And before anyone asks the following:Why doesn't the pkginfo contain "nice" Apple update names (display_name = iTunes)?Do I have to manually find an Apple update's product key in order to use this feature? (the answer is yes)Can I use an Apple update's name with the new '--apple-update' option instead of some weird 'productKey' in order to generate a proper pkginfo (the answer is no)
--
You received this message because you are subscribed to the Google Groups "munki-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to munki-dev+...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Right now blocking_applications in an apple_update_metadata item replaces any blocking applications derived from the Distribution file. I can't think of any scenario where this would not be sufficient to get the desired behavior.-GregOn Feb 19, 2013, at 10:06 PM, Rob Middleton <rrmid...@gmail.com> wrote:Great - thanks. I don't like to deploy without reading through any code changes that alter logical flow :). Will feedback if any logic doesn't appear solid.I'll note on "Blocking Applications" that actually over-riding these may often be a good idea .. actually ideally, not fully override, but add additional constraints (different syntax would be required to over-ride vs add).In recent times I think the dist file may have changed a little (or there are multiple formats) such that we cannot reliably read the blocking application list.I've noticed Safari updates installing without munki requesting that Safari be closed. However, a system popup then occurs during the install requesting Safari be closed. That may be a bug we can fix, or it may end up being a good use of overrides where magic detection cannot work.
On Feb 19, 2013, at 10:09 PM, Gregory Neagle <gregn...@mac.com> wrote:Right now blocking_applications in an apple_update_metadata item replaces any blocking applications derived from the Distribution file. I can't think of any scenario where this would not be sufficient to get the desired behavior.-GregOn Feb 19, 2013, at 10:06 PM, Rob Middleton <rrmid...@gmail.com> wrote:Great - thanks. I don't like to deploy without reading through any code changes that alter logical flow :). Will feedback if any logic doesn't appear solid.I'll note on "Blocking Applications" that actually over-riding these may often be a good idea .. actually ideally, not fully override, but add additional constraints (different syntax would be required to over-ride vs add).In recent times I think the dist file may have changed a little (or there are multiple formats) such that we cannot reliably read the blocking application list.I've noticed Safari updates installing without munki requesting that Safari be closed. However, a system popup then occurs during the install requesting Safari be closed. That may be a bug we can fix, or it may end up being a good use of overrides where magic detection cannot work.There was a bug in detecting running applications for Apple updates which stemmed from previous changes to 'appleupdates.GetBlockingApps'. This function was returning full paths which were never being matched against the process list. Consequentially, as a result of testing, a full exact path name may be specified as blocking application and 'appleupdates.GetBlockingApps' now returns paths which exclude their dirnames: ie "/Applications/Xcode.app/Contents/MacOS/Xcode" becomes "Xcode.app/Contents/MacOS/Xcode" (note the missing, prefixed "/").--Heig
I've not tested the finge cases yet, but I can say that in bootstrap mode, nothing is broken. In manual run (click the icon after login) everything works as advertised.I've not yet attempted to manage apple updates in a manifest, but that's next on the agenda.
So long as the apple update is in a given catalog, it will find the keys I've specified? Where would the pkginfo itself go then? Just make an arbitrary folder and place it there?
Shouldn't we specify a path for the pkginfo? I'm not really sure what the benefit is of giving them the option on where to store it.
It seems like it could get messy for someone just starting out.
I think it makes plenty of sense to have this controlled by the primary manifest, but it does not to me follow that they should be in the same catalog.
Manifest (per client / category / whatever) --
<key>catalogs</key>
… production ...
<key>apple_update_meta</key>
… apple_meta_production ...
<key>included_manifests / managed_installs / etc
That said -- I'm not hugely fussed by the compute time -- while some of the iterative walking we do is expensive,
none of the options you can add to an apple update would cause munki to waste time (eg: installs / receipts).
And for splitting management, as Greg says, we can put this in a manifest:
<key>catalogs</key>
<array>
<string>production</string>
<string>apple_meta_production</string>
</array>
I still think it would be nice to have the future flexibility to point the "apple_update_meta" catalog to a server other than the munki one
(ie: a fully qualified http/https address). That's because I don't see this meta info clearly sitting on either the munki side or apple-update-release side.
It should be a valid choice to manage this meta info from the server someone might use to manage the apple updates.
The overall design works for me either way.
Rob.
On build 1750, is there a threshold where Munki will not install both AU's and MU's?
I have been doing some testing and I have noticed that machines already in the field are install both type's of updates, but in my "new machine" testing, 1750 is only finding MU's. Once the first set of MU's install (about 18 of them), on the second round it will see AU's.
--
On build 1750, is there a threshold where Munki will not install both AU's and MU's?
I have been doing some testing and I have noticed that machines already in the field are install both type's of updates, but in my "new machine" testing, 1750 is only finding MU's. Once the first set of MU's install (about 18 of them), on the second round it will see AU's.
That would be it then. I'm serving Java and Garageband Extra Content.
With the recent changes to munki, can I import the pkginfo for these two items, thereby allowing munki do to both?
On Thursday, February 28, 2013 11:53:42 AM UTC-6, gregn...@mac.com wrote:Munki will not check for/offer Apple update from a Software Update server if it is installing or removing what it thinks is an Apple update/product that happens to come from your _munki_ server.I'm guessing there is one or more Apple product in your set of 18 items.-Greg
So if they don't offer them by default, why would it hold back Munki from offering other updates to the client?
Let me be clear - What I want to accomplish is to have Munki do both AU and MU upon initial bootstrap.
While it is theoretically only one session away, it would be nice to just have both done. Obviously Munki is the one refusing to offer _other_ updates, so I am simply trying to figure out a solution to this.
Those two updates are going to be MU's no matter what, but it somewhat defeats the enhancements if Munki refuses to install both.
I understand the methodology between not showing them, but surely there is a case where the new pkginfo could help (if the logic was created).
I meant no disrespect by my comment, Greg.
Yes, Nick, I was just trying to figure out if there was an easy solution or not.
Sorry for the double post, but I did have a question about the pkginfo --au that Heig implemented. I noticed on my 10.8.2 server, my iTunes 11.0.2 was quite different than yours
(I'm not using Reposado).
There are two of them specifically:
zzzz041-9792 and zzzz041-9793.
I went ahead and imported both of them and just added a RestartAction-RequireLogout, figuring it would be an almost instantaneous way of seeing a different in MSU. The only problem is, the icon did not appear showing that it require a logout.

I haven't made a pkginfo based of Heig's 11.0.2, but could this be the issue?
What does this mean?
I see those as well. This is the second set of iTunes 11.0.2 updates from Apple; they were previously released as zzzz041-9596 and zzzz041-9597. Is that what you are referring to?
I went ahead and imported both of them and just added a RestartAction-RequireLogout, figuring it would be an almost instantaneous way of seeing a different in MSU. The only problem is, the icon did not appear showing that it require a logout.I can't reproduce your issue:
On Thursday, February 28, 2013 5:08:52 PM UTC-6, gregn...@mac.com wrote:What does this mean?I see those as well. This is the second set of iTunes 11.0.2 updates from Apple; they were previously released as zzzz041-9596 and zzzz041-9597. Is that what you are referring to?
Yes.I went ahead and imported both of them and just added a RestartAction-RequireLogout, figuring it would be an almost instantaneous way of seeing a different in MSU. The only problem is, the icon did not appear showing that it require a logout.I can't reproduce your issue:
I figured out the error in my ways (catalog issue), although now I do have a bit of feedback.
When I initially ran munkiimport, I gave it a display_name and a description, mainly because that's what I am accustomed to do when importing MA's and munkiimport asked me. When MSU is ran, the pretty descriptions given from the ASUS aren't there.
Also, the display_name (obviously) changing what MSU will show the user as well.
Should we write this in the documentation that it may be preferred to leave as default,
or should munkiimport by default skip these values
and let the admin add these entries later if desired? It looks like the less we touch the pkginfo, the more "Apple like" the updates become.
I have been trying to think of a solution for AU's that are munki managed.
I know personally, the only reason I ever imported Java is because at the time, munki couldn't do what 1749+ did (unattended, force after date) and I needed to push out it out quickly. I also do a post_install script on Java. Would anyone be opposed to also adding pre/post scripts to AU's? If so, I could remove Java from being a MU.
I still haven't thought of a full solution for AU's that require preceding installations (GB Extra Content, FCPX Supplemental Content) but what if we could add an "include_apple_update" key? If Munki sees this item being installed (for instance a user installs FCP X from optional install), it would then look for AU's, find what it needs and also add the specific zzzz item we added. We may also need to add "requires" to the AU's to be safe.
Example:
<key>name</key>
<string>Final Cut Pro X</string>
<key>include_apple_update</key>
<string>zzzz041-4538</string>
<key>version</key>
<string>10.0.7</string>
If such a thing could be implemented, it would allow me to remove these items completely from MU's. Thoughts, Greg/Heig?
At least the pre/post is an option for later.