A nicer Software update tool

Taboc741
New Contributor III

Since Jamf hasn't implemented a few of the feature requests out there that would make this better, I have resorted to making a script and using Jamf helper. I stole a lot of it from https://www.jamf.com/jamf-nation/discussions/5404/jamfhelper-software-update-trigger. My goal is to incorporate the new softwareupdate -i -a -R feature as defined by Der Flounder (https://derflounder.wordpress.com/2018/03/29/new-automated-restart-option-added-to-10-13-4s-softwareupdate-command-line-tool/) in a work flow that works well and is less intensive for my users.

The biggest catch I've had so far is recording the success or failure of the reboot process because the reboot is triggered by the script thus the policy never completes and the logs are never submitted to Jamf. Below is what I have written, it will be in a policy that is scoped to a smart group of folks that have updates pending, any suggestions on functionality or workflow is appreciated.

Edit 4/25/2019: A new GitHub has been made for this project. it incorporates tons of bug fixes and feature additions discussed in the below posts. It is, as of now, an active project. Folks here continue to add great suggestions and bug finds to what has been built, so please review the code and use a pinch of salt when deploying in your environments. The git can be found here: https://github.com/taboc741/MacScripts/blob/master/A-Kinder-macOS-Update

96 REPLIES 96

manouka
New Contributor II

I am having an issue with the deferral script. It prompts the user saying that there is a update available. Once you click defer, it properly calculates it (we have it set to 5 deferrals, so it recalculates it to 4). However, the second time it prompts the user and if they click defer again, then it resets the counter (it writes 4 to the plist).

Is there an issue with the defer script from the github?

sdamiano
Contributor II
2019-Jul-30 13:05:43 : Script Started
2019-Jul-30 13:06:05 : Icon path set to /Library/Application Support/[redacted]/AppleSoftwareUpdate.png
2019-Jul-30 13:06:05 : Deferral set to 3
2019-Jul-30 13:06:25 : Updates downloaded
2019-Jul-30 13:16:32 : prompt equaled 2. 0=Start Updates 1=failed to prompt 2=User choose defer 239=exited Null=user force quit jamfHelper
2019-Jul-30 13:16:32 : Script Started
2019-Jul-30 13:16:53 : Icon path set to /Library/Application Support/[redacted]/AppleSoftwareUpdate.png
2019-Jul-30 13:16:53 : Deferral set to 2
2019-Jul-30 13:17:17 : Updates downloaded
2019-Jul-30 13:17:29 : prompt equaled 2. 0=Start Updates 1=failed to prompt 2=User choose defer 239=exited Null=user force quit jamfHelper

So I keep getting the prompt twice in a row. Any ideas as to what I am doing wrong?

I had the script twice in the policy. Carry on...

chrisgavexperia
New Contributor II

Just tested this with the first update to come out for macOS Catalina, but the script is not detecting it.

2019-Oct-15 14:44:55 : No updates pending.

But I definitely have any update pending
5c6032cada3440fa86b3ceca75ee9537

Anyone else seeing this?

Cayde-6
Release Candidate Programs Tester

@chrisgavexperian have a look here, Apple changed the wording on softwareupdate https://github.com/homebysix/install-or-defer/issues/32

AdamCraig
Contributor III

Must say that I am VERY glad this does not auto install Catalina.

Jmazzuca182
New Contributor III

Has anyone seen
shutdown: can't detach from console
at the end when doing a restart or shutdown?

Rye
New Contributor

Needing assistance from anyone with XP getting the Deferral script to run properly. Currently, the script will pick up when a user defers out to the mass, but when it hits max and there are no deferrals left, the script will not force the update. Any thoughts here or assistance would be greatly appreciated.

mnickels
New Contributor III

@Jmazzuca182 - I'm seeing the same error as you when attempting to do a shutdown.

I ended up making a new thread on that error before I saw your response (https://www.jamf.com/jamf-nation/discussions/36398/shutdown-command-in-bash-script-can-t-detach-from-console)

Were you ever able to resolve that issue?

tjhall
Contributor III

Hello all. Has anyone updated this so it works with Catalina and Mojave? Saw that there was a mention concering the different software argument for Catalina. Does that mean it won't work if run on Mojave?

AdamCraig
Contributor III

@tjhall I tweaked the middle section of the script (arund line 96, but I may have added comments or something elsewhere)

##Check if there are any pending OS updates. If not quit to run another day.
updates=`softwareupdate -l`
updatesPending=`echo $updates | grep "Recommended: YES"`

if [[ -z $updatesPending ]] ; then
    updatesPending=`echo $updates | grep Recommended`
fi
if [[ -z $updatesPending ]] ; then
updatesPending=`echo $updates | grep recommended`
fi
[[ -z $updatesPending ]] && updatesPending="none"
sendToLog="Updates equaled 
    $updates
"

This is working for me on both 10.15 and 10.14

Taboc741
New Contributor III

hello folks,

Found some issues in the script for Big Sur, so it got a little love this week. The defer portion isn't as needed as it used to be now that Jamf has implemented a couple feature requests. Deferrals in the policy can be based on number of days not just a date in the future. Also though there appears to be a PI in Big Sur, Jamf also now supports the correct reboot method in software updates by policy. Not aware of any issues for this current script on any OS from 10.14 - 11.1, if you find one please mark it on the git hub. Do note, this script does not do major version releases. No jumping form 10.14 to 10.15. It only does minor updates and security updates.

cjavallas
New Contributor

Is there a current posting of this script somewhere? If I am able to use it too?

merps
Contributor III

@cjavallas There is a github link to the updated script at the end of the original post.

divvypay
New Contributor II

Hey, all! Is there a way to get this script working on Big Sur? All of our users that are on Catalina or below work just fine with this script. It appears to work on Big Sur at first, but after restarting, it doesn't actually install the updates, it just prompts immediately to update again after a restart. Is there some kind of special configuration I need to do to get restarts working in Big Sur? The policy I have now just runs the script if they're in a Smart Group that detects if they don't have the most recent updates installed.

sdamiano
Contributor II

@divvypay https://www.jamf.com/jamf-nation/discussions/38269/enforcing-apple-software-updates-in-the-year-2021

Basically anything thats using softwareupdate cli is broken in big sur.

divvypay
New Contributor II

@sdamiano Awesome news haha... Thanks anyway!

Taboc741
New Contributor III

@sdamiano I posted a few updates to the git hub back in January and we've not had issues with the update process internally since I switched to the current code. @divvypay are you using the latest version of the script from GitHub?