• Using a full macOS installer with Munki to patch macOS

    Note about Silicon Macs This will not work with Apple Silicon Macs, as Apple now requires you to enter the password of a secure token user account in order to run startosinstall. Shoutout Shoutout to Rod Christiansen on the MacAdmins Slack for putting this strange (but still working for now) method of patching on my…

  • AutoPkg failed: hdiutil: attach failed – no mountable file systems error

    If, when running AutoPkg, you get an error like failed: hdiutil: attach failed – no mountable file systems but you’re able to mount the .dmg manually (i.e., it’s not a corrupted download), double-check you don’t have a restrictions profile installed that requires you to authenticate when mounting disk images. That setting is pretty much useless…

  • T2 Macs don’t count as external boot media

    I don’t see this documented anywhere in an officially explicit way, so I’m writing a blog post on this. With the introduction of T2-chip Macs, Apple introduced something called Startup Security Utility, and the official line there is that you can change the setting to “Allow booting from external media,” and then you can boot…

  • If you update an AutoPkg parent recipe, but your override is still using old settings…

    AutoPkg has a cool feature called parent trust that allows you to create recipe overrides that store a hash of the parent recipe (instead of running the parent recipe directly), and then prevent you from running the recipe if there’s a change to the parent recipe, until you update the trust info. (I also have…

  • Force-stopping the MunkiStatus progress bar at the login window

    Sometimes, the MunkiStatus progress bar over the login window can get stuck, and pressing the Stop button can take a while to halt the progress bar completely. To kill it immediately, press Cmd-Option-Shift-Escape (this is a slight modification of the usual force-quite key combination, which is Cmd-Option-Escape). Full credit to Yehuda Bialik and Greg Neagle…

  • Using AppleScript to install macOS software updates via System Preferences

    Right now, this is a bit more of a proof-of-concept, but since /usr/sbin/softwareupdate has become increasingly unreliable in the past year for automating and enforcing Apple software updates, having a way to automate installing updates through the GUI on certain relatively unattended Macs is worth exploring. I’ve created a GitHub project for that called Sys…

  • A way to install macOS Catalina guest on VirtualBox on a Mac host

    Why this blog post? I won’t say this is the way to install macOS Catalina on VirtualBox, but it’s certainly a way, and it’s difficult to find information about a way to do it. There are a lot of posts indicating that 10.15 or 10.15.1 worked but 10.15.2 and beyond don’t. Or that there are…

  • What can you do at the password prompt in Catalina’s recovery mode?

    The mysterious password prompt Starting in macOS 10.15 (Catalina), Apple started requiring a password to do anything useful after booting into recovery mode: It’s not exactly clear what this password is for. T2-chip Macs have hardware-based encryption, and that encryption is able to turn on instantaneously. Without mounting the encrypted drive, you can’t really reset…

  • Changing ownership of files in Google Drive via Google Apps Script

    This was a fun little exercise in Google Apps Script to essentially transfer ownership of Google Drive files from one user to another. Here’s a script that the old user should run to change ownership of those files to the new user: ChangeFileFolderOwnership.js And here’s a script that the new user user should run to…

  • Fixing Jamf device signature error

    Even though this Jamf Nation thread is five years old, as of this writing, it’s still got the solution to the Device Signature Error – A valid device signature is required to perform the action error message. In my experience, the actual working solution is to run sudo jamf enroll -prompt and then enter credentials…

  • Running commands as a user when scripting for Munki or Jamf

    Munki and Jamf run as root, so scripts they execute execute as root, not user. One great way around this is to use Outset‘s login scripts (login-once, login-every), but sometimes you may have occasion to actually run a script immediately as the logged-in user. Obviously, you’ll want to get the currently logged-in user into a…

  • Using a Munki nopkg to disable Chrome 80’s ScrollToTextFragment feature

    Update, 14 July 2020 With Chrome 84, Google has now removed the ability to disable the ScrollToTextFragment feature, so this whole write-up is now obsolete What is ScrollToTextFragment With Chrome 80, Google has introduced a new ScrollToTextFragment feature that allows you to reference an anchor link by any phrase that’s in a webpage, even if…

  • Fix for custom user icons freezing up System Preferences

    Even though there is some flexibility in terms of what sizes and resolutions you can use for custom user icons (to select for user pictures), if your icon’s resolution is way off, you may see a frozen blank, grey screen when trying to change the picture from that too-high-res picture to something else: To get…

  • Introduction to Nudge

    What is Nudge? In 2018, Erik Gomez created Nudge, which is open source and has nine other contributors as of this writing. Part of the beauty of Nudge is its simplicity—it doesn’t actually install any updates itself (it does invoke the softwareupdate binary to check for or download Apple software updates, but it doesn’t actually…

  • Upping the logging level in Munki

    As noted in the Troubleshooting section of the Munki wiki, you can increase the logging level for Munki clients. The default logging level is 1, which looks like this: Dec 12 2019 20:04:20 -0800 GoogleChrome version 79.0.3945.79 (or newer) is already installed. If you increase the logging level to 4, it will look like this:…