Skip to main content

With the recent package apocalypse I wanted to check that our clients had installed all Apple software updates and not just the ones listed in our local SUS. It was mentioned in the #osx-server irc channel that you can use the --CatalogURL parameter with softwareupdate command.



So I wrote the following simple extended attribute that uses softwareupdate -l and the --CatalogURL parameter to directly query Apples update servers and not the software update servers specified by MCX/JSS etc.



#!/bin/bash



sucheck=`softwareupdate -l --CatalogURL "http://swscan.apple.com/content/catalogs/others/index-lion-snowleopard-leopard.merged-1.sucatalog" | grep -c "Software Update found"`



if [ $sucheck -gt 0 ]; then

   echo "<result>Updates</result>"

else

   echo "<result>None</result>"

fi

Thanks for this. I was able to adapt this method for a project where we are testing a few updates from Apple on a select group of Macs but did not want to open the update to all users on the internal SUS. Using the same idea as your script above, I was able to create a policy to install the update, from Apple, and not need to touch the plist that points them to the internal server.
Worked really nice! I did not know this was even possible to do since the man page for softwareupdate doesn't list anything like this.

11 Years later, an update to this EA, eliminated the need for the catalog...

#!/bin/bash

sucheck=`softwareupdate -l | grep -c "Software Update found"`

if [ $sucheck -gt 0 ]; then
echo "<result>Updates</result>"
else
echo "<result>None</result>"
fi

Reply


Terms & ConditionsCookie settings