stress with softwareupdate to avoid Ventura

L-plateAdmin
Contributor

Hi All,

 

so yes, softwareupdate is antiquated, but we struggle to match apple to get our new builds out due to internally required security agents that take months to source from the relevant teams.  for this reason we do lock off the sysprefs and  we haven't used MDM patching as yet as getting the apple silicon requirements needed after all our requirements set its still not very reliable.

due to Apple amazing(!) decision to label ventura as a minor upgrade and bring it in to the softwareupdate system has thrown a spanner in the works as its our only viable method right now

this is what happens on the term during testing:-

$ echo $pass | /usr/sbin/softwareupdate --install --force --user myuser --stdinpass 'Command Line Tools for Xcode-13.2' 'Command Line Tools for Xcode-13.4' 'Command Line Tools for Xcode-14.0' 'Command Line Tools for Xcode-14.2'
Software Update Tool

Finding available software

Downloaded Command Line Tools for Xcode
Downloaded Command Line Tools for Xcode
Downloaded Command Line Tools for Xcode
Installing Command Line Tools for Xcode, Command Line Tools for Xcode, Command Line Tools for Xcode
Done with Command Line Tools for Xcode
Done with Command Line Tools for Xcode
Done with Command Line Tools for Xcode
Done.
    $ softwareupdate -l
Software Update Tool

Finding available software
No new software available.

groovy... so far...

that has been engineered/taken from the last part of my script where im trying to use labels to install its that have grep'd from the softwareupdate list command

# prepare string to be ready for the command
NAMEOFUPDATE=$(echo "'${NAMEOFUPDATE//$'\n'/' '}'" )

#NAMEOFUPDATE=$(echo ""${NAMEOFUPDATE//$'\n'/' '}"" )

# set command
PatchingCmd="$pass_start /usr/sbin/softwareupdate ${OPTIONS} ${NAMEOFUPDATE}"
ScriptLog "full update string is: $OPTIONS $NAMEOFUPDATE"

# execute
eval "$PatchingCMD"

 and this is what the echo comes back with when i check our jamf.log we put scripting for this due to stuff getting lost in install.log due to churn

Tue Feb 21 13:37:12: full update string is: --install --force --user myuser --stdinpass 'Command Line Tools for Xcode-13.2' 'Command Line Tools for Xcode-13.4' 'Command Line Tools for Xcode-14.0' 'Command Line Tools for Xcode-14.2'

 

Am i going crazy? I have tried every permutation i can think of including using xargs to clear out any white or non-ascii issues, the shebang on the script is Bash as well...  i think at this points its probably something easy i havent noticed due to code blindness

Thanks

2 REPLIES 2

sdagley
Esteemed Contributor II

AJPinto
Esteemed Contributor

We have similar requirements. However when I learned Apple was not going to allow us to block major OS updates beyond 90 days anymore, I started warning my Security Partners. When Ventura dropped I started sending emails and forcing meetings, and was very vocal about the risk. I was very clear that devices were going to Ventura with or without their validation. In the end all of our some 10 security applications were updated before Thanksgiving, and we were given the green light for Ventura.

 

These Security Vendors have a gold standard for the new OS within a few weeks, everything after that is internal delay. Some times you have to be loud, and refuse to back down. You would be amazed how much delay comes from something being deprioritized. It is a low priority until you make it a high priority.

 

Also know that your shenanigans with blocking system preferences > software update will not work once you update to Ventura.