I've once worked in a network environment where a portion of a network wouldn't have access to the internet or any other net. Whenever we needed to update software within this network, we did the following:
- upload updated software to a "secure" host (step stone)
- disconnect step stone from net
- connect step stone to secure net
- push updated software to repository
- disconnect step stone from secure net
We fully automated this process by automatically configuring a switch to connect and disconnect networks appropriately (so there was a physical connection at all times but no usable IP connection). Maybe you could do something similar - it just depends on the flexibility of the definition of "disconnected" ;)
