Skip to content

Instantly share code, notes, and snippets.

@bruienne

bruienne/gist:4369adc055f0c7eabf7b

Last active March 2, 2016 18:58
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save bruienne/4369adc055f0c7eabf7b to your computer and use it in GitHub Desktop.
Save bruienne/4369adc055f0c7eabf7b to your computer and use it in GitHub Desktop.
Download ZIP
Munki wiki Apple items + SUS behavior clarification
Raw
gistfile1.md

Apple update behavior notes

Munki updates and Apple Software updates can appear and be installed in the same Munki session. To prevent possible conflicts, if any item to be installed or removed from the Munki server is an Apple item, Apple updates will not be processed in the same session. An item from the Munki server is identified as an Apple item if it has the optional apple_item key set toTrue in its pkginfo file.

Additionally, an item will be treated as an apple_item during an update check if the apple_item key is missing but the item contains either a receipts array with a packageid key that starts with com.apple or an installs array with a CFBundleIdentifier key that starts with com.apple.

It is important to note that any Apple application scheduled for install without an apple_item key explicitly set to False will cause the item to be treated as an apple_item during an update check. The implication of this is that if a user has an update waiting to be installed for Pages, as an example, and the Pages update has no apple_item key set no Apple software update checks will be performed for as long as the user keeps postponing the Pages update.

In reality this means that if any high-profile Apple software updates (Security Update, OS X update) became available after the user first received the Pages update they will not be available for install until after Pages is installed. If an important OS X update has also been given a force_install_date by the admin via the apple_update_metadata method and the user doesn't install the waiting Pages until after the forced date expires, before long Managed Software Center will initiate the final one hour grace period countdown and logout to install the waiting Apple update. This may be a problem from a UX point of view and makes directly managing the apple_item key very important in order to prevent long periods of Apple software update "blackout" for users who tend to postpone waiting updates for long periods on end, or any surprises arising from passed forced install deadlines.

In order to prevent such a blackout the admin has two options:

  • Mark all Apple updates in Munki as unattended where possible
  • Set the apple_item key to False in any Apple item's pkginfo file

For additional notes on the apple_item key see this section of the Munki wiki.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment