall workflows at the same time. Homebrew is a beast and isn't as easy to remove as an application like Chrome.

No, I don't have an uninstall. It would be a complex task to do it and it doesn't take too much space so I just leave it.

@honestpuck I tried your install script out on a VM that I have. I ran it from Self Service with a user with Admin Rights (still need to try a standard user yet). I got a couple popups. 
Screen Shot 2022-04-27 at 11.40.44 AM.png
When I clicked Install I got this:
Screen Shot 2022-04-27 at 11.42.46 AM.png
When I checked the logs I saw this:
Screen Shot 2022-04-27 at 11.43.57 AM.png
Any ideas on what I did wrong?

honestpuck
Contributor

Yes, before we can install Homebrew we need git. The best way at this stage to get git is to install Apple's Xcode CLI tools. That's what the normal Home-brew installer does when you just run it, it checks and if necessary downloads the tools.

You had a network problem during the download of the tools and everything failed from then.

Are you running anything in the VM or on the host Mac that might stuff up the network? It's pretty easy to do with a VM - look at it wrong and the network fails to do something.

I would first snapshot, then do a "proper" install using Homebrew's ordinary method (since you have admin rights) and see if that works. If that works then roll back and try my script from an admin, if that works roll back again and try it without admin rights.

@honestpuck I reached out to my Security team to rule out something was being blocked on our Firewall. I reran it again on the VM and found that this time it was actually attempting to download/install the tools even though the script finished before the install did - see below. NOTE: This was over a VPN connection.
Screen Shot 2022-04-28 at 11.45.47 AM.png
I reran the policy, this time on a test Mac connected via VPN and with a standard user with no Admin rights - everything installed correctly without any issues or prompts. The weird thing was on my VM it appears that Homebrew was attempting to upgrade where on my test Mac it didn't have to upgrade. The log file said it was already up to date. Not sure the reason for the differences but I won't be deploying to VMs so I'll take it as a win! Going to test on a couple other physical test Macs to confirm it works. Thank you!