Help

Which Flash are you deploying, if any

mconners
Valued Contributor

Posted on ‎04-02-2019 11:05 AM

Hello Everyone,

With two different versions of flash being available for us on the Mac platform, which of them are you deploying, if any?

There are users who may need to use it from time to time and I am not sure if I should continue to deploy flash to our computers. It hasn't been an issue so far to put both versions on our computers, but with Patch Management and Patch Policies not supporting BOTH versions, I am trying to decide on a path forward. This summer we are moving all of our computers to Mojave.

Thoughts?

Labels:
0 Kudos
Reply
11 REPLIES 11

larry_barrett
Valued Contributor

Posted on ‎04-02-2019 11:15 AM

We do just PPAPI. Here's the script (we also kill the auto updates which you'll see on the bottom).

#!/bin/sh
## Created by Ariel Peralta - Carbon Technologies, 31-May-2016
## Original by Peter Loobuyck, 26-Jan-2016
## Inspired by https://jamfnation.jamfsoftware.com/discussion.html?id=7658
## Update 15-Jan-2017
## This scripts take into consideration new Adobe download URLs as per https://www.jamf.com/jamf-nation/discussions/7658/flash-update-script
## Removed old download URLs, shortver variable, and updated fileURL variables

## Name of the temporary dmg that will be created when Adobe Flash Installer is downloaded.  
## This file will be automatically created and deleted after installation
flash_dmg="/tmp/FlashInstaller.dmg"

# Specify a /tmp/flash_update.XXXX mountpoint for the disk image
TMPMOUNT=`/usr/bin/mktemp -d /tmp/flash_update.XXXX`

## This Function will take defined variables and install Flash
Update_Flash () {
    ## Compare the two versions, if they are different of Flash download and install the new version. 
    if [ "${currentinstalledver}" != "${latestver}" ]; then
        /bin/echo "`date`: Current Flash ${FlashType} version: ${currentinstalledver}"
        /bin/echo "`date`: Available Flash ${FlashType} version: ${latestver}"
        /bin/echo "`date`: Downloading newer ${FlashType} version."

        # Download and Mount Flash Plugin disk image to /tmp/flash_update.XXXX mountpoint
        /usr/bin/curl -S -# -o "$flash_dmg" "$fileURL"      
        /bin/echo "`date`: Mounting installer disk image." 
        hdiutil attach "$flash_dmg" -mountpoint "$TMPMOUNT" -nobrowse -noverify -noautoopen

        # Before installation, the installer's developer certificate is checked to
        # see if it has been signed by Adobe's developer certificate. Once the 
        # certificate check has been passed, the package is then installed.

        if [[ "${pkg_path}" != "" ]]; then
            signature_check=`/usr/sbin/pkgutil --check-signature "$pkg_path" | awk /'Developer ID Installer/{ print $5 }'`
            if [[ ${signature_check} = "Adobe" ]]; then
                # Install Flash from the installer package stored inside the disk image
                /bin/echo "`date`: Installing..."
                /usr/sbin/installer -pkg "${pkg_path}" -target "/"
            fi
        fi

        # Clean-up

        # Unmount the Flash disk image from /tmp/flash_update.XXXX
            /bin/sleep 10
            /bin/echo "`date`: Unmounting installer disk image."
            /usr/bin/hdiutil detach -force "$TMPMOUNT"

        # Remove the /tmp/flash_update.XXXX mountpoint      
            /bin/sleep 10
            /bin/echo "`date`: Deleting disk image."
            /bin/rm -rf "$TMPMOUNT"

        # Remove the downloaded disk image
            /bin/rm -rf "$flash_dmg"

        # Check to see if update was successful         
            newlyinstalledver=`/usr/bin/defaults read "${plugincheck}" CFBundleShortVersionString`
            if [ "${latestver}" = "${newlyinstalledver}" ]; then
                    /bin/echo "`date`: SUCCESS: Flash ${FlashType} has been updated to version ${newlyinstalledver}"
            else
                /bin/echo "`date`: ERROR: Flash ${FlashType} update unsuccessful, version remains at ${currentinstalledver}."
                /bin/echo "--"
            fi

    ## If Flash is up to date already, just log it and exit.       
    else
        /bin/echo "`date`: Flash ${FlashType} Plug-in is already up to date, running ${currentinstalledver}."
        /bin/echo "--"
    fi
}

## Set NPAPI Variables
## Query Adobe Flash Updater XML page and return latest version in decimal form 
latestver=`/usr/bin/curl --silent http://fpdownload2.macromedia.com/get/flashplayer/update/current/xml/version_en_mac_pl.xml | awk -F " /"update version="/'{print $2}' | sed s/,/./g`
fileURL=https://fpdownload.adobe.com/get/flashplayer/pdc/"${latestver}"/install_flash_player_osx.dmg
plugincheck="/Library/Internet Plug-Ins/Flash Player.plugin/Contents/info"
pkg_path=$TMPMOUNT/Install Adobe Flash Player.app/Contents/Resources/Adobe Flash Player.pkg
FlashType=NPAPI

## Check and get the version number of the currently-installed Flash Player NPAPI Plugin, if any.
if
    [ -e "${plugincheck}.plist" ]; then
        currentinstalledver=`/usr/bin/defaults read "${plugincheck}" CFBundleShortVersionString`
        ## Calling function to update NPAPI plugin
        Update_Flash
else
    /bin/echo "`date`: No Flash NPAPI Plug-in Installed."
    /bin/echo "--"
    currentinstalledver=none
    ## Remove ## From Line below if you want to force Flash Install on new systems during thin-imaging
##  Update_Flash

fi          

## Set PPAPI Variables
latestver=`/usr/bin/curl --silent http://fpdownload2.macromedia.com/get/flashplayer/update/current/xml/version_en_mac_pep.xml | awk -F " /"update version="/'{print $2}' | sed s/,/./g`
fileURL=https://fpdownload.adobe.com/get/flashplayer/pdc/"${latestver}"/install_flash_player_osx_ppapi.dmg
plugincheck="/Library/Internet Plug-Ins/PepperFlashPlayer/PepperFlashPlayer.plugin/Contents/info"
pkg_path=$TMPMOUNT/Install Adobe Pepper Flash Player.app/Contents/Resources/Adobe Flash Player.pkg
FlashType=PPAPI

## Check and get the version number of the currently-installed Flash Player PPAPI (Pepper) Plugin, if any.
if
    [ -e "${plugincheck}.plist" ]; then
        currentinstalledver=`/usr/bin/defaults read "${plugincheck}" CFBundleShortVersionString`
        ## Find latest version of Flash
        ## Calling function to update PPAPI plugin
        Update_Flash
else
    /bin/echo "`date`: No Flash PPAPI Plug-in Installed."
    /bin/echo "--"
    currentinstalledver=none
    ## Remove ## From Line below if you want to force Flash Install on new systems during thin-imaging
##  Update_Flash    
fi

# Configure Adobe Flash to *not* update
# This will set the preference for both NPAPI and PPAPI
#
# Modified by Ariel Peralta, 31-May-2016
# Modified by Carlos Echevarria, 7-Apr-2016
# Modified by Chris Jackson, 3-Mar-2016
# Original by Dan K. Snelson, 7-Nov-2014
#
# Inspired by Lance Berrier
# https://jamfnation.jamfsoftware.com/viewProfile.html?userID=12774

directory="/Library/Application Support/Macromedia/"
file="/Library/Application Support/Macromedia/mms.cfg"

if [ -f "$file" ] ; then

    # Flash Player is installed, has been launched and mms.cfg exists
    # let's configure it to not update

    grep -q -r "AutoUpdateDisable" "$file" && sed -i '' 's/AutoUpdateDisable=0|AutoUpdateDisable=1/AutoUpdateDisable=1/g' "$file" || echo "AutoUpdateDisable=1" >> "$file"
    grep -q -r "SilentAutoUpdateEnable" "$file" && sed -i '' 's/SilentAutoUpdateEnable=0|SilentAutoUpdateEnable=1/SilentAutoUpdateEnable=0/g' "$file" || echo "SilentAutoUpdateEnable=0" >> "$file"
    grep -q -r "DisableAnalytics" "$file" && sed -i '' 's/DisableAnalytics=0|DisableAnalytics=1/DisableAnalytics=1/g' "$file" || echo "DisableAnalytics=1" >> "$file"

    RESULT="Configured Adobe Flash Update Preferences to Never Check for Updates"

else
    ## Only create update override if flash is installed.  If no flash is installed by this point, then leave alone.
    if [ -e "${plugincheck}.plist" ] ; then
        # mms.cfg doesn't exsist, but flash is installed
        mkdir "${directory}"

        echo "AutoUpdateDisable=1" >> "$file"
        echo "SilentAutoUpdateEnable=0" >> "$file"
        echo "DisableAnalytics=1" >> "$file" 

        RESULT="Created and configured Adobe Flash Update Preferences to Never Check for Updates"

    else
        echo "No Plugin installed, no changes made to Adobe Flash Update Preferences"
    fi
fi

echo "$RESULT"

We scope it to a SmartGroup that contains computers that are not on the current version. The only real maintenance you have to do on it is to update the smartgroup when new releases are ready for deployment.

Reply

stephaniemm77
Contributor II

Posted on ‎05-23-2019 05:07 AM

Sorry, super Newbie here...I love the script....anyone have instructions on how to actually deploy flash?

0 Kudos
Reply

larry_barrett
Valued Contributor

Posted on ‎05-23-2019 05:28 AM

I do it with a smart group.

f2b42ec7af044ec282903afa4a0a674b

If the plugin doesn't exist, a policy will execute that runs the above script.

Here's a screenshot of the policy

94ae34a56e9d458bb02f17127b00ddc7

And the scope (which is the Smartgroup from the first step

bd75679503aa4195b06bcf5f63e260a7

0 Kudos
Reply

stephaniemm77
Contributor II

Posted on ‎05-23-2019 05:36 AM

Thank you, I guess I have to learn my wording better...How do you package it using composer? I saw on another thread you need to apply to be a distributor, which I have done.

0 Kudos
Reply

larry_barrett
Valued Contributor

Posted on ‎05-23-2019 05:48 AM

You don't need to package this. Each computer is going to download the file and run the install. I almost never package anything with composer if I can avoid it. Flash is a necessary evil at this point, but I want to spend as little time as possible maintaining it. This script turns on auto-update.

My argument against packaging is as such: every time a new release comes out, you'll have to repackage it. In some environments a flash update might break something, so YMMV, but I'm at a school, I just want to keep it updated.

0 Kudos
Reply

stephaniemm77
Contributor II

Posted on ‎05-23-2019 06:04 AM

gotcha...When I put the script in place it didnt seem like anything happened i am assuming you set up the script first in the scripts area then add the smart group?...I will give it your shot using the info you provided! thanks for helping this extreme newbie :-)

Reply

larry_barrett
Valued Contributor

Posted on ‎05-23-2019 06:31 AM

1) Settings -> Computer Management -> Scripts.
2) Policy -> Test on one machine.

3) Setup smartgroup. Verify members of the smartgroup are your intended targets.
4) Go back to policy and add Smartgroup into the scope.
5) Under policy -> Logs. You can see which ones have completed or failed. If it fails, flush and try again.

6) Sit back. Drink coffee. Browse Reddit.

Reply

stephaniemm77
Contributor II

Posted on ‎05-23-2019 06:38 AM

lol thank you, but seeing we just got this product and we have a software list a mile long i wont be relaxing anytime soon! I am sure you will see me posting again.

Reply

rpoladiya
New Contributor

Posted on ‎09-13-2019 06:13 AM

@larry_barrett - how do you update the flash if it already exists on the machine?

0 Kudos
Reply

Taylor_Armstron
Valued Contributor

Posted on ‎09-13-2019 06:26 AM

@rpoladiya ... not Larry, but for us, we simply use a standard Jamf patch management policy and autopkgr to patch where it exists. Fortunately that collection is smaller and smaller each month.

0 Kudos
Reply

larry_barrett
Valued Contributor

Posted on ‎09-13-2019 06:44 AM

@rpoladiya The same script does both.

526d97ec895a443da81c85feb53b7192

One smart group for inital install.

One smart group that needs the update.

The criteria for the first one is the app not being installed.

For the second:

3631aba9b1c14369ae43491476f75ebb

The only thing that SUCKS is end users will get the popup to upgrade day 1 of the new release, so make sure you have your frequency set to weekly/monthly so you have time to test it before changing the value to the new version (and thus letting loose your install)

Come on December 2020!

Reply