Mojave Caching Service, Reposado and Margarita

steve_bills
New Contributor II

Currently were running Mac Server on Yosemite, however with the server being all but deprecated at this point, I've been tasked with building a new caching server. The server we're currently running has Reposado and Margarita installed on it so we can separate and specify what updates we want to install across the board.

I was wondering if anyone had any luck using Mojave (High Sierra would also be an option) along with Reposado and Margarita. I was told that it wouldn't work and I need to build a Linux Box and install those programs on there for my caching server. Is this correct? If anyone has had any luck with this, please let me know.

Thanks in advance!

5 REPLIES 5

easyedc
Valued Contributor II

I have recently begun testing switching from using the Built-In (though deprecated) SUS Feature in Apple's Server.app to Reposado. High Sierra's compatible release of Server.app can still host a website. Mojave's takes that out. If you're still trying to keep it on Apple Hardware, I'd stop at High Sierra. I was going to set up Margarita, but haven't made it that far.

FWIW - I'm not sure how much longer Reposado's functionality will work. Speaking to my Apple SE, and opening a support ticket, both indicate that they "highly recommend" not using reposado. When I've heard that from Apple in the past, it's always meant that features/functionality will be removed, sooner than later, too. Our SE points out the 90-day delay in Updates being broadcast, but for us, 90-days isn't enough to get 3rd party apps (DLP, AV, etc) to update, then validate internally, and then distribute.

gregneagle
Valued Contributor

You might want to provide feedback to Apple that the "90-day delay" is too coarse a tool and is poorly documented -- apparently it does not apply to all Apple updates; just a (poorly-documented) subset. And it's unclear what happens if, say, Apple releases 10.14.2 and 80 days later it releases 10.14.3. 10.14.2 will disappear from Apple's softwareupdate servers before that 90 day period is up. Does it then install 10.14.3 10 days later? Or does the delay timer start over? What, then, if 10.14.4 ships 80 days after that? Could your machines simply find themselves never updated?

easyedc
Valued Contributor II

@gregneagle I've mentioned to our SE a few times (just last week even) that the 90-day grace period wasn't enough for our enterprise, hence my testing of Reposado (BTW - very nice work). Every time I've brought up the fact that as an enterprise we are forced to rely on 3rd party security tools, I get the spin of "macOS is the most secure blah, blah, blah" and "we're the one of the largest credit card processors in the world so the OS is secured..." But we live in a world where our main goal is to keep our name out of headlines (for several reason - customers, gov't fines, etc). It's one of my many gripes to Apple about the shift away from true enterprise friendly environments.

gregneagle
Valued Contributor

"macOS is the most secure blah, blah, blah" I think most independent security researchers might take issue with that claim. Even if it is true "most secure" != "completely secure".

My comment about 90 days being too coarse a tool is more about having granularity and control, and being able to do testing and then release when testing is complete, rather than a broad generic delay. "We'd like to be able to hold back some updates until we can complete testing" answered with "Fine you can delay all updates 90 days" is not granular enough for us.

gregneagle
Valued Contributor

A concrete example: we'll need to hold back Safari 12 indefinitely for at least some users who rely on a Java applet that runs in Safari 11. But I want other updates to be installed. So 90 days might be not long enough for Safari 12 (and now 12.0.1), and far too long to hold back an iTunes update.