M1 Error startosinstall" --eraseinstall

avogel
New Contributor II

Hello all,

I am currently working on a script, mildem I load the installer via "softwareupdate --fetch-full-installer" and then install via "startosinstall" --eraseinstall --newvolumename "Macintosh HD" --agreetolicense --nointeraction".

Unfortunately, I currently observe the following error and only on the M1 MacBooks:

Screenshot 2021-09-07 at 16.54.56.pngScreenshot 2021-09-07 at 16.55.14.png

Has anyone observed the error. I must also say that all users are standard users without admin rights.

A check if the user has a SecureToken takes place in the script above and only if the user has a SecureToken, only if the has a token, the installer will be loaded and installed.

if [ "$HELPER" == "0" ]
	then 
		processor=$(/usr/sbin/sysctl -n machdep.cpu.brand_string)
		if [ "$processor" == "Apple M1" ]
			then
				if [ -d "$install_macos_app" ]
					then
						free_space_check
						get_user_details
						rm -rf "$install_macos_app"
						softwareupdate --fetch-full-installer
						install_macos_app=$(find /Applications -type d -name 'Install macOS*')
						"$install_macos_app/Contents/Resources/startosinstall" --eraseinstall --newvolumename "Macintosh HD" --agreetolicense --nointeraction --stdinpass --user "$account_name" <<< $account_password
					else
						free_space_check
						get_user_details
						softwareupdate --fetch-full-installer
						install_macos_app=$(find /Applications -type d -name 'Install macOS*')
						"$install_macos_app/Contents/Resources/startosinstall" --eraseinstall --newvolumename "Macintosh HD" --agreetolicense --nointeraction --stdinpass --user "$account_name" <<< $account_password
				fi
			else
				if [ -d "$install_macos_app" ]
					then						
						free_space_check
						rm -rf "$install_macos_app"
						softwareupdate --fetch-full-installer
						install_macos_app=$(find /Applications -type d -name 'Install macOS*')
						"$install_macos_app/Contents/Resources/startosinstall" --eraseinstall --newvolumename "Macintosh HD" --agreetolicense --nointeraction
					else
						free_space_check
						softwareupdate --fetch-full-installer
						install_macos_app=$(find /Applications -type d -name 'Install macOS*')
						"$install_macos_app/Contents/Resources/startosinstall" --eraseinstall --newvolumename "Macintosh HD" --agreetolicense --nointeraction
				fi
		fi
	else 
		exit 0
fi

 

16 REPLIES 16

grahamrpugh
Contributor III

Just to let you know I already distribute a script that does exactly what yours is trying to do. It can use `--fetch-full-installer` or installinstallmacos.py to obtain the installer, and it is updated to handle installation on M1 via dialog boxes to obtain the username and password.

Take a look at https://github.com/grahampugh/erase-install

 

sdagley
Honored Contributor II

What @grahamrpugh said. I can't kudo his erase-install script enough for dealing with M1 re-imaging via Self Service.

Hi Avogel,

I use erase-instal mention above and it works like a charm for intel or silicon based Mac. Quick Link to access

Hope this will help

 

-Samstar777

Im looking at trying this out. Is it possible to modify the DEPNotify window? Based on the users choice of course.

What do you want to modify? You can of course directly edit the script if you choose to add the script directly to Jamf, but then you'd have to keep track of your modifications when the script is updated (e.g., you could fork it).

Or if you think there is some kind of optional parameters to change the notifications that would be useful to many people, feel free to raise an issue/pull request. Note I already have language localisations, and would welcome PRs for more languages (we currently have English, German, French and Dutch).

Somebody is currently working on adding progress feedback to the DEPNotify window which I will definitely add once it's ready.

Hi,

Thanks for the quick reply.

My coding skills isnt up to your level. So i was mainly after a specific thing. When we erase macs, we set the asset tag to "Spare", and it would be super dope if its possible to add a recon at the right place when the user confirms they want to erase the mac. Nothing more really.

Apart from the above, it works like a charm!

That's quite a good idea. I could see value in sending a command prior to erase.

How about a parameter called `--preinstall-command`, which you could add whatever command you like? (I don't think this needs to be tied to the `--confirm` parameter). This would allow people to run different recon parameters (e.g. those who want to set the Department to "Spare" etc), or those not using Jamf at all to run some completely different shell command.

In your example you could then add `--preinstall-command="jamf recon -assetTag"` along with all your other parameters.

Glad my idea was good!

It is one of those little "nice" things for customization. 

As for now, is it possible to add such a recon at the right place?

I can use composer to package it all again, but curios where in the script the right place would be.

If you're just adding your own command directly, I guess it would go on line 1450, like this

# run it!
if [[ $test_run != "yes" ]]; then
    jamf recon --assetTag
    if [ "$arch" == "arm64" ]; then
        # startosinstall --eraseinstall may fail if a user was converted to admin using the Privileges app
        # this command supposedly fixes this problem (experimental!)

 

That looks about as simple as i had it in my head ^^

ill test it out and see how it goes! Super thanks for the quick replies and all!

Hi again!
Did the first test with the added line. Works great! Does open up some great ideas on how to take it even further!

sdagley
Honored Contributor II

@grahamrpugh Having a `--preinstall-command` would be a great addition. For Mojave->Catalina updates I had modified the macOSUpgrade script to have a "Last Call" parameter for a Jamf Pro policy trigger (necessary to remove McAfee as it tended to bork the macOS installer) and had been meaning to do the same for erase-install, but having the option to run an arbitrary command would be much more versatile.

OK, I created an issue:

https://github.com/grahampugh/erase-install/issues/119

Just to manage expectations, given my current schedule, I probably won't visit this for a couple of weeks. But I do like the idea.

Samstar777
Contributor

Hi Avogel,

I use erase-instal mention above and it works like a charm for intel or silicon based Mac. Quick Link to access

Hope this will help

 

-Samstar777

ericbenfer
Contributor II

How well does erase-install.sh and installinstallmacos.py interact with Content Cache?

In my environment installinstallmacos.py does not seem to pull from my content cache.

softwareupdate --fetch-full-installer does pull from the content cache.

Does installinstallmacos.py pull down the macOS installers using curl or software update?

It uses curl, from the software catalogs. So it's not going to use content caching.

However, you can run erase-install.sh with the `--fetch-full-installer` option too if you want to attempt to benefit from content-caching.