Jamf Nation Community

Im also looking for best practice on distributing apple software updates from an internal SUS.

I'm thinking of putting a self service script and letting users update.. has that worked for anyone?

I'm thinking of putting a self service script and letting users update.. has that worked for anyone?

Yeah, there's nothing to stop you from doing that. It works fine. I mentioned this on another thread, but I have a script I put together for 10.6 and 10.7 that would install all required updates on a Mac that do NOT require a restart. The script displays a message to the user with a list of updates being installed using jamfHelper, if any, or a message that no non restart updates were found. That script could easily be modified to be silent and just install any needed updated that won't need a reboot.
Alas, the script is broken under 10.8. I haven't had the chance to look at it to see what needs to be updated to make it work again.

Another approach is to have a SS policy launch the Software Update.app as toot and let the end users install what they want, when they want.

Mike:

Were you ever able to get your script working in 10.8? It sounds like it would be very handy.

Thanks

Brad

In ARD you can select the computer (or multiple) and go to "Unix" (next to Copy and Install) then in the template (upper right hand side). Click the drop down and change to "Miscellaneous" > "Install all Software Updates". Send the command and wait!

If anyone else doesn't have ARD it's a wonderful program and SO worth the $89.

hey @bapettit,

I haven't touched this script in a long time. We're not actually using it here, but I dug it up and it seems I did update this to work on 10.8.x, as well as older OS versions.
I make no guarantees of how, or if it works now, but I think its OK. So here it is.
Important note on this is that it uses cocoaDialog (http://mstratman.github.io/cocoadialog/), which I'm using for a lot of our messaging. Reason is, jamfHelper has an unfortunate limit in the number of lines it can display and I found that if the list of updates was longer than about 4 lines the rest of the message would get cut off. cocoaDialog doesn't have this limitation, so I opted to use that instead. In theory you could even modify this to display an AppleScript dialog, although I'd be careful with that since AppleScript these days usually has trouble displaying messages to users when run from policies unless you make them run as the user, not as root.

#!/bin/sh

## Define our paths to jamfHelper.app and cocoaDialog,app
jhPath="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper"
cdPath="/Library/Application Support/JAMF/bin/cocoaDialog.app/Contents/MacOS/cocoaDialog"

## Check to make sure cocoaDialog is installed on the system
if [[ ! -f "$cdPath" ]]; then
    echo "cocoaDialog not installed. Exiting..."
    exit 1
fi

## Initial cleanup, if any old SWUList files already exist
if [[ -e /tmp/SWUList_* ]]; then
    rm /tmp/SWUList_*
fi

## Set the appropriate icon, depending on the OS
OSvers=$( sw_vers -productVersion | cut -d. -f2 )

if [[ "$OSvers" -lt "8" ]]; then
    ICON="/System/Library/CoreServices/Software Update.app/Contents/Resources/Software Update.icns"
        else
    ICON="/System/Library/CoreServices/Software Update.app/Contents/Resources/SoftwareUpdate.icns"
fi

## Generate the SWU list to a file
theDate=`date +%m-%d-%Y_%H-%M`
softwareupdate -l > /tmp/SWUList_$theDate.txt
SWUList="/tmp/SWUList_$theDate.txt"

## Create the short name list and a human readable list from the saved file
UpdateList=$( cat $SWUList | sed -e '/restart/d' -ne '/recommended/{g;1!p;};h' | cut -d "*" -f 2 | tr '
' ' ' )
ReadList=$( cat $SWUList | awk -F, '/[recommended]$/{ print $1 }' | sort )

## If the list is empty, exit the script
if [[ "$UpdateList" == "" ]]; then
    echo "No non-restart updates were found. Exiting..."
    rm "$SWUList"
    exit 0
else
    echo "The following updates were found and will be installed: $UpdateList"
    "$cdPath" msgbox --title "Important Message from IT" --text "Software Updates currently being installed" --informative-text "The following Apple Software updates are now being installed. You can close this window and the installations will continue:

$ReadList

It will not be necessary to reboot your Mac when these installations are complete." --button1 "   OK   " --icon-file "$ICON" &
fi

# softwareupdate -i $UpdateList &

rm "$SWUList"

exit 0

If you decide to use it, post back to let me know. I'd be curious to hear.

To install updates that don't require a restart, I use @hkim's script from https://jamfnation.jamfsoftware.com/discussion.html?id=5825

#!/bin/sh

NoRestartUpdates=`/usr/bin/sudo /usr/sbin/softwareupdate -l | /usr/bin/grep -v restart | /usr/bin/grep -B1 recommended | /usr/bin/grep -v recommended | /usr/bin/awk '{print $2}' | /usr/bin/awk '{printf "%s ", $0}'`

/usr/bin/sudo /usr/sbin/softwareupdate -i $NoRestartUpdates

exit 0

We've got a few self service items for SUS, one essentially does a ```
softwareupdate -ia
```, The other allows entitled users to default to Apple's unfiltered SUS, when the policy finishes, the default casper provided SUS URL is restored.

Mike:

I took your script and condensed to test the no restart updates and it worked:

#!/bin/bash

randy=$(jot -r 1  1000 9999)
softwareupdate -l > /tmp/swup_$randy
softwareupdate -i `cat /tmp/swup_$randy | sed -e '/restart/d' -ne '/recommended/{g;1!p;};h' | cut -d "*" -f 2 | tr '
' ' '` &

exit 0

I haven't messed with the cocoDialog piece yet but updates work. Thanks!

Casper Suite 9.x made some updates with teh software updates, so far it's worked pretty well, no complaints yet from users.