Update: pkgcheck

The macOS Monterey 12.3 beta release notes say that the Python 2.7 binary (located in /usr/bin/python) will be removed. Since you follow this blog, this should not come as a surprise. We have been warned about this since Catalina. (Or longer)

That said, the removal of Python 2 in a minor macOS release is surprising. Minor updates should not have breaking changes or removals. Admins and developers may not expect removals and other breaking changes in a minor update and therefore not be paying as much attention to changes. Also, the time a minor update is in beta is usually 6-8 weeks, which leaves us and developers much less time to find and fix problems than a major update beta phase, which is usually 4-5 months.

Nevertheless, we have to work with what Apple deals to us. MacAdmins have been investigating their own tools and scripts since the Monterey release or earlier to avoid the prompts. But when you get vendor pkgs, these might contain anything. While you can inspect pkgs with tools like pkgutil, Pacifist or Suspicious Package, it can get tedious with many packages.

A while back I built a script called pkgcheck to automate this check. Since I (and many others) have started using it again in the recent days, I have added a few more checks to it.

The earlier version would flag files in the installer’s resources that had a /bin/bash, /usr/bin/python, /usr/bin/ruby, or /usr/bin/perl shebang. (the first line with the #!) I have now also added check for a shebang with /usr/bin/env [python|ruby|perl] because when run from an installer pkg, this will also resolve tousing the built-in, deprecated runtimes. Also, using python in the shebang will now be shown as a red error, rather than a yellow warning.

The script will now also grep for use of python in installation scripts and show those scripts. This might generate a few false positives. You will have to use your judgement. For example using python3 in an installation script will also trigger this. But then, it probably should, since python3 is not installed on macOS by default. (What you see in /usr/bin/python3 is a shim that prompts you to install the Command Line Developer Tools, unless they or Xcode are already installed.)

I hope this is useful!

Weekly News Summary for Admins — 2022-01-28

Emails and web pages don’t really have weight, but the news summaries in the weeks with macOS and iOS updates always feel heavier. Lots of links for the macOS Montery 12.2, iOS 15.3 and related updates.

(Sponsor: Mosyle)

Mosyle Fuse logo

The Fusion of Apple MDM, Identity, Patching & Security.

Mosyle Fuse is the first and only product to bring a perfect blend of an Enterprise-grade MDM, an innovative solution for macOS Identity Management, automated application installation and patching, and purpose-built multi-layer endpoint security, all specially designed for Apple devices used at work at a price point that’s almost unexplainable.

Click here to learn more!

In addition to the release updates, Apple also published the first beta for macOS 12.3 and iOS 15.4 It looks like these will be the “Spring” updates from Apple, which means they will have more changes and new features than a “normal” update. Aside from some things we have been waiting for since WWDC (Universal Control! New Emojis!), macOS 12.3 will remove Python 2.7.

We’ve been warned about this since the macOS Catalina beta release two-and-a-half years ago. I have written about this before. More than once. Quite a lot, actually. I warned about this at MacSysAdmin in 2018. I am not looking for credit for prescience here. This was not a hard prediction to make.

It is also not a hard prediction, that several installers and tools will still not be prepared and break on macOS 12.3. Start testing now.

Way back then, I wrote a script that will expand pkgs and check the shebangs of the installation scripts. You can use that to search for installers that might break with macOS 12.3. Or, now that we have the beta you can just start testing your deployment workflows there and see what breaks.

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

News and Opinion

macOS Monterey 12 and iOS 15

macOS 12.2 and iOS 15.3

macOS Monterey 12.2

iOS 15.3 and iPadOS 15.3

watchOS 8.4

tvOS 15.3

Apps

Support

MacAdmins

MacAdmins on Twitter

  • Paul Haddad: “I just downloaded the print application for my label maker. It’s a DMG with an App inside that prompts for an EULA and ends up displaying a button to download the app from the App Store…. Feels like a few steps could be skipped.”
  • Dana Sibera: “Some of the iconic Apple names didn’t last all that long. Apple used ‘Quadra’ from October 91 to October 95 – suiting the name, a span of 4 years. Just 4 years. ‘Performa’ lasted from September 92 to Jan 1997, 4 years 9 months.” (Fun Thread)

Security and Privacy

Support and HowTos

Scripting and Automation

Updates and Releases

To Listen

Just for Fun

Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Weekly News Summary for Admins — 2022-01-21

It seems like the year has not even properly started yet, but Apple already released the macOS 12.2 and iOS 15.3 release candidate. So a likely release next week. Are you ready?

(Sponsor: Mosyle)

The Fusion of Apple MDM, Identity, Patching & Security.

Mosyle Fuse logo

Mosyle Fuse is the first and only product to bring a perfect blend of an Enterprise-grade MDM, an innovative solution for macOS Identity Management, automated application installation and patching, and purpose-built multi-layer endpoint security, all specially designed for Apple devices used at work at a price point that’s almost unexplainable.

Click here to learn more!

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

News and Opinion

macOS and iOS Updates

MacAdmins on Twitter

  • Mr. Macintosh: “1/23/22 will mark 90 days since Monterey was released. If you have an 90 day MDM deferral profile deployed, Monterey will start showing up as an available upgrade On 1/14/22 Apple added “macOS Installer Notification” to the software update catalog.” (Thread)

Support and HowTos

Scripting and Automation

Updates and Releases

To Watch

To Listen

Just for Fun

Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Weekly News Summary for Admins — 2022-01-14

Happy New Year!

With Christmas Day, Boxing Day, and New Year’s Day on week-ends, this was not a good season for employees. However, it did turn out to be a long break for people who write their newsletters on Fridays. After what seems like forever, the Scripting OS X News Summary is back, ready for whatever 2022 might bring for Apple admins.

(Sponsor: Mosyle)

Mosyle Fuse logo

The Fusion of Apple MDM, Identity, Patching & Security.

Mosyle Fuse is the first and only product to bring a perfect blend of an Enterprise-grade MDM, an innovative solution for macOS Identity Management, automated application installation and patching, and purpose-built multi-layer endpoint security, all specially designed for Apple devices used at work at a price point that’s almost unexplainable.

Click here to learn more!

Apple is also back from vacation. We got the third round of beta releases for macOS 12.2 and iOS 15.3 and siblings.

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

News and Opinion

MacAdmins on Twitter

  • Andrew MacKenzie: “My life be like for thething in this that theotherthing ; do Installomator.sh $thething ; done
  • William Smith: “For Jamf customers who are still running their Jamf Pro servers on Macs, March 2022 is the tentative date to retire support for this installer. Reach out to Jamf Support for information about migrating to Jamf Cloud or another server platform.”

Security and Privacy

Support and HowTos

Scripting and Automation

Apple Support

Updates and Releases

To Watch

To Listen

Just for Fun

Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Weekly News Summary for Admins — 2021-12-17

On Monday night, Apple published macOS 12.1, iOS 15.2 and siblings. As if Apple admins didn’t already have their hands full remediating the log4shell issue that dropped last Friday.

(Sponsor: SentinelOne)

The Top 10 macOS Malware Discoveries in 2021

Here are the tactics and techniques of each threat and links to deeper technical analyses. Plus, find out the main lessons Mac admins and security teams can learn from this year’s crop of macOS malware so you can better protect your Mac fleets going into 2022.

The Top 10 macOS Malware Discoveries in 2021

macOS 12.1 brings (among other things) SharePlay to Mac. We have to wait a bit longer for Universal Control. The installers for macOS 11.6.2 and 12.1 should also fix the stalled upgrade issue, when upgrading from Mohave or older. iOS 15.2 brings (among other things) a new App Privacy report.

We also got a bunch of app updates: Xcode 13.2, macOS Server, Apple Remote Desktop, and the new Apple Configurator for iPhone, so you can (finally) add Macs with a T2 chip or Apple Silicon to your Automated Enrollment workflows. We also got Swift Playgrounds 4 for iPad which supports building Swift apps with UIKit and SwiftUI and even uploading them to the App Store.

The conferences for next year are already in full planning mode. MacAD.UK has the dates and location set: March 29 and 30 in Brighton, UK. PSU MacAdmin Conf is asking for your opinion on attendance planning. As always, you can find a list of conferences, with dates and links to their websites and session video archives (so you can catch up all those great sessions that you missed), on my conference page.

This is the last news summary of 2021. Thank you all so much for following along, and most importantly to everyone who wrote something helpful to the community. I hope you get some well-deserved downtime over the holidays and am looking forward to reading and sharing all these great posts next year.

The news summary will return on Jan 14, 2022.

Happy New Year!

Share the gift of being informed with your colleagues and peers: just forward them this news summary and they can subscribe here!!

News and Opinion

macOS 12.1 Monterey, iOS 15.2 and siblings

macOS 12.1 Monterey (21C52)

iOS 15.2 and iPadOS 15.2

watchOS 15.2

tvOS 15.2

Xcode 13.2

User Guides

Apps

Support

Articles

MacAdmins on Twitter

Security and Privacy

Support and HowTos

Scripting and Automation

Updates and Releases

To Listen

Just for Fun

Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Weekly News Summary for Admins — 2021-12-10

The newsletter is a bit later than usual tonight. I was attending the new Jamf 370 Security class and the exam was this afternoon. Thanks to Peter and Daryl for leading the class!

(Sponsor: SentinelOne)

[New] The Complete Guide to Understanding Apple Mac Security for Enterprise

Grab the brand new SentinelOne eBook for Mac enterprise security! Learn how attackers are adapting to macOS 12 Monterey and challenges like M1 architecture, Notarization, OCSP, XProtect, and more.

New eBook: Apple Mac Security for Enterprise

The year is coming to an end and some people might be thinking about their resolutions and if they can finish some in time. Apple seems to want to finish up some loose ends as well. Apple’s open source page got a new look. We also got a release candidate for the macOS 12.1 and iOS 15.2 updates and siblings.

We also had quite a few security stories this week and many other interesting posts from fellow MacAdmins. Thank you!

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

News and Opinion

macOS 12 Monterey and iOS 15

MacAdmins on Twitter

  • Tim Perfitt: “I created a macOS app for our signing service to export identities from macOS keychain and encrypt / wrap them with an HSM public key for easy uploading to our service and to an HSM.” (video and thread)

Security and Privacy

Support and HowTos

Scripting and Automation

Apple Support

Updates and Releases

To Watch

To Listen

Just for Fun

Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Weekly News Summary for Admins — 2021-12-03

News is still a bit slow this week, but we did get a new round of betas for macOS Monterey 12.1, iOS 15.2 and siblings.

(Sponsor: SentinelOne)

[New] The Complete Guide to Understanding Apple Mac Security for Enterprise

Grab the brand new SentinelOne eBook for Mac enterprise security! Learn how attackers are adapting to macOS 12 Monterey and challenges like M1 architecture, Notarization, OCSP, XProtect, and more.

New eBook: Apple Mac Security for Enterprise

This is the fourth beta round for this update release. The release is likely before the holidays, possibly next week. If you haven’t been testing, head to AppleSeed for IT and start now!

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

News and Opinion

macOS 12 Monterey and iOS 15

MacAdmins on Twitter

  • mikeymikey: “I don’t know when the last time you tried to search for an Apple support KB article was – but have you tried … -not- using Google? Search has actually gotten pretty darned fast and extensive.” (Thread)
  • Mr. Macintosh: “Apple released: iOS 15.2 Beta 4 (19C5050b), iPadOS 15.2 Beta 4 (19C5050b), watchOS 8.3 Beta 4 (19S5050c), tvOS 15.2 Beta 4 (19K5050a), HomePodOS 15.2 Beta 4 (19K5050a), Monterey 12.1 Beta 4 Full Installer & IPSW, Big Sur 11.6.2 Beta 4 Full Installer”

Security and Privacy

Support and HowTos

Scripting and Automation

Updates and Releases

To Watch

To Listen

Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Weekly News Summary for Admins — 2021-11-26

Happy day after US Thanksgiving, everyone!

(Sponsor: SentinelOne)

Looking for some macOS Security Power Tricks?

SentinelOne’s resident macOS security experts compiled this list of 15 power tricks for macOS security tasks. Try these out when you’re writing code, hunting for threats, or recording malware behavior.

Read the 15 Power Tricks for macOS Security

Even though many in the US have a few days off, we still have plenty of news to report. My post on ‘JavaScript for Automation’ from last week is generating a lot of great responses, Apple is suing NSO Group, people are figuring out the cause of some of the memory leaks in Monterey, and we get a refresh on the ‘Awesome MacAdmin Tools List.’

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

📰News and Opinion

🐟macOS 12 Monterey and iOS 15

🐦MacAdmins on Twitter

  • Victor (groob): “macOS 12.1 brings EACS = all I ever wanted. Thanks to the Apple folks who listened to this request. EraseDevice now loops into AutoAdvanceSetup via MDM.”
  • Jeremy Reichman: “When the installer says, “about a second remaining” for a minute or more, is it safe to assume it finished “first remaining” already and then went on to longer and more involved “second remaining,” perhaps with an option for more remainings, should additional ones seem necessary?”

🔐Security and Privacy

🔨Support and HowTos

🤖Scripting and Automation

♻️Updates and Releases

📺To Watch

🎧To Listen

📚Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Installomator v8.0

We have published an update for Installomator. It is now at version 8.0 and has over 360 labels!

There were some bugs in the script that could make the script stall the Jamf agent, which prevented the client from checking back in with the Jamf server. This might affect other management systems as well. Please test behavior with the new version and report any issues that might remain.

The changes in detail:

  • removed leading 0 from the version because it has lost all meaning (thanks to @grahampugh for the inspiration)
  • Installomator now detects when an app is already installed, and will display notifications correctly the user based on if the app was updated or installed for the first time.
  • New variables for labels that should be installed using CLI: CLIInstaller and CLIArguments. When the installer app is named differently than the installed app, then the variable installerTool should be used to name the app that should be located in the DMG or zip. See the label adobecreativeclouddesktop to see its use.
  • buildLabel.sh has been improved to build GitHub software labels much easier. In essense if the URL contains github.com, then it will try to find if it’s the latest version or if variable archiveName is needed for finding the software. Also improved messaging throughout the script, as well as handling a situation where a pkg does not include a “Distribution” file, but a “PackageInfo”.
  • MDM script extended with caffeinate so Mac will not go to sleep during the time it takes installomator to run. Especially during setup, this can be useful.
  • Microsoft labels with updateTool variable, is updated to run msupdate --list before running the updateTool directly. Problems have been reported that the update would fail if the --list parameter for the command was not run first. This should help with the Jamf agent stalling during installation.
  • Added bunch of new labels (for a total of 364), and improved others

Most of the work for v8 was done by Søren Theilgaard, but we had many, many contributions from the community! Thanks to everyone!

Weekly News Summary for Admins — 2021-11-19

Even though it is mid-November and the US Thanksgiving week is looming next week, we got a lot of great posts and articles in the news summary.

(Sponsor: Mosyle)

The Fusion of Apple MDM, Identity, Patching & Security.

Mosyle Fuse logo

Mosyle Fuse is the first and only product to bring a perfect blend of an Enterprise-grade MDM, an innovative solution for macOS Identity Management, automated application installation and patching, and purpose-built multi-layer endpoint security, all specially designed for Apple devices used at work at a price point that’s almost unexplainable.

Click here to learn more!

We are finding out about some interesting Monterey features and bugs, Apple announced self service repair, new security threats, lots of automation, and MacAdmins are (re-)discovering JavaScript for Automation (including myself).

If that wasn’t enough to try to keep up with, Jamf dropped all the JNUC 2021 session on to YouTube! Many of these sessions are very informative, even when you don’t use a Jamf product. If you want to catch up on different conferences, or schedule your conference participation for 2022, I have updated my conferences page with all the known dates and links to each conference’s session archive.

macOS 12.1 and iOS 15.2 went into the third round of betas. We also got iOS 15.1.1 (and siblings).

To all US American readers: Happy Thanksgiving!

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

News and Opinion

macOS 12 Monterey and iOS 15

MacAdmins on Twitter

  • cdros: “ICYMI Mac Evaluation Utility 4: Now available for IT teams on AppleSeed for IT
  • Tom Bridge: “This kind of software is infuriating. it’s unethical as an IT Admin to install on your users machines. If you get asked to install it, you should quit instead.” (Link)
  • Kyle Crawford: “I mean more generally I’d like a batteries-included scripting language built-in like python or ruby. I didn’t expect it would be JavaScript.”
  • Jason Anthony Guy: “Apple developers… did you know that Feedback Assistant is available on non-beta systems? Hidden, but accessible. Read the “Installing the App” section on the Apple Bug Reporting page to learn how to get to it. Bonus! Access it via applefeedback://
  • Daniel Jalkut: “I have been using zsh and scp for a long time, but my mind was moderately blown this evening when I realized I could tab-complete REMOTE filenames. Try it: scp whoever@wherever:<tab> (Have to have a ssh key relationship with the server, obviously)”

Security and Privacy

Support and HowTos

Scripting and Automation

Apple Support

Updates and Releases

To Watch

To Listen

Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!