Deploy Rosetta on M1 machines before everything else

mwu1876
Contributor

We have several M1 chip MacBooks that we want to deploy. How can we push and ensure the Rosetta policy to install (softwareupdate --install-rosetta) gets installed before all the other policies (i.e. Office, TeamViewer, etc.) ? If not, the other installs will fail. I can create a separate policy for each application that has a different scope but that becomes a pain.

1 ACCEPTED SOLUTION

mwu1876
Contributor

So, I got this working. What I did was create a Smart Group for M1 machines. Then, then only policy that I had that kicked off as Enrollment complete is one that installs Rosetta. If it's not an M1 then it kicks off the rest of the policies. Once Rosetta is install I have an event trigger that fires off the rest of the policies. So far it's worked. This allows me more flexibility to quickly change around policies.

View solution in original post

135 REPLIES 135

david_yenzer
Contributor II

So far so good with the package/script combo here. Thanks!

Chris_Hafner
Valued Contributor II

Funny, I thought that I had commented here already. Must have been another thread. As an FYI, the Launch Daemon (/Library/Apple/System/Library/LaunchDaemons/com.apple.oahd.plist) that a number of admins have been using to check against, is now installed on the OS out of the box. Just a heads up. 

jmancuso
New Contributor III

Step 1 

In Sum, use the "*". Build your workflows to stagger using triggers. 

The M1 Policy is a Run Unix Command '

/usr/sbin/softwareupdate --install-rosetta --agree-to-license'

Your # 1 Policy is 

Once per computerEnrollmentAll computers, All users, Kiosk - Zoom Room excludedNone
 
 

 

Run Unix command '/usr/sbin/softwareupdate --install-rosetta --agree-to-license; /usr/local/bin/jamf policy -event baseapps'
 Once per computerbaseappsAll computers, All users, Kiosk - Zoom Room excludedNone
 
 

 

Install 1Password-7.8.6.pkg
 

 

Install Google Chrome 88.0.4324.150.pkg
 

 

Install Google Drive File Stream.pkg
 

 

Install Slack 4.17.0.pkg
 

 

Install ZoomInstallerIT.pkg
 

 

Run Unix command 'jamf recon; jamf policy'

jmancuso
New Contributor III

Look at my -event baseapps and then my trigger on the apps is baseapps. 

howie_isaacks
Valued Contributor II

I created a policy that runs this script and then I put it into my policy array. It works every time.

#!/bin/sh

#Checks if a Mac is Apple Silicon or Intel. Installs Rosetta if the Mac is Apple Silicon.

arch=$(/usr/bin/arch)
if [ "$arch" == "arm64" ]; then
    echo "Apple Silicon - Installing Rosetta"
    /usr/sbin/softwareupdate --install-rosetta --agree-to-license
elif [ "$arch" == "i386" ]; then
    echo "Intel - Skipping Rosetta"
else
    echo "Unknown Architecture"
fi

BCPeteo
Contributor II

Any one have an issue with running a script to enable Rosetta 2 on Monterey?  

/usr/sbin/softwareupdate --install-rosetta --agree-to-license

I see the script failing on macbook pro 2021 with 12.01 installed. Works fine in big sur

 

smitty1923
New Contributor II

I got it to work just today with this command: 

sudo /usr/sbin/softwareupdate --install-rosetta --agree-to-license

14" MBP, M1 Pro, OS 12.1

I just did the Files and Processes payload in a policy, add that command to the payload, then ran sudo jamf policy -id etc and it worked for me. 

 

Credit to @Mac for the command towards the top of this post

kirbybj
New Contributor III

We are able to install Rosetta 2 from a shell script. I set my proxy in the script first then the install of Rosetta 2 on a Monterey 12.0.1 MacBook Air. I haven't tried it on a Pro yet.

bcbackes
Contributor III

I ran into this issue not being able to install Rosetta 2 on Monterey. I have a new Mac and when I tried to run the "/usr/sbin/softwareupdate --install-rosetta --agree-to-license" command in terminal I get an prompt saying it's not available. Not sure what is going on. I reached out on the MacAdmin Slack channel and Oweban gave me a link that allowed me to download a Rosetta pkg: https://swcdn.apple.com/content/downloads/22/22/002-23588-A_TE78EA61ZT/20rnkfl4l6yqqeny3i7xz3mkvdo4s...
I've tied the package to my Prestage and will test it to see if it installs Rosetta 2 before the other software.

Thanks. When I look at installations in system information it showed it as being already installed.  Which is odd. My script to install Rosetta 2 checks for  /Library/Apple/System/Library/LaunchDaemons/com.apple.oahd.plist which is not longer there. (Seems 11.5 took this out?) So now i'm checking for /Library/Apple/System/Library/Receipts/com.apple.pkg.RosettaUpdateAuto.bom

 

@BCPeteo 

There were some reports in these forums previously that suggested that Apple macOS Big Sur updates e.g. 11.1 to 11.3 might remove/disable Rosetta2 such that after a macOS update you needed to reinstall Rosetta2.

It is due to this concern that I had decided that critical components like Anti-Virus software which still currently only work via Rosetta are not suitable for enterprise use. As a result we are dumping Sophos.

From your post and others it is not clear if Rosetta2 has become non-functional or whether it is merely that the LaunchDaemon has changed name or removed. Have you tried executing an Intel app to see if Rosetta2 is still functioning despite the missing LaunchDaemon?

If Rosetta2 is non-functional due to the lack of this LaunchDaemon then your script check still needs to look for the LaunchDaemon.

The original theory had been that a macOS upgrade removed Rosetta2 because a new matching update of Rosetta2 would need to be installed. It could however be Apple just deliberately making things difficult  - perhaps to encourage the move to native software. 

It maybe that merely replacing the LaunchDaemon and re-loading it might be sufficient. Comparing the LaunchDaemon after reinstalling Rosetta2 would be useful.

(I am still waiting for my MacBook Pro 14" to arrive so I can test this.)

Some installer packages when re-run will see the previous installations receipt and refuse to install because they presume it is already installed. Removing the previous receipt and then running the installer should then work. This could be added to your script.

bcbackes
Contributor III

@jelockwood and @BCPeteo I've come across this script that might have some additional ideas on things to check when looking to see if Rosetta is installed. I have not tested or done anything with this myself.
https://support.kandji.io/rosetta 

Thanks for the link. Looking at that script I see this:

# Rosetta Folder location
# Condition to check to see if the Rosetta folder exists. This check was added because the
# Rosetta2 service is already running in macOS versions 11.5 and greater without Rosseta2 actually
# being instaslled.
RosettaFolder="/Library/Apple/usr/share/rosetta"

So the service is already running even though its not installed!

 

wifichallenges
Contributor

Hey i saw a reply from someone that was very helpful wrt smart groups and i refreshed the page and now its gone, so i will reproduce  what he said in image form. the below works for setting the smart group. Spent way too much time trying to figure out why office wouldnt install today without remembering about stupid rosetta (which i could clearly see was the problem from jamf.log)... I only set up one mac every few months so now this should be fixed going forward with the smart group. Thanks guys.

 

2021-12-15 10_10_03-Clipboard.png

 

 

 

cbd4s
Contributor II

@dmiguel , or Processor Type like Apple

dgeiler
Contributor