macOS installer script not working for Apple Silicon M1 Macbook + macOS Monterey

Bernard_Huang
Contributor III

Hi all,

  Referring to this macOS installer script.

macOSUpgrade/macOSUpgrade.sh at master Β· kc9wwh/macOSUpgrade Β· GitHub

  This script works fine for Intel Macbook upgrading to macOS Monterey 12.0.1.

  But it does not work with Apple Silicon Macbook 😞

  When attempting, I get the following error:

Spoiler
Error: failed to authorize for installation. Provide a password with --stdinpass or --passprompt.
By using the agreetolicense option, you are agreeing that you have run this tool with the license only option and have read and agreed to the terms.
If you do not agree, press CTRL-C and cancel this process immediately.

Investigating further, I run the following in a M1 Mabook's terminal.

Spoiler

/Applications/Install\ macOS\ Monterey.app/Contents/Resources/startosinstall --agreetolicense --nointeraction --forcequitapps
Error: A method of password entry is required.
Usage: startosinstall

.....

The error suggests I need to supply admin username and password via 
--user, an admin user to authorize installation.
--passprompt, collect a password for authorization with an interactive prompt.
--stdinpass, collect a password from stdin without interaction.

 

I want JAMF to execute this. I DO NOT want to need to supply admin account and password.

Anyone got any suggestions?

3 ACCEPTED SOLUTIONS

oit-jamf
New Contributor II

Hi there,

I managed to get the upgrade to Monterey running on an M1 macbook via Self Service with the help of a script from https://github.com/therealmacjeezy/Scripts/tree/master/macOS%2010.14%20Update%20Script, it was originally created for upgrading to Mojave but I made some adaptations to get it running for Monterey.

You will need to create the installer package and have it within the self service policy, the install macOS Monterey.app has to be available for the script to work.  Got it here: https://scriptingosx.com/2021/10/download-full-installer-update/

Most important - the logged in user has to have a secure token. This user does not necessarily have to be an admin.

this is the main key that triggers upgrade.

echo $fvPass | ./startosinstall --agreetolicense --forcequitapps --nointeraction --user $currUser --stdinpass

View solution in original post

Actually I wasn't patient enough. Works like a charm!

View solution in original post

AtillaTheC
New Contributor III

probably because this is an M1 script, I haven't tested yet on intel but this is the script i'm planning to test for that. 

#!/bin/bash

##Heading to be used for jamfHelper

heading="Please wait as we prepare your computer for macOS Monterey..."

##Title to be used for jamfHelper

description="

This process will take approximately 10-15 minutes.

Once completed your computer will reboot and begin the upgrade which can take an additional 45 minutes."

##Icon to be used for jamfHelper

icon=/Applications/Install\ macOS\ Monterey.app/Contents/Resources/InstallAssistant.icns

##Launch jamfHelper

/Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType fs -title "" -icon "$icon" -heading "$heading" -description "$description" &

jamfHelperPID=$!

##Start macOS Upgrade

/Applications/Install\ macOS\ Monterey.app/Contents/Resources/startosinstall --agreetolicense --nointeraction --forcequitapps --pidtosignal $jamfHelperPID >> /var/log/startosinstall.log 2>&1 &

exit 0

View solution in original post

24 REPLIES 24

tdcxmanila
New Contributor II

Same issue, I hope someone will provide answer πŸ™‚ 

garybidwell
Contributor II

If your still using a script calling startosinstall then you have no option but to supply this as its a Apple mandatory requirement for updating AppleSilicon devices
However since macOS 11 their preferred method for updates it now to use the MDM commands or config profiles to manage OS updates

https://support.apple.com/en-gb/guide/mdm/mdm02df57e2a/web

Mark Buffington's post gives a good overview on this and the MDM options

https://community.jamf.com/t5/jamf-pro/updating-to-macos-11-6-with-jamf-pro-10-32-x-and-mdm-commands...


SCCM
Contributor

M1's need the user to enter thier creds in order to do upgrades. No looked at the script your using but its not hardcoding creds in, or the user isnt typing thiers it wont work. Some one gave me a link to this script when i asked somthing similar: GitHub - grahampugh/erase-install: A script that automates downloading macOS installers and erasing ... i have tested this on a m1 with moterary and it works. It will prompt the user to enter in thier password, then will download the installer and run the upgrade

Bernard_Huang
Contributor III

 Thanks @garybidwell ,

Your reply makes perfect sense. But I am still not sure how to go about using MDM to trigger a Monterey upgrade.

I tried the commands from 

https://community.jamf.com/t5/jamf-pro/updating-to-macos-11-6-with-jamf-pro-10-32-x-and-mdm-commands...

I can only see it finding macOS Big Sur 11.6.1, not macOS Monterey 12.0.1

 

Thanks @SCCM ,

Thanks for your link. But is the script really an erase & install of macOS?

All I want is to upgrade a M1 Macbook from Big Sur to Monterey.

JamieG
New Contributor III

Likewise also interested. Has anyone had any success using 'Download and Install updates' from JAMF Pro work to a Monterey upgrade? I have not at this time. I am not even seeing the Monterey upgrade enumerated in the Software Updates section of each computer.

The all the new MDM commands are there to support this in macOS 11/macOS 12, however I don't think all the new abilities are quite yet supported by Jamf.
I suggest joining the beta for 10.34 to see what's coming to make our lives easier around doing the updates/upgrades

Life for admins would be far easier if MDM commands could be called direct from the Jamf Binary, then they can be made into a normal policy rather than using a mass action
I would recommend up voting this feature request:
https://ideas.jamf.com/ideas/JN-I-22444

SCCM
Contributor

@Bernard_Huang its not a erase and install, thats a option if you want it. Create a package following the user guide:https://github.com/grahampugh/erase-install/wiki/1.-Installation#recommended-method---installer-pack...

In a policy have that install, then have a post install script run with the following to install Monterey (current build):

#!/bin/bash
/Library/Management/erase-install/erase-install.sh --build=21A559 --update --reinstall --current-user --check-power --confirm

 

oit-jamf
New Contributor II

Hi there,

I managed to get the upgrade to Monterey running on an M1 macbook via Self Service with the help of a script from https://github.com/therealmacjeezy/Scripts/tree/master/macOS%2010.14%20Update%20Script, it was originally created for upgrading to Mojave but I made some adaptations to get it running for Monterey.

You will need to create the installer package and have it within the self service policy, the install macOS Monterey.app has to be available for the script to work.  Got it here: https://scriptingosx.com/2021/10/download-full-installer-update/

Most important - the logged in user has to have a secure token. This user does not necessarily have to be an admin.

this is the main key that triggers upgrade.

echo $fvPass | ./startosinstall --agreetolicense --forcequitapps --nointeraction --user $currUser --stdinpass

View solution in original post

JamieG
New Contributor III

That looks very useful and I'll definitely give it a go. 

Is the '/usr/bin/fdesetup authrestart -delayminutes -1 -verbose -inputplist' still required in this case?

oit-jamf
New Contributor II

good question, I actually just left it in and it does not seem to impact much. You can try leaving it out. Let me know if it still works well then will remove it from my script as well.

JamieG
New Contributor III

Can confirm you can remove the entire section about authenticated reboot. Users are not admin nor disk owners.

 

Full working example here;

#!/bin/bash


# Pulls the current logged in user and their UID
currUser=$(ls -l /dev/console | awk '{print $3}')
currUserUID=$(id -u "$currUser")

fvPass=$(
# Prompts the user to input their FileVault password using Applescript. This password is used for a SecureToken into the startosinstall.
/bin/launchctl asuser "$currUserUID" sudo -iu "$currUser" /usr/bin/osascript <<APPLESCRIPT
set validatedPass to false
repeat while (validatedPass = false)
-- Prompt the user to enter their filevault password
display dialog "Enter your macOS password to start the macOS upgrade" with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns" default answer "" buttons {"Continue"} with text and hidden answer default button "Continue"
set fvPass to (text returned of result)
display dialog "Re-enter your macOS password to verify it was entered correctly" with text and hidden answer buttons {"Continue"} with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns" default answer "" default button "Continue"
if text returned of result is equal to fvPass then
set validatedPass to true
fvPass
else
display dialog "The passwords you have entered do not match. Please enter matching passwords." with title "FileVault Password Validation Failed" buttons {"Re-Enter Password"} default button "Re-Enter Password" with icon file messageIcon
end if
end repeat
APPLESCRIPT
)

echo $fvPass | /Applications/Install\ macOS\ Monterey.app/Contents/Resources/startosinstall --agreetolicense --forcequitapps --nointeraction --user $currUser --stdinpass

exit 0

oit-jamf
New Contributor II

perfect πŸ™‚

When I run this on an M1 Mac, it prompts for User password, and then just continues to spin. It never completes the script.

Actually I wasn't patient enough. Works like a charm!

View solution in original post

AtillaTheC
New Contributor III

Added your script to the full page splash. Working great so far! 

#!/bin/bash


# Pulls the current logged in user and their UID
currUser=$(ls -l /dev/console | awk '{print $3}')
currUserUID=$(id -u "$currUser")

fvPass=$(
# Prompts the user to input their FileVault password using Applescript. This password is used for a SecureToken into the startosinstall.
/bin/launchctl asuser "$currUserUID" sudo -iu "$currUser" /usr/bin/osascript <<APPLESCRIPT
set validatedPass to false
repeat while (validatedPass = false)
-- Prompt the user to enter their filevault password
display dialog "Enter your macOS password to start the macOS upgrade" with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns" default answer "" buttons {"Continue"} with text and hidden answer default button "Continue"
set fvPass to (text returned of result)
display dialog "Re-enter your macOS password to verify it was entered correctly" with text and hidden answer buttons {"Continue"} with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns" default answer "" default button "Continue"
if text returned of result is equal to fvPass then
set validatedPass to true
fvPass
else
display dialog "The passwords you have entered do not match. Please enter matching passwords." with title "FileVault Password Validation Failed" buttons {"Re-Enter Password"} default button "Re-Enter Password" with icon file messageIcon
end if
end repeat
APPLESCRIPT
)
##Heading to be used for jamfHelper

heading="Please wait as we prepare your computer for macOS Monterey..."

##Title to be used for jamfHelper

description="

This process will take approximately 10-15 minutes.

Once completed your computer will reboot and begin the upgrade which can take an additional 45 minutes."

##Icon to be used for jamfHelper

icon=/Applications/Install\ macOS\ Monterey.app/Contents/Resources/InstallAssistant.icns

##Launch jamfHelper

/Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType fs -title "" -icon "$icon" -heading "$heading" -description "$description" &

jamfHelperPID=$!

##Start macOS Upgrade

echo $fvPass | /Applications/Install\ macOS\ Monterey.app/Contents/Resources/startosinstall --agreetolicense --forcequitapps --nointeraction --user $currUser --stdinpass

exit 0

Excellent work! Thank you!

Any reason why this script would be hanging up on an x86 Mac?

AtillaTheC
New Contributor III

probably because this is an M1 script, I haven't tested yet on intel but this is the script i'm planning to test for that. 

#!/bin/bash

##Heading to be used for jamfHelper

heading="Please wait as we prepare your computer for macOS Monterey..."

##Title to be used for jamfHelper

description="

This process will take approximately 10-15 minutes.

Once completed your computer will reboot and begin the upgrade which can take an additional 45 minutes."

##Icon to be used for jamfHelper

icon=/Applications/Install\ macOS\ Monterey.app/Contents/Resources/InstallAssistant.icns

##Launch jamfHelper

/Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType fs -title "" -icon "$icon" -heading "$heading" -description "$description" &

jamfHelperPID=$!

##Start macOS Upgrade

/Applications/Install\ macOS\ Monterey.app/Contents/Resources/startosinstall --agreetolicense --nointeraction --forcequitapps --pidtosignal $jamfHelperPID >> /var/log/startosinstall.log 2>&1 &

exit 0

View solution in original post

Your first one worked on the first test install I did on an Intel Mac.

 

janderson215
New Contributor

If I could give more kudos to you two, I would. Thank you!

Bernard_Huang
Contributor III

Thanks @oit-jamf 

Your line
echo $fvPass | ./startosinstall --agreetolicense --forcequitapps --nointeraction --user $currUser --stdinpass

really does work!
Now user is prompted for the their password, and it does proceed to start macOS Monterey installation.

Thanks a million.

Now the real in-house testing of Monterey upgrade begins. Good luck to all Mac Admins.

andrew_betts
New Contributor II

Both the M1 and intel version work great for us- and launches into the installer very quickly. 

But of course it doesn't work for Big Sur.   Auto launching the Big Sur installer continues to be a nightmare.

Will92
New Contributor

This is my working execute command for intel: /Applications/Install\ macOS\ Monterey.app/Contents/Resources/startosinstall --agreetolicense --nointeraction --forcequitapps

My question is for the M1, how would I edit this command that works on intel to work for M1?

Would it be just like this below? or do I replace "$fvPass" with our local admin pw that is filevaulted on our macs?

echo $fvPass | /Applications/Install\ macOS\ Monterey.app/Contents/Resources/startosinstall --agreetolicense --nointeraction --forcequitapps --user $currUser --stdinpass

oit-jamf
New Contributor II

Hallo Will92,

well in your case you would have to put the password. I believe there is a way to like have it garbled and not showing in plain text within the script. There should but be another enabled FileVault user on your devices besides your local admin on the devices, no? If so , please have a look at the script posted above by JamieG.