Friday, May 18, 2018

Where are my 32bit apps?

     Recent versions of macOS High Sierra are warning users that their applications are "not optimized" for their Mac. This message is caused when 32bit applications are built and there are tons of articles explaining this. For more information, you can search for them.

    Above is an example of the warning for the app "DjView", which is compiled as 32bit and opened on High Sierra 10.13.4. This message is simple to dismiss, but annoying for users in lab environments where their "acceptance" of the less-than-optimized versions are not stored from session to session. Apple has provided the ability to prevent this message by using the following command within the recovery environment (MacObserver Post):
sudo nvram boot-args="-no32exec"
    This preference is helpful, but less so as it's restricted to an environment that requires some admin interaction with the actual hardware. I've also seen suggestions that the following defaults command can be run as root to disable the warnings:
sudo defaults write -g CSUIDisable32BitWarning -boolean true
    I've not had the same luck with the defaults command that others have so your mileage may vary. The best resolution to this message is likely going to be replacing the 32bit apps with 64bit versions. This is harder than it sounds, as some applications used in our lab environments have not been updated in a few years or more. Developers are likely not going to be able to quickly "patch" these apps with a new 64bit build, so finding replacements or ignoring the message may be the most common resolution.

    So, where are all your 32bit apps? Well, most of the articles I've found direct you to look at the System Information.app, which has a nice list of Applications and a Yes/No column for 64-Bit (9TO5Mac Source). I prefer a less GUI method and have found two additional methods for locating apps.

    The first method uses mdfind and the Spotlight database to locate files that have the 'i386' architecture and excludes anything that is already 64 bit. Excluding 64-bit apps explicitly is important because some binaries are built with both 32 and 64 bit. Update: Testing an app that's universal seems to still prompt, for example SoundHack.app displayed the warning. These "universal binaries" shouldn't interfere with the transition to 64-bit only (E.G /usr/bin/chsh). Using the following command in the Terminal.app should return all of the files that are 32 bit that spotlight knows about:
mdfind "(kMDItemExecutableArchitectures == 'i386') && (kMDItemExecutableArchitectures != 'x86_64')"

    The second method uses the find command to locate any file that reports itself as an 'i386' executable. Using find is helpful for locating binaries that might not be in the spotlight database. It also works on systems where the spotlight database was disabled for some reason. Running the following command in the Terminal.app is likely to return more than you want to see, but I prefer to trim out things I don't care about rather than miss them completely:
find / -type f -perm +111 -exec file -p {} \; -exec head -c 1 /dev/zero \; | xargs -0 -n 1 sh -c 'echo "$@" | head -n 1' -- | grep -v x86_64 | grep -E Mach-O.+i386
     Both commands can be found on this StackExchange post: 

     Many thanks to the others who have helped explain and locate 32-bit apps. Hopefully, this information can be as helpful to others as it was for me! If anyone has a method for disabling this prompt on High Sierra that doesn't require the recovery partition, please let me know! Bonus points for a configuration profile!

Wednesday, July 26, 2017

Autodesk 2017/2018

If you've not been introduced to the trial-by-fire that are the AutoDesk installers, then look no further. AutoDesk products have always been a challenge to deploy and sticking with that theme the 2017/2018 products don't disappoint. Through some historical knowledge and cooperation with other admins, I was able to deploy most of the Autodesk apps to a lab of Macs.

AutoCad Install

I started off deploying AutoCAD, which in itself wasn't the main problem. Stephen Warneford-Bygrave shared his script for installing AutoCAD 2017, which provided a good start for me.
https://macadmins.slack.com/files/wegotoeleven/F62TCT17Z/autocad2017.sh 
The "Install Autodesk AutoCAD 2017 for Mac.pkg" installed fine on a system without a user logged in on one of my systems, but failed on all my other tests. After many failures to install I finally found that it checks for the system locale during a postflight. For whatever reason, this value wasn't set on my lab systems (Skipped Reg, CreateUserPkg admin). The only system that worked was one that had run through the setup assistant to create the admin account. I was able to overcome this by setting the AppleLocal manually:

wait defaults write .GlobalPreferences AppleLocale -string "en-US" 

After this discovery, I encountered a few AutoCAD updates which provided me more issues. Both the HotFix1 and Combo updates would fail to install silently/without a user logged in. I finally gave up on these and just repackaged them. I'd be interested to hear from anyone who has gotten them to work.

Maya Install

We modeled off Neil's install script for Maya, which runs the setup tool to install the app.

See his script here: https://macadmins.slack.com/files/neilmartin83/F3YAJPE3X/maya_2017_install_script.sh

MudBox Install

Installing MudBox is fairly simple. Mount the DMG, Install the Pacakges, create the Network license files, and run adlmreg.

/usr/sbin/installer -pkg "/tmp/Autodesk_Mudbox/Install Mudbox 2017.app/Contents/Resources/Mudbox/Mudbox2017.mpkg" -target /
/usr/sbin/installer -pkg "/tmp/Autodesk_Mudbox/Install Mudbox 2017.app/Contents/Resources/Mudbox/Additional Items/adlmapps12.pkg" -target /
/usr/sbin/installer -pkg "/tmp/Autodesk_Mudbox/Install Mudbox 2017.app/Contents/Resources/Mudbox/Additional Items/adlmflexnetclient.pkg" -target /
/usr/sbin/installer -pkg "/tmp/Autodesk_Mudbox/Install Mudbox 2017.app/Contents/Resources/Mudbox/Additional Items/AdSSO-v2.pkg" -target /
/usr/sbin/installer -pkg "/tmp/Autodesk_Mudbox/Install Mudbox 2017.app/Contents/Resources/Mudbox/Additional Items/clmv4.1.1.pkg" -target /
/usr/sbin/installer -pkg "/tmp/Autodesk_Mudbox/Install Mudbox 2017.app/Contents/Resources/Mudbox/Additional Items/adlmframework12.pkg" -target /

mkdir -p "/Library/Application Support/Autodesk/CLM/LGS/498I1_2017.0.0.F/"

// License Server File
cat > "/Library/Application Support/Autodesk/CLM/LGS/498I1_2017.0.0.F/LICPATH.lic" << EOF
'SERVER $MUDBOX17_SERIAL_NUMBER 000000000000 $MUDBOX17_LICENSE_SERVER_PORT
USE_SERVER
END_OF_FILE' 
EOF

# License Server File 2
echo '_NETWORK' > "/Library/Application Support/Autodesk/CLM/LGS/498I1_2017.0.0.F/LGS.data"

# License Server File 3
echo 'done' > "/Library/Application Support/Autodesk/CLM/LGS/498I1_2017.0.0.F/nw.cfg"

# Register with adlmreg
"/tmp/Autodesk_Mudbox/Install Mudbox 2017.app/Contents/Resources/adlmreg" -ih N 498I1 498I1 2017.0.0.F "$MUDBOX17_SERIAL_NUMBER" /Library/Application\ Support/Autodesk/Adlm/PIT/2017/MudboxConfig.pit

SketchBook Install

SketchBook is about the same as MudBox, except that we expand the package to get the adlmreg tool.

/usr/bin/hdiutil attach -quiet -nobrowse -mountpoint "/tmp/Autodesk_SketchBook" "/tmp/Autodesk_SketchBook.dmg"

/usr/sbin/installer -pkg "/tmp/Autodesk_SketchBook/Autodesk_SketchBook_for_Enterprise_2018_Multilingual_MAC_OSX.pkg" -target /

/bin/rm -Rfd "/tmp/Autodesk_SketchBook_expand"
/usr/sbin/pkgutil --expand "/tmp/Autodesk_SketchBook/Autodesk_SketchBook_for_Enterprise_2018_Multilingual_MAC_OSX.pkg" "/tmp/Autodesk_SketchBook_expand"

/usr/bin/hdiutil detach -force "/tmp/Autodesk_SketchBook"
rm "/tmp/Autodesk_SketchBook.dmg"

mkdir -p "/Library/Application Support/Autodesk/CLM/LGS/871J1_2018.0.0.F/"

# License Server File
cat > "/Library/Application Support/Autodesk/CLM/LGS/871J1_2018.0.0.F/LGS.data" << EOF
'SERVER $SKETCHBOOK18_LICENSE_SERVER 000000000000 $SKETCHBOOK18_LICENSE_SERVER_PORT
USE_SERVER
END_OF_FILE' 
EOF

# License Server File 2
echo '_NETWORK' > "/Library/Application Support/Autodesk/CLM/LGS/871J1_2018.0.0.F/LGS.data"

# License Server File 3
echo 'done' > "/Library/Application Support/Autodesk/CLM/LGS/871J1_2018.0.0.F/LGS.data"

/tmp/Autodesk_SketchBook_expand/sketchbookpro2018.pkg/Scripts/adlmreg -ih Network 871J1 871J1 2018.0.0.F "$SKETCHBOOKPRO18_SERIAL_NUMBER" "/tmp/Autodesk_SketchBook_expand/sketchbookpro2018.pkg/Scripts/SketchBookforEnterpriseConfig.pit"

/bin/rm -Rfd "/tmp/Autodesk_SketchBook_expand"

Flame Install

Finally, we're pushing Flame instead of Smoke this year. Installing is simple and it's registered as a standalone license. In addition to the install, Flame likes to set up "/etc/exports" and the Apache web service to open you up for vulnerabilities. We disable them as well. Not sure if that effects the tools, but no complaints yet. We'd likely lock down firewalls if they were required to run.

wait /usr/bin/hdiutil attach -quiet -nobrowse -mountpoint "/tmp/Autodesk_Flame" "/tmp/Autodesk_Flame.dmg"

# Install Package
wait /bin/bash -c "/usr/sbin/installer -pkg /tmp/Autodesk_Flame/Install\ Flame\ Educational\ Edition.app/Contents/Resources/dist/Installer-Flame-2018.0.0-436.x86_64.mpkg -target /"

# Register the product
wait /bin/bash -c "/opt/Autodesk/flame_2018/bin/adlmreg -ih Network C14J1 C14J1 2018.0.0.F {parameter "FLAME18_SERIAL_NUMBER"} /opt/Autodesk/flame_2018/bin/res/adlm/Flame-EducationConfig.pit"

# Eject Disk Image
wait /usr/bin/hdiutil detach -force "/tmp/Autodesk_Flame"
delete "/tmp/Autodesk_Flame.dmg"
# Remove exports
rm "/etc/exports"
# Disable apache
/bin/launchctl unload -w /System/Library/LaunchDaemons/org.apache.httpd.plist

I have hope that AutoDeskworks to improve these installers, document the official process, or at least doesn't make it worse. As always, remember The Commandments of Packaging! Have fun out there and be safe!

Thursday, June 29, 2017

EndNote X8 Activation

I've recenlty been tasked with deploying EndNote X8 to a lab of systems and found a few very helpful items, plus a "bug". This post is to document those items so that you may have an easier time deploying than I.

Thanks to Rich Trouton's DefFlounder blog, I was able to find an already existing AutoPkg recipe to create an EndNote X8 pkg for deployment. This was particularly helpful because the install instructions for EndNote X8 are written assuming a user is logged in (not to mention an admin) and the software is distributed with a .app installer (Boo!).

After testing the deployment, I found that the EndNote X8 app still requested activation on first boot. This seemed to be related to the existence of the ~/Library/Preferences/com.ThomsonResearchSoft.EndNote.plist. After a short dig, I found the software looking for the "AcceptedENX7.2EULA". Why it says 7 and not 8 is anyone's guess.

Adding this preference to the global /Library/Preferences folder prevented the additional activation checks and EndNote X8 launched as expected. Ready for the labs!

This is the defaults command we use to ensure activation prompts are dismissed:

defaults write "/Library/Preferences/com.ThomsonResearchSoft.EndNote.plist" "AcceptedENX7.2EULA" -string "1"

Friday, September 30, 2016

Profiles (.mobileconfig) are awesome!

I shouldn't be telling you anything that isn't already prevailing knowledge, but I'm excited about it anyway. Profiles have been around for a while now, but I'm just starting to adopt them more in our environment. I'm still not using an MDM for our Macs, but I know we have a gap there.

The point of this post is to remove a random text file from my desktop and to share it with everyone else, plus my blog is really stale. So, without further ramblings, here's a list of some locations where you too can find, and benefit, from existing profiles:

https://github.com/nmcspadden/Profiles
https://github.com/rtrouton/profiles
https://github.com/rtrouton/documentation_VM_profiles
https://github.com/golbiga/Profiles
https://github.com/gregneagle/profiles
https://github.com/rodchristiansen/Profiles
https://github.com/erikng/osxprofiles
https://github.com/amsysuk/public_config_profiles

I know there are more out there so please comment if you've got one! I'll be creating one eventually and will share it here, too.

Happy Profiling!