macOS Software Update custom catalog URL deprecation

Standard

At the recent London Apple Admins, I mentioned that with macOS Catalina setting a custom Software Update catalog URL is now noted as deprecated.

This took some folks by surprise, despite setting a custom Software Update catalog URL.

Below is more details on this deprecation.

Custom Catalog URLs?

The Software Update Service has shipped with macOS Server since 10.4 (according to Wikipedia).

This allowed admins to locally download macOS software updates & selectively enable them for their managed macOS devices to install.

On the managed macOS devices, you would then need to point them to this Software Update Services catalog URL. At which would be a file with the offered updates.

Pointing the managed macOS devices can be accomplished often by one of the below methods:

  1. Setting the “CatalogURL” in /Library/Preferences/com.apple.SoftwareUpdate.plist & pushing out this plist.
  2. Pushing the CatalogURL via a profile.
  3. Setting the CatalogURL via defaults using a script (defaults write /Library/Preferences/com.apple.SoftwareUpdate CatalogURL $catalogURLValue).
  4. If using Jamf Pro, this can be set via Software Update Servers & their related policy payload.
  5. Via the software update binary.

Deprecated where?

If you’re setting a Custom Catalog URL via steps 1-4 listed above, then you’ll not see this deprecation.

Neither will you if your browser the man or -help pages for the softwareupdate binary.

However, if running a later beta of Catalina or the released versions. You can retrieve the notification via either:

sh-3.2# softwareupdate –clear-catalog
Changed catalog to Apple production.

Changing the Software Update catalog is deprecated. The ability to specify a custom catalog will be removed in a future release of macOS.

Or:

sh-3.2# softwareupdate –set-catalog http://foo
Changed catalog to http://foo

Changing the Software Update catalog is deprecated. The ability to specify a custom catalog will be removed in a future release of macOS.

If we look at the macOS Server, with macOS Server 5.2 the Software Update Service was hidden.

Come the great culling of macOS Server’s services in macOS Server 5.7.1, the Software Update Service is not mentioned, but it was removed.

However, despite its omission from the macOS Server 5.7.1 article , Reposado can still serve macOS updates & as such projects such as NetSUS can still be used to serve macOS updates too.

Managed Software Updates

Within the linked Service Migration Guide you can find the following:

The Software Update service of macOS Server is being replaced by managed software updates from a supported mobile device management (MDM) solution and the content caching service in macOS High Sierra or later. For more information on configuring content caching, see the following Apple Support articles:
• About content caching: https://support.apple.com/guide/mac-help/about- content-caching-mchl9388ba1b/mac
• Manage content caching: https://support.apple.com/guide/mac-help/ manage-content-caching-mchl3b6c3720/mac
• Set up content cache clients, peers, or parents: https:// support.apple.com/guide/mac-help/set-up-content-cache-clients-peers-or- parents-mchl9b56e1cf/mac


https://developer.apple.com/support/downloads/macOS-Server-Service-Migration-Guide.pdf

Managed Software Updates allow Administrators to delay iOS, iPadOS & macOS for upto 90 days.

So, this leaves us with Content Caching to manage bandwidth & Managed Software Updates to delay updates being installed.

But, what if you have a delay which is greater than the release cadence & subsequent removal?

Well, that might have hit some organisations at the time of writing. macOS 10.15.1 was released tonight, & the 10.15.0 supplementals have all been removed.

So, organisations that were looking to test the supplementals on a subset of devices before others installing are out of luck depending in what delay they have set for Managed Software Updates.

But we can ignore updates?

Well, yes.

As per my last post & one a few years ago, we can use the softwareupdate binary to ignore updates via something like:

/usr/sbin/softwareupdate --ignore JavaForOSX

However, there is no granular removal. You have to run the below to remove an item which removes all ignored items.

/usr/sbin/softwareupdate --reset-ignored

Brave New World

Undoubtedly updating macOS is changing from what we’ve seen since macOS’s inception to a model inline with the other Apple OS’s.

As such, I’d expect to see setting a custom catalog be removed from macOS sooner rather than later.

However, a 1GB iOS update is not directly comparable to a 4.5GB update to macOS which can also impact a device for 30 minutes or more.

And as macOS has many more moving parts than iOS when it comes to security agents etc & therefore policies around software updates these changes can be seen quite problematic for some environments I’m sure.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.