High Sierra FV Conversion Failure

When you upgrade to High Sierra, not only are you getting a new OS, but if your Mac has all-SSD storage, you are getting an all-new filesystem: APFS. This means your startup disk gets converted from HFS+ to APFS during the High Sierra upgrade.

More changes means more chances for things to go wrong. A colleague walked into my office today: he’d just upgraded his Mac to High Sierra, and now it was sitting at the Filevault pre-boot authentication screen. But instead of an icon for his account, there was a hard drive icon and the label “Disk Password”. His account password did not work to unlock this disk, and neither did the Personal Recovery Key.

Looked like the APFS conversion didn’t do everything it needed…

Fortunately Nick McSpadden had seen this before and let me in on a fix:

  1. Boot into Recovery HD
  2. Open Terminal.app
  3. Run diskutil apfs list to get the ‘regular’ boot drive (disk2s1 in this case)
  4. Run diskutil apfs unlockvolume disk2s1 to unlock the drive. The user’s normal password worked here.
  5. Run diskutil apfs updatePreboot disk2s1

This last command sprayed a ton of text to the screen. After this, we rebooted, and the expected disk unlock screen came up, with an icon for the user’s account. He was able to successfully authenticate and the Mac proceeded to boot. Crisis adverted!

Advertisements
High Sierra FV Conversion Failure

Stupid Install macOS High Sierra Tricks

While working on solving the problem of not getting a “stub” Install macOS High Sierra application, I stumbled across another way to get a full installer.

I present this merely as an oddity and a point of interest. I make no claims as to whether or not you should use this information in any way for ill or for good.

If you run a local Apple software update server, you may have noticed a new product: product ID 091-34298 — “Install macOS High Sierra”.  I use Reposado to run a local softwareupdate server:

# ./repoutil --info 091-34298
Product:       091-34298
Title:         Install macOS High Sierra
Version:       10.13
Size:          5.8 GB
Post Date:     2017-09-25 16:56:37
RestartNeeded: No
Status:        Downloaded
Location:      /disk1/swupd/html/content/downloads/04/61/091-34298
AppleCatalogs:
               https://swscan.apple.com/content/catalogs/others/index-10.11-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog
               https://swscan.apple.com/content/catalogs/others/index-10.12-10.11-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog
               https://swscan.apple.com/content/catalogs/others/index-10.13-10.12-10.11-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog
Branches:
               release
               testing
HTML Description:
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head><title></title></head>
<body></body>
</html>

We can use the location printed above to find the actual files on disk:

# ls /disk1/swupd/html/content/downloads/04/61/091-34298/almpfkbhyxnsgbxxqhoqo7sb40w3uip0wk/
091-34298.ar.dist        091-34298.ru.dist
091-34298.ca.dist        091-34298.sk.dist
091-34298.cs.dist        091-34298.Spanish.dist
091-34298.da.dist        091-34298.sv.dist
091-34298.Dutch.dist     091-34298.th.dist
091-34298.el.dist        091-34298.tr.dist
091-34298.English.dist   091-34298.uk.dist
091-34298.es_419.dist    091-34298.vi.dist
091-34298.fi.dist        091-34298.zh_CN.dist
091-34298.French.dist    091-34298.zh_TW.dist
091-34298.German.dist    AppleDiagnostics.chunklist
091-34298.he.dist        AppleDiagnostics.dmg
091-34298.hi.dist        BaseSystem.chunklist
091-34298.hr.dist        BaseSystem.dmg
091-34298.hu.dist        InstallAssistantAuto.pkg
091-34298.id.dist        InstallAssistantAuto.pkm
091-34298.Italian.dist   InstallAssistantAuto.smd
091-34298.Japanese.dist  InstallESDDmg.chunklist
091-34298.ko.dist        InstallESDDmg.pkg
091-34298.ms.dist        InstallESDDmg.pkm
091-34298.no.dist        InstallInfo.plist
091-34298.pl.dist        OSInstall.mpkg
091-34298.pt.dist        RecoveryHDMetaDmg.pkg
091-34298.pt_PT.dist     RecoveryHDMetaDmg.pkm
091-34298.ro.dist

The contents of a softwareupdate product directory are very much like an exploded/expanded distribution package. Not very well-known is that we can sometimes trick Apple’s installer to install these. If we can get this directory copied to (or mounted via afp, smb or nfs on) a Mac (my Reposado server is on a Linux box), we can do this:

sudo installer -pkg /path/to/091-34298.English.dist -target /

or

open /path/to/091-34298.English.dist -a Installer.app

If you do the latter, you’ll need to click through the Installer like you would with any other package.

The result? A functional “Install macOS High Sierra.app” in /Applications.

Stupid Install macOS High Sierra Tricks

Some stuff about Install macOS High Sierra.app

Now that macOS 10.13 High Sierra is out, it’s time to start taking about High Sierra stuff!

Munki 3 added support for upgrading macOS via the Install macOS.app for Sierra and High Sierra. A Munki admin need only download the installer from the App Store, and do

munkiimport /Applications/Install\ macOS\ High\ Sierra.app

to import the High Sierra installer into their Munki repo.

But there’s a wrinkle. Many people (including yours truly) were sometimes getting an installer application “stub” when downloading the Install macOS High Sierra application from the App Store. This “stub” application did not include the Contents/SharedSupport folder or its (very important) contents. The needed resources were instead downloaded “on-the-fly” when you ran the Install macOS High Sierra application.

This “stub” application is not useful as something to import into your Munki repo, or to use with AutoDMG or autonbi, or similar things. For these you really want the full installer, that is, one that contains all the needed installation resources in Contents/SharedSupport.

Many theories and ideas were put forth as to what caused one to get the stub vs the full installer. While I’m still not 100% sure about this, I think we’ve narrowed in on the cause.

It appears that when the App Store is downloading the installer app, it also uses softwareupdate to get the resources that normally reside in Contents/SharedSupport. If com.apple.SoftwareUpdate has been configured to use a CatalogURL that points to a softwareupdate catalog that does not contain product URLs for the needed Install macOS High Sierra resources, you get the “stub” application instead.

If, however, softwareupdate is using either Apple’s default CatalogURL, or is pointed to an internal CatalogURL that contains the needed products, you get the full installer.

Currently, the needed resources are Product 091-34298, “Install macOS High Sierra”, but this will almost certainly change over time.

TL;DR: to get a full High Sierra installer from the App Store, make sure softwareupdate is pointed at Apple’s softwareupdate servers or an internal server in which you have synced and made available the “Install macOS High Sierra” product.

Thanks to many people on the MacAdmins Slack for chipping in with their observations.

Some stuff about Install macOS High Sierra.app

Upcoming 2017 Mac Admin conferences

I’ll be attending and speaking at the following upcoming Mac admin conferences:

macdevopsMacDevOps YVR

June 5-6, 2017, Vancouver, Canada. An intimate conference, focused on more technical aspects of managing and operating a Mac environment. And it doesn’t get dark until after 10pm. Trippy! If you didn’t get a ticket for WWDC, join us in Vancouver!

 


psumacadminsPSU Mac Admins

July 11-14, 2017, State College, PA, USA. A large, multitrack conference with sessions for beginners to experts. Lots of EDU content. Don’t forget to visit the Berkey Creamery!

 


macsysadminMacSysAdmin

October 3-6, 2017, Gothenburg, Sweden. A medium-size conference in one of the most welcoming cities in Europe. Sessions for beginners to experts, and lots of social events outside the regular conference hours.


Tickets are still available for all three conferences!

Upcoming 2017 Mac Admin conferences

Sample code for MacADUK 2017: Introduction to PyObjC

If you will be attending my session at MacADUK 2017, you might find it useful to have copies of the sample Python code and scripts I’ll be talking about and demonstrating.

I’ve set up a GitHub repo. The sample code is basically complete, but I might make some minor changes over the next several days.

You can download the code samples here: https://github.com/gregneagle/macaduk2017/archive/master.zip

or if you are familiar with Git, you can clone them locally:
git clone https://github.com/gregneagle/macaduk2017.git

Hope to see you in London!

Sample code for MacADUK 2017: Introduction to PyObjC