How to update Chrome automatically

I have just written a blog post on how to automatically update Google Chrome using Jamf if anyone is interested. You can find my blog post here:

https://lew.im/2017/03/auto-update-chrome/

I have seen a few different methods posted here, but most require some admin intervention (uploading new packages, changing version numbers etc.) but this method is fully automated. Create the Extension Attribute, Smart Group and Policy and you're good to go! Every time Google release a new version of Chrome, this script will automatically grab it and install it on your Macs.

Page 5 / 6

I've also been receiving this same KSInstallAction error stating a hash mismatch. Doesn't matter if I script the install/update of Chrome or if I package it manually using Composer. Once it tries to check for updates or fetch an auto update it fails with the same KSInstall hash error. Thought it was me doing something wrong but looks like it could be a Google/Chrome specific issue lately. I found this Google Chrome help thread this morning which appears to be affecting normal Chrome users as well, not just those messing with updates/packaging it.

I can confirm, I just set up a fresh Mojave installation (no JAMF or DEP) and used the unmodified version 75.0.3770.100 dmg (same version we are distributing) and got the same KSInstallAction error when doing a manual update check trying to update to 75.0.3770.142. So it appears our script is not the culprit, this is a Google / Chromimum problem.

Confirmed to be a Chrome issue I think as there are multiple reports now: KSInstallAction install script failure.

did this get resolved? The link @CorpIT_eB shows some people manually redownloaded and now it's working again.

@jwojda I would of had to create a script to remove and then reinstall for, four machines that where showing this error so I reached out to them individually and told them to re-install Chrome so I didn't have to make any changes to the current script setup.

Hi all and thanks for the amazing work shared here! I have to observations:

1)
I'm not into Python so I grabbed the bash version of the 'enable-autoupdates' script. However this doesnt work for me. I tested manually deleting /Library/Google and the bash script doesn't recreate it. I get this error:
Keystone installed
Error: Failed to register Chrome with Keystone - code 0
line 51: /Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin: No such file or directory
Process finished with exit code 0

So apparently the bash script fails to install the keystone. The python script however does install it.
Any ideas?

2)
What's the point in enabling autoupdates if we have a smartgroup that detects (by using the EA that compares to that google hidden site) computers with Chrome older than the latest version installed, and a policy that installs the latest version in those computers?

Thank you!

Hi Again, disregard point 1). I was trying it from my editor and I had no output, it needed sudo. Fool me!

@federico.joly For me, the point is that using the application's built-in capability to stay updated is likely the most reliable possible option, and should continue to work even if something interrupts communication with JAMF.

@ryan.ball Thanks a lot, your script is a life saver

I have used a different approach, (tested on Chrome 78 and 79 on macOS 10.15.2), and when I use a script that runs a chown to $CurrentUser after installing as part of the policy

/usr/sbin/chown -R $3 "/Applications/Google Chrome.app"

and the default setting to enable autoupdate is working. No other script needed.
It may take a second start of Chrome, but this is my solution. We have single user Mac's. (does not work for multi-user mac's)
I keep an eye at the patch reporting, so really old versions can always force a re-intall of a current version.
Most users with old versions are not using chrome ....

I regret to post that we just started having issues with @ryan.ball's python version of this script today. The error is

KeystoneRegistration.framework not found

Error: Keystone install failed

I'm just starting to look into it now so no findings yet. Just starting the conversation. I wonder if Google decided to re-organize the app package again or something...

Update #1
Verified Chrome 80 came out between yesterday evening and today. Likely related...

Update #2
In Chrome <80, there is a key in Chrome's info.plist called KSUpdateURL. In Chrome 79.0.3945.130 KSUpdateURL is https://tools.google.com/service/update2. Starting in Chrome 80, that key is gone.
In Chrome <80, there's a keyin Chrome's info.plist called KSProductID. In Chrome 79.0.3945.130 KSProductID is com.google.Chrome. Starting in Chrome 80, that key is gone.

I will keep looking into this after lunch but I expect anyone relying on this script will have the same problem starting today.

@msw-sa Framework location probably changed again in v80. I can take a look at it a bit later today and update the code (unless some kind soul does a PR).

@ryan.ball Yup, looks like it was something like that. Not sure why Google keeps doing this. Imagine if there was product documentation and we didn't have to homebrew this crap......

It looks like ksinstall is now located in a new Helpers directory.

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/Current/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall

Edit: I created a pull request for the bash version of this script (not thoroughly tested):
https://github.com/ryangball/chrome-enable-autoupdates

@msw-sa I just downloaded Chrome 80.0.3987.87 and it has the KSUpdateURL and KSProductID keys in the app's Info.plist. Maybe them being missing was a temporary glitch and you just got lucky when you downloaded?

@sdagley That's interesting. I've seen the same on 2 machines now. I'll test another upgrade.

Edit: yup, on a machine I just upgraded now from 79 to 80, both of those keys are back. Smh

I can confirm the updated version of the script is working in our environment. Thanks to github user hjuutilainen for finding the change and updating the script. @ryan.ball I believe you are off the hook

@cbrewer tested your PR on v74, v79, and v80. Seemed good to me. Thank you.

pardon my ignorance in this but i have a few questions. do you just use the script that @cbrewer created and no other packaging is needed? or do you still need to add the latest chrome dmgs to your server?

@danlaw777 The script being discussed here is just for enabling automatic updates on an existing Chrome install. You can include a package, but you can also install the current stable version of Chrome with a script and then you don't have to maintain a current pacakge. Removed a couple of organization-specific things, otherwise my script looks like this:

#!/bin/sh



echo "Installing the current stable version of Google Chrome..."

echo "Downloading..."

curl -k --silent --retry 3 --retry-max-time 6 --fail https://dl.google.com/chrome/mac/stable/GGRO/googlechrome.dmg --output /googlechrome.dmg



echo "Mounting DMG..."

hdiutil attach -quiet -nobrowse /googlechrome.dmg -mountpoint /Volumes/GC/



echo "Installing..."

cp -r /Volumes/GC/Google Chrome.app/ /Applications/Google Chrome.app/



echo "Cleaning up..."

hdiutil detach /Volumes/GC/

rm -rf /googlechrome.dmg



chrome_version=`defaults read /Applications/Google Chrome.app/Contents/Info CFBundleShortVersionString`

echo "Chrome $chrome_version installed..."

echo "Install complete. Exiting..."

Hope this helps!

thanks @msw-sa Im going to get this script on my macs this weekend . i appreciate the help

Thanks!

@msw-sa This is awesome! I tried it out on a test unit, and it worked perfectly. If you don't mind me asking, what is your execution frequency set to and what is toggled on your maintenance tab?

@ryan.ball I have not got any errors on this script but it should still be working well, that Python script works I tested that one very nice!

#!/bin/bash

chromePath="/Applications/Google Chrome.app"

chromeVersion=$(/usr/bin/defaults read "$chromePath/Contents/Info.plist" CFBundleShortVersionString)

chromeMajorVersion=$(/usr/bin/awk -F '.' '{print $1}' <<< "$chromeVersion")

updateURL=$(/usr/bin/defaults read "$chromePath/Contents/Info.plist" KSUpdateURL)

productID=$(/usr/bin/defaults read "$chromePath/Contents/Info.plist" KSProductID)

exitCode="0"



# Check if Chrome is installed

if [[ ! -e "$chromePath" ]]; then

    echo "Error: $chromePath not found"

    exit 1

fi



# Determine KeystoneRegistration.framework path

if [[ $chromeMajorVersion -ge 75 ]] ; then

    frameworkPath="$chromePath/Contents/Frameworks/Google Chrome Framework.framework/Versions/$chromeVersion/Frameworks/KeystoneRegistration.framework"

    resourcesPath="$chromePath/Contents/Frameworks/Google Chrome Framework.framework/Versions/$chromeVersion/Resources"

else

    frameworkPath="$chromePath/Contents/Versions/$chromeVersion/Google Chrome Framework.framework/Versions/A/Frameworks/KeystoneRegistration.framework"

    resourcesPath="$chromePath/Contents/Versions/$chromeVersion/Google Chrome Framework.framework/Versions/A/Resources"

fi



# Check if framework exists

if [[ ! -e "$frameworkPath" ]]; then

    echo "Error: KeystoneRegistration.framework not found"

    exit 1

fi



# Run preflight script to ensure suitable environment for Keystone installation

if ! "$resourcesPath/keystone_promote_preflight.sh" > /dev/null ; then

    exitCode="$?"

    echo "Error: keystone_promote_preflight.sh failed with code $exitCode"

    exit "$exitCode"

fi



# Install the current Keystone

if ! "$frameworkPath/Resources/ksinstall" --install "$frameworkPath/Resources/Keystone.tbz" --force 2>/dev/null ; then

    exitCode="$?"

    echo "Error: Keystone install failed with code $exitCode"

    exit "$exitCode"

else

    echo "Keystone installed"

fi



# Registers Chrome with Keystone

if ! /Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin 

    --register 

    --productid "$productID" 

    --version "$chromeVersion" 

    --xcpath "$chromePath" 

    --url "$updateURL" 

    --tag-path "$chromePath/Contents/Info.plist" 

    --tag-key "KSChannelID" 

    --brand-path "/Library/Google/Google Chrome Brand.plist" 

    --brand-key "KSBrandID" 

    --version-path "$chromePath/Contents/Info.plist" 

    --version-key "KSVersion"

then

    exitCode="$?"

    echo "Error: Failed to register Chrome with Keystone - code $exitCode"

    exit "$exitCode"

else

    echo "Registered Chrome with Keystone"

fi



# Run postflight script to change owner, group, and permissions on the Chrome application

if ! "$resourcesPath/keystone_promote_postflight.sh" "$chromePath" > /dev/null ; then

    echo "Error: keystone_promote_postflight.sh failed with code $exitCode"

fi



exit 0

It looks like Google now offers their own .pkg installer for Chrome. Better yet, the postinstall script in the official .pkg sets up automatic updates. See the thread Updates to Google Chrome deployment for macOS for more information.

@LewisLebentz Out of curiosity, what criteria did you use for your smart group? I don't see it outlined in your blog.

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded