Jamf, munki, reposado, and jamJAR: A solution for installing applicable Apple software updates via Self Service

After recently configuring a reposado & margarita Docker container on a Mac, I was testing our relatively new DEP workflow with Jamf and munki, along with jamJAR for triggering munki installs via Jamf’s Self Service and reposado for mirroring Apple’s software update servers.  Specifically, I was looking to test different scenarios where an individual software install required additional software installed as part of it.

In the case of software like Microsoft Office 2011 that over the years has had many  subsequent update packages, these updates can be made an update_for Office 2011 in order to be installed immediately after the main installation.  In other cases where drivers or other software have to be installed before a software title, like with Avid’s Pro Tools, the necessary software can be added to the requires array.  In both of these cases all software involved are already in your munki repo and just require the applicable pkginfo metadata in order to have everything installed in a single go.

In two fairly niche cases – Final Cut Pro and Motion – after the software is installed additional software items become available through Apple’s software update mechanism.  The question I had was how could I most efficiently install these additional software updates following the main install, without requiring user intervention or a second automated managedsoftareupdate run at some time in the future?

While nothing prevents you from importing this additional software directly into your munki repo and adding it to the update_for array for Final Cut Pro or Motion, because we use reposado to mirror Apple’s software update servers I didn’t want to have to import software that was already available.  Additionally, many of Apple’s software update “products” have more than one installer.  This makes the Mac’s built-in softwareupdate tool a much simpler and overall better way to install them.  So the second question was whether or not I could trigger these applicable Apple software updates through reposado as part of the Final Cut Pro and Motion installs.

The last critical piece to this was whether I could also trigger these updates without installing any Apple software behind the scenes that might impact the user.  For example, if I had made a macOS security update available I didn’t want users to inadvertently install the security update when only trying to install the applicable software and associated Apple updates.

Thankfully, I was able get the the main software title installed while also triggering Apple software updates, and all without triggering larger macOS updates.

This guide assumes you have the following:

  1. A tested & working munki setup
  2. A tested & working reposado setup (although not required)
  3. A tested & working Jamf setup
  4. Are using jamJAR

See more details below the jump.

Read More