Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

macOS Sierra and Later Not Listed in Mac App Store Purchased Tab, Updates Not Tied to Apple ID

xWhiplash

macrumors 68030
Oct 21, 2009
2,807
1,718
Avid Media Composer 8.9 is not compatible with High Sierra yet, so not finding Sierra on the App Store was bad news... Thank you so much jasminetroll, 'mas install 1127487414' saved my day.

It wasn't working with my main Apple ID with which I downloaded Sierra a while ago but it worked with a client's ID with which I recently downloaded Sierra.

Sierra was not showing in the App Store but to my surprise 'mas install 1127487414' triggered the download!

Here is a question to you guys that use these as work systems: Why are you upgrading to a brand new OS which will always have issues until a .1, .2, .3 release? This is the same thing we do on the Windows side. We never ever EVER EVER upgrade a production system to a new OS without properly testing. If this is a work computer, you need to make a complete clone of your drive every time you upgrade. If things go wrong, you have a way back to your old install. I don't need to rely on Apple's servers for their old OS downloads, or Microsoft's servers for Windows 7 ISOs either.

I really do not understand why so many people update on a .0 release on a production system without testing first. Our IT department is still rolling out Windows 10 after successful tests, how long has Windows 10 been around?

Also, Avid Adobe and others have had months to get their software compatible.

The rule is simple: Never ever update to a .0 release if you use your system to pay your bills or put food on your tables. High Sierra is a bit buggy right now, as usual with .0 releases.

If you do need to update on release day/week/quarter, always always always make a clone of your drive first. Another option is to just create a small partition - test out your programs to see if they work - delete that partition and upgrade your main partition if the test was successful. Always in IT have a way to get back if an update fails that you control. What if I updated my Mac or Windows PC and Microsoft or Apple got DDOS'ed and their downloads were not available? You need some backup that you control.
 

Mainyehc

macrumors 6502a
Mar 14, 2004
631
176
Lisbon, Portugal
And how does one then quit the installer after it's downloaded, and then use it on another machine/VM?
Easy. You just quit it by cancelling the update (or just acknowledging that, yes, it is incompatible, *after* the download finishes). It's not like it will delete itself, it only does that if you are upgrading and follow through with the installation process (and that's why you should either/both create a bootable installer – see below – or/and back up the installer app itself before performing the upgrade).

As for using it to downgrade a machine (do bear in mind that you will have to erase and install to do that, but it's definitely doable) or reusing it on another machine, just create a bootable USB installer with an app like DiskMaker X or the createinstallmedia command on the Terminal. Easy-peasy.

And if it works for physical machines, it should work with a VM. In fact, I'd bet that VMWare Fusion and Parallels Desktop can probably install it to a new VM straight from the installer app, but since I haven't done that in a while I can't be 100% certain about it.
 
Last edited:

ManuelGomes

macrumors 68000
Dec 4, 2014
1,617
354
Aveiro, Portugal
I know this is just a detail but why on earth did Angela refer to both versions as macOS Sierra and Mac OS High Sierra?
Again, just a minor detail but still odd.
 

alembic

macrumors regular
Oct 13, 2005
163
19
Of course, how long that (or any) downloaded version will work to do a new Sierra install, is anyone's guess, due to the certificates problem.

So the issue of getting a fresh Mac App Store download of the Sierra installer, remains.
A week before High Sierra was released, I downloaded a Sierra installer which was created on 2017-07-14. This seems to be the installer for the last version of Sierra, 10.12.6. Aside from doing another install, how do I confirm the version it will install? Will this installer stop working after a certain period of time?
 

jimthing

macrumors 68000
Apr 6, 2011
1,567
816
London, UK (Europe, Earth, Space)
A week before High Sierra was released, I downloaded a Sierra installer which was created on 2017-07-14. This seems to be the installer for the last version of Sierra, 10.12.6. Aside from doing another install, how do I confirm the version it will install? Will this installer stop working after a certain period of time?
Good question.
 

eicca

macrumors 6502a
Oct 23, 2014
629
490
I also used the link in Post #155 to successfully install Sierra. I installed it on a MacBook Pro (13-inch, Mid 2012). In "System Preferences > Security & Privacy > General > Allow apps downloaded from", I did have to select "Anywhere" before it would install, though.

Everything seems to be working OK. Thanks, folks, especially to Mr_Brightside_@, jimthing, and Bob-K.

I was a little nervous about not downloading it directly from the Mac App Store, so I did make an attempt to verify it using the procedures I found here in an article entitled "Verifying that you’ve downloaded genuine Apple software."

The first part all checked out regarding the checks on the installer's digital signature, but when I went to verify that the signature isn’t broken, I got the result that the "resource envelope is obsolete (custom omit rules)". Not sure what that means. Any ideas? Is this cause for concern?

I also verified that the SHA1 checksum for the installer (InstallESD.dmg) matched the value listed here.

I had intended to check the download using the procedure here, but for some reason the installer was an .app instead of a .pkg. When I double-clicked the installer, it just started the installation instead of opening an installer window.

Finally, I see that the link in question keeps getting deleted from the original thread that was linked to in Post #155 for some reason...

No issues using the post 155 file for you? I just tried running it and it hung on the "verifying" progress bar.
 

HenryAZ

macrumors 6502a
Jan 9, 2010
647
121
South Congress AZ
Good question.
Whether it will work for a set period of time, I cannot answer. To get the version it will install, you need something like Pacifist, which will open up a .dmg file. Right click on the installer.app, Show Package Contents, browse to /Contents/SharedSupport/InstallESD.dmg. Right click on that file to open it in Pacifist, then browse the contents to /System/Library/CoreServices/SystemVersion.plist, and that file will list the version number it will install. You can also find your current version at any time (other methods are easier), by reading /System/Library/CoreServices/SystemVersion.plist.
 

Bob-K

macrumors member
Sep 1, 2014
58
52
Oakland, CA
Aside from doing another install, how do I confirm the version it will install?

When I click on the installer app in the Finder (in column view) (or do "get info"), it says "Version: 12.6.03"

I guessed that this meant it would install 10.12.6, and that was the case.
 

jimthing

macrumors 68000
Apr 6, 2011
1,567
816
London, UK (Europe, Earth, Space)
Whether it will work for a set period of time, I cannot answer. To get the version it will install, you need something like Pacifist, which will open up a .dmg file. Right click on the installer.app, Show Package Contents, browse to /Contents/SharedSupport/InstallESD.dmg. Right click on that file to open it in Pacifist, then browse the contents to /System/Library/CoreServices/SystemVersion.plist, and that file will list the version number it will install. You can also find your current version at any time (other methods are easier), by reading /System/Library/CoreServices/SystemVersion.plist.
All good to know, but how is that different to simply doing this?:
When I click on the installer app in the Finder (in column view) (or do "get info"), it says "Version: 12.6.03"

I guessed that this meant it would install 10.12.6, and that was the case.
________
Anyway the more important question remains: how does one know if the certificate is still valid?

Seemingly you can't find this out? (until you try and run the installer app, and it doesn't work, of course!)
 

alembic

macrumors regular
Oct 13, 2005
163
19
Thx for the instructions to determine the target OS version of the Sierra installer. Yesterday I confirmed
the installer created on 2017-07-14 does indeed install 10.12.6.

The 12.6.03 in the installer Get Info window is the PackageVersion found in com.apple.pkg.InstallOS.plist (which, as suggested, is related to 10.12.6).

As far as the signing certificate, from Terminal, execute the following:

pkgutil --check-signature path/to/Install\ macOS\ Sierra.app/Contents/SharedSupport/InstallESD.dmg

This will display the status of the installer's certificate but does not indicate an expiry date.
[doublepost=1507579021][/doublepost]Here's an example output:

Package "InstallESD.dmg":
Status: signed by Apple
Certificate Chain:
1. Apple Mac OS Installer Package Signing
SHA1 fingerprint: 06 BD 50 40 07 CC 4B 3B BF 77 7E CF E9 22 3B ED 55 4B 22 76
-----------------------------------------------------------------------------
2. Apple Worldwide Developer Relations Certification Authority
SHA1 fingerprint: FF 67 97 79 3A 3C D7 98 DC 5B 2A BE F5 6F 73 ED C9 F8 3A 64
-----------------------------------------------------------------------------
3. Apple Root CA
SHA1 fingerprint: 61 1E 5B 66 2C 59 3A 08 FF 58 D1 4A E2 24 52 D1 98 DF 6C 60
 

jimthing

macrumors 68000
Apr 6, 2011
1,567
816
London, UK (Europe, Earth, Space)
Thx for the instructions to determine the target OS version of the Sierra installer. Yesterday I confirmed
the installer created on 2017-07-14 does indeed install 10.12.6.

The 12.6.03 in the installer Get Info window is the PackageVersion found in com.apple.pkg.InstallOS.plist (which, as suggested, is related to 10.12.6).

As far as the signing certificate, from Terminal, execute the following:

pkgutil --check-signature path/to/Install\ macOS\ Sierra.app/Contents/SharedSupport/InstallESD.dmg

This will display the status of the installer's certificate but does not indicate an expiry date.
[doublepost=1507579021][/doublepost]Here's an example output:

Package "InstallESD.dmg":
Status: signed by Apple
Certificate Chain:
1. Apple Mac OS Installer Package Signing
SHA1 fingerprint: 06 BD 50 40 07 CC 4B 3B BF 77 7E CF E9 22 3B ED 55 4B 22 76
-----------------------------------------------------------------------------
2. Apple Worldwide Developer Relations Certification Authority
SHA1 fingerprint: FF 67 97 79 3A 3C D7 98 DC 5B 2A BE F5 6F 73 ED C9 F8 3A 64
-----------------------------------------------------------------------------
3. Apple Root CA
SHA1 fingerprint: 61 1E 5B 66 2C 59 3A 08 FF 58 D1 4A E2 24 52 D1 98 DF 6C 60
That command didn't work for me for some reason, I have the Sierra installer.app on my Desktop, and got the following:

Package does not exist: path/to/Install macOS Sierra.app/Contents/SharedSupport/InstallESD.dmg

Any ideas?
 

alembic

macrumors regular
Oct 13, 2005
163
19
jimthing, sorry, in the above path, you'll have to replace path/to with ~/Desktop. So something like:

pkgutil --check-signature ~/Desktop/Install\ macOS\ Sierra.app/Contents/SharedSupport/InstallESD.dmg
 
  • Like
Reactions: jimthing

jimthing

macrumors 68000
Apr 6, 2011
1,567
816
London, UK (Europe, Earth, Space)
jimthing, sorry, in the above path, you'll have to replace path/to with ~/Desktop. So something like:

pkgutil --check-signature ~/Desktop/Install\ macOS\ Sierra.app/Contents/SharedSupport/InstallESD.dmg

Bingo! Snap:
Package "InstallESD.dmg":
Status: signed by Apple
Certificate Chain:
1. Apple Mac OS Installer Package Signing
SHA1 fingerprint: 06 BD 50 40 07 CC 4B 3B BF 77 7E CF E9 22 3B ED 55 4B 22 76
-----------------------------------------------------------------------------
2. Apple Worldwide Developer Relations Certification Authority
SHA1 fingerprint: FF 67 97 79 3A 3C D7 98 DC 5B 2A BE F5 6F 73 ED C9 F8 3A 64
-----------------------------------------------------------------------------
3. Apple Root CA
SHA1 fingerprint: 61 1E 5B 66 2C 59 3A 08 FF 58 D1 4A E2 24 52 D1 98 DF 6C 60
Thanks. Though I presume this means that the expiry date is thus seemingly at the whim of Apple, whenever they decide to stop signing that particular version; goodbye to any of us using it then?
 
Last edited:

jimthing

macrumors 68000
Apr 6, 2011
1,567
816
London, UK (Europe, Earth, Space)

alembic

macrumors regular
Oct 13, 2005
163
19
I tried fooling the installer with a 2030-01-01 system date and unfortunately it would only return a generic error message "... application is damaged, and can't be used to install macOS." There was no expiry warning with an option to Show Certificate. So through trial and error I nailed the expiry date to 2019-10-24. I'm unsure if this date is somehow related to the date I downloaded the installer, 2017-09-14. I'd be curious to know if other installers share the same expiry date or not.
 
  • Like
Reactions: jimthing

jimthing

macrumors 68000
Apr 6, 2011
1,567
816
London, UK (Europe, Earth, Space)
I tried fooling the installer with a 2030-01-01 system date and unfortunately it would only return a generic error message "... application is damaged, and can't be used to install macOS." There was no expiry warning with an option to Show Certificate. So through trial and error I nailed the expiry date to 2019-10-24. I'm unsure if this date is somehow related to the date I downloaded the installer, 2017-09-14. I'd be curious to know if other installers share the same expiry date or not.
Nice work. Good question, too. How anyone would find that out, is anyone's guess...?
 

HenryAZ

macrumors 6502a
Jan 9, 2010
647
121
South Congress AZ
All good to know, but how is that different to simply doing this?:

That does not show the subversion, or "build" number. Apple occasionally releases updates to a "release", with a slightly upgraded build version. So, 10.12.3 build 16D32, or build 16D35?

/System/Library/CoreServices/SystemVersion.plist does show you the build version.
________
Anyway the more important question remains: how does one know if the certificate is still valid?
I'm not sure of the answer to this. All of my saved installers from Snow Leopard up to Yosemite were made invalid by an expired certificate.

Seemingly you can't find this out? (until you try and run the installer app, and it doesn't work, of course!)
Yep
 

alembic

macrumors regular
Oct 13, 2005
163
19
When I upgraded to iTunes 12.6.3 (to eliminate update notifications for 12.7 and retain access to iOS AppStore), I examined the installer package's signed certificate, Apple Software Update CA, and found the expiry date to be 2019-10-24 (which is the same date for my copy of the Sierra installer app).
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.