mtan93/Installomator
1
0
Fork 0
mirror of https://github.com/mtan93/Installomator.git synced 2026-03-23 05:10:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/dev' into dev

Browse Source
This commit is contained in:
Mischa van der Bent
2020-05-28 09:42:28 +02:00
parent b7ff0d296f 27ef27851b
commit a881df4e81
3 changed files with 263 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

196
Installomator.sh
View File

@@ -8,8 +8,8 @@
# inspired by the download scripts from William Smith and Sander Schram # inspired by the download scripts from William Smith and Sander Schram
# with additional ideas and contribution from Isaac Ordonez, Mann consulting # with additional ideas and contribution from Isaac Ordonez, Mann consulting
VERSION='0.1' VERSION='0.2'
VERSIONDATE='20200512' VERSIONDATE='20200518'
export PATH=/usr/bin:/bin:/usr/sbin:/sbin export PATH=/usr/bin:/bin:/usr/sbin:/sbin
@@ -106,10 +106,10 @@ BLOCKING_PROCESS_ACTION=prompt_user
# todos: # todos:
# TODO: better logging (or, really, any logging other than echo) # TODO: better logging (or, really, any logging other than echo)
# TODO: ?blockingProcesses for SharePointPlugin
# TODO: generic function Sparkle to get latest download # TODO: generic function Sparkle to get latest download
# TODO: ?notify user of errors # TODO: ?notify user of errors
# TODO: ?generic function to initiate a SparkleProcess # TODO: ?generic function to initiate a Sparkle Update
# TODO: better version retrieval and reporting, before and after install
# functions to help with getting info # functions to help with getting info
@@ -130,15 +130,24 @@ downloadURLFromGit() { # $1 git user name, $2 git repo name
gitusername=${1?:"no git user name"} gitusername=${1?:"no git user name"}
gitreponame=${2?:"no git repo name"} gitreponame=${2?:"no git repo name"}
if [[ $type == "pkgInDmg" ]]; then
filetype="dmg"
elif [[ $type == "pkgInZip" ]]; then
filetype="zip"
else
filetype=$type
fi
if [ -n "$archiveName" ]; then if [ -n "$archiveName" ]; then
downloadURL=$(curl --silent --fail "https://api.github.com/repos/$gitusername/$gitreponame/releases/latest" \ downloadURL=$(curl --silent --fail "https://api.github.com/repos/$gitusername/$gitreponame/releases/latest" \
| awk -F '"' "/browser_download_url/ && /$archiveName/ { print \$4 }") | awk -F '"' "/browser_download_url/ && /$archiveName/ { print \$4 }")
else else
downloadURL=$(curl --silent --fail "https://api.github.com/repos/$gitusername/$gitreponame/releases/latest" \ downloadURL=$(curl --silent --fail "https://api.github.com/repos/$gitusername/$gitreponame/releases/latest" \
| awk -F '"' "/browser_download_url/ && /$type/ { print \$4 }") | awk -F '"' "/browser_download_url/ && /$filetype/ { print \$4 }")
fi fi
if [ -z "$downloadURL" ]; then if [ -z "$downloadURL" ]; then
cleanupAndExit 9 "could not retrieve download URL for $gitusername/$gitreponame" echo "could not retrieve download URL for $gitusername/$gitreponame"
exit 9
else else
ScriptLogging "$downloadURL" ScriptLogging "$downloadURL"
return 0 return 0
@@ -182,6 +191,13 @@ case $label in
;; ;;
# label descriptions start here # label descriptions start here
autodmg)
# credit: Mischa van der Bent (@mischavdbent)
name="AutoDMG"
type="dmg"
downloadURL=$(downloadURLFromGit MagerValp AutoDMG)
expectedTeamID="5KQ3D3FG5H"
;;
googlechrome) googlechrome)
name="Google Chrome" name="Google Chrome"
type="dmg" type="dmg"
@@ -197,6 +213,21 @@ case $label in
updateToolArguments=( -runMode oneshot -userInitiated YES ) updateToolArguments=( -runMode oneshot -userInitiated YES )
updateToolRunAsCurrentUser=1 updateToolRunAsCurrentUser=1
;; ;;
googlejapaneseinput)
# credit: Tadayuki Onishi (@kenchan0130)
name="GoogleJapaneseInput"
type="pkgInDmg"
pkgName="GoogleJapaneseInput.pkg"
downloadURL="https://dl.google.com/japanese-ime/latest/GoogleJapaneseInput.dmg"
expectedTeamID="EQHXZ8M8AV"
;;
santa)
# credit: Tadayuki Onishi (@kenchan0130)
name="Santa"
type="pkgInDmg"
downloadURL=$(downloadURLFromGit google santa)
expectedTeamID="EQHXZ8M8AV"
;;
spotify) spotify)
name="Spotify" name="Spotify"
type="dmg" type="dmg"
@@ -236,7 +267,7 @@ case $label in
expectedTeamID="GVZRY6KDKR" expectedTeamID="GVZRY6KDKR"
;; ;;
suspiciouspackage) suspiciouspackage)
# credit: Mischa van der Bent # credit: Mischa van der Bent (@mischavdbent)
name="Suspicious Package" name="Suspicious Package"
type="dmg" type="dmg"
downloadURL="https://mothersruin.com/software/downloads/SuspiciousPackage.dmg" downloadURL="https://mothersruin.com/software/downloads/SuspiciousPackage.dmg"
@@ -252,7 +283,7 @@ case $label in
eraseinstall) eraseinstall)
name="EraseInstall" name="EraseInstall"
type="pkg" type="pkg"
downloadURL=$(curl -fs https://bitbucket.org/prowarehouse-nl/erase-install/downloads/ | grep pkg | cut -d'"' -f2 | head -n 1) downloadURL=https://bitbucket.org$(curl -fs https://bitbucket.org/prowarehouse-nl/erase-install/downloads/ | grep pkg | cut -d'"' -f2 | head -n 1)
expectedTeamID="R55HK5K86Y" expectedTeamID="R55HK5K86Y"
;; ;;
omnigraffle7) omnigraffle7)
@@ -304,21 +335,21 @@ case $label in
expectedTeamID="UPXU4CQZ5P" expectedTeamID="UPXU4CQZ5P"
;; ;;
boxdrive) boxdrive)
# credit: Isaac Ordonez, Mann consulting # credit: Isaac Ordonez, Mann consulting (@mannconsulting)
name="Box" name="Box"
type="pkg" type="pkg"
downloadURL="https://e3.boxcdn.net/box-installers/desktop/releases/mac/Box.pkg" downloadURL="https://e3.boxcdn.net/box-installers/desktop/releases/mac/Box.pkg"
expectedTeamID="M683GB7CPW" expectedTeamID="M683GB7CPW"
;; ;;
aviatrix) aviatrix)
# credit: Isaac Ordonez, Mann consulting # credit: Isaac Ordonez, Mann consulting (@mannconsulting)
name="Aviatrix VPN Client" name="Aviatrix VPN Client"
type="pkg" type="pkg"
downloadURL="https://s3-us-west-2.amazonaws.com/aviatrix-download/AviatrixVPNClient/AVPNC_mac.pkg" downloadURL="https://s3-us-west-2.amazonaws.com/aviatrix-download/AviatrixVPNClient/AVPNC_mac.pkg"
expectedTeamID="32953Z7NBN" expectedTeamID="32953Z7NBN"
;; ;;
zoom) zoom)
# credit: Isaac Ordonez, Mann consulting # credit: Isaac Ordonez, Mann consulting (@mannconsulting)
name="Zoom.us" name="Zoom.us"
type="pkg" type="pkg"
downloadURL="https://zoom.us/client/latest/ZoomInstallerIT.pkg" downloadURL="https://zoom.us/client/latest/ZoomInstallerIT.pkg"
@@ -326,21 +357,21 @@ case $label in
blockingProcesses=( zoom.us ) blockingProcesses=( zoom.us )
;; ;;
sonos) sonos)
# credit: Erik Stam # credit: Erik Stam (@erikstam)
name="Sonos" name="Sonos"
type="dmg" type="dmg"
downloadURL="https://www.sonos.com/redir/controller_software_mac" downloadURL="https://www.sonos.com/redir/controller_software_mac"
expectedTeamID="2G4LW83Q3E" expectedTeamID="2G4LW83Q3E"
;; ;;
coderunner) coderunner)
# credit: Erik Stam # credit: Erik Stam (@erikstam)
name="CodeRunner" name="CodeRunner"
type="zip" type="zip"
downloadURL="https://coderunnerapp.com/download" downloadURL="https://coderunnerapp.com/download"
expectedTeamID="R4GD98AJF9" expectedTeamID="R4GD98AJF9"
;; ;;
openvpnconnect) openvpnconnect)
# credit: Erik Stam # credit: Erik Stam (@erikstam)
name="OpenVPN" name="OpenVPN"
type="pkgInDmg" type="pkgInDmg"
pkgName="OpenVPN_Connect_Installer_signed.pkg" pkgName="OpenVPN_Connect_Installer_signed.pkg"
@@ -360,38 +391,46 @@ case $label in
expectedTeamID="2BUA8C4S2C" expectedTeamID="2BUA8C4S2C"
;; ;;
webexmeetings) webexmeetings)
# credit: Erik Stam # credit: Erik Stam (@erikstam)
name="Cisco Webex Meetings" name="Cisco Webex Meetings"
type="pkgInDmg" type="pkgInDmg"
downloadURL="https://akamaicdn.webex.com/client/webexapp.dmg" downloadURL="https://akamaicdn.webex.com/client/webexapp.dmg"
expectedTeamID="DE8Y96K9QP" expectedTeamID="DE8Y96K9QP"
;; ;;
webexteams) webexteams)
# credit: Erik Stam # credit: Erik Stam (@erikstam)
name="Webex Teams" name="Webex Teams"
type="pkgInDmg" type="dmg"
downloadURL="https://binaries.webex.com/WebexTeamsDesktop-MACOS-Gold/WebexTeams.dmg" downloadURL="https://binaries.webex.com/WebexTeamsDesktop-MACOS-Gold/WebexTeams.dmg"
expectedTeamID="DE8Y96K9QP" expectedTeamID="DE8Y96K9QP"
;; ;;
citrixworkspace) citrixworkspace)
# credit: Erik Stam # credit: Erik Stam (@erikstam)
name="Citrix Workspace" name="Citrix Workspace"
type="pkgInDmg" type="pkgInDmg"
downloadURL="https://downloads.citrix.com/17596/CitrixWorkspaceApp.dmg?__gda__=1588183500_fc68033aef7d6d163d8b8309b964f1de" downloadURL="https://downloads.citrix.com/17596/CitrixWorkspaceApp.dmg?__gda__=1588183500_fc68033aef7d6d163d8b8309b964f1de"
expectedTeamID="S272Y5R93J" expectedTeamID="S272Y5R93J"
;; ;;
privileges) privileges)
# credit: Erik Stam # credit: Erik Stam (@erikstam)
name="Privileges" name="Privileges"
type="zip" type="zip"
downloadURL=$(downloadURLFromGit sap macOS-enterprise-privileges ) downloadURL=$(downloadURLFromGit sap macOS-enterprise-privileges )
expectedTeamID="7R5ZEU67FQ" expectedTeamID="7R5ZEU67FQ"
;; ;;
icons)
# credit: Mischa van der Bent (@mischavdbent)
name="Icons"
type="zip"
downloadURL=$(downloadURLFromGit sap macOS-icon-generator )
expectedTeamID="7R5ZEU67FQ"
;;
googledrivefilestream) googledrivefilestream)
# credit: Isaac Ordonez, Mann consulting # credit: Isaac Ordonez, Mann consulting (@mannconsulting)
name="Google Drive File Stream" name="Google Drive File Stream"
type="pkgInDmg" type="pkgInDmg"
downloadURL="https://dl.google.com/drive-file-stream/GoogleDriveFileStream.dmg" downloadURL="https://dl.google.com/drive-file-stream/GoogleDriveFileStream.dmg"
pkgName="GoogleDriveFileStream.pkg"
expectedTeamID="EQHXZ8M8AV" expectedTeamID="EQHXZ8M8AV"
;; ;;
plisteditpro) plisteditpro)
@@ -406,6 +445,13 @@ case $label in
downloadURL="https://slack.com/ssb/download-osx" downloadURL="https://slack.com/ssb/download-osx"
expectedTeamID="BQR82RBBHL" expectedTeamID="BQR82RBBHL"
;; ;;
sublimetext)
# credit: Mischa van der Bent (@mischavdbent)
name="Sublime Text"
type="dmg"
downloadURL="https://download.sublimetext.com/latest/stable/osx"
expectedTeamID="Z6D26JE4Y4"
;;
githubdesktop) githubdesktop)
name="GitHub Desktop" name="GitHub Desktop"
type="zip" type="zip"
@@ -481,6 +527,74 @@ case $label in
downloadURL=$(curl -fs https://royaltsx-v4.royalapps.com/updates_stable | xpath '//rss/channel/item[1]/enclosure/@url' 2>/dev/null | cut -d '"' -f 2) downloadURL=$(curl -fs https://royaltsx-v4.royalapps.com/updates_stable | xpath '//rss/channel/item[1]/enclosure/@url' 2>/dev/null | cut -d '"' -f 2)
expectedTeamID="VXP8K9EDP6" expectedTeamID="VXP8K9EDP6"
;; ;;
appcleaner)
# credit: Tadayuki Onishi (@kenchan0130)
name="AppCleaner"
type="zip"
downloadURL=$(curl -fs https://freemacsoft.net/appcleaner/Updates.xml | xpath '//rss/channel/*/enclosure/@url' 2>/dev/null | tr " " "\n" | sort | tail -1 | cut -d '"' -f 2)
expectedTeamID="X85ZX835W9"
;;
karabinerelements)
# credit: Tadayuki Onishi (@kenchan0130)
name="Karabiner-Elements"
type="pkgInDmg"
downloadURL=$(downloadURLFromGit pqrs-org Karabiner-Elements)
expectedTeamID="G43BCU2T37"
;;
postman)
# credit: Mischa van der Bent
name="Postman"
type="zip"
downloadURL="https://dl.pstmn.io/download/latest/osx"
expectedTeamID="H7H8Q7M5CK"
;;
jamfpppcutility)
# credit: Mischa van der Bent
name="PPPC Utility"
type="zip"
downloadURL=$(downloadURLFromGit jamf PPPC-Utility)
expectedTeamID="483DWKW443"
;;
jamfmigrator)
# credit: Mischa van der Bent
name="jamf-migrator"
type="zip"
downloadURL=$(downloadURLFromGit jamf JamfMigrator)
expectedTeamID="PS2F6S478M"
;;
jamfreenroller)
# credit: Mischa van der Bent
name="ReEnroller"
type="zip"
downloadURL=$(downloadURLFromGit jamf ReEnroller)
expectedTeamID="PS2F6S478M"
;;
adobereaderdc)
name="Adobe Acrobat Reader DC"
type="pkgInDmg"
downloadURL=$(adobecurrent=`curl -s https://armmf.adobe.com/arm-manifests/mac/AcrobatDC/reader/current_version.txt | tr -d '.'` && echo http://ardownload.adobe.com/pub/adobe/reader/mac/AcrobatDC/"$adobecurrent"/AcroRdrDC_"$adobecurrent"_MUI.dmg)
expectedTeamID="JQ525L2MZD"
blockingProcesses=( "AdobeReader" )
;;
signal)
# credit: Søren Theilgaard
name="Signal"
type="dmg"
downloadURL=https://updates.signal.org/desktop/$(curl -fs https://updates.signal.org/desktop/latest-mac.yml | awk '/url/ && /dmg/ {print $3}')
expectedTeamID="U68MSDN6DR"
;;
docker)
name="Docker"
type="dmg"
downloadURL="https://download.docker.com/mac/stable/Docker.dmg"
expectedTeamID="9BNSXJN65R"
;;
brave)
name="Brave"
type="dmg"
downloadURL="https://laptop-updates.brave.com/latest/osx"
expectedTeamID="9BNSXJN65R"
;;
# Note: Packages is signed but _not_ notarized, so spctl will reject it # Note: Packages is signed but _not_ notarized, so spctl will reject it
@@ -651,7 +765,6 @@ case $label in
;; ;;
# these descriptions exist for testing and are intentionally broken # these descriptions exist for testing and are intentionally broken
brokendownloadurl) brokendownloadurl)
name="Google Chrome" name="Google Chrome"
@@ -754,7 +867,7 @@ checkRunningProcesses() {
countedProcesses=0 countedProcesses=0
for x in ${blockingProcesses}; do for x in ${blockingProcesses}; do
if pgrep -xq "$x"; then if pgrep -xq "$x"; then
ScriptLogging "found blocking process $x" echo "found blocking process $x"
case $BLOCKING_PROCESS_ACTION in case $BLOCKING_PROCESS_ACTION in
kill) kill)
@@ -822,7 +935,7 @@ installAppWithPath() { # $1: path to app to install in $targetDir
cleanupAndExit 6 "not running as root, exiting" cleanupAndExit 6 "not running as root, exiting"
fi fi
ScriptLogging "DEBUG enabled, skipping copy and chown steps" echo "DEBUG enabled, skipping copy and chown steps"
return 0 return 0
fi fi
@@ -841,7 +954,7 @@ installAppWithPath() { # $1: path to app to install in $targetDir
# set ownership to current user # set ownership to current user
if [ "$currentUser" != "loginwindow" ]; then if [ "$currentUser" != "loginwindow" ]; then
ScriptLogging "Changing owner to $currentUser" echo "Changing owner to $currentUser"
chown -R "$currentUser" "$targetDir/$appName" chown -R "$currentUser" "$targetDir/$appName"
else else
ScriptLogging "No user logged in, not changing user" ScriptLogging "No user logged in, not changing user"
@@ -862,7 +975,7 @@ mountDMG() {
cleanupAndExit 3 cleanupAndExit 3
fi fi
ScriptLogging "Mounted: $dmgmount" echo "Mounted: $dmgmount"
} }
installFromDMG() { installFromDMG() {
@@ -895,7 +1008,7 @@ installFromPKG() {
# check for root # check for root
if [ "$(whoami)" != "root" ]; then if [ "$(whoami)" != "root" ]; then
# not running as root # not running as root
ScriptLogging "not running as root, exiting" echo "not running as root, exiting"
cleanupAndExit 6 cleanupAndExit 6
fi fi
@@ -919,12 +1032,19 @@ installPkgInDmg() {
mountDMG mountDMG
# locate pkg in dmg # locate pkg in dmg
if [[ -z $pkgName ]]; then if [[ -z $pkgName ]]; then
pkgName="$name.pkg" # find first file ending with 'pkg'
findfiles=$(find -X "$dmgmount" -iname "*.pkg" -maxdepth 1 )
filearray=( ${(0)findfiles} )
if [[ ${#filearray} -eq 0 ]]; then
cleanupAndExit 20 "couldn't find pkg in dmg $archiveName"
fi
archiveName="${filearray[1]}"
echo "found pkg: $archiveName"
else
# it is now safe to overwrite archiveName for installFromPKG
archiveName="$dmgmount/$pkgName"
fi fi
# it is now safe to overwrite archiveName for installFromPKG
archiveName="$dmgmount/$pkgName"
# installFromPkgs # installFromPkgs
installFromPKG installFromPKG
} }
@@ -936,12 +1056,20 @@ installPkgInZip() {
# locate pkg in zip # locate pkg in zip
if [[ -z $pkgName ]]; then if [[ -z $pkgName ]]; then
pkgName="$name.pkg" # find first file starting with $name and ending with 'pkg'
findfiles=$(find -X "$tmpDir" -iname "${name}*.pkg" -maxdepth 1 )
filearray=( ${(0)findfiles} )
if [[ ${#filearray} -eq 0 ]]; then
cleanupAndExit 20 "couldn't find pkg in zip $archiveName"
fi
archiveName="${filearray[1]}"
# it is now safe to overwrite archiveName for installFromPKG
echo "found pkg: $archiveName"
else
# it is now safe to overwrite archiveName for installFromPKG
archiveName="$tmpDir/$pkgName"
fi fi
# it is now safe to overwrite archiveName for installFromPKG
archiveName="$tmpDir/$pkgName"
# installFromPkgs # installFromPkgs
installFromPKG installFromPKG
} }

19
Labels.txt
View File

@@ -1,25 +1,37 @@
1password7 1password7
adobereaderdc
appclener
atom atom
autodmg
aviatrix aviatrix
bbedit bbedit
brave
citrixworkspace citrixworkspace
coderunner coderunner
cyberduck cyberduck
depnotify depnotify
desktoppr desktoppr
discord discord
docker
dropbox dropbox
eraseinstall eraseinstall
firefox firefox
githubdesktop githubdesktop
googlechrome googlechrome
googlechromepkg googlechromepkg
googlejapaneseinput
googledrivefilestream googledrivefilestream
grandperspective grandperspective
handbrake handbrake
icons
iterm2 iterm2
jamfpppcutility
jamfmigrator
jamfreenroller
karabinerelements
malwarebytes malwarebytes
microsoftautoupdate microsoftautoupdate
microsoftcompanyportal
microsoftdefenderatp microsoftdefenderatp
microsoftedgeconsumerstable microsoftedgeconsumerstable
microsoftedgeenterprisestable microsoftedgeenterprisestable
@@ -30,7 +42,10 @@ microsoftonedrive
microsoftonenote microsoftonenote
microsoftoutlook microsoftoutlook
microsoftpowerpoint microsoftpowerpoint
microsoftremotedesktop
microsoftsharepointplugin microsoftsharepointplugin
microsoftskypeforbusiness
microsoftteams
microsoftword microsoftword
netnewswire netnewswire
omnifocus3 omnifocus3
@@ -38,13 +53,17 @@ omnigraffle7
openvpnconnect openvpnconnect
pacifist pacifist
plisteditpro plisteditpro
postman
privileges privileges
resiliosynchome resiliosynchome
royaltsx royaltsx
santa
signal
slack slack
sonos sonos
sourcetree sourcetree
spotify spotify
sublimetext
suspiciouspackage suspiciouspackage
teamviewer teamviewer
textmate textmate

47
README.md
View File

@@ -283,4 +283,51 @@ Depending on the application or pkg there are a few more variables you can or ne
- `updateToolRunAsCurrentUser`: - `updateToolRunAsCurrentUser`:
When this variable is set (any value), `$updateTool` will be run as the current user. Default is unset and When this variable is set (any value), `$updateTool` will be run as the current user. Default is unset and
## Frequently Asked Questions
### What if the latest version of the app is already installed?
Short answer: Installomator will re-download and re-install the latest over the existing installation.
Longer answer:
Installomator will try to find a currently installed app to log the version. When Installomator finds an existing app (any version) and the `updateTool` variable is set, then Installomator will _not_ download and install, but run the `updateTool` instead.
However, there is no simple generic method to actually determine the latest version of an application or installer.
We deploy Installomator usually for user initiated installations from Self Service, so re-installs don't really 'hurt' and may be a useful troubleshooting step.
When you want to have automated installations, you can use smart groups based on the app version to limit excessive re-installations.
### Why don't you just use `autopkg install`?
Short answer: `autopkg` is not designed or suited for this kind of workflow
Long answer:
The motivation to not re-invent the wheel and use and existing tool is understandable. However, `autopkg` was not designed with this use case in mind and has a few significant downsides.
First, you would have to deploy and manage autopkg on all the clients. But to do its work, `autopkg` requires recipes. So, you have to install, and update the recipe repos on the client, as well. For security reasons, you _really_ should only run trusted recipes, so you need to install and update your personal recipe overrides as well.
The recipes you use are probably spread across multiple community provided recipe-repos, so we have `autopkg` itself, several recipe-repos, and your overrides that we need to manage, each of which may need to be updated at any time.
The community recipe-repos contain several recipes for different applications. When you add a recipe-repo for an app you want, you will also install all the other recipes from that repo.
The `autopkg install` does _not_ require root or even administrative privileges. _Any_ user (even standard users) on the system can now install any of the random recipes that came with the community repos.
To prevent users installing random apps from the community repos, you can curate your own recipe-repo from the community repos and push that to the clients. At this point, you are managing autopkg, your curated repo, your recipe overrides on the clients and handling the additional work of curating and updating your recipe-repo and the overrides.
In addition, a really savvy user (or a malicious attacker) could build their own recipe and run it using the pre-installed `autopkg` you installed.
And then consider what your CISO department (if you have one) would say about the `autopkgserver` and `autopkginstalld` daemons running on all the clients...
At this point it would be easier to use AutoPkg the way it was intended: on a single admin Mac, and let it upload the pkgs to your management system, which deploys them. Each tool is doing what it is designed for.
Please don't misunderstand this as me saying that AutoPkg is a bad or poorly designed tool. AutoPkg is amazing, powerful, and useful. The [Scripting OS X recipe-repo](https://github.com/autopkg/scriptingosx-recipes) is one of the older repos. AutoPkg is valuable tool to help admins with many apps that cannot be automated with tools like Installomator, and with deployment strategies that require more control.
But it is not suited as a client install automation tool.
### Why don't you just use brew?
Read the explanation for `autopkg`, pretty much the same applies for `brew`, i.e. While it is useful on a single Mac, it is a un-manageable mess when you think about deploying and managing on a fleet of computers.