search

mpanighetti / install-or-defer

A framework for prompting users of Jamf Pro-managed Macs to install Apple software updates.
Apache License 2.0
148 stars 28 forks source link

pending update check using outdated data in /Library/Updates/index.plist, recommend switching to softwareupdate -l #3

Closed mpanighetti closed 5 years ago

mpanighetti commented 7 years ago

I've had some systems with no pending updates (confirmed by running softwareupdate -l and checking App Store > Updates) that still trigger the script alert, deferral countdown, and force-restart. It looks like this is because these systems have a ProductPaths value listed under /Library/Updates/index.plist, which install_or_defer appears to reference to determine whether the system has updates requiring restart. Not sure if this is an edge case, but I think the softwareupdate check will generally yield more reliable/current results than what's getting cached in the plist.

Let me know if you need any sample data on my end. Thanks in advance!

mpanighetti commented 6 years ago

For what it's worth, I updated my local version of this script to run softwareupdate -l before proceeding with alert/countdown/restart and it's resulted in a much better user experience (at a minor tradeoff of taking longer to run before exiting or proceeding). Will submit a pull request with the change shortly if that's a reasonable adjustment to make.

mpanighetti commented 5 years ago

Another good reason to take /Library/Updates interactions out of the script: as of macOS 10.14, that folder is covered by SIP and cannot be removed as part of the script's first run tasks. I'll update my PR to remove all reads/writes/deletes for index.plist and that folder in general.

Logger output:

Clearing software update cache... rm: /Library/Updates/ProductMetadata.plist: Operation not permitted rm: /Library/Updates/091-93471/091-93471.English.dist: Operation not permitted rm: /Library/Updates/091-93471/InstallAssistantAuto.pkg: Operation not permitted rm: /Library/Updates/091-93471/091-93471.English.extraInfo: Operation not permitted rm: /Library/Updates/091-93471: Operation not permitted rm: /Library/Updates/PreflightContainers/6EE7A197-05C5-4605-9C2F-F9C7EA78AD61.preflightContainer: Operation not permitted rm: /Library/Updates/PreflightContainers: Operation not permitted rm: /Library/Updates/index.plist: Operation not permitted rm: /Library/Updates: Operation not permitted

homebysix commented 5 years ago

Addressed in #7.