2023-10-19
Highlights
- New option to save the user's password for future automatic macOS updates and upgrades. Literally, "Save Password" but for automatic macOS updates and upgrades.
- New display customization options including unmovable dialogs and hide background mode courtesy of IBM Notifier 3.0.3.
- New macOS installer workflows are now handled by
mist-cli
integration, thus removing allpython
dependencies. - New LaunchDaemon architecture significantly improves automatic launch and deferment reliability for all
super
workflows. - New default "always on" behavior automatically checks for Apple software updates on a regular basis.
- Support for Jamf Pro 10.48+ (Beta) Managed Software Updates.
- Support for Jamf Pro 10.49+ API Roles and Clients.
- Please check out the new
super
v4.0.0-beta Wiki for more details!
Compatibility Notes
super
version 4.x requires macOS 11 or newer (all code supporting macOS 10.x has been removed).- All
super
4.x code has been refactored for style, clarity, and uniformity. As such nearly every single option name has been changed. - Most
super
3.0 command line options and managed preferences are not compatible withsuper
4.x - Previously saved
super
3.0 Apple silicon authentication credentials are automatically migrated the first timesuper
4.x runs. - It is safe to mix
super
version 3.0 and 4.x managed preferences (except for the DisplaySilently key) in a single configuration profile. However each version only recognizes the managed preference keys that are compatible for that version. - Refer to this spreadsheet (tab separated values) for migrating
super
3.0 command line options to version 4.x. - Refer to this spreadsheet (tab separated values) for migrating
super
3.0 managed preferences to version 4.x. - Updated Jamf Pro Extension Attribute scripts now supports both
super
versions 3.0 and 4.x. - Updated example MDM configuration profiles for
super
4.0.0-beta.
Known Issues
- IBM Notifier is currently exhibiting an issue where line wrapped text is clipped when the display icon is set for sizes larger than 60 pixels. Until this issue is resolved you can use the
--display-icon-size=60
option to prevent text clipping. - Since the release of macOS Sonoma 14, the Apple
softwareupdate
command on macOS 12.3 - 12.7 is no longer able to list, download, or upgrade to any version of macOS 13 (upgrading to macOS 14+ works fine). A future version ofsuper
is planned to work around this new unexpected limitation in macOS.
Specific Changes (4.0.0-beta7)
- Resolved (third time's a charm?) issues preventing the last startup date collection from working properly. (Thanks to @ofirgalcon for testing this time!)
super
4.0.0-beta7 SHA-256: fa3cc35a0224169128b5388fec1c2d09f3627597dd569bcc8e928e8966e0f242
Specific Changes (4.0.0-beta6)
- Resolved issues preventing the last startup date collection from working properly. (Thanks to Michael Z on on MacAdmins Slack for helping on this one!)
super
4.0.0-beta6 SHA-256: a57710bb200e7bd702be87019b87675c8f1afefcabc284eeff63a966eeaf79ba
Specific Changes (4.0.0-beta5)
- New automatic archival of active
super
logs to the "logs-archive" folder if any individualsuper
log file grows larger than 1000 KB in size. This new default behavior can be modified by manually editing parameters in theset_defaults()
function. - New automatic archival of any legacy
super
logs to the "logs-archive" folder. - New deadline behavior, users are no longer allowed to chose a deferral past a days or date deadline. If a deadline is sooner than any user deferral option then the deferral times are reduced to match the closest deadline.
- New deadline behavior, if a deadline is soon then any dialog timeout option times above 120 seconds (2 minutes) are reduced to 120 seconds.
- New deadline behavior, if the
super
workflow is running within 120 seconds of a deadline, it waits for the deadline to expire instead of offering any deferral. - The new
--display-notifications-centered
option shows non-interactive notifications in the center of the screen (as opposed to the top right) via the following types:- ALWAYS - Always show non-interactive notifications in the center of the screen.
- SOFT - Show non-interactive notifications in the center of the screen during a soft deadline.
- HARD - Show non-interactive notifications in the center of the screen during a soft deadline.
- INSTALLNOW - Show non-interactive notifications in the center of the screen during the install now workflow.
- New support for local user account names if they have spaces. (Thanks to Emmanuel Ergand on on MacAdmins Slack for testing this one!)
- New automatic error deferral when the "only download" workflow is enabled, but there is no active user. This is necessary because
softwareupdate
is unable to "only" download macOS updates (but it can fully install them) if there is no active user. - Rearchitected last startup date collection to support multiple time formats. (Thanks to @ofirgalcon for helping with this one!)
- Rearchitected Jamf Pro version detection to provide more accurate version numbers.
- Resolved several issues preventing the user's password from being saved or retrieved from Keychain.
- Resolved issues preventing the super-Deadline-Counter-Soft-Jamf-Pro-EA.sh script from working properly.
super
4.0.0-beta5 SHA-256: ffd6e599a399109e9d2d881ef9f92ffdd96bb6c1bc8d8c80b267f28282f73079
Specific Changes (4.0.0-beta4)
- First draft of the new
super
v4.0.0-beta Wiki! Please note that this Wiki itself is also a "beta", so expect updates and corrections. - Rearchitected Jamf Pro API calls to specify the exact macOS update or upgrade version. This change avoids Jamf Pro/macOS product issues that are known to unintentionally upgrade macOS even when an update was requested.
- Rearchitected automatic zero day now also saves the target macOS version along with the zero day date. This prevents the zero day date from unintentionally reseting when the available update caches are rechecked.
- Rearchitected the insufficient storage and power required alerts as dialogs (previously used notification functions). This resolved several issues preventing those dialogs from respecting display timeouts.
- Updated insufficient storage and power required alerts now support optional display customizations including the dialog timeout countdown, the help button, and the warning button.
- Resolved (no really this time?) a permissions issue preventing display of the custom display icon cache. (Thanks to @master-vodawagner for helping with this one.)
- Resolved an issue that prevented
super
from saving the user password to the keychain when a standard (non-admin) user was active. - Fixed a few typos and improved variable logging.
super
4.0.0-beta4 SHA-256: 574fb4822211e1efc136629310ffec89b14a4a5d7dc1477e4dd1e61ce4e3050c
Specific Changes (4.0.0-beta3)
- New automatic installation of
mist-cli
version 2.0 if required to facilitate macOS installer workflows. (Huge shout out to @ninxsoft) - If the
--auth-delete-all
option is used with other authentication options the--auth-delete-all
option takes priority and no longer allows for other credential options. - Further refinements to the saved user authentication workflow.
- Resolved an issue where previously saved authentication credentials were being unintentionally deleted.
super
4.0.0-beta3 SHA-256: fca929a284893e6019f337acc2993a8b254490981920a8afcb56c69b40b3d399
Specific Changes (4.0.0-beta2)
- New startup behavior now waits for the
loginwindow
process before continuing. This reducessoftwareupdate
errors during the restart validation workflow. - Further refinements of the
--auth-ask-user-to-save-password
workflow including that the local account name is no longer stored in thesuper
preference file. - Resolved an issue preventing the identification of last startup date on macOS 14.
- Resolved an issue preventing user authentication failover if the previously saved user password was invalid.
- Resolved an issue preventing macOS major beta upgrades from being properly discovered.
- Resolved an issue causing calculation errors in macOS minor update required installation size.
- Resolved an issue that caused repeated download attempts of macOS major upgrades.
- Resolved issues causing some display behavior options (
--display-unmovable
,--display-hide-background
, and--display-silently
) from being applied when multiple dialogs or notifications are shown. - Resolved an issue preventing the
--auth-mdm-failover-to-user
option from working. (Thanks to @croaker-1 for suggesting a fix to this one.) - Resolved a potential permission issue preventing display of the custom display icon cache. (Thanks to @master-vodawagner for suggesting a fix to this one.)
- Updated Jamf Pro config profile external application custom schema for
super
4.0.0-beta2. (Thanks to @robjschroeder for updating this!) super
4.0.0-beta2 SHA-256: 40824d6425757022af8c78a9942e81c4a9c442f83c808950429efcf71afcfb2e
Specific Changes (4.0.0-beta1)
- New
--usage
and--help
options behavior now no longer requiressudo
, or installssuper
items, or writes anything to the super.log, or interferes with any runningsuper
workflow. However,super
still installs automatically (if needed) when using any other options. - New default behavior if no updates/upgrades are available (or allowed),
super
now automatically checks for new updates/upgrades on a reoccurring basis. Thus, the--recheck-defer
option has been replaced by this default behavior. - New deferral timer behavior, all deferral timer options are now in minutes (dialog timeouts remain in seconds).
- New deferral timer behavior, all deferral timer options now allow you to specify up to 10080 minutes (1 week).
- New
--deferral-timer-workflow-relaunch=minutes
option allows you to override the default check for new updates/upgrades deferral interval time of six hours (360 minutes). - New
--workflow-disable-relaunch
option preventssuper
from checking for new updates/upgrades on a reoccurring basis. - New
--auth-ask-user-to-save-password
option to save the user's password to the user's keychain after a succesfull user authentication dialog. - New
--auth-credential-failover-to-user
option enables fail over to user authentication if any new or previously saved authentication option fails. (The--auth-mdm-failover-to-user
option remains as is still used to facilitate failover specific to MDM workflows.) - New saved authentication behavior, only one authentication option can be active at any given time. If multiple authentication options have been specified the priority order is;
--auth-ask-user-to-save-password
>--auth-local-account
>--auth-service-add-via-admin-account
>--auth-jamf-client
>--auth-jamf-account
- New Apple silicon credential storage mechanism now encodes all keychain items as base64. This allows for storing unicode text strings and further obfuscates the authentication credentials.
- New Apple silicon credential storage mechanism now also stores all saved administrator credential "account names" in the system keychain. The "account names" were previously stored in the
super
preference file. - Previously saved
super
3 Apple silicon authentication credentials are automatically migrated to this new storage mechanism the first timesuper
4 runs. - New support for Jamf Pro 10.48+ (Beta) Managed Software Updates API.
super
automatically detects if this feature is enabled on your Jamf Pro server - New permisions requirements for the (Beta) Managed Software Updates API:
- Jamf Pro Server Objects > Managed Software Updates > Read & Create
- Jamf Pro Server Objects > Computers > Read
- Jamf Pro Server Objects > Mobile Devices > Read
- Jamf Pro Server Actions > Send Computer Remote Command to Download and Install macOS Update
- Jamf Pro Server Actions > Send Mobile Device Remote Command to Download and Install iOS Update
- New support for Jamf Pro 10.49+ API roles and clients authentication. The new
--auth-jamf-client=ClientID
and--auth-jamf-secret=ClientSecret
options allow you to specify credentials for this new authentication mechanism. - New Jamf Pro API computer ID discovery method leverages the Jamf binary if no Jamf Pro ID is provided via
super
MDM configuration profile. (The Jamf Pro API privilege for "Computers Read" is no longer used to resolve the Jamf Pro ID.) - New
--jamf-custom-url=URL
option allows you to override the default Jamf Pro management URL for a custom Jamf Pro API URL. - New IBM Notifier 3.0.3 is automatically installed.
- New dialog and notification behavior now automatically re-opens if the user attempts to quit via Command-Q keyboard shortcut.
- Updated
--display-silently
option now allows for selectable display type behavior, see below for the available types. - New
--display-unmovable
option prevents the user from moving dialogs and notifications. Thus, the--display-redraw
option has been removed. - New
--display-hide-background
option hides (via translucent blur) the background when displaying dialogs and notifications. - The new
--display-silently
,--display-hide-background
,--display-hide-background
options modify display behavior via the following types:- ALWAYS - Modify display behavior for all dialogs and notifications.
- SOFT - Modify display behavior for Dialogs and notifications during a soft deadline.
- HARD - Modify display behavior for Dialogs and notifications during a soft deadline.
- INSTALLNOW - Modify display behavior for Dialogs and notifications during the install now workflow.
- DEFER - Modify display behavior for the defer or restart dialog.
- USERAUTH - Modify display behavior for the user authentication dialog.
- POWER - Modify display behavior for the power required notification.
- STORAGE - Modify display behavior for the insufficient storage notification.
- New default behavior, no
super
dialog ever times out unless you use the--dialog-timeout-default=seconds
option. This option sets the default timeout for any dialog that doesn't have a specific timeout setting. - New individual dialog timeout options now includes the following options:
--dialog-timeout-restart-or-defer=seconds
--dialog-timeout-soft-deadline=seconds
--dialog-timeout-user-auth=seconds
--dialog-timeout-insufficient-storage=seconds
--dialog-timeout-power-required=seconds
- The user authentication dialog now shows the dialog timeout countdown (only when no custom display accessory is enabled).
- New (renamed)
--workflow-install-now
option behavior now works when there is no active users. - New (renamed)
--workflow-install-now
option behavior is now a temporary option that is not saved for future runs ofsuper
. As such theInstallNow
managed preference has been removed. - New rearchitected macOS installer workflows leverage
mist-cli
instead oferase-install.sh
for installer listings and downloads. (Thanks for your service @grahampugh) - New automatic installation of
mist-cli
version 1.15 if required to facilitate macOS installer workflows. (Huge shout out to @ninxsoft) - New internal mechanisms to validate downloaded macOS installers. (Thanks to @grahampugh code inspiration!)
- Upgrade workflows using the macOS installer now use more accurate storage space requirements courtesy of
mist-cli
(previously this was statically set to 13GB for all macOS installers). - Systems with macOS 13 and newer no longer check for macOS installers (as they should be able to perform a macOS major upgrade via
softwareupdate
for all workflows). jamfHelper
is no loger supported, as such the following options have been removed:--icon-size-jamf=pixels
--prefer-jamf-helper
--prefer-jamf-helper-off
jamfHelper
is no longer a display option (all code supporting jamfHelper has been removed). Thus, the--icon-size-jamf
and--prefer-jamf-helper
options have been removed.- The default battery level required percentage for Mac computers with Apple Silicon is now 20% (Intel remains at 50%).
- Improved
--reset-super
clears local preferences for all versions ofsuper
including legacy preferences. - Improved temporary file methods for helper installation are now more secure. (Thanks to @giantwombat and @paragonsec for recommending this one!)
- All
super
logs are now stored in the "logs" folder inside thesuper
working folder. At this time legacysuper
logs are not moved to this new location. - Removed python dependency for Jamf Pro API token extraction. (Thanks to @jelockwood for this one!)
- Resolved an issue where MacBook computers with M2 chips were not being properly identified as portables.
- Resolved an issue where the patch version number (11.7.10 <- this last number) of macOS minor updates were not being properly identified.
- Countless improvements to both regular and verbose log output.
super
4.0.0-beta1 SHA-256: f179ef824b128510f8867388d6d0252044cd2b4b36036181293a7601873c9ee3