« iTunes preference management
Macworld 2009 MCX presentation »

Firmware Updates Redux

Mac firmware updates generally need some sort of user intervention in order to apply them.

This makes it very difficult to automate the process. I did manage at one point to automate SMC updates, but EFI updates and other hardware (keyboards, trackpads, graphics) each have their own issues.

So I finally decided to just punt on the issue. Here’s what I do now: a script runs at login and checks softwareupdate, looking for available firmware updates. If there are any, the user is notified to call the help desk.

The script follows. 


#!/usr/bin/perl -w

use strict;

# change 'com.myorg' to your organization name
my $prefs = "com.myorg.firmwareupdatecheck";

# check the last time we ran on this machine; 
# exit if we already ran today so we don't annoy too much
my $now = time;
my $lastChecked = 
   `defaults -currentHost read $prefs lastChecked 2>/dev/null`;
chomp $lastChecked;
if ($lastChecked ne "") {
  my $daysSinceLastChecked = 
     int(($now-$lastChecked)/(60*60*24));
  exit if ($daysSinceLastChecked < 1);
}

# get list of available updates from softwareupdate
my $allupdates = `softwareupdate -l | grep '^   \\* '`;
chomp $allupdates;
my @updates = split /\n/, $allupdates;
my $firmwareupdates = "";
my $firmwarelist = "";
my $otherupdates = "";

# walk through the list looking for firmware updates
for my $update (@updates) {
  $update = substr($update,5);
  if ((     $update =~ /[F|f]irmware/) 
        || ($update =~ /EFI/) 
        || ($update =~ /SMC/)) {
    $firmwareupdates .= "$update ";
    $firmwarelist .= "   $update\n";
  } else {
    $otherupdates .= "$update ";
  }
}

# record when we checked and what we found
system "defaults -currentHost write $prefs lastChecked -int $now";
system "defaults -currentHost write $prefs availableUpdates '$firmwareupdates'";

if ($firmwareupdates) {
  # there are available firmware updates
  if ($otherupdates) {
    # hide the non-firmware updates since I don't want users tempted to install them
    system "softwareupdate --ignore $otherupdates >/dev/null 2>&1";
  }
  
  # are we running under an admin account?
  my $checkAdmin = `dseditgroup -o checkmember admin`;
  if ($checkAdmin =~ /^yes/) {
     # user is an admin, prompt them to install
           my $result = `osascript<<EOFA
try
  tell application "System Events"
    activate
    display alert "Firmware updates available" message "There are firmware updates available for this Mac:" & return & "$firmwarelist" as warning buttons {"Later", "Install"} default button "Install" cancel button "Later" giving up after 120
  end tell
  if button returned of the result is "Install" then
    do shell script "open '/System/Library/CoreServices/Software Update.app'"
  end if
end try
EOFA`;

  } else {
    # user is not an admin, tell them to call help desk
    my $result = `osascript<<EOFB
try
  tell application "System Events"
    activate
    display alert "Firmware updates available" message "There are firmware updates available for this Mac:" & return & "$firmwarelist" & return & "Please call Tech Support at 555-1212 for help in installing these updates." as warning buttons {"OK"} default button "OK" cancel button "OK" giving up after 120
  end tell
end try
EOFB`;
  }
}
Explore posts in the same categories: AppleScript, OS X, Perl

This entry was posted on January 6, 2009 at 1:45 pm and is filed under AppleScript, OS X, Perl. You can subscribe via RSS 2.0 feed to this post's comments. You can comment below, or link to this permanent URL from your own site.

6 Comments on “Firmware Updates Redux”

  1. DB Says:

    January 7, 2009 at 12:04 pm

    That script looks like its being cut off…..look at the 5th line down and other lines.

    Reply
  2. GregN Says:

    January 7, 2009 at 12:14 pm

    That’s why I wrote “WordPress may cut off the display of longer lines, but you should still be able to copy and paste into your favorite text editor.”

    -Greg

    Reply
  3. DB Says:

    January 7, 2009 at 5:10 pm

    lol…..whoops…..didn’t read that went straight to looking at the script! Sorry!

    Reply
  4. Jeff Says:

    January 13, 2009 at 10:02 am

    Hi Greg, how do you guys deal with system updates as a whole? At our enterprise, the desktop users are not admins. This leaves them no way to run the software updates since they are not admins.

    We have a software update server, and all our OSX clients point to it for the update repository. But they have no mechanism to run this since they are not admins. I’m curious what others are doing to get around this.

    Reply
  5. GregN Says:

    January 13, 2009 at 1:54 pm

    We use radmind; other options include pushing packages out with Apple Remote Desktop, the Casper Suite, LANRev, Kbox, etc.

    If all you care about is updates from Apple, another option would be a script that ran as root and called softwareupdate to get available updates and apply them.

    Reply
  6. LG Says:

    July 18, 2009 at 7:11 am

    There is also a nice launchd item we use called autosoftwareupdate. Downloads are pulled from Apple or your server and applied while the machine is idle and at the login prompt. I picked this up back in 06 from AFP548.com. http://www.afp548.com/article.php?story=20060119141302543&query=autosoftwareupdate

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 145 other followers

%d bloggers like this: