Closed homebysix closed 4 years ago
We'll add a prompt to run as admin
Can people please try the below version? (@apizz too)
https://github.com/dataJAR/Munki-Catalog-Browser/releases/tag/1.1
@macmule I'm an admin and I still don't have anything listed in my Munki Catalog Browser window. Not getting any error messages
Looks like I had some junk in my /Library/Managed Installs
folder when we use a Jamf-specific path for our munki info. After removing it, it's now giving me the error message posted (https://github.com/dataJAR/Munki-Catalog-Browser/releases/tag/1.1) but no option to point somewhere else.
When I run managedsoftwareupdate --show-config
it does list the correct Jamf-specific path.
@apizz what’s the path to your catalogs then?
Can you ls & show the perms?
We’re looking at the prefs domain to get the Managed Installs path.. then if we error opening the catalogs you’ll see that error.
So if your account doesn’t have perms to the catalogs file you’ll see the error.
Looking closely, it appears that we have a /Library/Preferences/ManagedInstalls.plist
file that points to the standard munki locations as well as a config profile that manages a number of these settings, but not all.
So perhaps this is just the logic MCB is using to determine where to check for the ManagedInstallDir
for catalogs?
bash-3.2# ls -lah /Library/Application\ Support/JAMF/Waiting\ Room/
total 648
drwx------ 15 root wheel 480B Dec 16 13:03 .
drwxr-xr-x 18 root wheel 576B Dec 16 10:21 ..
-rw-r--r-- 1 root wheel 217K Dec 16 12:57 ApplicationInventory.plist
drwxr-xr-x 102 root wheel 3.2K Dec 16 12:57 Archives
drwxr-xr-x 2 root wheel 64B Nov 19 17:47 Cache
-rw-r--r-- 1 root wheel 3.0K Nov 19 17:47 InstallInfo.plist
drwxr-xr-x 2 root wheel 64B Aug 22 15:25 Logs
-rw-r--r-- 1 root wheel 41K Dec 16 12:57 ManagedInstallReport.plist
-rw-r--r-- 1 root wheel 290B Dec 16 12:57 UpdateNotificationTracking.plist
-rw-r--r-- 1 root wheel 52K Dec 16 13:03 application_usage.sqlite
drwxr-xr-x 4 root wheel 128B Dec 16 12:57 catalogs
drwxr-xr-x 2 root wheel 64B Aug 22 15:27 client_resources
drwxr-xr-x 3 root wheel 96B Dec 16 12:57 icons
drwxr-xr-x 6 root wheel 192B Dec 16 12:57 manifests
drwxr-xr-x 4 root wheel 128B Dec 15 14:25 swupd
bash-3.2# ls -dlah /Library/Application\ Support/JAMF/Waiting\ Room/
drwx------ 15 root wheel 480B Dec 16 13:03 /Library/Application Support/JAMF/Waiting Room/
bash-3.2# managedsoftwareupdate --show-config
Current Munki configuration:
AdditionalHttpHeaders: None [not set]
AppleSoftwareUpdatesOnly: False [MANAGED]
CatalogURL: None [not set]
ClientCertificatePath: None [not set]
ClientIdentifier: u'' [MANAGED]
ClientKeyPath: None [not set]
ClientResourceURL: None [not set]
ClientResourcesFilename: None [not set]
DaysBetweenNotifications: 1 [MANAGED]
FollowHTTPRedirects: u'none' [/Library/Preferences/ManagedInstalls.plist]
HelpURL: None [not set]
IconURL: None [not set]
IgnoreSystemProxies: False [/Library/Preferences/ManagedInstalls.plist]
InstallAppleSoftwareUpdates: True [MANAGED]
InstallRequiresLogout: False [/Library/Preferences/ManagedInstalls.plist]
LocalOnlyManifest: u'Manifest.plist' [MANAGED]
LogFile: u'/var/log/ManagedSoftwareUpdate.log' [MANAGED]
LogToSyslog: False [/Library/Preferences/ManagedInstalls.plist]
LoggingLevel: 1 [MANAGED]
ManagedInstallDir: u'/Library/Application Support/JAMF/Waiting Room/' [MANAGED]
ManifestURL: None [not set]
PackageURL: None [not set]
PackageVerificationMode: u'hash' [MANAGED]
PerformAuthRestarts: False [/Library/Preferences/ManagedInstalls.plist]
RecoveryKeyFile: None [not set]
ShowOptionalInstallsForHigherOSVersions: False [/Library/Preferences/ManagedInstalls.plist]
SoftwareRepoCACertificate: None [not set]
SoftwareRepoCAPath: None [not set]
SoftwareRepoURL: u'http://jss.themastersschool.com/munki_repo' [MANAGED]
SoftwareUpdateServerURL: None [not set]
SuppressAutoInstall: False [/Library/Preferences/ManagedInstalls.plist]
SuppressLoginwindowInstall: False [/Library/Preferences/ManagedInstalls.plist]
SuppressStopButtonOnInstall: False [/Library/Preferences/ManagedInstalls.plist]
SuppressUserNotification: True [MANAGED]
UnattendedAppleUpdates: True [MANAGED]
UseClientCertificate: False [/Library/Preferences/ManagedInstalls.plist]
UseClientCertificateCNAsClientIdentifier: False [/Library/Preferences/ManagedInstalls.plist]
UseNotificationCenterDays: 3 [/Library/Preferences/ManagedInstalls.plist]
Current Apple softwareupdate configuration:
CatalogURL: u'http://<org>.com/index_0_prod.sucatalog' [MANAGED]
Thanks, @apizz.
We’re reading the prefs in via UserDefaults (https://developer.apple.com/documentation/foundation/userdefaults)
Which location did the error show & how is that defined?
Looks like it's going off the default location @ /Library/Managed Installs
as defined in default /Library/Preferences/ManagedInstalls.plist
heh.. think i've found the issue, please try: https://github.com/dataJAR/Munki-Catalog-Browser/releases/download/1.1/Munki.Catalog.Browser.zip
Very close ... there appears to be an extra slash between catalogs and the ManagedInstallDir ... That's what is in our config profile which isn't breaking anything with munki, but otherwise that would be a small thing to update in our profile.
NVM ... the default setting as defined in /Library/Preferences/ManagedInstalls.plist
is /Library/Managed Installs
without the trailing slash. Going to update our profile ...
After updating our profile, so now reads /Library/Application Support/JAMF/Waiting Room
w/o slash, still get the error ... is it supposed to prompt for elevated privs?
ok.. so the path is missing the additional forward slash.
For this privs issue, we're just alerting at this stage.
Elevated privs would need a privileged helper, which is not a simple fix.
Correct. Makes since.
Not sure if you want to go so far as to differentiate errors between the path existing or not vs. the path existing but having insufficient privs to read them, but that could be helpful
Sure.. we'd have to run some more checks via filemanager (https://developer.apple.com/documentation/foundation/filemanager), but there will be situations where the API doesn't think that the path exists as you don't have perms.. see the below playground..
so legitimately figuring if someone cannot see a path as it's missing vs their perms is tricky
import Cocoa
let fm = FileManager.default let defaultInstallDir = "/Library/Managed Installs" let munkiDefaults = UserDefaults(suiteName: "ManagedInstalls") var managedInstallDir = "(munkiDefaults?.object(forKey: "ManagedInstallDir") ?? defaultInstallDir)" if !managedInstallDir.hasSuffix("/") { managedInstallDir = managedInstallDir + "/" } let munkiCatalogsDir = URL(fileURLWithPath: "(managedInstallDir)("/catalogs")") do { let catalogsDir = try fm.contentsOfDirectory(at: munkiCatalogsDir, includingPropertiesForKeys: nil, options: .skipsHiddenFiles) for foundCatalog in catalogsDir { print("Found (foundCatalog)") } } catch { print("Error reading catalogs") let readableFiles = fm.isReadableFile(atPath: "(munkiCatalogsDir)") let filesExist = fm.fileExists(atPath: "(munkiCatalogsDir)") print(readableFiles) if !readableFiles { print("not readable") } if !filesExist { print("not found") } }
The path to /Library/Managed Installs/catalogs is owned by root:admin and not readable by others by default:
Therefore opening Munki Catalog Browser as a non-administrative user results in a blank window. Not sure whether this is "working as expected" but thought I'd make a note of it.