Jamf Pro; Upgrade methods for Mojave.

ThijsX
Valued Contributor
Valued Contributor

Hi All,

Lets share idea's about how to upgrade to macOS Mojave via;

  • Self Service
  • App Store
  • Others

Also an idea to share idea's an how to upgrade from 10.14.1 to 10.14.2 due the new Software Update pane in Sysprefs.

Cheers.

110 REPLIES 110

KMak84
Contributor

I'm having issues getting past the initial phase. When i wrap the 10.13.3 into a DMG it places the the app into applications folder but does not recognise the app as it is damaged or incomplete. When installing it manually from the DMG it works fine and the .app appears in the applications folder as it should.

I have re-packaged the macOS as an HFS+ as 90% of the environment are still on this file system and was packaged using Casper 9 but still getting the same result

Is there something else I can do?

be91ee94c27647d88f62fdf508da3edc

Login to the Jamf Pro Server
Create a new Computer SmartGroup called High Sierra “Cached”
a. Criteria Tab
i. Application Title ‘has’ Install macOS High Sierra.app

Create a new Computer SmartGroup called High Sierra Ready
a. Criteria Tab
i. Operating System Version ‘is’ 10.10.5 OR 10.11.5 OR 10.12.5

Now we need to upload the Install macOS High Sierra Script from GitHub into the Jamf Pro Server: a. Gear Icon > Computer Management > Scripts > Create new Script called macOS10.13Upgrade
b. Paste the contents of the script into the Script Tab
c. Save

Open Composer.app on computer that has a copy of the Install macOS High Sierra.app
i. NOTE: This step needs to be performed on a 10.12 or older machine that is still on the HFS filesystem. This is because an HFS file system can’t mount an APFS formatted DMG. If you make this on a 10.13 machine, it will format the DMG as APFS.
b. Drag the Install macOS High Sierra.app into the left side of Composer.
c. Build as DMG and place on the desktop
i. I named mine macOS High Sierra.dmg

Open Jamf Admin.app
a. Drag the macOS High Sierra.dmg we just made in Composer into Jamf Admin from the Desktop
b. Assign it a category and set it to a priority of 1
c. Save

Create a policy called “Cache” High Sierra
a. Configure Packages Payload
i. Select the macOS High Sierra.dmg package we just made in Composer
ii. Keep the “Action to take on computers” to Install

We are “caching” OR placing a copy of Install macOS High Sierra.app in the /Applications/ folder.
b. Configure a Maintenance Payload i. Update Inventory
c. TESTING ONLY - Do NOT set a trigger
d. TESTING ONLY - Execution Frequency – Ongoing
e. TESTING ONLY - Make available in Self Service
f. Scope to group of TESTING computers that are not High Sierra.

tnielsen
Valued Contributor

@k84

After you uploaded your dmg to the jamf admin program, did you check the "it's an OS" box? If so, don't do that. That DMG is simply copying the installer to the applications folder and should be treated like any regular application.

Your post is extremely confusing I suggest you start your own thread about it.

bbot
Contributor

I'm running the modified script below. For about half the machines, nothing appears to happen when ran through Self Service. The machine reboots, but Mojave is never installed. I have tried this on 10.12 and 10.13 machine and the results are inconsistent. Some work and some don't. Is anyone else seeing something similar?

#!/bin/bash

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#
# Copyright (c) 2018 Jamf.  All rights reserved.
#
#       Redistribution and use in source and binary forms, with or without
#       modification, are permitted provided that the following conditions are met:
#               * Redistributions of source code must retain the above copyright
#                 notice, this list of conditions and the following disclaimer.
#               * Redistributions in binary form must reproduce the above copyright
#                 notice, this list of conditions and the following disclaimer in the
#                 documentation and/or other materials provided with the distribution.
#               * Neither the name of the Jamf nor the names of its contributors may be
#                 used to endorse or promote products derived from this software without
#                 specific prior written permission.
#
#       THIS SOFTWARE IS PROVIDED BY JAMF SOFTWARE, LLC "AS IS" AND ANY
#       EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
#       WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
#       DISCLAIMED. IN NO EVENT SHALL JAMF SOFTWARE, LLC BE LIABLE FOR ANY
#       DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
#       (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
#       LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
#       ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
#       (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
#       SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#
# This script was designed to be used in a Self Service policy to ensure specific
# requirements have been met before proceeding with an inplace upgrade of the macOS,
# as well as to address changes Apple has made to the ability to complete macOS upgrades
# silently.
#
# VERSION: v2.7.2.1
#
# REQUIREMENTS:
#           - Jamf Pro
#           - macOS Clients running version 10.10.5 or later
#           - macOS Installer 10.12.4 or later
#           - eraseInstall option is ONLY supported with macOS Installer 10.13.4+ and client-side macOS 10.13+
#           - Look over the USER VARIABLES and configure as needed.
#
#
# For more information, visit https://github.com/kc9wwh/macOSUpgrade
#
#
# Written by: Joshua Roskos | Jamf
# Modified by: Brandon Wong
#
# Created On: January 5th, 2017
# Updated On: November 27, 2018
# Changes made: Resolved the need for local admin creds for non-admin users by creating separate local admin group
# Non-admin users will be promoted to admin, and removed from local admin post upgrade
#
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# USER VARIABLES
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

##Specify path to OS installer. Use Parameter 4 in the JSS, or specify here
##Example: /Applications/Install macOS High Sierra.app
OSInstaller="$4"

##Version of Installer OS. Use Parameter 5 in the JSS, or specify here.
##Example Command: /usr/libexec/PlistBuddy -c 'Print :"System Image Info":version' "/Applications/Install macOS High Sierra.app/Contents/SharedSupport/InstallInfo.plistr"
##Example: 10.12.5
version="$5"
versionMajor=$( /bin/echo "$version" | /usr/bin/awk -F. '{print $2}' )
versionMinor=$( /bin/echo "$version" | /usr/bin/awk -F. '{print $3}' )

##Custom Trigger used for download. Use Parameter 6 in the JSS, or specify here.
##This should match a custom trigger for a policy that contains just the 
##MacOS installer. Make sure that the policy is scoped properly
##to relevant computers and/or users, or else the custom trigger will
##not be picked up. Use a separate policy for the script itself.
##Example trigger name: download-sierra-install
download_trigger="$6"

##MD5 Checksum of InstallESD.dmg
##This variable is OPTIONAL
##Leave the variable BLANK if you do NOT want to verify the checksum (DEFAULT)
##Example Command: /sbin/md5 /Applications/Install macOS High Sierra.app/Contents/SharedSupport/InstallESD.dmg
##Example MD5 Checksum: b15b9db3a90f9ae8a9df0f81741efa2b
installESDChecksum="$7"

##Valid Checksum?  O (Default) for false, 1 for true.
validChecksum=0

##Unsuccessful Download?  0 (Default) for false, 1 for true.
unsuccessfulDownload=0

##Erase & Install macOS (Factory Defaults)
##Requires macOS Installer 10.13.4 or later
##Disabled by default
##Options: 0 = Disabled / 1 = Enabled
##Use Parameter 8 in the JSS.
eraseInstall="$8"
if [[ "${eraseInstall:=0}" != 1 ]]; then eraseInstall=0 ; fi
#macOS Installer 10.13.3 or ealier set 0 to it.
if [ "$versionMajor${versionMinor:=0}" -lt 134 ]; then
    eraseInstall=0
fi

##Enter 0 for Full Screen, 1 for Utility window (screenshots available on GitHub)
##Full Screen by default
##Use Parameter 9 in the JSS.
userDialog="$9"
if [[ ${userDialog:=0} != 1 ]]; then userDialog=0 ; fi

##Title of OS
##Example: macOS High Sierra
macOSname=$(/bin/echo "$OSInstaller" | /usr/bin/sed 's/^/Applications/Install (.*).app$/1/')

##Title to be used for userDialog (only applies to Utility Window)
title="$macOSname Upgrade"

##Heading to be used for userDialog
heading="Please wait as we prepare your computer for $macOSname..."

##Title to be used for userDialog
description="This process will take approximately 5-10 minutes.
Once completed your computer will reboot and begin the upgrade."

##Description to be used prior to downloading the OS installer
dldescription="We need to download $macOSname to your computer, this will 
take several minutes."

##Jamf Helper HUD Position if macOS Installer needs to be downloaded
##Options: ul (Upper Left); ll (Lower Left); ur (Upper Right); lr (Lower Right)
##Leave this variable empty for HUD to be centered on main screen
dlPosition="ul"

##Icon to be used for userDialog
##Default is macOS Installer logo which is included in the staged installer package
icon="$OSInstaller/Contents/Resources/InstallAssistant.icns"

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# FUNCTIONS
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

downloadInstaller() {
    /bin/echo "Downloading macOS Installer..."
    /Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper 
        -windowType hud -windowPosition $dlPosition -title "$title" -alignHeading center -alignDescription left -description "$dldescription" 
        -lockHUD -icon "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/SidebarDownloadsFolder.icns" -iconSize 100 &
    ##Capture PID for Jamf Helper HUD
    jamfHUDPID=$!
    ##Run policy to cache installer
    /usr/local/jamf/bin/jamf policy -event "$download_trigger"
    ##Kill Jamf Helper HUD post download
    /bin/kill "${jamfHUDPID}"
}

verifyChecksum() {
    if [[ "$installESDChecksum" != "" ]]; then
        osChecksum=$( /sbin/md5 -q "$OSInstaller/Contents/SharedSupport/InstallESD.dmg" )
        if [[ "$osChecksum" == "$installESDChecksum" ]]; then
            /bin/echo "Checksum: Valid"
            validChecksum=1
            return
        else
            /bin/echo "Checksum: Not Valid"
            /bin/echo "Beginning new dowload of installer"
            /bin/rm -rf "$OSInstaller"
            /bin/sleep 2
            downloadInstaller
        fi
    else
        ##Checksum not specified as script argument, assume true
        validChecksum=1
        return
    fi
}

cleanExit() {
    /bin/kill "${caffeinatePID}"
    exit "$1"
}

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# SYSTEM CHECKS
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

##Caffeinate
/usr/bin/caffeinate -dis &
caffeinatePID=$!

##Get Current User
currentUser=$( /usr/bin/stat -f %Su /dev/console )

##Get Current Users homefolder
currentUserHomeDirectory=$( /usr/bin/dscl . -read "/users/$currentUser" NFSHomeDirectory | cut -d " " -f 2 )

## Elevation to avoid osinstallersetupd issue.
/usr/sbin/dseditgroup -q -o create -n /Local/Default -r "Admin access for macOS upgrade" upgradeadmin
/usr/sbin/dseditgroup -q -o edit -n /Local/Default -a upgradeadmin -t group admin
/usr/sbin/dseditgroup -o edit -a "${currentUser}" -t user upgradeadmin
/usr/bin/dsmemberutil flushcache

##Check if FileVault Enabled
fvStatus=$( /usr/bin/fdesetup status | head -1 )

## Check if battery is below 80%
battLevel=$( pmset -g ps  |  sed -n 's/.*[[:blank:]]+*(.*%).*/1/p' )
if [[ ${battLevel} > *"80"* ]]; then
    pwrStatus="OK"
    /bin/echo "Power Check: OK - Battery above 80%"
else
    #pwrStatus="ERROR"
     pwrStatus="OK"
    /bin/echo "Power Check: ERROR - Battery level below 80%"
fi


##Check if free space > 10GB
osMajor=$( /usr/bin/sw_vers -productVersion | /usr/bin/awk -F. '{print $2}' )
osMinor=$( /usr/bin/sw_vers -productVersion | /usr/bin/awk -F. '{print $3}' )
if [[ $osMajor -eq 12 ]] || [[ $osMajor -eq 13 && $osMinor -lt 4 ]]; then
    freeSpace=$( /usr/sbin/diskutil info / | /usr/bin/grep "Available Space" | /usr/bin/awk '{print $6}' | /usr/bin/cut -c 2- )
else
    freeSpace=$( /usr/sbin/diskutil info / | /usr/bin/grep "Free Space" | /usr/bin/awk '{print $6}' | /usr/bin/cut -c 2- )
fi

if [[ ${freeSpace%.*} -ge 10000000000 ]]; then
    spaceStatus="OK"
    /bin/echo "Disk Check: OK - ${freeSpace%.*} Bytes Free Space Detected"
else
    spaceStatus="ERROR"
    /bin/echo "Disk Check: ERROR - ${freeSpace%.*} Bytes Free Space Detected"
fi

##Check for existing OS installer
loopCount=0
while [[ $loopCount -lt 3 ]]; do
    if [ -e "$OSInstaller" ]; then
        /bin/echo "$OSInstaller found, checking version."
        OSVersion=$(/usr/libexec/PlistBuddy -c 'Print :"System Image Info":version' "$OSInstaller/Contents/SharedSupport/InstallInfo.plist")
        /bin/echo "OSVersion is $OSVersion"
        if [ "$OSVersion" = "$version" ]; then
          /bin/echo "Installer found, version matches. Verifying checksum..."
          verifyChecksum
        else
          ##Delete old version.
          /bin/echo "Installer found, but old. Deleting..."
          /bin/rm -rf "$OSInstaller"
          /bin/sleep 2
          downloadInstaller
        fi
        if [ "$validChecksum" == 1 ]; then
            unsuccessfulDownload=0
            break
        fi
    else
        downloadInstaller
    fi

    unsuccessfulDownload=1
    ((loopCount++))
done

if (( unsuccessfulDownload == 1 )); then
    /bin/echo "macOS Installer Downloaded 3 Times - Checksum is Not Valid"
    /bin/echo "Prompting user for error and exiting..."
    /Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility -title "$title" -icon "$icon" -heading "Error Downloading $macOSname" -description "We were unable to prepare your computer for $macOSname. Please contact the IT Support Center." -iconSize 100 -button1 "OK" -defaultButton 1
    cleanExit 0
fi


# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# CREATE FIRST BOOT SCRIPT
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

/bin/mkdir -p /usr/local/jamfps

/bin/cat > /usr/local/jamfps/finishOSInstall.sh <<'EOL'
#!/bin/bash

##Demote if user was not an admin before upgrade
/usr/sbin/dseditgroup -o delete -n /Local/Default upgradeadmin
/usr/bin/dsmemberutil flushcache

## First Run Script to remove the installer.
## Clean up files
/bin/rm -fr "$OSInstaller"
/bin/sleep 2

## Update Device Inventory
/usr/local/jamf/bin/jamf manage
/usr/local/jamf/bin/jamf recon

## Remove LaunchDaemon
/bin/rm -f /Library/LaunchDaemons/com.jamfps.cleanupOSInstall.plist

## Remove Script
/bin/rm -fr /usr/local/jamfps

exit 0
EOL

/usr/sbin/chown root:admin /usr/local/jamfps/finishOSInstall.sh
/bin/chmod 755 /usr/local/jamfps/finishOSInstall.sh

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# LAUNCH DAEMON
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

/bin/cat << EOF > /Library/LaunchDaemons/com.jamfps.cleanupOSInstall.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>com.jamfps.cleanupOSInstall</string>
    <key>ProgramArguments</key>
    <array>
        <string>/bin/bash</string>
        <string>-c</string>
        <string>/usr/local/jamfps/finishOSInstall.sh</string>
    </array>
    <key>RunAtLoad</key>
    <true/>
</dict>
</plist>
EOF

##Set the permission on the file just made.
/usr/sbin/chown root:wheel /Library/LaunchDaemons/com.jamfps.cleanupOSInstall.plist
/bin/chmod 644 /Library/LaunchDaemons/com.jamfps.cleanupOSInstall.plist

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# LAUNCH AGENT FOR FILEVAULT AUTHENTICATED REBOOTS
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

##Determine Program Argument
if [[ $osMajor -ge 11 ]]; then
    progArgument="osinstallersetupd"
elif [[ $osMajor -eq 10 ]]; then
    progArgument="osinstallersetupplaind"
fi

/bin/cat << EOP > /Library/LaunchAgents/com.apple.install.osinstallersetupd.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>com.apple.install.osinstallersetupd</string>
    <key>LimitLoadToSessionType</key>
    <string>Aqua</string>
    <key>MachServices</key>
    <dict>
        <key>com.apple.install.osinstallersetupd</key>
        <true/>
    </dict>
    <key>TimeOut</key>
    <integer>300</integer>
    <key>OnDemand</key>
    <true/>
    <key>ProgramArguments</key>
    <array>
        <string>$OSInstaller/Contents/Frameworks/OSInstallerSetup.framework/Resources/$progArgument</string>
    </array>
</dict>
</plist>
EOP

##Set the permission on the file just made.
/usr/sbin/chown root:wheel /Library/LaunchAgents/com.apple.install.osinstallersetupd.plist
/bin/chmod 644 /Library/LaunchAgents/com.apple.install.osinstallersetupd.plist

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# APPLICATION
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

if [[ ${pwrStatus} == "OK" ]] && [[ ${spaceStatus} == "OK" ]]; then
    ##Launch jamfHelper
    if [ ${userDialog} -eq 0 ]; then
        /bin/echo "Launching jamfHelper as FullScreen..."
        /Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType fs -title "" -icon "$icon" -heading "$heading" -description "$description" &
        jamfHelperPID=$!
    else
        /bin/echo "Launching jamfHelper as Utility Window..."
        /Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility -title "$title" -icon "$icon" -heading "$heading" -description "$description" -iconSize 100 &
        jamfHelperPID=$!
    fi
    ##Load LaunchAgent
    if [[ ${fvStatus} == "FileVault is On." ]] && [[ ${currentUser} != "root" ]]; then
        userID=$( /usr/bin/id -u "${currentUser}" )
        /bin/launchctl bootstrap gui/"${userID}" /Library/LaunchAgents/com.apple.install.osinstallersetupd.plist
    fi
    ##Begin Upgrade
    /bin/echo "Launching startosinstall..."
    ##Check if eraseInstall is Enabled
    if [[ $eraseInstall == 1 ]]; then
        eraseopt='--eraseinstall'
        /bin/echo "   Script is configured for Erase and Install of macOS."
    fi

    osinstallLogfile="/var/log/startosinstall.log"
    if [ "$versionMajor" -ge 14 ]; then
        eval /usr/bin/nohup ""$OSInstaller/Contents/Resources/startosinstall"" "$eraseopt" --agreetolicense --nointeraction --pidtosignal "$jamfHelperPID" >> "$osinstallLogfile" &
    else
        eval /usr/bin/nohup ""$OSInstaller/Contents/Resources/startosinstall"" "$eraseopt" --applicationpath ""$OSInstaller"" --agreetolicense --nointeraction --pidtosignal "$jamfHelperPID" >> "$osinstallLogfile" &
    fi
    /bin/sleep 3
else
    ## Remove Script
    /bin/rm -f /usr/local/jamfps/finishOSInstall.sh
    /bin/rm -f /Library/LaunchDaemons/com.jamfps.cleanupOSInstall.plist
    /bin/rm -f /Library/LaunchAgents/com.apple.install.osinstallersetupd.plist

    /bin/echo "Launching jamfHelper Dialog (Requirements Not Met)..."
    /Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility -title "$title" -icon "$icon" -heading "Requirements Not Met" -description "We were unable to prepare your computer for $macOSname. Please ensure you are connected to power and that you have at least 10GB of Free Space.

    If you continue to experience this issue, please contact the IT Support Center." -iconSize 100 -button1 "OK" -defaultButton 1

fi

cleanExit 0

john_sherrod
Contributor II

@k84

I had a similar issue. I THINK this was my solution: In Composer I choose the Mojave installer app and then down in the permissions area I set it as follows:

Owner: admin (501) R,W,X are all checked
Group: admin (80) R and X are checked
Everyone: R and X are checked

Mode should then be 755. I then built it as a PKG and uploaded it to in Jamf Admin.

typtran1
New Contributor

@dmitchell

Can you share the script that you use to get Mojave to install? I've set mine up the same way by having it cached then would like to run a script to install.

dmitchell
Contributor

@typtran1 posted below. I got it from Jamf Nation, it was created by @therealmacjeezy . It says it's supported up to 10.13 but it works with Mojave. Essentially I am caching Mojave, once cached a policy is pushed to Self Service for Macs that have the installer cached. Users will be notified that the policy is available. We aren't forcing Macs to upgrade right now, this is all user initiated from Self Service.

#!/bin/bash

#################################################
# macOS 10.14 Updater
# Policy - Self Service
# Joshua Harvey | August 2018
# josh[at]macjeezy.com
# GitHub - github.com/therealmacjeezy    
# JAMFnation - therealmacjeezy
#################################################

####### Supported macOS Versions ##########################################################
# macOS 10.11.x, macOS 10.12.x, macOS 10.13.x
####### Script Overview ###################################################################
# This script will setup a plist for an authenticated reboot, check the disk type for the 
# computer, then run the startosinstall binary. Before the
# computer restarts, it will kill self service which is required due to the startosinstall
# performing a soft restart and is not able to force quit other applications
#
# NOTE: The Install macOS Mojave.app must be in the Applications folder before this script
# is ran.
###########################################################################################

# Pulls the current logged in user and their UID
currUser=$(scutil <<< "show State:/Users/ConsoleUser" | awk -F': ' '/[[:space:]]+Name[[:space:]]:/ { if ( $2 != "loginwindow" ) { print $2 }}      ')
currUserUID=$(id -u "$currUser")

fvPass=$(
# Prompts the user to input their FileVault password using Applescript. This password is used for a one time authenticated reboot. Once the installation is started, the file that was used to reboot the system is deleted.
/bin/launchctl asuser "$currUserUID" sudo -iu "$currUser" /usr/bin/osascript <<APPLESCRIPT

set validatedPass to false

repeat while (validatedPass = false)
-- Prompt the user to enter their filevault password
display dialog "Enter your Filevault 2 Password to allow a one time authenticated reboot, which is used to start the macOS 10.14 upgrade" with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns" default answer "" buttons {"Continue"} with text and hidden answer default button "Continue"

set fvPass to (text returned of result)

display dialog "Re-enter the Filevault 2 Password to verifed it was entered correctly" with text and hidden answer buttons {"Continue"} with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns" default answer "" default button "Continue"

if text returned of result is equal to fvPass then
    set validatedPass to true
    fvPass
else
    display dialog "The passwords you have entered do not match. Please enter matching passwords." with title "FileVault Password Validation Failed" buttons {"Re-Enter Password"} default button "Re-Enter Password" with icon file messageIcon
end if
end repeat

APPLESCRIPT
)

# Sets the comptuer up for an authenticated restart using a temp account
/usr/bin/fdesetup authrestart -delayminutes -1 -verbose -inputplist <<EOF
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Username</key>
    <string>"$currUser"</string>
    <key>Password</key>
    <string>"$fvPass"</string>
</dict>
</plist>
EOF

# Runs the startosinstall binary to start the upgrade
"/Applications/Install macOS Mojave.app/Contents/Resources/startosinstall" --applicationpath "/Applications/Install macOS Mojave.app" --rebootdelay 0 --nointeraction --agreetolicense

# Pulls the current user
currUser=$(scutil <<< "show State:/Users/ConsoleUser" | awk -F': ' '/[[:space:]]+Name[[:space:]]:/ { if ( $2 != "loginwindow" ) { print $2 }}      ')
currUserUID=$(id -u "$currUser")

# Kills self service to allow the installer to continue with the update
/bin/launchctl asuser "$currUserUID" sudo -iu "$currUser" killall "Self Service"

# Exits the script
exit 0

typtran1
New Contributor

@dmitchell We want to do the same thing leave it up to user to upgrade in SS. Thank you for the script will give this a try.

rickwhois
Contributor

What should I put for parameter 5 if I wanted to ignore the installer version? I want to allow any installer version that was downloaded.
Script I'm using: https://github.com/kc9wwh/macOSUpgrade
variable: version="$5"

jec1
New Contributor II

Some folks have said they've created a script to download the latest installer from the App Store:

"We created a 02 Install High Sierra self service item, and scope the same smart group. This item is just a link to the apple App store to down the latest version of the High Sierra installer. User gets the file direct from Apple."

Does anyone have this script handy and willing to share?

I can't find it anywhere.

sdagley
Esteemed Contributor II

@jec1 Take a look at erase-install from @grahamrpugh. Despite the name you can have it just download the High Sierra or Mojave installers from Apple and drop them into /Applications. It does this by driving a modified version of @gregneagle's installinstallmacos.py

sdunbar
Contributor

@hpavlic.

Hi

I have been using the scrip you posted above (Written by: Joshua Roskos | Jamf), but with mixed results, sometimes it works great, but now more often than not, its shows as successful, but with the errors below, and the upgrade does not take place.

I am getting the following error:

nohup: can't detach from console: No such file or directory

This is sometimes accompanied by a much longer error message:

nohup: can't detach from console: No such file or directory 2019-02-11 10:16:26.792 jamfHelper[5005:65399] GetInputSourceEnabledPrefs user file path = /Users/stole/Library/Preferences/com.apple.HIToolbox.plist 2019-02-11 10:16:26.792 jamfHelper[5005:65399] GetInputSourceEnabledPrefs effective user id path = 0 2019-02-11 10:16:26.793 jamfHelper[5005:65399] .........................

It seems that it downloads the Install MacOS Mojave app fine and then at the second pop up it does not kick of the install correctly and the pop up window stays in place.

Do you know what might be happening, any advice would be great.

Many thanks

szultzie
Contributor II

HI,

Ive been testing an inplace upgrade from 10.13.3 to 10.14.3, and im hitting a wall with Cylance. I put down a Configuration Profile the proper Kernel Extension for Cylance (it works if i do a fresh install)

But with Cylance already installed on the machien when 10.14.3 installs, pushing the config profile doesn't do anything i still get the red dot in Cylance.

i tested pushing teh config profile before and after the OS upgrade with same results ( i even did it manually thru app store)

Any ideas?

rcole
Contributor II

@glaske do you happen to recall how you were able to get that OS prompt to prompt the user about the install and if this is something that can be set to some type of reoccurrence? Great idea!

EdenJAMFAdmin
New Contributor

@MLBZ521 I'm looking at trying to use your script and have a couple questions.

Is the difference between Forced, Self Service, and Classroom is that Forces is for a policy to auto trigger the scripts and start the install, Classroom to be started by a tech on the machine to run without intervention, and Self Service for the end user to start the install when they are prompted.

I see references for the QuickAdd.pkg and the OS installers to all be in the /tmp folder. How are you getting them there? Are the separate policies setup to do a Cache install of the app? Or are they full installs. Are the packages for each setup to drop the files into /tmp? Are you just using composer to make these packages?

Thank you.

Dan

MLBZ521
Contributor III

@EdenJAMFAdmin

I've been meaning to catch up on this thread... I'll admit, I haven't looked my script for some time, and I'm pretty sure the "logic" I had laid out for the "Force" option likely does not work; there may also be other issues looking through some of the comments in this thread that have not been reported to me. I have ideas to update the script, but it just hasn't gotten to the top of my "To Do" list.

I'm mainly using this for a Reprovision Policy in my environment, and some Site Admins are using it to make Upgrades available in Self Service. Between Self Service and the Classroom options, it's mainly the flow of logic and the verbiage that is presented to the screen.

Yes, I create a package to drop the "Install macOS <version>.app" and a "QuickAdd.pkg" to /tmp; you can use Composer, munkipkg, packages, or any tool you wanted to do this. I do not cache these, as this is being used as Self Service only; so everything is downloaded upon selecting the Policy in Self Service.

colton_langdon
New Contributor

@szultzie

Did you ever find a solution to the reboot problem after completing the in-place upgrade? I am seeing the same issue after running the upgrade from Self Service using the methods mentioned in this post.

szultzie
Contributor II

@colton.langdon so the short answer is yes, with a launchD script that erases itself.

The issue i am solving now is that my policy works great while a user is logged in but as soon as i try to push it during a checking with out a user logs in, it just doesn't go, and the computer that i scope it to stops checking in.

-Peter

metalfoot77
Contributor II

I also need a little help. I am doing an in-place from HS to Mojave. I have a package that contains the 6gb installer and I am pushing that down via policy to specified machines. That works fine.

Then I created a task in Apple Remote Desktop to issue the command

"/Applications/Install macOS Mojave.app/Contents/Resources/startosinstall --rebootdelay 0 --nointeraction --agreetolicense"

I then drop machines I want to upgrade onto this task and it does its thing... until....

I get a login screen and when I log in with my admin creds, I get the dreaded "hey now wait 13 more minutes please" updating stuff.

Anyone have an easy solution for getting through that with the more manual approach I am taking?

Thanks!!!

jkaigler
Contributor II

I have been seeing the same thing on upgrades it was discussed in this post:

https://www.jamf.com/jamf-nation/discussions/31359/furiously-frustrated-with-jamf-mojave-upgrade-issue

metalfoot77
Contributor II

Thanks @jkaigler , I guess I will just manually massage these machines once I've issued the upgrade command via ARD... for now.

richies113
New Contributor II

Hi Guys.

Thank you for the input. Right now most of our users are running on 10.14.4. Looking to push the update to 10.14.5.

I got this resource from Support -> https://raw.githubusercontent.com/kc9wwh/macOSUpgrade/master/macOSUpgrade.sh

Only problem is, it gives me an error:
Error downloading
WE Were unable to prepare your computer for.
Please contact the IT support center

Is there any other suggestions on how we can push the updates to users?

Thank you.

CorpIT_eB
Contributor II

@richies113 I would like to create a policy to upgrade to 10.14.5 what do you currently have in place to accomplish this?

I uploaded the .dmg to JAMF via JAMF Admin and even created a policy it says it installed but if has not.

Executing Policy macOS Patch Updates
Downloading https://use1-jcds.services.jamfcloud.com//download/19727f945eb74fb797d9d257fa52498e/macOSUpd10.14.5.dmg?token=689de70203904bb682ed91ae0e0e233b7tp5sgnys4g0rvbs9zg6eegbns35y4py...
Verifying DMG...
Verifying package integrity...
Installing macOSUpd10.14.5.dmg...
Closing package...
Blessing i386 macOS System on /...
Creating Reboot Script...

I want to deploy this, I even tryed issuing the command to download and install via a action and that did not work.

I really wish there was a way to force this update without user interaction.

rcole
Contributor II

@richies113 you could also deploy the software update policy or send the update OS software command through ARD to the workstations.

averion_j
New Contributor II

Hello Guys, am a newbie with almost the same problem. I have Mojave.app update sitting on /Application folder. My problem is to run that update through Policy. Hoping for your suggestion.
Thanks

jkaigler
Contributor II

for upgrades I run this command "Files and Processes" ..

/Applications/Install macOS Mojave.app/Contents/Resources/startosinstall" --applicationpath "/Applications/Install macOS Mojave.app" --rebootdelay 0 --nointeraction --agreetolicense &

For wipe and reload add --eraseinstall before --application

bpavlov
Honored Contributor

a_holley
Contributor

I know I'm resurrecting an old thread, but I am running into an issue with Self Service.
Installer is installed in the Applications folder, no worries. Run /Applications/Install macOS Mojave.app/Contents/Resources/startosinstall --agreetolicense --nointeraction through a Self Service policy, logged in as local admin, no worries.
Self Service fails to quit, which means the whole thing falls over. What do I do? I can't include a command for it to quit, because that would kill the process, right? I'm pulling my hair out!

EDIT: I found the solution! In this thread. Should have gone through a bit slower, but that's not my style. Thanks to @therealmacjeezy for the but of script I needed and@dmitchell for posting it!

If anyone is wondering, here you go:

# Runs the startosinstall binary to start the upgrade
"/Applications/Install macOS Mojave.app/Contents/Resources/startosinstall" --applicationpath "/Applications/Install macOS Mojave.app" --rebootdelay 0 --nointeraction --agreetolicense

# Pulls the current user
currUser=$(scutil <<< "show State:/Users/ConsoleUser" | awk -F': ' '/[[:space:]]+Name[[:space:]]:/ { if ( $2 != "loginwindow" ) { print $2 }}      ')
currUserUID=$(id -u "$currUser")

# Kills self service to allow the installer to continue with the update
/bin/launchctl asuser "$currUserUID" sudo -iu "$currUser" killall "Self Service"

# Exits the script
exit 0

monaronyc
Contributor

@a.holley I get a little over anxious too! Thanks goodness I'm not the only one! ; ) Thanks for your post. We're using the kc9wwh/macOSUpgrade script to do our Sierra to Mojave upgrades and stuck at Self Service not quitting out too. Where in this kc9wwh/macOSUpgrade script would we add this kill self service string?

# Kills self service to allow the installer to continue with the update
/bin/launchctl asuser "$currUserUID" sudo -iu "$currUser" killall "Self Service"

gabester
Contributor III

I already queried on one thread but replicating here for relevance and redundancy to ensure anyone who has a solution sees it and posts it:

Has anyone come up with any good ways of getting upgraded to and/or deploying a current 18G2022 build of Mojave that don't involve multiple layered policies and smart groups and packages? The latest full installer is only 18G103, and then Security Update 2019-002 needs to be applied to that, along with Safari 13.0.4 and other updates as will no doubt come out down the road; it would be nice if Apple supplied something akin to the old Windows rollup releases or provided a way to "slipstream" the latest updates so that user downtime for upgrades and tech wait time for clean installs was minimized.

In our environment we can't just use Apple's Software Updates, we end up pushing the SecUpd2019-002Mojave.pkg to any Mac that has Mojave but isn't running build 18G2022. Unfortunately, while systems seem to get updated, they report to Jamf that the upgrade has failed.

I was disappointed that running this didn't work for a clean build - it feels like it ought to, but as with all things Apple does lately, this is not the way:

/Volumes/Install macOS Mojave/Install macOS Mojave.app/Contents/Resources/startosinstall  
--agreetolicense --volume /Volumes/Macintosh HD  
--installpackage /Volumes/Install macOS Mojave/SecUpd2019-002Mojave.pkg

It yields an error:

macOS could not be installed on your computer ERROR_ABA5BBBB51F Quit the installer to restart your computer and try again.

4e3f7ff7acde4cadbb51fab1f86de096

Unfortunately this Mac that I experimented on had to be restored via Internet Recovery.

jweeda
New Contributor

I have followed the steps (as posted by boon12345 on 11/18/2018 above - really helpful by the way as I have NEVER done this before and needed the step-by-step) to set up the smart groups, create/paste the script, and set up all the policies. The High Sierra (or Mojave) app installs properly on my test device using the first policy. However, when I run the second policy, which runs the script (macOSUpgrade downloaded today 2/6/20 on GitHub), all I get is the message:
Error Downloading macOS High Sierra
We were unable to prepare your computer for macOS High Sierra. Please contact the IT Support Center.
I did not modify the script at all. Is there something I am doing wrong? Any help is greatly appreciated!

Bia
New Contributor III

Random question for anyone: using the method from kc9wwh/macOSUpgrade - it has worked amazing. I have been able to successfully deploy this update using 2 policies, one for the pkg file of the installer and the other containing the script. I've been able to update multiple Macs off our university campus network since many are working from home. I have 150 iMacs now to update on campus. The pkg file pulls from the SMB share just fine, but then the script calls out to Jamf Cloud based on the network logs and I know scripts are stored in the database. During testing, I have only done 5 Macs one at a time and I am ready to do the remaining 150 on campus. Has anyone who has used this specific method (or any scripted macOS upgrade method) notice any networking issues or a major impact on their network? Jamf Support says it should not have any impact on the network for this many Macs. Trying to plan accordingly and am open to any tips. Thanks!