MacOS command-line security updates: equivalent for apt-get update all
Solution 1:
Yes, security updates show up as recommended updates but softwareupdate -r at least on Mojave is invalid. Note softwareupdate will not install updates for things from the App Store.
If you run softwareupdate -l on a system that is due security updates you can see them prefixed with a * character in the --list output which means they are recommended and will be processed by the -r option.
This is from a system untouched for a month - as you can see there is a recommended Safari update and a recommended Security update that requires a restart.
Last login: Mon Dec 2 19:21:08 on ttys000
A1398% softwareupdate -l
Software Update Tool
Finding available software
Software Update found the following new or updated software:
* Security Update -10.14.6
Security Update (10.14.6), 1531842K [recommended] [restart]
* Safari13.0.4MojaveAuto-13.0.4
Safari (13.0.4), 67332K [recommended]
A1398%
You may either list all available updates with -l (which is closest to sudo apt-get update in that it doesn't download or install packages), download with -d or download and install them with -i. The -r switch on its own is not accepted.
- To download and install recommended updates use
softwareupdate -i -r. Fromman softwareupdate:
-i | --install Each update specified by args is downloaded and installed. args can be one of the following: -r | --recommended All updates that are recommended for your system. These are prefixed with a * character in the --list output.
A1398% softwareupdate -i -r
Software Update Tool
Finding available software
Downloaded Security Update
Downloaded Safari
Installing Security Update , Safari
Done with Safari
Done.
You have installed one or more updates that requires that you restart your computer.
Please restart immediately.
To automate the restart process with softwareupdate(8), use --restart.
A1398%
In this case the security update required a restart and this was advised. The -R (capital) or --restart option can automate this but you would want to check user session status before forcing a restart and potentially losing session state/unsaved changes/etc. Passing --restart requires root privilege so the command in this case would be sudo softwareupdate -irR
- Optionally you can download and not install recommended software using
softwareupdate -d -r
-d | --download Each update specified by args is downloaded but not installed. The values of args are the same as for the --install command.
A1398% softwareupdate -d -r
Software Update Tool
Finding available software
Downloaded Security Update
Downloaded Safari
Done.
A1398%
If you wanted all instead of recommended you would replace -r with -a.
-a | --all All updates that are applicable to your system, including those non- recommended ones, which are prefixed with a - character in the --list output. (Non-recommended updates are uncommon in any case.)
Note that sudo on Mojave is required only for the --restart option but this rather old man page indicates that it was also required for installation in the past.
-i --install Each update specified by args is downloaded, unarchived, and installed. This command requires root.