Articles August 21, 2007 at 5:01 pm

Creating stable and unstable branches with Apple’s Software Update Server.

Recently we've seen a few updates that have caused some stability problems from Apple, notably some of the wireless drivers with recent Santa Rosa based MacBook Pros.

If you're running an Apple Software Update Server for your Mac clients, and you should, as it gives you a point of central control of available updates, as well as saves on bandwidth costs…. then it's somewhat frustrating that all your users have exactly the same packages available to them.

Ideally you want to be able to have a group of guinea pigs who are happy to live on the edge, and only once you've performed QA on an update do you allow it to be available to your clients.  Apple's Software Update Server doesn't allow you this functionality out of the box, but we're going to show you how you can achieve a simple setup of an unstable branch that contains every single update, and a stable branch that only contains the updates you've enabled via the Server Admin GUI.

Read on….  

So the Software Update Server that Apple provides is essentially a very stripped down Apache install, where all the files live in /usr/share/swupd/html, and is configured to run on port 8088, as you can see in /etc/swupd/swupd.conf. 

Say your swupd server is at "swupd.macmac", then your clients will use something like "http://swupd.macmac:8088/" for Software Update, and you'd configure this on your clients as follows:

sudo defaults write /Library/Preferences/ CatalogURL http://swupd.macmac:8088/

Alternatively you can also use Workgroup Manager with Managed Preferences to set this for your users.

Luckily we can actually pass path components as part of the setting for the CatalogURL, which is how we're going to create different branches. We're also going to take advantage of the fact that swupd keeps a copy of the original index file from the Apple softwareupdate servers.

First you should configure your Software Update Server to:

  • Automatically mirror updates from Apple.
  • Not to Automatically enable mirrored updates. 


Then take this shell script and edit the variable "SWUPD_HOST" to contain the hostname and port that you're serving out software updates from:


#!/bin/bash -e <br /><br />PATH=/bin:/usr/bin<br /><br />SWUPD_HOME=&quot;/usr/share/swupd/html&quot;<br />SWUPD_HOST=&quot;swupd.macmac:8088&quot;<br /><br /><br /># make sure these directories exist in case we&#39;re starting the sync process from scratch for some reason<br />mkdir -p &quot;&#36;{SWUPD_HOME}&quot;/stable<br />mkdir -p &quot;&#36;{SWUPD_HOME}&quot;/unstable<br /><br /># this is the catalog file as generated by Server Admin on the Mac server. Use as stable.<br />cp -R &quot;&#36;{SWUPD_HOME}&quot;/index.sucatalog  &quot;&#36;{SWUPD_HOME}&quot;/stable/index.sucatalog<br /><br /># modify the apple catalog index to use our servers. Note the different URL format<br />cat &quot;&#36;{SWUPD_HOME}&quot;/ | sed &quot;s|/[0-9]*/[0-9]*/|&#36;{SWUPD_HOST}/|g&quot; &gt; &quot;&#36;{SWUPD_HOME}&quot;/index.sucatalog.unstable<br /><br />mv -f &quot;&#36;{SWUPD_HOME}&quot;/index.sucatalog.unstable &quot;&#36;{SWUPD_HOME}&quot;/unstable/index.sucatalog<br />


This is really quite a simple script. You're taking the existing "index.sucatalog" file, which is the one that contains the updates you've enabled via Server Admin, and you're copying it to a directory called "stable". You're then taking the "" file, which contains all the  updates available on Apple's own software update servers, you're replacing variousl URLs with your own, and writing it out to an index.sucatalog file in a directory called "unstable".

Now if you want your clients to use the unstable branch, you can do:

sudo defaults write /Library/Preferences/ CatalogURL http://swupd.macmac:8088/unstable/

and if you want them to use the stable branch, you can do:

sudo defaults write /Library/Preferences/ CatalogURL http://swupd.macmac:8088/stable/

This way you can run on the unstable branch, and if your own machines don't break, then you can choose to enable these updates for clients.  


Note that you'll need to set up the above script as a cron job or alternatively as a launchd item so that it gets kept up to date. That exercise is left for the reader, as there is a plethora of useful docs out there on how to accomplish this. It's a rather lightweight script, so there shouldn't be any problems with running it rather regularly.

No Comments

Leave a reply

You must be logged in to post a comment.