Skip to main content

Hey everyone...



I wanted to make Google Chrome a part of my automated deployment process and also be available within Self-Service.



Why? Users can just download from Google on their own. True dat. But hey, one-stop shopping in Self-Service, right?



As we all know, Google deploys Chrome via a DMG file. The Google Chrome.app file must be dragged to the /Applications folder.



You could effectively re-package everything using Composer, but then things get REAL STALE, REAL FAST - Google updates Chrome frequently. So stale software is bad software.



So how can we deploy Google Chrome with the freshest of the fresh so we don't get that not-so-fresh feeling?



Well, lemme share my story, morning glory.



.



THE SCRIPT
I wrote a simple script that does the heavy lifting...



I tossed this script into System Settings > Computer Management > Scripts within the JSS...



NOTE: Yes, I am aware that I don't have any error checking taking place. This is v1.1 - quick and dirty. Feel free to add some if you feel the need.



#!/bin/sh



####################################################################################################

#

# Google Chrome Installation Script

#

####################################################################################################

#

# DESCRIPTION

#

# Automatically download and install Google Chrome

#

####################################################################################################

# 

# HISTORY

#

# Created by Caine Hörr on 2016-07-25

#

# v1.1 - 2016-10-11 - Caine Hörr

# Added -nobrowse flag to hdiutil attach /tmp/$VendorDMG command line arguments

# Shout out to Chad Brewer (cbrewer) on JAMFNation for this fix/update

# https://jamfnation.jamfsoftware.com/viewProfile.html?userID=1685

#

# v1.0 - 2016-07-25 - Caine Hörr

# Google Chrome Installation script



# Vendor supplied DMG file

VendorDMG="googlechrome.dmg"



# Download vendor supplied DMG file into /tmp/

curl https://dl.google.com/chrome/mac/stable/GGRO/$VendorDMG -o /tmp/$VendorDMG



# Mount vendor supplied DMG File

hdiutil attach /tmp/$VendorDMG -nobrowse



# Copy contents of vendor supplied DMG file to /Applications/

# Preserve all file attributes and ACLs

cp -pPR /Volumes/Google Chrome/Google Chrome.app /Applications/



# Identify the correct mount point for the vendor supplied DMG file 

GoogleChromeDMG="$(hdiutil info | grep "/Volumes/Google Chrome" | awk '{ print $1 }')"



# Unmount the vendor supplied DMG file

hdiutil detach $GoogleChromeDMG



# Remove the downloaded vendor supplied DMG file

rm -f /tmp/$VendorDMG


.



SMART COMPUTER GROUP
We need a Smart Computer Group so Policy #1 has something to work from...



Computer Group
Display Name = "Google Chrome - Not Installed"
Criteria
Application Title] eis not] tGoogle Chrome.app]



.



POLICY #1
This policy makes things happen auto-magically based on the aforementioned Smart Computer Group.



Policy: Options
General
Display Name: "Download & Install Google Chrome"
Enabled = Checked
Triggers = Login, Recurring Check-In, Make Available Offline
Execution Frequency = Ongoing
Make Available Offline = Checked
Scripts
Points to the script in System Settings > Computer Management > Scripts
Priority: After
Maintenance
Update Inventory = Checked



Policy: Scope
Target Computers = Specific Computers
Target Users = Specific Users
Target/Type = "Google Chrome - Not Installed" Smart Computer Group



.



POLICY #2
I wanted a second policy for the sole purpose of Self-Service. I did not want the user's ability to download/install Google Chrome to be hindered within Self-Service by them being out of scope.



Why?



Perhaps the user's version of Chrome isn't updating properly... they can go to Self-Service and download/install at their leisure. There may be other reasons.



Policy: Options
General
Display Name: "Google Chrome (Latest Version)"
Enabled = Checked
Execution Frequency = Ongoing
Make Available Offline = Checked
Scripts
Points to the script in System Settings > Computer Management > Scripts
Priority: After
Maintenance
Update Inventory = Checked



Policy: Scope
Target Computers = All Computers
Target Users = All Users



Policy: Self Service
Make the policy available in Self Service = Checked
Description: Download and install the latest version of Google Chrome
Icon: I ripped the Google Chrome 128x128 icon from the icon file found within the Google Chrome.app
Feature the policy on the main page = Checked



Anyway - That's about it. It's a simple workflow.




  • Chrome will auto-install on machines without Chrome

  • Chrome can be manually installed via Self-Service

  • Chrome will always be fresh when installed



.



Feel free to salt-to-taste - even better if you share your changes.



Cheers!

I have also refined the script that @ellavader  originally released for installing from any available download location. (https://www.jamf.com/jamf-nation/discussions/20894) But note that from my testing, I had to change it from just a download link, to the whole curl command in order to work in certain scenarios, giving a little added flexibility. 

#!/bin/sh

# -------------------------------------------------------------------------------------
#
# Universal App Installer Script
#
# -------------------------------------------------------------------------------------
#
# DESCRIPTION
#
# Automatically download and install nearly any app from a direct download link
# App can be packaged as .dmg, .pkg, or .zip, and have either the .app or a .pkg inside
#
# -------------------------------------------------------------------------------------
#
# HISTORY
#
# Created by Ella Hansen on 10/30/2018
#
# v2.0 - 08/31/2022 - Scott Leonard
# Created script based on Caine Hörr's script for Google Chrome:
# https://www.jamf.com/jamf-nation/discussions/20894
#
# -------------------------------------------------------------------------------------

# ADD THE DIRECT DOWNLOAD LINK FOR YOUR APP HERE INCLUDING THE Curl COMMAND, WITH OPTIONS:
# Example: curl --location DownloadURL="https://dl.google.com/chrome/mac/stable/googlechrome.dmg" --output Chrome.dmg
DownloadURL="$4"

# -------------------------------------------------------------------------------------
# LEAVE THIS CODE ALONE:

# Create directory /tmp/jamf, continue if directory already exists
mkdir /tmp/jamf || :

# Change directory to /tmp/jamf
cd /tmp/jamf

#Download installer container into /tmp/jamf
$DownloadURL

# Make directory to move and copy .app from
mkdir /tmp/jamf/mount

# Unzip installer container and place contents into /tmp/jamf/mount, continue on error
find /tmp/jamf -name "*.zip" -exec unzip {} -d /tmp/jamf/mount \\; ||

# Uncompress or Extract Tar file
find /tmp/jamf -name "*.bz2" -exec tar -xf {} -C /tmp/jamf/mount \\; || :

# If container is a .dmg:
# Mount installer container
# -nobrowse to hide the mounted .dmg
# -noverify to skip .dmg verification
# -mountpoint to specify mount point
find /tmp/jamf -name "*.dmg" -exec sh -c "yes | hdiutil attach {} -nobrowse -noverify -mountpoint /tmp/jamf/mount" \\; || :

# Copy the .app file from the installer container to /Applications
# Preserve all file attributes and ACLs
cp -a /tmp/jamf/mount/*.app /Applications || :

# If container is a .pkg
# Run installer package with the boot drive as the destination
find /tmp/jamf -name "*.pkg" -exec installer -pkg {} -target / \\; || :

# Unmount the secondary installation folder, continue on error
hdiutil detach /tmp/jamf/mount || :

# Delete the main installation folder
rm -r /tmp/jamf

Corrected the example with better explanation in the comments.

#!/bin/sh

# -------------------------------------------------------------------------------------
#
# Universal App Installer Script
#
# -------------------------------------------------------------------------------------
#
# DESCRIPTION
#
# Automatically download and install nearly any app from a direct download link
# App can be packaged as .dmg, .pkg, or .zip, and have either the .app or a .pkg inside
#
# -------------------------------------------------------------------------------------
#
# HISTORY
#
# Created by Ella Hansen on 10/30/2018
#
# v2.0 - 08/31/2022 - Scott Leonard
# Created script based on Caine Hörr's script for Google Chrome:
# https://www.jamf.com/jamf-nation/discussions/20894
#
# -------------------------------------------------------------------------------------

# ADD THE DIRECT DOWNLOAD LINK FOR YOUR APP HERE INCLUDING THE CURL COMMAND, WITH OPTIONS IN THE PARAMETER 4 LOCATION IN THE JAMF POLICY:
# Example: curl --location https://dl.google.com/chrome/mac/stable/googlechrome.dmg --output Chrome.dmg
DownloadURL="$4"

# -------------------------------------------------------------------------------------
# LEAVE THIS CODE ALONE:

# Create directory /tmp/jamf, continue if directory already exists
mkdir /tmp/jamf || :

# Change directory to /tmp/jamf
cd /tmp/jamf

#Download installer container into /tmp/jamf
$DownloadURL

# Make directory to move and copy .app from
mkdir /tmp/jamf/mount

# Unzip installer container and place contents into /tmp/jamf/mount, continue on error
find /tmp/jamf -name "*.zip" -exec unzip {} -d /tmp/jamf/mount \\; ||

# Uncompress or Extract Tar file
find /tmp/jamf -name "*.bz2" -exec tar -xf {} -C /tmp/jamf/mount \\; || :

# If container is a .dmg:
# Mount installer container
# -nobrowse to hide the mounted .dmg
# -noverify to skip .dmg verification
# -mountpoint to specify mount point
find /tmp/jamf -name "*.dmg" -exec sh -c "yes | hdiutil attach {} -nobrowse -noverify -mountpoint /tmp/jamf/mount" \\; || :

# Copy the .app file from the installer container to /Applications
# Preserve all file attributes and ACLs
cp -a /tmp/jamf/mount/*.app /Applications || :

# If container is a .pkg
# Run installer package with the boot drive as the destination
find /tmp/jamf -name "*.pkg" -exec installer -pkg {} -target / \\; || :

# Unmount the secondary installation folder, continue on error
hdiutil detach /tmp/jamf/mount || :

# Delete the main installation folder
rm -r /tmp/jamf

 

Has any one been using Jamf App Catalog, for deploying supported apps like Google Chrome rather then packaging and deploying?
How do you advertise / deploy  the apps from the Jamf App Catalog?  (Deploy to smart group, some how add to Self Service)
How do you troubleshoot a deployed Jamf App Catalog app like Google Chrome when they fail or are pending?

Has any one been using Jamf App Catalog, for deploying supported apps like Google Chrome rather then packaging and deploying?
How do you advertise / deploy  the apps from the Jamf App Catalog?  (Deploy to smart group, some how add to Self Service)
How do you troubleshoot a deployed Jamf App Catalog app like Google Chrome when they fail or are pending?


This method does not yet have a Self Service method. So anything you deploy that way will either apply itself to everything in you inventory, or whatever group you apply it to. I use a smart group that looks to see if it exists on the machine and then uses the app catalog to keep it up to date.  There are logs you can see when something fails. Not a lot of info, but maybe some clues. It's only given me trouble once deploying Zoom. That seems to have cleared up though. 

Until it has a self service option, I use the script in this thread to advertise my self service options via direct download and install. 

Downloads a pkg for me. If you have a look at the script I modified, near the bottom of this thread, I re-engineered it to accept pretty much any file, to include pkg, dmg, zip, etc.


Thanks, @scottlnrd !  I was using an older version of the script (posted by gldc back on 2/7/2019).

I'll give your updated version a try!

Edited (6 hours after I originally posted):

Thanks again, @scottlnrd ! I've just tested this using your updated script, and it worked perfectly!

Here's what I used for Parameter 4:

curl --location https://zoom.us/client/latest/Zoom.pkg?archType=arm64 --output Zoom.pkg

 

Has any one been using Jamf App Catalog, for deploying supported apps like Google Chrome rather then packaging and deploying?
How do you advertise / deploy  the apps from the Jamf App Catalog?  (Deploy to smart group, some how add to Self Service)
How do you troubleshoot a deployed Jamf App Catalog app like Google Chrome when they fail or are pending?


@burdett wrote:

Has any one been using Jamf App Catalog, for deploying supported apps like Google Chrome rather then packaging and deploying?
How do you advertise / deploy  the apps from the Jamf App Catalog?  (Deploy to smart group, some how add to Self Service)
How do you troubleshoot a deployed Jamf App Catalog app like Google Chrome when they fail or are pending?

  1. I tested the App Catalog for deployment.  It works fine to get the first version of any app out to your users, but if it's an app that they keep open all day, then it never gets updated.  (Chrome will at least notify users that an update is available, but most apps don't do that.
  2. You shouldn't be packaging Chrome, because your package will become out of date every few weeks when Google released an update.  You should be using the universal installer script above, with this URL for Chrome: https://dl.google.com/chrome/mac/universal/stable/GGRO/googlechrome.dmg

That link I posted above always gets the current version of Chrome.

Many app publishers offer similar links that remain static, but always point to the latest version.

(Which makes me think I should start a thread for people to share these static links, which aren't always easy to find.)

 

@burdett wrote:

Has any one been using Jamf App Catalog, for deploying supported apps like Google Chrome rather then packaging and deploying?
How do you advertise / deploy  the apps from the Jamf App Catalog?  (Deploy to smart group, some how add to Self Service)
How do you troubleshoot a deployed Jamf App Catalog app like Google Chrome when they fail or are pending?

  1. I tested the App Catalog for deployment.  It works fine to get the first version of any app out to your users, but if it's an app that they keep open all day, then it never gets updated.  (Chrome will at least notify users that an update is available, but most apps don't do that.
  2. You shouldn't be packaging Chrome, because your package will become out of date every few weeks when Google released an update.  You should be using the universal installer script above, with this URL for Chrome: https://dl.google.com/chrome/mac/universal/stable/GGRO/googlechrome.dmg

That link I posted above always gets the current version of Chrome.

Many app publishers offer similar links that remain static, but always point to the latest version.

(Which makes me think I should start a thread for people to share these static links, which aren't always easy to find.)

 


@stevenjklein When did you test the Jamf App Catalog? I believe that JSS 10.41 changed/improved the update process for App Catalog apps so that open apps will eventually be forced to update (but I cannot find that in the release notes)

For orgs ok running a script on your Mac endpoints to install software you _really_ should look at the Installomator script (https://github.com/Installomator/Installomator) which supports an incredible number of apps, including Google Chrome.

For orgs that cannot/do not want to use a script based install on an Mac endpoint (e.g. they need a human to verify the package that will be deployed via Jamf Pro) the AutpPkg/AutoPkgr combination offers an automated mechanism to download newly released installers with recipes for an equally large number of apps. And if your org doesn't require human verification of the packages before being added to your JSS that's also an option.

AutoPkg: https://github.com/autopkg/autopkg

AutoPkgr: https://github.com/lindegroup/autopkgr

(Yes, I am a firm believer in the adage don't re-invent the wheel)

Has any one been using Jamf App Catalog, for deploying supported apps like Google Chrome rather then packaging and deploying?
How do you advertise / deploy  the apps from the Jamf App Catalog?  (Deploy to smart group, some how add to Self Service)
How do you troubleshoot a deployed Jamf App Catalog app like Google Chrome when they fail or are pending?


With App Catalog, updates fail silently if the app is open.  Apps like Chrome are always open, and so never get updated. So it didn't work for us.

But we also don't rely much on packaging.  There is a better way.

Our solution is to use the universal installer script (posted above). Google provides a static (unchanging) link that always downloads the most recent release

https://dl.google.com/chrome/mac/stable/googlechrome.dmg

Google isn't the only company to do that.  Lots of companies provide static links to the current release of their software.  Here's one for Zoom:

https://zoom.us/client/latest/Zoom.pkg

And Coconut Battery:

https://coconut-flavour.com/downloads/coconutBattery_latest.zip

I should probably start a separate thread just for people to share static download links.

With App Catalog, updates fail silently if the app is open.  Apps like Chrome are always open, and so never get updated. So it didn't work for us.

But we also don't rely much on packaging.  There is a better way.

Our solution is to use the universal installer script (posted above). Google provides a static (unchanging) link that always downloads the most recent release

https://dl.google.com/chrome/mac/stable/googlechrome.dmg

Google isn't the only company to do that.  Lots of companies provide static links to the current release of their software.  Here's one for Zoom:

https://zoom.us/client/latest/Zoom.pkg

And Coconut Battery:

https://coconut-flavour.com/downloads/coconutBattery_latest.zip

I should probably start a separate thread just for people to share static download links.


What's great about the App Catalog, is they include those installer links for everything that has a universal installer, etc. So that's what I copy and paste right into my script variable. 

@stevenjklein When did you test the Jamf App Catalog? I believe that JSS 10.41 changed/improved the update process for App Catalog apps so that open apps will eventually be forced to update (but I cannot find that in the release notes)

For orgs ok running a script on your Mac endpoints to install software you _really_ should look at the Installomator script (https://github.com/Installomator/Installomator) which supports an incredible number of apps, including Google Chrome.

For orgs that cannot/do not want to use a script based install on an Mac endpoint (e.g. they need a human to verify the package that will be deployed via Jamf Pro) the AutpPkg/AutoPkgr combination offers an automated mechanism to download newly released installers with recipes for an equally large number of apps. And if your org doesn't require human verification of the packages before being added to your JSS that's also an option.

AutoPkg: https://github.com/autopkg/autopkg

AutoPkgr: https://github.com/lindegroup/autopkgr

(Yes, I am a firm believer in the adage don't re-invent the wheel)


Honestly, the script I posted has been working a ton better than autopkg. Autopkg had created some issues for me and actually became more of a headache. It's good, but only if all the pieces are reliable. Unfortunately, some are not.

Honestly, the script I posted has been working a ton better than autopkg. Autopkg had created some issues for me and actually became more of a headache. It's good, but only if all the pieces are reliable. Unfortunately, some are not.


I think the thousands of people using it would disagree.

Instead of using curl on endpoints which can easily be used maliciously by spoofing DNS, might I suggest using something like autopkg? or Installomator? That have security measures in place to help verify what's being downloaded.


Autopkg is great until it isn't. I've had it create more issues than it solved unfortunately. 

I think the thousands of people using it would disagree.


I use it on a college campus where it sent out bad configurations for the entire campus using Zoom. People can disagree, but when it screws up an entire campus distribution, it doesn't mean squat. Autopkg is tied to recipes. There are some flawed recipes, which means then you need to recreate your own, which is a ton more work than just using the script.

I use it on a college campus where it sent out bad configurations for the entire campus using Zoom. People can disagree, but when it screws up an entire campus distribution, it doesn't mean squat. Autopkg is tied to recipes. There are some flawed recipes, which means then you need to recreate your own, which is a ton more work than just using the script.


Autopkg did not send out the "bad" configurations. It did what you told it to do. You can't blame it for that.

Autopkg did not send out the "bad" configurations. It did what you told it to do. You can't blame it for that.


Correct. Autopkg is fine. But if I have to go through every single recipe just to make sure it's not going to bite me later, and then also hope someone hasn't changed the recipe when I wasn't paying attention, then it causes me a big headache. If Autopkg did all the work, then yes, it would be fine. The problem is the recipes. You can't guarantee anything with those without writing your own. But that's a lot of time dedication when my script does everything I need it to in conjunction with Mac Apps/ Catalog. It's simpler and I know what I can trust without rewriting a bunch of unnecessary code. So yes, Autopkg is fine in itself. But that's as far as I would go with that statement.

Correct. Autopkg is fine. But if I have to go through every single recipe just to make sure it's not going to bite me later, and then also hope someone hasn't changed the recipe when I wasn't paying attention, then it causes me a big headache. If Autopkg did all the work, then yes, it would be fine. The problem is the recipes. You can't guarantee anything with those without writing your own. But that's a lot of time dedication when my script does everything I need it to in conjunction with Mac Apps/ Catalog. It's simpler and I know what I can trust without rewriting a bunch of unnecessary code. So yes, Autopkg is fine in itself. But that's as far as I would go with that statement.


There seems to be some misinformation here. If your way works best for you, that's completely ok. I just want to clear up the misinformation. Recipes use overrides to customize them to your needs. When an override is created there is trust created between the override and the recipe at that very point in time. Any time a recipe is modified, it breaks that trust and requires you to review the change and trust the modified recipe before it will run again. Recipes can't just change and start running in your environment without you approving them first. That would leave room for extremely malicious activity.

https://github.com/autopkg/autopkg/wiki/AutoPkg-and-recipe-parent-trust-info

There seems to be some misinformation here. If your way works best for you, that's completely ok. I just want to clear up the misinformation. Recipes use overrides to customize them to your needs. When an override is created there is trust created between the override and the recipe at that very point in time. Any time a recipe is modified, it breaks that trust and requires you to review the change and trust the modified recipe before it will run again. Recipes can't just change and start running in your environment without you approving them first. That would leave room for extremely malicious activity.

https://github.com/autopkg/autopkg/wiki/AutoPkg-and-recipe-parent-trust-info


Well I hate to break it to ya, but that is not my experience. No misinformation. You can be a fan boy all you want, to each their own, but don’t tell me what my experience is. Thanks. 

Corrected the example with better explanation in the comments.

#!/bin/sh

# -------------------------------------------------------------------------------------
#
# Universal App Installer Script
#
# -------------------------------------------------------------------------------------
#
# DESCRIPTION
#
# Automatically download and install nearly any app from a direct download link
# App can be packaged as .dmg, .pkg, or .zip, and have either the .app or a .pkg inside
#
# -------------------------------------------------------------------------------------
#
# HISTORY
#
# Created by Ella Hansen on 10/30/2018
#
# v2.0 - 08/31/2022 - Scott Leonard
# Created script based on Caine Hörr's script for Google Chrome:
# https://www.jamf.com/jamf-nation/discussions/20894
#
# -------------------------------------------------------------------------------------

# ADD THE DIRECT DOWNLOAD LINK FOR YOUR APP HERE INCLUDING THE CURL COMMAND, WITH OPTIONS IN THE PARAMETER 4 LOCATION IN THE JAMF POLICY:
# Example: curl --location https://dl.google.com/chrome/mac/stable/googlechrome.dmg --output Chrome.dmg
DownloadURL="$4"

# -------------------------------------------------------------------------------------
# LEAVE THIS CODE ALONE:

# Create directory /tmp/jamf, continue if directory already exists
mkdir /tmp/jamf || :

# Change directory to /tmp/jamf
cd /tmp/jamf

#Download installer container into /tmp/jamf
$DownloadURL

# Make directory to move and copy .app from
mkdir /tmp/jamf/mount

# Unzip installer container and place contents into /tmp/jamf/mount, continue on error
find /tmp/jamf -name "*.zip" -exec unzip {} -d /tmp/jamf/mount \\; ||

# Uncompress or Extract Tar file
find /tmp/jamf -name "*.bz2" -exec tar -xf {} -C /tmp/jamf/mount \\; || :

# If container is a .dmg:
# Mount installer container
# -nobrowse to hide the mounted .dmg
# -noverify to skip .dmg verification
# -mountpoint to specify mount point
find /tmp/jamf -name "*.dmg" -exec sh -c "yes | hdiutil attach {} -nobrowse -noverify -mountpoint /tmp/jamf/mount" \\; || :

# Copy the .app file from the installer container to /Applications
# Preserve all file attributes and ACLs
cp -a /tmp/jamf/mount/*.app /Applications || :

# If container is a .pkg
# Run installer package with the boot drive as the destination
find /tmp/jamf -name "*.pkg" -exec installer -pkg {} -target / \\; || :

# Unmount the secondary installation folder, continue on error
hdiutil detach /tmp/jamf/mount || :

# Delete the main installation folder
rm -r /tmp/jamf

 


This post has only 1 Kudo, from me.

C'mon, my fellow Jamfers.  If you've used this script, click the 👍 button above! 

I've used multiple versions of this script over the years, and I appreciate all those who contributed to it over the years: 

  1. Caine Hörr
  2. Ella Hansen
  3. Scott Leonard

Show them some appreciate!

This post has only 1 Kudo, from me.

C'mon, my fellow Jamfers.  If you've used this script, click the 👍 button above! 

I've used multiple versions of this script over the years, and I appreciate all those who contributed to it over the years: 

  1. Caine Hörr
  2. Ella Hansen
  3. Scott Leonard

Show them some appreciate!


@stevenjklein No question that an example script on how to install apps only distributed via a .dmg is useful, but when it comes to Chrome this is now the wrong solution because Google provides a .pkg installer for Enterprise environments: https://chromeenterprise.google/browser/download/#mac-tab

While an old thread, I thought I would provide some rather undocumented things I've found....


The Chrome for enterprise download doesn't always install the googlesoftwareupdate component...

https://support.google.com/chrome/answer/111996?hl=en#zippy=%2Cmac
Note: Download Chrome Again, Step 3, on Mac... Download and install Google Software Update again.

URL: https://dl.google.com/mac/install/googlesoftwareupdate.dmg

This kinda works like Microsoft MAU .app in which its an app that runs on schedule from a launchdaemon... It reads and applies settings from com.google.keystone... 

It installs mainly in /Library/Application Support/Google/GoogleUpdater/*

Reply


Terms & ConditionsCookie settings