Created
March 13, 2018 23:18
-
-
Save apizz/6b8c56137cd873b1c1dec90bb0bc2823 to your computer and use it in GitHub Desktop.
Install Apple Security Update
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Variable must match the name exactly as it appears in the `softwareupdate -l` listing | |
PATCH_TO_MATCH="$4" | |
# Security Product Key number - AKA /Library/Updates directory with contained updates | |
SEC_PROD_KEY="$5" | |
# Defined maximum % of used space allowed in order to download the update | |
MINPERCENTFREE="$6" | |
# Custom trigger of DownloadSecurityPatch.sh script policy | |
CUSTOMTRIGGER="$7" | |
# Available space of boot volume / | |
AVAILSPACE=$(/bin/df / | /usr/bin/tail -1 | /usr/bin/awk '{print $4}') | |
# Total storage capacity of boot volume / | |
DRIVESTORAGE=$(/bin/df / | /usr/bin/tail -1 | /usr/bin/awk '{print $2}') | |
# Percentage of available storage space | |
PERCENTFREE=$(/bin/echo $(( $AVAILSPACE * 100 / $DRIVESTORAGE ))) | |
# If your defined max used % is less than the used drive % than prevent install and exit | |
if [ "$PERCENTFREE" -lt "$MINPERCENTFREE" ]; then | |
/bin/echo "Insufficient free space available. Exiting script." | |
exit 1 | |
fi | |
# Ensure the download policy has already run and that if not that it doesn't recon | |
sudo jamf policy -event "$CUSTOMTRIGGER" -forceNoRecon | |
# Searches cached softwareupdate list for the first available security update | |
SEC_UPDATE=$(sudo /usr/sbin/softwareupdate -l --no-scan | /usr/bin/grep Security | /usr/bin/head -1 | /usr/bin/sed 's/^.*Security/Security/') | |
# If security update name from Apple list matches expected name, check that | |
# the Security Product Key folder exists, and then install security update | |
if [ "$PATCH_TO_MATCH" = "$SEC_UPDATE" ]; then | |
if [ -d "/Library/Updates/$SEC_PROD_KEY" ]; then | |
/bin/echo "Installing ${SEC_UPDATE} ..." | |
/usr/sbin/softwareupdate -i "$SEC_UPDATE" | |
exitcode=$(/bin/echo $?) | |
else | |
# In the event the Security Product Key folder doesn't exist | |
/bin/echo "ERROR - /Library/Updates/${SEC_PROD_KEY} Does Not Exist." | |
exit 1 | |
fi | |
else | |
# In the event the expected security update is not found in the softwareupdate list | |
/bin/echo "No Security Update Match Found" | |
exit 1 | |
fi | |
if [ "$exitcode" = 0 ]; then | |
/bin/echo "${SEC_UPDATE} Install Completed Successfully!" | |
fi | |
exit $exitcode |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment