Home > First Boot Package Install, Mac administration, Mac OS X, Packaging, Scripting > First Boot Package Install Revisited

First Boot Package Install Revisited

As covered previously, Greg Neagle’s createOSXinstallPkg is a useful tool for installing or upgrading Mac OS X in a variety of situations. One of the nicer features is that you can edit the OS X installer to install additional packages.

However, the limitations of the OS X install environment mean that there are a number of installers that won’t install correctly. In particular, packages that rely on pre- or postflight scripts to perform important tasks may fail to run properly in the OS X install environment.

To help work around this limitation, I developed First Boot Package Install.pkg, an installer package that enables other packages to be installed at first boot. It’s designed for use with createOSXinstallPkg with the goal of allowing installer packages that can’t run in the OS X Install environment to be incorporated into a createOSXinstallPkg-using deployment workflow.

The first version of First Boot Package Install.pkg had some limitations though, with the biggest one probably being that you couldn’t tell what it was doing when it was running. Instead, all that was displayed was the gray Apple loading screen.


I tried various approaches of booting into verbose mode and writing log entries to the console, but none of the approaches were good enough to introduce into production. Fortunately, Per Olofsson developed exactly what I was looking for with his LoginLog tool.


Using LoginLog.app as a way to display updates to the user, I’ve been able to update First Boot Package Install.pkg with improved visual feedback. I’ve also now incorporated another piece of feedback I’ve received, which is to add a network check. This new check makes sure that the Mac has a network address other than or before it proceeds to install any packages. For more details, see below the jump.

To use First Boot Package Install.pkg‘s pre-built installer package:

1. Download the First_Boot_Package_Install.zip file from the installer directory on my GitHub repo:


Screen Shot 2013-05-12 at 5.45.21 PM


2. Once downloaded and unzipped, right-click on the package and choose Show Package Contents.

Screen Shot 2013-05-12 at 5.46.37 PM


3. Go to Contents: Resources: fb_installers


Screen Shot 2013-05-12 at 5.47.22 PM

4. Add one installer package to each numbered directory. The number of the directory indicates the install order, with 00 being the first.

Screen Shot 2013-05-12 at 5.47.42 PM

Screen Shot 2013-05-12 at 5.48.01 PM

As needed, more numbered directories may be added to the fb_installers directory. For numbers 9 or less, make sure to label the directory with a leading zero (For example, 06).

NOTE: createOSXinstallPkg has an upper limit of 350 MBs of available space for added packages. This is sufficient space for basic configuration, payload-free or bootstrapping packages, but it’s not a good idea to add Microsoft Office or similar large installers to this installer.

5. Once finished adding installers to the numbered directories, First Boot Package Install.pkg is ready to be added to a deployment workflow.


What’s supposed to happen

The installer package is designed to install packages in the desired order, then remove all traces. All actions occur while access to the OS X login window is blocked.


What the end-user sees

After the OS X install completes, it restarts and the LoginLog window appears over the login window. The LoginLog window will then display progress updates for as long as it takes for the packages to install. Once the install completes, the Mac automatically restarts and boots up normally to the login window.

Screen Shot 2014-04-17 at 5.23.37 PM

How First Boot Package Install.pkg works


When First Boot Package Install.pkg is installed via createOSXinstallPkg, it does the following:


1. Copies First Boot Package Install.pkg/Contents/Resources/fb_installers to /Users/Shared/fb_installers

2. The following files are installed:







After OS X is installed by createOSXinstallPkg and reboots, the following process occurs:


1. The com.company.firstbootpackageinstall LaunchDaemon triggers /var/firstbootpackageinstall.sh to run.

2. /var/firstbootpackageinstall.sh stops the login window from loading and checks for the existence of /Users/Shared/fb_installers.


If /Users/Shared/fb_installers is not found, the following actions take place:


A. The login window is allowed to load.

B. The following files are deleted by /var/firstbootpackageinstall.sh:






C. /var/firstbootpackageinstall.sh checks for an existing /var/log/firstbootpackageinstall.log logfile and renames the existing logfile to include the current date and time.

D. /var/firstbootpackageinstall.sh deletes itself.


If /Users/Shared/fb_installers is found, the following actions take place:


A. If /Users/Shared/fb_installers exists, the login window is allowed to load

B. A log is created to record the actions taken by /var/firstbootpackageinstall.sh. By default, this logfile named firstbootpackageinstall.log and is stored in /var/log.

C. /Library/LaunchAgents/com.company.LoginLog.plist loads and launches /Library/PrivilegedHelperTools/LoginLog.app

D. /Library/PrivilegedHelperTools/LoginLog.app opens a window over the Mac’s login window and displays the logfile

E. A network check is run, to ensure that the Mac has a network address other than or (which are otherwise known as loopback addresses.) This network check will check every five seconds for the next 60 minutes for a working network connection.


Network check fails – If only loopback addresses are detected within 60 minutes, the script will take the following actions:

  • Log a failure message to the log
  • Delete /Users/Shared/fb_installers
  • Restart
  • On restart, the “if /Users/Shared/fb_installers is not found” actions occur

Network check succeeds – If a non-loopback address is detected, the script will take the following actions:

  • Log a success message to the log
  • Proceed with the rest of the script


F. The packages are installed, using the numbered subdirectories to set the order of installation

G. Once installation has finished, /Users/Shared/fb_installers is deleted

H. The Mac is restarted

I. On restart, the “if /Users/Shared/fb_installers is not found” actions occur.


All First Boot Package Install.pkg components and scripts are available at my GitHub repo:


The Iceberg project files are also available via the link above if you want to build a customized First Boot Package Install.pkg for your own environment.

  1. April 18, 2014 at 3:17 am

    If anyone needs an “ultra-lightweight” script for installing Office 2011, I have [one][1] which will download all of the necessary packages directly from Microsoft and install them for you, and I (try to) keep it updated whenever a new patch to 2011 is announced.

    It’s just a (zsh) shell script which only uses generic Unix utilities which are installed on OS X by default. Feel free to modify and use as needed:

    [1]: https://github.com/tjluoma/office2011

  2. Henry Spencer
    July 8, 2014 at 9:27 pm

    Just found your ‘First Boot Package Install’ today and it is fantastic; exactly what I was searching for. Well almost…I know you said you added the network check functionality due to recent feedback.

    If I did *not* want that network check done, however, how would I go about deleting that portion of the script and then repackage everything?

  3. Shane Tungate
    October 14, 2014 at 7:27 am

    I’ve just been testing this out with 10.10 and the LoginLog app doesn’t appear until approximately 12 secs after the login user name and password fields appear. When the LoginLog app appears, it is basically at the end of the process of installing packages.

  4. brock
    November 2, 2014 at 4:22 am

    Hi Rich – just used this w 10.10 & worked great however I’d like to disable the network check. I know I can comment out that part of the script but if you have time it would be great to get step by step instructions for the process (I found the script but I’m not exactly sure where or when it gets run…) Thanks!

    • November 2, 2014 at 6:33 am


      If you want to disable the network check, you should be able to do this by commenting out lines 76 – 114 of the firstbootpackageinstall.sh script.

      That script, along with all other First Boot Package Install components and scripts are available at my GitHub repo:


      The Iceberg project files are also available via the link above if you want to build a customized First Boot Package Install.

      • brock
        November 3, 2014 at 2:01 am

        i should have read step 2 more carefully. thanks a bunch!

  5. Matt Jerome
    June 9, 2016 at 3:04 pm

    I had the login log window pop up with nothing in it and I had to manually close it…Am I just not waiting log enough?

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: