Jamf Nation Community

avogel · ‎09-07-2021

Hello all,

I am currently working on a script, mildem I load the installer via "softwareupdate --fetch-full-installer" and then install via "startosinstall" --eraseinstall --newvolumename "Macintosh HD" --agreetolicense --nointeraction".

Unfortunately, I currently observe the following error and only on the M1 MacBooks:

Has anyone observed the error. I must also say that all users are standard users without admin rights.

A check if the user has a SecureToken takes place in the script above and only if the user has a SecureToken, only if the has a token, the installer will be loaded and installed.

if [ "$HELPER" == "0" ]
	then 
		processor=$(/usr/sbin/sysctl -n machdep.cpu.brand_string)
		if [ "$processor" == "Apple M1" ]
			then
				if [ -d "$install_macos_app" ]
					then
						free_space_check
						get_user_details
						rm -rf "$install_macos_app"
						softwareupdate --fetch-full-installer
						install_macos_app=$(find /Applications -type d -name 'Install macOS*')
						"$install_macos_app/Contents/Resources/startosinstall" --eraseinstall --newvolumename "Macintosh HD" --agreetolicense --nointeraction --stdinpass --user "$account_name" <<< $account_password
					else
						free_space_check
						get_user_details
						softwareupdate --fetch-full-installer
						install_macos_app=$(find /Applications -type d -name 'Install macOS*')
						"$install_macos_app/Contents/Resources/startosinstall" --eraseinstall --newvolumename "Macintosh HD" --agreetolicense --nointeraction --stdinpass --user "$account_name" <<< $account_password
				fi
			else
				if [ -d "$install_macos_app" ]
					then						
						free_space_check
						rm -rf "$install_macos_app"
						softwareupdate --fetch-full-installer
						install_macos_app=$(find /Applications -type d -name 'Install macOS*')
						"$install_macos_app/Contents/Resources/startosinstall" --eraseinstall --newvolumename "Macintosh HD" --agreetolicense --nointeraction
					else
						free_space_check
						softwareupdate --fetch-full-installer
						install_macos_app=$(find /Applications -type d -name 'Install macOS*')
						"$install_macos_app/Contents/Resources/startosinstall" --eraseinstall --newvolumename "Macintosh HD" --agreetolicense --nointeraction
				fi
		fi
	else 
		exit 0
fi

grahamrpugh · ‎09-07-2021

Just to let you know I already distribute a script that does exactly what yours is trying to do. It can use `--fetch-full-installer` or installinstallmacos.py to obtain the installer, and it is updated to handle installation on M1 via dialog boxes to obtain the username and password.

Take a look at https://github.com/grahampugh/erase-install

sdagley · ‎09-07-2021

What @grahamrpugh said. I can't kudo his erase-install script enough for dealing with M1 re-imaging via Self Service.

Samstar777 · ‎09-08-2021

Hi Avogel,

I use erase-instal mention above and it works like a charm for intel or silicon based Mac. Quick Link to access

Hope this will help

-Samstar777

fredrik_virding · ‎09-09-2021

Im looking at trying this out. Is it possible to modify the DEPNotify window? Based on the users choice of course.

grahamrpugh · ‎09-09-2021

What do you want to modify? You can of course directly edit the script if you choose to add the script directly to Jamf, but then you'd have to keep track of your modifications when the script is updated (e.g., you could fork it).

Or if you think there is some kind of optional parameters to change the notifications that would be useful to many people, feel free to raise an issue/pull request. Note I already have language localisations, and would welcome PRs for more languages (we currently have English, German, French and Dutch).

Somebody is currently working on adding progress feedback to the DEPNotify window which I will definitely add once it's ready.

fredrik_virding · ‎09-09-2021

Hi,

Thanks for the quick reply.

My coding skills isnt up to your level. So i was mainly after a specific thing. When we erase macs, we set the asset tag to "Spare", and it would be super dope if its possible to add a recon at the right place when the user confirms they want to erase the mac. Nothing more really.

Apart from the above, it works like a charm!

grahamrpugh · ‎09-09-2021

That's quite a good idea. I could see value in sending a command prior to erase.

How about a parameter called `--preinstall-command`, which you could add whatever command you like? (I don't think this needs to be tied to the `--confirm` parameter). This would allow people to run different recon parameters (e.g. those who want to set the Department to "Spare" etc), or those not using Jamf at all to run some completely different shell command.

In your example you could then add `--preinstall-command="jamf recon -assetTag"` along with all your other parameters.

fredrik_virding · ‎09-09-2021

Glad my idea was good!

It is one of those little "nice" things for customization.

As for now, is it possible to add such a recon at the right place?

I can use composer to package it all again, but curios where in the script the right place would be.

grahamrpugh · ‎09-09-2021

If you're just adding your own command directly, I guess it would go on line 1450, like this

# run it!
if [[ $test_run != "yes" ]]; then
    jamf recon --assetTag
    if [ "$arch" == "arm64" ]; then
        # startosinstall --eraseinstall may fail if a user was converted to admin using the Privileges app
        # this command supposedly fixes this problem (experimental!)

fredrik_virding · ‎09-09-2021

That looks about as simple as i had it in my head ^^

ill test it out and see how it goes! Super thanks for the quick replies and all!

fredrik_virding · ‎09-13-2021

Hi again!
Did the first test with the added line. Works great! Does open up some great ideas on how to take it even further!

sdagley · ‎09-09-2021

@grahamrpugh Having a `--preinstall-command` would be a great addition. For Mojave->Catalina updates I had modified the macOSUpgrade script to have a "Last Call" parameter for a Jamf Pro policy trigger (necessary to remove McAfee as it tended to bork the macOS installer) and had been meaning to do the same for erase-install, but having the option to run an arbitrary command would be much more versatile.

grahamrpugh · ‎09-09-2021

OK, I created an issue:

https://github.com/grahampugh/erase-install/issues/119

Just to manage expectations, given my current schedule, I probably won't visit this for a couple of weeks. But I do like the idea.

Samstar777 · ‎09-08-2021

Hi Avogel,

I use erase-instal mention above and it works like a charm for intel or silicon based Mac. Quick Link to access

Hope this will help

-Samstar777

ericbenfer · ‎09-28-2021

How well does erase-install.sh and installinstallmacos.py interact with Content Cache?

In my environment installinstallmacos.py does not seem to pull from my content cache.

softwareupdate --fetch-full-installer does pull from the content cache.

Does installinstallmacos.py pull down the macOS installers using curl or software update?

grahamrpugh · ‎09-28-2021

It uses curl, from the software catalogs. So it's not going to use content caching.

However, you can run erase-install.sh with the `--fetch-full-installer` option too if you want to attempt to benefit from content-caching.

ghost21patron · ‎01-26-2022

Do anybody know about parameter called `--preinstall-command` . Was it implemented?

grahamrpugh · ‎01-27-2022

Details here: https://github.com/grahampugh/erase-install/wiki/7.-Erasing-and-reinstalling-macOS#--preinstall-comm...

ghost21patron · ‎01-27-2022

I am trying to execute command

/Library/Management/erase-install/erase-install.sh --os=12 --move --confirm --erase --current-user --depnotify --check-power --test-run --no-curl --update --preinstall-command "jamf recon -department Spare"

The target is to update inventory before reinstalling but it won't to update inventory . Log:

Running command /Library/Management/erase-install/erase-install.sh --os=12 --move --confirm --erase --current-user --depnotify --check-power --test-run --no-curl --update --preinstall-command "jamf recon -department Spare"...

Result of the command:
Preinstall: jamf recon -department Spare

but it doesn't update inventory. What I am doing wrong?

grahamrpugh · ‎01-27-2022

`--preinstall-command` is not run with `--test-run`.

ghost21patron · ‎02-03-2022

Has anyone successfully executed two commands with --preinstall-command? For example, I need to create the file and run jamf recon and for some reason, I can't do it. I have tried all impossible scenarios like --preinstall-command "touch /Library/dir/file; jamf recon" (creates file with ; semicolon ) bud didn't executes jamf recon and --preinstall-command 'touch /Library/dir/file; jamf recon' also I have tried two preinstall commands --preinstall-command "touch /Library/dir/file" --preinstall-command "jamf recon" but it only executes the last command

grahamrpugh · ‎02-03-2022

Check out the pre-release v26.0 of erase-install. https://github.com/grahampugh/erase-install/releases/tag/v26.0

You can now supply multiple --preinstall-command arguments when using --erase or --reinstall. That means you can run multiple shell commands immediately before startosinstall kicks in.
You can now supply multiple --postinstall-command arguments when using --erase or --reinstall. That means you can run multiple shell commands after startosinstall has finished preparing, and before reboot.

Please test and give feedback in MacAdmins Slack #eraseinstall channel or here.

ghost21patron · ‎02-16-2022

Yes it works. 26 release is great. Many thanks. And how about the situation with logs in jamf? After successfully erasing mac there aren't any logs but if I cancel the policy there is a log (Completed)

grahamrpugh · ‎02-16-2022

There is still no way for the policy to complete if the device is erased. Isn't that the whole point of the commands you are running, to workaround that?

sdagley · ‎02-16-2022

What @grahamrpugh said. So that I have a log of the starosinstall completion I've got dummy policies which basically do noting but log they were called that are triggered with the --postinstall-command (I use different ones for an erase or an upgrade)

grahamrpugh · ‎02-03-2022

Why not just run a recon on startup? That's what I do. Then you get the bonus of the OS version being recorded correctly after the upgrade.

ghost21patron · ‎02-03-2022

I need recon after creating the file for creating EA that will monitor erase with flag true or false

grahamrpugh · ‎02-03-2022

So create the file with --preinstall-command, and do the recon at startup.

Edit: ah, no, sorry, I forgot you're talking about an erase, so that won't work.

Please add a feature request for the ability to add multiple commands. I'll look into it.

(in the meantime you could lay down a script on the client which is called by --preinstall-command. That can then do as many things as you want).

ghost21patron · ‎02-03-2022

After creating the file I need recon fo EA "Erase install check (false or true)" and after reboot I can monitor if the machine was enrolled again or something went wrong (I will see EA true)

stmpl10 · ‎02-07-2022

I'm running the following command within Jamf to wipe and install Big Sur 11.6.3:
/Library/Management/erase-install/erase-install.sh --build=20G415 --move --confirm --erase --current-user --no-fs
Once it gets to the "Erasing macOS" prompt, it never goes further. Am I missing a parameter? Any idea's/recommendations?

grahamrpugh · ‎02-07-2022

Do you have any restrictions in place? Either a Software Restriction in Jamf Pro, or any software that might prevent binary execution or disk mounting, like some modern security software?

stmpl10 · ‎02-07-2022

Yes, I do actually and you are correct that it was in place against this device. Thanks for quick reply and for pointing me in the right direction which should've been obvious to me.

stmpl10 · ‎02-08-2022

Is it possible to erase and install to an older macOS than the current install? Example - I have a macOS Monterey 12.2 device but I need to install macOS Big Sur 11.6.3 for application testing. macOS 11.6.3 was installed prior to Monterey.

I've used "erase-install.sh --build=20G415 --erase --current-user" but this fails because the check is identifying this version as an "Unsupported macOS version".

sdagley · ‎02-08-2022

@stmpl10 You cannot downgrade a macOS install via erase-install (the startosinstall tool that all install scripts use doesn't support it). You'll need to create a USB installer with 11.6.3, boot from it, erase the Mac's drive, then install 11.6.3.

stmpl10 · ‎02-08-2022

@sdagley Thank you!

Jamf Nation Community

M1 Error startosinstall" --eraseinstall