When managedsoftwareupdate 5.5.0.4360 runs as root (e.g., via the LaunchDaemon) and tries to authenticate to a server via client certificate stored in the System keychain, it returns the error: Download failed: (-1005, ’The network connection was lost.’)
I've tested this on a bare metal Intel Mac mini and on VMs, all running clean installs of macOS 11.4.
If I run managedsoftwareupdate under a user account with sudo, it asks for keychain credentials and then downloads fine. Also if I copy the cert into /Library/Managed Installs/certs it works fine as root.
Apple's support documentation
https://developer.apple.com/library/archive/qa/qa1941/_index.html suggests a network issue or diagnosing with CFNetwork. Since it's obviously a root vs user issue, and I don't know how to use CFNetwork, I'm posting here for help. I've checked env variables and file permissions and can't find any smoking guns.
Steps to reproduce:
Install a client certificate via Configuration Profile.
Install Munki 5.5 from the GitHub releases.
Set the SoftwareRepoURL to a server with mTLS configured for the client certificate installed on the Mac.
Run managedsoftwareupdate as root (not just sudo)
Attaching relevant logs of sudo (working) and root (not working).