Jamf Nation Community

DanJ_LRSFC · ‎10-25-2018

We've just got some new Macs in which have got High Sierra on them. I got everything installed OK but when I login with a test AD user I'm getting a bunch of keychain errors. Further investigation reveals that there's a zero-byte file at ~/Library/Keychains instead of a folder.

Some other threads on here (e.g. https://www.jamf.com/jamf-nation/discussions/19224/zero-byte-files-in-library) suggest that this is due to an existing DMG package with FUT enabled, but how do I go about troubleshooting it to find out which one? Do I really have to repeatedly wipe and reinstall it for each DMG package in our software configuration? Or is there a better way to find which package is at fault?

Thanks,
Dan Jackson (Senior ITServices Technician)
Long Road Sixth Form College
Cambridge, UK.

ryan_ball · ‎10-25-2018

Exclude all the FUT FEU packages but about three. Install those three, test. Wipe, install those three plus three more, test. Repeat adding three packages each time until you see the issue. Then you know that the issue lies with one (or more) of the three last added packages.

If you have two or three Macs to test this workflow on, you could figure it out without much trouble.

Additionally, I've tried to eliminate as many FUT FEU packages as possible, but did include some in my 10.13 DEP Config. Of those packages I have remaining, I'm finding what worked fine in 10.13 could cause issues in 10.14, so this is something I've done relatively recently.

DanJ_LRSFC · ‎10-25-2018

Turns out I don't actually have that many FUT enabled packages after all, I thought there were more but I can only find 5:

Audacity
Chrome
Java 8
VLC
Wacom Tablet Drivers

Does anyone know of ways of packaging these that don't require FUT, while still preventing the user from seeing any "first run" dialogs?

cody_anderson · ‎10-25-2018

Based on that list my bet is that the trouble maker is Chrome since I dont know if the others would do anything with the keychain folders.
That being said you should be able to package up any of these and have users not the "first run" Dialogs using Composer.

Run JAMF Composer and take a snapshot of the computer then install an application (I recommend doing one at a time and only working on the app install while composer is open). Once the install is complete open the application and go through the first run dialogs being sure to put checks in the "never show again" boxes. Then close the app and reopen it, just to make sure something didn't sneak by. If the app opens nice and clean like you want then go back into Composer and take the closing Snapshot.

Composer will then display any changes made to any folder/file that were made between the first snapshot and the second. You can go in and remove any folders you need to (usually stuff dealing with the User folders or User Library are the ones you should remove).
Then you can choose to package the file as a DMG or PKG.

ryan_ball · ‎10-25-2018

Install a program called Whitebox Packages http://s.sudre.free.fr/Software/Packages/about.html

Then you can just take Google Chrome.app or VLC.app and drag and drop the .app into Packages.app, and it will automatically create a .pkg of them. Works perfectly.

DanJ_LRSFC · ‎10-31-2018

@ryan.ball surely that won't deal with the first run dialog boxes that users see when they open Chrome though?

I need users to be able to immediately start web browsing when they open Chrome. No "Do you want to use safari", no "import bookmarks", no "sign in to a google account", just literally a google search page comes straight up.

Also as it turned out it was the Wacom Tablet Drivers package that was at fault, I downloaded a fresh copy off Wacom's website and the issue is sorted now.

Jamf Nation Community

Zero-byte keychain file and troubleshooting FUT?