MacPatch custom patch content is pretty simple to create. All content is created via the new content wizard. Keep in mind that there are only 4 required attributes which are required to create a patch. The 4 attributes are Patch Name, Patch Version, Patch Group ID, Patch Package.

Create New Patch

Creating a new patch is broken down in to 4 steps. In this example we will be creating a patch for Firefox.

Step 1

Patch Name, and Patch Version are required fields. By default a new patch has it's patch state set to "Create". A patch will not show as needed to a client until it's state is at least set to "QA".

Step 2

While none of the fields are required, adding patch detection criteria is highly recommended. In this example we have added two detection queries. The first one looks to see if the /Applications/ exists. The second query looks to see if Firefox version is less than 30.0.0.

For a patch to become required all patch detection criteria queries need to return True. If any return false a patch is not needed.

Query Language Cheat Sheet

Step 3

Patch Group ID, and Patch Package are required fields.

In this example it's important to note that the "Patch Group ID" is in the form Reverse URL and similar to Bundle ID. While anything can be used as a "Patch Group ID", bundle id's are suggested.

When uploading a patch a * file is required at this time.

Step 4

Here you can add pre & post requisite packages. Also, once the patch is created you will need to make it active. This can only be done once the initial patch has been created.

Patch Criteria Syntax

Base Criteria Description
Query Value Query Result Example Syntax
Exists BundleID Value True/False Exists@com.adobe.Reader@True
Version BundleID Value Version;(EQ,LT,LTE,GT,GTE,NEQ) Version@com.adobe.Reader@9.3.0;LT
Query Value Query Result Example Syntax
Exists File Path True/False Exists@/Applications/
Date File Path True/False Date@/Applications/ 12:00:00;LT
Hash File Path MD5 Hash;True/False Hash@/Applications/;TRUE
Version File Path Version;(EQ,LT,LTE,GT,GTE,NEQ) Version@/Applications/;LT
Query Value Query Result Example Syntax Notes
Script Script Text True #!/bin/sh ... If a @ is used it must be escaped with @

Testing Patch Content

The preferred method to testing new patches is once a patch has been created involves creating a new patch group and client group and changing the client setting for the new client group.

  • Create new patch group, call it "QA"
  • Create new client group, call it "QA"
  • Edit the client group settings
    • Set "Patch Group" to "QA"
    • Set "Patch State Patching" to "Production & QA"
    • Save the settings
  • Assign client to the "QA" client group

With the groups and the settings created, and client(s) assigned. The next step will be to change the "Patch State" on the newly created patch to "QA". In this configuration any client assigned to the QA client group will now scan for the new patch, it will not patch it until the new patch has been added to the QA patch group and saved.