Script is not running from JSS/Jamf Pro but will run locally

TajChana
New Contributor II

Im hoping someone will be able to help me. I feel like i am doing something wrong or missing something blatantly obvious.

I have a script that will download and install the latest version of Google Chrome. When its run as a Self Service Item the policy will fail but if the script is run locally on the client it runs with no issues..

Any help will be much appreciated.

#!/bin/sh

dmgfile="googlechrome.dmg"
volname="Google Chrome"
LOG=/Library/Logs/GoogleChrome_Update/Install.log
url='https://dl.google.com/chrome/mac/stable/GGRO/googlechrome.dmg'


echo "<-------------------START------------------->" 1>> $LOG
date 1>> $LOG

echo "`date`: Downloading latest version." >> $LOG 2>&1
curl  --output /tmp/"$dmgfile" "$url"
echo "`date`: Mounting installer disk image." >> $LOG 2>&1
hdiutil attach /tmp/"$dmgfile" -nobrowse -noverify -noautoopen
echo "`date`: Installing..." >> $LOG 2>&1
ditto -rsrc "/Volumes/$volname/Google Chrome.app" "/Applications/Google Chrome.app"
sleep 5
echo "`date`: Unmounting installer disk image." >> $LOG 2>&1
hdiutil detach $(/bin/df | grep "$volname" | awk '{print $1}') -quiet
sleep 5
echo "`date`: Deleting disk image." >> $LOG 2>&1
rm /tmp/"$dmgfile"

date 1>> $LOG
echo "<-------------------End------------------->" 1>> $LOG
exit 0
7 REPLIES 7

tthurman
Contributor III

Does it write anything in your log when it's failing?

kyle_bareis
New Contributor III

Hi @TajChana - couple things to check. First, I would highly recommend you run your script in a tool called Shell Check.net. You are using some older syntax which may cause issues. Additionally, login to your Jamf Pro Server and check the policy logs for any messages that help you narrow things down. Lastly, I would caution against a curl of a file off the internet without some short of check that the file was valid. If someone knows you are doing this, they could try a man in the middle attack via DNS and give you a bad package.

tthurman
Contributor III

You also might be able to utilize the GoogleSoftwareUpdate tool though...

/Users/<userDir>/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app

TajChana
New Contributor II

Thanks for the help guys.

I have been looking into this and am still struggling..

I have checked the logs in JamfPro and it shows its failed with no result code or reason for failure.

The script just fails to run as it doesnt even write back into the log that im writing to the client.

SimonLovett
New Contributor III

Hi TajChana.

I would check that the directory "/Library/Logs/GoogleChrome_Update" exists and is writeable.

I often save log files for scripts which will run as root into /usr/local to save having to create and remember lots of directories.

If that directory don't exist and you particularly want the logs there, then you could add
mkdir "/Library/Logs/GoogleChrome_Update"
before the line LOG=/Library/Logs/GoogleChrome_Update/Install.log.

If the directory does exist, then the mkdir command will fail with an error message, but that doesn't matter greatly.

You could also consider using the logger command to put the log entries into the system log and view them using the console application. https://developer.apple.com/legacy/library/documentation/Darwin/Reference/ManPages/man1/logger.1.html

I suspect curl requires a bash shell so your first line probably needs to be #!/bin/bash. Why it would work from the command line as sh but not for self service I am not sure. You could try creating two simple two liners scripts along the lines of

!/bin/sh

curl --output "/tmp/googledmg.dmg" 'https://dl.google.com/chrome/mac/stable/GGRO/googlechrome.dmg'
exit 0

and

!/bin/bash

curl --output "/tmp/googledmg.dmg" 'https://dl.google.com/chrome/mac/stable/GGRO/googlechrome.dmg'
exit 0

and then you could upload those two scripts to run them in self service to test that theory?

By troubleshooting each section in turn, you may be able to narrow down what is going wrong.

Best wishes, Simon.

StoneMagnet
Contributor III

@SimonCU Just FYI, a triple back-tick (`) before and after a code snippet will tell the forum software to preserve the formatting of a script like this:

#!/bin/bash
Your script here

SimonLovett
New Contributor III

Ok, I will give it a try ;)

#!/bin/bash
#############################
## SUGGEST PUT VARIABLES THAT YOU MAY NEED TO EDIT AT THE TOP
#############################
dmgfile="googlechrome.dmg"
volname="Google Chrome"
logfilepath="/usr/local" # The script will not attempt to create the path if it does not exist.
url='https://dl.google.com/chrome/mac/stable/GGRO/googlechrome.dmg'
##############################
svers="1.0"
LOG="$logfilepath/GoogleChromeUpdateInstall.log"
########################
# get timestamp in Epoch standard. Log files will then sort by date and name ;)
# tn=$( date +%s )  
# and create a new formatted logfile name so that log file names match
#LOG="$logfilepath/$tnChromeUpdateInstall.log"  log file format becomes example /Library/Logs1495736380ChromeUpdateInstall.log
# write to log
touch $LOG
echo "ok" >> $LOG
datenow=$( date )  >> $LOG
echo "$datenow Google Chrome installer version $svers successful startup" >> $LOG
curl  --output "/tmp/$dmgfile" "$url"  >> $LOG
echo "$datenow: Mounting installer disk image." >> $LOG
hdiutil attach "/tmp/$dmgfile" -nobrowse -noverify -noautoopen  >> $LOG
echo "$datenow: Copying..."  >> $LOG
ditto -rsrc "/Volumes/$volname/Google Chrome.app" "/Applications/Google Chrome.app" >> $LOG
sleep 5
echo "$datenow: Unmounting installer disk image." >> $LOG
hdiutil detach $(/bin/df | grep "$volname" | awk '{print $1}') -quiet >> $LOG
sleep 5
echo "$datenow: Deleting disk image." >> $LOG
rm "/tmp/$dmgfile" >> $LOG
echo "$datenow" >> $LOG
echo "<-------------------End------------------->" >> $LOG
exit 0