InstallLion.pkg Automating your Lion Installation
Allen Golbig Memorial Sloan-Kettering Cancer Center OS X Lion
• Released July 20, 2011 • Mac App Store • Easy to install • Deployment Concerns
Mac App Store made it very easy for our users to both download and install OS X Lion. We needed to make sure users didn’t install their personal licenses on our Assets. Restricted Software
With JAMF’s Casper Suite you can block the Lion installer with the Restricted Software Settings. When a user launches the Install Mac OS X Lion.app, the process will be killed and a message will be displayed to the user. Self Service
With Self Service we can easily deploy Lion to our users. InstallLion.pkg
• Created by Greg Neagle • http://munki.googlecode.com/files/ InstallLionPkg_20110908.zip • Fully automated Lion Installer • Ability to customize InstallESD.dmg • Deployable with almost any management tool
Advantages of InstallLion vs MAS Installer: Fully automated and the Ability to customize the InstallESD.dmg. What is InstallLion.pkg?
• Payload-Free Package • Script only installer package • Postflight script does all the work • InstallLion.pkg/Contents/Resources/ postflight • Mimics the OS X Lion GUI Installer
A payload-free package is a package that contains no files to install, so the Installer application uses scripts to automate any process. Getting Started
• Get your VPP • http://www.apple.com/mac/volume-licensing/ • Download Install Mac OS X Lion.app from the Mac App Store • sudo cp /Applications/Install\ Mac\ OS\ X\ Lion.app/ Contents/SharedSupport/InstallESD.dmg InstallLion.pkg/Contents/Resources
Once you’ve copied the InstallESD.dmg to the Resources folder you are all set. If you’re not looking for any customizations, then you have your Automated Lion installer. A Closer Look Pacifist
InstallESD.dmg has been copied to InstallLion.pkg/Contents/Resources Distribution.dist
• Basic Installation Checks and Volume Checks • Prevents installation - Defaults • 64-bit Intel Processor • Less than 2GB of Ram • Less than 8GB HD Space • Less than 10.6.6 and 10.8+
Distribution.dist does basic prerequisite checks. Not as thorough as the MAS Installer, but it will get the job done. Modifying Distribution.dist function install_check() { if(system.sysctl(‘hw.memsize’) < 2 * 1024 * 1024 * 1024) { my.result.title = ‘Not enough RAM’; my.result.message = ‘2GB of RAM required to install.’; my.result.type = ‘Fatal’; return fales;
function install_check() { if(system.sysctl(‘hw.memsize’) < 4 * 1024 * 1024 * 1024) { my.result.title = ‘Not enough RAM’; my.result.message = ‘4GB of RAM required to install.’; my.result.type = ‘Fatal’; return fales;
You can alter the distribution.dist. For example, if you wanted to set the minimum amount of RAM required, just adjust the hw.memsize to 4 * 1024 * 1024 * 1024 Postflight Script Mac OS X Install Data
Mac OS X Install Data is created at the root of the drive boot.efi & kernelcache
Mounts InstallESD.dmg to /tmp and copies boot.efi & kernelcache to Install Data folder InstallESD.dmg
Unmounts InstallESD.dmg Based on Target of Installation, either hard links or copies InstallESD.dmg to Install Data Folder com.apple.Boot.plist
Creates com.apple.Boot.plist Tells the kernel how to mount and use InstallESD.dmg on reboot com.apple.Boot.plist
# Example com.apple.Boot.plist: # # # #
Tells the kernel which was copied to the Install Data folder how to mount and use InstallESD.dmg on restart. minstallconfig.xml
This is the file that tells the installer among other things that it will be an automated install. Also informs the installer if a MacOSXInstaller.choiceChanges file is present, if you’ve customized your installer and what the Target of the install is. minstallconfig.xml
ChoiceChanges file present InstallType - Automated Custom Packages added - /System/Installation/Packages/OSInstall.collection Target is /
Note: Custom vs Default Packages /System/Installation/Packages/OSInstall.collection vs /System/Installation/Packages/ OSInstall.mpkg index.sproduct & OSInstallAttr.plist
If index.sproduct exists, it will copy the Packages that are referenced in it, (MacOS_10_7_IncompatibleAppList.pkg) otherwise it will create an empty index.sproduct.
OSInstallAttr.plist logs the time at which the installation finished. It also provides the path to the automation file (minstallconfig.xml). If too much time passes the automation step is skipped. index.sproduct
Example of index.sproduct that references MacOS_10_7_IncompatibleAppList.pkg, which means both will be installed by the postflight script. OSInstallAttr.plist
OSInstallAttr.plist logs the time at which the installation finished. Provides path to Automation File, /Volumes/Macintosh HD/Mac OS X Install Data/ minstallconfig.xml. If too much time passes the automation step is skipped. Set Nvram
install_product_url = 'install-product-url=x-osproduct://' install_product_url += installvolinfo['VolumeUUID'] install_product_url += '/Mac%2520OS%2520X%2520Install%2520Data' print 'Setting OS X installer NVRAM install-product-url variable...' try: subprocess.check_call(['/usr/sbin/nvram', install_product_url]) except subprocess.CalledProcessError, e: cleanupFromFailAndExit('Couldn\'t set nvram: %s' % e)
Sets a variable in nvram that the OS X Installer uses to find the product install info after reboot. Bless
folder = install_data_path bootefi = os.path.join(install_data_path, 'boot.efi') options = 'config="\Mac OS X Install Data\com.apple.Boot"' label = 'Mac OS X Installer' cmd = ['/usr/sbin/bless', '--setBoot', '--folder', folder, '--bootefi', bootefi, '--options', options, '--label', label] print 'Blessing OS X installer boot environment in %s...' % folder try: subprocess.check_call(cmd) except subprocess.CalledProcessError, e: cleanupFromFailAndExit('Failed to bless Lion install startup: %s' % e)
Uses the `bless` command to cause the Mac to boot from the kernel files copied to the "Mac OS X Install Data" directory. Restart! Customization Reasons to Modify
• Alter the default installer options • Put back your Management tools • Re-create your Admin Account • Install additional Applications What Can You Customize?
• MacOSXInstaller.choiceChanges • getIncompatibleAppListPkg • customizeInstallESD MacOSXInstaller.choice Changes • Alter the default installation • InstallLion.pkg/Contents/Resources/Mac OS X Install Data/ • Create a choices.xml file • installer -verbose -pkg /Volumes/Mac\ OS\ X\ Install\ ESD/Packages/OSInstall.mpkg -tgt / Volumes/Installer -showChoiceChangesXML > / tmp/choices.xml
Grab an external drive and run the command to create the choices.xml. Removing X11 from Installation
Here is an example of what you would need to change in the choices.xml file. This will remove X11 from the default installation. Save your choices.xml as MacOSXInstaller.choiceChanges and copy it to InstallLion.pkg/Contents/Resources/Mac\ OS\ X\ Install\ Data/ getIncompatibleAppListPkg
• Downloads MacOS_10_7_IncompatibleAppList.pkg and index.sproduct • Updates a list of software that is incompatible with Lion • If not included the postflight script will create an empty index.sproduct
During the actual Lion installation, Mac OS X moves known-incompatible software to a folder named "Incompatible Software" at the root level of the hard drive. MacOS_10_7_IncompatibleAppList.pkg
/System/Library/PrivateFrameworks/SystemMigration.framework/Versions/A/Resources/ English.lproj/IncompatibleApplicationsStrings.strings /System/Library/PrivateFrameworks/SystemMigration.framework/Versions/A/Resources/ MigrationIncompatibleApplicationsList.plist MigrationIncompatibleApplicationList.plist Example Demo customizeInstallESD
• Add additional packages to your installer • Modifies InstallESD.dmg • OSInstall.collection - tells OS X installer which packages must be installed • Not all packages can be added
Due to lack of tools included in the OS X Lion installer environment, some packages will not install properly. Some examples of this are CreateLionUser.pkg and QuickAdd.pkg. You can check what is available by booting into the Recovery HD environment. Command Options
./customizeInstallESD -h Usage: customizeInstallESD [--app /path/to/Install Mac OS X Lion.app | --dmg /path/to/InstallESD.dmg] [--output /path/to/custom/InstallESD.dmg] pkg_path [...]
customizeInstallESD creates a customized Lion installation disk image containing the contents of the original InstallESD.dmg plus the additional packages provided as arguments. Packages will be installed in the order you provide them at the command-line.
Options: -h, --help show this help message and exit -a APP, --app=APP path to Install Mac OS X Lion.app. -d DMG, --dmg=DMG path to (original) InstallESD.dmg. Specify this option if you have a copy of the InstallESD.dmg file but not a copy of "Install Mac OS X Lion.app". -o OUTPUT, --output=OUTPUT Optional. Path for output DMG. Defaults to "InstallESD.dmg" in the current working directory.
By default customizeInstallESD will use the InstallESD.dmg within the Install Mac OS X Lion.app
If it’s not in Applications, use -a to point to the correct location, or -d to point to your copy of the InstallESD.dmg What to Add? sudo ./customizeInstallESD Additional\ Packages/CreateAdmin.pkg Additional\ Packages/ DisableSetupAssistant.pkg Additional\ Packages/Firstboot.mpkg Additional\ Packages/ QuickTimePlayer7.6.6_SnowLeopard.pkg Additional\ Packages/XQuartz.pkg -o /Users/ Shared/
CreateAdmin.pkg DisableSetupAssistant.pkg Firstboot.mpkg
XQuartz 2.7.1 QuickTime 7.6.6
CreateAdmin.pkg is a flatpackage that contains: /var/db/dslocal/nodes/Defaults/users/hiddenadmin.plist & /private/var/hiddenadmin. This is the best way to create a hidden admin account w/ InstallLion.pkg OSInstall.collection
Once you’ve created a new InstallESD.dmg just copy it to InstallLion.pkg/Contents/Resources. A Final Look
InstallESD.dmg copied to InstallLion.pkg/Contents/Resources/ index.sproduct, MacOS_10_7_IncompatibleAppList.pkg and MacOSXInstaller.choiceChanges in /InstallLion.pkg/Contents/Resources/Mac\ OS\ X\ Install\ Data/ Deploying Lion
Casper Munki DeployStudio
Absolute Mange Apple Remote Desktop Casper
We cache the Lion installer on machines based on a Smart Group. Once cached, the User will receive a notification that Lion is available in Self Service. Casper Munki Munki DeployStudio DeployStudio Absolute Manage Absolute Manage Apple Remote Desktop Apple Remote Desktop No matter what your deployment tool is, your users will see this on reboot. Demo Lessons Learned
• Automation will not happen if too much time takes place between the end of the install and restart • Check your Packages and Scripts • Remember that hidden Admin accounts will have to be re-installed. Q&A