Software Update offers you ways to manage Mac software updates from Apple on your network. In an uncontrolled environment, users might connect to Apple Software Update servers at any time and update their computers with software that isn’t approved by your IT group.
Using local Software Update servers, your client computers access only the software updates you permit from software lists that you control, improving your ability to manage computer software updates. For example you can:
Note: You can’t use Software Update to provide third-party software updates.
Download software updates from Apple Software Update servers to a local server for sharing with local network clients and reduce the amount of bandwidth used outside your network.
Direct users, groups, and computers to specific local Software Update servers using managed preferences.
Manage the software update packages users can access by enabling and disabling packages at the local server.
Mirror updates between Apple Software Update servers and your server to make sure you have the most current updates.
Note: Software Update doesn’t update software on the server. For information about keeping your server software current, see the Server app Help.
When you start Software Update, it contacts Apple’s Software Update server and requests a list of available software to download locally.
You can copy (store packages locally) and enable (make the packages available to users) any files in the list. You can also choose to automatically copy and enable newer updates from the Apple server.
Note: Software Update stores its configuration information in the /Library/Server/Software Update/config/swupd.conf file.
When Software Update starts, your Software Update server receives a list of available software updates from the Apple Software Update service. Your server syncs the contents of the software catalog with Apple’s Software Update server when you restart your server.
$ sudo -u _softwareupdate /Applications/Server.app/Contents/ServerRoot/usr/sbin/swupd_syncd -syncImportant: It isn’t recommended to refresh the service using the swupd_syncd daemon directly. If you must sync using swupd_syncd directly, use the -u option with the _softwareupdate user name to prevent the changing of file permissions of downloaded updates, making future sync operations fail.
Changes in the Apple published catalog are immediately reflected on your local server. Deprecated software packages are disabled when a replacement package for that update is enabled. An administrator can disable the new software package and continue offering the deprecated package.
Software Update supports pkm.en and .tar file types, recognized only by OS X v10.4 or later. As you copy updates on your server, your server downloads and stores update packages in the /Library/Server/Software Update/Data/ folder.
Note: OS X Server supports only Apple-specific software packages for use with your update server. Modified Apple and third-party software update packages cannot be shared.
After packages are copied locally, you can enable them for users to update their software. Mac clients running Software Update see only enabled packages in the list of available software for their computer.
Deprecated software packages are disabled when a replacement package for that update is enabled. An administrator can disable the new software package and continue offering the deprecated package.
To keep your service synced with the most current information, your Software Update server must always remain in contact with the Apple server. Software Update service regularly checks with Apple Software Update to update usage information and send lists of newly available software to the updates catalog on your server as they become available.
The Apple Software Update server executes the swupd_syncd synchronization daemon to make sure the latest update packages are available.
Software Update lets you limit the bandwidth that client computers can use when downloading software updates from your Software Update server.
Setting a limit on the bandwidth enables you to control traffic on your network and prevents Software Update clients from slowing the network. For example, if you limit the bandwidth to 56 Kbps, each software update client can download updates at 56 Kbps. If five clients connect simultaneously to the server, the total bandwidth used by the clients will be 280 Kbps (56 Kbps x 5).
A feature in OS X Server Software Update server is the syncBandwidth. You can use this feature to limit the server’s bandwidth back to Apple. Similar to the user bandwidth limit setting, its value is expressed in KBytes/second (for example, 1024 = 1048576 Bytes/second).
Setting a limit on the server’s bandwidth lets you minimize the impact of the Software Update server on your organization’s limited external bandwidth.
On rare occasion, Apple might provide a software update and want to revoke or deprecate a package from circulation.
If Apple revokes the update package, the package is removed from your catalog and stored packages, making it unavailable to clients.
If Apple deprecates a software package and provides a replacement package, the older software package is disabled, making it unavailable to clients. The package remains in your catalog and stored packages until you remove it.
An administrator can disable the new software package and continue offering the deprecated package.
You can’t make your own software update packages. For security considerations and to protect attackers from faking packages, the software update package installer won’t install a package unless it’s signed by Apple.
In addition, Software Update works only with the package format supported in OS X Server v10.4 or later.
The log files for Software Update are located in the /var/log/swupd/ folder. The log files record Software Update events as they occur.
The log files for Software Update include the following:
swupd_syncd_log: Logs the swupd_syncd daemon
swupd_error_log: Reports messages from the httpd daemon controlled by Software Update
swupd_access_log: Reports messages from the httpd daemon controlled by Software Update
You can view the logs using the Console application located in the /Applications/Utilities/ folder.
The Apple Software Update server collects the following information from client Software Update servers:
Language
Type
Browser