macOS Cacher for Mojave and Earlier

What the Mojave Big Sur installer cacher does

This Automox Worklet™ pre-stages the full macOS Big Sur installer onto Mojave and earlier endpoints so the InstallAssistant package is sitting in /Applications before any upgrade policy runs. The Worklet downloads the installer directly from Apple's swcdn.apple.com content delivery host using curl with resume support, compares a shasum against the bigSurSHA value baked into the script, and runs the package installer so the result is a working Install macOS Big Sur.app on the local disk. Because curl is invoked with -C -, a dropped connection on the 12 to 13 GB transfer can resume rather than restart from zero.

The Worklet is scoped to Mojave and earlier because the script's whichOS gate exits when the Darwin major version is 19 or higher. Darwin 19 is Catalina, which is where Apple's softwareupdate flow can stage the Big Sur installer for an in-place upgrade and an Apple Content Cache can serve the installer payload across the LAN. On Mojave (Darwin 18), High Sierra (Darwin 17), and earlier releases, that automatic path is not available for Big Sur, so every endpoint pulls the full installer over the WAN unless you stage the file yourself. The evaluation script reads the kernel version with uname -r | cut -d "." -f1 and exits 0 when the OS is already Big Sur or later (Darwin 20 and up), so the policy is safe to target a mixed-vintage fleet.

Before the download starts, the remediation script computes free space on the boot volume with df -h / and exits when fewer than 40 GB are available, which is enough headroom for the InstallAssistant.pkg, the expanded SharedSupport.dmg, and the staged Install macOS Big Sur.app. The download lands in /private/var/tmp/macOS_Installer/InstallAssistant.pkg, is shasum-verified against bigSurSHA, is installed with installer -pkg /private/var/tmp/macOS_Installer/InstallAssistant.pkg -tgt /, and on success the staging directory is removed. If the downloaded pkg checksum does not match bigSurSHA, the staging directory is wiped and the script exits without invoking the installer, so a corrupted transfer does not produce a half-staged installer.

Why pre-stage Big Sur installers on legacy Macs

Mojave shipped in 2018 and reached end-of-support in 2021, but it is still in production on hardware that never made the Catalina cutover: lab machines, point-of-sale Macs, older Mac Pro design workstations, and field laptops whose owners deferred the upgrade. When you finally schedule the Big Sur upgrade for those endpoints, every one of them fetches 12 to 13 GB of installer data from Apple over the WAN, and the upgrade window stretches to fit the slowest link on the network.

Mojave and earlier macOS releases sit outside the softwareupdate path that lets newer macOS endpoints consume a Big Sur installer from an Apple Content Cache, so an in-place upgrade pulls the full InstallAssistant.pkg over the WAN for every endpoint. This Worklet stages that installer locally on each Mac: it downloads InstallAssistant.pkg once per endpoint on the schedule you set, validates the SHA against the bigSurSHA value in the script, and leaves the installer ready for the upgrade policy that fires next. The Big Sur rollout is no longer rate-limited by the slowest WAN link on the slowest Mojave laptop.

How Big Sur installer caching on Mojave works

1. Evaluation phase: The script reads the Darwin kernel major version with uname -r | cut -d "." -f1. When the value is 20 or higher (Big Sur, Monterey, Ventura, Sonoma), the endpoint is already on or past the target and the script exits 0 with a skip message. Otherwise, the script tests for the staged installer at /Applications/Install macOS Big Sur.app/Contents/SharedSupport/SharedSupport.dmg. When the DMG is present the endpoint is treated as already cached and the script exits 0; when it is missing the script exits 1 to trigger remediation.

2. Remediation phase: The script re-checks the OS gate with the whichOS function (Darwin must be less than 19) and the free-disk gate with diskSpace (at least 40 GB on /). It creates /private/var/tmp/macOS_Installer, runs curl -L -C - against bigSurURL on swcdn.apple.com to fetch InstallAssistant.pkg with resume support, and computes the SHA with shasum. On a match against bigSurSHA, the script runs installer -pkg /private/var/tmp/macOS_Installer/InstallAssistant.pkg -tgt /, sleeps three seconds, and confirms the new SharedSupport.dmg exists. On a successful staging the /private/var/tmp/macOS_Installer staging directory is cleaned up; on a pkg checksum mismatch the staging directory is removed and the installer is never run.

Mojave installer caching requirements

• Endpoint running macOS Mojave (10.14, Darwin 18), High Sierra (10.13, Darwin 17), or earlier; the remediation script's whichOS gate exits on Catalina (Darwin 19) and newer

• At least 40 GB free on the boot volume to hold InstallAssistant.pkg, the expanded SharedSupport.dmg, and the staged Install macOS Big Sur.app

• Outbound HTTP reachability from the endpoint to swcdn.apple.com on TCP 80 for the full duration of a 12 to 13 GB transfer (the bigSurURL in remediation.sh uses http://, not https://)

• Root execution context (the default Automox agent context already satisfies this), required by installer -pkg ... -tgt / and by writes under /Applications and /private/var/tmp

• The bigSurSHA and bigSurURL variables in remediation.sh refreshed against the Apple installer checksum list at github.com/notpeter/apple-installer-checksums whenever Apple rotates the InstallAssistant build

• Awareness that other Automox policies on the same endpoint may stall while this Worklet holds the run lock for a multi-gigabyte download

Expected state after the Big Sur installer is staged

On a successful run, /Applications/Install macOS Big Sur.app exists on the endpoint with its SharedSupport.dmg in place, the downloaded InstallAssistant.pkg has been verified against bigSurSHA, and /private/var/tmp/macOS_Installer has been removed. You can confirm the staging by running ls -lh "/Applications/Install macOS Big Sur.app/Contents/SharedSupport/SharedSupport.dmg" on the endpoint. Subsequent evaluation runs find the DMG already present and exit 0 without re-downloading.

With the installer cached locally, an upgrade policy that calls startosinstall (or the installer GUI in a notify-then-upgrade flow) consumes the staged Install macOS Big Sur.app instead of fetching the package over the WAN. The upgrade window for a Mojave or High Sierra cohort collapses to the time it takes to lay down the new system image and reboot, rather than the time it takes the slowest endpoint to pull 12 to 13 GB from Apple. Once the Mojave endpoints reach Big Sur or later, the cohort can move onto an Apple Content Cache served from a Catalina-or-newer host, and this Worklet can be retired for that segment of the fleet.