Weekly News Summary for Admins — 2019-04-12

One of the key takeaways from my MacADUK presentation on “Modern Delpoyment Workflows” is that MacAdmins now have to expect new, rules-changing ‘features’ in macOS at any time during the release cycle. (Video is not available yet, I will post when they release it.)

Apple is proving this advice with the announcement that thrid party kernel extensions and certain applications have to be notarized, starting with macOS 10.14.5 beta2.

In typical Apple fashion this announcement is brief and to the point and leaves many questions open for interpretation, especially for MacAdmins. Thankfully, the MacAdmin community has, once again, leapt to action and filled in a few of the critical missing pieces.

Also, we have updated our EraseInstall app! And yes, it is notarized.

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

News and Opinion

10.14.5 App Notarization Changes

MacAdmins on Twitter

Support and HowTos

Scripting and Automation

Apple Support

Updates and Releases

To Listen

Support

There are no ads on my webpage or this newsletter. If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

EraseInstall Update: Version 1.2

We (the team I work with at Pro Warehouse) have released a new version of the EraseInstall application.

Version 1.2 is now notarized, so it should continue to work with macOS 10.14.5 and newer. It also checks the battery level before starting the process and will refuse continue if the battery is low. We also fixed a few layout and other bugs.

Important Update: Because this new version is built with Swift 5, it will require the Swift 5 Runtime Support to be installed as well, when on macOS 10.14.3 and older.

But the big new feature is that you can customize the installation process of the new macOS with custom packages.

The package installers will be installed after the macOS installation is complete but before DEP runs or the first user is created. This allows for some useful customizations and shortcuts in the deployment process.

The EraseInstall application will look for package installers (pkg) files in the /Library/Application Support/EraseInstall/Packages/ folder. When the package installers are in the correct format (see below) they will be added to the startosinstall command with the --installpackage option.

For this to work, the packages have to be ‘distribution packages with an’product archives,’ i.e. distribution packages with the identifier attribute set in the product key.

Most package installers created with tools commonly used by Mac Administrators build component packages (also called ‘flat packages’). These contain the payload files that will be installed on the target system and optional installation scripts to modify the behavior.

If you usually build your packages as component packages with pkgbuild or a similar tool, you can convert them to product archives with the productbuild command:

$ productbuild --package path/to/component.pkg
--version 1.0 --identifier com.example.package productarchive.pkg

If you use a different tool to create your packages, please consult the tool’s manual or support reference whether they create component packages, distribution packages or product archives.
munkipkg: will automatically create product archives when the distribution_style key is set to true
Whitebox Packages: identifier (id) and version can be set for a distribution package project when ‘Show Advanced User Options’ is enabled in Packages -> Preferences
Jamf Composer: cannot create distribution packages or product archives. You can convert the component packages from Composer with the above productbuild command.
pkgbuild and most other tools: creates component packages which you can convert using the above productbuild command

You can use the ‘ShowLanguageChooser’ and ‘SuppressSetupAssistant’ package installers built with these scripts as some examples to start with.

You can download the installer for EraseInstall 1.2 here.

Weekly News Summary for Admins — 2019-04-05

Since I assemble and publish this news summary on Friday mornings (European Time), I sometimes just miss interesting news dropping on Friday afternoon in US. Usually, Friday afternoon news in bad news for the organisation releasing it.

Exactly this happened last Friday. After two weeks of seemingly non-stop releases, on Friday afternoon Apple cancelled the AirPower charging mat which was pre-announced at the iPhone X event in September 2017.

On the other hand, a different pre-announcement made at WWDC last year was fulfilled this week. BBEdit is back in the Mac AppStore! (No secret that BBEdit is my favored text editor, I wrote a bit about why last year.)

Also, the email version of this summary broke through 500 subscribers! Thank you all! (And keep spreading the word.)

We also got a lot of great posts with helpful advice from various MacAdmins. As usual a huge thank you to everyone who so willingly shares their experience.

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

#! On Scripting OS X

📰News and Opinion

🐦MacAdmins on Twitter

  • MacDeployment YYC: “Last night at our MacDeploy Meetup, we were pleased to announce our plans for this year’s Conference, June 10–11 here in #yyc. 1/” (Thread)
  • Nigel Kersten: “I don’t think I’ve ever really told the story on Twitter about the time Steve Jobs sent me a polite but dismissive email and then proceeded to make my life at work rather hellish.” (Thread)
  • Eric Holtam: “Munki admins: Apple SUS update testing requested.”
  • Libbi Garret: “Do you use Apple School Manager? Great News! Our amazing F3 Legal Council has worked with Apple Edu and determined that ASM is FERPA & Ed Code 49073.1 (AB1584) compliant! You can view/download the letter and terms on our CETPA page studentprivacy.net
  • Eric Holtam: ‘VMWare Fusion needs a feature to say “Snapshot on the next reboot because I’m going to forget and waste hours of prep time”’
  • Tim Perfitt: “Work is progressing on #MDS 1.6. You can specify variables when creating workflows that causing techs to get prompted and the values are passed to your scripts. This is so awesome you might need to sit down for a bit.”
  • Rene Ritchie: “Apple has dropped its #HomePod price to US$299 (down from US$349). Similar cuts internationally.”
  • Suzana Ilić: “This is really neat! You take a screenshot of an equation, it gives you the LaTeX code, you can directly modify in the taskbar, copy, paste, done. mathpix.com

🐞Bugs and Security

🔨Support and HowTos

🤖Scripting and Automation

🍏Apple Support

♻️Updates and Releases

🎧To Listen

📚 Support

There are no ads on my webpage or this newsletter. If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Swift 5 for MacAdmins

macOS 10.14.4 also includes Swift 5. The main new feature of Swift 5 is that Swift is ABI stable.

Simply said, ABI stability allows swift binaries to use a Swift library on the system instead of having to bundle the libraries with them. This will, of course reduce the size of the binaries.

For example, my desktoppr tool compiles to 6.5MB with Swift 4.2 and 56KB with Swift 5.

However, command line tools built with Xcode 10.2 now rely on the Swift library to be available on the system. macOS 10.14.4 and future versions will include the libraries, but older macOS versions did not. There is no option in Xcode 10.2 to keep the old behavior of bundling the libraries in the tool.

This means that when you re-build a tool in Xcode 10.2 with Swift it will not run on older macOS version:

$ sw_vers -productVersion
10.13.6
$ ./desktoppr 
dyld: Library not loaded: @rpath/libswiftAppKit.dylib
  Referenced from: /Users/armin/Desktop/desktoppr
  Reason: image not found
Abort trap: 6

Apple provides an installer for the Swift libraries for “earlier versions of macOS.” (The package installer declares a minimum OS version of 10.9.)

The libraries are installed in /usr/lib/swift, where your binaries can find them:

$ ./desktoppr 
/Library/Desktop Pictures/BoringBlueDesktop.png

Note: these libraries are used by compiled binaries. Installing the runtime libriaries will not allow you to run swift script files, i.e. text files starting with the #!/usr/bin/swift shebang. You still need to install Xcode or the Developer Command Line tools for that.

So far, only command line tools written and compiled in Xcode 10.2 will require the libraries. Application bundles will continue to include their own libraries.

As Swift gets updated, you will need to update the installed libraries as well. You can get the installed version of the Runtime with pkgutil:

$ pkgutil --info com.apple.pkg.SwiftRuntimeForCommandLineTools
package-id: com.apple.pkg.SwiftRuntimeForCommandLineTools
version: 10.2.0.0.1.1552586384
volume: /
location: /
install-time: 1553789052
groups: com.apple.FindSystemFiles.pkg-group 

However, on a Mac with 10.14.4 the swift libraries are present but not installed by the same installer package, they are part of the entire system:

$ pkgutil --file-info /usr/lib/swift/libswiftFoundation.dylib
volume: /
path: /usr/lib/swift/libswiftFoundation.dylib

pkgid: com.apple.pkg.update.os.10.14.4.18E226
pkg-version: 1.0.0.0.1.1553145155
install-time: 1553765876
uid: 0
gid: 0
mode: 755

If/When Apple updates the runtime libraries, this might be a challenge to track and update properly.

Note: While I used my tool desktoppr as an example, I have not updated the version available for download to Swift 5 yet. So, that is still built with the “old” Swift and Xcode and should work everywhere without the runtime libraries.

Nevertheless, it should be prudent for MacAdmins to install the Swift 5 runtime libraries on their fleet. At the very least be aware that these errors can occur and how to fix them.

Weekly News Summary for Admins — 2019-03-29

We did get the long awaited Apple Event this week. Since Apple unloaded many of their releases last week already the event could focus entirely on new subscription services. Apple showed subscription services for magazines (Apple News+), games (Apple Arcade), credit card (Apple Card), and tv series (Apple tv+). Only Apple News+ is available now, the rest will come “later this year.” 10.15 release should be interesting.

More interesting for Apple Admins, the updates for macOS Mojave 10.14.4, iOS 12.2, watchOS 5.2 and tvOS 12.2 were released as well. Since these are the “Spring Updates” they bring with them some new user facing features: Apple News+, dark mode for Safari content, AirPods 2 support. Also some new features for administrators which I already outlined in a post.

Overall, not as big an update as 10.13.4 was, but still quite the event.

Also this week was MacAD.UK, where I presented on “Modern Delpoyment Workflows for Business.” I had a wonderful time meeting everyone at the conference. My thanks to the organizers, speakers and attendees for making this a great event.

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

#! On Scripting OS X

📰News and Opinion

🐦MacAdmins on Twitter

🐞Bugs and Security

🔨Support and HowTos

🤖Scripting and Automation

🍏Apple Support

Spring Udpates

Swift 5

Downloads

♻️Updates and Releases

📺To Watch

🎧To Listen

📚 Support

There are no ads on my webpage or this newsletter. If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

macOS Mojave Spring Update

The macOS Mojave 10.14.4 update dropped on Monday night, along with iOS 12.2. Like last year’s 10.13.4 update, these updates didn’t only bring the usual “bug fixes and improvements” but new features, both user facing and “under the hood.”

Apple even put a section on the ‘Enterprise Content’ of the updates in the macOS release notes!

What’s new in the updates for macOS Mojave:

Enterprise content:

  • Fixes an issue that could prevent mobile accounts from logging in from an off-network Mac after changing their network account password.
  • Fixes an issue that intermittently prevented apps from downloading from the App Store or installing via MDM.
  • Mobile Active Directory accounts that have used their personal recovery key (PRK) to unlock a FileVault volume are no longer required to continue using the PRK to unlock, but can use their login password instead.

The macOS Server/Profile Manager release notes, provide more information on some management related features:

macOS

  • Export a predefined set of device information values for specified devices using a new command-line tool, exportDeviceInfo
  • Skip True Tone pane in Setup Assistant
  • Configure new restrictions: screenshot and remote screen observation
  • Configure Exchange Web Services authentication certificate
  • Configure Apple Remote Desktop access
  • Configure managed classes on student Mac computers
  • Configure Certificate Transparency payload

iOS

  • Enable or disable Voice and Data Roaming and Personal Hotspot
  • Configure new restrictions: Personal Hotspot modification (supervised only), disable server-side Siri logging
  • Display phone number, ICCID, and IMEI details of enrolled Dual SIM devices
  • Configure Certificate Transparency payload

tvOS
– Configure Managed Software Updates

While I do not recommend to macOS Server/Profile Manager as a production MDM, it is useful for testing new features and as a reference implementation.

We didn’t get new, disrupting features on the scale of user-approved MDM this year, but the spring update still warrants extra attention and preparation from system admins.

MacAD.UK Presentation Notes

The slides, notes and links for my MacAD.UK presentation from this morning: “Modern Deployment Workflows for Business” are available now.

Modern Deployment Workflows for Business

Despite the title, I think there should be some choice moments and things to learn in there for everyone. Once the sessions videos are posted I will update the page.

I am having a great time here at MacAD.UK. If you are here as well, be sure to say hi!

Weekly News Summary for Admins — 2019-03-22

Apple flooded us with new releases this week. We got a new iPad Air and new iPad mini, a long-awaited update to the iMac, new Airpods, changes to the BTO pricing for iMac Pro and MacBook Pro, Apple School Manager Federated authentication, and some software updates. As Steven Troughton-Smith pointed out, there have been keynotes for less news.

Not everyone is happy about the “new” iMacs, though: No T2 System Controller and 1TB 5400rpm spinning disks in the base models. I will have some thoughts about the “new” iMacs in my presentation at MacADUK next week! (See you there, if you are going, there may be a few tickets left.)

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

Headlines

News and Opinion

MacAdmins on Twitter

  • Zachary Cutlip: “Illustrated: talking to a VMware Fusion guest’s serial port… ”
  • Anthony Reimer: “The surprising thing about today’s iMac update: the bottom, non-Retina 21.5″ model was left completely untouched. Budget model, I guess.”
  • Alex: “The T2 cannot interface with Fusion Drives and Apple doesn’t seem to want to spend the time to make it work. My guess is that next year we will see the end of HDD. I was hoping maybe a redesign would have made it happen this year but no luck.”
  • Steve Troughton-Smith: “iPad Air, iPad mini, iMacs, iMac Pro BTO bump, iPod touch, AirPods, AirPower and Watch bands as press releases — we’ve had full-blown keynotes for less”
  • Charles S Edge: “The contracts are signed and about half the pages are written, so pleased to announce that @rtrouton and I will be turning in the first draft of a new book called “A Unified Theory of Apple Device Management” to @Apress in July of 2019! Rich, you’ve been awesome to work with!!!”
  • Fraser Speirs: “Apple is continuing to cede the K–12 identity, data and workflow space to Microsoft. Maybe the right call but puts them at enormous weakness and disadvantage in the sector.”
  • Laura Rösler: “We finally reached the 20k Mac clients at @SAP. Let‘s open a bottle of #champagne”

Bugs and Security

Support and HowTos

Scripting and Automation

Apple Support

Updates and Releases

To Listen

Support

There are no ads on my webpage or this newsletter. If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Weekly News Summary for Admins — 2019-03-15

Lot’s of news for important conferences this week. JamfNation User Conference, MacSysAdmin, and WWDC are getting obviously closer. Also, MacADUK has sold out of tickets! (10 days and counting…)

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

On Scripting OS X

Conferences

MacAdmins on Twitter

  • Tim Perfitt: “Version 1.4 of MDS is going to be awesome. How awesome you ask? Glad you asked. 1/” (Thread)
  • Steve Troughton-Smith: “I like to remind myself sometimes that the current Mac Pro was announced before iOS 7…”

News and Opinion

Bugs and Security

Support and HowTos

Scripting and Automation

Updates and Releases

To Watch

To Listen

Just for Fun

Support

There are no ads on my webpage or this newsletter. If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Pi-Day: Let’s talk about dates, baby!

Happy Pi day!

Explanation for those who live in countries with sensible units and date notations: Americans – aside from using weird non-metric units – also have the odd habit of putting the month first in dates, then the day, then the year. So: ‘Mar 14, 2019’ or 3/14/2019. Instead of the more sensible 14.3.2019.

On the other hand, once every year, this weird notation will spell out 3.14, or the first three digits of the circle number, π (pi). And since non-mathematicians seem to love the (non-deserved) quasi-mystical nature of Pi and mathematicians are happy that at least once a year people are paying attention, Pi-day has become kind of a thing.

It’s also an excuse to bake tasty pies as a real-world dad joke manifestation, so overall, fun can be had!

But since we are talking about date notations…

While the day.month.year notation common in the rest of the world is arguably better than the American month/day/year, it is still not an ideal notation. Even better is year-month-day, especially when used with fixed digit lengths: YYYY-MM-DD, e.g. 2019-03-14.

While we will have to wait 1122 years before this notation approximates π, it has many other benefits. First, it sensibly and obviously sorts the components of date and time from largest (years) to lowest (seconds or even fractions of a second). It is fairly easy to parse in scripts and languages. When you sort ISO 8601 date strings alphanumerically, they will be in the correct order for dates. No other notation does that.

This is the reason this notation is enshrined as ISO 8601 and used in many places on your computer. For example, property lists encode timestamps in ISO 8601.

Learn more about property lists in my book: “Property Lists, Preferences and Profiles for Apple Administrators”

Jamf Extension Attributes can also be parsed properly as dates when returned in ISO 8601 format.

Dates in the shell

When working in shell scripts on macOS, you can use the date command to get the current date or for other date operations. Other flavors of unix-like operating systems have a specific flag to get ISO 8601 output, but in macOS you have to format manually:

$ date -u +"%F"
2019-03-14
$ date -u +"%FT%T"
2019-03-14T08:00:15

When you want a file’s creation, access, or modification date you can use the stat command:

$ stat -f 'Created: %Sc   Modified: %Sm   Accessed: %Sa' pi-day
Created: Mar 14 08:43:07 2019   Modified: Mar 14 08:43:06 2019   Accessed: Mar 14 08:43:06 2019

You can use the -t option to format the time:

$ stat -f 'Created: %Sc   Modified: %Sm   Accessed: %Sa' -t "%FT%T" pi-day
Created: 2019-03-14T08:43:07   Modified: 2019-03-14T08:43:06   Accessed: 2019-03-14T08:43:06

Finder and macOS Interface

You can teach Finder an approximation of ISO 8601. Go to System Preferences > Language & Region and click on the ‘Advanced…’ button and select the ‘Dates’ tab:

Set something close to the ISO date format for Mac
Set something close to the ISO date format for Mac

AppleScript

AppleScript will use the system’s date formatter (set in System Preferences) to parse and print dates. It will use the “Full date format” to show date objects by default, which is quite elaborate.

You can declare date variables with the short format, but as soon as you “compile” the script, it will be replaced by the full format. So, this:

set thedate to date "2019-03-14"

will turn into this

set thedate to date "Thursday, 14 March, 2019 at 00:00:00"

AppleScript uses the date format defined in System Preferences, so you have to have this set up. This format will also be used when AppleScript extracts a date object to a string, but again it will use the full date format by default:

get date string of thedate
"Thursday, 14 March, 2019" 

There is, however, a short date string property you can use:

get short date string of thedate
"2019-03-14"

Again, the output will depend on the format set in System Preferences.

  • AppleScript Language Guide: date

Python

Getting and parsing ISO dates with Python is (not surprisingly) easy.

$ python
>>> import datetime
>>> datetime.date.today().isoformat()
'2019-03-14'
>>> datetime.datetime.now().isoformat()
'2019-03-14T09:03:24.107317'
>>> datetime.datetime.now().replace(microsecond=0).isoformat()
'2019-03-14T09:04:10' 

You can also parse an ISO string with python:

>>> datetime.datetime.strptime("2019-03-14T10:09:12", "%Y-%m-%dT%H:%M:%S")
datetime.datetime(2019, 3, 14, 10, 9, 12)

Swift

Swift uses the Date class to represent dates and times. There is a DateFormatter object which can convert Date objects to strings and back. There is also a dedicated, if awkwardly named, ISO8601DateFormatter class just for ISO dates and times.

let now = Date()
print(ISO8601DateFormatter().string(from: now))

let pidaywithtime = ISO8601DateFormatter().date(from: "2019-03-14T15:09:26Z")

You can even customize the behavior of the ISO8601DateFormatter:

let dateISOFormatter = ISO8601DateFormatter()
dateISOFormatter.formatOptions = [ .withFullDate, .withDashSeparatorInDate]
let piday = dateISOFormatter.date(from: "2019-03-14")