macOS installer script not working for Apple Silicon M1 Macbook + macOS Monterey

Bernard_Huang
Contributor III

Hi all,

  Referring to this macOS installer script.

macOSUpgrade/macOSUpgrade.sh at master ยท kc9wwh/macOSUpgrade ยท GitHub

  This script works fine for Intel Macbook upgrading to macOS Monterey 12.0.1.

  But it does not work with Apple Silicon Macbook ๐Ÿ˜ž

  When attempting, I get the following error:

Spoiler
Error: failed to authorize for installation. Provide a password with --stdinpass or --passprompt.
By using the agreetolicense option, you are agreeing that you have run this tool with the license only option and have read and agreed to the terms.
If you do not agree, press CTRL-C and cancel this process immediately.

Investigating further, I run the following in a M1 Mabook's terminal.

Spoiler

/Applications/Install\ macOS\ Monterey.app/Contents/Resources/startosinstall --agreetolicense --nointeraction --forcequitapps
Error: A method of password entry is required.
Usage: startosinstall

.....

The error suggests I need to supply admin username and password via 
--user, an admin user to authorize installation.
--passprompt, collect a password for authorization with an interactive prompt.
--stdinpass, collect a password from stdin without interaction.

 

I want JAMF to execute this. I DO NOT want to need to supply admin account and password.

Anyone got any suggestions?

3 ACCEPTED SOLUTIONS

oit-jamf
New Contributor II

Hi there,

I managed to get the upgrade to Monterey running on an M1 macbook via Self Service with the help of a script from https://github.com/therealmacjeezy/Scripts/tree/master/macOS%2010.14%20Update%20Script, it was originally created for upgrading to Mojave but I made some adaptations to get it running for Monterey.

You will need to create the installer package and have it within the self service policy, the install macOS Monterey.app has to be available for the script to work.  Got it here: https://scriptingosx.com/2021/10/download-full-installer-update/

Most important - the logged in user has to have a secure token. This user does not necessarily have to be an admin.

this is the main key that triggers upgrade.

echo $fvPass | ./startosinstall --agreetolicense --forcequitapps --nointeraction --user $currUser --stdinpass

View solution in original post

Actually I wasn't patient enough. Works like a charm!

View solution in original post

 

Latest version working on both M1 and Intel macs

 

#!/bin/bash


# Pulls the current logged in user and their UID
currUser=$(ls -l /dev/console | awk '{print $3}')
currUserUID=$(id -u "$currUser")

fvPass=$(
# Prompts the user to input their FileVault password using Applescript. This password is used for a SecureToken into the startosinstall.
/bin/launchctl asuser "$currUserUID" sudo -iu "$currUser" /usr/bin/osascript <<APPLESCRIPT
set validatedPass to false
repeat while (validatedPass = false)
	-- Prompt the user to enter their filevault password
	display dialog "Enter your macOS password to start the macOS upgrade" with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns" default answer "" buttons {"Continue"} default button "Continue" with text and hidden answer
	set fvPass to (text returned of result)
	display dialog "Re-enter your macOS password to verify it was entered correctly" buttons {"Continue"} with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns" default answer "" default button "Continue" with text and hidden answer
	if text returned of result is equal to fvPass then
		set validatedPass to true
		fvPass
	else
		display dialog "The passwords you have entered do not match. Please enter matching passwords." with title "FileVault Password Validation Failed" buttons {"Re-Enter Password"} default button "Re-Enter Password" with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns"
	end if
end repeat
AppleScript
)
##Heading to be used for jamfHelper

heading="Please wait as we prepare your computer for macOS Monterey..."

##Title to be used for jamfHelper

description="

This process will take approximately 20-30 minutes.

Once completed your computer will reboot and begin the upgrade which can take an additional 15-20 minutes."

##Icon to be used for jamfHelper

icon=/Applications/Install\ macOS\ Monterey.app/Contents/Resources/InstallAssistant.icns

##Launch jamfHelper

/Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType fs -title "" -icon "$icon" -heading "$heading" -description "$description" &

jamfHelperPID=$!

##Start macOS Upgrade

echo $fvPass | /Applications/Install\ macOS\ Monterey.app/Contents/Resources/startosinstall --agreetolicense --forcequitapps --nointeraction --user $currUser --stdinpass --pidtosignal $jamfHelperPID >> /var/log/startosinstall.log 2>&1 &

exit 0

 

 

edited to include the fix from @benjmars 

 

 

View solution in original post

125 REPLIES 125

TDManila
New Contributor II

Same issue, I hope someone will provide answer ๐Ÿ™‚ 

garybidwell
Contributor III

If your still using a script calling startosinstall then you have no option but to supply this as its a Apple mandatory requirement for updating AppleSilicon devices
However since macOS 11 their preferred method for updates it now to use the MDM commands or config profiles to manage OS updates

https://support.apple.com/en-gb/guide/mdm/mdm02df57e2a/web

Mark Buffington's post gives a good overview on this and the MDM options

https://community.jamf.com/t5/jamf-pro/updating-to-macos-11-6-with-jamf-pro-10-32-x-and-mdm-commands...


SCCM
Contributor II

M1's need the user to enter thier creds in order to do upgrades. No looked at the script your using but its not hardcoding creds in, or the user isnt typing thiers it wont work. Some one gave me a link to this script when i asked somthing similar: GitHub - grahampugh/erase-install: A script that automates downloading macOS installers and erasing ... i have tested this on a m1 with moterary and it works. It will prompt the user to enter in thier password, then will download the installer and run the upgrade

Bernard_Huang
Contributor III

 Thanks @garybidwell ,

Your reply makes perfect sense. But I am still not sure how to go about using MDM to trigger a Monterey upgrade.

I tried the commands from 

https://community.jamf.com/t5/jamf-pro/updating-to-macos-11-6-with-jamf-pro-10-32-x-and-mdm-commands...

I can only see it finding macOS Big Sur 11.6.1, not macOS Monterey 12.0.1

 

Thanks @SCCM ,

Thanks for your link. But is the script really an erase & install of macOS?

All I want is to upgrade a M1 Macbook from Big Sur to Monterey.

JamieG
New Contributor III

Likewise also interested. Has anyone had any success using 'Download and Install updates' from JAMF Pro work to a Monterey upgrade? I have not at this time. I am not even seeing the Monterey upgrade enumerated in the Software Updates section of each computer.

The all the new MDM commands are there to support this in macOS 11/macOS 12, however I don't think all the new abilities are quite yet supported by Jamf.
I suggest joining the beta for 10.34 to see what's coming to make our lives easier around doing the updates/upgrades

Life for admins would be far easier if MDM commands could be called direct from the Jamf Binary, then they can be made into a normal policy rather than using a mass action
I would recommend up voting this feature request:
https://ideas.jamf.com/ideas/JN-I-22444

SCCM
Contributor II

@Bernard_Huang its not a erase and install, thats a option if you want it. Create a package following the user guide:https://github.com/grahampugh/erase-install/wiki/1.-Installation#recommended-method---installer-pack...

In a policy have that install, then have a post install script run with the following to install Monterey (current build):

#!/bin/bash
/Library/Management/erase-install/erase-install.sh --build=21A559 --update --reinstall --current-user --check-power --confirm

 

oit-jamf
New Contributor II

Hi there,

I managed to get the upgrade to Monterey running on an M1 macbook via Self Service with the help of a script from https://github.com/therealmacjeezy/Scripts/tree/master/macOS%2010.14%20Update%20Script, it was originally created for upgrading to Mojave but I made some adaptations to get it running for Monterey.

You will need to create the installer package and have it within the self service policy, the install macOS Monterey.app has to be available for the script to work.  Got it here: https://scriptingosx.com/2021/10/download-full-installer-update/

Most important - the logged in user has to have a secure token. This user does not necessarily have to be an admin.

this is the main key that triggers upgrade.

echo $fvPass | ./startosinstall --agreetolicense --forcequitapps --nointeraction --user $currUser --stdinpass

JamieG
New Contributor III

That looks very useful and I'll definitely give it a go. 

Is the '/usr/bin/fdesetup authrestart -delayminutes -1 -verbose -inputplist' still required in this case?

oit-jamf
New Contributor II

good question, I actually just left it in and it does not seem to impact much. You can try leaving it out. Let me know if it still works well then will remove it from my script as well.

JamieG
New Contributor III

Can confirm you can remove the entire section about authenticated reboot. Users are not admin nor disk owners.

 

Full working example here;

#!/bin/bash


# Pulls the current logged in user and their UID
currUser=$(ls -l /dev/console | awk '{print $3}')
currUserUID=$(id -u "$currUser")

fvPass=$(
# Prompts the user to input their FileVault password using Applescript. This password is used for a SecureToken into the startosinstall.
/bin/launchctl asuser "$currUserUID" sudo -iu "$currUser" /usr/bin/osascript <<APPLESCRIPT
set validatedPass to false
repeat while (validatedPass = false)
-- Prompt the user to enter their filevault password
display dialog "Enter your macOS password to start the macOS upgrade" with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns" default answer "" buttons {"Continue"} with text and hidden answer default button "Continue"
set fvPass to (text returned of result)
display dialog "Re-enter your macOS password to verify it was entered correctly" with text and hidden answer buttons {"Continue"} with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns" default answer "" default button "Continue"
if text returned of result is equal to fvPass then
set validatedPass to true
fvPass
else
display dialog "The passwords you have entered do not match. Please enter matching passwords." with title "FileVault Password Validation Failed" buttons {"Re-Enter Password"} default button "Re-Enter Password" with icon file messageIcon
end if
end repeat
APPLESCRIPT
)

echo $fvPass | /Applications/Install\ macOS\ Monterey.app/Contents/Resources/startosinstall --agreetolicense --forcequitapps --nointeraction --user $currUser --stdinpass

exit 0

oit-jamf
New Contributor II

perfect ๐Ÿ™‚

When I run this on an M1 Mac, it prompts for User password, and then just continues to spin. It never completes the script.

Actually I wasn't patient enough. Works like a charm!

Added your script to the full page splash. Working great so far! 

#!/bin/bash


# Pulls the current logged in user and their UID
currUser=$(ls -l /dev/console | awk '{print $3}')
currUserUID=$(id -u "$currUser")

fvPass=$(
# Prompts the user to input their FileVault password using Applescript. This password is used for a SecureToken into the startosinstall.
/bin/launchctl asuser "$currUserUID" sudo -iu "$currUser" /usr/bin/osascript <<APPLESCRIPT
set validatedPass to false
repeat while (validatedPass = false)
-- Prompt the user to enter their filevault password
display dialog "Enter your macOS password to start the macOS upgrade" with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns" default answer "" buttons {"Continue"} with text and hidden answer default button "Continue"
set fvPass to (text returned of result)
display dialog "Re-enter your macOS password to verify it was entered correctly" with text and hidden answer buttons {"Continue"} with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns" default answer "" default button "Continue"
if text returned of result is equal to fvPass then
set validatedPass to true
fvPass
else
display dialog "The passwords you have entered do not match. Please enter matching passwords." with title "FileVault Password Validation Failed" buttons {"Re-Enter Password"} default button "Re-Enter Password" with icon file messageIcon
end if
end repeat
APPLESCRIPT
)
##Heading to be used for jamfHelper

heading="Please wait as we prepare your computer for macOS Monterey..."

##Title to be used for jamfHelper

description="

This process will take approximately 10-15 minutes.

Once completed your computer will reboot and begin the upgrade which can take an additional 45 minutes."

##Icon to be used for jamfHelper

icon=/Applications/Install\ macOS\ Monterey.app/Contents/Resources/InstallAssistant.icns

##Launch jamfHelper

/Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType fs -title "" -icon "$icon" -heading "$heading" -description "$description" &

jamfHelperPID=$!

##Start macOS Upgrade

echo $fvPass | /Applications/Install\ macOS\ Monterey.app/Contents/Resources/startosinstall --agreetolicense --forcequitapps --nointeraction --user $currUser --stdinpass

exit 0

Excellent work! Thank you!

Any reason why this script would be hanging up on an x86 Mac?

 

Latest version working on both M1 and Intel macs

 

#!/bin/bash


# Pulls the current logged in user and their UID
currUser=$(ls -l /dev/console | awk '{print $3}')
currUserUID=$(id -u "$currUser")

fvPass=$(
# Prompts the user to input their FileVault password using Applescript. This password is used for a SecureToken into the startosinstall.
/bin/launchctl asuser "$currUserUID" sudo -iu "$currUser" /usr/bin/osascript <<APPLESCRIPT
set validatedPass to false
repeat while (validatedPass = false)
	-- Prompt the user to enter their filevault password
	display dialog "Enter your macOS password to start the macOS upgrade" with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns" default answer "" buttons {"Continue"} default button "Continue" with text and hidden answer
	set fvPass to (text returned of result)
	display dialog "Re-enter your macOS password to verify it was entered correctly" buttons {"Continue"} with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns" default answer "" default button "Continue" with text and hidden answer
	if text returned of result is equal to fvPass then
		set validatedPass to true
		fvPass
	else
		display dialog "The passwords you have entered do not match. Please enter matching passwords." with title "FileVault Password Validation Failed" buttons {"Re-Enter Password"} default button "Re-Enter Password" with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns"
	end if
end repeat
AppleScript
)
##Heading to be used for jamfHelper

heading="Please wait as we prepare your computer for macOS Monterey..."

##Title to be used for jamfHelper

description="

This process will take approximately 20-30 minutes.

Once completed your computer will reboot and begin the upgrade which can take an additional 15-20 minutes."

##Icon to be used for jamfHelper

icon=/Applications/Install\ macOS\ Monterey.app/Contents/Resources/InstallAssistant.icns

##Launch jamfHelper

/Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType fs -title "" -icon "$icon" -heading "$heading" -description "$description" &

jamfHelperPID=$!

##Start macOS Upgrade

echo $fvPass | /Applications/Install\ macOS\ Monterey.app/Contents/Resources/startosinstall --agreetolicense --forcequitapps --nointeraction --user $currUser --stdinpass --pidtosignal $jamfHelperPID >> /var/log/startosinstall.log 2>&1 &

exit 0

 

 

edited to include the fix from @benjmars 

 

 

Your first one worked on the first test install I did on an Intel Mac.

 

kavila
New Contributor III

Thanks for sharing Atilla, this is amazing. 

I have a fleet of iMacs I need to push this too but unfortunately, it looks like this will only work if a user is signed in to the machine. Is there a way for me to push this for idle iMacs that are stuck on the login screen?

Just use the Remote command Option for those. Screen Shot 2022-02-08 at 2.26.02 PM.png

kavila
New Contributor III

Ah, true. I often forget that this feature exists. Thanks. 

Does this work on M1's too at the login screen?

it doesnt work....what are the steps for me to do ? iam new to Jamf, please be patient :)

This is sold. I did notice that the user has to be the secure token holder for this to work. Also, has anyone been able to get the Monterey icon to show up? It originally showed up but now doesn't seem to show up in the Jamf Helper splash screen.

testing this in sublime 

im getting this error 

/var/log/startosinstall.log: Permission denied

everything in JAMF is run as root, may be your issue in sublime.

I have updated remote command for big sur to montery 12.3.1 OS update successful but configuration and policies are not installed M1 Mac can help me what is the issue  

Works like a charm on my M1 test Mac, love it. This is the new upgrade process (at least until Jamf exposes this in Jamf Pro, easily / as a feature, macOS Monterey has been ready for it)... I assume either a password box will not be invoked on Intel Macs, or it just is ignored / does not matter.

Gary_R
New Contributor II

Thanks for you work here.  Has this been utilized though the check in trigger at all instead of just self service?

Having some trouble getting this to work with the --eraseinstall parameter, I assumed this would work since we have provided the secure token holders p/w, any ideas? TIA

hello.

I have had success running your script from the local machine. Question do I need to install the macOS installer ahead of time or will this script do all the work, downloading and then installing, and upgrading the computer?  Just making sure so I can build in a step to do this if needed. 

Thank you.

 You need to pre download the installer. 

This script is great and works really well except I found an error in the AppleScript for mismatched passwords. This line references icon file "messageIcon":

display dialog "The passwords you have entered do not match. Please enter matching passwords." with title "FileVault Password Validation Failed" buttons {"Re-Enter Password"} default button "Re-Enter Password" with icon file messageIcon

 This fails to reprompt when there is a password mismatch entered and the script continues running and then hangs on the OS install since the password is incorrect. 

Here is a corrected version of this script: 

#!/bin/bash


# Pulls the current logged in user and their UID
currUser=$(ls -l /dev/console | awk '{print $3}')
currUserUID=$(id -u "$currUser")

fvPass=$(
# Prompts the user to input their FileVault password using Applescript. This password is used for a SecureToken into the startosinstall.
/bin/launchctl asuser "$currUserUID" sudo -iu "$currUser" /usr/bin/osascript <<APPLESCRIPT
set validatedPass to false
repeat while (validatedPass = false)
	-- Prompt the user to enter their filevault password
	display dialog "Enter your macOS password to start the macOS upgrade" with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns" default answer "" buttons {"Continue"} default button "Continue" with text and hidden answer
	set fvPass to (text returned of result)
	display dialog "Re-enter your macOS password to verify it was entered correctly" buttons {"Continue"} with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns" default answer "" default button "Continue" with text and hidden answer
	if text returned of result is equal to fvPass then
		set validatedPass to true
		fvPass
	else
		display dialog "The passwords you have entered do not match. Please enter matching passwords." with title "FileVault Password Validation Failed" buttons {"Re-Enter Password"} default button "Re-Enter Password" with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns"
	end if
end repeat
AppleScript
)
##Heading to be used for jamfHelper

heading="Please wait as we prepare your computer for macOS Monterey..."

##Title to be used for jamfHelper

description="

This process will take approximately 20-30 minutes.

Once completed your computer will reboot and begin the upgrade which can take an additional 15-20 minutes."

##Icon to be used for jamfHelper

icon=/Applications/Install\ macOS\ Monterey.app/Contents/Resources/InstallAssistant.icns

##Launch jamfHelper

/Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType fs -title "" -icon "$icon" -heading "$heading" -description "$description" &

jamfHelperPID=$!

##Start macOS Upgrade

echo $fvPass | /Applications/Install\ macOS\ Monterey.app/Contents/Resources/startosinstall --agreetolicense --forcequitapps --nointeraction --user $currUser --stdinpass --pidtosignal $jamfHelperPID >> /var/log/startosinstall.log 2>&1 &

exit 0

 

great find and fix!

Fantastic!

 

I verified the correction works as expected. Really great, thank you!  

Might be a dumb question but will this script work on end-users accounts that are standard and not admin. But the account is listed in fdsetup. 

Thank you for the work. 

this should work on standard or admin accounts.