Python 3 script to add optional installs to the SelfServeManifest

Posted on June 24, 2020 by alanysiu

Two years ago, I wrote a bash script that adds a bunch of optional installs to the SelfServeManifest using /usr/libexec/PlistBuddy, which is a fine tool, but it can get bit messy sometimes. I did play around with using /usr/local/munki/manifestutil, but it got a bit convoluted, and I figured “Hey, why not just write it in Python 3, now that the default shell is zsh instead of bash and Python 2 is end-of-life?” So, yeah, the rationale here is that you may want to have a bunch of applications installed as default applications for your users but still give users the


Script to make Jamf Self Service policy install a Munki optional install

Posted on June 10, 2020 by alanysiu

There is a huge project called jamJAR that seeks to integrate Munki and Jamf in a seamless way. I’ve written a script that does something a bit less ambitious, but it may still be helpful to your organization if you are “using” Jamf Self-Service, really want to be using Managed Software Center, and still want to keep Self-Service around (either temporarily or semi-permanently). Basically is a script that you can include in a Jamf Self-Service policy that will attempt to install a Munki optional install item. Just make the item name (not necessarily the same as the display name,


Using a full macOS installer with Munki to patch macOS

Posted on June 3, 2020 by alanysiu

Note about Silicon Macs This will not work with Apple Silicon Macs, as Apple now requires you to enter the password of a secure token user account in order to run startosinstall. Shoutout Shoutout to Rod Christiansen on the MacAdmins Slack for putting this strange (but still working for now) method of patching on my radar. Why would you want to do this? Recently, softwareupdate has become an increasingly unreliable way to install updates. Munki 5 recently brought in some changes to have Managed Software Center nudge users to install patches via System Preferences (more details at Manual Apple Updates


AutoPkg failed: hdiutil: attach failed – no mountable file systems error

Posted on May 27, 2020 by alanysiu

If, when running AutoPkg, you get an error like failed: hdiutil: attach failed - no mountable file systems but you’re able to mount the .dmg manually (i.e., it’s not a corrupted download), double-check you don’t have a restrictions profile installed that requires you to authenticate when mounting disk images. That setting is pretty much useless anyway if you’re an admin user (you won’t be prompted in the GUI to authenticate when mounting disk images via Finder), and it will just make it so when AutoPkg is trying to run /usr/bin/hdiutil attach -plist -mountrandom /private/tmp -nobrowse /PATH/TO/DOWNLOADED/DISKIMAGENAME.dmg that it will choke


T2 Macs don’t count as external boot media

Posted on May 20, 2020 by alanysiu

I don’t see this documented anywhere in an officially explicit way, so I’m writing a blog post on this. With the introduction of T2-chip Macs, Apple introduced something called Startup Security Utility, and the official line there is that you can change the setting to “Allow booting from external media,” and then you can boot from “an external hard drive, thumb drive, or other external media.” What the official knowledgebase article doesn’t tell you is that (again, just based on my own testing—if someone has official Apple documentation laying this out in a clear way, please comment below, and I’ll


If you update an AutoPkg parent recipe, but your override is still using old settings…

Posted on May 13, 2020 by alanysiu

AutoPkg has a cool feature called parent trust that allows you to create recipe overrides that store a hash of the parent recipe (instead of running the parent recipe directly), and then prevent you from running the recipe if there’s a change to the parent recipe, until you update the trust info. (I also have a script that runs a list of recipes, checks trust info, and prompts you to approve changes if there are changes.) But you may sometimes run into a situation in which you see the changes, the changes are important (for example, the download URL has


Force-stopping the MunkiStatus progress bar at the login window

Posted on April 16, 2020 by alanysiu

Sometimes, the MunkiStatus progress bar over the login window can get stuck, and pressing the Stop button can take a while to halt the progress bar completely. To kill it immediately, press Cmd-Option-Shift-Escape (this is a slight modification of the usual force-quite key combination, which is Cmd-Option-Escape). Full credit to Yehuda Bialik and Greg Neagle for this tip. The Wiki on Bootstrapping With Munki is now updated also to include a note this keyboard shortcut.


Using AppleScript to install macOS software updates via System Preferences

Posted on April 8, 2020 by alanysiu

Right now, this is a bit more of a proof-of-concept, but since /usr/sbin/softwareupdate has become increasingly unreliable in the past year for automating and enforcing Apple software updates, having a way to automate installing updates through the GUI on certain relatively unattended Macs is worth exploring. I’ve created a GitHub project for that called Sys Pref Software Updates (or spsu, for short).


A way to install macOS Catalina guest on VirtualBox on a Mac host

Posted on April 1, 2020 by alanysiu

Why this blog post? I won’t say this is the way to install macOS Catalina on VirtualBox, but it’s certainly a way, and it’s difficult to find information about a way to do it. There are a lot of posts indicating that 10.15 or 10.15.1 worked but 10.15.2 and beyond don’t. Or that there are difficulties with VirtualBox and APFS. There are also, if you look for blog posts about macOS guests, many blog posts about Apple-unsanctioned “hackintosh” setups on Windows or Linux hosts. So there may be a way easier way to set up Catalina as a guest on