macOS 10.12.4 Installer

[mpermann]

The new macOS 10.12.4 installer doesn't seem to work with this workflow. I'm not sure, but I think something has changed with the startosinstall binary. I'm not having any luck anyway getting it to work. If I figure anything out I'll post back.

[chasetb]

It appears that there is a new argument in the help documentation called agreetolicense. I wonder if this replaces nointeraction.

[kc9wwh]

Interesting...I know the nointeractionflag has been hidden from the documentation, I hope they didn't remove it...let me know. I won't be able to test this until next week.

[chasetb]

nointeraction is still listed in the strings output so I guess it's still an option. I haven't had time to fully test it yet.

[mpermann]

If I remove --volume / from /Users/Shared/Install\ macOS\ Sierra.app/Contents/Resources/startosinstall --volume / --applicationpath /Users/Shared/Install\ macOS\ Sierra.app --nointeraction --pidtosignal $jamfHelperPID & the workflow begins working again. The only issue I've noticed is if the volume is encrypted with FileVault 2 it will stop at the FileVault screen until you enter in the password. With 10.12.3 this didn't happen. It would do an authenticated restart properly without any intervention needed from the end user. This is not desirable behavior.

[chasetb]

I'm seeing the same as you, @mpermann. Using the volume argument just causes the help documentation to be printed. Removing it allows the command to run as expected. The argument agreetolicense appears to not affect nointeraction one way or the other as well.

[rqomsiya]

This worked for me:

##Begin Upgrade /bin/echo "Launching startosinstall..." /Users/Shared/Install\ macOS\ Sierra.app/Contents/Resources/startosinstall --applicationpath /Users/Shared/Install\ macOS\ Sierra.app --nointeraction --pidtosignal $jamfHelperPID & /bin/sleep 3 else

[bdelamarche]

Hi,

It's working with the scripts thanks to Laurent Pertois for sharing an thanks to Joshua Roskos for this. We just adapt a little bit the script for 10.12.4 because some option are no more present in the .app installer

Line 79 to 86

Check if installer is present

if [ -d /Users/Shared/Install\ macOS\ Sierra.app ]; then installerPresent="OK" /bin/echo "Installer present: OK - the installer is in /Users/Shared" else installerPresent="ERROR" /bin/echo "Installer present: ERROR - the installer is not in /Users/Shared" fi

Line 118 /bin/mkdir -p /usr/local/jamfps

Line 164 if [[ ${pwrStatus} == "OK" ]] && [[ ${spaceStatus} == "OK" ]] && [[ ${installerPresent} == "OK" ]]; then

Line 179 /Users/Shared/Install\ macOS\ Sierra.app/Contents/Resources/startosinstall --applicationpath /Users/Shared/Install\ macOS\ Sierra.app --agreetolicense --pidtosignal $jamfHelperPID &

On our side all is working with this workflow

[bdelamarche]

[ALL]_installer_macos_sierra_10.12.4.sh.zip

[cpwasthere]

I can confirm that rqomsiya's change enables it to install and restart successfully with 10.12.4 but FV authenticated restart is not working and the password has to be entered upon reboot. With 10.12.3, FV authenticated restart worked without issue.

[kc9wwh]

Thanks for the information @mpermann, @chasetb, @rqomsiya , @bdelamarche and @cpwasthere.

I have time set aside to work on this next week. I'm not sure at this time if these changes to the 10.12.4 installer are intentional or not, but we'll do our best to find a solution/workaround in the meantime to this situation. I have a couple ideas to try, just need time in the office to test them out.

[rqomsiya]

@cpwasthere I haven't seen that issue on my machines.

[kc9wwh]

@rqomsiya Are your systems FV encrypted? And you are saying that when they reboot to the installer volume this is happening automatically without having to enter FV credentials?

[rqomsiya]

They are FV2 encrypted. Upgrading from 10.11.5. I'm verifying with users if they had to enter creds

[ArcOne]

using @bdelamarche modified script everything is working for me except the authenticated restart. going form 10.11.6 to 10.12.4

[cpwasthere]

@rqomsiya Yes we are FV2 encrypted as well. Going from 10.11.6 to 10.12.3 worked fine, authenticated restart and all. Doing the same to 10.12.4, no authenticated restart and user has to put their password in to complete the upgrade process.

[rqomsiya]

I have verified with my users that they are NOT getting promoted to authenticate FV after a restart to complete the installation. I wonder what my deltas are? Or your deltas?

[kc9wwh]

@rqomsiya Can you provide details of how your doing this workflow? I've ran through several tests today and have not been able to get the FileVault authenticated reboot to work except when the Install macOS Sierra.app is run via the GUI.

I'm in a process of opening a ticket with Apple, but very curious as to what you are seeing and how you are accomplishing this.

[mpermann]

@kc9wwh I'm seeing the same as you in my testing. No FileVault authenticated restart using the workflow you've developed. If I run the installer from the App store without any automation I do get a FileVault authenticated restart. Either Apple accidentally broke something or they did it on purpose. The latter wouldn't surprise me sadly. I'd be happy to dupe your radar report if you open one. I'm planning to use this workflow to deploy macOS Sierra to around 800 computers soon.

[rqomsiya]

hi @kc9wwh. I'm just calling the installer normally. Here is the script that is calling the updater.

Note: I'm upgrading machines that are currently running 10.11.6. I am also running this via self-service:

##Begin Upgrade
/bin/echo "Launching startosinstall..."
/Users/Shared/Install\ macOS\ Sierra.app/Contents/Resources/startosinstall --applicationpath /Users/Shared/Install\ macOS\ Sierra.app --nointeraction --pidtosignal $jamfHelperPID &
/bin/sleep 3

[cpwasthere]

@rqomsiya Are you only using that line in your workflow or are you still using the entire script?

[rqomsiya]

@cpwasthere Im using the entire script.

[rqomsiya]

@kc9wwh @cpwasthere Do you have any other apps installing at first boot?

[cpwasthere]

@rqomsiya Nope, this just doing an upgrade from El Cap in self service. Nothing else getting installed.

[TheDecline13]

I am seeing the same issue with FV authentication. It prompts after the reboot, once PW is entered it continues with the upgrading. BTW thats for the work, its very appreciated.

[kc9wwh]

Sorry for the delay folks...I filed this bug report yesterday. Waiting to hear back yet, but as for right now it looks like they've removed that functionality (intentionally or not).

rdar://31410389

[kc9wwh]

Opened new Issue #13 for FileVault Support.

Script has been updated for macOS Sierra Installer v12.4.06 in v1.7.

Thank you @mpermann, @chasetb, @rqomsiya, @bdelamarche, @cpwasthere and @TheDecline13

[TheDecline13]

Awesome! I am going to test this right now and report back