Help

Extension Attribute: softwareupdate check Apple servers (Not your local SUS)

mrowell
Contributor

Posted on ‎04-03-2012 05:35 PM

With the recent package apocalypse I wanted to check that our clients had installed all Apple software updates and not just the ones listed in our local SUS. It was mentioned in the #osx-server irc channel that you can use the --CatalogURL parameter with softwareupdate command.

So I wrote the following simple extended attribute that uses softwareupdate -l and the --CatalogURL parameter to directly query Apples update servers and not the software update servers specified by MCX/JSS etc.

#!/bin/bash

sucheck=`softwareupdate -l --CatalogURL "http://swscan.apple.com/content/catalogs/others/index-lion-snowleopard-leopard.merged-1.sucatalog" | grep -c "Software Update found"`

if [ $sucheck -gt 0 ]; then
   echo "<result>Updates</result>"
else
   echo "<result>None</result>"
fi
0 Kudos
Reply
2 REPLIES 2

mm2270
Legendary Contributor III

Posted on ‎04-11-2012 08:09 AM

Thanks for this. I was able to adapt this method for a project where we are testing a few updates from Apple on a select group of Macs but did not want to open the update to all users on the internal SUS. Using the same idea as your script above, I was able to create a policy to install the update, from Apple, and not need to touch the plist that points them to the internal server.
Worked really nice! I did not know this was even possible to do since the man page for softwareupdate doesn't list anything like this.

0 Kudos
Reply

Ninyo
New Contributor III
New Contributor III

Posted on ‎11-26-2023 01:23 PM

11 Years later, an update to this EA, eliminated the need for the catalog...

#!/bin/bash

sucheck=`softwareupdate -l | grep -c "Software Update found"`

if [ $sucheck -gt 0 ]; then
	echo "<result>Updates</result>"
else
	echo "<result>None</result>"
fi
0 Kudos
Reply