Jamf Nation Community

AJPinto · ‎01-18-2023

I finally ran across the 1st application we use that needs a separate installer for ARM64 and x64 platforms that we used Patch Management for. Here we are 3 years in to Apple Silicon, and JAMF still does not have a solution for this.

The best JAMF has is to package both the ARM64 and x64 packages in to a temp directory, and run the correct package with a post install script which detects the platform. Take that package and use it for the Patch Management package. If anyone wonders why I almost never recommend using Patch Management and say just use polices, this is one of the reasons. After 3 years this is just lazy and we deserve better.

Here is a feature request from 2 years ago with 4 votes. Lets see if we can give it some traction.

Architecture Specific Patch Definitions | Jamf Nation Feature Requests

jamf-42 · ‎01-18-2023

agree.. I use patch man only for tracking.. which its fine for... but id never use a patch policy..

its a fudge but could you use title editor to work around this?

AJPinto · ‎01-18-2023

I had considered trying, but in the end I decided it was too much work for something JAMF could easily fix on the backend if they were interested to.

I have the policies and scripting ready to go, that took me like 10 minutes vs figuring out some workaround to fill a JAMF gap.

ENGlockling · ‎01-18-2023

Another way to get around this is to add an additional Patch External Source with the same host (jamf-patch.jamfcloud.com/v1/) and use this specifically for your ARM64 patch management.

sdagley · ‎01-18-2023

Voted. And speaking of long languishing Patch Management FRs needing some traction take a look at Add ability to use scripts in Patch Management policies

Jason33 · ‎01-18-2023

Voted on this. Managing OS updates shouldnt be that difficult either

shaquir · ‎01-18-2023

I agree that it should be simpler to manage.

For patch titles that Jamf defines, my current workaround is to use Title Editor for the Apple Silicon Title and Patch Management for the Intel and Universal Titles:

Intel x86 Patch (Typical Patch Process)
- Look for the title in Jamf's managed Software Titles
- Add the Software Title
- Exclude non-Intel (Apple Silicon) macs in scope
- Manage Patch like normal
Apple Silicon Patch
- Open Title Editor
  - Click New > Subscribe
  - By default, Jamf Definition Titles are available
  - Select the same app name and hit done and save
- Open Patch Management
  - Find the same App Name in Title Editor list and add
  - Configure as you would typical patch management entries, but append "Apple Silicon" to name
  - Scope to Apple Silicon Macs

Only issue I've run into are titles that use custom Extension Attributes. This requires a little more work than I explained above. Would really be helpful if Jamf could simplify this process

symbolic78 · ‎01-20-2023

Where there are seperate x86_64 / ARM64 packages for the same software I've simply gone down the road of creating a package that contains both installers, and a wrapper script that detects the host architecture and installs the relevant package, works fine and allows us to make use of patch management as intended.

PhillyPhoto · ‎01-25-2023

To play Devil's Advocate here, have people pushed back on software vendors for universal binaries/installers?

AJPinto · ‎01-25-2023

Fighting the one vs the many. JAMF could simply allow duplicate patch management polices and resolve the problem. Apple could also simply not have offered an ARM64 only binary, and made developers use Universal.

That and I dont hold the support contracts with the application manufacturers doing this, but I do hold the support contact with JAMF And Apple so that is where my ire goes lol.

Jamf Nation Community

Patch Management in JAMF should just be called Patch Monitoring at this point