I'm developing an extension and I'm trying to use the enterprise.deviceAttributes API, but "This API is only for extensions pre-installed by policy.". How can I simulate a pre-installed by policy extension in sandbox so I can develop it?
Also, I noticed that this API is not "dev channel only" anymore, so now I can use it in production?
Question about Google Admin:
I will require the users to install my extension to their "children"* via Google Admin > Chrome Management > User Settings, so the user won't need to enroll devices, and the extension will be "installed by policy".
In this case, which devices aren't enrolled, can I still get the deviceID of the "children" with my extension and then call the Admin API to get device info?
*Children is an example, could be students, employees....
I found a workflow that doesn't require me to wait on approval from the Chrome Web Store, but it's a little clunky.
This was tried on a Chromebook in developer mode. I don't know if that matters.
Upload your extension as a draft to the Chrome Web Store
Note the ID assigned to your draft in the Chrome Web Store developer dashboard
In Google Admin, under Devices > Chrome > Apps & Extensions select "Add Chrome app or extension by ID"
Put in the extension ID from the developer dashboard
Change "From the Chrome Web Store" to "From a custom URL" and put in a junk URL
Make sure the extension is set to "Available" and not "Forced" (if it is set to forced you won't be able to manually install the extension)
Download the CRX file from the "package" section of your saved draft from the chrome web store and copy it to your Chromebook. Your CRX file will now be signed by the blessed Google keys
Drag it in to the chrome://extensions page on the Chromebook to install it
Disable the extension but do not uninstall it
Change the extension to "forced" in Google Admin
Go to chrome://policy and reload policies.
If you refresh chrome://extensions you should see that the extension is now force-enabled and should be running with enterprise.deviceAttributes permissions (assuming your extension requested them)
Related
I am creating a website that have a link to download my chrome CRX app to install it on chrome, the problem is whenever I try to download it it's give me an error that says: " Package is invalid: 'CRX_REQUESTED_PROOF_MISSING' ".
How can I fix this problem?
NOTE: my app is working when I install it using developer tools.
My manifest.json:
{"name":"MY_APP_NAME",
"version":"0.0.1",
"manifest_version":2,
"minimum_chrome_version":"37.0.0.0",
"permissions":["webview","power","storage","videoCapture","geolocation","pointerLock","system.display",{"fileSystem":["write","retainEntries","directory"]},"accessibilityFeatures.read","accessibilityFeatures.modify"],"app":{"background":{"scripts":["js/foam.js","js/cab.js","config.js","background_main.js"]}},
"default_locale":"en",
"icons":{"128":"img/128.png"}}
I'm also currently having this issue and trying to find workarounds for it. Unfortunately it seems that due to Chrome's security policy, plugins needs to go through their webstore in order to have the multiple levels of "proof" before chrome will accept it as a legit extension. So far it seems the only way to get it to work is to load it as an unpacked extension, go through the webstore, or force install it via group policy.
Links and refs:
https://developer.chrome.com/apps/external_extensions
https://support.google.com/chrome/a/answer/6306504?hl=en
https://github.com/oncletom/crx/issues/109
According to documentation, Chrome does not allow installing CRX from outside of their store, unless in developer mode or through enterprise policy: https://developer.chrome.com/extensions/hosting_changes, or on Linux (it's mentioned at the beginning of linux_hosting i linked in my previous comment).
So that may be a reason, because in their source, that "proof missing" error is returned only if either public key is missing, or "required key" is missing:
https://github.com/chromium/chromium/blob/c48c9b176af94f7ec65e20f21594524526d2a830/components/crx_file/crx_verifier.cc#L178
"required key" seems to be their predefined key:
https://github.com/chromium/chromium/blob/c48c9b176af94f7ec65e20f21594524526d2a830/components/crx_file/crx_verifier.cc#L134
and
https://github.com/chromium/chromium/blob/c48c9b176af94f7ec65e20f21594524526d2a830/components/crx_file/crx_verifier.cc#L42
I'm guessing that's the public part of Chrome Web Store key? There's no easy or even "practical" way to create signature that will match their key.
So, either it's the missing Chrome Web Signature key, or something is wrong with how we create signature using developer's key.
How can I distribute my extension if I cannot upload it to the Chrome Web Store for policy reasons?
These changes are effective only on Windows stable and beta channel. Users who want to get extensions that are not hosted on the Chrome Web Store can do so on Chrome dev/canary channels in Windows or on all Chrome channels in other operating systems.
What are the supported deployment options for extensions after this change?
Apart from users installing extensions from the Chrome Web Store, the following deployment options will be supported:
For OSX and Linux, extensions can be installed via a preferences JSON file.
For Windows, extensions can be installed via the Windows registry. In the Windows registry, ensure that the update_url registry key points to the following URL: https://clients2.google.com/service/update2/crx. Local .crx installs via the path registry key are deprecated. Note that this deployment option works only for Chrome Web Store hosted extensions, and update_url cannot point to any other host other than https://clients2.google.com/service/update2/crx.
For Enterprises, we’ll continue to support group policy to install extensions, irrespective of where the extensions are hosted. Note that the user's machine has to join a domain for GPO policy pushes to be effective.
We're making a Chrome extension that will be built specifically for organizations. They will specify it as a force-installed extension.
We've packed the extension with the latest crx3 format and verified that after packaging, we can install the extension in to Chrome by dragging it in to the extensions tab. It installs as expected and I've verified the extension ID is correct.
We have a test enterprise domain with a few chromebooks. We've gone through the process of specifying the custom app, but it's not showing up. I've verified the policy has updated both through the G Suite admin console and in chrome://policy on the users device. When looking at the policies, I see the extension we're force installed listed in the table on chrome://policy, but the extension itself isn't showing up in the extension list.
Is there a good way to debug why a managed extension isn't being installed from the enterprise policy?
After some trial and error, we solved the problem due to a mixup of URLs in the update XML created for versioning.
I have written a Chrome extension that uses the managed storage API to allow Google Apps administrators to configure its "options" via a policy name and value. When I install the extension I see a new section at chrome://policy for the extension and an indication that there are "No policies set."
I'm trying to figure out how to set this from the Google Apps management console. I have a Chrome management license and can install the extension, but I don't see any obvious place to define values for the extension's option as defined in its schema.json file.
I do see documentation at http://www.chromium.org/administrators/configuring-policy-for-extensions but I'm on a Chromebook and am assuming there is some way to specify this from admin.google.com for my domain.
Am I missing something obvious? Thanks.
We're still working on it :-) This is being tracked at https://code.google.com/p/chromium/issues/detail?id=361156 (sorry, only visible by project members for now) and we're targeting ChromeOS 37.
We're also interested in use cases you'd like to support via this API and the console. Please file bug reports or feature requests at crbug.com, using the Enterprise template.
This is now available in chromebox management console for managed devices under: Device Management -> Chrome App Management -> App Name, then "Upload configuration file".
We built a chrome extension to be used only inside our company by selective people. We do not want to publish this on chrome web store. We could do this before by just drag & drop the crx file in the extensions page.
But in the latest version of chrome(i use 35.x), we are not able to do this anymore. Whenever we try to install the crx file, chrome automatically disables it and shows a message
"This extension is not listed in the Chrome Web Store and may have been added without your knowledge"
with a link to https://support.google.com/chrome/answer/2811969 where it says
"You're seeing this notification because one or more of your Chrome extensions has been turned off to make Chrome safer. The extensions didn't come from the Chrome Web Store or were installed without your permission."
So, Does this mean we can never install crx file from now on? No workaround?
I know we can install using Group Policy method, but is that the only way we can do this?
Thanks in advance.
Yes, this has been disabled as a protection against malware.
The only workarounds I'm aware of are:
turn on Developer Mode and have users install as an unpacked extension after unzipping the CRX
publish unlisted or to a Google Group: https://support.google.com/chrome/a/answer/2663860?hl=en
If I want to install the Chrome App Launcher and navigate to https://chrome.google.com/webstore/launcher , then click the only button over there, that page will install Chrome App Launcher shortcut to my Windows taskbar without any confirmation from the operating system whatsoever.
If I use a different browser, other than Chrome, I get redirected to the Chrome Webstore, with a message "You will need Google Chrome to install most apps, extensions and themes." showing. I guess, Chrome is able to place a shortcut from within a web page to my Desktop/Taskbar via its inner methods, as it's a general executable and may do "a lot" on its own.
How can I add my (any) shortcut from within a web page rendered in Chrome the same (or another) way the Chrome App Launcher has been installed?
Sorry, the webstore has special powers in chrome which regular web sites don't get. This is how it can also install extensions and apps, see whether you have particular extensions and apps installed, etc. You can see API by which it gets these special privileges here.
This API is made available by chrome just to the webstore.