Munki updates and Apple Software updates can appear and be installed in the same Munki session. To prevent possible conflicts, if any item to be installed or removed from the Munki server is an Apple item, Apple updates will not be processed in the same session. An item from the Munki server is identified as an Apple item if it has the optional apple_item
key set toTrue
in its pkginfo file.
Additionally, an item will be treated as an apple_item
during an update check if the apple_item
key is missing but the item contains either a receipts
array with a packageid
key that starts with com.apple
or an installs
array with a CFBundleIdentifier
key that starts with com.apple
.
It is important to note that any Apple application scheduled for install without an apple_item
key explicitly set to False
will cause the item to be treated as an apple_item
during an update check. The implication of this is that if a user has an update waiting to be installed for Pages, as an example, and the Pages update has no apple_item
key set no Apple software update checks will be performed for as long as the user keeps postponing the Pages update.
In reality this means that if any high-profile Apple software updates (Security Update, OS X update) became available after the user first received the Pages update they will not be available for install until after Pages is installed. If an important OS X update has also been given a force_install_date
by the admin via the apple_update_metadata
method and the user doesn't install the waiting Pages until after the forced date expires, before long Managed Software Center will initiate the final one hour grace period countdown and logout to install the waiting Apple update. This may be a problem from a UX point of view and makes directly managing the apple_item
key very important in order to prevent long periods of Apple software update "blackout" for users who tend to postpone waiting updates for long periods on end, or any surprises arising from passed forced install deadlines.
In order to prevent such a blackout the admin has two options:
- Mark all Apple updates in Munki as unattended where possible
- Set the
apple_item
key toFalse
in any Apple item's pkginfo file
For additional notes on the apple_item
key see this section of the Munki wiki.