Skip to main content
Question

Extension Attribute: softwareupdate check Apple servers (Not your local SUS)

  • April 4, 2012
  • 2 replies
  • 13 views
mrowell11
Forum|alt.badge.img+8

With the recent package apocalypse I wanted to check that our clients had installed all Apple software updates and not just the ones listed in our local SUS. It was mentioned in the #osx-server irc channel that you can use the --CatalogURL parameter with softwareupdate command.

So I wrote the following simple extended attribute that uses softwareupdate -l and the --CatalogURL parameter to directly query Apples update servers and not the software update servers specified by MCX/JSS etc.

#!/bin/bash

sucheck=`softwareupdate -l --CatalogURL "http://swscan.apple.com/content/catalogs/others/index-lion-snowleopard-leopard.merged-1.sucatalog" | grep -c "Software Update found"`

if [ $sucheck -gt 0 ]; then
   echo "<result>Updates</result>"
else
   echo "<result>None</result>"
fi

    2 replies

    mm2270
    Forum|alt.badge.img+24
    • mm2270
    • Legendary Contributor
    • April 11, 2012

    Thanks for this. I was able to adapt this method for a project where we are testing a few updates from Apple on a select group of Macs but did not want to open the update to all users on the internal SUS. Using the same idea as your script above, I was able to create a policy to install the update, from Apple, and not need to touch the plist that points them to the internal server.
    Worked really nice! I did not know this was even possible to do since the man page for softwareupdate doesn't list anything like this.

    Ninyo
    Forum|alt.badge.img+6
    • Ninyo
    • Contributor
    • November 26, 2023

    11 Years later, an update to this EA, eliminated the need for the catalog...

    #!/bin/bash sucheck=`softwareupdate -l | grep -c "Software Update found"` if [ $sucheck -gt 0 ]; then echo "<result>Updates</result>" else echo "<result>None</result>" fi
    Could be worse
    Terms & ConditionsCookie settingsAccessibility statement