Closed nilsbyte closed 5 years ago
nilsbyte
commented
5 years ago Turns out AutoPkg uses Python at /usr/bin/python which is
srv-osx:bin admin$ /usr/bin/python
Python 2.7.10 (default, Feb 7 2017, 00:08:15)
[GCC 4.2.1 Compatible Apple LLVM 8.0.0 (clang-800.0.34)] on darwinwith openSSL
>>> print ssl.OPENSSL_VERSION
OpenSSL 0.9.8zh 14 Jan 2016which is outdated and causes problem with many SSL enabled sites. I don't know how to replace OpenSSL for the system-Python of macOS.
MacMatt
commented
5 years ago Hello. Same problem here... Have you found how to correct ?
arubdesu
commented
5 years ago Please upgrade. 10.12 is not a supportable platform anymore. If you cannot, investigate tlsssl explained here: https://clburlison.com/python2-and-tls/
MacMatt
commented
5 years ago Hello. Thanks for pointing this... I'll try...
nilsbyte
commented
5 years ago My macOS Server is a VM and currently, 10.13 is not supported by the host. Does 10.13 resolve the issues with TLS (outdated OpenSSL version)?
arubdesu
commented
5 years ago Yes,
Ditching OpenSSL For LibreSSL In High Sierra, Apple has switched SSL libraries from OpenSSL 0.9.8zh to LibreSSL 2.2.7. LibreSSL is a fork of OpenSSL supported by OpenBSD. Secure Transport is Apple’s own API for SSL/TLS but it is primarily used for their first-party software. LibreSSL will serve as the SSL library for third-party software.
If the writer of that snippet didn’t inject stuff into my pasteboard I would link to them, but I DDG’d “high sierra linked ssl”
nilsbyte
commented
5 years ago @arubdesu, can you please update https://github.com/autopkg/arubdesu-recipes/blob/master/2016SuiteSKUless/OfficeSuiteSKULessVersionProvider.py to use the SSL enabled URL https://macadmins.software/latest.xml and the python SSL module or does this make no sense?
I can't find a way to replace system-openSSL on 10.12
arubdesu
commented
5 years ago I cannot add a non-stdlib import that is only needed on a two-versions-old operating system. (If the vendored project is installed correctly it shouldn’t be necessary, either.) Sorry I can’t be of more help but I hope my reason why is understandable. I can’t promise when I’ll be finally running that recipe and fixing whatever ails it, but PR’s greatly appreciated.
nilsbyte
commented
5 years ago I understand. What do you mean by 'If the vendored project is installed correctly'?
arubdesu
commented
5 years ago The tlsssl link mentioned earlier goes to Clayton’s ‘vendored’ project https://github.com/clburlison/vendored. Again, thank you for your understanding, this is important to clear up so it won’t be months until I at least update READMEs
arubdesu
commented
5 years ago Am I ok to close this issue out? I got confused with the other work I need to do (e.g. the naming/versionsing issues, even though it probably still works decent). I'd rather consider this exact symptom not a fault of the code but instead running autopkg on pre-10.13 macOS, which is certainly not recommended.
nilsbyte
commented
5 years ago Please close. I will update my VM to 10.13 and see if it works then.
When running the 2016SuiteSKULess.munki override, I get this:
openSSL version
Python version
Maybe the cause is the automatic redirection to HTTPS (SSL)?
If I try to execute what the script at https://github.com/autopkg/arubdesu-recipes/blob/master/2016SuiteSKUless/OfficeSuiteSKULessVersionProvider.py does, I do not get any error, the file is fetched without problems and can display it with print(xml).
AutoPkg latest running on macOS 10.12.6.