Casper 8.5.x postinstall script

bentoms
Release Candidate Programs Tester

Hi All,

Below is an example of the NEW postinstall.sh from Casper 8.5.x... there have been a few posts logged here.. so in the absence of a KB i'm posting it here with Line Numbers.

My Image has a manually triggered policy (line 32)... this policy included a reboot.. which then meant that the Mac got a reboot loop running jamfHelper at login as it would reboot before the script finished & cleaned itself up.. (lines 46 & 47)..

Hope this helps others & that JAMF create a KB article for this..

1 #!/bin/sh
 2 
 3 ######################################################
 4 ## This script is created by Casper Imaging to perform post-imaging
 5 ## tasks that cannot be performed on a non-booted volume. 
 6 ## Created Thursday, May 3, 2012 at 5:48:05 AM
 7 ######################################################
 8 
 9 ## Lock down the login window 
10 /usr/sbin/jamf launchJAMFHelper -path '/Library/Application Support/JAMF/bin/jamfHelper.app'
11 
12 
13 ## Fix ByHost files
14 /usr/sbin/jamf fixByHostFiles -target /
15 
16 
17 ## Set the homepage here
18 /usr/sbin/jamf setHomePage -homepage 'http://www.myhomepage.com/' -fut -feu
19 
20 
21 /usr/sbin/jamf install -package '010 CS5_DS_210411_Install.pkg' -path '/Library/Application Support/JAMF/FirstRun/PostInstall/Resources'
22 
23 
24 ## Run any scripts that where specified to be run after reboot here
25 
26 
27 ## Run script 002 Create fstab For Users Partition.sh
28 /usr/sbin/jamf runScript -script '002 Create fstab For Users Partition.sh' -target / -path  '/Library/Application Support/JAMF/FirstRun/PostInstall/Resources/' -computerName  'mymac' -username "" -p1 '' -p2 '' -p3 '' -p4 '' -p5 '' -p6 '' -p7 '' -p8 ''
29 
30 
31 ## Run script 020 Lion Policy Trigger.sh
32 /usr/sbin/jamf runScript -script '020 Lion Policy Trigger.sh' -target / -path  '/Library/Application Support/JAMF/FirstRun/PostInstall/Resources/' -computerName  'mymac' -username "" -p1 '' -p2 '' -p3 '' -p4 '' -p5 '' -p6 '' -p7 '' -p8 ''
33 
34 
35 ## Delete the temporary user and restore the original files for autologin
36 /usr/sbin/jamf deleteAccount -username adobeinstall -deleteHomeDirectory
37 /bin/cp -Rpf '/Library/Application Support/JAMF/FirstRun/PostInstall/Resources/Backup/kcpassword' '/private/etc/kcpassword'
38 /bin/cp -Rpf '/Library/Application Support/JAMF/FirstRun/PostInstall/Resources/Backup/com.apple.loginwindow.plist' '/Library/Preferences/com.apple.loginwindow.plist'
39 
40 
41 ## Since we installed software, update inventory
42 /usr/sbin/jamf recon
43 
44 
45 ## Delete this script and the corresponding launchd item
46 /bin/rm -rf '/Library/Application Support/JAMF/FirstRun/PostInstall/'
47 /bin/rm /Library/LaunchDaemons/com.jamfsoftware.firstrun.postinstall.plist
48 
49 
50 ## Since we logged in, reboot to ensure a clean state
51 /usr/sbin/jamf reboot -immediately
52 
53 
54 exit 0
1 ACCEPTED SOLUTION

sam
New Contributor III
New Contributor III

Ben,

Thanks for the response. The reboot after the 'FirstRun' script should have been performed in versions 8.43 and earlier as well. I have attached a sample of a /System/Library/StartupItems/FirstRun/FirstRun below from a very simple image using Casper 8.43. The test only installs three items:

1.) An operating system package
2.) A package with the "This package must be installed to the boot volume at imaging time" enabled
3.) a script set to run at reboot.

The largest change I see relates to the order in which the elements are run. It looks like in 8.5 the first run script executes the script before the temporary accounts are deleted and original files are restored. In 8.43, the script is executed after the user is removed and original files are replaced. I wouldn't think that this would cause any change in the behavior of the reboot, but it is possible. Hopefully this helps clarify the reboot question though.

#!/bin/sh


## Lock down the login window 
/usr/sbin/jamf launchJAMFHelper -path '/Library/Application Support/JAMF/bin/jamfHelper.app'

## Fix ByHost files
/usr/sbin/jamf fixByHostFiles -target /

## Create user netadmin
/usr/sbin/jamf createAccount -username netadmin -realname netadmin -passhash %cf%11%12%aa%4b%45%45%45 -hiddenUser -admin

## Ensure the JSS is available
/usr/sbin/jamf checkJSSConnection

## Enroll the computer into the JSS
/usr/sbin/jamf enroll -invitation '276712433252364734648540203504214223'

## Ensure that the computer is managed and certificates are in place
/usr/sbin/jamf manage

/usr/sbin/jamf install -package 'package.dmg' -path /System/Library/StartupItems/FirstRun/Resources/Packages -fut -feu

## Run any scripts that where specified to be run after reboot here

## Delete the temporary user and restore the original files for autologin
/usr/sbin/jamf deleteAccount -username adobeinstall -deleteHomeDirectory
/bin/cp -Rpf '/System/Library/StartupItems/FirstRun/Resources/Backup/kcpassword' '/private/etc/kcpassword'
/bin/cp -Rpf '/System/Library/StartupItems/FirstRun/Resources/Backup/com.apple.loginwindow.plist' '/Library/Preferences/com.apple.loginwindow.plist'

## Run script AtRebootScript
/usr/sbin/jamf runScript -script "script.sh" -target / -path "/System/Library/StartupItems/FirstRun/Resources/Scripts/" -computerName "computerName" -username "" -p1 '' -p2 '' -p3 '' -p4 '' -p5 '' -p6 '' -p7 '' -p8 ''

## Run Recon.
/usr/sbin/jamf recon

## Delete this Startup Item
/bin/rm -rf '/System/Library/StartupItems/FirstRun/'

## Since we logged in, reboot to ensure a clean state
/usr/sbin/jamf reboot -immediately

View solution in original post

6 REPLIES 6

erin_miska
New Contributor III

Hi Ben,

We do have a KB article that explains a little bit about this PostInstall script and how it's changed since v8.4:

Imaging Tasks Completed After Reboot

If there is anything specific that we could add to make it more helpful, please let us know. Thanks for the feedback.

-Erin

bentoms
Release Candidate Programs Tester

Thanks Erin.. the issue is the reboot introduced with this script.. which i cannot see mentioned within the article that was linked :(

sam
New Contributor III
New Contributor III

Hey Ben,

Good point. The reboot of the computer in the FirstRun script is only implemented when a configuration contains a package that has the option for "This package must be installed to the boot volume at imaging time" enabled (or the package is manually added with Casper Imaging). This option will cause the install of the package to occur during first boot of the computer so that it is installed to the boot volume instead of Netboot or a separate partition. It is often times a requirement of any pkg that runs preflight or postflight scripts on the booted volume.

Some packages, such as Adobe installers, require a user to be logged into the machine when the installer runs. The First Run scripts do that for you and lock down the screen so no one can interact with the temporary account that has logged in to the machine. To clean things up after the installation, the first run script will reboot the computer after it has completed the script. This gets your system back to the way you had it setup in the imaged configuration. If no First Run package installs are present, there is no use in rebooting the system because you are already in the state that you imaged the machine with the configuration.

I see on line 21 of the first run postinstall script that you are installing an Adobe package. This My recommendation would be to remove the reboot from your custom triggered policy if possible.

This feature should have existed and functioned before 8.52. I would assume that the new behavior would be a result of the Adobe installation during imaging. Does that seem like it could be a possibility?

bentoms
Release Candidate Programs Tester

Thanks Sam. The issue was that this change occurred in 8.5 & there doesn't seem to be an article on it.

There are a couple of threads on here that are to do with this (I think). So clarifying this would help.

Kumarasinghe
Valued Contributor

Even if we don't have the reboot trigger in our PostImage script it fails with AD bind and MDM profiles. We use the InstallESD.dmg imaging approach. Also compiling the InstallESD.dmg with other applications will cause issues with packages that have “install at imaging time” ticked.

see the information below;

8.51 and 8.52 have issues with AD and MDM profile while imaging atm.
https://jamfnation.jamfsoftware.com/discussion.html?id=4257

These issues have been logged with QA Engineers at JAMF already with instructions given to reproduce the behavior.

With v8.5x Imaging Tasks Completed After Reboot Process has been changed and causing these issues for us. I have JSS v8.51 installed and for the workaround we use Casper Imaging 8.43 in our NetBoot image until JAMF fixes these issues.

Bit of Background:
We use InstallESD image method described in https://jamfnation.jamfsoftware.com/discussion.html?id=3841 by Jason and all the custom settings like Localisation, NTP, Language, etc setup via a post image script 'At Reboot' (customised script of Tom Larkin's post install script - https://jamfnation.jamfsoftware.com/discussion.html?id=51)

Everything works fine with JSS 8.43.

Issues with v8.51/8.52:
1. We have MDM profile and AD binding issues with v8.51 and v8.52
https://jamfnation.jamfsoftware.com/discussion.html?id=4257

  1. With v8.51 when you compile a configuration from Casper Admin, if you have packages with “install at imaging time” ticked, those packages will not install when compile.

https://jamfnation.jamfsoftware.com/discussion.html?id=4365

https://jamfnation.jamfsoftware.com/discussion.html?id=4322

https://jamfnation.jamfsoftware.com/discussion.html?id=4257

sam
New Contributor III
New Contributor III

Ben,

Thanks for the response. The reboot after the 'FirstRun' script should have been performed in versions 8.43 and earlier as well. I have attached a sample of a /System/Library/StartupItems/FirstRun/FirstRun below from a very simple image using Casper 8.43. The test only installs three items:

1.) An operating system package
2.) A package with the "This package must be installed to the boot volume at imaging time" enabled
3.) a script set to run at reboot.

The largest change I see relates to the order in which the elements are run. It looks like in 8.5 the first run script executes the script before the temporary accounts are deleted and original files are restored. In 8.43, the script is executed after the user is removed and original files are replaced. I wouldn't think that this would cause any change in the behavior of the reboot, but it is possible. Hopefully this helps clarify the reboot question though.

#!/bin/sh


## Lock down the login window 
/usr/sbin/jamf launchJAMFHelper -path '/Library/Application Support/JAMF/bin/jamfHelper.app'

## Fix ByHost files
/usr/sbin/jamf fixByHostFiles -target /

## Create user netadmin
/usr/sbin/jamf createAccount -username netadmin -realname netadmin -passhash %cf%11%12%aa%4b%45%45%45 -hiddenUser -admin

## Ensure the JSS is available
/usr/sbin/jamf checkJSSConnection

## Enroll the computer into the JSS
/usr/sbin/jamf enroll -invitation '276712433252364734648540203504214223'

## Ensure that the computer is managed and certificates are in place
/usr/sbin/jamf manage

/usr/sbin/jamf install -package 'package.dmg' -path /System/Library/StartupItems/FirstRun/Resources/Packages -fut -feu

## Run any scripts that where specified to be run after reboot here

## Delete the temporary user and restore the original files for autologin
/usr/sbin/jamf deleteAccount -username adobeinstall -deleteHomeDirectory
/bin/cp -Rpf '/System/Library/StartupItems/FirstRun/Resources/Backup/kcpassword' '/private/etc/kcpassword'
/bin/cp -Rpf '/System/Library/StartupItems/FirstRun/Resources/Backup/com.apple.loginwindow.plist' '/Library/Preferences/com.apple.loginwindow.plist'

## Run script AtRebootScript
/usr/sbin/jamf runScript -script "script.sh" -target / -path "/System/Library/StartupItems/FirstRun/Resources/Scripts/" -computerName "computerName" -username "" -p1 '' -p2 '' -p3 '' -p4 '' -p5 '' -p6 '' -p7 '' -p8 ''

## Run Recon.
/usr/sbin/jamf recon

## Delete this Startup Item
/bin/rm -rf '/System/Library/StartupItems/FirstRun/'

## Since we logged in, reboot to ensure a clean state
/usr/sbin/jamf reboot -immediately