Closed homebysix closed 3 years ago
Before:
% autopkg run -vv "AdobeReader/AdobeReaderDC.download.recipe"
Processing AdobeReader/AdobeReaderDC.download.recipe...
WARNING: AdobeReader/AdobeReaderDC.download.recipe is missing trust info and FAIL_RECIPES_WITHOUT_TRUST_INFO is not set. Proceeding...
AdobeReaderURLProvider
{'Input': {'language': 'English',
'major_version': 'AcrobatDC',
'os_version': '11.0'}}
AdobeReaderURLProvider: Found URL http://ardownload.adobe.com/pub/adobe/reader/mac/AcrobatDC/2100120155/AcroRdrDC_2100120155_MUI.dmg
{'Output': {'url': 'http://ardownload.adobe.com/pub/adobe/reader/mac/AcrobatDC/2100120155/AcroRdrDC_2100120155_MUI.dmg'}}
URLDownloader
{'Input': {'filename': 'AdobeReaderDC.dmg',
'url': 'http://ardownload.adobe.com/pub/adobe/reader/mac/AcrobatDC/2100120155/AcroRdrDC_2100120155_MUI.dmg'}}
URLDownloader: No value supplied for prefetch_filename, setting default value of: False
URLDownloader: No value supplied for CHECK_FILESIZE_ONLY, setting default value of: False
URLDownloader: Storing new Last-Modified header: Mon, 10 May 2021 07:25:20 GMT
URLDownloader: Storing new ETag header: "c21d103-5c1f4ae15e1f1"
URLDownloader: Downloaded ~/Library/AutoPkg/Cache/com.github.autopkg.download.AdobeReaderDC/downloads/AdobeReaderDC.dmg
{'Output': {'download_changed': True,
'etag': '"c21d103-5c1f4ae15e1f1"',
'last_modified': 'Mon, 10 May 2021 07:25:20 GMT',
'pathname': '~/Library/AutoPkg/Cache/com.github.autopkg.download.AdobeReaderDC/downloads/AdobeReaderDC.dmg',
'url_downloader_summary_result': {'data': {'download_path': '~/Library/AutoPkg/Cache/com.github.autopkg.download.AdobeReaderDC/downloads/AdobeReaderDC.dmg'},
'summary_text': 'The following '
'new items were '
'downloaded:'}}}
EndOfCheckPhase
{'Input': {}}
{'Output': {}}
CodeSignatureVerifier
{'Input': {'expected_authority_names': ['Developer ID Installer: Adobe Inc. '
'(JQ525L2MZD)',
'Developer ID Certification Authority',
'Apple Root CA'],
'input_path': '~/Library/AutoPkg/Cache/com.github.autopkg.download.AdobeReaderDC/downloads/AdobeReaderDC.dmg/*.pkg'}}
CodeSignatureVerifier: Mounted disk image ~/Library/AutoPkg/Cache/com.github.autopkg.download.AdobeReaderDC/downloads/AdobeReaderDC.dmg
CodeSignatureVerifier: Using path '/private/tmp/dmg.M28PtH/AcroRdrDC_2100120155_MUI.pkg' matched from globbed '/private/tmp/dmg.M28PtH/*.pkg'.
CodeSignatureVerifier: Verifying installer package signature...
CodeSignatureVerifier: Package "AcroRdrDC_2100120155_MUI.pkg":
CodeSignatureVerifier: Status: signed by a developer certificate issued by Apple for distribution
CodeSignatureVerifier: Signed with a trusted timestamp on: 2021-04-26 23:08:11 +0000
CodeSignatureVerifier: Certificate Chain:
CodeSignatureVerifier: 1. Developer ID Installer: Adobe Systems, Inc. (JQ525L2MZD)
CodeSignatureVerifier: Expires: 2022-02-07 21:51:11 +0000
CodeSignatureVerifier: SHA256 Fingerprint:
CodeSignatureVerifier: 45 02 B6 EB AA C8 56 12 A8 82 5D 34 C0 7C 86 FB 8C 16 AF 0F 47 55
CodeSignatureVerifier: 05 C6 98 A8 02 1A F6 7D 5C 95
CodeSignatureVerifier: ------------------------------------------------------------------------
CodeSignatureVerifier: 2. Developer ID Certification Authority
CodeSignatureVerifier: Expires: 2027-02-01 22:12:15 +0000
CodeSignatureVerifier: SHA256 Fingerprint:
CodeSignatureVerifier: 7A FC 9D 01 A6 2F 03 A2 DE 96 37 93 6D 4A FE 68 09 0D 2D E1 8D 03
CodeSignatureVerifier: F2 9C 88 CF B0 B1 BA 63 58 7F
CodeSignatureVerifier: ------------------------------------------------------------------------
CodeSignatureVerifier: 3. Apple Root CA
CodeSignatureVerifier: Expires: 2035-02-09 21:40:36 +0000
CodeSignatureVerifier: SHA256 Fingerprint:
CodeSignatureVerifier: B0 B1 73 0E CB C7 FF 45 05 14 2C 49 F1 29 5E 6E DA 6B CA ED 7E 2C
CodeSignatureVerifier: 68 C5 BE 91 B5 A1 10 01 F0 24
CodeSignatureVerifier:
CodeSignatureVerifier: Signature is valid
CodeSignatureVerifier: Mismatch in authority names
CodeSignatureVerifier: Expected: Developer ID Installer: Adobe Inc. (JQ525L2MZD) -> Developer ID Certification Authority -> Apple Root CA
CodeSignatureVerifier: Found: Developer ID Installer: Adobe Systems, Inc. (JQ525L2MZD) -> Developer ID Certification Authority -> Apple Root CA
Mismatch in authority names. Note that all verification can be disabled by setting the variable DISABLE_CODE_SIGNATURE_VERIFICATION to a non-empty value.
Failed.
Receipt written to ~/Library/AutoPkg/Cache/com.github.autopkg.download.AdobeReaderDC/receipts/AdobeReaderDC.download-receipt-20210916-092145.plist
The following recipes failed:
AdobeReader/AdobeReaderDC.download.recipe
Error in com.github.autopkg.download.AdobeReaderDC: Processor: CodeSignatureVerifier: Error: Mismatch in authority names. Note that all verification can be disabled by setting the variable DISABLE_CODE_SIGNATURE_VERIFICATION to a non-empty value.
The following new items were downloaded:
Download Path
-------------
~/Library/AutoPkg/Cache/com.github.autopkg.download.AdobeReaderDC/downloads/AdobeReaderDC.dmg
After:
% autopkg run -vv "AdobeReader/AdobeReaderDC.download.recipe"
Processing AdobeReader/AdobeReaderDC.download.recipe...
WARNING: AdobeReader/AdobeReaderDC.download.recipe is missing trust info and FAIL_RECIPES_WITHOUT_TRUST_INFO is not set. Proceeding...
AdobeReaderURLProvider
{'Input': {'language': 'English',
'major_version': 'AcrobatDC',
'os_version': '11.0'}}
AdobeReaderURLProvider: Found URL http://ardownload.adobe.com/pub/adobe/reader/mac/AcrobatDC/2100120155/AcroRdrDC_2100120155_MUI.dmg
{'Output': {'url': 'http://ardownload.adobe.com/pub/adobe/reader/mac/AcrobatDC/2100120155/AcroRdrDC_2100120155_MUI.dmg'}}
URLDownloader
{'Input': {'filename': 'AdobeReaderDC.dmg',
'url': 'http://ardownload.adobe.com/pub/adobe/reader/mac/AcrobatDC/2100120155/AcroRdrDC_2100120155_MUI.dmg'}}
URLDownloader: No value supplied for prefetch_filename, setting default value of: False
URLDownloader: No value supplied for CHECK_FILESIZE_ONLY, setting default value of: False
URLDownloader: Item at URL is unchanged.
URLDownloader: Using existing ~/Library/AutoPkg/Cache/com.github.autopkg.download.AdobeReaderDC/downloads/AdobeReaderDC.dmg
{'Output': {'pathname': '~/Library/AutoPkg/Cache/com.github.autopkg.download.AdobeReaderDC/downloads/AdobeReaderDC.dmg'}}
EndOfCheckPhase
{'Input': {}}
{'Output': {}}
CodeSignatureVerifier
{'Input': {'expected_authority_names': ['Developer ID Installer: Adobe '
'Systems, Inc. (JQ525L2MZD)',
'Developer ID Certification Authority',
'Apple Root CA'],
'input_path': '~/Library/AutoPkg/Cache/com.github.autopkg.download.AdobeReaderDC/downloads/AdobeReaderDC.dmg/*.pkg'}}
CodeSignatureVerifier: Mounted disk image ~/Library/AutoPkg/Cache/com.github.autopkg.download.AdobeReaderDC/downloads/AdobeReaderDC.dmg
CodeSignatureVerifier: Using path '/private/tmp/dmg.CnJ7oY/AcroRdrDC_2100120155_MUI.pkg' matched from globbed '/private/tmp/dmg.CnJ7oY/*.pkg'.
CodeSignatureVerifier: Verifying installer package signature...
CodeSignatureVerifier: Package "AcroRdrDC_2100120155_MUI.pkg":
CodeSignatureVerifier: Status: signed by a developer certificate issued by Apple for distribution
CodeSignatureVerifier: Signed with a trusted timestamp on: 2021-04-26 23:08:11 +0000
CodeSignatureVerifier: Certificate Chain:
CodeSignatureVerifier: 1. Developer ID Installer: Adobe Systems, Inc. (JQ525L2MZD)
CodeSignatureVerifier: Expires: 2022-02-07 21:51:11 +0000
CodeSignatureVerifier: SHA256 Fingerprint:
CodeSignatureVerifier: 45 02 B6 EB AA C8 56 12 A8 82 5D 34 C0 7C 86 FB 8C 16 AF 0F 47 55
CodeSignatureVerifier: 05 C6 98 A8 02 1A F6 7D 5C 95
CodeSignatureVerifier: ------------------------------------------------------------------------
CodeSignatureVerifier: 2. Developer ID Certification Authority
CodeSignatureVerifier: Expires: 2027-02-01 22:12:15 +0000
CodeSignatureVerifier: SHA256 Fingerprint:
CodeSignatureVerifier: 7A FC 9D 01 A6 2F 03 A2 DE 96 37 93 6D 4A FE 68 09 0D 2D E1 8D 03
CodeSignatureVerifier: F2 9C 88 CF B0 B1 BA 63 58 7F
CodeSignatureVerifier: ------------------------------------------------------------------------
CodeSignatureVerifier: 3. Apple Root CA
CodeSignatureVerifier: Expires: 2035-02-09 21:40:36 +0000
CodeSignatureVerifier: SHA256 Fingerprint:
CodeSignatureVerifier: B0 B1 73 0E CB C7 FF 45 05 14 2C 49 F1 29 5E 6E DA 6B CA ED 7E 2C
CodeSignatureVerifier: 68 C5 BE 91 B5 A1 10 01 F0 24
CodeSignatureVerifier:
CodeSignatureVerifier: Signature is valid
CodeSignatureVerifier: Authority name chain is valid
{'Output': {}}
Receipt written to ~/Library/AutoPkg/Cache/com.github.autopkg.download.AdobeReaderDC/receipts/AdobeReaderDC.download-receipt-20210916-092345.plist
Nothing downloaded, packaged or imported.
Tested with various OS_VERSION
values, and the reverted code signature requirement worked on all that I tested.
% autopkg run -vv "AdobeReader/AdobeReaderDC.download.recipe" -k OS_VERSION=10.13
Processing AdobeReader/AdobeReaderDC.download.recipe...
WARNING: AdobeReader/AdobeReaderDC.download.recipe is missing trust info and FAIL_RECIPES_WITHOUT_TRUST_INFO is not set. Proceeding...
AdobeReaderURLProvider
{'Input': {'language': 'English',
'major_version': 'AcrobatDC',
'os_version': '10.13'}}
AdobeReaderURLProvider: Found URL http://ardownload.adobe.com/pub/adobe/reader/mac/AcrobatDC/2100120155/AcroRdrDC_2100120155_MUI.dmg
{'Output': {'url': 'http://ardownload.adobe.com/pub/adobe/reader/mac/AcrobatDC/2100120155/AcroRdrDC_2100120155_MUI.dmg'}}
URLDownloader
{'Input': {'filename': 'AdobeReaderDC.dmg',
'url': 'http://ardownload.adobe.com/pub/adobe/reader/mac/AcrobatDC/2100120155/AcroRdrDC_2100120155_MUI.dmg'}}
URLDownloader: No value supplied for prefetch_filename, setting default value of: False
URLDownloader: No value supplied for CHECK_FILESIZE_ONLY, setting default value of: False
URLDownloader: Item at URL is unchanged.
URLDownloader: Using existing ~/Library/AutoPkg/Cache/com.github.autopkg.download.AdobeReaderDC/downloads/AdobeReaderDC.dmg
{'Output': {'pathname': '~/Library/AutoPkg/Cache/com.github.autopkg.download.AdobeReaderDC/downloads/AdobeReaderDC.dmg'}}
EndOfCheckPhase
{'Input': {}}
{'Output': {}}
CodeSignatureVerifier
{'Input': {'expected_authority_names': ['Developer ID Installer: Adobe '
'Systems, Inc. (JQ525L2MZD)',
'Developer ID Certification Authority',
'Apple Root CA'],
'input_path': '~/Library/AutoPkg/Cache/com.github.autopkg.download.AdobeReaderDC/downloads/AdobeReaderDC.dmg/*.pkg'}}
CodeSignatureVerifier: Mounted disk image ~/Library/AutoPkg/Cache/com.github.autopkg.download.AdobeReaderDC/downloads/AdobeReaderDC.dmg
CodeSignatureVerifier: Using path '/private/tmp/dmg.Z1Xoe6/AcroRdrDC_2100120155_MUI.pkg' matched from globbed '/private/tmp/dmg.Z1Xoe6/*.pkg'.
CodeSignatureVerifier: Verifying installer package signature...
CodeSignatureVerifier: Package "AcroRdrDC_2100120155_MUI.pkg":
CodeSignatureVerifier: Status: signed by a developer certificate issued by Apple for distribution
CodeSignatureVerifier: Signed with a trusted timestamp on: 2021-04-26 23:08:11 +0000
CodeSignatureVerifier: Certificate Chain:
CodeSignatureVerifier: 1. Developer ID Installer: Adobe Systems, Inc. (JQ525L2MZD)
CodeSignatureVerifier: Expires: 2022-02-07 21:51:11 +0000
CodeSignatureVerifier: SHA256 Fingerprint:
CodeSignatureVerifier: 45 02 B6 EB AA C8 56 12 A8 82 5D 34 C0 7C 86 FB 8C 16 AF 0F 47 55
CodeSignatureVerifier: 05 C6 98 A8 02 1A F6 7D 5C 95
CodeSignatureVerifier: ------------------------------------------------------------------------
CodeSignatureVerifier: 2. Developer ID Certification Authority
CodeSignatureVerifier: Expires: 2027-02-01 22:12:15 +0000
CodeSignatureVerifier: SHA256 Fingerprint:
CodeSignatureVerifier: 7A FC 9D 01 A6 2F 03 A2 DE 96 37 93 6D 4A FE 68 09 0D 2D E1 8D 03
CodeSignatureVerifier: F2 9C 88 CF B0 B1 BA 63 58 7F
CodeSignatureVerifier: ------------------------------------------------------------------------
CodeSignatureVerifier: 3. Apple Root CA
CodeSignatureVerifier: Expires: 2035-02-09 21:40:36 +0000
CodeSignatureVerifier: SHA256 Fingerprint:
CodeSignatureVerifier: B0 B1 73 0E CB C7 FF 45 05 14 2C 49 F1 29 5E 6E DA 6B CA ED 7E 2C
CodeSignatureVerifier: 68 C5 BE 91 B5 A1 10 01 F0 24
CodeSignatureVerifier:
CodeSignatureVerifier: Signature is valid
CodeSignatureVerifier: Authority name chain is valid
{'Output': {}}
Receipt written to ~/Library/AutoPkg/Cache/com.github.autopkg.download.AdobeReaderDC/receipts/AdobeReaderDC.download-receipt-20210916-092810.plist
Nothing downloaded, packaged or imported.
Reverts autopkg/recipes#402
Per: https://github.com/autopkg/recipes/pull/402#issuecomment-921019627