Blocking 10.10 download without Casper Managed Clients

Stubakka
Contributor II

Hey guys, We still have not fully deployed Casper in my organization, we are moving in that direction however I'm in a bind at the moment, most users here still rely on using Apple Final Cut server App which relies on using elements of Quicktime 7 and components that are no longer present in OS X 10.10, so pretty much most of our clients installing 10.10 when its released will be breaking a lot of the apps they use and have made limp along for years and it will create much bigger issues.

I tried sandboxing an OS X update server and pointing a OS X VM to it for software updates but it seems that software updates and actual installs from the App store are separate and I cannot use this redirected method to block the actual download of 10.10 when its released but rather just its updates, is this correct or am i missing something? Any suggestions are welcome.

4 REPLIES 4

mm2270
Legendary Contributor III

You might want to start by reading these 2 threads-
https://jamfnation.jamfsoftware.com/discussion.html?id=11274
https://jamfnation.jamfsoftware.com/discussion.html?id=10791

I found these by just doing a search here using "Block Yosemite" by the way.

ctangora
Contributor III

The beta is easy to block, that is just a software update catalog.

OP is asking about 10.10 official, which will most likely be released like 10.9 was. Also it was not for managed macs.

Short answer, manage the computer or create a launch daemon to watch for that process and to kill it.

Stubakka
Contributor II

CTangora, the startup process idea may work in this case as a temp fix, thanks !

imperatives
New Contributor III

@ctangora I haven't come across any examples of a launch daemon that watches for a process, only watchpaths. Did you mean that the Launch Daemon could run a script like...
if pgrep -f Install OS X Yosemite; then
echo "Yosemite Installer is running...."
kill $(pgrep Install OS X Yosemite)
If there is a way directly from the Launch Daemon that would be good to know.

I put the craziness below together to check for the creation of /Applications/OS X Yosemite.appdownload and prompt the user to dissuade them from going forward with the installation; a soft please don't do it. It seems to work fine when I run the "yosemitenotify.sh" manually, but for some reason when clicking on the cocoadialog "OK" button when it is started from the LaunchDaemon process doesn't seem to kick off the cleanup.

#!/bin/bash
##############
# yosemitewatch.sh
# This script will give a prompt to those attempting to install Apple OS X 10.10 Yosemite.
# This is a self-removing script.
##############
LOGFILE="/var/log/yosemitewatch.log"
echo "Starting installation `date`" >> "$LOGFILE"

# Create LaunchDaemon to check for Apple OS X 10.10 download directory and if it exists run notification script.
#####
/bin/echo "<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC -//Apple//DTD PLIST 1.0//EN http://www.apple.com/DTDs/PropertyList-1.0.dtd>
<plist version=1.0>
<dict> <key>KeepAlive</key> <false/> <key>Label</key> <string>com.test.yosemitewatch</string> <key>ProgramArguments</key> <array> <string>/Library/Scripts/yosemitecondition.sh</string> </array> <key>StartInterval</key> <integer>30</integer>
</dict>
</plist>" > /Library/LaunchDaemons/com.test.yosemitewatch.plist
#####

# Create Yosemite Condition Script
#####
/bin/echo '#!/bin/bash
# Check for existence of /Applications/OS X Yosemite.appdownload Directory
if test -d "/Applications/OS X Yosemite.appdownload"; then /bin/echo "The File Exists" /
/bin/sh /Library/Scripts/yosemitenotify.sh
else
/bin/echo "Not Found"
fi' > /Library/Scripts/yosemitecondition.sh
#####

# Create Yosemite Watch Notify Script
#####
/bin/echo '#!/bin/bash
# Notify user that upgrading to 10.10 may fail and leave the machine un-bootable.
CD="/Applications/CocoaDialog.app/Contents/MacOS/CocoaDialog"
rv=`$CD ok-msgbox
--icon "hazard"
--text "Apple OS X 10.10 Yosemite Warning"
--informative-text "Please be aware that installing Apple OS X 10.10 Yosemite is not recommended."
--no-newline --float`
if [ "$rv" == "1" ]; then
/bin/echo "User said OK"
launchctl unload Library/LaunchDaemons/com.test.yosemitewatch.plist
/bin/rm -f /Library/Scripts/yosemitecondition.sh
/bin/rm -f /Library/Scripts/yosemitenotify.sh
/bin/rm -f /Library/LaunchDaemons/com.test.yosemitewatch.plist
elif [ "$rv" == "2" ]; then
/bin/echo "Canceling"
exit 0
fi
srm "$0"' > /Library/Scripts/yosemitenotify.sh
#####

# Set the permission on the LaunchDaemon and scripts
chown root:wheel /Library/LaunchDaemons/com.test.yosemitewatch.plist
chmod 644 /Library/LaunchDaemons/com.test.yosemitewatch.plist
chown root:wheel /Library/Scripts/yosemitecondition.sh
chmod 755 /Library/Scripts/yosemitecondition.sh
chown root:wheel /Library/Scripts/yosemitenotify.sh
chmod 755 /Library/Scripts/yosemitenotify.sh

# Load the LaunchDaemon
launchctl load -w /Library/LaunchDaemons/com.test.yosemitewatch.plist

exit 0