Install latest version of Google Chrome without re-packaging

cainehorr
Contributor III

Hey everyone...

I wanted to make Google Chrome a part of my automated deployment process and also be available within Self-Service.

Why? Users can just download from Google on their own. True dat. But hey, one-stop shopping in Self-Service, right?

As we all know, Google deploys Chrome via a DMG file. The Google Chrome.app file must be dragged to the /Applications folder.

You could effectively re-package everything using Composer, but then things get REAL STALE, REAL FAST - Google updates Chrome frequently. So stale software is bad software.

So how can we deploy Google Chrome with the freshest of the fresh so we don't get that not-so-fresh feeling?

Well, lemme share my story, morning glory.

.

THE SCRIPT
I wrote a simple script that does the heavy lifting...

I tossed this script into System Settings > Computer Management > Scripts within the JSS...

NOTE: Yes, I am aware that I don't have any error checking taking place. This is v1.1 - quick and dirty. Feel free to add some if you feel the need.

#!/bin/sh

####################################################################################################
#
# Google Chrome Installation Script
#
####################################################################################################
#
# DESCRIPTION
#
# Automatically download and install Google Chrome
#
####################################################################################################
# 
# HISTORY
#
# Created by Caine Hörr on 2016-07-25
#
# v1.1 - 2016-10-11 - Caine Hörr
# Added -nobrowse flag to hdiutil attach /tmp/$VendorDMG command line arguments
# Shout out to Chad Brewer (cbrewer) on JAMFNation for this fix/update
# https://jamfnation.jamfsoftware.com/viewProfile.html?userID=1685
#
# v1.0 - 2016-07-25 - Caine Hörr
# Google Chrome Installation script

# Vendor supplied DMG file
VendorDMG="googlechrome.dmg"

# Download vendor supplied DMG file into /tmp/
curl https://dl.google.com/chrome/mac/stable/GGRO/$VendorDMG -o /tmp/$VendorDMG

# Mount vendor supplied DMG File
hdiutil attach /tmp/$VendorDMG -nobrowse

# Copy contents of vendor supplied DMG file to /Applications/
# Preserve all file attributes and ACLs
cp -pPR /Volumes/Google Chrome/Google Chrome.app /Applications/

# Identify the correct mount point for the vendor supplied DMG file 
GoogleChromeDMG="$(hdiutil info | grep "/Volumes/Google Chrome" | awk '{ print $1 }')"

# Unmount the vendor supplied DMG file
hdiutil detach $GoogleChromeDMG

# Remove the downloaded vendor supplied DMG file
rm -f /tmp/$VendorDMG

.

SMART COMPUTER GROUP
We need a Smart Computer Group so Policy #1 has something to work from...

Computer Group
Display Name = "Google Chrome - Not Installed"
Criteria
[Application Title] [is not] [Google Chrome.app]

.

POLICY #1
This policy makes things happen auto-magically based on the aforementioned Smart Computer Group.

Policy: Options
General
Display Name: "Download & Install Google Chrome"
Enabled = Checked
Triggers = Login, Recurring Check-In, Make Available Offline
Execution Frequency = Ongoing
Make Available Offline = Checked
Scripts
Points to the script in System Settings > Computer Management > Scripts
Priority: After
Maintenance
Update Inventory = Checked

Policy: Scope
Target Computers = Specific Computers
Target Users = Specific Users
Target/Type = "Google Chrome - Not Installed" Smart Computer Group

.

POLICY #2
I wanted a second policy for the sole purpose of Self-Service. I did not want the user's ability to download/install Google Chrome to be hindered within Self-Service by them being out of scope.

Why?

Perhaps the user's version of Chrome isn't updating properly... they can go to Self-Service and download/install at their leisure. There may be other reasons.

Policy: Options
General
Display Name: "Google Chrome (Latest Version)"
Enabled = Checked
Execution Frequency = Ongoing
Make Available Offline = Checked
Scripts
Points to the script in System Settings > Computer Management > Scripts
Priority: After
Maintenance
Update Inventory = Checked

Policy: Scope
Target Computers = All Computers
Target Users = All Users

Policy: Self Service
Make the policy available in Self Service = Checked
Description: Download and install the latest version of Google Chrome
Icon: I ripped the Google Chrome 128x128 icon from the icon file found within the Google Chrome.app
Feature the policy on the main page = Checked

Anyway - That's about it. It's a simple workflow.

  • Chrome will auto-install on machines without Chrome
  • Chrome can be manually installed via Self-Service
  • Chrome will always be fresh when installed

.

Feel free to salt-to-taste - even better if you share your changes.

Cheers!

Kind regards,

Caine Hörr

A reboot a day keeps the admin away!

1 ACCEPTED SOLUTION

cbrewer
Valued Contributor II

If you use

hdiutil attach /tmp/$VendorDMG -nobrowse

it will keep the volume from popping up in Finder.

View solution in original post

94 REPLIES 94

cbrewer
Valued Contributor II

If you use

hdiutil attach /tmp/$VendorDMG -nobrowse

it will keep the volume from popping up in Finder.

nojorge
New Contributor

Does this have the downside that the user's machine will continuously re-download the DMG whenever a user logs in, or when the machine checks in with JAMF?

Not criticizing, just trying to understand.

stevewood
Honored Contributor II
Honored Contributor II

@nojorge no, it should not. If you look at the scope for Policy #1, @caine.horr is scoping to the SmartGroup he created that looks to see if Chrome is installed. If Chrome IS installed, the machine does not fall into the SmartGroup and thus will not fall into scope for Policy #1.

jared_f
Valued Contributor

Great script. This will be very useful and time saving.

gavin_pardoe
New Contributor III

Been using something similar for lots of clients for over a year and works really well (except when proxy's get in the way).

Might be worth adding a few checks to the script though e.g: https://github.com/gavinpardoe/Scripts/blob/master/installChrome.sh

ben_hertenstein
Release Candidate Programs Tester

Just went live with it and have already seen the number of machines running the current version increase.
Wonderful!!

niturner
New Contributor

Thanks for the script. It works great. Except..
I do get an error after Chrome installs saying it could not be installed and contact your Admin...

LovelessinSEA
Contributor II

Thanks for putting this together, works great! Do you think we can modify this to work with other applications like Adobe Acrobat Reader or Firefox? We're not installing these browsers on enrollment so having an always up to date package in Self Service would be amazing.

Thanks again!

Edit: Found this! https://www.jamf.com/jamf-nation/discussions/12042/adobe-reader-update

Thanks!!

ecady
New Contributor

What a great idea and so neat and clean and simple. I wish I thought of it, thanks for sharing!

JayDuff
Contributor II

When looking for a way to install Chrome from the command line, I found this discussion. The meaty goodness is here:

temp=$TMPDIR$(uuidgen)
mkdir -p $temp/mount
curl $4 > $temp/1.dmg
yes | hdiutil attach -noverify -nobrowse -mountpoint $temp/mount $temp/1.dmg
cp -r $temp/mount/*.app /Applications
hdiutil detach $temp/mount
rm -r $temp

In the Policy, set Parameter 4 to https://dl.google.com/chrome/mac/stable/GGRO/googlechrome.dmg

It's not nice & commented, but it's really elegant. The user has no idea it's happening. This also will work for other packages, by simply changing the source URL (paremeter 4). It also cleans up after itself.

The major improvement over the OP's script is that line that starts with "yes". That will auto-accept any licensing pop-ups that mounting the DMG might make.

ryan_er
New Contributor II

Hi @JayDuff

I tried your script but it didn't work :( Shows completed, but I didn't get an install. Here are the details within jamf pro

60644a69ee994691878ceccd58994cef

JayDuff
Contributor II

Hi @ryan.er - It looks like the image had a problem. I'd say try it again. Also, triple check your Parameter 4.

I tested it with the link hardcoded in. So

curl $4 > $temp/1.dmg

was

curl https://dl.google.com/chrome/mac/stable/GGRO/googlechrome.dmg > $temp/1.dmg

in my test.

Maybe there is a problem with $4?

ryan_er
New Contributor II

Hi,

Does anybody know what the new download link is? We've been using this script for the longest time and it's worked until now. When i try to go to the download link it doesn't exist anymore

https://dl.google.com/chrome/mac/stable/GGRO/
# Vendor supplied DMG file VendorDMG="googlechrome.dmg"

Download vendor supplied DMG file into /tmp/

curl https://dl.google.com/chrome/mac/stable/GGRO/$VendorDMG -o /tmp/$VendorDMG

Mount vendor supplied DMG File

hdiutil attach /tmp/$VendorDMG -nobrowse

Copy contents of vendor supplied DMG file to /Applications/

Preserve all file attributes and ACLs

cp -pPR /Volumes/Google Chrome/Google Chrome.app /Applications/

Identify the correct mount point for the vendor supplied DMG file

GoogleChromeDMG="$(hdiutil info | grep "/Volumes/Google Chrome" | awk '{ print $1 }')"

Unmount the vendor supplied DMG file

hdiutil detach $GoogleChromeDMG

Remove the downloaded vendor supplied DMG file

rm -f /tmp/$VendorDMG

cbrewer
Valued Contributor II

milesleacy
Valued Contributor

kcsantos
New Contributor III

Great script! Worked for me! But...

After installation and when Chrome opened for the first time, It gave me the Auto-Update alert. I had the option to either Enable or Cancel(?) the auto updater. When I hit enable, it prompted me to enter an Administrator password. Is there way to bypass the need for an Admin password for the auto updater? Or better yet, script to allow the Auto Updater to enable without prompting the user?

My environment has all employees as Standard Users.

I also noticed my 1Password Chrome extension won't work if the Chrome Browser can't check for updates (weird... but is this just me?)

Thanks!

kcsantos
New Contributor III

I answered my own question with a little more digging into Jamf Nation:

Jamf Nation Discussion : Force Enable Google Chrome Automatic Updates

What I did:

  1. I downloaded this script, added it to our JSS cloud server. Then I set to Script>Option>Priority = After.
  2. I then added it to the Policies mentioned in the original post of this discussion.

In JSS, if you have more than 1 script in a Policy, they will run in Alphabetical Order. Just make sure the "Google Chrome (Latest Version)" script is named alphabetically before the enable auto-update script.

Thanks again @cainehorr and everyone else involved in this discussion!

jameson
Contributor II

Nice script, but wondering what options is there to auto update chrome as soon there is a new version - or at least update chrome versions that maybe are outdated as self service is not always something users look at

Asnyder
Contributor III

@kcsantos The reason auto-updating doesn't work on most non admin accounts is that the updater is stored in ~/library by default. Running an application from there requires admin credentials. By running the script you posted above the updater gets moved to /library like it should be, allowing it to run.

JeffA
New Contributor II

I have been using this script for over a year. It has been great. Much thanks to cainehorr and anyone else who worked on it. I did just start having an issue though. I deployed this script to a few test machines and also ran it manually to be sure. After the script is applied Chrome will not open unless the machine is restarted. Anyone else run into this problem and found a solution or updated the script?

ellavader
New Contributor

Awesome script @cainehorr!!

I created a modified version of it that will take just about any app installer direct download link and install the app, regardless of type of packaging. It's worked out great for us so far, I created a template script & policy in Jamf, so all that's needed to create a new app installer is clone the script, paste in the DL link in the script, clone the policy, and add the newly cloned script to the policy.

The one caveat here is installers that are packaged as a .app (e.g. Adobe CC menu bar item). This script still works, but just dumps the <installer name>.app into the /Applications folder.

Anyways, I haven't really worked with bash or Jamf scripts too much yet, so I'd love some feedback if y'all would be willing to share! Some additional verification logic might be helpful for the if/then statements, but I haven't noticed any negative results so far.

#!/bin/sh

# -------------------------------------------------------------------------------------
#
# Universal App Installer Script
#
# -------------------------------------------------------------------------------------
#
# DESCRIPTION
#
# Automatically download and install nearly any app from a direct download link
# App can be packaged as .dmg, .pkg, or .zip, and have either the .app or a .pkg inside
#
# -------------------------------------------------------------------------------------
#
# HISTORY
#
# Created by Ella Hansen on 10/30/2018
#
# v1.0 - 10/30/2018 - Ella Hansen
# Created script based on Caine Hörr's script for Google Chrome:
# https://www.jamf.com/jamf-nation/discussions/20894
#
# -------------------------------------------------------------------------------------

# ADD THE DIRECT DOWNLOAD LINK FOR YOUR APP HERE:

# Example: DownloadURL="https://dl.google.com/chrome/mac/stable/googlechrome.dmg"
DownloadURL="___"

# -------------------------------------------------------------------------------------

# LEAVE THIS CODE ALONE:

# Create directory /tmp/jamf, continue if directory already exists
mkdir /tmp/jamf || :

# Change directory to /tmp/jamf
cd /tmp/jamf

#Download installer container into /tmp/jamf
# -O downloads file without changing its name
curl $DownloadURL -O -L

# If container is a .dmg:
# Mount installer container
# -nobrowse to hide the mounted .dmg
# -noverify to skip .dmg verification
# -mountpoint to specify mount point
yes | hdiutil attach /tmp/jamf/*.dmg -nobrowse -noverify -mountpoint /tmp/jamf/mount ||
# Else if container is a .pkg
# Run installer package with the boot drive as the destination
installer -pkg /tmp/jamf/*.pkg -target / ||
# Else if container is anything else, presumably a zip file:
# Unzip installer container and place contents into /tmp/jamf/mount, continue on error
unzip /tmp/jamf/* -d /tmp/jamf/mount || :

# If contents is installer .pkg:
# Run installer package with the boot drive as the destination
installer -pkg /tmp/jamf/mount/*.pkg -target / ||
# Else if contents is .app:
# Copy the .app file from the installer container to /Applications
# Preserve all file attributes and ACLs
cp -pPR /tmp/jamf/mount/*.app /Applications || :

# Unmount the secondary installation folder, continue on error
hdiutil detach /tmp/jamf/mount || :

# Delete the main installation folder
rm -r /tmp/jamf

sjha967
New Contributor II

https://github.com/hjuutilainen/adminscripts/blob/master/chrome-enable-autoupdates.py

gldc
New Contributor

@ellavader that. is. awesome.

I made a quick change to avoid having to duplicate and edit the script.

# -------------------------------------------------------------------------------------

# ADD THE DIRECT DOWNLOAD LINK FOR YOUR APP HERE:

# Example: DownloadURL="https://dl.google.com/chrome/mac/stable/googlechrome.dmg"
DownloadURL="$4"

# -------------------------------------------------------------------------------------

This way I can add the URL as a parameter from the policy creation window.
ac26eac5c66f4f5f90b8e82100ffc324
02bdfa14b29f4ab9ad6dd9930395ee3f
6244c8329ac5487faf7facd52dc42d89

I'd love to stay in the loop on this for "additional verification logic"

MadPossum
New Contributor III

Maybe this question would be better answered in its own thread but here goes:

Where and how do you find ATOM feeds and download links to use with scripts like this? I'd like to use this for a variety of things that aren't part of the patch management framework.

andrewsdelices
New Contributor

Awesome script @ellavader & @cainehorr - Thanks a lot, that saved a lots of time from our side ! Is there a way to enhance the script by downloading & Installing the latest version only when there is a new version of Chrome released ?
Seems that script is continuously upgrading at each checkin time that is not good for an end-user if he has bad network... ! We can also space the checkin by a week or a month which is ok as a workaround.
Best,

marklamont
Contributor III

I use something @daz_wallace made that uses an EA to scope the update policy, but I can't find the blog.

#!/bin/bash readData() { installedApplicationVersion=$(defaults read /Applications/Google Chrome.app/Contents/Info.plist CFBundleShortVersionString) latestVersion=$(curl -s https://omahaproxy.appspot.com/history | awk -F',' '/mac,stable/{print $3; exit}') } readData if [ "$installedApplicationVersion" != "$latestVersion" ]; then state="Old" else state="Latest" fi echo "<result>$state</result>"

lbm5
New Contributor III

Any using this python script to enable auto updates for Chrome? Once you run it, no need to keep packaging/updating Chrome, since it does it automatically on the client:

https://github.com/hjuutilainen/adminscripts/blob/master/chrome-enable-autoupdates.py

#!/usr/bin/env python
# encoding: utf-8
"""
chrome-enable-autoupdates.py

This script enables system wide automatic updates for Google Chrome.
It should work for Chrome versions 18 and later. No configuration needed
as this is originally intended as a munki postinstall script.

Created by Hannes Juutilainen, hjuutilainen@mac.com

History:

2017-09-01, Hannes Juutilainen - Ignore errors when installing keystone 2015-09-25, Niklas Blomdalen - Modifications to include old KeystoneRegistration installation (python version) 2014-11-20, Hannes Juutilainen - Modifications for Chrome 39 2012-08-31, Hannes Juutilainen - Added --force flag to keystone install as suggested by Riley Shott 2012-05-29, Hannes Juutilainen - Added more error checking 2012-05-25, Hannes Juutilainen - Added some error checking in main 2012-05-24, Hannes Juutilainen - First version """ import sys import os import subprocess import plistlib chrome_path = "/Applications/Google Chrome.app" info_plist_path = os.path.realpath(os.path.join(chrome_path, 'Contents/Info.plist')) brand_path = "/Library/Google/Google Chrome Brand.plist" brand_key = "KSBrandID" tag_path = info_plist_path tag_key = "KSChannelID" version_path = info_plist_path version_key = "KSVersion" class Usage(Exception): def __init__(self, msg): self.msg = msg def chrome_installed(): """Check if Chrome is installed""" if os.path.exists(chrome_path): return True else: return False def chrome_version(): """Returns Chrome version""" info_plist = plistlib.readPlist(info_plist_path) bundle_short_version = info_plist["CFBundleShortVersionString"] return bundle_short_version def chrome_update_url(): """Returns KSUpdateURL from Chrome Info.plist""" info_plist = plistlib.readPlist(info_plist_path) update_url = info_plist["KSUpdateURL"] return update_url def chrome_product_id(): """Returns KSProductID from Chrome Info.plist""" info_plist = plistlib.readPlist(info_plist_path) product_id = info_plist["KSProductID"] return product_id def keystone_registration_framework_path(): """Returns KeystoneRegistration.framework path""" keystone_registration = os.path.join(chrome_path, 'Contents/Versions') keystone_registration = os.path.join(keystone_registration, chrome_version()) keystone_registration = os.path.join(keystone_registration, 'Google Chrome Framework.framework') keystone_registration = os.path.join(keystone_registration, 'Frameworks/KeystoneRegistration.framework') return keystone_registration def keystone_install(): """Install the current Keystone""" install_script = os.path.join(keystone_registration_framework_path(), 'Resources/ksinstall') if not os.path.exists(install_script): install_script = os.path.join(keystone_registration_framework_path(), 'Resources/install.py') keystone_payload = os.path.join(keystone_registration_framework_path(), 'Resources/Keystone.tbz') if os.path.exists(install_script) and os.path.exists(keystone_payload): ksinstall_process = [ install_script, '--install', keystone_payload, '--force' ] p = subprocess.Popen(ksinstall_process, stdout=subprocess.PIPE, stderr=subprocess.PIPE) (results, error) = p.communicate() if results: print results if p.returncode != 0: if error: print >> sys.stderr, "%s" % error print >> sys.stderr, "Keystone install exited with code %i" % p.returncode # Since we used --force argument, succeed no matter what the exit code was. return True else: print >> sys.stderr, "Error: KeystoneRegistration.framework not found" return False def register_chrome_with_keystone(): """Registers Chrome with Keystone""" ksadmin = "/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin" if os.path.exists(ksadmin): ksadmin_process = [ ksadmin, '--register', '--productid', chrome_product_id(), '--version', chrome_version(), '--xcpath', chrome_path, '--url', chrome_update_url(), '--tag-path', tag_path, '--tag-key', tag_key, '--brand-path', brand_path, '--brand-key', brand_key, '--version-path', version_path, '--version-key', version_key ] p = subprocess.Popen(ksadmin_process, stdout=subprocess.PIPE, stderr=subprocess.PIPE) (results, error) = p.communicate() if error: print >> sys.stderr, "%s" % error if results: print results if p.returncode == 0: return True else: return False else: print >> sys.stderr, "Error: %s doesn't exist" % ksadmin return False def main(argv=None): if argv is None: argv = sys.argv try: # Check for root if os.geteuid() != 0: print >> sys.stderr, "This script must be run as root" return 1 if not chrome_installed(): print >> sys.stderr, "Error: Chrome is not installed on this computer" return 1 if keystone_install(): print "Keystone installed" else: print >> sys.stderr, "Error: Keystone install failed" return 1 if register_chrome_with_keystone(): print "Registered Chrome with Keystone" return 0 else: print >> sys.stderr, "Error: Failed to register Chrome with Keystone" return 1 except Usage, err: print >> sys.stderr, err.msg print >> sys.stderr, "for help use --help" return 2 if __name__ == "__main__": sys.exit(main())

swapple
Contributor III

i want to do something similar for Google Chat. The one I modified from a chrome download pulled down the chat dmg from google but when I launch the app, it says to check with the developer to make sure it matches the OS. Delete that version then manually download from Google, then drag into the applications folder, then launch and it is happy. After it is happy, I deleted the app and ran my script again. This time it says it cannot verify the developer.

#!/bin/sh

# original script from https://lew.im/2017/03/auto-update-chrome/
# below are my modifications and edits
#this will download the app and move into applications, but when launching the app, gets an error

dmgfile="InstallHangoutsChat.dmg"
volname="Install Hangouts Chat"
logfile="/Library/Logs/GoogleChatInstallScript.log"

# url='https://dl.google.com/chrome/mac/stable/GGRO/googlechrome.dmg'
url='https://dl.google.com/chat/latest/InstallHangoutsChat.dmg'


/bin/echo "--" >> ${logfile}
/bin/echo "`date`: Downloading latest version." >> ${logfile}
/usr/bin/curl -s -o /tmp/${dmgfile} ${url}
/bin/echo "`date`: Mounting installer disk image." >> ${logfile}
/usr/bin/hdiutil attach /tmp/${dmgfile} -nobrowse -quiet
/bin/echo "`date`: Installing..." >> ${logfile}
ditto -rsrc "/Volumes/${volname}/Chat.app" "/Applications/Chat.app"
/bin/sleep 10
/bin/echo "`date`: Unmounting installer disk image." >> ${logfile}
/usr/bin/hdiutil detach $(/bin/df | /usr/bin/grep "${volname}" | awk '{print $1}') -quiet
/bin/sleep 10
/bin/echo "`date`: Deleting disk image." >> ${logfile}
/bin/rm /tmp/"${dmgfile}"

exit 0

larry_barrett
Valued Contributor

.

TOOtall_G
New Contributor II

@gldc on your set up what Package and other scripts are you running?

stevenjklein
Contributor II

Thanks, @ellavader . I used your script (with the DownloadURL="$4" modification).

When I first tried it, I got an error about curl not supporting https. I tried it with the Chrome URL you included as parameter 4. Tried it both with and without quotes (in the parameter field), and neither worked.

What did work was using single quotes, like so: 'https://dl.google.com/chrome/mac/stable/googlechrome.dmg'

I mention this in case anyone else runs into that problem.

cornwella
New Contributor III

As a small addition, I had to modify a line in ellie's script for OS X 10.14 (not sure if it affects other versions as well):

cp -pPR /tmp/jamf/mount/*.app /Applications || :

needs to be

cp -a /tmp/jamf/mount/*.app /Applications || :

Otherwise it messes up the permissions of existing Chrome installations.
Thanks for the awesome contribution!

cbobbitt
New Contributor

@swhps I was running into similar issues as you, but finally determined the issue was how the Chat app was being copied to the Applications folder. I wasn't having any luck with ditto, but was finally able to open Chat when using cp. Additionally, I modified the curl request to handle the URL redirect.

#!/bin/sh

# original script from https://lew.im/2017/03/auto-update-chrome/
# below are my modifications and edits
#this will download the app and move into applications, but when launching the app, gets an error

dmgfile="InstallHangoutsChat.dmg"
volname="Install Hangouts Chat"
logfile="/Library/Logs/GoogleChatInstallScript.log"

# url='https://dl.google.com/chrome/mac/stable/GGRO/googlechrome.dmg'
url='https://dl.google.com/chat/latest/InstallHangoutsChat.dmg'


/bin/echo "--" >> ${logfile}
/bin/echo "`date`: Downloading latest version." >> ${logfile}
/usr/bin/curl -L ${url} > /tmp/${dmgfile}
/bin/echo "`date`: Mounting installer disk image." >> ${logfile}
/usr/bin/hdiutil attach /tmp/${dmgfile} -nobrowse -quiet
/bin/echo "`date`: Installing..." >> ${logfile}
cp -r "/Volumes/${volname}/Chat.app" "/Applications"
/bin/sleep 10
/bin/echo "`date`: Unmounting installer disk image." >> ${logfile}
/usr/bin/hdiutil detach $(/bin/df | /usr/bin/grep "${volname}" | awk '{print $1}') -quiet
/bin/sleep 10
/bin/echo "`date`: Deleting disk image." >> ${logfile}
/bin/rm /tmp/"${dmgfile}"

exit 0

pds_jamfadmin
New Contributor

Thanks for sharing this script! Has anyone run into an issue where Chrome can't update when deployed this way? What is a proposed workaround? I assume it might have something to do with user permissions / rights from when it was installed. Thanks!

stevenjklein
Contributor II

@cornwella : Do the permissions problem you fixed prevent Chrome from updating itself?

If so, then @pds.jamfadmin needs to make the change you recommended.

tlarkin
Honored Contributor

you can deploy Chrome once and use a configuration profile to force auto updates. Also, curl scripts as root on all your endpoints is a security risk, FYI

cainehorr
Contributor III

@tlarkin As long as curl is using https, then a MITM attack becomes less of a concern. However, if Google were hacked and a bad copy of Chrome were sneaked in, then there would be a problem - a BIGGER problem. Anyway, just a point to consider. YMMV... ¯_(ツ)_/¯

Kind regards,

Caine Hörr

A reboot a day keeps the admin away!

tlarkin
Honored Contributor

@caine.horr only if the cert is pinned, which isn't every CDN or host is. That is the only the time MITM is not gonna work. Your results will vary.

dancunn
New Contributor II

first off, there is some great info in this post, thanks to everyone who has contributed. has anyone tried using this script to deploy chrome update on a machine where an older version of chrome is currently open/running? when i try to do so, the update goes through successfully, but then when i exit out of the running instance of chrome, i can't seem to reopen chrome at all until a reboot. if i try to run the app before rebooting, the chrome icon just bounces up and down on the dock but nothing launches. once i reboot, i am able to open chrome and it gives message that it closed unexpectedly last time, but it is on the new version and works fine. wondering if this is possible at all to deploy while chrome is running or if we will need to ensure users close out of the app first before deploying.