189 lines
7.1 KiB
Bash
Executable File
189 lines
7.1 KiB
Bash
Executable File
#!/bin/bash
|
|
##########################################################################
|
|
# Script : Reinstall macOS
|
|
# Autor : Andreas Vogel
|
|
# Copyright : macenterprise gmbh, 2021
|
|
##########################################################################
|
|
set -x
|
|
##### ensure computer does not go to sleep while running this script #####
|
|
/usr/bin/caffeinate -dimus &
|
|
CAFFPID=$!
|
|
|
|
##########################################################################
|
|
################# required for Silicon Macs ##############################
|
|
jamfHelper="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper"
|
|
|
|
if [[ -f "$jamfHelper" ]]; then
|
|
|
|
# Jamf Helper localizations - erase lockscreen
|
|
jamfHelper_erase_title_en="Erasing macOS"
|
|
jamfHelper_erase_desc_en="This computer is now being erased and is locked until rebuilt"
|
|
jamfHelper_erase_title_de="macOS Wiederherstellen"
|
|
jamfHelper_erase_desc_de="Der Computer wird jetzt zurückgesetzt und neu gestartet"
|
|
jamfHelper_erase_button_en="Yes"
|
|
jamfHelper_erase_button_de="Ja"
|
|
jamfHelper_erase_cancel_button_en="Cancel"
|
|
jamfHelper_erase_cancel_button_de="Abbrechen"
|
|
|
|
# Jamf Helper localizations - free space check
|
|
jamfHelper_check_desc_en="The macOS upgrade cannot be installed on a computer with less than 30GB disk space."
|
|
jamfHelper_check_desc_de="Die Installation von macOS ist auf einem Computer mit weniger als 30GB freien Festplattenspeicher nicht möglich."
|
|
|
|
# Jamf Helper icon for confirmation dialog
|
|
jamfHelper_confirmation_icon="/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/AlertStopIcon.icns"
|
|
|
|
# Grab currently logged in user to set the language for Jamf Helper messages
|
|
current_user=$(/usr/sbin/scutil <<< "show State:/Users/ConsoleUser" | /usr/bin/awk -F': ' '/[[:space:]]+Name[[:space:]]:/ { if ( $2 != "loginwindow" ) { print $2 }}')
|
|
language=$(/usr/libexec/PlistBuddy -c 'print AppleLanguages:0' "/Users/${current_user}/Library/Preferences/.GlobalPreferences.plist")
|
|
if [[ $language = de* ]]; then
|
|
user_language="de"
|
|
else
|
|
user_language="en"
|
|
fi
|
|
|
|
|
|
jamfHelper_erase_title=jamfHelper_erase_title_${user_language}
|
|
jamfHelper_erase_desc=jamfHelper_erase_desc_${user_language}
|
|
jamfHelper_check_desc=jamfHelper_check_desc_${user_language}
|
|
jamfHelper_erase_button=jamfHelper_erase_button_${user_language}
|
|
jamfHelper_erase_cancel_button=jamfHelper_erase_cancel_button_${user_language}
|
|
fi
|
|
|
|
|
|
kill_process() {
|
|
process="$1"
|
|
if /usr/bin/pgrep -a "$process" >/dev/null ; then
|
|
/usr/bin/pkill -a "$process" && echo " '$process' ended" || \
|
|
echo "'$process' could not be killed"
|
|
fi
|
|
}
|
|
|
|
|
|
|
|
################# required for Silicon Macs ##############################
|
|
ask_for_username() {
|
|
/usr/bin/osascript <<EOT
|
|
set nameentry to text returned of (display dialog "Please enter an account name to start the reinstallation process" default answer "" buttons {"Enter", "Cancel"} default button 1 with icon 2)
|
|
EOT
|
|
}
|
|
|
|
|
|
user_has_no_secure_token() {
|
|
/usr/bin/osascript <<EOT
|
|
display dialog "User $account_name has no Secure Token! Please login as one of the following users and try again: ${enabled_users}" buttons {"OK"} default button 1 with icon 2
|
|
EOT
|
|
}
|
|
|
|
ask_for_password() {
|
|
/usr/bin/osascript <<EOT
|
|
set nameentry to text returned of (display dialog "Please enter the password for the $account_name account" default answer "" with hidden answer buttons {"Enter", "Cancel"} default button 1 with icon 2)
|
|
EOT
|
|
}
|
|
|
|
check_password() {
|
|
user="$1"
|
|
password="$2"
|
|
password_matches=$( /usr/bin/dscl /Search -authonly "$user" "$password" )
|
|
if [[ -z "${password_matches}" ]]; then
|
|
echo "Success: the password entered is the correct login password for $user."
|
|
else
|
|
echo "ERROR: The password entered is NOT the login password for $user."
|
|
/usr/bin/osascript <<EOT
|
|
display dialog "ERROR: The password entered is NOT the login password for $user." buttons {"OK"} default button 1 with icon 2
|
|
EOT
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
get_user_details() {
|
|
account_name=$(stat -f '%u %Su' /dev/console | cut -d ' ' -f 2)
|
|
|
|
|
|
user_has_secure_token=0
|
|
enabled_users=""
|
|
while read -r line ; do
|
|
enabled_users+="$(echo $line | cut -d, -f1) "
|
|
if [[ "$account_name" == "$(echo $line | cut -d, -f1)" ]]; then
|
|
echo "$account_name has Secure Token"
|
|
user_has_secure_token=1
|
|
fi
|
|
done <<< "$(/usr/bin/fdesetup list)"
|
|
if [[ $enabled_users != "" && $user_has_secure_token = 0 ]]; then
|
|
echo "$account_name has no Secure Token"
|
|
user_has_no_secure_token
|
|
exit 1
|
|
fi
|
|
|
|
|
|
if ! account_password=$(ask_for_password) ; then
|
|
echo "Use cancelled."
|
|
exit 1
|
|
fi
|
|
check_password "$account_name" "$account_password"
|
|
}
|
|
##########################################################################
|
|
free_space_check() {
|
|
free_disk_space=$(df -Pk . | column -t | sed 1d | awk '{print $4}')
|
|
|
|
if [[ $free_disk_space -ge 30000000 ]]; then
|
|
echo "OK - $free_disk_space KB free disk space detected"
|
|
else
|
|
echo "ERROR - $free_disk_space KB free disk space detected"
|
|
"$jamfHelper" -windowType "utility" -description "${!jamfHelper_check_desc}" -alignDescription "left" -icon "$jamfHelper_confirmation_icon" -button1 "Ok" -defaultButton "0" -cancelButton "1"
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
|
|
install_macos_app=$(find /Applications -type d -name 'Install macOS*')
|
|
|
|
HELPER=$("$jamfHelper" -windowType utility -icon "$jamfHelper_confirmation_icon" -title "${!jamfHelper_erase_title}" -description "${!jamfHelper_erase_desc}" -button1 "${!jamfHelper_erase_button}" -button2 "${!jamfHelper_erase_cancel_button}" -cancelButton "2" -defaultButton 2)
|
|
|
|
echo "Jamf Helper Exit Code: $HELPER"
|
|
|
|
|
|
|
|
|
|
if [ "$HELPER" == "0" ]
|
|
then
|
|
processor=$(/usr/sbin/sysctl -n machdep.cpu.brand_string)
|
|
if [ "$processor" == "Apple M1" ]
|
|
then
|
|
if [ -d "$install_macos_app" ]
|
|
then
|
|
free_space_check
|
|
get_user_details
|
|
rm -rf "$install_macos_app"
|
|
softwareupdate --fetch-full-installer
|
|
install_macos_app=$(find /Applications -type d -name 'Install macOS*')
|
|
"$install_macos_app/Contents/Resources/startosinstall" --eraseinstall --newvolumename "Macintosh HD" --agreetolicense --nointeraction --stdinpass --user "$account_name" <<< $account_password
|
|
else
|
|
free_space_check
|
|
get_user_details
|
|
softwareupdate --fetch-full-installer
|
|
install_macos_app=$(find /Applications -type d -name 'Install macOS*')
|
|
"$install_macos_app/Contents/Resources/startosinstall" --eraseinstall --newvolumename "Macintosh HD" --agreetolicense --nointeraction --stdinpass --user "$account_name" <<< $account_password
|
|
fi
|
|
else
|
|
if [ -d "$install_macos_app" ]
|
|
then
|
|
free_space_check
|
|
rm -rf "$install_macos_app"
|
|
softwareupdate --fetch-full-installer
|
|
install_macos_app=$(find /Applications -type d -name 'Install macOS*')
|
|
"$install_macos_app/Contents/Resources/startosinstall" --eraseinstall --newvolumename "Macintosh HD" --agreetolicense --nointeraction
|
|
else
|
|
free_space_check
|
|
softwareupdate --fetch-full-installer
|
|
install_macos_app=$(find /Applications -type d -name 'Install macOS*')
|
|
"$install_macos_app/Contents/Resources/startosinstall" --eraseinstall --newvolumename "Macintosh HD" --agreetolicense --nointeraction
|
|
fi
|
|
fi
|
|
else
|
|
exit 0
|
|
fi
|
|
|
|
|
|
kill_process "Self Service"
|
|
kill_process "jamfHelper"
|
|
kill_process $CAFFPID |