diff --git a/README.md b/README.md
index cb04db8..3f13580 100644
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
This framework will enforce the installation of pending Apple security updates on Jamf Pro-managed Macs. Users will have the option to __Install__ or __Defer__. After a specified amount of time passes, the Mac will be prompted to install the updates, then restart automatically if any updates require it.
-This workflow is most useful for updates that require a restart and include important security-related patches (e.g. macOS Catalina 10.15.7 Supplemental), but also applies to security updates that don't require a restart (e.g. Safari 14.0.3). Basically, anything Software Update marks as "recommended" or requiring a restart is in scope.
+This workflow is most useful for updates that require a restart and include important security-related patches (e.g. macOS Ventura 13.1), but also applies to application updates that don't require a restart (e.g. Safari 16.2). Basically, anything Software Update marks as "recommended" or requiring a restart is in scope.
This framework is distributed in the form of a [munkipkg](https://github.com/munki/munki-pkg) project, which allows easy creation of a new installer package when changes are made to the script or to the LaunchDaemon that runs it. See the [Installer creation](#installer-creation) section below for specific steps on creating the installer for this framework.
@@ -11,7 +11,7 @@ This framework is distributed in the form of a [munkipkg](https://github.com/mun
Here's what needs to be in place in order to use this framework:
-- The current version of this framework officially supports __macOS Mojave, Catalina, Big Sur, and Monterey__, but older script versions should continue to function normally for previous macOS releases (note, however, that those versions of macOS are no longer receiving regular security updates from Apple and thus may not benefit from this framework).
+- The current version of this framework officially supports __macOS Catalina, Big Sur, Monterey, and Ventura__, but older script versions should continue to function normally for previous macOS releases (note, however, that those versions of macOS are no longer receiving regular security updates from Apple and thus may not benefit from this framework).
- Target Macs must be __enrolled in Jamf Pro__ and have the `jamfHelper` binary installed.
### Optional
@@ -57,8 +57,8 @@ The framework has a few limitations of note:
- Sequential updates cannot be installed as a group (e.g. Security Update 2022-003 Catalina cannot be installed unless 10.15.7 is already installed). If multiple sequential security updates are available, they are treated as two separate rounds of prompting/deferring. As a result, Macs requiring sequential updates may take more than one deferral and enforcement cycle (default 3 days) to be fully patched.
- Reasonable attempts have been made to make this workflow enforceable, but there's nothing stopping an administrator of a Mac from unloading the LaunchDaemon or resetting the preference file.
-- On Apple Silicon Macs, running `softwareupdate --download` and `softwareupdate --install` via background script are unsupported. When this framework is run on an Apple Silicon Mac, enforcement takes a "softer" form, instead opening System Preferences -> Software Update and leaving a persistent prompt in place until the updates are applied. Note that this workflow requires the Software Update preference pane to be available to a user with a [secure token and volume ownership](https://support.apple.com/guide/deployment/use-secure-and-bootstrap-tokens-dep24dbdcf9e/), so that they can apply available software updates and restart their Mac.
-- Several versions of macOS Big Sur and macOS Monterey have known software update reliability issues, resulting in inconsistently presenting new updates as available or failing to install updates. Some measures have been taken to improve reliability in the latest releases of this framework, but ultimately a resolution will require a fix from Apple. The hope is that these bugs will be fixed in a future macOS software update; in the meantime, see [#54](https://github.com/mpanighetti/install-or-defer/issues/54) and [#76](https://github.com/mpanighetti/install-or-defer/issues/76) for ongoing discussions, and reach out to Apple Enterprise Support to increase signal on the issue.
+- On Apple Silicon Macs, running `softwareupdate --download` and `softwareupdate --install` via background script are unsupported. When this framework is run on an Apple Silicon Mac, enforcement takes a "softer" form, instead opening Software Update and leaving a persistent prompt in place until the updates are applied. Note that this workflow requires the Software Update preference pane to be available to a user with a [secure token and volume ownership](https://support.apple.com/guide/deployment/use-secure-and-bootstrap-tokens-dep24dbdcf9e/), so that they can apply available software updates and restart their Mac.
+- macOS Big Sur, macOS Monterey, and macOS Ventura have known reliability issues when attempting to update your Mac using the `softwareupdate` binary, resulting in inconsistently presenting new updates as available or failing to install updates. Some measures have been taken to improve reliability in the latest releases of this framework, but ultimately a resolution will require a fix from Apple. The hope is that these bugs will be fixed in a future macOS software update; in the meantime, see [#54](https://github.com/mpanighetti/install-or-defer/issues/54) and [#76](https://github.com/mpanighetti/install-or-defer/issues/76) for ongoing discussions, and reach out to Apple Enterprise Support to increase signal on the issue.
## Settings customization
@@ -78,7 +78,7 @@ You can customize many settings using a configuration profile targeting the `$BU
|--------------------------|------------------|---------------|----------------|-------------|
|`InstallButtonLabel` |string|Install|[5.0](https://github.com/mpanighetti/install-or-defer/releases/tag/v5.0)|The label of the install button. Keep this string short since `jamfHelper` will cut off longer button labels.|
|`DeferButtonLabel` |string|Defer|[5.0](https://github.com/mpanighetti/install-or-defer/releases/tag/v5.0)|The label of the defer button. Keep this string short since `jamfHelper` will cut off longer button labels.|
-|`DisablePostInstallAlert` |boolean|`false`|[5.0.4](https://github.com/mpanighetti/install-or-defer/releases/tag/v5.0.4)|Whether to suppress the persistent alert to run updates. If set to True, clicking the install button will only launch the Software Update pane without displaying a persistent alert to upgrade, until the deadline date is reached.|
+|`DisablePostInstallAlert` |boolean|`false`|[5.0.4](https://github.com/mpanighetti/install-or-defer/releases/tag/v5.0.4)|Whether to suppress the persistent alert to run updates. If set to True, clicking the install button will only launch Software Update without displaying a persistent alert to upgrade, until the deadline date is reached.|
|`MessagingLogo` |string|Software Update icon|[5.0](https://github.com/mpanighetti/install-or-defer/releases/tag/v5.0)|File path to a logo that will be used in messaging. Recommend 512px, PNG format.|
|`SupportContact` |string|IT|[5.0](https://github.com/mpanighetti/install-or-defer/releases/tag/v5.0)|Contact information for technical support included in messaging alerts. Recommend using a team name (e.g. "Technical Support"), email address (e.g. "support@contoso.com"), or chat channel (e.g. "#technical-support").|
@@ -100,7 +100,7 @@ You can customize many settings using a configuration profile targeting the `$BU
| Key | Type | Default Value |Minimum Version | Description |
|--------------------------|------------------|---------------|----------------|-------------|
|`DiagnosticLog` |boolean|`false`|[5.0](https://github.com/mpanighetti/install-or-defer/releases/tag/v5.0)|Whether to write to a persistent log file at `/var/log/install-or-defer.log`. If undefined or set to false, the script writes all output to the system log for live diagnostics.|
-|`ManualUpdates` |boolean|Apple Silicon: `true`
Intel: `false`|[5.0.3](https://github.com/mpanighetti/install-or-defer/releases/tag/v5.0.3)|Whether to prompt users to run updates manually via System Preferences. This is always the behavior on Apple Silicon Macs and cannot be overridden. If undefined or set to false on Intel Macs, the script triggers updates via scripted `softwareupdate` commands.|
+|`ManualUpdates` |boolean|Apple Silicon: `true`
Intel: `false`|[5.0.3](https://github.com/mpanighetti/install-or-defer/releases/tag/v5.0.3)|Whether to prompt users to run updates manually via Software Update. This is always the behavior on Apple Silicon Macs and cannot be overridden. If undefined or set to false on Intel Macs, the script triggers updates via scripted `softwareupdate` commands.|
#### Create a configuration profile in Jamf Pro
@@ -216,22 +216,17 @@ Upload this package (created with munkipkg above) to the Jamf Pro server via Jam
Create a smart group for each software update or operating system patch you wish to enforce. Here are some examples to serve as guides, using regular expressions to allow for fewer criteria:
-- __Critical Update Needed: macOS Catalina 10.15.7__
- - `Operating System Build` `matches regex` `^19[A-G]`
-- __Critical Update Needed: Security Update 2021-002 Mojave__
- - `Operating System Build` `matches regex` `^18G\d{1,3}$`
- - `or` `Operating System Build` `matches regex` `^18G[1-7]\d{3}$`
- - `or` `Operating System Build` `matches regex` `^18G80[0-1]\d$`
- - `or` `Operating System Build` `matches regex` `^18G802[0-1]$`
+#### macOS update regex
-For completion's sake, here's an example of an update that won't require a restart but is still tagged as `Recommended: YES` in the `softwareupdate` catalog:
+- __Critical Update Needed: macOS Ventura 13.1__
+ - `Operating System Build` `matches regex` `^22[A-B]`
-- __Critical Update Needed: Safari 14.0.3__
+#### Application update regex
+
+- __Critical Update Needed: Safari 16.2__
- `Application Title` `is` `Safari.app`
- - `and` `(` `Application Version` `matches regex` `^\d\.`
- - `or` `Application Version` `matches regex` `^1[0-3]\.`
- - `or` `Application Version` `matches regex` `^14\.0$`
- - `or` `Application Version` `matches regex` `^14\.0\.[0-2]` `)`
+ - `and` `(` `Application Version` `matches regex` `^(\d|1[0-5])\.`
+ - `or` `Application Version` `matches regex` `^16\.[0-1]$` `)`
### Policy
diff --git a/build-info.plist b/build-info.plist
index 659bf2d..5999d8d 100644
--- a/build-info.plist
+++ b/build-info.plist
@@ -17,6 +17,6 @@
suppress_bundle_relocation
version
- 5.0.8
+ 6.0
diff --git a/payload/Library/Scripts/Install or Defer.sh b/payload/Library/Scripts/Install or Defer.sh
index 5beb9a3..b03dbde 100755
--- a/payload/Library/Scripts/Install or Defer.sh
+++ b/payload/Library/Scripts/Install or Defer.sh
@@ -15,8 +15,8 @@
# https://github.com/mpanighetti/install-or-defer
# Authors: Mario Panighetti and Elliot Jordan
# Created: 2017-03-09
-# Last Modified: 2022-12-15
-# Version: 5.0.8
+# Last Modified: 2023-02-03
+# Version: 6.0
#
###
@@ -73,7 +73,7 @@ Please contact %SUPPORT_CONTACT% for any questions."
MSG_INSTALL_NOW_HEADING="Updates are available"
MSG_INSTALL_NOW="Your Mac needs to install updates for %UPDATE_LIST%<< which require a restart>>.
-Please save your work, open System Preferences -> Software Update, and install all available updates.<< Your Mac will restart when all updates are finished installing.>>
+Please save your work, open Software Update, and install all available updates.<< Your Mac will restart when all updates are finished installing.>>
Please contact %SUPPORT_CONTACT% for any questions."
@@ -106,8 +106,8 @@ INSTALL_BUTTON_CUSTOM=$(/usr/bin/defaults read "/Library/Managed Preferences/${B
DEFER_BUTTON_CUSTOM=$(/usr/bin/defaults read "/Library/Managed Preferences/${BUNDLE_ID}" DeferButtonLabel 2>"/dev/null")
# - DisablePostInstallAlert (Boolean). Whether to suppress the persistent alert
# to run updates. Defaults to False. If set to True, clicking the install button
-# will only launch the Software Update pane without displaying a persistent
-# alert to upgrade, until the deadline date is reached.
+# will only launch Software Update without displaying a persistent alert to
+# upgrade, until the deadline date is reached.
DISABLE_POST_INSTALL_ALERT_CUSTOM=$(/usr/bin/defaults read "/Library/Managed Preferences/${BUNDLE_ID}" DisablePostInstallAlert 2>"/dev/null")
# - MessagingLogo (String). File path to a logo that will be used in messaging.
# Recommend 512px, PNG format. Defaults to the Software Update icon.
@@ -165,7 +165,7 @@ WORKDAY_END_HR_CUSTOM=$(/usr/bin/defaults read "/Library/Managed Preferences/${B
# all output to the system log for live diagnostics.
DIAGNOSTIC_LOG_CUSTOM=$(/usr/bin/defaults read "/Library/Managed Preferences/${BUNDLE_ID}" DiagnosticLog 2>"/dev/null")
# - ManualUpdates (Boolean). Whether to prompt users to run updates manually via
-# System Preferences. This is always the behavior on Apple Silicon Macs and
+# Software Update. This is always the behavior on Apple Silicon Macs and
# cannot be overridden. If undefined or set to false on Intel Macs, the script
# triggers updates via scripted softwareupdate commands.
MANUAL_UPDATES_CUSTOM=$(/usr/bin/defaults read "/Library/Managed Preferences/${BUNDLE_ID}" ManualUpdates 2>"/dev/null")
@@ -194,6 +194,14 @@ convert_seconds () {
}
+# Quits any running jamfHelper processes to dismiss existing alerts.
+quit_jamfhelper () {
+
+ echo "Killing any active jamfHelper notifications..."
+ /usr/bin/killall jamfHelper 2>"/dev/null"
+
+}
+
# Deletes cached results of previous software update checks, force-restarts the
# com.apple.softwareupdated system service, and sleeps for a period specified by
# the function run command. Necessary to make repeated update checks more
@@ -221,7 +229,7 @@ restart_softwareupdate_daemon () {
check_for_updates () {
restart_softwareupdate_daemon "30"
- echo "Checking for pending system updates..."
+ echo "Checking for pending macOS updates..."
# Capture output of softwareupdate --list, omitting any lines containing
# updates deferred via MDM.
UPDATE_CHECK="$(/usr/sbin/softwareupdate --list 2>&1 | /usr/bin/grep -v 'Deferred: YES')"
@@ -245,7 +253,7 @@ check_for_updates () {
MSG_INSTALL="$(echo "$MSG_INSTALL" | /usr/bin/sed 's/[\<\<|\>\>]//g')"
MSG_INSTALL_NOW="$(echo "$MSG_INSTALL_NOW" | /usr/bin/sed 's/[\<\<|\>\>]//g')"
MSG_UPDATING="$(echo "$MSG_UPDATING" | /usr/bin/sed 's/[\<\<|\>\>]//g')"
- # If any update do not require a restart but are recommended by Apple,
+ # If any updates do not require a restart but are recommended,
# only install recommended updates.
elif echo "$UPDATE_CHECK" | /usr/bin/tr '[:upper:]' '[:lower:]' | /usr/bin/grep -q "recommended"; then
INSTALL_WHICH="recommended"
@@ -270,20 +278,15 @@ check_for_updates () {
# Parse software update list for user-facing messaging.
format_update_list () {
- # Capture update names and versions.
- if [[ "$OS_MAJOR" -eq 10 && "$OS_MINOR" -lt 15 ]]; then
- UPDATE_LIST="$(echo "$UPDATE_CHECK" | /usr/bin/awk -F'[\(\)]' '/recommended/ {print $1 $2}')"
+ # Capture update names and versions. Omit the Version column if the
+ # update list includes a "macOS" update, as those updates tend to
+ # already include version information in the Title column.
+ # Note that this will omit version strings from any other pending
+ # updates, e.g. Safari.
+ if echo "$UPDATE_CHECK" | /usr/bin/grep -q "macOS"; then
+ UPDATE_LIST="$(echo "$UPDATE_CHECK" | /usr/bin/awk -F'[:,]' '/Title:/ {print $2}')"
else
- # Omit the Version column if the update list includes a "macOS" update,
- # as those updates tend to already include version information in the
- # Title column.
- # Note that this will omit version strings from any other pending
- # updates, e.g. Safari.
- if echo "$UPDATE_CHECK" | /usr/bin/grep -q "macOS"; then
- UPDATE_LIST="$(echo "$UPDATE_CHECK" | /usr/bin/awk -F'[:,]' '/Title:/ {print $2}')"
- else
- UPDATE_LIST="$(echo "$UPDATE_CHECK" | /usr/bin/awk -F'[:,]' '/Title:/ {print $2 $4}')"
- fi
+ UPDATE_LIST="$(echo "$UPDATE_CHECK" | /usr/bin/awk -F'[:,]' '/Title:/ {print $2 $4}')"
fi
# Convert update list from multiline to comma-separated list.
UPDATE_LIST="$(echo "$UPDATE_LIST" | /usr/bin/tr '\n' ',' | /usr/bin/sed 's/^ *//; s/,/, /g; s/, $//')"
@@ -295,7 +298,7 @@ format_update_list () {
elif [[ "$COMMA_COUNT" -eq 1 ]]; then
UPDATE_LIST="$(echo "$UPDATE_LIST" | sed 's/\(.*\),/\1 and/')"
fi
- # Populate the list of pending updates in message text.
+ # Populate the list of required updates in messaging.
MSG_INSTALL_OR_DEFER="$(echo "$MSG_INSTALL_OR_DEFER" | /usr/bin/sed "s/%UPDATE_LIST%/${UPDATE_LIST}/")"
MSG_INSTALL="$(echo "$MSG_INSTALL" | /usr/bin/sed "s/%UPDATE_LIST%/${UPDATE_LIST}/")"
MSG_INSTALL_NOW="$(echo "$MSG_INSTALL_NOW" | /usr/bin/sed "s/%UPDATE_LIST%/${UPDATE_LIST}/")"
@@ -310,8 +313,7 @@ format_update_list () {
display_act_msg () {
# Display persistent HUD with update prompt message.
- echo "Killing any active jamfHelper notifications..."
- /usr/bin/killall jamfHelper 2>"/dev/null"
+ quit_jamfhelper
echo "Displaying \"install updates\" message for $(( UPDATE_DELAY / 60 )) minutes before automatically applying updates..."
"$JAMFHELPER" -windowType "utility" -windowPosition "ur" -title "$MSG_INSTALL_HEADING" -description "$MSG_INSTALL" -icon "$MESSAGING_LOGO" -button1 "$INSTALL_BUTTON" -defaultButton 1 -alignCountdown "right" -timeout "$UPDATE_DELAY" -countdown >"/dev/null"
@@ -320,42 +322,38 @@ display_act_msg () {
}
-# Opens System Preferences -> Software Update, optionally prompting user to
-# install updates via HUD message and automatically applying the update when
-# able.
+# Opens Software Update, optionally prompting user to install updates via
+# HUD message and automatically applying the update when able.
install_updates () {
# If manual updates are enabled, inform the user of required updates and
- # open the Software Update window.
+ # open Software Update.
if [[ "$MANUAL_UPDATES" = "True" ]]; then
echo "Script has been configured to have user run updates manually."
# If persistent notification is disabled and there is still deferral
# time left, just open Software Update once.
if [[ "$DISABLE_POST_INSTALL_ALERT_CUSTOM" -eq 1 ]] && (( DEFER_TIME_LEFT > 0 )) ; then
- echo "Persistent alerting is disabled with deferral time remaining. Opening Software Update a single time..."
- # Open System Preferences -> Software Update in current user context.
- /bin/launchctl asuser "$USER_ID" open "/System/Library/PreferencePanes/SoftwareUpdate.prefPane"
+ echo "Persistent alerting is disabled with deferral time remaining. Opening Software Update a single time..."
+ # Open Software Update in current user context.
+ /bin/launchctl asuser "$USER_ID" open "/System/Library/PreferencePanes/SoftwareUpdate.prefPane"
# Display a persistent alert while opening Software Update and repeat
# until the user manually runs updates.
else
- echo "Displaying persistent alert until updates are applied..."
+ echo "Displaying persistent alert until updates are applied..."
# Loop this check until softwareupdate --list shows no more pending
# recommended updates.
while [[ $(/usr/sbin/softwareupdate --list) == *"Recommended: YES"* ]]; do
- # Clear out jamfHelper alert to prevent pileups.
- echo "Killing any active jamfHelper notifications..."
- /usr/bin/killall jamfHelper 2>"/dev/null"
-
# Display persistent HUD with update prompt message.
- echo "Prompting to install updates now and opening System Preferences -> Software Update..."
+ quit_jamfhelper
+ echo "Prompting to install updates now and opening Software Update..."
"$JAMFHELPER" -windowType "hud" -windowPosition "ur" -icon "$MESSAGING_LOGO" -title "$MSG_INSTALL_NOW_HEADING" -description "$MSG_INSTALL_NOW" -lockHUD &
- # Open System Preferences -> Software Update in current user context.
+ # Open Software Update in current user context.
/bin/launchctl asuser "$USER_ID" open "/System/Library/PreferencePanes/SoftwareUpdate.prefPane"
# Leave the alert up for 60 seconds before looping.
@@ -366,7 +364,9 @@ install_updates () {
fi
else
+
# Display HUD with updating message.
+ quit_jamfhelper
"$JAMFHELPER" -windowType "hud" -windowPosition "ur" -icon "$MESSAGING_LOGO" -title "$MSG_UPDATING_HEADING" -description "$MSG_UPDATING" -lockHUD &
# Install Apple system updates.
@@ -384,7 +384,7 @@ install_updates () {
# Trigger restart if script found an update which requires it.
if [[ "$INSTALL_WHICH" = "all" ]]; then
- # Shut down the Mac if BridgeOS received an update requiring it.
+ # Shut down the Mac (instead of restarting) if an update requires it.
if [[ "$UPDATE_OUTPUT_CAPTURE" == *"select Shut Down from the Apple menu"* ]]; then
trigger_restart "shut down"
# Otherwise, restart the Mac.
@@ -408,8 +408,7 @@ install_updates () {
# /private/tmp for deletion on a subsequent restart.
clean_up () {
- echo "Killing any active jamfHelper notifications..."
- /usr/bin/killall jamfHelper 2>"/dev/null"
+ quit_jamfhelper
echo "Cleaning up stored plist values..."
/usr/bin/defaults delete "$PLIST" 2>"/dev/null"
@@ -551,9 +550,12 @@ echo "Starting $(/usr/bin/basename "$0"). Performing validation and error checki
# Define custom $PATH.
PATH="/usr/sbin:/usr/bin:/usr/local/bin:${PATH}"
-# Bail out if the jamfHelper doesn't exist.
+# Quit any running instances of jamfHelper.
JAMFHELPER="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper"
-if [[ ! -x "$JAMFHELPER" ]]; then
+if [[ -e "$JAMFHELPER" ]]; then
+ quit_jamfhelper
+# Bail out if the jamfHelper doesn't exist.
+else
bail_out "❌ ERROR: The jamfHelper binary must be present in order to run this script."
fi
@@ -563,6 +565,12 @@ if [[ ! -e "$JAMF_BINARY" ]]; then
bail_out "❌ ERROR: The jamf binary must be present in order to run this script."
fi
+# Bail out if Jamf Pro URL is undefined in local plist.
+JAMF_PRO_URL=$(/usr/bin/defaults read "/Library/Preferences/com.jamfsoftware.jamf" jss_url 2>"/dev/null")
+if [[ -z "$JAMF_PRO_URL" ]]; then
+ bail_out "❌ ERROR: There is no Jamf Pro URL stored."
+fi
+
# Determine platform architecture.
PLATFORM_ARCH="$(/usr/bin/arch)"
@@ -570,12 +578,12 @@ PLATFORM_ARCH="$(/usr/bin/arch)"
OS_MAJOR=$(/usr/bin/sw_vers -productVersion | /usr/bin/awk -F . '{print $1}')
OS_MINOR=$(/usr/bin/sw_vers -productVersion | /usr/bin/awk -F . '{print $2}')
-# This script has currently been tested in macOS 10.14, macOS 10.15, macOS 11,
-# and macOS 12. It will exit with error for any other macOS versions.
+# This script has currently been tested in macOS 10.15, macOS 11, macOS 12,
+# and macOS 13. It will exit with error for any other macOS versions.
# When new versions of macOS are released, this logic should be updated after
# the script has been tested successfully.
-if [[ "$OS_MAJOR" -lt 10 ]] || [[ "$OS_MAJOR" -eq 10 && "$OS_MINOR" -lt 14 ]] || [[ "$OS_MAJOR" -gt 12 ]]; then
- bail_out "❌ ERROR: This script supports macOS 10.14 Mojave, macOS 10.15 Catalina, macOS 11 Big Sur, and macOS 12 Monterey, but this Mac is running macOS ${OS_MAJOR}.${OS_MINOR}, unable to proceed."
+if [[ "$OS_MAJOR" -lt 10 ]] || [[ "$OS_MAJOR" -eq 10 && "$OS_MINOR" -lt 15 ]] || [[ "$OS_MAJOR" -gt 13 ]]; then
+ bail_out "❌ ERROR: This script supports macOS 10.15 Catalina, macOS 11 Big Sur, macOS 12 Monterey, and macOS 13 Ventura, but this Mac is running macOS ${OS_MAJOR}.${OS_MINOR}, unable to proceed."
fi
# Determine software update custom catalog URL if defined. Used for running beta
@@ -661,12 +669,16 @@ fi
echo "Manual updates: ${MANUAL_UPDATES}"
# Check for a custom messaging logo image, otherwise default to the Software
-# Update preference pane icon.
+# Update icon.
if [[ -n "$MESSAGING_LOGO_CUSTOM" ]] && [[ -f "$MESSAGING_LOGO_CUSTOM" ]]; then
MESSAGING_LOGO="$MESSAGING_LOGO_CUSTOM"
else
echo "Messaging logo undefined by admininstrator, or not found at specified path. Using default value."
- MESSAGING_LOGO="/System/Library/PreferencePanes/SoftwareUpdate.prefPane/Contents/Resources/SoftwareUpdate.icns"
+ if [[ "$OS_MAJOR" -lt 13 ]]; then
+ MESSAGING_LOGO="/System/Library/PreferencePanes/SoftwareUpdate.prefPane/Contents/Resources/SoftwareUpdate.icns"
+ else
+ MESSAGING_LOGO="/System/Library/PrivateFrameworks/SoftwareUpdate.framework/Versions/Current/Resources/SoftwareUpdate.icns"
+ fi
fi
echo "Messaging logo: ${MESSAGING_LOGO}"
@@ -795,7 +807,7 @@ if (( DEFER_TIME_LEFT > 0 )); then
# If manual updates are enabled,
# track the next deferral before proceeding.
- if [[ "$MANUAL_UPDATES_CUSTOM" -eq 1 ]]; then
+ if [[ "$MANUAL_UPDATES" = "True" ]]; then
echo "Manual updates are enabled, so we'll continue to track the next deferral date in case the update isn't run in a timely manner."
NEXT_PROMPT=$(( $(/bin/date +%s) + EACH_DEFER ))
if (( FORCE_DATE < NEXT_PROMPT )); then