NetSUSLP 4.0.0 and CentOS

zmkaylor
New Contributor III

We're running NetSUS 3.0.2 on CentOS 6.7 just for software updates. To support 10.11 I tested out updating it to NetSUSLP 4.0.0. The update went without issue, but after the first sync several current updates, like 10.9.5 and 10.10.5, were marked as deprecated. Once I cleared out the deprecated updates, no 10.9.5 or 10.10.5 updates were available. So, I restored my pre-update snapshot and started testing on a fresh install of CentOS.

In a fresh install, there are only 634 updates available in the web interface and there are several obvious updates missing, like 10.9.5, 10.10.5, and 10.11.1. When I test out the 4.0.0 Ubuntu appliance there are 1,185 updates available and all the updates I expect to see are there.

I'd prefer to run the NetSUSLP in CentOS so I've started investigating the issue. Before I spend too much time on it I thought it would be worthwhile to bring the issue to the group to see if anyone else has experienced this or if anyone has any suggestions. Thanks for your time!

1 ACCEPTED SOLUTION

zmkaylor
New Contributor III

To troubleshoot this problem I followed the instructions in reposado_preferences.txt and enabled logging by adding

    <key>RepoSyncLogFile</key>
    <string>/var/log/reposado_sync.log</string>

to /var/lib/reposado/preferences.plist

Then I ran another sync and in the reposado log I came across:

Nov 12 14:04:29 Building index-mountainlion-lion-snowleopard-leopard.merged-1_CCS.sucatalog... Nov 12 14:04:29 Could not replicate https://swscan.apple.com/content/catalogs/others/index-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog: Error 59: Unknown cipher in list: HIGH Nov 12 14:04:29 Could not replicate https://swscan.apple.com/content/catalogs/others/index-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog: Error 59: Unknown cipher in list: HIGH Nov 12 14:04:29 Could not replicate https://swscan.apple.com/content/catalogs/others/index-10.11-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog: Error 59: Unknown cipher in list: HIGH Nov 12 14:04:29 repo_sync run ended

According to this post, RedHat/CentOS's curl is compiled against NSS instead of OpenSSL and it doesn't recognize the parameter 'High' so I added the options below to /var/lib/reposado/preferences.plist to override the default SSL ciphers.

    <key>AdditionalCurlOptions</key>
    <array>
        <string>ciphers = "rsa_aes_128_sha,rsa_aes_256_sha,rsa_3des_sha"</string>
    </array>

Now it appears to be working without any issue. I'm not sure why I had the trouble and others haven't, but I'm happy it's working again and thought I should document it here.

View solution in original post

5 REPLIES 5

mattware
Contributor

I am running it on Centos 7 and all 1180ish updates show up for me.

zmkaylor
New Contributor III

Thanks @mattware . What are you installing in CentOS 7 before NetSUSLP? I use a minimal install and have the same problem in CentOS 6 and 7.

mattware
Contributor

@zmkaylor I didn't do anything other than fully update CentOS before installing. I did also make a change to php.conf after installing so that I could select all updates, but other than that no changes. Also using the minimal install.

zmkaylor
New Contributor III

To troubleshoot this problem I followed the instructions in reposado_preferences.txt and enabled logging by adding

    <key>RepoSyncLogFile</key>
    <string>/var/log/reposado_sync.log</string>

to /var/lib/reposado/preferences.plist

Then I ran another sync and in the reposado log I came across:

Nov 12 14:04:29 Building index-mountainlion-lion-snowleopard-leopard.merged-1_CCS.sucatalog... Nov 12 14:04:29 Could not replicate https://swscan.apple.com/content/catalogs/others/index-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog: Error 59: Unknown cipher in list: HIGH Nov 12 14:04:29 Could not replicate https://swscan.apple.com/content/catalogs/others/index-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog: Error 59: Unknown cipher in list: HIGH Nov 12 14:04:29 Could not replicate https://swscan.apple.com/content/catalogs/others/index-10.11-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog: Error 59: Unknown cipher in list: HIGH Nov 12 14:04:29 repo_sync run ended

According to this post, RedHat/CentOS's curl is compiled against NSS instead of OpenSSL and it doesn't recognize the parameter 'High' so I added the options below to /var/lib/reposado/preferences.plist to override the default SSL ciphers.

    <key>AdditionalCurlOptions</key>
    <array>
        <string>ciphers = "rsa_aes_128_sha,rsa_aes_256_sha,rsa_3des_sha"</string>
    </array>

Now it appears to be working without any issue. I'm not sure why I had the trouble and others haven't, but I'm happy it's working again and thought I should document it here.

AdamH
New Contributor II

This is great- i had this exact issue when installing NetSUS on our CentOS box.

However, I'm still getting an error box on the client that says "Can't Load Data from the Update Server".

I followed the configuration doc, so I'm unsure why it can't communicate.