Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Click here to return to the 'Create a transparent local software update server' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Create a transparent local software update server
Authored by: zpjet on Oct 12, '07 02:06:13AM

I appreciate all your comments, although I must say only few people understand my solution so I will emphasise what matters this time again:

This doesn't require any modifications on clients.

Most of the solutions suggested were already described in many places, for example here at macosxhints: 10.4: Manually add a Tiger Software Update Server

I agree that using e.g. defaults write CatalogURL "" is more simple. But let me think about some case studies:

  1. If i had the server at home and a few macs, I would use defaults (or a freeware) - even on laptops, because the client seems to fall back to Apple's servers when it can't find local SUS.
  2. Without a server, the suggested Squid proxy solution seems to be fine, although I would save hassle if I had just three home macs.
  3. In a company with twenty macs, I would also use defaults, perhaps wrapped into an AppleScript and sent around in a mail, or using Remote Admin and its feature Send UNIX command as current user.
  4. Yes, the right way to do it is with Open Directory. And yes, if you have 3000 clients, you gotta have it.
  5. But we're a service centre where most of the client computers belong to customers, so we don't want to modify their and want to save our traffic. That's why we invested into the server software and one mini to do the job. If you are an internet cafe or have a lot of guests in general, you might profit, too. I can see in the log it does about ten updates a day, most of them worth ~300MB - the updates are downloaded from local SUS in cca one minute.

Yes, this is actually a DNS hack, but what I like is that the setup is very simple. Just the server, one Redirect and one zone on internal DNS. When I'm not that busy, I will try to find a solution without spare server, as DNS can listen on more IP addresses.

[ Reply to This | # ]
Brilliant!... 10.6 Server update:
Authored by: paullyjay on Oct 29, '09 10:59:23AM

OK, I have this up and running on 10.6.1 server now...

Follow all the steps from the top post... (Great post BTW)
then also add 2 more redirects:

pattern: /content/catalogs/others/index-leopard.merged-1.sucatalog

pattern: /content/catalogs/others/index-leopard-snowleopard.merged-1.sucatalog

Then instead of using: lookupd -flushcache

use: dscacheutil -flushcache on the client

Now try running software update on the client computer...

[ Reply to This | # ]
Brilliant!... 10.6 Server update:
Authored by: _Tom on Sep 20, '10 03:21:26PM

Truly a great hack, thanks for that. Thought I would add that I have it up and running on Server 10.5.8, and it's happily serving updates to clients using 10.4, 10.5 and 10.6 (haven't tested older ones).

I wanted to share some troubleshooting I did regarding the message:

<Error>: Unable to download upstream catalog index (was looking for

I was getting this after I had the SUS up and running. I'm not entirely sure what causes it but it's not related to the DNS hack (I was careful to configure my services stepwise). There are several posts at relating to it with no real solution.

As it happens, in order to get Leopard server to serve Snow Leopard clients, I had to modify mirror-config-1.plist and put it on my local drive anyway. Although I reflected this change in swupd.plist, I couldn't get SUS to load the file from the local path (same error as above -- not sure if it was a permissions problem). Obviously the URL doesn't resolve from the server since it's using my ISP's DNS, so my solution was to just chuck mirror-config-1.plist on an external website and update swupd.plist so it looks there. Since doing that I haven't had a problem.

Thought I'd share in case anyone else ran into this.

Once again many thanks for the brilliant tip. I love it. We have many computers, most of which aren't administrated by me, and limited bandwidth, so doing this transparently was exactly what I needed.



[ Reply to This | # ]
Brilliant!... 10.6 Server update:
Authored by: _Tom on Sep 23, '11 09:26:04PM
Alright, I now also have 10.5.8 Server sending out updates to Lion clients!


to mirror-config-1.plist

Left it for 24 hours to download updates and propagate the catalogs, then redirected




Thanks again to the original poster for the great tip!

[ Reply to This | # ]