Jamf Composer M1 Apple

EliasG
Contributor

So we just got some new M1's I have tried to package a few pkg to deploy on them, when deploying them it says it went through but the app or software is not installed anywhere on the mac.

Any thoughts?

26 REPLIES 26

junjishimazaki
Valued Contributor

Rosetta needs to be installed. Did you confirm that Rosetta is installed prior to installing any packages?

junjishimazaki
Valued Contributor

This is the command to install Rosetta: /usr/sbin/softwareupdate --install-rosetta --agree-to-license

EliasG
Contributor

@junjishimazaki Rosetta has been installed....

junjishimazaki
Valued Contributor

Then go to /System/Library/CoreServices. You should see Rosetta 2 Updater.app. Run that, then re-install your package

sgiesbrecht
Contributor III

@EliasG Have you updated your DEP to 1.1.6?

EliasG
Contributor

@sgiesbrecht hmm god I don't remember, where do I check that, this is what happens when you don't touch something that ofter lol

junjishimazaki
Valued Contributor

If you deployed the package from Jamf as a policy, what does the log say?

EliasG
Contributor

@junjishimazaki Executing Policy M1 Office 2019
Mounting FS01
Verifying package integrity...
Installing MS Office 2019 M1.pkg...
Successfully installed MS Office 2019 M1.pkg.
Verifying package integrity...
Installing Microsoft_Office_2019_VL_Serializer.pkg...
Successfully installed Microsoft_Office_2019_VL_Serializer.pkg.

junjishimazaki
Valued Contributor

That's very odd, it's quite clear there are no error logs indicating any installation issues. If you want to try a different method, I use this script to download the latest MS Office 2019, then I install serializer.

!/bin/zsh

enter the Microsoft fwlink (permalink) product ID

or leave blank if using a $4 script parameter with Jamf Pro

linkID=" " # e.g. "525133" for Office 2019

linkID="525133"

****************** PRODUCT ID ******************

************************************************

525133 - Office 2019 for Mac SKUless download (aka Office 365)

2009112 - Office 2019 for Mac BusinessPro SKUless download (aka Office 365 with Teams)

871743 - Office 2016 for Mac SKUless download

830196 - AutoUpdate download

2069148 - Edge (Consumer Stable)

2069439 - Edge (Consumer Beta)

2069340 - Edge (Consumer Dev)

2069147 - Edge (Consumer Canary)

2093438 - Edge (Enterprise Stable)

2093294 - Edge (Enterprise Beta)

2093292 - Edge (Enterprise Dev)

525135 - Excel 2019 SKUless download

871750 - Excel 2016 SKUless download

869655 - InTune Company Portal download

823060 - OneDrive download

820886 - OneNote download

525137 - Outlook 2019 SKUless download

871753 - Outlook 2016 SKUless download

525136 - PowerPoint 2019 SKUless download

871751 - PowerPoint 2016 SKUless download

868963 - Remote Desktop

800050 - SharePoint Plugin download

832978 - Skype for Business download

869428 - Teams

525134 - Word 2019 SKUless download

871748 - Word 2016 SKUless download

enter the SHA 256 checksum for the download file

download the package and run '/usr/bin/shasum -a 256 /path/to/file.pkg'

this will change with each version

leave blank to to skip the checksum verification (less secure) or if using a $5 script parameter with Jamf Pro

sha256Checksum="f495ad16b78da91f2e8d7ec2225628d39a41cfa48b4e84ab4e5553695a1d0491" # e.g. "67b1e8e036c575782b1c9188dd48fa94d9eabcb81947c8632fd4acac7b01644b"

if [ "$4" != "" ] && [ "$linkID" = "" ]
then linkID=$4
fi

if [ "$5" != "" ] && [ "$sha256Checksum" = "" ]
then sha256Checksum=$5
fi

this is the full fwlink URL

url="https://go.microsoft.com/fwlink/?linkid=$linkID"

create temporary working directory

echo "Creating working directory '$tempDirectory'"
workDirectory=$( /usr/bin/basename $0 )
tempDirectory=$( /usr/bin/mktemp -d "/private/tmp/$workDirectory.XXXXXX" )

change directory to temporary working directory

echo "Changing directory to working directory '$tempDirectory'"
cd "$tempDirectory"

download the installer package and name it for the linkID

echo "Downloading package $linkID.pkg"
/usr/bin/curl --location --silent "$url" -o "$linkID.pkg"

checksum the download

downloadChecksum=$( /usr/bin/shasum -a 256 "$tempDirectory/$linkID.pkg" | /usr/bin/awk '{ print $1 }' )
echo "Checksum for downloaded package: $downloadChecksum"

install the package if checksum validates

if [ "$sha256Checksum" = "$downloadChecksum" ] || [ "$sha256Checksum" = "" ]; then echo "Checksum verified. Installing package $linkID.pkg" /usr/sbin/installer -pkg "$linkID.pkg" -target / exitCode=0
else echo "Checksum failed. Recalculate the SHA 256 checksum and try again. Or download may not be valid." exitCode=1
fi

remove the temporary working directory when done

/bin/rm -Rf "$tempDirectory"
echo "Deleting working directory '$tempDirectory' and its contents"

exit $exitCode

EliasG
Contributor

@junjishimazaki Do i need to change anything in the script?

junjishimazaki
Valued Contributor

Just pay attention to the linkID, which points to the product you want to install. So, the only thing you need to modify is the linkID

sgiesbrecht
Contributor III

@EliasG I'd downloaded DEPNotify-1.1.6.pkg from MacAdmin Slack > depnotify channel
you will also need to run "sudo softwareupdate --install-rosetta --agree-to-license" (without quotes) for any non-arm apps to work

It worked with no issues. I will be testing to install Rosetta in the DEP script (finger crossed)

franton
Valued Contributor III

Apple pkgs have a list of supported CPU types inside them as well. You can create a pkg that has just ordinary files inside it, but if the target cpu stuff is Intel only then M1 Macs will error out. The clue is if you try using the installer command: you'll get a message stating that Rosetta is required.

Composer 10.28 now has an option in the packaging preferences called "Executable types in PKGs" which is set to "Automatically detect executable types" by default. Try changing that option to "All executables are Universal" and see what happens.

The catch here is that if what you're packaging isn't universal, it'll deploy but then possibly fail to work.

franton
Valued Contributor III

@EliasG @sgiesbrecht Latest 1.1.6 DEP Notify is a Universal binary, so you can (and I do) run it before doing a Rosetta 2 installation.

EliasG
Contributor

@franton where in composer do I change that?

EliasG
Contributor

@franton found the setting, I repackaged it, still shows as it installed, but doesn't actually install the software.

mschroder
Valued Contributor

Did you have a look at /var/log/install.log for any hints what might have gone wrong?

EliasG
Contributor

@mschroder yeah I don't understand. Never had any issues with older model macs. Something about these M1's. Im doing the packages the exact same way, I installed composer on M1 machine, created packages, added them to jamf admin, created policies. I even triggered the policies in terminal to watch them install, it says installed, but no software at all.

junjishimazaki
Valued Contributor

The only thing that the M1 requires for any packages to be installed is just Rosetta and running the Rosetta 2 updater. And as long as the package is signed it should install. Have you tried any installer scripts? You can try this script called Installomator. https://github.com/scriptingosx/Installomator

EliasG
Contributor

@junjishimazaki what would be the best way to install rosetta and update it before running the packages?

junjishimazaki
Valued Contributor

I was having issues installing packages on my test M1 Mac. Unlike your issues which successfully installed, mine failed because of Rosetta. So, I installed Rosetta and then run the Rosetta 2 updater, and then installed my app.

junjishimazaki
Valued Contributor

I would try the script approach for installing apps, this way you can see in terminal if there are any issues installing any apps.

EliasG
Contributor

@junjishimazaki I tried an old script and that works. So the issue i'm narrowing it down is something that has to do with Composer ?

junjishimazaki
Valued Contributor

In your composer, what do you have in the postinstall script? Also, did you confirm that the file permissions are correct?

EliasG
Contributor

We do things very basic here, Launch composer, take snapshot, install software, close it, and package it. Been doing it this way for 5-6 years now with no issues. Issue started with the damn M1 model lol @junjishimazaki

junjishimazaki
Valued Contributor

Ah I see, you take a snapshot of the installation. Thank you for clarifying the process. Instead of taking a snapshot, have you tried adding a preinstall script, and add the installer -pkg command? But, quite honestly in my opinion, it would make more sense to create an installer script than to create a package. This way you don't have to keep updating the package and it will always download and install the latest. Obviously, you can't script every single app out there but at least you can minimize updating packages.