by Graham Pugh
WARNING. This is a self-destruct script. Do not try it out on your own device!
erase-install.sh
is a script to erase a Mac directly from the system volume, utilising the eraseinstall
option of startosinstall
, which is built into macOS installer applications since version 10.13.4.
If run without any options, the script will not perform the erase. This means that the script can also be used to pre-cache the installer, or simply to make it available for the user.
So, if run without any options, the script will do the following:
- Check if an installer is already present in the working directory of this script from a previous run.
- If not, check if an existing macOS installer is present in the
/Applications
folder. If present, checks that it isn't older than the current installed version. - If no valid installer is found, a forked version of
installinstallmacos.py
is downloaded. This is used to download the current macOS installer that is valid for this device (determined by Board ID and Model Identifier). The installer is compressed and placed in a.dmg
in the working directory.
For more information on the forked version of installinstallmacos.py
, see grahampugh/macadmin-scripts
There are a number of options that can be specified to automate this script further:
--erase
runs thestartosinstall
command with the--eraseinstall
option to wipe the device. The parameter--confirm
can be added to present the user with a confirmation dialog which must be accepted to perform the erase process.--reinstall
runs thestartosinstall
command to reinstall the system OS on the device (without erasing the drive). Use this for upgrade/reinstall without losing data.--move
moved the macOS installer to/Applications
or to a specified path if it isn't already there.--overwrite
deletes any existing downloaded installer and re-downloads it.--update
downloads an installer only if it is newer than the cached one.--replace_invalid
downloads an installer only if the cached one is invalid for use on this system (usually because the version of the cached installer is older than the current system)
If the --erase
or --reinstall
options are used, and additional packages are placed in the folder specified by the variable extra_installs
, which can be overridden with the --extras
argument, these packages will be installed as part of the erase-/re-install process. These packages must be signed.
For macOS 10.15 Catalina or greater, experimental support is added for softwareupdate --fetch-full-installer
. This new functionality can be used to replace the use of installinstallmacos.py
using the --fetch-full-installer
option. It will set the seed catalog supplied with the --seedprogram
argument, using macOS's built in seedutil
command. The --fetch-full-installer
option can be used in conjunction with the --overwrite
, --reinstall
, and --erase
options.
-
Run the script with argument
--help
to show the available options, then stop.sudo bash erase-install.sh --help
-
Run the script with argument
--list
to check the available installers. This will downloadinstallinstallmacos.py
and list the available updates, then stop.sudo bash erase-install.sh --list
-
Run the script with no arguments to download the latest production installer. By default, this is stored in a DMG in the working directory of the
installinstallmacos.py
script. If an existing installer is found locally on the disk (either in the default location, or in/Applications
), and it is a valid installer (>10.13.4), it will not download it again.sudo bash erase-install.sh
-
Run the script with argument
--overwrite
to remove any existing macOS installer found in/Applications
or the working directory, and download the latest production installer. By default, this is stored in a DMG in the working directory of theinstallinstallmacos.py
script.sudo bash erase-install.sh --overwrite
-
Run the script with argument
--replace_invalid
to remove any existing macOS installer found in/Applications
or the working directory that is older than the current system, and download the latest production installer. By default, this is stored in a DMG in the working directory of theinstallinstallmacos.py
script.sudo bash erase-install.sh --replace_invalid
-
Run the script with argument
--update
to remove any existing macOS installer found in/Applications
and download the latest production installer, but only if the latest poduction installer is newer than the cached one. By default, this is stored in a DMG in the working directory of theinstallinstallmacos.py
script.sudo bash erase-install.sh --update
-
Run the script with argument
--samebuild
to check for the installer which matches the current system macOS build (usingsw_vers
), rather than the latest production installer. This allows the reinstallation of a forked or beta version that is already installed on the system volume.sudo bash erase-install.sh --samebuild
-
Run the script with argument
--sameos
to check for the installer which matches the currently installed macOS major version. This basically filters by version, and looks for the latest build matching the version. Useful if you want to avoid upgrading during erase-install, but don't want to have to specify a particular OS.sudo bash erase-install.sh --sameos
-
Run the script with argument
--os=10.14
to check for the installer which matches the specified macOS major version. This basically filters by version, and looks for the latest build matching the version. Useful during Golden Master periods.sudo bash erase-install.sh --os=10.14
-
Run the script with argument
--version=10.14.3
to check for the installer which matches the specified macOS point version. This basically filters by version, and looks for the lowest build matching the version.sudo bash erase-install.sh --version=10.14.3
-
Run the script with argument
--build=XYZ123
to check for the installer which matches the specified build ID, rather than the latest production installer or the same build. Note that it will only work if the build is compatible with the device on which you are running the script.sudo bash erase-install.sh --build=XYZ123
-
Run the script with argument
--move
to move the downloaded installer to the/Applications
folder. Note that this argument does not apply in conjunction with the--erase
orf
flags.sudo bash erase-install.sh --move
-
Run the script with arguments
--move
and--path=/some/path
to move the downloaded installer to the specified folder. Note that this argument does not apply in conjunction with the--erase
flag.sudo bash erase-install.sh --move --path=/path/to/move/to
-
Run with
--erase
argument to check and download the installer as required and then run it to wipe the drive. Can be used in conjunction with the--os
,--version
,--build
,--sameos
,--samebuild
,--overwrite
,--replace_invalid
and--update
flags.sudo bash erase-install.sh --erase
-
If the
--erase
option is used, and additional packages are placed in the folder specified by the variableextra_installs
, these packages will be as part of the erase-install process. These packages must be signed. The path to these packages can be overridden with the--extras
argument.sudo bash erase-install.sh --erase --extras=/path/containing/extra/packages
-
If both the
--erase
and--confirm
options are used, a Jamf Helper window is displayed and the user is prompted to confirm erasure prior to taking any action. If the user chooses to cancel, the script will exit.sudo bash erase-install.sh --erase --confirm
-
Run with
--reinstall
argument to check and download the installer as required and then run it to reinstall macOS on the system volume. Can be used in conjunction with the--os
,--version
,--build
,--sameos
,--samebuild
,--overwrite
,--replace_invalid
and--update
flags.sudo bash erase-install.sh --reinstall
-
If the
--reinstall
option is used, and additional packages are placed in the folder specified by the variableextra_installs
, these packages will be as part of the reinstall process. These packages must be signed. The path to these packages can be overridden with the--extras
argument.sudo bash erase-install.sh --reinstall --extras=/path/containing/extra/packages
Option in Catalina or greater only
-
Run the script with the
--fetch-full-installer
argument to download the latest production installer usingsoftwareupdate --fetch-full-installer
. This downloads the current latest installer to/Applications
(the--move
option does not function here). If an existing installer is found locally on the disk (either in the default location, or in/Applications
), and it is a valid installer (>10.13.4), it will not download it again. Can be used in conjunction with the--version=10.X.Y
,--reinstall
and--erase
arguments.sudo bash erase-install.sh --fetch-full-installer
- macOS 10.13.4+ is already installed on the device
- Device file system is APFS
Note that downloading the installer does not require 10.13.4 or APFS, it is just the startosinstall --eraseinstall
command that requires it.
To run this script in Jamf Pro, upload the script, and then create a policy to run it. In the script parameters of the Policy, add the desired options, including the --
.
For example, to create a policy named Erase and Reinstall macOS
which is scoped models of Mac that can run the latest standard build, set parameters as follows:
- Parameter 4:
--erase
If you need a particular fork, create a policy scoped to the devices that require the forked build, and set parameters as follows:
- Parameter 4:
--erase
- Parameter 5:
--build=18A389
If you want to pre-cache the installer in /Applications
for use by another policy, make a policy named Download macOS Installer
and set parameters as follows:
- Parameter 4:
--move
- Parameter 5:
--overwrite
to replace any cached installer, or--update
to only replace any cached installer if a newer one is available, or--replace_invalid
to only update a cached installer if it is no longer valid on this system.
If you want to upgrade to macOS 10.14 while 10.13 installers are still available in the catalog, add this additional flag:
- Parameter 6:
--os=10.14
Or if you need to specify a particular point release version (say if more than one is available in the catalogue), add this additional flag:
- Parameter 6:
--version=10.14.3
Once the installer is in place in /Applications
folder, you can create another policy using the same script to perform an in-place upgrade using the --reinstall
option, without erasing the system.
erase-install.sh
allows you to specify values to command line options in two ways, either with a space or with an equals sign, e.g. --version 10.14.3
or --version=10.14.3
. If using Script Parameters in Jamf Pro, please ensure you use the equals sign, e.g. --version=10.14.3
.