macOS upgrade 10.15: Checksum Not Valid

Musicmaker
New Contributor III

Hi All,

I am testing an upgrade to macOS 10.15 with the upgrade script from @Rosko :
https://github.com/kc9wwh/macOSUpgrade

I'm having the following issue. When running the policy (Script) it calls the download policy by a custom trigger. This works as expected. After downloading it installs the macOS installer in /Applications:
Log said: "Successfully installed Install macOS Catalina 10.15.5.pkg"
But it also says : " macOS Installer Downloaded 3 Times - Checksum is Not Valid"

This is part of the script which is mentioning the Checksum part:

## MD5 Checksum of InstallESD.dmg – Use Parameter 7 in the JSS.
## Parameter Label: installESD Checksum (optional)
## This variable is OPTIONAL
## Leave the variable BLANK if you do NOT want to verify the checksum (DEFAULT)
## Example Command: /sbin/md5 /Applications/Install macOS High Sierra.app/Contents/SharedSupport/InstallESD.dmg
## Example MD5 Checksum: b15b9db3a90f9ae8a9df0f81741efa2b
installESDChecksum="$7"

## Valid Checksum?  O (Default) for false, 1 for true.
validChecksum=0

## Unsuccessful Download?  0 (Default) for false, 1 for true.
unsuccessfulDownload=0

It says " Leave the variable BLANK if you do NOT want to verify the checksum". I left this parameter blank. Why does it come with "Checksum is Not Valid" if it doesn't need to check for it?

13 REPLIES 13

sdagley
Honored Contributor II

@Musicmaker When an installer .pkg is uploaded to your DP, Jamf calculates a checksum for it to verify it after downloading. It sounds like this is what's failing, not the macOSUpgrade script's check if the macOS installer checksum.

Cayde-6
Valued Contributor

Agreed Use Jamf Admin and locate the uploaded PKG. Right click it and click calculate checksum

Musicmaker
New Contributor III

@sdagley and @Cayde-6 thanks for your replies.
I've clicked 'calculate checksum' in Jamf admin but still no luck. It gives me the same error "macOS Installer Downloaded 3 Times - Checksum is Not Valid".

It downloads the installer and then you see this:
Verifying package integrity...
Installing Install macOS Catalina 10.15.5.pkg...
Successfully installed Install macOS Catalina 10.15.5.pkg.
Submitting log to https://xxxxx.jamfcloud.com:443/
Downloading macOS Installer...

And again downloading....3 times.
When I have a look in /Applications the macOS installer is actually there.

Actuallly, the error is exact the error which is in the script, so it looks like the script gives me the error. Not Jamf.
Could this happen because I'm using Jamfcloud instead of an on-premise DP?

Cayde-6
Valued Contributor

hmm interesting.

Cayde-6
Valued Contributor
verifyChecksum() {
    if [ -n "$installESDChecksum" ]; then
        osChecksum=$( /sbin/md5 -q "$OSInstaller/Contents/SharedSupport/InstallESD.dmg" )
        if [ "$osChecksum" = "$installESDChecksum" ]; then
            /bin/echo "Checksum: Valid"
            validChecksum=1
            return
        else
            /bin/echo "Checksum: Not Valid"
            /bin/rm -rf "$OSInstaller"
            jamf recon
        fi
    else
        ## Checksum not specified as script argument, assume true
        validChecksum=1
        return
    fi
}

Based on the above I would suggest making validChecksum=1

sdagley
Honored Contributor II

@Musicmaker Are you sure the checksum field is blank? Having anything, including a space, in that field will trigger a checksum verification

Musicmaker
New Contributor III

@Cayde-6 As a test I've alreayd made this value '1'. So my last test running this script was by setting validChecksum=1 .

And @sdagley I'm 100% sure that this field is empty. Checked this more than once ;-).

sdagley
Honored Contributor II

@Musicmaker If you comment out the call to verifyChecksum and add validChecksum=1 below that commented out call does the installer actually work?

Musicmaker
New Contributor III

@sdagley Hmm, that needs some more research of wat to comment out. If I comment out 'verifyChecksum" this is the result:

Script result: /Library/Application Support/JAMF/tmp/OS - Catalina 10.15 install & download: line 300: return: can only `return' from a function or sourced script
/Library/Application Support/JAMF/tmp/OS - Catalina 10.15 install & download: line 303: syntax error near unexpected token `}'
/Library/Application Support/JAMF/tmp/OS - Catalina 10.15 install & download: line 303: `}'

After that I commented out the whole part of 'verifychecksum' (all lines) which resulted in '303: syntax error ... unexpected token'

So I think I need to find out what can be commented out and what not.

sdagley
Honored Contributor II

@Musicmaker When did you download the macOSUpgrade script? Looking at the latest version, you need to comment out line 363, and add the validChecksum=1 below it. To illustrate:

Original version

        if [ "$currentInstallerVersion" = "$installerVersion" ] || [[ ! -e "$OSInstaller/Contents/SharedSupport/InstallInfo.plist" ]]; then
            /bin/echo "Installer found, version matches. Verifying checksum..."
            verifyChecksum
        else
            ## Delete old version.

Modified version

        if [ "$currentInstallerVersion" = "$installerVersion" ] || [[ ! -e "$OSInstaller/Contents/SharedSupport/InstallInfo.plist" ]]; then
            /bin/echo "Installer found, version matches. Verifying checksum..."
            # verifyChecksum
            validChecksum=1
        else
            ## Delete old version.

Musicmaker
New Contributor III

@sdagley I downloaded this script about 1 / 1,5 week before I started this thread. For now I have a new challenge. Due to the Covid-19 I'm at home and have only one test-macBook. After testing 10.15 I bring it back to 10.12, because I have users with 10.12. So I want to test it from the lowest macOS version in production.
But after done this 4, 5 times successfully I have a problem on this macBook with SelfService. I can't install anything. It's stucked on 'Executing'. When I deploy a push application it does work. Already completely re-installed macOS 10.12 but it doesn't work....
So first I have to fix this before testing again with the 'valid checksum'.

sdagley
Honored Contributor II

@Musicmaker I've run into a couple of instances where the macOSUpgrade script reports the invalid checksum error. It appears to happen when the script thinks the installer download has completed when it actually hasn't. I have not figured out what triggers that sequence of events yet however.

Musicmaker
New Contributor III

Also posted this question on Github and someone replied with this:

You can fix this by changing if [ -n "$installESDChecksum" ]; then to if [ "$installESDChecksum" != "0" ]; then and replace the empty value with 0 or to an actual hash if you want to use the feature.

After changing this the upgrade scripts works. It doesn't get stucked on Check is not valid. But what happens now is that the installer will be downloaded twice!
After the first time downloading it says this in de policy logs:

Installer found, version matches. Verifying checksum... Checksum: Not Valid Beginning new download of installer Downloading macOS Installer...

After the second time downloading the OS installer will start. So eventually the machine will be upgraded but the installer will download 2 times. That is not a huge problem, but nowadays where employees are mostly working in home-places, sometimes with slow connections, this is could be an issue.