Tag: Software Update

Changes to launchctl kickstart in macOS 14.4

macOS Sonoma logomacOS 14.4 includes a change that has the potential to impact a number of MacAdmins.

For the past couple years, launchctl kickstart has been widely used in an attempt to fix stuck macOS processes.

This first use came to prominence in relation to softwareupdate but more recently has been used for mdmclient as well.

MDM vendor Addigy even released a free tool, MDM Watchdog that uses kickstart to attempt to automatically remediate these issues.

Read on for details on why this might not work going forward.

Continue reading

Nudge deadlines in local timezones

Nudge iconA frequent request for the open source tool Nudge is local timezone support. Nudge was coded to use UTC for configuring and enforcing the installation deadline for macOS updates.

This means that global companies have had to pick a single deadline for their entire fleet. Alternatively they could deploy multiple configurations for different regions. Neither option is ideal.

Bob Gendler set out to code a local timezone feature only to find out, to everyone’s surprise, that it already exists!

Read on for the details…

Continue reading

Automating Reposado with Slack Notifications

To know when Apple releases new updates that are downloaded by my Reposado server I’ve been depending on random checks via Margarita, emails from the Security-announce list or discussions on the MacAdmins Slack. Automating repo_sync runs is easy enough with a LaunchDaemon or cron job, but I want to automatically be notified whenever a new update is detected.

When searching to see if anyone had already done the work I found a script by Michael Stango on GitHub that sends email notifications when new updates are downloaded. Stango’s script even takes things a step further with the ability to automatically add new products to a testing branch. Awesome!

Since I have all my similar notifications (AutoPkg, MAU, etc.) feeding into Slack I wanted to send Reposado notifications there as well. I’ve been testing the updated bash script for a few weeks and am happy to share it, read on if you are interested in the details.

Continue reading

Working around failed Apple software updates with Munki

For at least a year MacAdmins have been dealing with Apple security updates failing if they are not installed soon after being downloaded. This is especially apparent to Munki admins who have Managed Software Center (MSC) configured to install Apple updates. Munki will invoke softwareupdate to download updates as soon as they are detected but users can defer the installation via MSC indefinitely by default.

If enough time has passed when the user finally decides to allow the logout / reboot for the update it will silently fail. The computer will reboot and the user will find themselves at the login window thinking the update completed successfully. However an hour or so later softwareupdate will again detect the update, download it and MSC will prompt the user to logout and install the same update they think they had just installed.

This is not a great user experience and has led to some frustration here at the newspaper. I’ve written a script that works around this behavior, read on if you are interested in the details.

Continue reading