Using a nopkg to “nudge” in Munki for Silicon Macs

Context

This is really just a proof-of-concept, but as of this writing both Nudge and Munki use the softwareupdate binary to try to download updates to see what’s available. With the Silicon chip Macs, Apple has now made it so that softwareupdate will prompt you for a password for downloading pending updates, even if you’re running as root.

I strongly suspect both Nudge and Munki will move to some kind of model by which they either use an alternate method to determine which updates are pending (defaults read /Library/Preferences/com.apple.SoftwareUpdate RecommendedUpdates isn’t always reliable, unfortunately) or will just ask that you specify a desired build version, and then check to see if that build version is installed or not.

In the meantime, I created a sample nopkg that essentially does that—Munki will see if a desired build is installed, and then launch up System Preferences if it isn’t.

No user is logged in

Running installcheck_script for latest_build
No user is logged in. Considering "installed" for now.
latest_build version 1.0 (or newer) is already installed.

If not up to date and a user is logged in

Running installcheck_script for latest_build
20D91 is not yet the current build. The current build is 20D80
Need to install latest_build

Up to date and a user is logged in

Running installcheck_script for latest_build
20D91 is already 20D91 or higher
latest_build version 1.0 (or newer) is already installed.

Leave a comment

Your email address will not be published. Required fields are marked *