Articles January 19, 2006 at 2:13 pm

A Better Way of Automating Software Updates

Managing Software Update with Open Directory is a nice feature of v10.4 Server, but trying to automate the delivery over those updates is a little cumbersome. Some users have set up a cron job to periodically execute the softwareupdate command-line utility. Doing so can present some issues like updates that require a restart, missed updates because the client was powered off during the scheduled execution, as well the question about applying updates while a user is currently logged into the client.
I have developed a utility called autosoftwareupdate to try to address those concerns. The autosoftwareupdate utility is a launchd daemon that periodically checks if any software updates are available for the system. By default, autosoftwareupdate will check for available updates hourly. The duration of time can be adjusted via its launchd property list file with a text editor or Lingon. All output, including progress, history and errors is logged to ‘/var/log/autosoftwareupdate.log’.

The utility is designed to run when a user is not logged into the system (excluding remote terminal sessions). If a user is not logged into the system, the utility will check for and apply all available software updates. The system will be restarted only if it is required by an update and there isn’t a user logged in (A user could log in from the time the software update started to the time the reboot would occur). If a network connection is not available while checking for a software update, autosoftwareupdate will log this and try to check again at the pre-configured interval. Also, if some updates were successful and others were not, this information will be logged.

Since autosoftwareupdate is run as a launchd item, a client that is asleep during the configured update interval, will have autosoftwareupdate executed when the client resumes from sleep.

The autosoftwareupdate utility can also be used in conjunction with Mac OS X Server’s Software Update Server feature, allowing you to filter out updates that have yet to be tested or approved by system administrators. In order to do this though, you may need to push out a file to clients rather than setting the managed preference in Open Directory. There have been instances where softwareupdate will contact Apple instead of your own Software Update Server when the client is at the LoginWindow. It appears that even if the managed preference is applied to a Computer List, the managed com.apple.SoftwareUpdate.plist file gets created at /Library/Managed Preferences/username/, causing the managed Software Update Server to be effective only when a user is logged in locally.

The workaround to this, if you are using autosoftwareupdate or still decide to do a cron job, is to execute either:

For all users and the system:

sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate CatalogURL http://your.softwareupdateserver.com:8088/

For just the system:

sudo defaults write /private/var/root/Library/Preferences/com.apple.SoftwareUpdate CatalogURL http://your.softwareupdateserver.com:8088/

To download an Installer package (Universal Binary):
http://www.orblet.com/downloads/autosoftwareupdate.mpkg.zip

To download the project’s source:
http://www.orblet.com/downloads/autosoftwareupdate.src.zip

The autosoftwareupdate utility is installed at ‘/usr/local/bin/autosoftwareupdate’. The launchd property list can be found at ‘/Library/LaunchDaemons/autosoftwareupdate.plist’.

I hope to have a site available soon for contributing source code back to the project. In the meantime, please just contact me.

3 Comments

Leave a reply

You must be logged in to post a comment.