"Mac OS X Server administrators who are managing their own Software Update servers should remove all updates signed with the expired certificates and redownload the updates from Apple"
If you have seen your ASUS downloading old updates recently, here is the explanation why.
Hi, I am using Casper Suite and my only Mac server is a Netboot and Software update server. But I don't see any Software Update Service is configured in my ServerAdmin. When I want to install updates using Casper Policy, it does work. I am not sure in this case, should I worry about it. I cannot see where all the updates are downloaded/saved on the server.
If you are running a local Software Update server, then Software Update (and in your situation, NetBoot) should be visible in Server Admin. (There is a small disclosure triangle next to the server name - that should be pointing downwards).
I have nothing in the Server Admin. It looks like there is no ASUS defined from the OS X Server itself. But my SUS does work when I push them out using Casper.
Is that some sort of different setup?
So what does this mean for Reposado and the JAMF NetSUS appliance? Are we going to need to delete the updates and re-download?
In my feeble brain, the answer to that is yes. But there are much smarter people on this list than I.
Greg, can you speak to the Reposado question?
i'm not sure if there's a way to verify the actual updates, either. verify the sha1 hashes posted on apple's download pages, of course, but determining if they've changed would require having record of the old hashes.
for installed apps, you can at least see that apple apps are signed by their CA with something like: codesign -d -vv /Applications/Safari.app/
that doesn't help for flat pkg updates, though. i haven't tried expanding the payload to check signing on the individual components and probably won't… gots stuff ta' do.
@rpotvin Yep, and some of them were renamed to conform with our naming convention. We're going to run uber-guru Greg Neagle's script on our JSS to be safe. Then we'll need to circle back to hit the PKG installers that tech have on their USB drives, server shares, etc...
I really (REALLY) wish Apple had some management oversight, seems their processes are breaking down with Steve Jobs' passing. They really need an enterprise Big Cheeze. :(