Jamf Nation Community

mwu1876 · ‎11-18-2020

We have several M1 chip MacBooks that we want to deploy. How can we push and ensure the Rosetta policy to install (softwareupdate --install-rosetta) gets installed before all the other policies (i.e. Office, TeamViewer, etc.) ? If not, the other installs will fail. I can create a separate policy for each application that has a different scope but that becomes a pain.

mwu1876 · ‎11-25-2020

So, I got this working. What I did was create a Smart Group for M1 machines. Then, then only policy that I had that kicked off as Enrollment complete is one that installs Rosetta. If it's not an M1 then it kicks off the rest of the policies. Once Rosetta is install I have an event trigger that fires off the rest of the policies. So far it's worked. This allows me more flexibility to quickly change around policies.

View solution in original post

jcarr · ‎11-18-2020

Could you just add the 'Files and Processes' payload to those policies and run the following command?

/usr/sbin/softwareupdate --install-rosetta --agree-to-license

Or just add a new policy to run this command on all M1 devices. I don't have an M1 device to test, but if it has already been installed, it should just error out and move on.

mwu1876 · ‎11-18-2020

We'll, I did that but the issue is priority. I have several policies that install other apps. I need this one to kick off first before anything else.

cbrewer · ‎11-18-2020

It's not elegant but name your policy starting with an asterisk (*). It should run before policies that are named starting with A-Z or 0-9.

johntgeck · ‎07-21-2021

Have you tested this and does it actually work? I would *love* to not have to reconfigure all of our myriad policies to accommodate for this issue.

mitof · ‎01-31-2022

It should do. Check out the 'Execution Order of Policies' section here:
https://docs.jamf.com/10.29.0/jamf-pro/administrator-guide/About_Policies.html

Tribruin · ‎11-18-2020

Do you do automated enrollment? Create a payload free package with a post install script that installs Rosetta2 and have it installed during enrollment. (I haven't actually tried this as I don't have a AS machine, but it was an idea I had.)

mwu1876 · ‎11-18-2020

@cbrewer Thanks. yeah, that's sort of what I started doing but it was a real pain. @RBlount All the M1 versions are automated. I'll try out what you suggested. Thanks!

Tribruin · ‎11-18-2020

@mwu1876 Let me know if my idea worked or not. Like I said, I don't think I will be getting an M1 units for testing anytime soon.

rdodd · ‎11-18-2020

We created a post enrollment script that uses triggers to run various policies. This allows us to determine the order of install.

cwaldrip · ‎11-18-2020

So, Rosetta 2 isn't already included with Big Sur on M1 at installation?!? That seems like a big oversight by Apple. Does it install automatically at first launch of a non-M1 native app? What good is that if the computer isn't on-line (that happens a lot outside of Cupertino, btw)? I don't have an M1 yet to test with... :(

jallen241 · ‎11-18-2020

Subscribing it see how people have done this with M1,

mwu1876 · ‎11-19-2020

I have several M1 Airs and Pros I will test with next week. I plan on making a post-install script. That way when it starts up it's ready to receive policies that require Rosetta. Let's hope it works.

ThijsX · ‎11-19-2020

For prestage enrollments you can create a prestage package which runs a simple script with something like below for instance

#!/bin/bash
arch=$(/usr/bin/arch)
if [ "$arch" == "arm64" ]; then
    echo "Apple Silicon - Installing Rosetta"
    /usr/sbin/softwareupdate --install-rosetta --agree-to-license
elif [ "$arch" == "i386" ]; then
    echo "Intel - Skipping Rosetta"
else
    echo "Unknown Architecture"
fi

matt_wiese · ‎12-20-2021

this approach appears to make the most sense imho. Can you please elaborate for me how you would go about creating a preStage pkg? Are you referring to creating a package that is just a script and running it during enrollment?

MacGeek · ‎12-20-2021

I'm using a Policy to apply the following in Files and Process: sudo
/usr/sbin/softwareupdate --install-rosetta --agree-to-license

I get the policy to run before all others naming it like this: 00 Install
Rosetta

Jeff Madson
IT Engineer 3
jeffrey.madson@lsccom.com
😧 920.915.8619
[image: lsccom.com]
LSC Communications
655 Brighton Beach Rd.
Menasha, WI 54952
United States
lsccom.com

JM · ‎03-11-2022

Hi Jeff,

After our devices are enrolled, I manually, (meaning its not part of the enrollment) run a policy called "Admin Base Apps Installs" that includes Adobe, Office, Zoom, Teams etc. and finally configures the firmware settings

In that same policy, I want to install Rosetta first, and put it at the top of the list, as install applications fail without Rosetta.

Question. In that same "Base Apps install" policy, will the Files and Process run first?

Or do I create a separate policiy and some how link the two?

fyi I haven't removed the Run script yet shown in the pic so you can disregard it as it fails to run first.

I'm 3 months into the apple world and running into some roadblocks.

Appreciate the help

JM · ‎03-11-2022

sdagley · ‎03-11-2022

@JM Put the commands to install Rosetta if needed into a script, and then have that script as a payload in your policy set to Run Before

pbowden · ‎11-19-2020

While I haven’t confirmed this directly with Apple I did notice that I needed to install Rosetta again after performing an OS update. In my example, my M1 came pre-installer with Big Sur 11.0 (20A2411) and I went ahead and installed Rosetta when I launched a PKG installer.

However, I then went through software update to bring it up to 11.0.1 (20B39) and when I next ran a PKG installer. I was again asked to install Rosetta.

This somewhat makes sense as the Rosetta install is just a 452KB package that installs the oahd helpers, so it’s logical that those would get updated with a new release of the OS. And because it’s not a core part of the OS, you have to perform the update separately.

mwu1876 · ‎11-20-2020

@pbowden Thanks, I'll be on the lookout for that when I start testing again Monday.

Wakko · ‎11-20-2020

I can confirm that Rosetta is not installed. Additionally when I tried to update and apply the 2.* GiG update it failed. Had to nuke and pave with a fresh install. @txhaflaire I'm about to test out your script on my PreStage and report back. Smoke 'em if you got 'em Mi Gente.

@txhaflaire Chefkiss it worked. People just create the script and make sure you set it up as before. So it pulls the update/installer from Apple before it start to install anything.

jallen241 · ‎11-20-2020

@Echevarria do you mind sharing your script/screen, I just tried to install and it didnt work

fgonzale · ‎11-21-2020

If rosetta is already installed but you run the "softwareupdate --install-rosetta --agree-to-license" command again will it try to download again and reinstall or will it gracefully exit with an "already installed" message?

Trying to see how to script the logic for this if I want to run it as a pre-script in my policies.

avail · ‎11-24-2020

We're going with the script done by Rich Trouton - https://derflounder.wordpress.com/2020/11/17/installing-rosetta-2-on-apple-silicon-macs/

yungstump · ‎11-24-2020

Deploying Rosetta with Rich Trouton's script and got a successfully installed message. Packages installed after it still thinks Rosetta is not installed. Anyone running into this?

PE2000 · ‎04-06-2022

Had same experience... any ideas?

mwu1876 · ‎11-25-2020

So, I got this working. What I did was create a Smart Group for M1 machines. Then, then only policy that I had that kicked off as Enrollment complete is one that installs Rosetta. If it's not an M1 then it kicks off the rest of the policies. Once Rosetta is install I have an event trigger that fires off the rest of the policies. So far it's worked. This allows me more flexibility to quickly change around policies.

kirbybj · ‎11-11-2021

I have a Rosetta policy kicking off the install once Jamf Enrollment is complete. But it seems other polices try to kick off before Rosetta has downloaded and installed. Then they fail because Rosetta isn't completed yet. Is there a way to not let the next policy start until Rosetta is completely installed?

I saw you have an event trigger. Can you share what that may look like?

fgonzale · ‎11-11-2021

Name the policy so that it's alphabetically first. Generally you can add "001" or something similar to the beginning of the policy name. This will have it run before other policies.

kirbybj · ‎11-15-2021

Thank you that worked.

Googalash · ‎02-04-2022

What settings did you use on your smart group to determine if a system is a M1?

Jason33 · ‎02-05-2022

For my Smart Group I used this criteria:

Processor Type like Apple

Architecture Type is arm64

rcole · ‎03-11-2022

Nice. Similiar workflow. So, you used the Install command as the first policy, then set triggers on the remaining policies? How specifically did you fire off the event trigger for the remaining policies outside of changing the naming conventions to 00, 01, etc....?

MacGeek · ‎03-14-2022

rcole,

I only have a few policies with 00 at the beginning of the name and a few with Z. As long as Rosetta 2 is installed before any of your applications you should be good to go and so far it has been working good for me.

bcbackes · ‎03-14-2022

@rcole I'm using a custom trigger to call policies in a certain order regardless of the names of those policies. No need to name them 00, 01, etc. I'm using this script for my prestage enrollment process. At line 150 of the script that is where you will see the array where you can call out certain policies using a custom trigger.

Basically, I have a policy setup to run at enrollment complete. It installs Rosetta first (you can do that with a script set to run "before"). Then, it installs DEP Notify. After that I have the DEPNotify script that is set to run "after". That kicks off and installs all my core apps in the order I want.

rcole · ‎03-14-2022

Thanks for this info. Works like a charm!

johntgeck · ‎03-17-2022

Love this idea. Commenting so I can find it again later when I have time to test and implement. Thanks!

pbowden · ‎11-25-2020

@yungstump did you update the version of macOS after using Rich’s script? In my experience, Rosetta needs to be re-installed (I.e. updated) after an OS update.

jnm1 · ‎11-30-2020

I got the script to work with a policy scoped to a new smart group of the macs that have been prestaged with my new silicon prestage. I named the policy A01 in hopes that it installs first. According to the history on the one computer I tested it on it seems to have installed first successfully. The intel apps open on the computer fine.

Jamf Nation Community

Deploy Rosetta on M1 machines before everything else