Mac firmware updates generally need some sort of user intervention in order to apply them.
This makes it very difficult to automate the process. I did manage at one point to automate SMC updates, but EFI updates and other hardware (keyboards, trackpads, graphics) each have their own issues.
So I finally decided to just punt on the issue. Here’s what I do now: a script runs at login and checks softwareupdate, looking for available firmware updates. If there are any, the user is notified to call the help desk.
The script follows.
#!/usr/bin/perl -w
use strict;
# change 'com.myorg' to your organization name
my $prefs = "com.myorg.firmwareupdatecheck";
# check the last time we ran on this machine;
# exit if we already ran today so we don't annoy too much
my $now = time;
my $lastChecked =
`defaults -currentHost read $prefs lastChecked 2>/dev/null`;
chomp $lastChecked;
if ($lastChecked ne "") {
my $daysSinceLastChecked =
int(($now-$lastChecked)/(60*60*24));
exit if ($daysSinceLastChecked < 1);
}
# get list of available updates from softwareupdate
my $allupdates = `softwareupdate -l | grep '^ \\* '`;
chomp $allupdates;
my @updates = split /\n/, $allupdates;
my $firmwareupdates = "";
my $firmwarelist = "";
my $otherupdates = "";
# walk through the list looking for firmware updates
for my $update (@updates) {
$update = substr($update,5);
if (( $update =~ /[F|f]irmware/)
|| ($update =~ /EFI/)
|| ($update =~ /SMC/)) {
$firmwareupdates .= "$update ";
$firmwarelist .= " $update\n";
} else {
$otherupdates .= "$update ";
}
}
# record when we checked and what we found
system "defaults -currentHost write $prefs lastChecked -int $now";
system "defaults -currentHost write $prefs availableUpdates '$firmwareupdates'";
if ($firmwareupdates) {
# there are available firmware updates
if ($otherupdates) {
# hide the non-firmware updates since I don't want users tempted to install them
system "softwareupdate --ignore $otherupdates >/dev/null 2>&1";
}
# are we running under an admin account?
my $checkAdmin = `dseditgroup -o checkmember admin`;
if ($checkAdmin =~ /^yes/) {
# user is an admin, prompt them to install
my $result = `osascript<<EOFA
try
tell application "System Events"
activate
display alert "Firmware updates available" message "There are firmware updates available for this Mac:" & return & "$firmwarelist" as warning buttons {"Later", "Install"} default button "Install" cancel button "Later" giving up after 120
end tell
if button returned of the result is "Install" then
do shell script "open '/System/Library/CoreServices/Software Update.app'"
end if
end try
EOFA`;
} else {
# user is not an admin, tell them to call help desk
my $result = `osascript<<EOFB
try
tell application "System Events"
activate
display alert "Firmware updates available" message "There are firmware updates available for this Mac:" & return & "$firmwarelist" & return & "Please call Tech Support at 555-1212 for help in installing these updates." as warning buttons {"OK"} default button "OK" cancel button "OK" giving up after 120
end tell
end try
EOFB`;
}
}
That script looks like its being cut off…..look at the 5th line down and other lines.
That’s why I wrote “WordPress may cut off the display of longer lines, but you should still be able to copy and paste into your favorite text editor.”
-Greg
lol…..whoops…..didn’t read that went straight to looking at the script! Sorry!
Hi Greg, how do you guys deal with system updates as a whole? At our enterprise, the desktop users are not admins. This leaves them no way to run the software updates since they are not admins.
We have a software update server, and all our OSX clients point to it for the update repository. But they have no mechanism to run this since they are not admins. I’m curious what others are doing to get around this.
We use radmind; other options include pushing packages out with Apple Remote Desktop, the Casper Suite, LANRev, Kbox, etc.
If all you care about is updates from Apple, another option would be a script that ran as root and called softwareupdate to get available updates and apply them.
There is also a nice launchd item we use called autosoftwareupdate. Downloads are pulled from Apple or your server and applied while the machine is idle and at the login prompt. I picked this up back in 06 from AFP548.com. http://www.afp548.com/article.php?story=20060119141302543&query=autosoftwareupdate