diff --git a/cmd/package-builder/README.md b/cmd/package-builder/README.md
index 98721fb24..350eb0603 100644
--- a/cmd/package-builder/README.md
+++ b/cmd/package-builder/README.md
@@ -32,14 +32,23 @@ If you'd like to customize the keys that are used to sign the enrollment secret
 
 The macOS package will install a LaunchDaemon that will connect the launcher to the server specified by the `--hostname` flag, using an enrollment secret specified by the `--enroll_secret` flag. The Linux packages will currently lay down the launcher and osquery binaries as well as the enrollment secret specified by the `--enroll_secret` flag.
 
-If you would like the resultant launcher binary to be invoked with the `--insecure` or `--insecure_grpc` flags, include them with the invocation of `package-builder`:
+If you would like the resultant launcher binary to be invoked with any of the following flags, include them with the invocation of `package-builder`:
+
+- `--insecure`
+- `--insecure_grpc`
+- `--autoupdate`
+- `--update_channel`
+
+For example, consider the following usage:
 
 ```
 ./build/package-builder make \
   --hostname=localhost:8082 \
   --enroll_secret=foobar123 \
   --insecure \
-  --insecure_grpc
+  --insecure_grpc \
+  --autoupdate \
+  --update_channel=nightly
 ```
 
 By default, binaries will be installed to `/usr/local/launcher/bin`, configuration will be installed to `/etc/launcher`, logs will be outputted to `/var/log/launcher`, etc. If you'd like the `launcher` string to be something else (for example, your company name), you can use the `--identifier` flag to specify this value.
diff --git a/cmd/package-builder/package-builder.go b/cmd/package-builder/package-builder.go
index 0b1212c96..b90553df5 100644
--- a/cmd/package-builder/package-builder.go
+++ b/cmd/package-builder/package-builder.go
@@ -101,6 +101,16 @@ func runMake(args []string) error {
 			env.Bool("INSECURE_GRPC", false),
 			"whether or not the launcher packages should invoke the launcher's --insecure_grpc flag",
 		)
+		flAutoupdate = flagset.Bool(
+			"autoupdate",
+			env.Bool("AUTOUPDATE", false),
+			"whether or not the launcher packages should invoke the launcher's --autoupdate flag",
+		)
+		flUpdateChannel = flagset.String(
+			"update_channel",
+			env.String("UPDATE_CHANNEL", ""),
+			"the value that should be used when invoking the launcher's --update_channel flag",
+		)
 		flIdentifier = flagset.String(
 			"identifier",
 			env.String("IDENTIFIER", "launcher"),
@@ -136,7 +146,7 @@ func runMake(args []string) error {
 	macPackageSigningKey := *flMacPackageSigningKey
 	_ = macPackageSigningKey
 
-	paths, err := packaging.CreatePackages(osqueryVersion, *flHostname, *flEnrollSecret, macPackageSigningKey, *flInsecure, *flInsecureGrpc, *flIdentifier)
+	paths, err := packaging.CreatePackages(osqueryVersion, *flHostname, *flEnrollSecret, macPackageSigningKey, *flInsecure, *flInsecureGrpc, *flAutoupdate, *flUpdateChannel, *flIdentifier)
 	if err != nil {
 		return errors.Wrap(err, "could not generate packages")
 	}
diff --git a/tools/packaging/kolide.go b/tools/packaging/kolide.go
index 966a0e720..4aa9e0440 100644
--- a/tools/packaging/kolide.go
+++ b/tools/packaging/kolide.go
@@ -26,7 +26,7 @@ func CreateKolidePackages(uploadRoot, osqueryVersion, hostname, tenant string, p
 		insecureGrpc = true
 	}
 
-	macPackagePath, err := createMacPackage(osqueryVersion, hostname, secret, macPackageSigningKey, insecure, insecureGrpc, "kolide")
+	macPackagePath, err := createMacPackage(osqueryVersion, hostname, secret, macPackageSigningKey, insecure, insecureGrpc, true, "stable", "kolide")
 	if err != nil {
 		return nil, errors.Wrap(err, "could not make macOS package")
 	}
@@ -42,7 +42,7 @@ func CreateKolidePackages(uploadRoot, osqueryVersion, hostname, tenant string, p
 		return nil, errors.Wrap(err, "could not copy file to upload root")
 	}
 
-	debPath, rpmPath, err := createLinuxPackages(osqueryVersion, hostname, secret, insecure, insecureGrpc, "kolide")
+	debPath, rpmPath, err := createLinuxPackages(osqueryVersion, hostname, secret, insecure, insecureGrpc, true, "stable", "kolide")
 	if err != nil {
 		return nil, errors.Wrap(err, "could not make linux packages")
 	}
diff --git a/tools/packaging/packaging.go b/tools/packaging/packaging.go
index d58830e59..9f69e26b2 100644
--- a/tools/packaging/packaging.go
+++ b/tools/packaging/packaging.go
@@ -24,13 +24,13 @@ type PackagePaths struct {
 
 // CreatePackages will create a launcher macOS package. The output paths of the
 // packages are returned and an error if the operation was not successful.
-func CreatePackages(osqueryVersion, hostname, secret, macPackageSigningKey string, insecure, insecureGrpc bool, identifier string) (*PackagePaths, error) {
-	macPkgDestinationPath, err := createMacPackage(osqueryVersion, hostname, secret, macPackageSigningKey, insecure, insecureGrpc, identifier)
+func CreatePackages(osqueryVersion, hostname, secret, macPackageSigningKey string, insecure, insecureGrpc, autoupdate bool, updateChannel string, identifier string) (*PackagePaths, error) {
+	macPkgDestinationPath, err := createMacPackage(osqueryVersion, hostname, secret, macPackageSigningKey, insecure, insecureGrpc, autoupdate, updateChannel, identifier)
 	if err != nil {
 		return nil, errors.Wrap(err, "could not generate macOS package")
 	}
 
-	debDestinationPath, rpmDestinationPath, err := createLinuxPackages(osqueryVersion, hostname, secret, insecure, insecureGrpc, identifier)
+	debDestinationPath, rpmDestinationPath, err := createLinuxPackages(osqueryVersion, hostname, secret, insecure, insecureGrpc, autoupdate, updateChannel, identifier)
 	if err != nil {
 		return nil, errors.Wrap(err, "could not generate linux packages")
 	}
@@ -42,7 +42,7 @@ func CreatePackages(osqueryVersion, hostname, secret, macPackageSigningKey strin
 	}, nil
 }
 
-func createLinuxPackages(osqueryVersion, hostname, secret string, insecure, insecureGrpc bool, identifier string) (string, string, error) {
+func createLinuxPackages(osqueryVersion, hostname, secret string, insecure, insecureGrpc, autoupdate bool, updateChannel, identifier string) (string, string, error) {
 	// first, we have to create a local temp directory on disk that we will use as
 	// a packaging root, but will delete once the generated package is created and
 	// stored on disk
@@ -110,6 +110,8 @@ func createLinuxPackages(osqueryVersion, hostname, secret string, insecure, inse
 		LauncherPath:   filepath.Join(binaryDirectory, "launcher"),
 		Insecure:       insecure,
 		InsecureGrpc:   insecureGrpc,
+		Autoupdate:     autoupdate,
+		UpdateChannel:  updateChannel,
 	}
 	if err := renderSystemdService(systemdFile, opts); err != nil {
 		return "", "", errors.Wrap(err, "could not render systemd unit file")
@@ -207,7 +209,7 @@ systemctl start launcher`
 	return debOutputPath, rpmOutputPath, nil
 }
 
-func createMacPackage(osqueryVersion, hostname, secret, macPackageSigningKey string, insecure, insecureGrpc bool, identifier string) (string, error) {
+func createMacPackage(osqueryVersion, hostname, secret, macPackageSigningKey string, insecure, insecureGrpc, autoupdate bool, updateChannel, identifier string) (string, error) {
 	// first, we have to create a local temp directory on disk that we will use as
 	// a packaging root, but will delete once the generated package is created and
 	// stored on disk
@@ -292,6 +294,8 @@ func createMacPackage(osqueryVersion, hostname, secret, macPackageSigningKey str
 		LaunchDaemonName: launchDaemonName,
 		Insecure:         insecure,
 		InsecureGrpc:     insecureGrpc,
+		Autoupdate:       autoupdate,
+		UpdateChannel:    updateChannel,
 	}
 	if err := renderLaunchDaemon(launchDaemonFile, opts); err != nil {
 		return "", errors.Wrap(err, "could not write LaunchDeamon content to file")
@@ -363,12 +367,14 @@ type systemdTemplateOptions struct {
 	SecretPath     string
 	InsecureGrpc   bool
 	Insecure       bool
+	Autoupdate     bool
+	UpdateChannel  string
 }
 
 // renderSystemdService renders a systemd service to start and schedule the launcher.
 func renderSystemdService(w io.Writer, options *systemdTemplateOptions) error {
 	systemdTemplate :=
-`[Unit]
+		`[Unit]
 Description=The Kolide Launcher
 After=network.service syslog.service
 
@@ -378,7 +384,9 @@ ExecStart={{.LauncherPath}} \
 --hostname={{.ServerHostname}} \
 --enroll_secret_path={{.SecretPath}} \{{if .InsecureGrpc}}
 --insecure_grpc \{{end}}{{if .Insecure}}
---insecure \{{end}}
+--insecure \{{end}}{{if .Autoupdate}}
+--autoupdate \
+--update_channel={{.UpdateChannel}} \{{end}}
 --osqueryd_path={{.OsquerydPath}}
 
 [Install]
@@ -402,6 +410,8 @@ type launchDaemonTemplateOptions struct {
 	LaunchDaemonName string
 	InsecureGrpc     bool
 	Insecure         bool
+	Autoupdate       bool
+	UpdateChannel    string
 }
 
 // renderLaunchDaemon renders a LaunchDaemon to start and schedule the launcher.
@@ -422,7 +432,9 @@ func renderLaunchDaemon(w io.Writer, options *launchDaemonTemplateOptions) error
             <key>KOLIDE_LAUNCHER_ENROLL_SECRET_PATH</key>
             <string>{{.SecretPath}}</string>
             <key>KOLIDE_LAUNCHER_OSQUERYD_PATH</key>
-            <string>{{.OsquerydPath}}</string>
+            <string>{{.OsquerydPath}}</string>{{if .Autoupdate}}
+            <key>KOLIDE_LAUNCHER_AUTOUPDATE</key>
+            <string>{{.UpdateChannel}}</string>{{end}}
         </dict>
         <key>RunAtLoad</key>
         <true/>
@@ -433,9 +445,10 @@ func renderLaunchDaemon(w io.Writer, options *launchDaemonTemplateOptions) error
         <key>ProgramArguments</key>
         <array>
             <string>{{.LauncherPath}}</string>
-            <string>--debug</string>
-            {{if .InsecureGrpc}}<string>--insecure_grpc</string>{{end}}
-            {{if .Insecure}}<string>--insecure</string>{{end}}
+            <string>--debug</string>{{if .InsecureGrpc}}
+            <string>--insecure_grpc</string>{{end}}{{if .Insecure}}
+            <string>--insecure</string>{{end}}{{if .Autoupdate}}
+            <string>--autoupdate</string>{{end}}
         </array>
         <key>StandardErrorPath</key>
         <string>{{.LogDirectory}}/launcher-stderr.log</string>