MacInTouch Amazon link...
Channels
Apple, Troubleshooting, Questions
As John W alluded to, and as we've discussed in the classic Mac Pro topic, for Mac Pro 2009-2012, firmware (BootROM) updates are not automatically applied by system updates. You must run a full macOS installer, and it will then prompt you to manually update the BootROM before proceeding with the macOS install. This Macrumors thread has much more information about the various BootROM versions included with each macOS installer.
But the short of it is that everyone should probably update to the last BootROM version available, 144.0.0.0, which is included with "Install macOS 10.14.5 (and 10.14.6) Mojave", regardless of what macOS version you intend to run. As John W said, you don't actually have to install Mojave. After the BootROM update, it will reboot and prompt you to begin the install Mojave process, at which point you can quit. You can continue to run any OS supported by your hardware, even after the BootROM update (that means as far back as Leopard, in most cases).
I set aside some time today to do the firmware upgrade in the Mojave 10.14.6 full install. Being the cautious type, I removed all internal drives (except, of course, the High Sierra boot drive) before running the installer. No problems; it went quickly.

BootROM on this Mac Pro 5,1 is now 144.0.0.0.0.

Thanks for the detailed explanation of why and when the firmware gets updated.

And I can still boot into Snow Leopard, Mountain Lion, and Sierra.
 


I downloaded the re-signed installer for El Capitan, which downloads InstallMacOSX.dmg. This contains InstallMacOSX.pkg, which, when run, should create Install OS X El Capitan.app.

The problem is that it won't run; it fails the version check with "This version of OS X 10.11 cannot be installed on this computer". But I'm not trying to install OS X. I'm trying to create the OS X Installer, so I can use it elsewhere.

Pacifist doesn't help. It can extract the app from the package, but it is only 8.9 MB. It's missing the 6.21GB InstallESD.dmg, which the InstallMacOSX.pkg uses a script to install.

Do you think it would work to extract the app and the InstallESD.dmg with Pacifist and assemble it myself? Or, if the packages inside InstallESD.dmg are what is being re-signed, just extract that and use it to replace the same file in the previously downloaded Install OS X El Capitan.app? (The files in the previously downloaded install app are slightly newer than the "new" installer, mostly about by about 4 days.)

Why didn't Apple just update it in the App Store? You can still download it if you have the right link, which I do.
 


Thanks so much, TKS Ose! I had assumed the "iPhone 5" qualification meant iPhone 5 all varieties. Guess not. But that makes me wonder, why not the 5c? Might there be negative implications in leaving the 5c out?
The iPhone 5c and 5s were released one year after the iPhone 5. Presumably, they have the fixes for the GPS rollover issue, embedded in their GPS hardware already, whereas the iPhone 5 must be addressed via a software patch.

So, why didn't anyone at Apple recognize the need for the software fixes for the older GPS hardware at any point between Sept. 2013 (the release date of the iPhone 5s/5c when the issue was apparently known) and July 2019 (the release of iOS 9.3.6/10.3.4), and roll it into one of the earlier iOS updates when those hardware were in mainstream support? Just another indication of the breakdown in process controls at Apple.

Incidentally, I've read reports that GPS modules are no longer working for older iOS hardware for which Apple did not release an iOS update. That includes the iPhone 1, iPhone 3G, iPhone 3G S, iPhone 4, and iPad 1 with cellular.
 


Thanks so much, TKS Ose! I had assumed the "iPhone 5" qualification meant iPhone 5 all varieties. Guess not. But that makes me wonder, why not the 5c? Might there be negative implications in leaving the 5c out?
From Apple:
Update your iPhone or iPad software if you're experiencing issues with location, date, and time
As of November 3, 2019, some iPhone and iPad models introduced in 2012 and earlier require an iOS update to resume accurate GPS location...This issue does not affect iPod touch or any iPad models that have Wi-Fi only. It also doesn't affect iOS devices newer than those listed above.
The iPhone 5c was introduced in 2013.
 


I downloaded the re-signed installer for El Capitan, which downloads InstallMacOSX.dmg. This contains InstallMacOSX.pkg, which, when run, should create Install OS X El Capitan.app.
The problem is that it won't run; it fails the version check with "This version of OS X 10.11 cannot be installed on this computer". But I'm not trying to install OS X. I'm trying to create the OS X Installer, so I can use it elsewhere.
But Apple may have put checks into the package to only allow it to run on a system that install El Capitan, assuming that you are going to install it immediately, and not for later use. You didn't specify what kind of computer and OS you're running on, but I'm assuming you're either doing this on a newer computer which can't run El Capitan and/or on an OS newer than El Capitan (it says at the bottom of the download page "OS X El Capitan won't install on top of a later version of macOS")?
Do you think it would work to extract the app and the InstallESD.dmg with Pacifist and assemble it myself?
I don't think so, because you're not able to sign the resultant assembled install app.
Or, if the packages inside InstallESD.dmg are what is being re-signed, just extract that and use it to replace the same file in the previously downloaded Install OS X El Capitan.app? (The files in the previously downloaded install app are slightly newer than the "new" installer, mostly about by about 4 days.)
I don't think this would work either, because the new InstallESD.dmg would not match the checksums/signature that the old Install app is expecting. This is what prevents, for example, a malicious actor from distributing his own Install macOS.app that has modified InstallESD.dmg contents which include embedded malware.

What I think you need to do is run a virtual machine older than El Capitan, and try downloading the installer from there.
 


I downloaded the re-signed installer for El Capitan, which downloads InstallMacOSX.dmg. This contains InstallMacOSX.pkg, which, when run, should create Install OS X El Capitan.app.
The problem is that it won't run; it fails the version check with "This version of OS X 10.11 cannot be installed on this computer". But I'm not trying to install OS X. I'm trying to create the OS X Installer, so I can use it elsewhere.

Pacifist doesn't help. It can extract the app from the package, but it is only 8.9 MB. It's missing the 6.21GB InstallESD.dmg, which the InstallMacOSX.pkg uses a script to install.

Do you think it would work to extract the app and the InstallESD.dmg with Pacifist and assemble it myself? Or, if the packages inside InstallESD.dmg are what is being re-signed, just extract that and use it to replace the same file in the previously downloaded Install OS X El Capitan.app? (The files in the previously downloaded install app are slightly newer than the "new" installer, mostly about by about 4 days.)

Why didn't Apple just update it in the App Store? You can still download it if you have the right link, which I do.
The solution was to create the installer app using a Snow Leopard VM.
 


Are the installers for Lion, Mountain Lion, and Mavericks not affected by the certificate expiration? Pacifist says that the installation packages have no signature. That could explain why Apple didn't bother to provide new download links for those OS X versions.
 


Ric Ford

MacInTouch
More Mac firmware follies from Howard Oakley, who has been putting a huge amount of effort into researching, documenting, and helping us manage the mess:
Eclectic Light Co. said:
SilentKnight and silnite now look at firmware more thoroughly
The release of macOS 10.15 Catalina brought with it an update to EFI firmware for all Macs. Whereas in previous years Apple has brought Macs running other supported versions of macOS up to the same versions, this year it hasn’t. The result is that the same model running fully updated Mojave or High Sierra and another running Catalina should – in most cases – have different firmware versions. This is most confusing, particularly when some models like the iMac17,1 seem to have difficulty updating their firmware properly for Catalina.

The end result is that many Mac users now find themselves unsure whether their firmware is really up to date, and some are getting reports from macOS’s own firmware checks (eficheck) that there are problems....
 


Ric Ford

MacInTouch
There are apparently a lot of undocumented changes performed behind the scenes by Apple's latest macOS 10.14 "security" update....
Eclectic Light Co. said:
What changed in Mojave 10.14.6 Security Update 2019-001?
... The accompanying security release notes refer to fixes in AppleGraphicsControl, Audio, CUPS, File Quarantine, File System Events, Graphics, IOGraphics, two kernel bugs, libxml2, libxslt, manpages, PluginKit, and UIFoundation.

Looking through the bundled apps, I was surprised to discover that Photos has been updated, its build number incremented to 3461.7.150, with accompanying new builds of its supporting frameworks and iCloud support.

Going a bit deeper, the following items in /System/Library have also changed significantly in this Security Update:
  • several Assistant plugins
  • Siri app, its version rising to 146.15.4
  • Cloud Photos, with only a minor update
  • AMD Radeon driver KEXTs, which here have minor increments rather than the more substantial version changes in macOS 10.15.1, but there’s no sign of any support for Radeon 6000 series graphics cards in Mojave
  • Intel graphics driver KEXTs also have minor increments
  • APFS rises from version and build number 945.275.7 to 945.275.8
  • minor increments in many public and private frameworks
  • Python framework rises from 2.7.10 to 2.7.16
  • ‘Speech’ (Siri) preference pane is updated to version 146.15.4.
The overall build number for this new version of macOS Mojave is now 18G1012.

Included with this update, but not mentioned anywhere, are firmware updates for all models with T2 chips, which in this case brings their firmware version numbers into alignment with those of T2 Macs which have been upgraded to 10.15.1. However, models which lack the T2 chip don’t have any firmware updates on this occasion, which leaves them 1-3 versions behind the same model which has been upgraded to Catalina.
 


I downloaded the re-signed installer for El Capitan, which downloads InstallMacOSX.dmg. This contains InstallMacOSX.pkg, which, when run, should create Install OS X El Capitan.app. The problem is that it won't run; it fails the version check with "This version of OS X 10.11 cannot be installed on this computer". But I'm not trying to install OS X. I'm trying to create the OS X Installer, so I can use it elsewhere.
I'd mentioned above that multiple attempts to download the new Mojave installer weren't working for me. I found two ways to get the installer to launch:

(1) Rebooting. Apparently the certificate check will continue to fail even after downloading the correct installer if it failed since the last reboot.​
(2) By removing InstallInfo.plist from the package – a more drastic solution (which I found before learning about rebooting), but may work if rebooting doesn't work.​
 


I'd mentioned above that multiple attempts to download the new Mojave installer weren't working for me. I found two ways to get the installer to launch:
(1) Rebooting. Apparently the certificate check will continue to fail even after downloading the correct installer if it failed since the last reboot.​
(2) By removing InstallInfo.plist from the package – a more drastic solution (which I found before learning about rebooting), but may work if rebooting doesn't work.​
I don't know if this is important, but I noticed that when you quit a macOS installer, it still leaves InstallESD mounted. This is in the later installers that invisibly mount it.

Perhaps you had the problematic InstallESD (invisibly) mounted, and when you downloaded the re-signed version, the new InstallESD didn't mount. Or they both were mounted, and it was confused.
 


Are the installers for Lion, Mountain Lion, and Mavericks not affected by the certificate expiration? Pacifist says that the installation packages have no signature. That could explain why Apple didn't bother to provide new download links for those OS X versions.
They are affected. Apple isn't providing links because they don't want customers running old software.

As I understand it, updates for these versions may be available to developers, but I don't have access or know anyone who can confirm that.
 


KJM

I just tried to open a Pages file sent from a relatively new iPad to an older MacBook Pro (OS X 10.11.6) and was presented with a message that I needed the new version of Pages to open it... which I can't install on this OS X version.
If you are looking for a workaround: Export the document on the iOS device e.g. in Word format. You should be able to open that Word document in the old Pages version on your Mac.
 


They are affected. Apple isn't providing links because they don't want customers running old software. As I understand it, updates for these versions may be available to developers, but I don't have access or know anyone who can confirm that.
I remember having to change the date (to before Feb. 2016) the last time I installed Mavericks, which was perhaps 2 years ago.
 


There are apparently a lot of undocumented changes performed behind the scenes by Apple's latest macOS 10.14 "security" update....
There's something undocumented in the High Sierra "security" update too. After installing it on a macOS 10.13 Mac running macOS Server, the built-in PHP can no longer send emails via the local host mail server. The normal email server works perfectly but PHP cannot send an email. There's no errors in any of the logs and PHP reports success (or lack of an error) in passing the email to the server. Everything else still works perfectly (thankfully). So, something changed with the security update. But what?
  • There's nothing in Apple's security update information about any changes to mail server or PHP. (I have discovered by myself that PHP has been updated, but there's nothing in their changelog in regard to the "mail()" command.)
  • There are no errors in any of the logs.
  • It's macOS 10.13 and macOS Server 5.7, so I doubt Apple will care or fix anything (they are both now end-of-line and will be dead this time next year).
  • It's damn annoying and I guess, short of some in-depth testing/debugging, I'm SOL (see above) - one more nail in the coffin of macOS Server.
 


I remember having to change the date (to before Feb. 2016) the last time I installed Mavericks, which was perhaps 2 years ago.
Disconnecting from the internet also works, as last night I did a an erase and dual install of Snow Leopard and Lion on a white 2007 iMac using this method. I have also used the date roll-back method with success.
 


They are affected. Apple isn't providing links because they don't want customers running old software. As I understand it, updates for these versions may be available to developers, but I don't have access or know anyone who can confirm that.
Apple doesn't provide accessible links for Lion or Mountain Lion, as they were "paid" products. If you want to re-download them, you do it via the App Store > Purchases > login with the Apple ID you originally used to buy either/both of those products. If you were one of those people who thought you were clever buying Lion on a USB stick instead of the App Store, I guess you're screwed.
 


The solution was to create the installer app using a Snow Leopard VM.
Michael, please elaborate on your process. I find the new InstallMacOSx.dmg posted for El Capitan behaves the same when accessed while running Mojave on a 2018 Mac Mini or running Mountain Lion on a 2008 Mac Pro. Both mount a volume containing the InstallMacOSX.pkg (6.21 GB), and double-clicking that launches Installer, which informs that it can't install on the Mojave system but will happily upgrade the Mountain Lion system. At what point were you presented with OS X El Capitan.app or able to create it? If it is a matter of creating, please run through the steps. Thanks in advance.
 


... At what point were you presented with OS X El Capitan.app or able to create it? If it is a matter of creating, please run through the steps. Thanks in advance.
Answering my own question: revisiting the dialogs shown in the Installer and clicking through to the Installation Type step, it says it will take 7 MB of space, not the expected 6+ GB. This was a hint that the Install OS X El Capitan application would be written to the Applications folder, rather than immediately proceeding to a restart/install sequence.

Sure enough, an Install OS X El Capitan app was produced and, weighing in at 6.22 GB, is a tad more than the stated 7 MB. ;-)

Apple has a support page, dated Oct 24 2019, which covers the process fairly well:

 


Are the installers for Lion, Mountain Lion, and Mavericks not affected by the certificate expiration? Pacifist says that the installation packages have no signature.
They are affected.
I'm not getting it.
Code:
pkgutil --check-signature
on every package in the 2016 Install OS X Mavericks says
Status: no signature.
And, I can launch the installer in Snow Leopard without an error. So why are we thinking it has a certification expiration issue?
 


There's something undocumented in the High Sierra "security" update too. After installing it on a macOS 10.13 Mac running macOS Server, the built-in PHP can no longer send emails via the local host mail server.
Graham, the program used by PHP to send mail is specified in /etc/php.ini, in the sendmail_path setting. You might check there to see what it's set to, and verify that that program still exists in the same location. If it's incorrect, you can edit that file using:
Code:
sudo vi /etc/php.ini
Personally, I set this to /usr/bin/false because I don't want to accidentally send email while I'm developing PHP code.
 


There's something undocumented in the High Sierra "security" update too. After installing it on a macOS 10.13 Mac running macOS Server, the built-in PHP can no longer send emails via the local host mail server. The normal email server works perfectly but PHP cannot send an email. There's no errors in any of the logs and PHP reports success (or lack of an error) in passing the email to the server. Everything else still works perfectly (thankfully). So, something changed with the security update. But what?
  • There's nothing in Apple's security update information about any changes to mail server or PHP. (I have discovered by myself that PHP has been updated, but there's nothing in their changelog in regard to the "mail()" command.)
  • There are no errors in any of the logs.
  • It's macOS 10.13 and macOS Server 5.7, so I doubt Apple will care or fix anything (they are both now end-of-line and will be dead this time next year).
  • It's damn annoying and I guess, short of some in-depth testing/debugging, I'm SOL (see above) - one more nail in the coffin of macOS Server.
With poor labeling of updates, I believe that the security update went through several betas before a final release. In this instance, it was hard to separate the beta versions from the final version. It is possible that the downloads that I saw were actually final versions with goofs in them with Apple releasing updated 'final' versions with the same name.
 


Graham, the program used by PHP to send mail is specified in /etc/php.ini, in the sendmail_path setting. You might check there to see what it's set to, and verify that that program still exists in the same location. If it's incorrect, you can edit that file using:
Code:
sudo vi /etc/php.ini
Personally, I set this to /usr/bin/false because I don't want to accidentally send email while I'm developing PHP code.
Thank you for the tip. A quick check reveals that the php.ini file hasn't been changed by the security update. But maybe something has happened with the mail server location. I will investigate more thoroughly and post back with my findings.
 


My iMac is currently running Mojave 10.14.6, and for several days now I am being told that an update is due — the problem is that I get no information about what update this is.

I have "Automatic Updates" selected, but so far, this update isn't automatic.

I really don't want to update to macOS 10.15 for a number of reasons, and I worry that this is what Apple wants me to do. Is there a way to check what update this is?
 


Ric Ford

MacInTouch
My iMac is currently running Mojave 10.14.6, and for several days now I am being told that an update is due — the problem is that I get no information about what update this is. ... Is there a way to check what update this is?
I'd suggest running SilentKnight, which should show what's pending (and let you optionally install updates).

Alternatively, you can use the softwareupdate --list command in Terminal.app, as in this example, which shows a pending update in this example with macOS 10.12.6:
Bash:
softwareupdate --list
Software Update Tool

Finding available software
Software Update found the following new or updated software:
   * iTunes Device Support Update-
    iTunes Device Support Update ( ), 128392K [recommended]
 


I'd suggest running SilentKnight, which should show what's pending (and let you optionally install updates).
Alternatively, you can use the softwareupdate --list command in Terminal.app, as in this example, which shows a pending update in this example with macOS 10.12.6...
Thanks, Ric. I should add that Silent Knight is an immensely useful bit of software; everyone should have this.
 


My iMac is currently running Mojave 10.14.6, and for several days now I am being told that an update is due — the problem is that I get no information about what update this is.
I have "Automatic Updates" selected, but so far, this update isn't automatic.
I really don't want to update to macOS 10.15 for a number of reasons, and I worry that this is what Apple wants me to do. Is there a way to check what update this is?
If you want to stay with the GUI, click System Preferences > Software Update. After the Catalina announcement, you should see a clickable indication of other updates. If you click that, you will see a clickable list of updates. Clicking each one will let you see a description, while clicking the associated checkboxes will download and install them. Catalina will not be installed.
 


So, thanks to MacInTouch and Tony Aguila, I went to the Apple upgrade page
and downloaded a new installer today. It had been totally invisible from the App Store on several computers, despite previous “purchases” and many searches.

However, the 6GB installer I downloaded to get the new certificates was, to quote Apple, “damaged and can’t be used”.

Yes, Apple are still allowing you to download their own out-of-date software and then telling you their own software is damaged. Shameful. Once I reset the date on my computer to 2018, it all worked fine.

P.S. Reset the date ASAP, or you will run into other problems (broken Wi-Fi network in my case).
 


Amazon disclaimer:
As an Amazon Associate I earn from qualifying purchases.

Latest posts