Homebrew is designed to be installed and managed by a single, admin end user. The default install process for Homebrew is to:

• download a script with curl

• run it with bash

The install script has a few assumptions built in, including that the user account exists already and that you’re using one device per user.

These prerequisites present challenges for deploying via mobile device management (MDM) systems like Jamf or Kandji::

• You have to have a preexisting user account with admin access

• There's one user account per device, which is frequently true, but not in all cases.

• Users must run Homebrew directly or the MDM-run script must figure out the name of the user on the system to drop privileges to as MDM scripts are run as root and Homebrew refuses to be run as root.

Take, for example, educational use cases where lots of Mac users have many different accounts logging into the same machine. Homebrew assumes that it's one device to one admin user.

Tools to solve MDM + Homebrew challenges

Homebrew’s PKG installer

The Homebrew PKG Installer allows you to install Homebrew with your MDM tool.

This package installs Homebrew just like you usually would, from the script, but it still needs to be run after account creation. So you’d need to provision the machines, create the user accounts only after the user has logged in for the first time once their account is set up, and push the PKG out to the end points.

It also requires an internet connection after installation to complete successfully.

These tools assist an IT Administrator with their fleet of Macs, but none of them are “zero-touch”: each of them has a trade-off with either manual intervention, or needing to produce some custom glue code.

Strap

Strap, built by Workbrew co-founder Mike McQuaid, is an open source project that bootstraps a new machine, and installs Homebrew. It can’t be done in a fully unattended way, but if you’re using Homebrew to onboard new admin developers getting company-owned machines they control, it’s pretty easy to use. It’s been extended and improved by Workbrew’s “Bootstrap” feature.

Workbrew’s approach to “Zero-touch provisioning”

One of the reasons we started Workbrew was to help enterprises use Homebrew at scale, especially with this use case.

Inside your MDM system, it’s possible to provision machines individually, or automatically every time a new machine is onboarded before a user has even been created. It’s also possible to have non-admin users use Homebrew and this can be decided on a user-by-user basis.

When a machine is provisioned with the Workbrew Installer using the Workbrew-provided MDM script Workbrew Bootstrap feature, it will show up in the Workbrew Console as a Device and update status periodically.

If you need zero-touch provisioning of Homebrew today, try Workbrew.