Install Rosetta PreStage not working?

bootrec
Contributor

In PreStage Enrollments, I configured an enrollment package to install Rosetta with the script someone shared on this forum. The script is packaged with Composer:

#!/bin/bash arch=$(/usr/bin/arch) if [ "$arch" == "arm64" ]; then echo "Apple Silicon - Installing Rosetta" /usr/sbin/softwareupdate --install-rosetta --agree-to-license elif [ "$arch" == "i386" ]; then echo "Intel - Skipping Rosetta" else echo "Unknown Architecture" fi

Yet when I set up an M1 computer, many configurations are not getting installed and the logs show:

Installation failed. The installer reported: installer: This package requires Rosetta 2 to be installed. Please install Rosetta 2 and then try again. sudo softwareupdate --install-rosetta installer: Error - Microsoft Teams can’t be installed on this computer.
Installation failed. The installer reported: installer: This package requires Rosetta 2 to be installed. Please install Rosetta 2 and then try again. sudo softwareupdate --install-rosetta installer: Error - Pulse Secure can’t be installed on this computer.
Installation failed. The installer reported: installer: This package requires Rosetta 2 to be installed. Please install Rosetta 2 and then try again. sudo softwareupdate --install-rosetta installer: Error - Code42 can’t be installed on this computer.

I don't understand what I need to do to get this work. I have a nice provisioning system before that works quite well on Intel.

baf53273c79240e3a7a2780938b04aa3

1 ACCEPTED SOLUTION

bootrec
Contributor

@timlarsen @sdagley @pchimombe Thanks for your responses and the information you provided. I spent a couple of hours re-reading forum posts before I saw your replies and ended up removing my prestage enrollment package and creating a first priority policy with script as per https://www.jamf.com/jamf-nation/discussions/37357/deploy-rosetta-on-m1-machines-before-everything-else#responseChild210791. After stumbling with bad interpreter errors because I'm still learning how to create scripts, I was able to successfully enroll my M1 MacBook Air with all my configurations and policies.

View solution in original post

12 REPLIES 12

timlarsen
Contributor

Hi @bootrec based on your post, I think the problem is that all packages created with Composer (as of this writing and based on my experience - I'm not speaking for Jamf or quoting any official documentation) do not natively support ARM architecture without first having installed Rosetta, so it's a bit of a "catch 22". What I ended up doing was taking my pre-stage package (which includes the open source DEPNotify application as well as a script) and going through the following steps:

  1. Create the pkg as you normally would using Composer (I'm assuming you are using the default "create flat package" settings in preferences).
  2. In Terminal, run the following command:
    pkgutil --expand pkg-path dir-path
  3. Go to the specified directory (a new folder may have been created - think of this as the expanded package) and find the file named "Distribution" (it's an xml, so open in your text editor of choice).
  4. Find the line where it says "<options customize="always" ", add a space, then paste the following into the same line:
    hostArchitectures="x86_64,arm64"
  5. Save the file - you may be prompted to authenticate as an admin since this file is non-writable by default and owned by Root. To ensure permissions remain correct, use sudo chown to set the owner and group as "root:staff" and then chmod to permissions mode 644.
  6. Again using "pkgutil", run the following command to re-flatten your package (again, remembering the working directory is the expanded package):
    pkgutil --flatten dir-path pkg-path

Your first run package should now run on both Intel and M1 Macs. Again, this worked for me, but others may experience difference results, or maybe I'm over complicating the whole thing so would love to hear better solutions if they exist!

For your reference:
pkgutil man page
helpful thread I came across in my research

pchimombe
New Contributor III

Maybe change the distribution point to Cloud?

sdagley
Esteemed Contributor II

@bootrec Another option that eliminates the need to create an enrollment package is to create a Script under Settings->Computer Management-Scripts with Priority:Before (in the Options tab) and the following Script Contents:

#!/bin/sh

[ $( /usr/bin/arch ) = "arm64" ] && /usr/sbin/softwareupdate --install-rosetta --agree-to-license

exit 0

Add this to a Policy that runs on Enrollment

bootrec
Contributor

@timlarsen @sdagley @pchimombe Thanks for your responses and the information you provided. I spent a couple of hours re-reading forum posts before I saw your replies and ended up removing my prestage enrollment package and creating a first priority policy with script as per https://www.jamf.com/jamf-nation/discussions/37357/deploy-rosetta-on-m1-machines-before-everything-else#responseChild210791. After stumbling with bad interpreter errors because I'm still learning how to create scripts, I was able to successfully enroll my M1 MacBook Air with all my configurations and policies.

davidi4
Contributor

in Composer 10.27.0, it appears @timlarsen 's trick is built in:
2137d5fa95ed4af6959737618bbbf6a0

I unflatened the package and found the hostArchitectures setting change was already made. I'm about to test and I'll report back.

I have to say Jamf really missed the "Zero Day Readiness" for Apple Silicon. And Blame goes to Apple as well. I just got my first M1 and its a disaster.

I miss Steve more and more every day :(

PhilS
New Contributor III

How does that "Distribution Point: None" work? I'm serious, what is that option even there for? I have a well-formed payload-free package with the script as post-install, on my AWS DP, and it won't run. Will it run if I put it on None?

jpoirson
New Contributor III

hello, any news on something capable of running during pre-stage enrolment ? (Other than an enrollment complete script)

I want to install apps during pre-stage, and need rosetta to be installed first so that all is working BEFORE the user accesses its desktop on first step

SCCM
Contributor III

@jpoirson The marked answer on this page works just name the policy something like *_00-Enable Rosetta so its the first to apply and have the trigger as "enrollment complete"

jpoirson
New Contributor III

hi @SCCM yes I already did this but my requirement is to have an Antivirus running as soon as the user lands on the desktop on enrolment so I install an antivirus during prestage enrolment, but using the policy as you mentionned installs Rosetta indeed on enrolment complete.

BUT the antivirus is not launched because it needed rosetta BEFORE installing, so the mac needs to be restarted once AV + Rosetta is isntalled to ensure all is running, and its not yet elegant

I tried creating an empty package with composer that runs isntall as pre-install script and put it in prestage enrolment , but didnt seem to work

its a bit egg/chicken issue here

I would suggest putting the rosetta in the prestage and then the first package that you put can be Antivirus. This way we don't have any issues with the enrollment of our applications.

We do Splashbuddy based enrollment so that makes sure that all the packages are installed on the mac before the user has any access to the device.

SCCM
Contributor III

@jpoirson i had a similar requirement, i just changed the flow. Rather than selecting the Enrollement package (AV) to install in the prestage, i created a policy to install the AV on enrolment complete (which still runs before anyone longs in but after the rossetta one due to the name). Not sure if that would work in your environment.

dgeiler
Contributor