Why would you want to selectively disable Apple software updates?
Munki allows you to change a preference on client machines to check for and install Apple software updates.
This is pretty cool. It means I can bundle Apple software updates and third-party software updates together for my users.
But sometimes, it’s a little frustrating when I’m helping a user to use Managed Software Center, and MSC checks for new updates but also decides to check for Apple updates… don’t really need it to check for Apple updates then. Totally want Munki to check for Apple updates in the background and all the other times, just not when the user launches up MSC.
It’s true if you’ve just checked very recently. you may see Skipping Apple Software update because sucatalog is unchanged, installed Apple packages are unchanged and we recently did a full check, but even if it’s been a while since the last check, I just don’t want any check happening if the user has manually launched up MSC.
Use a Preflight script
Munki allows you to run preflight and postflight scripts during each Munki run. As Munki is out of the box, you are supposed to have one preflight script named preflight (no extension). If you use MunkiReport, though, as I do, you’ll notice MunkiReport has the preflight script run a bunch of scripts in the preflight.d directory, which allows a bit more flexibility to add in various scripts instead of lumping them into one combined preflight script.
Preflight scripts can use the runtype to do different things based on whether the Munki run type is an auto, logoutinstall, checkandinstallatstartup, installwithnologout, manualcheck, or custom.
What the script does is just check to see if there’s a manualcheck and then turn the InstallAppleSoftwareUpdates preference off. If it’s any other type of run, the script turns the preference on.
The actual preflight script
Here is the preflight script, which you can deliver as a payload to /usr/local/munki/preflight.d/ (or as /usr/local/munki/preflight if you don’t have a preflight directory). You can create the .pkg using Packages, The Luggage, munkipkg, or even just pkgbuild.
If you want to make it based on another runtype you can change the logic there or tweak the script to use a time-based or date-based logic to run Apple updates less frequently. The possibilities are endless!