Netsus for Mojave

thomast
New Contributor III

Is anyone out there using NETSUS for Mojave? If so, what was your success? Do you have to create a separate branch for Mojave users?

Or, what steps did you take to get there? I'm not currently using Mojave and won't until they iron out the issues, but just wanted to see how things are going for anyone who has done this. According to: https://github.com/wdas/reposado/blob/master/docs/client_configuration.md

, it looks like you just need to change to add index-10.14 into the branch naming. Is that what everyone else has experienced, or do you need to run this on clients as well now that it's out of beta?:

sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate SUDisableEVCheck -bool YES

11 REPLIES 11

thomast
New Contributor III

When I look in mycorp.org/content/catalogs/others/ on the web, I don't see the index for 10.14. Anyone else see that yet in there? Thanks!

thomast
New Contributor III

Also, pointing it to that did not work on the client side either, as expected due to it.

LeidenUniv
New Contributor III

I edited 2 files to make 10.14 work with NetSUS:
add ('https://swscan.apple.com/content/catalogs/others/' 'index-10.14-10.13-10.12-10.11-10.10-10.9-mountainlion-lion-snowleopard-' 'leopard.merged-1.sucatalog')
to /var/lib/reposado/reposadolib/reposadypy

add RewriteCond %{HTTP_USER_AGENT} Darwin/18 RewriteRule ^/index.sucatalog$ http://%{HTTP_HOST}/index-10.14-10.13-10.12-10.11-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog
to /etc/apache2/sites-enabled/000-default.conf

run /var/lib/reposado/repo_sync and verify the new updates are added

restart apache

aliberry
New Contributor

It actually looks like they're going to be releasing version 5 very shortly if you look at the NetSUS GitHub site. The PR is massive - https://github.com/jamf/NetSUS/pull/111

thomast
New Contributor III

What's the best way to upgrade 4.2.1 to 5.0? Or, do you make a new server?

EdLuo
Contributor II

I asked or VM admin to spin up a new server. There is not much to configure other than change account password / AD integration, set time zone and select catalogs to sync. Next step is to redirect select test computers to this new netsus. If all goes well, I'll put in a request to swap the DNS name.

EdLuo
Contributor II

Netsus 5, initial sync is taking a really long time. I checked the "Store Updates on this Server" and I'm guessing it is downloading the Apple updates onto the Netsus server. So far 40GB downloaded and still growing.

bvrooman
Valued Contributor

If you're storing updates on the NetSUS box then it will be a very long initial sync. With just the 10.12, 10.13, and 10.14 catalogs selected it was about 400GB.

thomast
New Contributor III

I appreciate all the helpful comments everyone. I'll look at getting a new server spun up and have it switched over when all is good.

boli
New Contributor II

I finally got the NetSUS 5.0 SUS to work for Mojave clients. Maybe the following is helpful to anyone…

The usual was setting our SUS on a client like so:

sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate 
    CatalogURL https://oursus.ourdomain.tld

Despite having a proper (letsencrypt) certificate (which was entered into the web UI manually), I had to disable extended TLS certificate validation on the client like so:

sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate 
    SUDisableEVCheck -bool TRUE

Otherwise when doing a softwareupdate -l on a client I'd get an error message like Can’t establish a secure connection to the Apple Software Update server.

And finally (not sure if this was actually needed) I adjusted a pattern in some javascript validation code, so it would let me set a https base URL, for which I opened this issue

EdLuo
Contributor II

Just an idea for those struggling with Mojave Certificate issue with NetSUS 5. You can host the catalog files on a secure public web server and redirect the clients to that secure public URL. Added bonus, remote clients don't need VPN to check for updates. The only extra step is asking the web admin to copy and overwrite the files every time the catalogs are updated through Netsus. Our savvy web admin even offloaded the task by automating the copy at a scheduled interval.