Context
This is really just a proof-of-concept, but as of this writing both Nudge and Munki use the softwareupdate
binary to try to download updates to see what’s available. With the Silicon chip Macs, Apple has now made it so that softwareupdate
will prompt you for a password for downloading pending updates, even if you’re running as root.
I strongly suspect both Nudge and Munki will move to some kind of model by which they either use an alternate method to determine which updates are pending (defaults read /Library/Preferences/com.apple.SoftwareUpdate RecommendedUpdates
isn’t always reliable, unfortunately) or will just ask that you specify a desired build version, and then check to see if that build version is installed or not.
In the meantime, I created a sample nopkg that essentially does that—Munki will see if a desired build is installed, and then launch up System Preferences if it isn’t.
No user is logged in
Running installcheck_script for latest_build
No user is logged in. Considering "installed" for now.
latest_build version 1.0 (or newer) is already installed.
If not up to date and a user is logged in
Running installcheck_script for latest_build
20D91 is not yet the current build. The current build is 20D80
Need to install latest_build
Up to date and a user is logged in
Running installcheck_script for latest_build
20D91 is already 20D91 or higher
latest_build version 1.0 (or newer) is already installed.
Leave a Reply