Introduction

App Auto-Patch combines local application discovery, an Installomator integration, and user-friendly swiftDialog prompts to automate application patch management across Mac computers.

What’s Changed in App Auto-Patch (2.0.0b6)

swiftDialog 2.3.2 Required

App Auto-Patch automatically installs (at least) version 2.3.2.4726 of swiftDialog. For more information on swiftDialog, review here: https://github.com/swiftDialog/swiftDialog

Unattended Exit

A new option for unattended exit of dialogs is now available. Use the unattendedExit and unattendedExitSeconds variables found in the script to use these features. This can be used to automatically close dialog boxes once updates are completed rather than relying on the end-user to click the “Done” button.

Wildcards for labels

When inputing labels into the ignoredLabels or requiredLabels parameters, a wildcard can be used to pull in all matching Installomator app labels. For example, if you wanted to ignore all Microsoft labels, use microsoft*.

** Note, the requiredLabels parameter does not overwrite labels caught in the ignoredLabels parameter.

App Auto-Patch Status plist

App Auto-Patch now has a plist that is created during the script execution. This plist will house things like the script version and dates of the last run and discovery. Extension Attributes to be used in Jamf Pro have been created and are available along side version 2.0.0b6.

App Auto-Patch Specific Installomator Directory

During execution, App Auto-Patch will download and install a separate instance of the Installomator script and collateral. This is helpful for administrators that have other versions or customized version of the script deployed. This prevents those versions from being touched by App Auto-Patch.

To learn more about Installomator, check out the project on Github: Installomator/Installomator

Getting Started

Setting Up The Script

1. Download the latest App-Auto-Patch-via-Dialog.zsh script to you computer. The 2.0.0b6 version can be found here: https://github.com/robjschroeder/App-Auto-Patch/blob/development/App-Auto-Patch-via-Dialog.zsh
2. Feel free to make any modifications on this script to fit your organizational needs.
3. Upload the script to Jamf Pro (or your current MDM, but we’ll be talking about Jamf Pro here as that is what I use). The current parameter labels are as follows:
   • Parameter 4: Script Log Location [ /var/log/com.company.log ] (i.e., Your organization’s default location for client-side logs)
   • Parameter 5: Toggles swiftDialog to use an overlay icon [ true (default) | false ]
   • Parameter 6: Interactive Mode [ 0 (Completely Silent) | 1 (Silent Discovery, Interactive Patching) | 2 (Full Interactive) ]
   • Parameter 7: A space-separated list of Installomator labels to ignore (i.e., “firefox* zoomgov googlechromeenterprise nudge microsoft*”)
   • Parameter 8: A space-separated list of required Installomator labels (i.e., “githubdesktop”)
   • Parameter 9: Outdated OS Action [ /System/Library/CoreServices/Software Update.app (default) | jamfselfservice://content?entity=policy&id=117&action=view ] (i.e., Jamf Pro Self Service policy ID for operating system upgrades)
   • Parameter 10: Unattended Exit [ true | false (default) ]
4. Once your script is uploaded to Jamf Pro, the next step is to create a policy.
5. In your policy, add the script payload and select the App-Auto-Patch script that was uploaded to Jamf Pro. You should be able to fill out your parameter labels to make sure you get the desired result of the script.
6. Optionally, you can make the policy available in Self Service for end-user to run on their own time.
7. After you have the policy set up as you’d like, feel free to test it out.

Silent Scans

App Auto-Patch has the ability to silently scan the computer for applications and their updates. To perform a silent scan, use the Interactive Mode option set to 1. This will set the script to run a silent discovery and will still show a dialog to the end-user, notifying them of the update statuses.

Extension Attributes

With version 2.0.0b6, I’ve included some Extension Attributes that can be used gather some more information on App Auto-Patch. Currently there are three EAs available:

1. AAP-LastDiscovery
   • This will return a date and time that the last discovery was ran using App Auto-Patch. There is an option in the script using the runDiscovery variable to skip the discovery process. This EA will help you to make sure your data isn’t outdated.
2. AAP-LastRun
   • This will return the date and time of the last run of App Auto-Patch.
3. AAP-Verison
   • This will return the version of App Auto-Patch that was last used.

Extension Attributes are powerful, and can expand upon the workflows that a tool can utilize. I will look to expand these in the future and if you have any recommendations, feel free to reach out.

Updates

Interactive

During the update process, a dialog window can be presented to the end-user letting them know the status of each application. By default, we show this to the end-user. Once all updates have been processed, the “Done” button is made available to exit out of the dialog.

There are additional options in the script that can be modified to also control Installomator’s install options. (i.e., BLOCKING_PROCESS_ACTION, NOTIFY, and LOGO).

Silent

App Auto-Patch can also be ran completely silent in the background, if that’s what you would like to do. Again, this is achieved by changing the default behavior of interactiveMode. When this variable is set to 0, App Auto-Patch will run silently. This may be helpful for administrators that want to make sure apps are patched, but don’t need to send the updates to the end-users.

*Depending on your Installomator options, user’s may still see prompts to close the apps that need updates, if they have them open. If you don’t want any notifications at all, change out the BLOCKING_PROCESS_ACTION variable.

Thank you for everyone that has helped contribute to App Auto-Patch, including but not limited to:

• Dan Snelson (@dan-snelson)
• Trevor Sysock (@bigmacadmin)
• Charles Mangin (@option8)

Support, Feature Requests, & Issue Reports

Support

The #app-auto-patch channel on MacAdmins Slack is a great resource to use when getting started.

Feature Requests

Feature requests are welcome and can be submitted on Github

Issue Reports

If you find something not working quite right, you can reach out on the MacAdmins Slack channel for App Auto-Patch. Additionally, issues can be submitted on Github