Unwelcome Apple surprise

This morning while reviewing new updates on my reposado server I saw this new update:

091-76348   macOS High Sierra                           2018-04-10 []

I didn’t think much of it; various “Install macOS High Sierra” updates have appeared in the softwareupdate catalogs since early in the High Sierra beta cycle: the App Store, when installing the “Install macOS High Sierra” application, downloads resources from these catalogs. (See https://managingosx.wordpress.com/2017/09/26/some-stuff-about-install-macos-high-sierra-app/ for more info).

But then I saw this cry for help on the munki-discuss list: https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!msg/munki-discuss/I9nA-340mO4/KVQTJMEGCgAJ

Apologies if this has been asked and answered already, but we’re in a desperate time crunch. This morning, on the second day of standardized testing for our district, High Sierra is appearing as a “regular update” instead of an App Store option, so naturally MSC offers it:

It appeared that “macOS High Sierra” was being offered as an Apple software update (which Munki was then offering to install).

Continue reading “Unwelcome Apple surprise” →

Advertisements

Updated notes on deploying images to iMac Pro

A brief update to https://managingosx.wordpress.com/2018/01/25/early-notes-on-deploying-images-to-imac-pro/ :

This is much easier now with 10.13.4, which has updated asr restore to handle some of the tasks needed when restoring an image to iMac Pro.

I still recommend using AutoDMG to generate a deployment image from a 10.13.4 Install macOS High Sierra.app (and optionally your own additional packages).

The one restore workflow I know works is this:

Start up the iMac Pro in Target Disk Mode. Connect it to another Mac running 10.13.4. Make sure that Mac also has an active Internet connection that can reach Apple’s servers.

As root:

asr restore --source osx_updated_180402-10.13.4-17E199.apfs.dmg --target /Volumes/Macintosh\ HD\ 1 --erase

Where --source points to the AutoDMG-generated deployment image, and --target points to the iMac Pro’s internal disk (mounted via Target Disk Mode). The restore session should look something like this:

# asr restore --source osx_updated_180402-10.13.4-17E199.apfs.dmg --target /Volumes/Macintosh\ HD --erase
Validating target...done
Validating source...done
Erase contents of /dev/disk4s1 (/Volumes/Macintosh HD)? [ny]: y
Retrieving scan information...done
Validating sizes...nx_kernel_mount:1359: : checkpoint search: largest xid 72, best xid 72 @ 143
done
Restoring  ....10....20....30....40....50....60....70....80....90....100
Verifying  ....10....20....30....40....50....60....70....80....90....100
Inverting target volume...done
Remounting target volume...done
Personalization over TDM succeeded

and you should have a working macOS 10.13.4 volume on the iMac Pro.

Using Munki to revert or downgrade software

Introduction

It might come as little surprise to find out that I use Munki in my organization to manage software installations on macOS.

Munki is really good at keeping software up-to-date. Every time it runs, it compares the versions it has on the server against the versions installed on the local machine and updates any software at a lower version than it has on the server.

Its default behavior when an item on the local machine has a higher version than that on the server is to leave it alone. This is great when you have users that for whatever reason need to test newer versions (or perhaps they are actually developing the newer version of the software).

I also use AutoPkg to automate finding new software updates and to import them into my Munki repo. For us, AutoPkg checks on approximately 50 items each day, importing anything new into my Munki repo into a testing catalog.

On Tuesday of this week, Mozilla released Firefox 59. AutoPkg found the new release and imported it into Munki as expected. On Wednesday, I noticed that AutoPkg had imported Firefox 60! I looked at the installed application, and its version was actually 60.0b3. Someone at Mozilla had goofed and pointed the “latest firefox release” link at the 60 beta. Later in the day this goof was remedied and the link once again returned Firefox 59.

But my AutoPkg run had occurred while the Mozilla site was offering 60.0b3, and so it was downloaded and added to my Munki’s repo’s testing catalog. 25 Macs in my organization (including my own laptop) now had Firefox 60.0b3 installed.

(Side note: because of the way Munki does version comparisons, when the final release of Firefox 60 comes out, if it is versioned as “60.0”,  Munki would not “upgrade” from 60.0b3 to 60.0 – “60.0b3” compares as higher than “60.0”.)

I wanted to configure Munki to downgrade any install of Firefox 60.0b3 to Firefox 59. Since by default Munki leaves higher versions alone, this is not exactly obvious how to do.

Continue reading “Using Munki to revert or downgrade software” →

MacAD.uk 2018 Conference Links

Here are some links from my presentation at Mac Admins and Developers UK 2018, “Imaging is Dead: Now What?”

Der Flounder, “Imaging will be dead soonish”: https://derflounder.wordpress.com/2017/01/10/imaging-will-be-dead-soon-ish/

AutoDMG: https://github.com/MagerValp/AutoDMG

Imagr: https://github.com/grahamgilbert/imagr

DeployStudio: http://www.deploystudio.com

Apple, “Upgrade macOS on a Mac at your institution”: https://support.apple.com/en-us/HT208020

Apple, “APFS and Imaging”: https://help.apple.com/deployment/macos/#/apd545ec8b69

Restoring an iMac Pro with Configurator: https://help.apple.com/configurator/mac/2.6/index.html?localePath=en.lproj#/apdebea5be51

createbootvolfromautonbi.py: https://github.com/munki/macadmin-scripts/blob/master/createbootvolfromautonbi.py

Bootstrappr: https://github.com/munki/bootstrappr

Erik Gomez, Custom DEP series: http://blog.eriknicolasgomez.com/2017/03/08/Custom-DEP-Part-1-An-Introduction/
http://blog.eriknicolasgomez.com/2017/03/08/Custom-DEP-Part-2-Creating-a-custom-package-and-deploying-Munki/
http://blog.eriknicolasgomez.com/2017/03/08/Custom-DEP-Part-3-Best-Practices/
http://blog.eriknicolasgomez.com/2017/03/08/Custom-DEP-Part-4-The-Future/
http://blog.eriknicolasgomez.com/2017/04/05/Custom-DEP-Part-5-Dynamic-InstallApplication/
http://blog.eriknicolasgomez.com/2017/04/27/Custom-DEP-Part-6-Vendor-Announcement-and-Presentation/
http://blog.eriknicolasgomez.com/2017/07/27/Custom-DEP-Part-7-Getting-started-with-AirWatch-9.1.3/

Victor Vranchan, Munkiing around with DEP: https://groob.io/posts/dep-micromdm-munki/

Post-credits scene (installinstallmacos.py): https://github.com/munki/macadmin-scripts/blob/master/installinstallmacos.py

Early notes on deploying images to iMac Pro

Overview

Here are some early notes on making and restoring a High Sierra deployment image to an iMac Pro.

“Wait, I thought imaging was dead! Especially imaging the iMac Pro with Secure Boot!” you may be thinking. My reply: “We’ll see, won’t we?” It’s early days here: we’re experimenting. Our experiments might lead to dead ends, or they might lead to useful results.

Continue reading “Early notes on deploying images to iMac Pro” →

Bootstrappr

A little while ago, I made a new Mac deployment tool available:

https://github.com/munki/bootstrappr

Bootstrappr is really nothing more than a Bash script that installs any packages it finds in an adjacent packages directory. There’s no GUI, no bells and whistles.

What is it for? Why would you use it?

You’d use it for installation-based deployment workflows on iMac Pro (and potentially any Mac).

Continue reading “Bootstrappr” →

macOS installation-based workflows

Perhaps you are starting to worry about the future of “imaging” as a deployment/initial configuration method for Macs.

(I’ll define “imaging” as block-copying the contents of a disk image file to a disk volume, and resulting in a bootable, fully-functional machine.)

If you are concerned about the future of imaging, you might want to start investigating macOS installation-based workflows for deployment/initial configuration.

The basic idea is this: a workflow that either installs macOS, or starts with the factory os installation. It then installs additional packages that serve to enroll the Mac in whatever your ongoing management system is (Jamf Pro, Filewave, Munki, etc). It then becomes the management system’s job to finish the initial setup of the machine.

Here are a few things you might want to look at:

Continue reading “macOS installation-based workflows” →