diff --git a/README.md b/README.md index 588d38b..aca96ea 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,7 @@ Requirements: * macOS Installer 10.12.4 or later * `eraseInstall` option is ONLY supported with macOS Installer 10.13.4+ and client-side macOS 10.13+ * Look over the USER VARIABLES and configure as needed. +* To make use of the re-enroll work-flow check out, [re-enroll-mac-into-jamf-after-wipe](https://github.com/cubandave/re-enroll-mac-into-jamf-after-wipe). *This workflow will **not** work if a user is not logged in since the `startosinstall` binary requires a user to be logged in. Tested with macOS 10.13.4 and you will get errors in that the process couldn't establish a connection to the WindowServer.* @@ -42,6 +43,8 @@ When you open the script you will find some user variables defined on lines 60-1 *Added in v2.6.0 - You can now specify to use the `--eraseInstall` parameter when using macOS Installer 10.13.4 or later and the client is running macOS 10.13 or later. Essentially this will wipe and reload the system to factory defaults. Yay \o/* +*Added in v2.7.0 - You can now automatically re-enroll a mac after the `--eraseInstall`. This will create a PKG and use `--installpackage` to `curl` the jamf binary and enroll the computer by `jamf enroll -invitation`. This also supports various methods of setting/preserving the computer name. To make use of this feature pair the macOSUpgrade work-flow script with the re-enroll scripts from, [re-enroll-mac-into-jamf-after-wipe](https://github.com/cubandave/re-enroll-mac-into-jamf-after-wipe). \(ノ◕ヮ◕\)ノ\*:・゚✧* + **Staging the macOS Installer** @@ -75,6 +78,10 @@ pkgbuild --install-location /Applications --component "/path/to/macOSInstallerAp ![alt text](/imgs/fullScreen.png) +**Example of Utility Dialog** + +![alt text](/imgs/utility.png) + **Example of Utility Dialog** ![alt text](/imgs/utility.png) diff --git a/macOSUpgrade.sh b/macOSUpgrade.sh index efbbdb8..f2e5561 100755 --- a/macOSUpgrade.sh +++ b/macOSUpgrade.sh @@ -31,7 +31,7 @@ # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # This script was designed to be used in a Self Service policy to ensure specific -# requirements have been met before proceeding with an inplace upgrade of the macOS, +# requirements have been met before proceeding with an in-place upgrade of the macOS, # as well as to address changes Apple has made to the ability to complete macOS upgrades # silently. # @@ -41,7 +41,7 @@ # - macOS Installer 10.12.4 or later # - eraseInstall option is ONLY supported with macOS Installer 10.13.4+ and client-side macOS 10.13+ # - Look over the USER VARIABLES and configure as needed. -# +# - To use the re-enroll functions look at https://github.com/cubandave/re-enroll-mac-into-jamf-after-wipe # # For more information, visit https://github.com/kc9wwh/macOSUpgrade # @@ -53,6 +53,28 @@ # USER VARIABLES # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # +##This is the custom event name used to create the install package for automatically enrolling +##You can statically set this a policy by setting it here +##You can also make this dynamic to enroll the computer into different Jamf Pro environments +##For more information please see the project +##https://github.com/cubandave/re-enroll-mac-into-jamf-after-wipe +autoPKGEnrollmentEventName="${11}" +if [[ -z "$autoPKGEnrollmentEventName" ]] ;then + ##add your own event name here if you want this to be static + autoPKGEnrollmentEventName="" +fi + +# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # +# STATIC VARIABLES +# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # + +jamfBinary="/usr/local/jamf/bin/jamf" +jHelper="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper" + +# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # +# POLICY VARIABLES +# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # + ##Specify path to OS installer. Use Parameter 4 in the JSS, or specify here ##Example: /Applications/Install macOS High Sierra.app OSInstaller="$4" @@ -92,7 +114,7 @@ unsuccessfulDownload=0 ##Use Parameter 8 in the JSS. eraseInstall="$8" if [ "$eraseInstall" != "1" ]; then eraseInstall=0 ; fi -#macOS Installer 10.13.3 or ealier set 0 to it. +#macOS Installer 10.13.3 or earlier set 0 to it. if [ "$versionMajor${versionMinor:=0}" -lt 134 ]; then eraseInstall=0 fi @@ -103,6 +125,19 @@ fi userDialog="$9" if [ "$userDialog" != "1" ]; then userDialog=0 ; fi +##Options for computer name handling for re-enroll workflows +##Use this to control the way that re-enrollment to your jamf Pro server is done +##Requires macOS Installer 10.13.4 or later +##NOTE: To Default to assigning no computer after the wipe put nothing in here +##(ask) - Use jamfHelper to ask the user what to do with the computer name +##(keepname) - Default to automatically preserve computer name +##(prename) - Default to automatically asking for a new computer name +##(splashbuddy) - Add this to the parameter setting to automatically create a ComputerName.txt and .SplashBuddyFormDone +##For more information please see the project +##https://github.com/cubandave/re-enroll-mac-into-jamf-after-wipe +##make variable lower case +reEnrollmentMethodChecks=$(echo "${10}" | tr '[:upper:]' '[:lower:]') + # Control for auth reboot execution. if [ "$versionMajor" -ge 14 ]; then # Installer of macOS 10.14 or later set cancel to auth reboot. @@ -193,13 +228,13 @@ wait_for_ac_power() { downloadInstaller() { /bin/echo "Downloading macOS Installer..." - /Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper \ + "$jHelper" \ -windowType hud -windowPosition $dlPosition -title "$title" -alignHeading center -alignDescription left -description "$dldescription" \ -lockHUD -icon "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/SidebarDownloadsFolder.icns" -iconSize 100 & ##Capture PID for Jamf Helper HUD jamfHUDPID=$! ##Run policy to cache installer - /usr/local/jamf/bin/jamf policy -event "$download_trigger" + "$jamfBinary" policy -event "$download_trigger" ##Kill Jamf Helper HUD post download kill_process "$jamfHUDPID" } @@ -261,14 +296,73 @@ verifyChecksum() { } cleanExit() { - kill_process "$caffeinatePID" + ##if exiting on an error killall jamfHelper Windows too + if [[ "$1" != 0 ]] ; then /usr/bin/killall jamfHelper ; fi ## Remove Script /bin/rm -f "$finishOSInstallScriptFilePath" 2>/dev/null /bin/rm -f "$osinstallersetupdDaemonSettingsFilePath" 2>/dev/null /bin/rm -f "$osinstallersetupdAgentSettingsFilePath" 2>/dev/null + /bin/kill "${caffeinatePID}" exit "$1" } +fn_askWhatToDoForComputerName () { + + keepMessage="Do you want to KEEP the computer name after erasing? + +Current Computer Name: $currentComputerName + +To rename click 'Other'. + +" + + renameMessage="Do you want to RENAME the computer name after erasing? + +Current Computer Name: $currentComputerName + +To not assign any name click 'No Name'. + +" + + + toKeepOrNotToKeep=$( "$jHelper" -windowType hud -icon "$icon" -heading "Computer Name Setting" -description "$keepMessage" -button1 "Keep" -button2 "Other" -defaultButton 1 -timeout 300 ) + if [[ "$toKeepOrNotToKeep" = 0 ]]; then + keep=true + elif [[ "$toKeepOrNotToKeep" = 2 ]] || [[ "$toKeepOrNotToKeep" = 239 ]] ; then + toRenameOrNotToRename=$( "$jHelper" -windowType hud -icon "$icon" -heading "Computer Name Setting" -description "$renameMessage" -button2 "Rename" -button1 "No Name" -timeout 300 ) + if [[ "$toRenameOrNotToRename" = 2 ]]; then + prename=true + fi + fi + +} + +fn_askforNewComputerName () { + + newComputerName=$( sudo -u "$currentUser" /usr/bin/osascript -e 'display dialog "Please enter the new computer name" default answer "" with title "Set New Computer Name" with text buttons {"Cancel","OK"} default button 2' -e 'text returned of result' ) +} + + +fn_Process_reEnrollmentMethodChecks () { + ##check for and set the parameters for re enrollment + if [[ "$reEnrollmentMethodChecks" ]] ; then + + ##clear any previous checks + /bin/rm /private/tmp/reEnrollmentMethod* + + if [[ "$reEnrollmentMethodChecks" == *"ask"* ]]; then ask=true ; fi + if [[ "$reEnrollmentMethodChecks" == *"keep"* ]]; then keep=true ; fi + if [[ "$reEnrollmentMethodChecks" == *"prename"* ]]; then prename=true ; fi + + ##write a placeholder so the re-enroll package create knows to create the ComputerName.txt file + if [[ "$reEnrollmentMethodChecks" == *"splashbuddy"* ]]; then + /usr/bin/touch /private/tmp/reEnrollmentMethod.splashbuddy + fi ##re-enroll has splashbuddy + fi +} + + + # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # SYSTEM CHECKS # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # @@ -299,6 +393,42 @@ If you continue to experience this issue, please contact the IT Support Center." cleanExit 1 fi +##This is the beginning of the re-enroll work-flow to handle the computer name +if [[ "$reEnrollmentMethodChecks" ]] && [[ $eraseInstall == 1 ]] && [[ "$autoPKGEnrollmentEventName" ]] ; then + fn_Process_reEnrollmentMethodChecks + + /bin/echo "Script is configured for re-enrollment." + + ## if re-enrollment is enabled to ask what to do about the name + currentComputerName=$( /usr/sbin/scutil --get ComputerName ) + + if [[ $ask = true ]] && [[ ${currentUser} != "root" ]] ; then + /bin/echo "Asking what to do about the computer name." + fn_askWhatToDoForComputerName + elif [[ $ask = true ]] && [[ ${currentUser} = "root" ]]; then + #statements + keep=true + /bin/echo "The computer is at the login window. Defaulting to preserving the computer name." + fi + + if [[ $keep = true ]]; then + /bin/echo "Keeping the current computer name." + newComputerName="$currentComputerName" + fi + + if [[ $prename = true ]]; then + /bin/echo "Assigning a new computer name." + fn_askforNewComputerName + fi + + # Computer name is assigned after eraseinstall + if [[ "$newComputerName" ]]; then + /bin/echo "Assigned computer name after eraseinstall: $newComputerName" + /bin/echo "$newComputerName" > /private/tmp/reEnrollmentMethod.newComputerName.txt + fi +fi # re-enrollment and erase install - prep for naming the computer after eraseinstall stage + + ##Check for existing OS installer loopCount=0 while [ "$loopCount" -lt 3 ]; do @@ -436,14 +566,78 @@ fi ##Launch jamfHelper if [ "$userDialog" -eq 0 ]; then /bin/echo "Launching jamfHelper as FullScreen..." - /Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType fs -title "" -icon "$icon" -heading "$heading" -description "$description" & + "$jHelper" -windowType fs -title "" -icon "$icon" -heading "$heading" -description "$description" & jamfHelperPID=$! else /bin/echo "Launching jamfHelper as Utility Window..." - /Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility -title "$title" -icon "$icon" -heading "$heading" -description "$description" -iconSize 100 & + "$jHelper" -windowType utility -title "$title" -icon "$icon" -heading "$heading" -description "$description" -iconSize 100 & jamfHelperPID=$! fi +##Re-enrollment package creation stage +if [[ "$reEnrollmentMethodChecks" ]] && [[ $eraseInstall == 1 ]] || [[ "$autoPKGEnrollmentEventName" ]] && [[ $eraseInstall == 1 ]] ; then + ##package creation + if [ "$versionMajor${versionMinor:=0}" -ge 134 ] ; then + autoEnrollPKGResult=$( "$jamfBinary" policy -event "$autoPKGEnrollmentEventName" ) + /bin/echo "Results from package creation policy: $autoPKGEnrollmentEventName" + /bin/echo "$autoEnrollPKGResult" + + ##Make and array of the packages built with 'productbuild' - For future ideas + IFS=$'\n' + productbuildPackages=($(/bin/echo "$autoEnrollPKGResult" | /usr/bin/grep productbuild | /usr/bin/awk -F 'Wrote product to ' '{ print $2 }')) + unset IFS + + ##Built in support for multiple packages - For future ideas + for packageName in "${productbuildPackages[@]}" ; do + /bin/echo "Adding package $packageName to post install" + installpackageOption+="--installpackage $packageName " + done + else + echo "startosinstall with installpackage is not supported on this version $version" + + "$jHelper" -windowType utility -title "$title" -icon "$icon" -heading "Re-enrollment Preparation Failed" -description "We were unable to prepare your computer for $macOSname with re-enrollment. + + Re-enrollment packages are not supported on $version. Minimum version is macOS 10.13.4" -iconSize 100 -button1 "OK" -defaultButton 1 + + + cleanExit 1 + fi + + ##Error Reporting for failing to create package + # if [[ -z "${productbuildPackages[@]}" ]]; then + if [[ "${#productbuildPackages[@]}" = 0 ]]; then + /bin/echo "Error: Re-enrollment package cannot be found, failing out" + + + if [[ "$autoEnrollPKGResult" == *"DEP Crossover"* ]] ; then + "$jHelper" -windowType utility -title "$title" -icon "$icon" -heading "Re-enrollment Preparation Failed" -description "We were unable to prepare your computer for $macOSname with re-enrollment. + + The Mac is assigned for Device Enrollment to a different Jamf Pro Server in Apple Business Manager." -iconSize 100 -button1 "OK" -defaultButton 1 + + elif [[ "$autoEnrollPKGResult" == *"DEP multiple Jamf Pro"* ]] ; then + "$jHelper" -windowType utility -title "$title" -icon "$icon" -heading "Re-enrollment Preparation Failed" -description "We were unable to prepare your computer for $macOSname with re-enrollment. + + The Mac is assigned for Device Enrollment across multiple Jamf Pro Servers." -iconSize 100 -button1 "OK" -defaultButton 1 + + elif [[ "$autoEnrollPKGResult" == *"failed to get invitationCode"* ]] ; then + "$jHelper" -windowType utility -title "$title" -icon "$icon" -heading "Re-enrollment Preparation Failed" -description "We were unable to prepare your computer for $macOSname with re-enrollment. + + Failed to generate invitationCode for the re-enrollment package." -iconSize 100 -button1 "OK" -defaultButton 1 + + elif [[ "$autoEnrollPKGResult" == *"no JSS URL Will not create PKG"* ]] ; then + "$jHelper" -windowType utility -title "$title" -icon "$icon" -heading "Re-enrollment Preparation Failed" -description "We were unable to prepare your computer for $macOSname with re-enrollment. + + The package creation script is not configure correctly. No JSS URL configured." -iconSize 100 -button1 "OK" -defaultButton 1 + else + "$jHelper" -windowType utility -title "$title" -icon "$icon" -heading "Re-enrollment Preparation Failed" -description "We were unable to prepare your computer for $macOSname with re-enrollment. + + Re-enrollment package could not be found." -iconSize 100 -button1 "OK" -defaultButton 1 + fi + + cleanExit 1 + fi +fi ##re-enrollment and erase install - re-enrollment package creation stage + ##Load LaunchAgent if [ "$fvStatus" = "FileVault is On." ] && \ [ "$currentUser" != "root" ] && \ @@ -463,9 +657,9 @@ fi osinstallLogfile="/var/log/startosinstall.log" if [ "$versionMajor" -ge 14 ]; then - eval "\"$OSInstaller/Contents/Resources/startosinstall\"" "$eraseopt" --agreetolicense --nointeraction --pidtosignal "$jamfHelperPID" >> "$osinstallLogfile" 2>&1 & + eval "\"$OSInstaller/Contents/Resources/startosinstall\"" "$eraseopt" "$installpackageOption" --agreetolicense --nointeraction --pidtosignal "$jamfHelperPID" >> "$osinstallLogfile" 2>&1 & else - eval "\"$OSInstaller/Contents/Resources/startosinstall\"" "$eraseopt" --applicationpath "\"$OSInstaller\"" --agreetolicense --nointeraction --pidtosignal "$jamfHelperPID" >> "$osinstallLogfile" 2>&1 & + eval "\"$OSInstaller/Contents/Resources/startosinstall\"" "$eraseopt" "$installpackageOption" --applicationpath "\"$OSInstaller\"" --agreetolicense --nointeraction --pidtosignal "$jamfHelperPID" >> "$osinstallLogfile" 2>&1 & fi /bin/sleep 3