PSU MacAdmins 2019 Packaging Workshop Course Materials

July 5, 2019July 7, 2019 GregNpsumacadmins1 Comment

If you are participating in my packaging workshop next week at Penn State, please prepare in advance by downloading these items. (Don’t install them, just download them):

Sample packages (new — added July 7):
https://www.dropbox.com/s/lyhv517en1mo8gy/packages.zip?dl=0

Firefox disk image:
https://download.mozilla.org/?product=firefox-latest&os=osx&lang=en-US

Google Chrome disk image:
https://dl.google.com/chrome/mac/stable/GGRO/googlechrome.dmg

Suspicious Package
http://www.mothersruin.com/software/SuspiciousPackage/

Pacifist
https://www.charlessoft.com

WhiteBox Packages:
http://s.sudre.free.fr/Software/files/Packages.dmg

munki-pkg:
https://github.com/munki/munki-pkg/archive/master.zip

Sure, you can also try downloading these items the morning of the workshop, but why tempt the WiFi spirits?

PSU MacAdmins 2018 Links

July 11, 2018July 11, 2018 GregN

Here are some links from my presentation at the 2018 MacAdmins Conference at Penn State, “Imaging is Dead: Now What?”

Der Flounder, “Imaging will be dead soonish”: https://derflounder.wordpress.com/2017/01/10/imaging-will-be-dead-soon-ish/

AutoDMG: https://github.com/MagerValp/AutoDMG

Imagr: https://github.com/grahamgilbert/imagr

DeployStudio: http://www.deploystudio.com

Apple, “Upgrade macOS on a Mac at your institution”: https://support.apple.com/en-us/HT208020

Apple, “APFS and Imaging”: https://help.apple.com/deployment/macos/#/apd545ec8b69

Apple, “Restoring an iMac Pro with Configurator”: https://help.apple.com/configurator/mac/2.6/index.html?localePath=en.lproj#/apdebea5be51

Apple, “How to create a bootable installer for macOS”: https://support.apple.com/en-us/HT201372

createbootvolfromautonbi.py: https://github.com/munki/macadmin-scripts/blob/master/createbootvolfromautonbi.py

Bootstrappr: https://github.com/munki/bootstrappr

Erik Gomez, Custom DEP series: http://blog.eriknicolasgomez.com/2017/03/08/Custom-DEP-Part-1-An-Introduction/
http://blog.eriknicolasgomez.com/2017/03/08/Custom-DEP-Part-2-Creating-a-custom-package-and-deploying-Munki/
http://blog.eriknicolasgomez.com/2017/03/08/Custom-DEP-Part-3-Best-Practices/
http://blog.eriknicolasgomez.com/2017/03/08/Custom-DEP-Part-4-The-Future/
http://blog.eriknicolasgomez.com/2017/04/05/Custom-DEP-Part-5-Dynamic-InstallApplication/
http://blog.eriknicolasgomez.com/2017/04/27/Custom-DEP-Part-6-Vendor-Announcement-and-Presentation/
http://blog.eriknicolasgomez.com/2017/07/27/Custom-DEP-Part-7-Getting-started-with-AirWatch-9.1.3/

Victor Vranchan, “Munkiing around with DEP”: https://groob.io/posts/dep-micromdm-munki/

Armin Briegel, “macOS Installation for Apple Administrators”: https://scriptingosx.com/macos-installation-for-apple-administrators/

installinstallmacos.py: https://github.com/munki/macadmin-scripts/blob/master/installinstallmacos.py

Using Munki to revert or downgrade software

March 15, 2018March 15, 2018 GregN

Introduction

It might come as little surprise to find out that I use Munki in my organization to manage software installations on macOS.

Munki is really good at keeping software up-to-date. Every time it runs, it compares the versions it has on the server against the versions installed on the local machine and updates any software at a lower version than it has on the server.

Its default behavior when an item on the local machine has a higher version than that on the server is to leave it alone. This is great when you have users that for whatever reason need to test newer versions (or perhaps they are actually developing the newer version of the software).

I also use AutoPkg to automate finding new software updates and to import them into my Munki repo. For us, AutoPkg checks on approximately 50 items each day, importing anything new into my Munki repo into a testing catalog.

On Tuesday of this week, Mozilla released Firefox 59. AutoPkg found the new release and imported it into Munki as expected. On Wednesday, I noticed that AutoPkg had imported Firefox 60! I looked at the installed application, and its version was actually 60.0b3. Someone at Mozilla had goofed and pointed the “latest firefox release” link at the 60 beta. Later in the day this goof was remedied and the link once again returned Firefox 59.

But my AutoPkg run had occurred while the Mozilla site was offering 60.0b3, and so it was downloaded and added to my Munki’s repo’s testing catalog. 25 Macs in my organization (including my own laptop) now had Firefox 60.0b3 installed.

(Side note: because of the way Munki does version comparisons, when the final release of Firefox 60 comes out, if it is versioned as “60.0”, Munki would not “upgrade” from 60.0b3 to 60.0 – “60.0b3” compares as higher than “60.0”.)

I wanted to configure Munki to downgrade any install of Firefox 60.0b3 to Firefox 59. Since by default Munki leaves higher versions alone, this is not exactly obvious how to do.

Continue reading “Using Munki to revert or downgrade software” →

MacAD.uk 2018 Conference Links

February 20, 2018February 21, 2018 GregN

Here are some links from my presentation at Mac Admins and Developers UK 2018, “Imaging is Dead: Now What?”

Der Flounder, “Imaging will be dead soonish”: https://derflounder.wordpress.com/2017/01/10/imaging-will-be-dead-soon-ish/

AutoDMG: https://github.com/MagerValp/AutoDMG

Imagr: https://github.com/grahamgilbert/imagr

DeployStudio: http://www.deploystudio.com

Apple, “Upgrade macOS on a Mac at your institution”: https://support.apple.com/en-us/HT208020

Apple, “APFS and Imaging”: https://help.apple.com/deployment/macos/#/apd545ec8b69

Restoring an iMac Pro with Configurator: https://help.apple.com/configurator/mac/2.6/index.html?localePath=en.lproj#/apdebea5be51

createbootvolfromautonbi.py: https://github.com/munki/macadmin-scripts/blob/master/createbootvolfromautonbi.py

Bootstrappr: https://github.com/munki/bootstrappr

Victor Vranchan, Munkiing around with DEP: https://groob.io/posts/dep-micromdm-munki/

Post-credits scene (installinstallmacos.py): https://github.com/munki/macadmin-scripts/blob/master/installinstallmacos.py

macOS installation-based workflows

November 20, 2017November 20, 2017 GregN1 Comment

Perhaps you are starting to worry about the future of “imaging” as a deployment/initial configuration method for Macs.

(I’ll define “imaging” as block-copying the contents of a disk image file to a disk volume, and resulting in a bootable, fully-functional machine.)

If you are concerned about the future of imaging, you might want to start investigating macOS installation-based workflows for deployment/initial configuration.

The basic idea is this: a workflow that either installs macOS, or starts with the factory os installation. It then installs additional packages that serve to enroll the Mac in whatever your ongoing management system is (Jamf Pro, Filewave, Munki, etc). It then becomes the management system’s job to finish the initial setup of the machine.

Here are a few things you might want to look at:

Continue reading “macOS installation-based workflows” →

Customized High Sierra Install issues and workarounds

November 17, 2017November 18, 2017 GregN2 Comments

The startosinstall tool in the High Sierra installer supports adding additional packages that will be installed after macOS is installed, via the --installpackage option:

bash-3.2$ /Applications/Install\ macOS\ High\ Sierra.app/Contents/Resources/startosinstall --usage
Usage: startosinstall

Arguments
--applicationpath, a path to copy of the OS installer application to start the install with.
--license, prints the user license agreement only.
--agreetolicense, agree to license the license you printed with --license.
--rebootdelay, how long to delay the reboot at the end of preparing. This delay is in seconds and has a maximum of 300 (5 minutes).
--pidtosignal, Specify a PID to which to send SIGUSR1 upon completion of the prepare phase. To bypass "rebootdelay" send SIGUSR1 back to startosinstall.
--converttoapfs, specify either YES or NO on if you wish to convert to APFS.
--installpackage, the path of a package to install after the OS installation is complete; this option can be specified multiple times.
--usage, prints this message.

Example: startosinstall --converttoapfs YES

A High Sierra NetInstall image built with System Image Utility has a similar option: you can add additional packages to the install:

SIU_extra_packages

Unfortunately, under both 10.13 and 10.13.1, both methods have a similar issue: if you try to install multiple packages, in some/many cases the installer will not properly cache all the intended packages and the install of macOS will fail with the message “The path /System/Installation/Packages/OSInstall.mpkg appears to be missing or damaged.” It tells you to restart and try again (which won’t work…).

Continue reading “Customized High Sierra Install issues and workarounds” →

MacTech Conference 2017 Links

November 15, 2017November 15, 2017 GregN

Here are some links from my presentation at MacTech Conference 2017, “Imaging is Dead: Now What?”

Der Flounder, “Imaging will be dead soonish”: https://derflounder.wordpress.com/2017/01/10/imaging-will-be-dead-soon-ish/

AutoDMG: https://github.com/MagerValp/AutoDMG

Imagr: https://github.com/grahamgilbert/imagr

DeployStudio: http://www.deploystudio.com

Apple, “Upgrade macOS on a Mac at your institution”: https://support.apple.com/en-us/HT208020

Apple, “APFS and Imaging”: https://help.apple.com/deployment/macos/#/apd545ec8b69

createbootvolfromautonbi.py: https://github.com/munki/macadmin-scripts/blob/master/createbootvolfromautonbi.py

Victor Vranchan, Munkiing around with DEP: https://groob.io/posts/dep-micromdm-munki/

Stupid Install macOS High Sierra Tricks

September 26, 2017September 27, 2017 GregN2 Comments

While working on solving the problem of not getting a “stub” Install macOS High Sierra application, I stumbled across another way to get a full installer.

I present this merely as an oddity and a point of interest. I make no claims as to whether or not you should use this information in any way for ill or for good.

If you run a local Apple software update server, you may have noticed a new product: product ID 091-34298 — “Install macOS High Sierra”. I use Reposado to run a local softwareupdate server:

# ./repoutil --info 091-34298
Product:       091-34298
Title:         Install macOS High Sierra
Version:       10.13
Size:          5.8 GB
Post Date:     2017-09-25 16:56:37
RestartNeeded: No
Status:        Downloaded
Location:      /disk1/swupd/html/content/downloads/04/61/091-34298
AppleCatalogs:
               https://swscan.apple.com/content/catalogs/others/index-10.11-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog
               https://swscan.apple.com/content/catalogs/others/index-10.12-10.11-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog
               https://swscan.apple.com/content/catalogs/others/index-10.13-10.12-10.11-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog
Branches:
               release
               testing
HTML Description:
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head><title></title></head>
<body></body>
</html>

We can use the location printed above to find the actual files on disk:

# ls /disk1/swupd/html/content/downloads/04/61/091-34298/almpfkbhyxnsgbxxqhoqo7sb40w3uip0wk/
091-34298.ar.dist        091-34298.ru.dist
091-34298.ca.dist        091-34298.sk.dist
091-34298.cs.dist        091-34298.Spanish.dist
091-34298.da.dist        091-34298.sv.dist
091-34298.Dutch.dist     091-34298.th.dist
091-34298.el.dist        091-34298.tr.dist
091-34298.English.dist   091-34298.uk.dist
091-34298.es_419.dist    091-34298.vi.dist
091-34298.fi.dist        091-34298.zh_CN.dist
091-34298.French.dist    091-34298.zh_TW.dist
091-34298.German.dist    AppleDiagnostics.chunklist
091-34298.he.dist        AppleDiagnostics.dmg
091-34298.hi.dist        BaseSystem.chunklist
091-34298.hr.dist        BaseSystem.dmg
091-34298.hu.dist        InstallAssistantAuto.pkg
091-34298.id.dist        InstallAssistantAuto.pkm
091-34298.Italian.dist   InstallAssistantAuto.smd
091-34298.Japanese.dist  InstallESDDmg.chunklist
091-34298.ko.dist        InstallESDDmg.pkg
091-34298.ms.dist        InstallESDDmg.pkm
091-34298.no.dist        InstallInfo.plist
091-34298.pl.dist        OSInstall.mpkg
091-34298.pt.dist        RecoveryHDMetaDmg.pkg
091-34298.pt_PT.dist     RecoveryHDMetaDmg.pkm
091-34298.ro.dist

The contents of a softwareupdate product directory are very much like an exploded/expanded distribution package. Not very well-known is that we can sometimes trick Apple’s installer to install these. If we can get this directory copied to (or mounted via afp, smb or nfs on) a Mac (my Reposado server is on a Linux box), we can do this:

sudo installer -pkg /path/to/091-34298.English.dist -target /

open /path/to/091-34298.English.dist -a Installer.app

If you do the latter, you’ll need to click through the Installer like you would with any other package.

The result? A functional “Install macOS High Sierra.app” in /Applications.

MacTech Conference 2016 Munki Workshop

November 9, 2016November 14, 2016 GregN

I’m hoping for great wifi, but if you are participating in the Munki workshop next week at MacTech Conference, you might want to download these things in advance:

Current release of the Munki tools: https://github.com/munki/munki/releases/download/v2.8.2/munkitools-2.8.2.2855.pkg

munki-pkg tools: https://github.com/munki/munki-pkg/archive/master.zip

Current release of MunkiAdmin:
https://github.com/hjuutilainen/munkiadmin/releases/download/v1.4.3/MunkiAdmin-1.4.3.dmg

Current Google Chrome installer: https://dl.google.com/chrome/mac/stable/GGRO/googlechrome.dmg

Current Audacity installer: https://www.fosshub.com/Audacity.html/audacity-macosx-ub-2.1.2.dmg