Nudge for macOS Software Updates (macOS Script)
What
Nudge is a tool designed for macOS Big Sur 11 and later. It is a multi-linguistic application offering custom user deferrals, strongly encouraging users to self update macOS.
This macOS application helps users stay up-to-date with software updates and security patches. It is a lightweight and simple background task which periodically checks for updates. Based upon a pre-defined, minimum update configuration, on detection the user is notified, requesting they update.
Nudge Download: GitHub - macadmins/nudge: A tool for encouraging the installation of macOS security updates.
When/Why
Keeping software up-to-date is essential for any system's security and smooth functioning. However, it can be a daunting task to manually track software updates, especially when multiple software packages are installed on the device. That's where Nudge comes into the picture. It automates the software update checking and notification process, making it easier for users to stay on top of updates.
Nudge also helps to address security vulnerabilities in software packages, which malicious actors can exploit to gain unauthorized access to the device or steal sensitive data. By promptly updating software packages, users can significantly reduce the risk of such security incidents.
Moreover, Nudge helps improve the system's overall performance by updating software packages with bug fixes and other improvements. Outdated software can be a major cause of system crashes, lagging, and other performance issues, which can be avoided by updating software packages regularly.
Note, for major software updates, an Administrator password may be required. In this case, an alternate approach to upgrade devices could be considered, as highlighted in the KB: macOS Upgrades or Erasing
Prior to macOS 11, Software Updates could be installed either through Apple's legacy Software Update catalogues or using MDM. Consider using the legacy updates for these devices; Nudge should not be required.
How
Nudge has two main components for installation;
- Installation PKG
- Configuration file
In this example, configuration will be defined using a JSON file.
The provided Fileset includes:
- Example Configuration
- Scripted method of installation
- Scripted uninstallation
Setting Up Nudge with FileWave
Installing Nudge
Nudge has provided a script that can be used to install the latest Nudge suite package. Below is the script contents, also included is logging for the FileWave client:
Install Nudge script
#!/bin/bash
# Writing details to the FileWave Client Log
exec 1>>/var/log/fwcld.log
exec 2>>/var/log/fwcld.log
# Variables
nudgeLatestURL="https://github.com/macadmins/nudge/releases/latest/"
versionUrl=$(curl "${nudgeLatestURL}" -s -L -I -o /dev/null -w '%{url_effective}')
versionNumber=$(printf "%s" "${versionUrl[@]}" | sed 's@.*/@@' | sed 's/%20/-/g')
versionNumber=${versionNumber:1}
downloadUrl="https://github.com/macadmins/nudge/releases/download/v$versionNumber/Nudge_Suite-$versionNumber.pkg"
header="$(curl -sI "$downloadUrl" | tr -d '\r')"
pkgName=$(printf "%s" "${downloadUrl[@]}" | sed 's@.*/@@' | sed 's/%20/-/g')
pkgPath="/tmp/$pkgName"
# Download files
/usr/bin/curl -L -o "$pkgPath" "$downloadUrl"
# Install PKGs
sudo installer -pkg $pkgPath -target /
# Delete PKGs
sudo /bin/rm "$pkgPath"
exit 0
You may download the Nudge Installation Fileset here: Nudge Installation.fileset.zip
The Fileset contents should be similar as shown below. This Fileset includes both the installation and uninstallation scripts.
Custom Field
Checking the version of Nudge you have installed on your devices can be helpful as newer features are added. Download the Custom Field Nudge below and import into Assistants > Custom Fields > Import. This will display the version installed on your devices.
FileWave Custom Fieldsm Nudge.customfields.zip
Configuration Profile
You may copy the complete example default config profile from GitHub Nudge - Getting Started: Configuration Profile. For this KB article, we have copied and removed the extra configuration settings to include only the basic items needed for Nudge to function.
Configuration Profile metadata
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDescription</key>
<string>Configures all Nudge preferences</string>
<key>PayloadDisplayName</key>
<string>Nudge Preferences</string>
<key>PayloadIdentifier</key>
<string>com.github.macadmins.Nudge.preferences</string>
<key>PayloadOrganization</key>
<string></string>
<key>PayloadType</key>
<string>com.github.macadmins.Nudge</string>
<key>PayloadUUID</key>
<string>CA02957C-7472-446B-9F77-3E0414405556</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>osVersionRequirements</key>
<array>
<dict>
<key>requiredInstallationDate</key>
<date>2023-05-30T04:00:00Z</date>
<key>requiredMinimumOSVersion</key>
<string>13.3.1</string>
</dict>
</array>
</dict>
</array>
<key>PayloadDescription</key>
<string>Configures Nudge application</string>
<key>PayloadDisplayName</key>
<string>Nudge Preferences</string>
<key>PayloadIdentifier</key>
<string>com.github.macadmins.Nudge.FileWave</string>
<key>PayloadOrganization</key>
<string>Nudge</string>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>2F54F734-132D-4539-B583-F1DCF23DB5EB</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
You may copy the above for the basic functions for Nudge and paste into a text editor, such as Atom, Notepad ++, etc. To configure, please note lines 26 and 28. These need to be modified based on your desired:
-
requiredInstallationDate:
2023-05-30T04:00:00Z
, May, 30 2023 at 12:00AM EST -
requiredMinimumVersion:
13.3.1
, i.e. macOS 13.3.1 (Ventura)
Save the file, any name desired, as long as you save with the extension, .mobileconfig. Next import into FileWave Admin; drag and drop the .mobileconfig into FileWave Central Admin.
When you open the profile within FileWave, there will be no payload regarding the Nudge configurations displayed.
JSON File
You may copy the complete example JSON configuration file from GitHub Nudge - Getting Started: JSON Configuration File. Below is the JSON config file that we will use.
JSON File metadata
{
"optionalFeatures": {
"acceptableApplicationBundleIDs": [],
"acceptableAssertionUsage": false,
"acceptableCameraUsage": false,
"acceptableScreenSharingUsage": false,
"aggressiveUserExperience": true,
"aggressiveUserFullScreenExperience": true,
"asynchronousSoftwareUpdate": true,
"attemptToBlockApplicationLaunches": false,
"attemptToFetchMajorUpgrade": true,
"blockedApplicationBundleIDs": [],
"enforceMinorUpdates": true,
"terminateApplicationsOnLaunch": false
},
"osVersionRequirements": [
{
"aboutUpdateURL_disabled": "https://support.apple.com/en-us/HT211896#macos1121",
"aboutUpdateURLs": [
{
"_language": "en",
"aboutUpdateURL": "https://support.apple.com/en-us/HT211896#macos1121"
},
{
"_language": "es",
"aboutUpdateURL": "https://support.apple.com/es-es/HT211896"
},
{
"_language": "fr",
"aboutUpdateURL": "https://support.apple.com/fr-fr/HT211896"
},
{
"_language": "de",
"aboutUpdateURL": "https://support.apple.com/de-de/HT211896"
}
],
"actionButtonPath": "munki://updates",
"majorUpgradeAppPath": "/Applications/Install macOS Big Sur.app",
"requiredInstallationDate": "2021-08-28T00:00:00Z",
"requiredMinimumOSVersion": "11.5.2",
"targetedOSVersionsRule": "default"
}
],
"userExperience": {
"allowGracePeriods": false,
"allowLaterDeferralButton": true,
"allowUserQuitDeferrals": true,
"allowedDeferrals": 1000000,
"allowedDeferralsUntilForcedSecondaryQuitButton": 14,
"approachingRefreshCycle": 6000,
"approachingWindowTime": 72,
"calendarDeferralUnit": "imminentWindowTime",
"elapsedRefreshCycle": 300,
"gracePeriodInstallDelay": 23,
"gracePeriodLaunchDelay": 1,
"gracePeriodPath": "/private/var/db/.AppleSetupDone",
"imminentRefreshCycle": 600,
"imminentWindowTime": 24,
"initialRefreshCycle": 18000,
"launchAgentIdentifier": "com.github.macadmins.Nudge",
"loadLaunchAgent": false,
"maxRandomDelayInSeconds": 1200,
"noTimers": false,
"nudgeRefreshCycle": 60,
"randomDelay": false
},
"userInterface": {
"actionButtonPath": "munki://updates",
"fallbackLanguage": "en",
"forceFallbackLanguage": false,
"forceScreenShotIcon": false,
"iconDarkPath": "/somewhere/logoDark.png",
"iconLightPath": "/somewhere/logoLight.png",
"screenShotDarkPath": "/somewhere/screenShotDark.png",
"screenShotLightPath": "/somewhere/screenShotLight.png",
"showDeferralCount": true,
"simpleMode": false,
"singleQuitButton": false,
"updateElements": [
{
"_language": "en",
"actionButtonText": "Update Device",
"customDeferralButtonText": "Custom",
"customDeferralDropdownText": "Defer",
"informationButtonText": "More Info",
"mainContentHeader": "Your device will restart during this update",
"mainContentNote": "Important Notes",
"mainContentSubHeader": "Updates can take around 30 minutes to complete",
"mainContentText": "A fully up-to-date device is required to ensure that IT can accurately protect your device.\n\nIf you do not update your device, you may lose access to some items necessary for your day-to-day tasks.\n\nTo begin the update, simply click on the Update Device button and follow the provided steps.",
"mainHeader": "Your device requires a security update",
"oneDayDeferralButtonText": "One Day",
"oneHourDeferralButtonText": "One Hour",
"primaryQuitButtonText": "Later",
"secondaryQuitButtonText": "I understand",
"subHeader": "A friendly reminder from your local IT team"
},
{
"_language": "es",
"actionButtonText": "Actualizar dispositivo",
"informationButtonText": "Más información",
"mainContentHeader": "Su dispositivo se reiniciará durante esta actualización",
"mainContentNote": "Notas importantes",
"mainContentSubHeader": "Las actualizaciones pueden tardar unos 30 minutos en completarse",
"mainContentText": "Se requiere un dispositivo completamente actualizado para garantizar que IT pueda proteger su dispositivo con precisión.\n\nSi no actualiza su dispositivo, es posible que pierda el acceso a algunos elementos necesarios para sus tareas diarias.\n\nPara comenzar la actualización, simplemente haga clic en el botón Actualizar dispositivo y siga los pasos proporcionados.",
"mainHeader": "Tu dispositivo requiere una actualización de seguridad",
"primaryQuitButtonText": "Más tarde",
"secondaryQuitButtonText": "Entiendo",
"subHeader": "Un recordatorio amistoso de su equipo de IT local"
},
{
"_language": "fr",
"actionButtonText": "Mettre à jour l'appareil",
"informationButtonText": "Plus d'informations",
"mainContentHeader": "Votre appareil redémarrera pendant cette mise à jour",
"mainContentNote": "Notes Importantes",
"mainContentSubHeader": "Les mises à jour peuvent prendre environ 30 minutes.",
"mainContentText": "Un appareil entièrement à jour est nécessaire pour garantir que le service informatique puisse protéger votre appareil efficacement.\n\n Si vous ne mettez pas à jour votre appareil, vous risquez de perdre l'accès à certains outils nécessaires à vos tâches quotidiennes.\n\nPour commencer la mise à jour, cliquez simplement sur le bouton Mettre à jour le périphérique et suivez les étapes fournies.",
"mainHeader": "Votre appareil nécessite une mise à jour de sécurité.",
"primaryQuitButtonText": "Plus tard",
"secondaryQuitButtonText": "Je comprends",
"subHeader": "Un rappel amical de votre équipe informatique locale"
},
{
"_language": "de",
"actionButtonText": "Gerät aktualisieren",
"informationButtonText": "Mehr Informationen",
"mainContentHeader": "Ihr Gerät wird während dieses Updates neu gestartet",
"mainContentNote": "Wichtige Hinweise",
"mainContentSubHeader": "Aktualisierungen können ca. 30 Minuten dauern.",
"mainContentText": "Ein vollständig aktualisiertes Gerät ist erforderlich, um sicherzustellen, dass die IT-Abteilung Ihr Gerät effektiv schützen kann.\n\nWenn Sie Ihr Gerät nicht aktualisieren, verlieren Sie möglicherweise den Zugriff auf einige Werkzeuge, die Sie für Ihre täglichen Aufgaben benötigen.\n\nUm das Update zu starten, klicken Sie auf die Schaltfläche Gerät aktualisieren und befolgen Sie die angegebenen Schritte.",
"mainHeader": "Ihr Gerät benötigt ein Sicherheitsupdate",
"primaryQuitButtonText": "Später",
"secondaryQuitButtonText": "Ich verstehe",
"subHeader": "Eine freundliche Erinnerung von Ihrem IT-Team"
}
]
}
}
You may copy the above for the optional languages and feature functions for Nudge and paste into a text editor, such as Atom, Notepad ++, etc. This is the example tester JSON file from the example assets page. To configure, please note lines 39 and 40. These need to be modified based on your desired:
-
requiredInstallationDate:
2023-05-30T04:00:00Z
, May, 30 2023 at 12:00AM EST -
requiredMinimumVersion:
13.3.1
, i.e. macOS 13.3.1 (Ventura)
Deployment
Once you have the Install Nudge Fileset and .mobileconifg profile uploaded into FileWave Admin, you are ready for deployment. As always, grab a few macOS devices and assign them for testing. This will confirm the installation and settings are properly configured for your production environment. After testing has been completed, you are ready for mass deployment.
For the JSON file you will move the JSON file into the /Library/Preferences folder. The LaunchAgent is looking for the domain "com.github.macadmins.Nudge.json", confirm that no misspellings are made for the default run times, every 30 minutes.
User End Experience
After installing both Nudge and the profile with your configurations, the end user will be prompted with a dialogue window with information regarding the update for the device. This includes:
-
Your configured Required OS Version
-
The devices' Current OS Version
-
Days Remaining To Update
-
How many Deferred Counts
-
Important Notes explaining the process and any other details.
Example Fileset with logo
Here is an example fileset with customized logo and wording for your company/organization. Always test to a few devices before mass deployment.
Related Content
Digging Deeper
Customizing Nudge to meet your needs:
With Nudge, there are many more optional features and configurations that may be applied to meet your production environment. You may review these features here: optionalFeatures · macadmins/nudge Wiki · GitHub.
Apple’s Rapid Security Responses:
Nudge has placed a feature-request to be added. For more information regarding, you may review the progress here: Add support for Rapid Security Response updates.