Skip to main content

macOS Sierra Available as an Automatic Download Starting Today

Oh boy. Just what we needed.

Starting today, Apple is making the new macOS Sierra operating system available as an automatic download to customers running OS X El Capitan in order to encourage them to update. Customers who have auto downloads enabled will see macOS Sierra start to download automatically, but it will not install without express user permission.

Better make sure Automatic updates are disabled on your managed systems or your bandwidth will suffer.

The "macOS Installer Notification" update showed up on my SUS this morning. It must've downloaded it last night. But there's no "Install macOS Sierra" update showing.

We have the "Download newly available updates in the background" option checked ON in our client machines so they can get regular updates, but I set up two Restricted Software rules in JSS to block Sierra. I'm hoping that'll be enough to keep it from showing up in my users' screens.

@milesleacy >Can someone who knows that they have a Mac that has received the automatic download (and has not yet installed the update) report on the contents of that Mac's /Library/Updates/ directory?

I don't see anything Sierra related in that directory, just the Sierra installer in /Applications.

Good info, I will keep watching this thread

The following seemed like it would work, but didn't.

I tried replacing line 6 with a symlink instead of a hard link, as well as using cp. The policy that includes "Install Cached Install macOS Sierra.InstallESD.dmg" failed in all of these cases. Anyone have any ideas why?

Does "caching a package" do anything other than put the package in Waiting Room and create an XML file?

#!/bin/bash

# Step 1
# copy installesd to /Library/Application Support/JAMF/Waiting Room/Install macOS Sierra.InstallESD.dmg

ln -F /Applications/Install macOS Sierra.app/Contents/SharedSupport/InstallESD.dmg /Library/Application Support/JAMF/Waiting Room/Install macOS Sierra.InstallESD.dmg

# Step 2
# Create and populate /Library/Application Support/JAMF/Waiting Room/Install macOS Sierra.InstallESD.dmg.cache.xml

## Get package ID from JSS
packageID=$(/usr/bin/curl --silent --show-error --connect-timeout 30 --request GET --user apiUser:apiPassword https://my.jss.ext:8443/JSSResource/packages/name/Install%20macOS%20Sierra.InstallESD.dmg | xpath //id[1] | awk -F'>|<' '/id/{print $3}')

## Write XML file
echo "<?xml version="1.0" encoding="UTF-8"?>" > /Library/Application Support/JAMF/Waiting Room/Install macOS Sierra.InstallESD.dmg.cache.xml
echo "<cachedPackage>" >> /Library/Application Support/JAMF/Waiting Room/Install macOS Sierra.InstallESD.dmg.cache.xml
echo "   <id>"$packageID"</id>" >> /Library/Application Support/JAMF/Waiting Room/Install macOS Sierra.InstallESD.dmg.cache.xml
echo "   <fut>false</fut>" >> /Library/Application Support/JAMF/Waiting Room/Install macOS Sierra.InstallESD.dmg.cache.xml
echo "   <feu>false</feu>" >> /Library/Application Support/JAMF/Waiting Room/Install macOS Sierra.InstallESD.dmg.cache.xml
echo "   <type>package</type>" >> /Library/Application Support/JAMF/Waiting Room/Install macOS Sierra.InstallESD.dmg.cache.xml
echo "   <suppressFromDock>false</suppressFromDock>" >> /Library/Application Support/JAMF/Waiting Room/Install macOS Sierra.InstallESD.dmg.cache.xml
echo "   <ignoreConflicts>false</ignoreConflicts>" >> /Library/Application Support/JAMF/Waiting Room/Install macOS Sierra.InstallESD.dmg.cache.xml
echo "   <isOSInstall>true</isOSInstall>" >> /Library/Application Support/JAMF/Waiting Room/Install macOS Sierra.InstallESD.dmg.cache.xml
echo "</cachedPackage>" >> /Library/Application Support/JAMF/Waiting Room/Install macOS Sierra.InstallESD.dmg.cache.xml

exit 0

Contents of Waiting Room After Using the Above Script

bash-3.2# ls -l /Library/Application Support/JAMF/Waiting Room/
total 9308072
-rw-r--r--  1 root  wheel  4765726488 Oct  4 16:04 Install macOS Sierra.InstallESD.dmg
-rw-r--r--  1 root  wheel         273 Oct  4 16:10 Install macOS Sierra.InstallESD.dmg.cache.xml

Contents of Waiting Room After Running a Policy that Caches Install macOS Sierra.InstallESD.dmg

bash-3.2# ls -l /Library/Application Support/JAMF/Waiting Room/
total 9308072
-rw-r--r--  1 root  wheel  4765726488 Oct  4 16:18 Install macOS Sierra.InstallESD.dmg
-rw-r--r--  1 root  wheel         277 Oct  4 16:18 Install macOS Sierra.InstallESD.dmg.cache.xml

/var/log/jamf.log related to the above:

Tue Oct 04 16:26:44 computerName jamf[processID]: Checking for policy ID xxxx...
Tue Oct 04 16:26:44 computerName jamf[processID]: Executing Policy Upgrade to macOS Sierra v10.12
Tue Oct 04 16:26:44 computerName jamf[processID]: Verifying package integrity...
Tue Oct 04 16:27:08 computerName jamf[processID]: Installation failed. The package could not be verified.
Tue Oct 04 16:27:09 computerName jamf[processID]: Blessing in-place OS upgrade directory...
Tue Oct 04 16:27:09 computerName jamf[processID]: /OS X Install Data is not a directory

It seems that the package was not verified and the directory "/OS X Install Data" was not created (I've verified the latter in the file system).

I hadn't noticed it while testing, but now looking at the post, I see a slight size difference in my XML file vs the one created by Casper.

Any idea what's missing?

Thanks for the headsup!

I've disabled automatic downloads temporary using @pcrandom's method.

@milesleacy What JSS version?

Apple changed things with 10.12 so the location to bless is not "OSX install data" but "macOS Install Data" (well similar to those).

I know this was noted in COSXIP

Here's the issue that was opened on GitHub for createOSXInstallPkg (COSXIP):

https://github.com/munki/createOSXinstallPkg/issues/18

@iJake Doing the profile intrigues me but I've never created a profile with custom settings. Where would I start? Can I just paste this into a text file to upload? Does the file need to be named something specific if that's the case?

@jhuls You need to create a .plist file in the proper XML. One of the easiest ways and what I did in this case is set Software Update how I want it, open my local plist and save it somewhere else retaining only the keys I want to manage as shown in my post above. You'll want the name of the plist to be the same as the original so when you upload the file to Casper it can read the domain name which is how when the Mac gets the profile it knows where to apply those keys.

@iJake Thanks...knowing this will be very useful.

@bentoms JSS v9.96

Thanks for the link @rtrouton

To clarify, as I don't think I had said so in as many words... I'm trying to leverage the auto-downloaded Sierra installer in an "Upgrade to macOS Sierra v10.12" Self Service policy in order to save time and bandwidth over caching the InstallESD from the JSS.

@milesleacy I've never done this before, so forgive me if this is a dumb question, but would you have to still add a copy of the InstallESD to the JSS with Casper Admin so that there's a valid matching package for the policy to install the "cached" package that is actually copied from the auto-downloaded Sierra installer? Is it possible that the InstallESD pulled from the installer and the InstallESD in the JSS doesn't quite match and that's why it failed verification?

If you actually cache a copy of the InstallESD from the JSS does it install successfully?

@pcrandom

Thanks for having a look!

  • yes, you would need to have a copy of the InstallESD in the JSS. This is where I'm sourcing the package ID from in the portion of the script that builds the XML file.
  • yes, it is possible that there is a difference in the packages however, I believe that to be unlikely as the byte size is identical.
  • yes, I am able to cache the InstallESD from the JSS and upgrade successfully

I've re-verified that the Self Service upgrade policy functions properly if the Mac caches the installer via policy.

What I'm banging my head against are two things...
1. Why am I seeing the error "Installation failed. The package could not be verified."
2. Why is my script-generated XML file four bytes smaller than the Casper-generated one?

General note for those who haven't seen it yet...

The attached image is the notification center message users will see after the "Install macOS Sierra" application has automatically downloaded.

@milesleacy is it possible that the checksum on the InstallESD package in your JSS doesn't match the checksum of the package that was automatically downloaded from the App Store?

@mpermann has the right idea about checksums potentially not matching, even if size matches, I didn't articulate it explicitly. Probably a longshot, but you never know.

Also, @milesleacy, does it work if you used the InstallESD "generated" from your script (a.k.a. copied from the install .app) but instead of using your script to generate the XML too, use a copy of the Casper-generated XML instead? Also, you can diff the two XML files to see what the difference is. Maybe it's just errant line breaks or spaces?

@milesleacy, thanks for sharing what the upgrade notification looks like. I've added the graphic you've shared to my post on managing the automatic download of the Sierra installer, available via the link below:

https://derflounder.wordpress.com/2016/10/03/managing-the-automatic-download-of-the-macos-sierra-installer-to-compatible-macs/

@pcrandom I solved the XML file problem. The echo in line 15 needed single quotes to pass the double quote characters within. After that change, the XML files were identical.

I still get the same errors on the policy execution, even if I disable package validation on computerSecurity.html.

Have you considered just using the command line install tool included in the Sierra installer? I believe they've made some additions/updates to it, but this might get you started: https://macops.ca/new-adventures-in-automating-os-x-installs-with-startosinstall

Has anyone found a way to remove the "macOS Installer Notification" update? Or at least disable it from popping up?

Terms & ConditionsCookie settingsAccessibility statement