search

grahampugh / jamf-upload

Scripts for uploading packages to Jamf Cloud
Apache License 2.0
150 stars 39 forks source link

[Errno 1] Operation not permitted: '/Volumes/jamf/Packages/ApE-3.1.2.pkg' #73

Open magnusviri opened 2 years ago

magnusviri commented 2 years ago

I don't know exactly when this changed but JamfPackageUploader quit working for me a while ago and I'm finally getting around to figuring it out. It's because of macOS Mandatory Access Controls. I've discovered you can tell when it's MAC vs Unix permissions by the exact error. Permission denied is Unix permissions. "Operation not permitted" is MAC. It turned out this was affecting me because I was running autopkg over ssh and, as I said earlier, I don't know when it changed but "sshd-keygen-wrapper" quit being selected by default in "Full Disk Access" in the Security & Privacy pref pane. I'm using ssh because this is being run as part of a CI/CD workflow (using Tart).

I guess I'm filing this issue to suggest better error reporting. This is the error right now.

JamfPackageUploader: Copying ApE-3.1.2.pkg to /Volumes/jamf/Packages/ApE-3.1.2.pkg
Traceback (most recent call last):
  File "/Library/AutoPkg/autopkglib/__init__.py", line 840, in process
    self.env = processor.process()
  File "/Library/AutoPkg/autopkglib/__init__.py", line 626, in process
    self.main()
  File "/Users/admin/Library/AutoPkg/RecipeRepos/com.github.autopkg.grahampugh-recipes/JamfUploaderProcessors/JamfPackageUploader.py", line 738, in main
    self.copy_pkg(self.smb_url, self.pkg_path, self.pkg_name)
  File "/Users/admin/Library/AutoPkg/RecipeRepos/com.github.autopkg.grahampugh-recipes/JamfUploaderProcessors/JamfPackageUploader.py", line 264, in copy_pkg
    copyfile(pkg_path, destination_pkg_path)
  File "/Library/AutoPkg/Python3/Python.framework/Versions/3.10/lib/python3.10/shutil.py", line 256, in copyfile
    with open(dst, 'wb') as fdst:
PermissionError: [Errno 1] Operation not permitted: '/Volumes/jamf/Packages/ApE-3.1.2.pkg'
  File "/Library/AutoPkg/autopkglib/__init__.py", line 840, in process
    self.env = processor.process()
[Errno 1] Operation not permitted: '/Volumes/jamf/Packages/ApE-3.1.2.pkg'

I'd check for this error and print out that it's probably MAC and tell the user to check System Prefs, Security & Privacy.

I'm glad to have this working again.

grahampugh commented 2 years ago

I don't fully follow the workflow here.

I don't have any experience of running AutoPkg over ssh. I also use CI/CD, but use a Runner on the client. Maybe you need to adjust the ssh permissions? Just a guess. Or, it could be due to the initial requirement to allow access to a network share (PPPC profile).

Also I'm not really sure what you're asking for, but feel free to make a PR with the desired changes to the error reporting, if that's what you're asking for. I can't really guess what those changes would be.

grahampugh commented 2 years ago

I think you also answered your own question in #72 ?