Gregory Neagle
unread,Oct 26, 2021, 6:22:58 PM10/26/21Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Sign in to report message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to munki-dev
As you may be aware, on Apple silicon, running `startosinstall` to upgrade macOS now requires the credentials of a “Volume Owner”. This means that Munki cannot currently upgrade Apple silicon Macs from Big Sur to Monterey.
I plan to experiment with extending the current authrestartd process (with a probable name change instead) to be able to store the username and password of a volume owner, and then also to be able to run startosinstall with those credentials on Apple silicon.
This means:
1) No automated updates of macOS via Munki, as user interaction will be required to get the credentials
2) Possible failure modes if the current user is not a volume owner
Given the restrictions/limitations, I wonder if this is then ultimately worth the effort. If the user is a volume owner and admin user, they could just run the “Install macOS Monterey.app” directly.
If they are not an admin user, they might be able to trigger an upgrade from System Preferences->Software Update.
If that doesn’t work, I’ve done a proof-of-concept tool that temporarily grants admin to a user, launches the “Install macOS Foo.app”, then removes admin when that app exits. Perhaps that approach is a better use of my time.
Ultimately Apple wants us to either interactively use “Install macOS Foo.app” or rely on MDM to trigger OS upgrades, so I hesitate to build anything particularly complex that Apple is going to break in a year.
Curious about others’ thoughts here.
-Greg