Skip to main content

I ran into problems altering my NETSUS appliance to enable 10.9 updates properly. I poked around JAMFnation, and couldn't find a solution. Finally, I reached out to the fine folks at JAMF Support, and Dave promptly got back to me with a solution. Here it is:

  1. Login/SSH into your netsus installation.
  2. Edit the /var/lib/reposado/preferences.plist so that it looks like this:
<?xml version="1.8“ encoding=“UTF-8“?>
<!DOCTYPE plist PUBLIC "-I/Apple Computer//DTD PLIST 1.6//EN" "http://www.apple.com/DTDs/PropertyList-1.8.dtd“>
<plist version="1.B“>
<dict>
<key>CurlPath</key>
<string>/usr/bin/curl</string>
<key>LocalCatalogURLBase</key>
<string></string>
<key>UpdatesMetadataDir</key>
<string>/srv/SUS/metadata/<{string>
<key>UpdatesRootDir</key>
<string>/srv/SUS/html/</string>
<key>AppleCatalogURLs</key>
    <array>
        <string>http://swscan.apple.com/content/catalogs/index.sucatalog</string>
        <string>http://swscan.apple.com/content/catalogs/index-1.sucatalog</string>
        <string>http://swscan.apple.com/content/catalogs/others/index-leopard.merged-1.sucatalog</string>
        <string>http://swscan.apple.com/content/catalogs/others/index-leopard-snowleopard.merged-1.sucatalog</string>
        <string>http://swscan.apple.com/content/catalogs/others/index-lion-snowleopard-leopard.merged-1.sucatalog</string>
        <string>http://swscan.apple.com/content/catalogs/others/index-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog</string>
        <string>http://swscan.apple.com/content/catalogs/others/index-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog</string>
    </array>
</dict>
</plist>

Voila. 10.9 updates are now working. Now you just need to point your 10.9 clients to the right branch URL:

sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate CatalogURL http://SUS.YOUDOMAIN.COM/others/index-10.9-mountainlion-lion-snowleopard-leopard.merged-1_<branchURL>.sucatalog

Thanks JAMF Support!

@Oclassen

Welcome to the way Apple advertises updates!

This is an important note that the name of the catalog file points out: index-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog

The catalog for 10.9 includes all updates from 10.5-10.9 all merged into one file. It expects a 10.9 computer to be smart enough to pick only updates that it needs from those that are available. They have separate catalogs for older OS's because a 10.6 computer isn't necessarily compatible with a 10.9 update that just came out, even if it is an upgrade to the software on the machine.

Thanks @Josh_S. So what you are saying then is I get 10.5-10.9 whether I like it or not :)

It looks like according to Greg this should work for 10.8. and 10.9 and then running repoutil --purge-product all-deprecated cleans up old catalog downloads.

<key>AppleCatalogURLs</key> <array> <string>http://swscan.apple.com/content/catalogs/others/index-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog</string> <string>http://swscan.apple.com/content/catalogs/others/index-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog</string> </array>

https://github.com/wdas/reposado/blob/master/docs/reposado_preferences.txt#L40-L5

@Oclassen
By excluding the other catalog URLs, you should exclude updates that only apply to a specific version of the OS (combo updates and the like), which is helpful and might be enough for you. But updates which are not OS specific will be rolled into that merged catalog no matter how old they are. Downloading the 10.9 catalog and looking through it manually shows updates that go all the way back to 2005 and a few in 2006. Even excluding all but the latest will grab some ancient updates.

@jhbush1973

repoutil --purge-product all-deprecated

This command is very useful for Reposado maintenance and will delete any updates that have been downloaded locally, but are no longer advertised in Apple's sucatalog files and which are not enabled on any Reposado branches. Generally old updates that are still cached locally, and you have manually disabled in all branches. As @Oclassen is not storing any updates yet, there shouldn't be any updates marked as deprecated and nothing to purge.

Thanks @Josh_S and @jhbush1973.

In trying to set up a secondary server to point to the internal master, I am seeing some unexpected behavior. Just wanted to doublecheck that I am getting the basic concepts.

I have the master set to download packages in the web console, but I have not checked this box yet on the secondary. However, it appears that when doing a repo_sync on the secondary it is in fact downloading packages and not just catalogs at this point.

If I have the master set to download packages, will the secondary server just mirror the settings of the master regardless of what is set on the web console of the secondary?

Thanks

Terms & ConditionsCookie settingsAccessibility statement