timsutton / osx-vm-templates

macOS templates for Packer and VeeWee.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Sierra 10.12.4 possible?

petemounce opened this issue · comments

I saw the note in the readme about Apple having now enforced signed PKGs during setup. I think I'm suffering from https://www.virtualbox.org/ticket/16644.

I'm not a subject matter expert by any means, but came across http://osxdaily.com/2016/09/27/allow-apps-from-anywhere-macos-gatekeeper/ which sounds like it could be related? sudo spctl --master-disable sounds ... promising?

Or am I conflating Apps with PKGs? This really isn't my expertise, all I want is to make a VM I can run some QA with.

Gatekeeper isn't a factor at this point - it's a change that Apple made to the tools running in the installer environment to eliminate sideloading of arbitrary packages along with the OS install.

I've begun some work to try and refactor the package contents out into a separate script that would simply run after the install script, which is currently possible because Apple still allows you to make modifications of the BaseSystem.dmg. I can get it to at least get the installation started, so it probably isn't too much more work to port the rest of the script over.

However this kind of behaviour seems in limbo given recent additions to Sierra and with WWDC around the corner (and that it seems very likely that the next macOS may require APFS to boot), I'm not sure that I won't have to begin rethinking how most of this installer bootstrapping will work once we get the first developer preview in a few weeks. That said it would be nice if we could at least make it possible for Sierra to keep working until it has run its course.

@timsutton it looks like one person (geerlingguy/macos-virtualbox-vm#24 (comment)) has had the same problem and done what you suggest, if I'm following the commands in his snippet correctly. In fact, he's been great and PR'd that - #82.

@petemounce unfortunately the new package signing requirement of the installer and https://www.virtualbox.org/ticket/16644 are separate issues. The first applies to any hypervisor, while the second is a virtualbox specific issue with the 10.12.4's installer :-(. I prefer @timsutton 's idea of installing the bootstrap pkg using a rc script, it is definitely faster and more elegant in my humble opinion, I actually started playing with a rc script after reading the note on the README, but I couldn't pass the boot screen and then I started searching for another alternatives when I realised that the same install images were working fine for wmware [1][2].

The glIOScreenLockState still appears before starting the GUI, so it might not be connected at all with the installer's freeze.

screen shot 2017-05-15 at 21 29 09

[1] https://derflounder.wordpress.com/2017/03/29/third-party-installer-packages-may-not-be-installable-by-the-macos-10-12-4-os-installer/
[2] https://github.com/rtrouton/create_macos_vm_install_dmg

Hello, according to https://derflounder.wordpress.com/2017/03/29/third-party-installer-packages-may-not-be-installable-by-the-macos-10-12-4-os-installer/ it could be possible to self sign the package.

I tried that within the prepare_iso.sh with an certificate of my own:
BUILT_PKG_SIGNED="$SUPPORT_DIR/tmp/veewee-config.pkg_signed"
/usr/bin/productsign --sign 'Developer ID Installer: xxx (yyy)' "$BUILT_PKG" "$BUILT_PKG_SIGNED"
cp $BUILT_PKG_SIGNED $BUILT_PKG

Unfortunately the problem persists. Is the method from the link different from this projects approach?

Nevermind! The link states that this only works "If you are building a NetInstall NetBoot set using System Image Utility". Maybe I was misled by the readme stating "The prepare_iso.sh script in this repo makes use of functionality Apple supports as part of a NetInstall workflow".

@kschrage , I verified it does not work to sign both the pkgbuild and and productbuild steps using the --sign option with my Deverloper ID cert. Still get the same error that package is veewee-config.pkg is not signed.

Has anyone checked out /System/Library/CoreServices/Applications/System Image Utility.app/Contents/MacOS/imagetool? It looks like it gives us the ability to use System Image Utility in a CLI form and use a Plist to customize to final installer. I haven't checked to see if it's in High Sierra, but it looks like it may be helpful if Packer/Virtualbox/VMware can play nicely with the resulting image.

Does anyone know a way to get the old installer?

@ddavidebor did you may found a solution to get the old installer? As far as I can see from developer accounts and official pages they only provide the latest version!

ping me an email at d@fermiumlabs.com