What is the best practice method of deploying SecUpd*.pkgs through Jamf when not using Apple's Software Update functionality? Does anyone have any tips on how to successfully install Mojave's SecUpd2020-002Mojave.pkg from the downloaded DMG when deploying it directly with JAMF? I know that's not Apple's preferred way, but currently it behaves unpleasantly with how I configured the Jamf package as requiring a reboot and the "reboot if package requires it" option set in the install policy... the screen freezes for a minute or more, and then the multiple reboot hell begins ASSUMING users didn't brick their Macs already when they saw the frozen screen by holding down the power button. Is anyone else seeing this behavior? (Yes, I know we should be installing with Apple's native software updates, but we just can't do that at the moment, and the idea of deploying updates remotely right now when they have a pretty high incidence - 5% of our fleet or so - of generating downed users/Macs fills this admin with trepidation.)
These are the issues we face:
So I am seeing similar issues with reboots failing while trying to install this update.
We just had a machine that would not install this update, it would boot to recovery mode startup disk selector instead of starting the update and nothing other than reboot could be triggered. T
We finally got it to install on one of our machines by running the authenticated restart command (sudo fdesetup authrestart) after triggering the update when the jamf restart prompt appears.
Have you seen any luck at your organization in fixing this in other ways?
@Jalves Thanks for bringing this to my attention but I don't think we're experiencing these issues which seem to mostly affect Intel HD 6000 graphics, and predominantly through Zoom? No I'm more talking about running the security update as a package cached from jamf (not downloaded to the clients through Apple's software update functions) - I've dealt with #1 by just dropping a set of jamfHelper dialogs including a fullscreen just before the update applies to disguise the apparent hang. #2 is reportedly a known issue due to the way the Apple updater restarts the Mac. #3 is (barely) acceptably fallout in my organization. Bigger issue is that, since there's no immediate inventory update when all my users are remote, their next checkin over VPN results in the update trying again... And a good fraction of the updates are actually failing (not just logging failed in the policy) with the error message:
Installation failed. The installer reported: installer: Package name is Security Update 2020-002 installer: Upgrading at base path / installer: The upgrade failed.
Other Macs get a slightly different error:
Installation failed. The installer reported: installer: Package name is SU_TITLE installer: Certificate used to sign package is not trusted. Use -allowUntrusted to override.
However the clock is correct and the package checksums as correct, so I'm at a loss to explain why it would not like the cert wrapper in some cases.