Jamf Nation Community

fdeltesta · ‎04-11-2022

Hello,

Is there any way to know if a macOS software update is ready to be installed ? Ready as, Downloaded.

My current problem is this:

I created a script that prompt users (based on the "Number of available updates" criteria) whether they want to apply an update or not, and they can postpone this twice. On the third occurrence they will be forced to agree to install the update.

We want to force them to install the updates, but they have to be able to postpone it in order to not have the update apply at unfortunate moments. With the 3 steps deferral method they can see it coming cause we display the remaining count of "pospone" available.

One the update is accepted or forcibly applied, the script simply run this command:

softwareupdate -iaR

(--install --agree-to-license --reboot)

Though, most of the time this doesn't work, for some nothing happens. for some the 4Gig update takes forever to download (despite our high speed company's network) and eventually drop.

This is painfull because it really as erratic results, and users see it. The ones with the updates that didnt work get the fisrt prompt back again the next day...

So I was thinking, why not silently force the mac to only download the update. And only once is it ready, prompt the users to install it.

But I can't find anyway to monitor when an update as been downloaded and it's sitting here waiting for a reboot, do you guys have any clue ?

Hugonaut · ‎04-11-2022

For machines below macOS Monterey 12.0.1 (b/c of defer later MDM Command) - I use this method for its simplicity & ease in which to track the deployed package via policy, scope, etc

Step 1. I download the OS from Apple - http://swcdn.apple.com/content/downloads/49/07/002-79225-A_68Z2X28AVV/jfmg28xxxarr9av7ry0iefvst7cyl0... - (12.3.1) for example

Step 2. I name the package accordingly & upload to Jamf. (macOS1231.pkg for this example)

Step 3. I create 2 smart groups for computers I want to scope to update.

Smart Group 1: Contains criteria targeting teh computers to update + "Packages installed by casper" "does not have" "macOS1231.pkg".

Smart Group 2: "Packages installed by casper" "has" "macOS1231.pkg"

Step 4: Create policy to distribute the package. + Inventory update afterwards (Scoped to Smart Group 1)

Step 5: Create Scripts to install using the following command

Intel:

'/Applications/Install macOS Monterey.app/Contents/Resources/startosinstall' --nointeraction --agreetolicense --forcequitapps

M1 (Must pass Credentials utilizing stdinpass):

echo $adminPass | '/Applications/Install macOS Monterey.app/Contents/Resources/startosinstall' --nointeraction --agreetolicense --forcequitapps --user $adminName --stdinpass

Step 6: Create policy with scripts to install the package. With End User Interaction & Deferal (Scoped to Smart Group 2)

________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________

Virtual MacAdmins Monthly Meetup - First Friday, Every Month

fdeltesta · ‎04-11-2022

Well I though about this but the packages for Big Sur and up are not downloadable from apple.

So it doesn't completely solve my problem.

The fact that I'm struggling that hard to do something so fundamental baffles me.

Hugonaut · ‎04-11-2022

https://swcdn.apple.com/content/downloads/15/10/002-77154-A_LAKRVPO4Y6/dbmkv9538dfpvqaqdygjciw8775qj... - macOS Big Sur (11.6.5) package Download from apple

________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________

Virtual MacAdmins Monthly Meetup - First Friday, Every Month

fdeltesta · ‎04-12-2022

Where did you get this link ? What if I want other versions ?

mm2270 · ‎04-11-2022

Downloaded Software Updates show up in /Library/Updates/ But they don't show up in an easy to understand way, so you may have to compare it against /Library/Preferences/com.apple.SoftwareUpdate.plist RecommendedUpdates to see what's actually there.

fdeltesta · ‎04-12-2022

I was pretty optimistic with this solution so I tried it right away, I downloaded an update with a test mac using the following command:

softwareupdate -d -a

Waited for the download to finish and sadly, there's nothing in /Library/Updates, there are only 2 plist files and nothing else I even checked the hidden files. And if I open the system preference and go in the update tab, the update is chown as downloaded and ready to restart to apply it.

So I'm missing something here...

mm2270 · ‎04-12-2022

Hmm, what OS is this on? It's possible I've missed the memo that under, say, Monterey now, the downloads don't go into /Library/Updates/ anymore. If so, well then that sucks. I'll have to check it out on one of my Monterey systems to see if that's the case. I know as of Catalina and pretty sure with Big Sur that that directory was used to cache the downloaded updates.

fdeltesta · ‎04-12-2022

Indeed it's on Monterey...

mm2270 · ‎04-12-2022

Ok I was able to confirm what you're seeing. Took a Mac on 12.3, which sees the Monterey 12.3.1 update available and downloaded it using softwareupdate. The update no longer appears in /Library/Updates/ *sigh Apple*

The best I can offer for right now is to check the RecommendedUpdates array from the /Library/Preferences/com.apple.SoftwareUpdate.plist for which updates are pending. It won't tell you if they are pre-downloaded though, so I'm not sure how much that even helps.

If I get a moment I'll check to see if there's some log somewhere that captures which updates have been downloaded. It must be recorded somewhere I would think. But as usual, Apple likes to obsfucate and hide everything on us.

gzilla13 · ‎04-18-2023

Starting in at least Catalina (Not sure about older OSs) macOS updates have been moved to

/System/Library/AssetsV2/com_apple_MobileAsset_MacSoftwareUpdate

The download is placed in a "randomvalue".asset folder. The asset folder is not built until the download has completed successfully. The asset folder download may not be the version you want, depending on when the last download attempt completed. I built a simple script that will check for the asset folder and determine what version the download is from the Info.plist in the folder.

(I know I could of used the "find" command to simplify the search but the command relies on spotlight which can break, so I relied on "ls")

This only guarantees that there is a download. It does not let you know if the "pre-install" steps have completed.

#!/bin/sh

path_updates=$(ls "/System/Library/AssetsV2/com_apple_MobileAsset_MacSoftwareUpdate" | grep asset)
if [  "${path_updates}" ]; then
	path_updates=("/System/Library/AssetsV2/com_apple_MobileAsset_MacSoftwareUpdate"/$path_updates)
	echo "Update Path is $path_updates"
	download_version=$(/usr/libexec/PlistBuddy -c "Print :MobileAssetProperties:OSVersion" "${path_updates}/Info.plist")
	echo "Version Downloaded is $download_version"
else
	echo "No updates downloaded"
fi

This script can be easily modified to create an extension attribute

##Checks for a downloaded macOS Update
path_updates=$(ls "/System/Library/AssetsV2/com_apple_MobileAsset_MacSoftwareUpdate" | grep asset)


if [  "${path_updates}" ]; then
	path_updates=("/System/Library/AssetsV2/com_apple_MobileAsset_MacSoftwareUpdate"/$path_updates)
	download_version=$(/usr/libexec/PlistBuddy -c "Print :MobileAssetProperties:OSVersion" "${path_updates}/Info.plist")
else
	download_version="None"
fi 
echo "<result>${download_version}</result>"

JevermannNG · ‎04-19-2023

Excellent! Thanks a lot for the script.

To work as an EA the script should look like this:

#!/bin/sh

##Checks for a downloaded macOS Update
path_updates=$(ls "/System/Library/AssetsV2/com_apple_MobileAsset_MacSoftwareUpdate" | grep asset)


if [  "${path_updates}" ]; then
	path_updates=("/System/Library/AssetsV2/com_apple_MobileAsset_MacSoftwareUpdate"/$path_updates)
	download_version=$(/usr/libexec/PlistBuddy -c "Print :MobileAssetProperties:OSVersion" "${path_updates}/Info.plist")
else
	download_version="None"
fi 
echo "<result>${download_version}</result>"

ekpvc · ‎04-12-2024

I'm still experimenting some, but found this thread and wanted to add some notes as I'm doing my own investigation.

There is a file that tracks the updates available it looks like: `/System/Volumes/Update/Update.plist`

You can pull the following key for the location of the update package: `original-asset-path`. Note that this will point to the `AssetData` subdirectory.

You can get some additional useful data from that plist, such as the build number: `update-asset-attributes.Build`. You can them match this to the build number in `AssetData/Info.plist` and pull the `Build` property.

ekpvc · ‎04-12-2024

After an update, the `/System/Volumes/Update/Update.plist` file disappears. The update was downloaded already on my test machine when I found that file, so I'm not sure if it appears after the update is downloaded, or if it's there when an update is available but not downloaded yet. I'll try to find out and update this thread if I remember.

ekpvc · 3 weeks ago

This is a tested working method of checking if the update has been downloaded or not.

#!/usr/bin/env bash

# Exit statuses:
#
# 0 - Update downloaded and ready to install
# 1 - No update available
# 2 - Update not downloaded yet
# 128 - Unknown error
#

softwareUpdatesPlist="/Library/Preferences/com.apple.SoftwareUpdate.plist"
updatePlist="/System/Volumes/Update/Update.plist"

# Idiot check if there are any pending updates
numUpdates=$(plutil -extract "RecommendedUpdates" raw "${softwareUpdatesPlist}")
if [[ ${numUpdates} == 0 ]]; then
    echo 'No update pending'
    exit 1
fi

updateDir=$(plutil -extract "original-asset-path" raw "${updatePlist}")
updateBuild=$(plutil -extract "update-asset-attributes.Build" raw "${updatePlist}")

if [[ ! -f "${updatePlist}" ]]; then
    echo 'Update not downloaded yet!'
    exit 2
else
    downloadBuild=$(plutil -extract "Build" raw "${updateDir}/Info.plist")
    if [[ "${updateBuild}" == "${downloadBuild}" ]]; then
        echo "Update ${updateBuild} downloaded to \"${updateDir}\""
        exit 0
    else
        echo 'Unexpected error'
        exit 128
    fi
fi

Jamf Nation Community

Monitor software update download Status