Script to download and install OS and Security Updates

tkimpton
Valued Contributor II

I worked this out and can be used in a policy. Hope this helps someone out

#!/bin/bash


### Environment Variables ###

# For OS updates use OSXUpd
# For Security updates use SecUpd

# Get any OS updates
getosupd=$(softwareupdate -l | grep OSXupd | awk 'NR==1 {print $2}')

#Get any security updates
getsecupd=$(softwareupdate -l | grep SecUpd | awk 'NR==1 {print $2}')

### DO NOT MODIFY BELOW THIS LINE ###

# Install OS updates
softwareupdate -i $getosupd

# Install Security updates
softwareupdate -i $getsecupd

exit 0
~                                                                                                                                     
~
15 REPLIES 15

Snickasaurus
Contributor

Nice job! I have this same setup but broken down into two separate scripts. Does the job quite well.

tkimpton
Valued Contributor II

@Snickasaurus Thanks

I have this modified version that goes install OS Updates & security updates with the added bonus if a restart is required a popup notifies the user.

Hope you find this useful

#!/bin/bash


### Environment Variables ###

# For OS updates use OSXUpd
# For Security updates use SecUpd

# Get any OS updates
getosupd=$(softwareupdate -l | grep OSXUpd | awk 'NR==1 {print $2}')

# Get any security updates
getsecupd=$(softwareupdate -l | grep SecUpd | awk 'NR==1 {print $2}')


MSG1='OS Software updates have been installed and require a restart. Please save your work and restart your machine'

MSG2='Security updates have been installed and require a restart. Please save your work and restart your machine'

### DO NOT MODIFY BELOW THIS LINE ###

# Install OS updates
if 
softwareupdate -i $getosupd | grep "restart"
then 

sudo /Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper 
-windowType utility -title "WARNING" -description "$MSG1" -icon /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/AlertCautionIcon.icns -iconSize 96 -button1 "OK" -defaultButton 1

fi

# Install Security updates
if 
softwareupdate -i $getsecupd | grep "restart"
then 

sudo /Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper 
-windowType utility -title "WARNING" -description "$MSG2" -icon /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/AlertCautionIcon.icns -iconSize 96 -button1 "OK" -defaultButton 1
fi

exit 0

spif_spaceman
New Contributor III

Sorry - I am new to the JSS. Could you lay out in more detail how this was added to your policy?

Would I create the policy and then just copy and paste those commands into the File and Processes and an Execute Command?

Thank you!

StoneMagnet
Contributor III

@spif_spaceman You'd create a Script in your JSS based on @tkimpton's post, then create a Policy with a Scripts payload that executes that script.

RobertBasil
Contributor

@spif_spaceman

Go to the settings and create this as a script and then run that script as a policy.

spif_spaceman
New Contributor III

Wow thank you guys for the quick responses!!!

casper100
New Contributor II

I'm also new to this world. Anyone got any ideas how i could run this when the App store requests credentials for the account? User doesn't know them, but I do.

kerouak
Valued Contributor

You could deploy Using Apple Volume Purchase Program, the Apps could then be assigned to device and no Apple ID required...

Worth a look.. https://volume.itunes.apple.com/gb/store

rhooper
Contributor III

@TKimpton I like your script and it worked on all two of the devices we tested it on. I needed to reimage the devices, and afterwards flushed the logs to allow the OS update to occur again. Now it is saying the OS update completed, but the OS never updates... even after 2 hrs. Thoughts or ideas JAMF crew?

Print out of log:
Executing Policy OS update Script
Running script OS Update Script...
Script exit code: 0
Script result:

monaronyc
Contributor

@tkimpton @Snickasaurus Hi folks! I'm thinking the above script is broken for Sierra? Yes? Its not doing anything for us. And it's setup as recommended above. Thoughts?

swhps
Contributor III

Yep, it would not work for Sierra, when they changed the package names. You would need to go into the script and edit the environmental variables part

Environment Variables

For OS updates use OSXUpd

For Security updates use SecUpd

rdalton
New Contributor

How would I go about installing these updates but postponing the reboot until a specific time?

Captainamerica
Contributor

Anyone got this working for Mojave ? nothing seems to happen

bmee
Contributor

is there a way to set a restart timer or count down?

user-TQBbiKviDD
New Contributor II

Guys, If I want to use this script on Catalina and BigSur OS versions, should I need to change something on the variables or the executed commands syntax?