Trust info issues

[adam cowie]

I am having trust issues with Autopkgr.  I have gone through the wiki and tired to resolve the issues.  I removed the edited recipe for Keyserver and still cannot download anything.  See attached screen shot also here is the mail I am getting.  Any help is greatly appricated.

Thanks,

Adam

New software was downloaded:

NAME	VERSION
Dropbox	33.3.19
VLC	2.2.6

The following failures occurred:

RECIPE	MESSAGE
com.github.autopkg.munki.sassafras-k2client	Error in com.github.autopkg.munki.sassafras-k2client: Processor: CodeSignatureVerifier: Error: Mismatch in authority names. Note that all verification can be disabled by setting the variable DISABLE_CODE_SIGNATURE_VERIFICATION to a non-empty value.

The following errors occurred: 

• WARNING: com.github.autopkg.munki.sassafras-k2client is missing trust info and FAIL_RECIPES_WITHOUT_TRUST_INFO is not set. Proceeding... Mismatch in authority names. Note that all verification can be disabled by setting the variable DISABLE_CODE_SIGNATURE_VERIFICATION to a non-empty value. WARNING: io.github.hjuutilainen.munki.LibreOffice is missing trust info and FAIL_RECIPES_WITHOUT_TRUST_INFO is not set. Proceeding... WARNING: com.github.autopkg.munki.dropbox is missing trust info and FAIL_RECIPES_WITHOUT_TRUST_INFO is not set. Proceeding... WARNING: com.github.autopkg.munki.AdobeReader is missing trust info and FAIL_RECIPES_WITHOUT_TRUST_INFO is not set. Proceeding... WARNING: com.github.autopkg.munki.OracleJava8 is missing trust info and FAIL_RECIPES_WITHOUT_TRUST_INFO is not set. Proceeding... WARNING: com.github.autopkg.munki.MSAutoUpdate is missing trust info and FAIL_RECIPES_WITHOUT_TRUST_INFO is not set. Proceeding... WARNING: com.github.jps3.munki.WacomIntuosProTabletDriver is missing trust info and FAIL_RECIPES_WITHOUT_TRUST_INFO is not set. Proceeding... WARNING: com.github.ygini.munki.MSOneNote2016Updates-fr_FR is missing trust info and FAIL_RECIPES_WITHOUT_TRUST_INFO is not set. Proceeding... WARNING: com.github.ygini.munki.MSPowerPoint2016Updates-fr_FR is missing trust info and FAIL_RECIPES_WITHOUT_TRUST_INFO is not set. Proceeding... WARNING: com.github.ygini.munki.MSOutlook2016Updates-fr_FR is missing trust info and FAIL_RECIPES_WITHOUT_TRUST_INFO is not set. Proceeding... WARNING: com.github.ygini.munki.MSExcel2016Updates-fr_FR is missing trust info and FAIL_RECIPES_WITHOUT_TRUST_INFO is not set. Proceeding... WARNING: com.github.ygini.munki.MSWord2016Updates-fr_FR is missing trust info and FAIL_RECIPES_WITHOUT_TRUST_INFO is not set. Proceeding... WARNING: com.github.autopkg.munki.textwrangler is missing trust info and FAIL_RECIPES_WITHOUT_TRUST_INFO is not set. Proceeding... WARNING: com.github.luisgiraldo.munki.omnidisksweeper is missing trust info and FAIL_RECIPES_WITHOUT_TRUST_INFO is not set. Proceeding... WARNING: com.github.aysiu.munki.MalwarebytesAntiMalware is missing trust info and FAIL_RECIPES_WITHOUT_TRUST_INFO is not set. Proceeding... WARNING: io.github.hjuutilainen.munki.GIMP is missing trust info and FAIL_RECIPES_WITHOUT_TRUST_INFO is not set. Proceeding... WARNING: com.github.n8felton.munki.AppleXeroxPrinterDrivers is missing trust info and FAIL_RECIPES_WITHOUT_TRUST_INFO is not set. Proceeding... WARNING: com.github.n8felton.munki.AppleHPPrinterDrivers is missing trust info and FAIL_RECIPES_WITHOUT_TRUST_INFO is not set. Proceeding... WARNING: com.github.autopkg.munki.VLC is missing trust info and FAIL_RECIPES_WITHOUT_TRUST_INFO is not set. Proceeding... WARNING: com.github.autopkg.munki.Skype is missing trust info and FAIL_RECIPES_WITHOUT_TRUST_INFO is not set. Proceeding... WARNING: com.github.autopkg.munki.google-chrome is missing trust info and FAIL_RECIPES_WITHOUT_TRUST_INFO is not set. Proceeding... WARNING: com.github.autopkg.munki.firefox-rc-en_US is missing trust info and FAIL_RECIPES_WITHOUT_TRUST_INFO is not set. Proceeding... WARNING: com.github.autopkg.munki.FlashPlayerNoRepackage is missing trust info and FAIL_RECIPES_WITHOUT_TRUST_INFO is not set. Proceeding... WARNING: MakeCatalogs.munki is missing trust info and FAIL_RECIPES_WITHOUT_TRUST_INFO is not set. Proceeding...

The following new items were downloaded:

• /Users/local/Library/AutoPkg/Cache/com.github.autopkg.munki.dropbox/downloads/Dropbox.dmg
• /Users/local/Library/AutoPkg/Cache/com.github.autopkg.munki.VLC/downloads/VLC.dmg

The following new items were imported into Munki:

NAME	VERSION	CATALOG	PKGINFO PATH	PKG REPO PATH
Dropbox	33.3.19	testing	apps/Dropbox/Dropbox-33.3.19.plist	apps/Dropbox/Dropbox-33.3.19.dmg

[adam cowie]

I have narrowed this down to it specifically being the SasafrasK2Client.munki causing the issue.  When I deselect it everything runs as normal.  When I reselect it I get the trust issue errors.  

[Kris Lou]

Generally, all of your recipe overrides are lacking parent trust info.  Start here:  https://github.com/autopkg/autopkg/wiki/AutoPkg-and-recipe-parent-trust-info

More specifically, there may be some problems with the Sassafras recipe, or the package that it is expecting is invalid (or has changed from what was expected).  https://github.com/autopkg/autopkg/wiki/Using-CodeSignatureVerification#how-installer-package-pkg-verification-works

-Kris

Kris Lou
kl...@themusiclink.net

--
You received this message because you are subscribed to the Google Groups "autopkgr-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to autopkgr-discuss+unsubscribe@googlegroups.com.
To post to this group, send email to autopkgr-discuss@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/autopkgr-discuss/f0d5a1f8-32cd-4ce3-8ed3-3e516cc794a4%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[adam cowie]

I went through both pages, and I am still having the same issue.  I must be missing something.  I only have one recipe override for SasafrasK2 so it must be that.

Kris Lou
kl...@themusiclink.net

To unsubscribe from this group and stop receiving emails from it, send an email to autopkgr-discu...@googlegroups.com.
To post to this group, send email to autopkgr...@googlegroups.com.

[Ben Toms]

I submitted a PR for the Sassafras recipe this AM: https://github.com/autopkg/recipes/pull/216

But you really need an override for every recipe

To unsubscribe from this group and stop receiving emails from it, send an email to autopkgr-discuss+unsubscribe@googlegroups.com.
To post to this group, send email to autopkgr-discuss@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/autopkgr-discuss/eb2e1837-4fd4-47fe-aa1b-3ded91981350%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Regards,

Ben

[adam cowie]

Okay so I ran these commands:

deploystudio:~ local$ autopkg make-override SassafrasK2Client.munki

Override file saved to /Users/local/Library/AutoPkg/RecipeOverrides/SassafrasK2Client.munki.recipe

deploystudio:~ local$ autopkg update-trust-info SassafrasK2Client.munki

Wrote updated /Users/local/Library/AutoPkg/RecipeOverrides/SassafrasK2Client.munki.recipe

I still get an Error running recipes alert

WARNING: com.github.autopkg.munki.sassafrask2client is missing trust info and FAIL_RECIPES_WITHOUT_TRUST_INFO is not set.

Proceeding...

Mismatch in authority names. Note that all verification can be disabled by setting variable DISABLE_CODE_SIGNATURE_VERIFICATION to a non-empty value.

WARNING: MakeCatalogs.munki is missing trust info and FAIL_RECIPIES_WITHOUT_TRUST_INFO is not set.  Proceeding...

To view this discussion on the web visit https://groups.google.com/d/msgid/autopkgr-discuss/eb2e1837-4fd4-47fe-aa1b-3ded91981350%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Regards,

Ben

[Kris Lou]

Well, Ben's PR hasn't been committed to the master yet.  When that happens, update your repo. (solves your mismatch on Authority Names)

Then you'll have to update trust info again, as your previous override was pointing to a different version of the parent.  Once you've done that, and verified that the trust info key and data exists on the override itself (solves the missing trust info for Sassafras), run the recipe from terminal and not Autopkgr.

There's a chance that Autopkgr isn't reading the override, or has the parent recipe in its run list.

THEN you can create overrides for the rest of your recipes to clear out the rest of the warnings, and run with Autopkgr.

-Kris

Kris Lou
kl...@themusiclink.net

To unsubscribe from this group and stop receiving emails from it, send an email to autopkgr-discuss+unsubscribe@googlegroups.com.
To post to this group, send email to autopkgr-discuss@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/autopkgr-discuss/8762ec35-bc82-4364-94cb-3111742be4f7%40googlegroups.com.

[Mike Solin]

What Kris said.  Also, you’ll want to run this:

autopkg run local.munki.sassafrask2client

Not this:

autopkg run com.github.autopkg.munki.sassafrask2client

The first command will run your override, the second one will run the one from the AutoPkg repo (and ignore your override).

Mike

-- 

mi...@mikesolin.com / @flammable
https://mikesolin.com

To view this discussion on the web visit https://groups.google.com/d/msgid/autopkgr-discuss/CAGyTNKE9F1R5Hg0zawb-J_0YiP3uGp2A42N60f%2BeGg%2BL1kCmrQ%40mail.gmail.com.

[adam cowie]

Is this also the reason why I cannot edit the munki recipe?  Originally thinking my edited recipe was the issue I deleted it.  Now when I edit the recipe again the changes do not take place.

Kris Lou
kl...@themusiclink.net

To unsubscribe from this group and stop receiving emails from it, send an email to autopkgr-discuss+unsub...@googlegroups.com.

To post to this group, send email to autopkgr...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/autopkgr-discuss/8762ec35-bc82-4364-94cb-3111742be4f7%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups "autopkgr-discuss" group.

To unsubscribe from this group and stop receiving emails from it, send an email to autopkgr-discuss+unsub...@googlegroups.com.

[Mike Solin]

I’m not sure I understand.

Make your override.  Edit your override.  Run your override.

Mike

-- 

mi...@mikesolin.com / @flammable
https://mikesolin.com

To view this discussion on the web visit https://groups.google.com/d/msgid/autopkgr-discuss/26bfb6d9-8d97-4e61-b419-572b12198b32%40googlegroups.com.

[adam cowie]

I did all of this, and when I push keyserver to my test machine it's as if the override didn't take.  I check ~/Library/Autopkg/RecipeOverrides/SassafrasK2Client.munki.recipe has the changes I made, but they are not working

[adam cowie]

Okay I started from the beginning as per what Kris' instructions

deploystudio:~ local$ autopkg make-override SassafrasK2Client.munki

Override file saved to /Users/local/Library/AutoPkg/RecipeOverrides/SassafrasK2Client.munki.recipe

deploystudio:~ local$ autopkg update-trust-info SassafrasK2Client.munki

Wrote updated /Users/local/Library/AutoPkg/RecipeOverrides/SassafrasK2Client.munki.recipe

deploystudio:~ local$ autopkg verify-trust-info SassafrasK2Client.munki

SassafrasK2Client.munki: FAILED

deploystudio:~ local$ autopkg verify-trust-info SassafrasK2Client.munki -v

SassafrasK2Client.munki: FAILED

    Parent recipe local.munki.SassafrasK2Client contents differ from expected.

        Path: /Users/local/Library/AutoPkg/RecipeOverrides/SassafrasK2Client.munki.recipe

deploystudio:~ local$ autopkg run local.munki.sassafrask2client

Didn't find a recipe for local.munki.sassafrask2client.

Search GitHub AutoPkg repos for a local.munki.sassafrask2client recipe? [y/n]: n

Nothing downloaded, packaged or imported.

[Kris Lou]

On Wed, Aug 23, 2017 at 9:37 AM, adam cowie <adamm...@gmail.com> wrote:

Okay I started from the beginning as per what Kris' instructions

+ autopkg repo-update all

 

If you manually edited the core repo, it might be easier to remove it and re-download in entirety.

deploystudio:~ local$ autopkg make-override SassafrasK2Client.munki

Override file saved to /Users/local/Library/AutoPkg/RecipeOverrides/SassafrasK2Client.munki.recipe

+ make changes to   /Users/local/Library/AutoPkg/RecipeOverrides/SassafrasK2Client.munki.recipe

deploystudio:~ local$ autopkg update-trust-info SassafrasK2Client.munki

Wrote updated /Users/local/Library/AutoPkg/RecipeOverrides/SassafrasK2Client.munki.recipe

deploystudio:~ local$ autopkg verify-trust-info SassafrasK2Client.munki

SassafrasK2Client.munki: FAILED

deploystudio:~ local$ autopkg verify-trust-info SassafrasK2Client.munki -v

SassafrasK2Client.munki: FAILED

    Parent recipe local.munki.SassafrasK2Client contents differ from expected.

        Path: /Users/local/Library/AutoPkg/RecipeOverrides/SassafrasK2Client.munki.recipe

Did you change the identifier of the core SassafrasK2Client.munki recipe when you manually edited it?  

It looks like your override is pointing towards "local.munki.SassafrasK2Client" when the ParentRecipe key should point towards "com.github.autopkg.munki.sassafras-k2client"

If you deleted your changes and re-synced the repo, this shouldn't be a problem.

<assuming successful verification>

+ autopkg run -v SassafrasK2Client.munki

 

I don't think that running recipes by their identifier is supported, but I could be wrong.

deploystudio:~ local$ autopkg run local.munki.sassafrask2client

Didn't find a recipe for local.munki.sassafrask2client.

Search GitHub AutoPkg repos for a local.munki.sassafrask2client recipe? [y/n]: n

Nothing downloaded, packaged or imported.

Post the output. 

[adam cowie]

So I did notice 

"

Did you change the identifier of the core SassafrasK2Client.munki recipe when you manually edited it?  

It looks like your override is pointing towards "local.munki.SassafrasK2Client" when the ParentRecipe key should point towards "com.github.autopkg.munki.sassafras-k2client"

That this was changed for some reason to local.munki. I changed it back to com.github. I did not change it.

Here is the outcome of everything it looks like it still failed because it already exsits maybe? Which it did not appear in my munkirepo before nor does it appear now. Here is the out come:

Last login: Wed Aug 23 14:52:37 on ttys000

deploystudio:~ local$ autopkg repo-update all

There were a bunch of git pulls I deleted them to save people from scrolling.  All of them were up to date.

Attempting git pull for /Users/local/Library/AutoPkg/RecipeRepos/com.github.autopkg.jss-recipes...

Already up-to-date.

Attempting git pull for /Users/local/Library/AutoPkg/RecipeRepos/com.github.autopkg.MichalMMac-recipes...

Already up-to-date.

deploystudio:~ local$ autopkg update-trust-info SassafrasK2Client.munki

Wrote updated /Users/local/Library/AutoPkg/RecipeOverrides/SassafrasK2Client.munki.recipe

deploystudio:~ local$ autopkg verify-trust-info SassafrasK2Client.munki -v

SassafrasK2Client.munki: OK

deploystudio:~ local$ autopkg run -v SassafrasK2Client.munki

Processing SassafrasK2Client.munki...

URLDownloader

URLDownloader: Item at URL is unchanged.

URLDownloader: Using existing /Users/local/Library/AutoPkg/Cache/com.github.autopkg.munki.sassafras-k2client/downloads/K2Client.pkg

EndOfCheckPhase

CodeSignatureVerifier

CodeSignatureVerifier: Verifying installer package signature...

CodeSignatureVerifier: Package "K2Client.pkg":

CodeSignatureVerifier:    Status: signed by a certificate trusted by Mac OS X

CodeSignatureVerifier:    Certificate Chain:

CodeSignatureVerifier:     1. Developer ID Installer: Sassafras Software, Inc. (7Z2KSDFMVY)

CodeSignatureVerifier:        SHA1 fingerprint: C2 EE EA E3 45 5E 97 A6 CD 5C CA C0 1E 78 EE 50 79 72 66 A7

CodeSignatureVerifier:        -----------------------------------------------------------------------------

CodeSignatureVerifier:     2. Developer ID Certification Authority

CodeSignatureVerifier:        SHA1 fingerprint: 3B 16 6C 3B 7D C4 B7 51 C9 FE 2A FA B9 13 56 41 E3 88 E1 86

CodeSignatureVerifier:        -----------------------------------------------------------------------------

CodeSignatureVerifier:     3. Apple Root CA

CodeSignatureVerifier:        SHA1 fingerprint: 61 1E 5B 66 2C 59 3A 08 FF 58 D1 4A E2 24 52 D1 98 DF 6C 60

CodeSignatureVerifier: 

CodeSignatureVerifier: Signature is valid

CodeSignatureVerifier: Authority name chain is valid

Copier

Copier: Copied /Users/local/Library/AutoPkg/Cache/com.github.autopkg.munki.sassafras-k2client/downloads/K2Client.pkg to /Users/local/Library/AutoPkg/Cache/com.github.autopkg.munki.sassafras-k2client/K2Client-Custom.pkg

URLDownloader

URLDownloader: Item at URL is unchanged.

URLDownloader: Using existing /Users/local/Library/AutoPkg/Cache/com.github.autopkg.munki.sassafras-k2client/k2clientconfig/k2clientconfig

SassafrasK2ClientCustomizer

PkgRootCreator

PkgRootCreator: Created /Users/local/Library/AutoPkg/Cache/com.github.autopkg.munki.sassafras-k2client/InstallRoot

PkgRootCreator: Created /Users/local/Library/AutoPkg/Cache/com.github.autopkg.munki.sassafras-k2client/InstallRoot/Library

FlatPkgUnpacker

FlatPkgUnpacker: Unpacked /Users/local/Library/AutoPkg/Cache/com.github.autopkg.munki.sassafras-k2client/K2Client-Custom.pkg to /Users/local/Library/AutoPkg/Cache/com.github.autopkg.munki.sassafras-k2client/dist-unpack

PkgPayloadUnpacker

PkgPayloadUnpacker: Unpacked /Users/local/Library/AutoPkg/Cache/com.github.autopkg.munki.sassafras-k2client/dist-unpack/KeyAccess.pkg/Payload to /Users/local/Library/AutoPkg/Cache/com.github.autopkg.munki.sassafras-k2client/InstallRoot/Library

Versioner

Versioner: Found version 7.4.1.2 in file /Users/local/Library/AutoPkg/Cache/com.github.autopkg.munki.sassafras-k2client/InstallRoot/Library/KeyAccess/KeyAccess.app/Contents/Info.plist

MunkiPkginfoMerger

MunkiPkginfoMerger: Merged {

    version = "7.4.1.2";

} into pkginfo

MunkiInstallsItemsCreator

MunkiInstallsItemsCreator: Created installs item for /Library/KeyAccess/KeyAccess.app

MunkiPkginfoMerger

MunkiPkginfoMerger: Merged {

    installs =     (

                {

            CFBundleIdentifier = "com.sassafras.KeyAccess";

            CFBundleName = KeyAccess;

            CFBundleShortVersionString = "7.4.1.2";

            CFBundleVersion = "7.4.1.2";

            path = "/Library/KeyAccess/KeyAccess.app";

            type = application;

            "version_comparison_key" = CFBundleShortVersionString;

        }

    );

    version = "7.4.1.2";

} into pkginfo

MunkiImporter

MunkiImporter: Item K2Client-Custom.pkg already exists in the munki repo as pkgs/support/K2Client/K2Client-Custom-7.4.1.2.pkg.

Receipt written to /Users/local/Library/AutoPkg/Cache/com.github.autopkg.munki.sassafras-k2client/receipts/SassafrasK2Client-receipt-20170823-145841.plist

Nothing downloaded, packaged or imported.

deploystudio:~ local$ 

[Kris Lou]

MunkiImporter: Item K2Client-Custom.pkg already exists in the munki repo as pkgs/support/K2Client/K2Client-Custom-7.4.1.2.pkg.

You're good.  The recipe works, and passes all trust checks.  It didn't "do" anything because it had already been done (and the package was already in cache).

You also need to either run "makecatalogs" manually, or include the MakeCatalogs.munki recipe to your list. 

Kris Lou
kl...@themusiclink.net

--

You received this message because you are subscribed to the Google Groups "autopkgr-discuss" group.

To unsubscribe from this group and stop receiving emails from it, send an email to autopkgr-discuss+unsubscribe@googlegroups.com.
To post to this group, send email to autopkgr-discuss@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/autopkgr-discuss/e5d14679-31e8-4fd2-ba07-ebbb99d02d6c%40googlegroups.com.

[adam cowie]

Kris,

Thanks for all your help so far.  The last bit of the puzzle is I am not understanding the "makecatalogs" manually or include the MakeCatalogs.munki recipe part.

deploystudio:~ local$ autopkg run -v SassafrasK2Client.munki

Processing SassafrasK2Client.munki...

URLDownloader

URLDownloader: Storing new Last-Modified header: Mon, 10 Jul 2017 17:00:00 GMT

URLDownloader: Storing new ETag header: "7e116f-19eb70-553f98365c400"

URLDownloader: Downloaded /Users/local/Library/AutoPkg/Cache/com.github.autopkg.munki.sassafras-k2client/downloads/K2Client.pkg

EndOfCheckPhase

CodeSignatureVerifier

CodeSignatureVerifier: Verifying installer package signature...

CodeSignatureVerifier: Package "K2Client.pkg":

CodeSignatureVerifier:    Status: signed by a certificate trusted by Mac OS X

CodeSignatureVerifier:    Certificate Chain:

CodeSignatureVerifier:     1. Developer ID Installer: Sassafras Software, Inc. (7Z2KSDFMVY)

CodeSignatureVerifier:        SHA1 fingerprint: C2 EE EA E3 45 5E 97 A6 CD 5C CA C0 1E 78 EE 50 79 72 66 A7

CodeSignatureVerifier:        -----------------------------------------------------------------------------

CodeSignatureVerifier:     2. Developer ID Certification Authority

CodeSignatureVerifier:        SHA1 fingerprint: 3B 16 6C 3B 7D C4 B7 51 C9 FE 2A FA B9 13 56 41 E3 88 E1 86

CodeSignatureVerifier:        -----------------------------------------------------------------------------

CodeSignatureVerifier:     3. Apple Root CA

CodeSignatureVerifier:        SHA1 fingerprint: 61 1E 5B 66 2C 59 3A 08 FF 58 D1 4A E2 24 52 D1 98 DF 6C 60

CodeSignatureVerifier: 

CodeSignatureVerifier: Signature is valid

CodeSignatureVerifier: Authority name chain is valid

Copier

Copier: Copied /Users/local/Library/AutoPkg/Cache/com.github.autopkg.munki.sassafras-k2client/downloads/K2Client.pkg to /Users/local/Library/AutoPkg/Cache/com.github.autopkg.munki.sassafras-k2client/K2Client-Custom.pkg

URLDownloader

URLDownloader: Storing new Last-Modified header: Mon, 10 Jul 2017 17:00:00 GMT

URLDownloader: Storing new ETag header: "7e1174-479b-553f98365c400"

URLDownloader: Downloaded /Users/local/Library/AutoPkg/Cache/com.github.autopkg.munki.sassafras-k2client/k2clientconfig/k2clientconfig

Receipt written to /Users/local/Library/AutoPkg/Cache/com.github.autopkg.munki.sassafras-k2client/receipts/SassafrasK2Client-receipt-20170823-155450.plist

The following new items were downloaded:

    Download Path                                                                                                 

    -------------                                                                                                 

    /Users/local/Library/AutoPkg/Cache/com.github.autopkg.munki.sassafras-k2client/downloads/K2Client.pkg         

    /Users/local/Library/AutoPkg/Cache/com.github.autopkg.munki.sassafras-k2client/k2clientconfig/k2clientconfig  

Kris Lou
kl...@themusiclink.net

To unsubscribe from this group and stop receiving emails from it, send an email to autopkgr-discu...@googlegroups.com.
To post to this group, send email to autopkgr...@googlegroups.com.

[adam cowie]

Kris,

As per your instructions, I was able to get keyserver back into munki! thank you os much for all your help.  I have one last question when Autopkgr runs now it fails, because it 

Could not find parent recipe for com.github.autopkg.munki.sassafras-k2client

A Python exception occurred during the execution of autopkg, see the system log for more details

[ERROR] ; 'NoneType' object does not support item assignment

If I deselect SassafrasK2Client.munki in autopkgr it seems to run again no problem.  Is there away to resolve this without deselecting? 

 

Kris Lou
kl...@themusiclink.net

To unsubscribe from this group and stop receiving emails from it, send an email to autopkgr-discu...@googlegroups.com.
To post to this group, send email to autopkgr...@googlegroups.com.

[adam cowie]

Well it just got done running all of the rest of my recipes, and I have a bunch of missing trust info.  Do I have to update the trust info on all of these recipes to get Autopkgr to work the way it was?

[adam cowie]

Well it just got done running all of the rest of my recipes, and I have a bunch of missing trust info.  Do I have to update the trust info on all of these recipes to get Autopkgr to work the way it was?

[Kris Lou]

You've established that your override for Sassafras works -- that's the most important thing.

As far as Autopkgr goes, I'd start from scratch there.  Deselect ALL listed repos and re-select them.  Then select your recipes.  The Sassafras recipe identifier should change to "local.munki.Sassafrask2client" when Autopkgr finds your override.

With JUST the Sassfras recipe, test with Autopkgr.

Then, add the rest of your recipes.

As far as overrides go, you SHOULD be creating overrides for each recipe that you run.  I have to, because my munki_repo is organized a bit differently than default recipes.

Then, you also update the trust info for each override.  It seems like a lot of work, but the point of that is to avoid the problem that started all of this:  the recipe didn't match the package.  It's a roundabout way of avoiding MITM vulnerabilities, but that's also why Apple requires App Signing for all of their packages.  The Trust verification basically says, "Great.  _Somebody_ signed this package, but is it who we expect it to be?" as well as "Is the upstream recipe what we expect it to be?" -- so that it doesn't automatically import potentially harmful packages into your repo.

-Kris

Kris Lou
kl...@themusiclink.net

To unsubscribe from this group and stop receiving emails from it, send an email to autopkgr-discuss+unsubscribe@googlegroups.com.
To post to this group, send email to autopkgr-discuss@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/autopkgr-discuss/808a69d2-4148-478b-9ea4-68e0a5fce9bd%40googlegroups.com.

[adam cowie]

Kris,

I have followed your instructions.  I deselected ALL of my Recipes, Then REPOS, RE-Selected all of the REPOS then Recipes.  Sassafras did not find the parents recipe nor did it switch to local.  All of the reset of the recipes are failing with trust info.  I went trough and created overrides for the ones that were failing.  When I run through command line they all of the trust is verified.  When I try to run autopkgr they fail.  Any advice?  

Thanks,

Adam

Kris Lou
kl...@themusiclink.net

[adam cowie]

I went through all of my recipes and created overrides and updates the trust info on all of them.  I am currently running them through Autopkgr to see if it spits anything back out at me.

A few things I have noticed

1- <key>Identifier<key> is now local.munki.INCERT-RECIPE-NAME-HERE 

Is this normal? Earlier in the thread you had me change the Sassfras one back to the github address should I do this for all of them?

2- For all of these the Parent Recipe is their github address, but for Sassfras it is not.

Should I change the Sassfras one back?  That is why its failing in Autopkgr.

Prior to me opening up this thread Autopkgr would check for updates, automatically download them and I had no issues.  The only recipe override I made was to Sassafras so I could edit some of the server settings.  I am confused as to why everything stopped working like that.  I know it may not be a simple answer just curious what broke it.  Now that I have made the overrides and everything is trusted again will Autopkgr go back to the way it was?  For example checking for updates, if there is one automatically downloading it into my munki repo.  Or will there be more steps involved?  I think that is everything.  Thanks again for all your help.

Adam