Does anyone have a workflow in place for successfully triggering
softwareupdate --install --all -restart via policy on a T2 Mac while that Mac is at a login window? I've found that when I send that command via a policy, the update installs but the
softwareupdate restart doesn't happen. If I send the exact same command via ssh (Jamf Remote or other) the update is installed and the restart happens as expected. I've tried some variations of this process using a policy to execute a script that runs
softwareupdate but I get the same result.
This seems trivial as, ultimately, all I am trying to accomplish is automatically installing software updates on a T2 Mac that is sitting unused at a login window.
Most of my testing at the moment is attempting to go from 10.14.6 18G103 to 10.14.6 18G1012.
This is because if there is a bridgeOS update, it actually needs a
shutdown not a
restart and the T2 chip detects the
shutdown and then will proceed to pull the update from Apple and apply it. To compound this issue even further, Apple sends a lot of non error output of
stderr even though there aren't errors. The best thing you can do from a scripting standpoint is see what
softwareupdate -ia does and scrape
stderr to validate if a shutdown or a restart is required then do so in code.
Right, and if i shutdown (
shutdown -h +1 &) after
softwareupdate, the BridgeOS is successfully updated upon starting back up. However, the
--restart option in
softwareupdate handles the shutdown and starting back up automatically for T2 Macs. My core issue is that it doesn't work when run via a Jamf policy while the Mac is at the login window.
Yup, I have ~100 zoom rooms globally I am looking at removing macOS from because of reasons like you mentioned. Not only is SWU unreliable, it is unpredictable. I have used scripts, I have used setting the SWU options to always update, and I have even setup remote desktop to these Mac Minis in all the Zoom Rooms to login remotely and run SWU from the GUI.
I have mixed results of success and failure, across all methods, across my entire Org. So, I am looking at replacing macOS with Chrome or an Appliance because trying to automate patching of the Minis has been unsuccessful in an automated fashion and I am looking to ditch the tech debt.
File bugs with Apple is my best recommendation, and if you have an SE please have them follow up internally. SWU needs a huge overhaul and its current state is not that good at all.