Skip to main content
Question

softwareupdate -iaR via policy

  • November 4, 2019
  • 5 replies
  • 34 views
C
Forum|alt.badge.img+15

Does anyone have a workflow in place for successfully triggering softwareupdate --install --all -restart via policy on a T2 Mac while that Mac is at a login window? I've found that when I send that command via a policy, the update installs but the softwareupdate restart doesn't happen. If I send the exact same command via ssh (Jamf Remote or other) the update is installed and the restart happens as expected. I've tried some variations of this process using a policy to execute a script that runs softwareupdate but I get the same result.

This seems trivial as, ultimately, all I am trying to accomplish is automatically installing software updates on a T2 Mac that is sitting unused at a login window.

Most of my testing at the moment is attempting to go from 10.14.6 18G103 to 10.14.6 18G1012.

      5 replies

      D
      Forum|alt.badge.img+7
      • dmichels
      • Valued Contributor
      • November 4, 2019

      I am experiencing the same issue. The Policy runs and shows completion, but on the iMac it still shows update needs to be done.

      T
      Forum|alt.badge.img+31
      • tlarkin
      • Honored Contributor
      • November 4, 2019

      This is because if there is a bridgeOS update, it actually needs a shutdown not a restart and the T2 chip detects the shutdown and then will proceed to pull the update from Apple and apply it. To compound this issue even further, Apple sends a lot of non error output of softwareupdate to stderr even though there aren't errors. The best thing you can do from a scripting standpoint is see what softwareupdate -ia does and scrape stderr to validate if a shutdown or a restart is required then do so in code.

      C
      Forum|alt.badge.img+15
      • cbrewer
      • Author
      • Esteemed Contributor
      • November 4, 2019

      Right, and if i shutdown (shutdown -h +1 &) after softwareupdate, the BridgeOS is successfully updated upon starting back up. However, the --restart option in softwareupdate handles the shutdown and starting back up automatically for T2 Macs. My core issue is that it doesn't work when run via a Jamf policy while the Mac is at the login window.

        T
        Forum|alt.badge.img+31
        • tlarkin
        • Honored Contributor
        • November 4, 2019

        Yup, I have ~100 zoom rooms globally I am looking at removing macOS from because of reasons like you mentioned. Not only is SWU unreliable, it is unpredictable. I have used scripts, I have used setting the SWU options to always update, and I have even setup remote desktop to these Mac Minis in all the Zoom Rooms to login remotely and run SWU from the GUI.

        I have mixed results of success and failure, across all methods, across my entire Org. So, I am looking at replacing macOS with Chrome or an Appliance because trying to automate patching of the Minis has been unsuccessful in an automated fashion and I am looking to ditch the tech debt.

        File bugs with Apple is my best recommendation, and if you have an SE please have them follow up internally. SWU needs a huge overhaul and its current state is not that good at all.

        donmontalvo
        Forum|alt.badge.img+36
        • donmontalvo
        • Hall of Fame
        • January 27, 2021

        Curious if this issue got resolved with the new version of Jamf Pro (10.26.1)?

        --https://donmontalvo.com
        Terms & ConditionsCookie settingsAccessibility statement