mpanighetti
commented
1 year ago Thanks for the heads-up! Should be able to just remove those lines with grep -v 'Deferred: YES' after the update check. Will put a PR in shortly for testing.
Closed justintrant closed 1 year ago
mpanighetti
commented
1 year ago Thanks for the heads-up! Should be able to just remove those lines with grep -v 'Deferred: YES' after the update check. Will put a PR in shortly for testing.
justintrant
commented
1 year ago Thanks so much!
justintrant
commented
1 year ago I'm not sure if this debug output contains the information you need, so just let me know if I can provide anything else.
sudo bash -x ./Install\ or\ Defer.sh
+ PLIST=/Library/Preferences/com.redacted.managedupdates
+ BUNDLE_ID=com.redacted.managedupdates
+ SCRIPT_PATH='/Library/Scripts/Install or Defer.sh'
+ MSG_INSTALL_OR_DEFER_HEADING='Updates are available'
+ MSG_INSTALL_OR_DEFER='Your Mac needs to install updates for %UPDATE_LIST% by %DEADLINE_DATE%.
Please save your work and install all available updates. {{If now is not a good time, you can click '\''Defer'\'' to delay this message until later. }}These updates will be required after %DEFER_HOURS%<<, which may force your Mac to restart after they are installed automatically>>.
Please contact %SUPPORT_CONTACT% for assistance with updating your Mac.'
+ MSG_INSTALL_HEADING='Please install updates now'
+ MSG_INSTALL='Your Mac is about to install updates for %UPDATE_LIST%<< and restart>>.
Please save your work and install all available updates before the deadline.<< Your Mac will restart when all updates are finished installing.
If your Mac does not automatically restart within an hour, please restart manually and try installing updates again by opening System Preferences, Software Update.>>
Please contact %SUPPORT_CONTACT% for assistance with updating your Mac.'
+ MSG_INSTALL_NOW_HEADING='Updates are available'
+ MSG_INSTALL_NOW='Your Mac needs to install updates for %UPDATE_LIST%<< which require a restart>>.
Please save your work, open '\''Software Update'\'' and install all available updates.<< Your Mac will restart to complete the installation, which can take up to an hour. If your Mac does not automatically restart within an hour, please restart manually and try installing updates again.>>
Note: You may need to click the blue '\''More Info'\'' link at the bottom of the Software Update window to install updates for your current OS.
Please contact %SUPPORT_CONTACT% for assistance with updating your Mac.'
+ MSG_UPDATING_HEADING='Installing updates...'
+ MSG_UPDATING='Installing updates for %UPDATE_LIST% in the background.
<<Your Mac will restart automatically to complete the installation, which can take up to an hour.
If your Mac does not automatically restart within an hour, please restart manually and try installing updates again by opening System Preferences, Software Update.
Please contact %SUPPORT_CONTACT% for assistance with updating your Mac.>>'
++ /usr/bin/stat -f%Su /dev/console
+ CURRENT_USER=redacted
++ /usr/bin/id -u redacted
+ USER_ID=502
++ /usr/bin/defaults read '/Library/Managed Preferences/com.redacted.managedupdates' InstallButtonLabel
+ INSTALL_BUTTON_CUSTOM=Install
++ /usr/bin/defaults read '/Library/Managed Preferences/com.redacted.managedupdates' DeferButtonLabel
+ DEFER_BUTTON_CUSTOM=Defer
++ /usr/bin/defaults read '/Library/Managed Preferences/com.redacted.managedupdates' DisablePostInstallAlert
+ DISABLE_POST_INSTALL_ALERT_CUSTOM=
++ /usr/bin/defaults read '/Library/Managed Preferences/com.redacted.managedupdates' MessagingLogo
+ MESSAGING_LOGO_CUSTOM='/Library/Application Support/redacted/Images/redactedLogo.png'
++ /usr/bin/defaults read '/Library/Managed Preferences/com.redacted.managedupdates' SupportContact
+ SUPPORT_CONTACT_CUSTOM=helpdesk@redacted.com
++ /usr/bin/defaults read '/Library/Managed Preferences/com.redacted.managedupdates' DeferralPeriod
+ DEFERRAL_PERIOD_CUSTOM=
++ /usr/bin/defaults read '/Library/Managed Preferences/com.redacted.managedupdates' HardRestartDelay
+ HARD_RESTART_DELAY_CUSTOM=
++ /usr/bin/defaults read '/Library/Managed Preferences/com.redacted.managedupdates' MaxDeferralTime
+ MAX_DEFERRAL_TIME_CUSTOM=432000
++ /usr/bin/defaults read '/Library/Managed Preferences/com.redacted.managedupdates' PromptTimeout
+ PROMPT_TIMEOUT_CUSTOM=
++ /usr/bin/defaults read '/Library/Managed Preferences/com.redacted.managedupdates' SkipDeferral
+ SKIP_DEFERRAL_CUSTOM=
++ /usr/bin/defaults read '/Library/Managed Preferences/com.redacted.managedupdates' UpdateDelay
+ UPDATE_DELAY_CUSTOM=
++ /usr/bin/defaults read '/Library/Managed Preferences/com.redacted.managedupdates' WorkdayStartHour
+ WORKDAY_START_HR_CUSTOM=
++ /usr/bin/defaults read '/Library/Managed Preferences/com.redacted.managedupdates' WorkdayEndHour
+ WORKDAY_END_HR_CUSTOM=
++ /usr/bin/defaults read '/Library/Managed Preferences/com.redacted.managedupdates' DiagnosticLog
+ DIAGNOSTIC_LOG_CUSTOM=1
++ /usr/bin/defaults read '/Library/Managed Preferences/com.redacted.managedupdates' ManualUpdates
+ MANUAL_UPDATES_CUSTOM=
+ echo 'Calculating script timing...'
Calculating script timing...
+ [[ '' -eq 1 ]]
+ (( MAX_DEFERRAL_TIME_CUSTOM > 0 ))
+ MAX_DEFERRAL_TIME=432000
++ convert_seconds 432000
++ [[ 432000 -le 0 ]]
++ (( DAYS=432000/86400 ))
++ (( HOURS=432000%86400/3600 ))
++ (( MINUTES=(432000%3600)/60 ))
++ (( SECONDS=432000%60 ))
++ printf '%02dd:%02dh:%02dm:%02ds\n' 5 0 0 0
+ echo 'Maximum deferral time: 05d:00h:00m:00s'
Maximum deferral time: 05d:00h:00m:00s
+ (( DEFERRAL_PERIOD_CUSTOM > 0 && DEFERRAL_PERIOD_CUSTOM < MAX_DEFERRAL_TIME ))
+ EACH_DEFER=14400
++ convert_seconds 14400
++ [[ 14400 -le 0 ]]
++ (( DAYS=14400/86400 ))
++ (( HOURS=14400%86400/3600 ))
++ (( MINUTES=(14400%3600)/60 ))
++ (( SECONDS=14400%60 ))
++ printf '%02dd:%02dh:%02dm:%02ds\n' 0 4 0 0
+ echo 'Deferral period: 00d:04h:00m:00s'
Deferral period: 00d:04h:00m:00s
+ (( PROMPT_TIMEOUT_CUSTOM > 0 && PROMPT_TIMEOUT_CUSTOM < EACH_DEFER ))
+ PROMPT_TIMEOUT=3600
++ convert_seconds 3600
++ [[ 3600 -le 0 ]]
++ (( DAYS=3600/86400 ))
++ (( HOURS=3600%86400/3600 ))
++ (( MINUTES=(3600%3600)/60 ))
++ (( SECONDS=3600%60 ))
++ printf '%02dd:%02dh:%02dm:%02ds\n' 0 1 0 0
+ echo 'Prompt timeout: 00d:01h:00m:00s'
Prompt timeout: 00d:01h:00m:00s
+ (( UPDATE_DELAY_CUSTOM > 0 ))
+ UPDATE_DELAY=600
++ convert_seconds 600
++ [[ 600 -le 0 ]]
++ (( DAYS=600/86400 ))
++ (( HOURS=600%86400/3600 ))
++ (( MINUTES=(600%3600)/60 ))
++ (( SECONDS=600%60 ))
++ printf '%02dd:%02dh:%02dm:%02ds\n' 0 0 10 0
+ echo 'Update delay: 00d:00h:10m:00s'
Update delay: 00d:00h:10m:00s
+ (( HARD_RESTART_DELAY_CUSTOM > 0 ))
+ HARD_RESTART_DELAY=300
++ convert_seconds 300
++ [[ 300 -le 0 ]]
++ (( DAYS=300/86400 ))
++ (( HOURS=300%86400/3600 ))
++ (( MINUTES=(300%3600)/60 ))
++ (( SECONDS=300%60 ))
++ printf '%02dd:%02dh:%02dm:%02ds\n' 0 0 5 0
+ echo 'Hard restart delay: 00d:00h:05m:00s'
Hard restart delay: 00d:00h:05m:00s
+ [[ 1 -eq 1 ]]
+ execUnfortunately your output gets cut off after calculating some of the timing variables so I can't see what issue it ran into at the time it was parsing the update list. Gonna need the entire output all the way to when the script finishes running (deferring updates would be a good way to end the script once you see the alert).
justintrant
commented
1 year ago This should do it: (mario edit: trimmed to relevant portion to reduce scrolling)
Starting Install or Defer.sh. Performing validation and error checking...
...
+ echo 'Checking for pending system updates...'
Checking for pending system updates...
++ /usr/sbin/softwareupdate --list
++ /usr/bin/grep -v 'Deferred: YES'
+ UPDATE_CHECK='Software Update Tool
Finding available software
Software Update found the following new or updated software:
* Label: Safari16.2MontereyAuto-16.2
Title: Safari, Version: 16.2, Size: 130909KiB, Recommended: YES,
* Label: macOS Monterey 12.6.2-21G320
Title: macOS Monterey 12.6.2, Version: 12.6.2, Size: 1508533K, Recommended: YES, Action: restart,
* Label: macOS Ventura 13.1-22C65
Title: macOS Ventura 13.1, Version: 13.1, Size: 3878650K, Recommended: YES, Action: restart, '
+ echo 'Software Update Tool
Finding available software
Software Update found the following new or updated software:
* Label: Safari16.2MontereyAuto-16.2
Title: Safari, Version: 16.2, Size: 130909KiB, Recommended: YES,
* Label: macOS Monterey 12.6.2-21G320
Title: macOS Monterey 12.6.2, Version: 12.6.2, Size: 1508533K, Recommended: YES, Action: restart,
* Label: macOS Ventura 13.1-22C65
Title: macOS Ventura 13.1, Version: 13.1, Size: 3878650K, Recommended: YES, Action: restart, '
...Yep, that got it. 😅 Looks like the Ventura update doesn't have "Deferred: YES" in its attributes as your original example did, which is why the script didn't identify it as deferred. This would presumably be a Monterey softwareupdate bug (I've seen similar in my own Monterey testing) to not show the deferral state of the update. If so, we'd likely need to add Monterey-specific logic to ignore non-Monterey macOS updates. Will work on this in the PR later.
justintrant
commented
1 year ago Sounds great, thanks!
mpanighetti
commented
1 year ago @justintrant Just updated the script in the PR. It now specifically removes "macOS Ventura" lines from the softwareupdate --list output if the Mac is running macOS Monterey. Give it another try!
justintrant
commented
1 year ago Success, the device ignores Ventura and shows Safari and Monterey 12.6.2.
Thank you so much for working this out so quickly!
mpanighetti
commented
1 year ago
Hello @mpanighetti,
Firstly, thanks for an excellent tool!
It seems that Apple have recently changed how Ventura is being offered to clients, and it is now appearing in Software Update as a stub installer, despite being deferred via MDM:
While the endpoint doesn't attempt to update to a new major OS, the prompts do cause confusion with end-users, who we have explicitly asked not to attempt to upgrade to Ventura.
Is there any way to exclude updates matching "Deferred: YES" from Install or Defer prompts?