Jamf Nation Community

sepiemoini · ‎03-30-2018

Good morning, all! Happy 10.13.4 day :)

I have a two-part Jamf Pro workflow which leverages @therealmacjeezy's wonderful script found here and then runs a custom Jamf Helper window with built-in deferrals. In @therealmacjeezy's script, if a restart is detected, sudo jamf policy -event securityReboot is used to call the second policy in the workflow. Here's the second part:

#!/bin/bash

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# Apple Software Update Search
# Sepie Moinipanah | Mar 2018
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 
# jamfHelper Variables
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 

loggedInUser=`python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");'`
jamfHelper="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper"
icon=/Applications/App Store.app/Contents/Resources/AppIcon.icns
windowType="hud"
description="Software Updates have been installed and a system restart is required. Please select from the menu below when you would like this restart to take place then click OK."
button1="OK"
title="Restart Required"
alignDescription="left" 
alignHeading="center"
defaultButton="1"
cancelButton="1"
timeout="900"
int1="60"
int2="1800"
int3="7200"
int4="14400"

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 
# jamfHelper Window
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 

userChoice=$("$jamfHelper" -windowType "$windowType" -lockHUD -title "$title" -defaultButton 
"$defaultButton" -cancelButton "$cancelButton" -icon "$icon" -description "$description" 
-alignDescription "$alignDescription" -alignHeading "$alignHeading" -button1 "$button1" 
-timeout "$timeout" -showDelayOptions "$int1, $int2, $int3, $int4")
echo "$(date) Jamf Helper was launched!"

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 
# Logging
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 

if [[ "$userChoice" == "601" ]]; then
    echo "$(date) User clicked 1 minute or timeout was reached."
    sleep $int1
    # Updates the inventory to reflect the user choice
    sudo /usr/local/bin/jamf recon
    #shutdown -r +1 &
elif [[ "$userChoice" == "18001" ]]; then
    echo "$(date) User clicked 30 minutes."
    sleep $int2
    # Updates the inventory to reflect the user choice
    sudo /usr/local/bin/jamf recon
    #shutdown -r +1 &
elif [[ "$userChoice" == "72001" ]]; then
    echo "$(date) User clicked 2 hours."
    sleep $int3
    # Updates the inventory to reflect the user choice
    sudo /usr/local/bin/jamf recon
    #shutdown -r +1 &
elif [[ "$userChoice" == "144001" ]]; then
    echo "$(date) User clicked 4 hours."
    sleep $int4
    # Updates the inventory to reflect the user choice
    sudo /usr/local/bin/jamf recon
    #shutdown -r +1 &
fi

Currently, shutdown -r +1 & is commented out as I am leveraging Jamf Pro's restart payload to handle this. I have, however, used shutdown -r +1 & too but neither appear to work properly. Here is how I configured the restart options payload:

Regardless of approach, shutdown -r +1 & or restart payload, the computer does reboot but does so without actually applying the software updates. I was wondering if anyone can provide some guidance on why this may be, especially after selecting the deferral option for 1 minute.

In summary: the first and second part of the script are executing properly. The issue appears to solely pertain to the restart aspect. Is this due to the timing or does a specific volume need to be specified? When running a Self Service-led workflow which runs all SWU and then restarts if necessary using built-in Jamf Pro payloads, this works flawlessly.

Thank you in advance!

Best,
Sepie Moinipanah

sepiemoini · ‎03-30-2018

Alternatively, I could modify the script to re-download and install but that seems counter-productive and resource intensive. This would address the issue if the reboot isn't associate with the softwareupdate reboot request, right?

#!/bin/bash

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# Apple Software Update Search
# Sepie Moinipanah | Mar 2018
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

softwareupdate --download --all

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 
# jamfHelper Variables
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 

loggedInUser=`python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");'`
jamfHelper="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper"
icon=/Applications/App Store.app/Contents/Resources/AppIcon.icns
windowType="hud"
description="Software Updates have been installed and a system restart is required. Please select from the menu below when you would like this restart to take place then click OK."
button1="OK"
title="Restart Required"
alignDescription="left" 
alignHeading="center"
defaultButton="1"
cancelButton="1"
timeout="900"
int1="60"
int2="1800"
int3="7200"
int4="14400"

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 
# jamfHelper Window
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 

userChoice=$("$jamfHelper" -windowType "$windowType" -lockHUD -title "$title" -defaultButton 
"$defaultButton" -cancelButton "$cancelButton" -icon "$icon" -description "$description" 
-alignDescription "$alignDescription" -alignHeading "$alignHeading" -button1 "$button1" 
-timeout "$timeout" -showDelayOptions "$int1, $int2, $int3, $int4")
echo "$(date) Jamf Helper was launched!"

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 
# Logging
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 

if [[ "$userChoice" == "601" ]]; then
    echo "$(date) User clicked 1 minute or timeout was reached."
    sleep $int1
    softwareupdate --install --all
    # Updates the inventory to reflect the user choice
    sudo /usr/local/bin/jamf recon
    shutdown -r now
elif [[ "$userChoice" == "18001" ]]; then
    echo "$(date) User clicked 30 minutes."
    sleep $int2
    softwareupdate --install --all
    # Updates the inventory to reflect the user choice
    sudo /usr/local/bin/jamf recon
    shutdown -r now
elif [[ "$userChoice" == "72001" ]]; then
    echo "$(date) User clicked 2 hours."
    sleep $int3
    softwareupdate --install --all
    # Updates the inventory to reflect the user choice
    sudo /usr/local/bin/jamf recon
    shutdown -r now
elif [[ "$userChoice" == "144001" ]]; then
    echo "$(date) User clicked 4 hours."
    sleep $int4
    softwareupdate --install --all
    # Updates the inventory to reflect the user choice
    sudo /usr/local/bin/jamf recon
    shutdown -r now
fi

McAwesome · ‎03-30-2018

There are some changes in 10.13.4 for updates initiated from command line or the JSS. You may have to change your script. Here's a Der Flounder article on it.

sepiemoini · ‎03-30-2018

Thanks, @McAwesome! I noticed the updated softwareupdate binary as well. Looks like with the introduction of 10.13.4, the --restart flag can be used going forward. My observed issue was from 10.13.3 to 10.13.4. Thoughts for existing devices, pre-10.13.4?

therealmacjeezy · ‎04-21-2018

It’s super awesome to see my script helping people!

@sepiemoini have you been able to test and find what happens to pre 10.13.4 devices (and 10.12.x devices) ? We have 10.12 in production here and 10.13 in dev so I’ll play around with both and see what happens.

"Saying 'uhh..' is the human equivalent to buffering."

jhatem · ‎08-01-2018

Hello,

I'm trying to use the -R or --restart argument with 'softwareupdate' but Jamf reports that it is an invalid argument.

Script that I'm running is:

!/bin/bash

defaults write /Library/Preferences/com.apple.commerce.plist AutoUpdate -bool TRUE
defaults write /Library/Preferences/com.apple.commerce.plist AutoUpdateRestartRequired -bool TRUE
defaults write /Library/Preferences/com.apple.SoftwareUpdate.plist AutomaticCheckEnabled -bool TRUE
defaults write /Library/Preferences/com.apple.SoftwareUpdate.plist AutomaticDownload -bool TRUE
defaults write /Library/Preferences/com.apple.SoftwareUpdate.plist CriticalUpdateInstall -bool TRUE
defaults write /Library/Preferences/com.apple.SoftwareUpdate.plist ConfigDataInstall -bool TRUE
softwareupdate -i -r -R

The updates are installing but are pending reboot, however no reboot happens, nor is the user prompted to reboot.

Here's the log in Jamf:
Script result: softwareupdate: invalid option -- R
usage: softwareupdate [ ...]

** Catalog Management:
--set-catalog Set the new catalog URL (requires privileges)
--clear-catalog Clear the catalog URL back to defaults (requires privileges)

** Manage Updates:
-l | --list List all appropriate update labels (options: --no-scan, --product-types)
-d | --download Download Only
-e | --cancel-download Cancel a download
-i | --install Install
... specific updates
-a | --all All appropriate updates
-r | --recommended Only recommended updates
--background Trigger a background scan and update operation
--ignore
... Ignore specific updates
--reset-ignored Clear all ignored updates

Jamf Nation Community

Issue with Restart Following Software Update

!/bin/bash