Home › Forums › OS X Server and Client Discussion › Updates › softwareupdate scripting
Hey, all,
Anyone out there got any automated softwareupdate scripts they want to share? Here’s one I wrote. Not even remotely pretty, and all are welcome to dissect it. What can I say? I’m a bash rookie…
A forewarning about the script, though. This script is kicked off via cron every night at 1:15 AM. We’ve got 1500 OS X-capable Macs, and each school has pretty limited bandwidth. As such, my thought was to randomize the day the script runs softwareupdate (statistically giving softwareupdate a 20% chance of running each night). Also, to try to prevent a bunch of machines hammering the network all at the same time, there’s a section that randomizes (within an hour) when softwareupdate actually kicks off.
It works, it’s ugly, but hey… It works.
If you do end up using this script, I only ask that you give credit where credit’s due.
Happy scripting, all!
#!/bin/sh
# This script attempts to call softwareupdate, checks if reboots are necessary,
# then runs the softwareupdate command, rebooting if necessary. If reboots
# are not necessary, it exits after the install.
# Written by:
# Dave Bruhn
# Durham Public School District
# Durham, NC
# Rewritten slightly by Eric Frost, IBM, Inc.
# Variables and such
tmp_file=/tmp/softwareupdate.$$
trap ‘rm -rf $tmp_file’ EXIT
reboot=””
found_updates=””
offset_time=””
random_day=””
# Bandwidth is at a premium. Let’s play the lottery and see if updates run today.
RANGE=5
random_day=$RANDOM
let “random_day %= $RANGE”
echo “Random number is $random_day.”
if [ $random_day != “3” ]
then
echo “Today is not the day. Bye-bye.”
exit 0
fi
# Clocks tend to get skewed. Let’s clean this up.
/usr/sbin/ntpdate -u
wait
# Need to offset the start time of this script.
# First, generate random number. This will be number of seconds.
RANGE=3600
offset_time=$RANDOM
let “offset_time %= $RANGE”
# Let the script sleep for the offset time so we don’t hammer our bandwidth
echo “Software Update will sleep for $offset_time seconds. Please hold.”
sleep $offset_time
# And we’re off. Run software update and wait until done.
/usr/sbin/softwareupdate -l > $tmp_file
wait
reboot=$(/usr/bin/grep “restart” $tmp_file | /usr/bin/wc -w)
echo “Restart is $reboot”
found_updates=$(/usr/bin/grep “found the following” $tmp_file | /usr/bin/wc -w)
echo “Updates found is $found_updates”
/bin/rm -rf $tmp_file
if [ $found_updates = “0” ]
then
echo “No updates found. Exiting.”
else
if [ $reboot = “0” ]
then
echo “Updates found, but no reboot required. Installing now.”
/usr/sbin/softwareupdate -i –all
else
echo “Updates found, reboot required. Installing now.”
/usr/sbin/softwareupdate -i –all
wait
/sbin/reboot
fi
fi
exit 0
Wow… dozens and dozens of views over the last month, and no takers? Come on, someone out there MUST have written a script! 🙂
You should probably add this to the top of the script:
[code]export COMMAND_LINE_INSTALL=1
export USER=foo[/code]
User foo is any account that can login.
This will resolve problems with iTunes upgrades.
Would it make a difference that this script is being run from /etc/periodic/daily/?
No. This should be set in the script no matter where it is run from. Except if you run it from the Terminal while you are logged into an account.
Awesome. I’ll add it to my script and, of course, test it before I deploy it. 😉
Couple of questions/suggestions: are you obtain software updates from Apple or are you running your own software update server? If you are obtaining updates from Apple, you might want to consider having your own software update server to pull updates from Apple and then the clients pulling from the local network server (this will save your WAN bandwidth).
Regarding your script, have you tried running with launchd instead of cron? Launchd provides more flexibility. Here is a link for a graphic user interface for launchd: http://tuppis.com/lingon/
The script written above was originally intended for an environment that did not have a software update server available. Therefore, managing what updates got deployed was not really feasible.
The purpose for writing the script was because of the fact that teachers would often not run updates, or there would be only one teacher per building that would run them. As such, it was written to be a timesaver for those teachers (and for myself), as well as to make sure that at least SOME updates would be installed. Granted, a few updates from Apple have had less-than-desirable results, but those have been few and far between.
We never added any cron entries for this script. We simply dropped it into /etc/periodic/daily so that it’d kick off at the default of 3:15 AM. This time was perfect as it was early enough in the day that it would not affect school hours or affect the required nightly bandwidth for other school-related functions.
However, I am working on a new endeavor involving backups for FileVault-enabled user accounts, and we’re intending to use launchd for that. Your link proves quite helpful in that regard, so thanks! 🙂