#!/bin/sh ################ # # Software Update Service # Revision 2004041903 # # created by jlevitsk@joshie.com ( www.foist.org ) # idea from tim.bounds@duke.edu # https://lists.aas.duke.edu/pipermail/macgroup/2003-August/000572.html # ################# # Anacron kicks off daily scripts 5 minutes in so probably we are plugged in by now to ether or wifi # now let us see that it is a most likely fast connection this would suck over dialup. # echo "SUS: Checking for connectivity to check for updates..." # pause for 1 minute to account for job running when laptop is waking up. # AirPort cards are sometimes bad at kicking in super-quick so we'll be safe # and add a delay. sleep 60 en0status=`ifconfig en0 | /usr/bin/awk '/status: active/ {print $1}'` en1status=`ifconfig en1 | /usr/bin/awk '/status: active/ {print $1}'` if [ $en0status ] || [ $en1status ]; then # This will test for reliable connectivity for 10 minutes more or less N=0 while [ "$N" -le "60" ] && [ "$network" != "Reachable" ]; do N=$[N+1] network=`/usr/sbin/scutil -r liveupdate.mycompany.com` sleep 10 done if [ $N -gt "59" ] ; then echo "SUS: en0 or en1 was active but there was not a reliable connection. Aborting." exit 1 fi echo "SUS: Fetching approved update list from liveupdate server." swupdlist=`/usr/bin/curl -s http://liveupdate.mycompany.com/swupdate/panther.txt` #echo $swupdlist echo "SUS: Fetching available update list from Apple." availupdates=`/usr/sbin/softwareupdate -l` #echo "$availupdates" NeedUpdates=0 for i in $swupdlist ; do j=`echo "$availupdates" | grep $i` if [ "$j" != "" ] ; then NeedUpdates=$[NeedUpdates+1] fi done if [ $NeedUpdates -eq 0 ] ; then echo "SUS: No updates are needed. Exiting for now." exit 0 else echo "SUS: We need $NeedUpdates updates. Will attempt them now." fi ################################# # requires a ScriptingAddition from 24USoftware.com # if not present this code does nothing. # make me a progress bar RESULT=`/usr/bin/osascript -e 'create progress indicator with properties {global window:true, name:"Software Update Service", closeable:true, indeterminate:true, top message:"Installing '$NeedUpdates' security update(s).", bottom message:"A reboot may be required when done."}'` if [ $? == 0 ]; then WINDOWID=`echo $RESULT | cut -f 1 -d , | cut -f 2 -d :` else echo "SUS: Error openening window..." exit 1 fi # ################################# # Switch to hide the EULA stuff COMMAND_LINE_INSTALL=1 export COMMAND_LINE_INSTALL # This will grab the update file and install echo "SUS: Attempting to apply approved needed updates." updstatus=`/usr/sbin/softwareupdate -i $swupdlist 2>/dev/null | awk '/restart immediately/ {print $1}'` # close the message window # SCRIPT="close message window $WINDOWID" /usr/bin/osascript -e "$SCRIPT" 2>/dev/null # Now we call the reboot script which will reboot if nobody is signed on. # We check to see if softwareupdate thinks a reboot is needed. If it doesn't then # there is no point in rebooting :) # if [ $updstatus ]; then if [ "`/usr/bin/who | /usr/bin/grep console | /usr/bin/awk '{ print $2 }'`" == "console" ]; then /usr/bin/osascript -e 'tell app "Finder" to activate' \ -e 'tell app "Finder" to display dialog "Notice: Security updates have been applied automatically by Information Technology to protect your computer. Please restart to complete the install." buttons ["Ok"] with icon caution' echo "SUS: A reboot is required but the user is signed in. Told user to reboot." else echo "SUS: A reboot is required. Attempting to reboot." /sbin/shutdown -r now "Restarting after applying security updates." fi fi echo "SUS: Process completed properly." exit 0 fi echo "SUS: Neither en0 nor en1 were available. Aborting." exit 1