SSL handshake failure (Error 590)

zipfch commented 7 years ago

Hello,

I'm using AutoPkgr 1.4.2 (1375), AutoPkg 1.0.2 and JSSImporter 0.5.1

I made sure to check the following:

JSS URL, API username + passwords are correct

defaults read com.github.autopkg JSS_URL defaults read com.github.autopkg API_USERNAME defaults read com.github.autopkg API_PASSWORD

Connectivity with JSS can be established
Distribution Points can be mounted
Updated python-jss to 1.5.0
Updated my Repos

Even after disabling SSL verification in autopkg via sudo defaults write com.github.autopkg JSS_VERIFY_SSL -bool false , I still seem to be unable to run any recipe from the jss-recipes repository. How come this step seems to be interfering with the recipe being run through?

As an example i posted the log of sudo autopkg run AdobeFlashPlayer.jss

Processing AdobeFlashPlayer.jss...
{u'API_PASSWORD': u’XXXXXX’,
 u'API_USERNAME': u’XXXXXX’,
 'AUTOPKG_VERSION': u'1.0.2',
 u'CATEGORY': u'Digital Media',
 u'FAIL_RECIPES_WITHOUT_TRUST_INFO': False,
 u'GIT_PATH': u'/usr/local/git/bin/git',
 u'GROUP_NAME': u'AdobeFlashPlayer-update-smart',
 u'GROUP_TEMPLATE': u'AdobeFlashPlayerSmartGroupTemplate.xml',
 u'JSS_REPOS': [{
    name = "jss.contoso.com";
    password = XXXXXX;
},
                {
    name = "jss.domain.contoso.com";
    password = XXXXXX;
},
                {
    name = "jss.dmz.contoso.com";
    password = XXXXXX;
}],
 u'JSS_URL': u'https://jss.domain.contoso.com:8443',
 u'JSS_VERIFY_SSL': False,
 u'MUNKI_REPO': u'/Users/Shared/munki_repo/',
 u'NAME': u'AdobeFlashPlayer',
 'PARENT_RECIPES': [u'/Users/XXXXXX/Library/AutoPkg/RecipeRepos/com.github.autopkg.recipes/AdobeFlashPlayer/AdobeFlashPlayer.pkg.recipe',
                    u'/Users/XXXXXX/Library/AutoPkg/RecipeRepos/com.github.autopkg.recipes/AdobeFlashPlayer/AdobeFlashPlayer.download.recipe'],
 u'POLICY_CATEGORY': u'Testing',
 u'POLICY_TEMPLATE': u'PolicyTemplate.xml',
 'RECIPE_CACHE_DIR': u'/Users/XXXXXX/Library/AutoPkg/Cache/com.github.jss-recipes.jss.AdobeFlashPlayer',
 'RECIPE_DIR': u'/Users/XXXXXX/Library/AutoPkg/RecipeRepos/com.github.autopkg.jss-recipes/AdobeFlashPlayer',
 'RECIPE_OVERRIDE_DIRS': ['~/Library/AutoPkg/RecipeOverrides'],
 'RECIPE_PATH': u'/Users/XXXXXX/Library/AutoPkg/RecipeRepos/com.github.autopkg.jss-recipes/AdobeFlashPlayer/AdobeFlashPlayer.jss.recipe',
 u'RECIPE_REPOS': {u'/Users/XXXXXX/Library/AutoPkg/RecipeRepos/com.github.autopkg.nmcspadden-recipes': {
    URL = "https://github.com/autopkg/nmcspadden-recipes.git";
},
                   u'/Users/XXXXXX/Library/AutoPkg/RecipeRepos/com.github.autopkg.recipes': {
    URL = "https://github.com/autopkg/recipes.git";
},
                   u'/Users/XXXXXX/Library/AutoPkg/RecipeRepos/com.github.autopkg.homebysix-recipes': {
    URL = "https://github.com/autopkg/homebysix-recipes.git";
},
                   u'/Users/XXXXXX/Library/AutoPkg/RecipeRepos/com.github.autopkg.jss-recipes': {
    URL = "https://github.com/autopkg/jss-recipes.git";
},
                   u'/Users/XXXXXX/Library/AutoPkg/RecipeRepos/com.github.autopkg.recipes': {
    URL = "https://github.com/autopkg/recipes";
},
                   u'/Users/XXXXXX/Library/AutoPkg/RecipeRepos/com.github.autopkg.timsutton-recipes': {
    URL = "https://github.com/autopkg/timsutton-recipes.git";
}},
 u'RECIPE_SEARCH_DIRS': [u'.',
                         u'~/Library/AutoPkg/Recipes',
                         u'/Library/AutoPkg/Recipes',
                         u'/Users/XXXXXX/Library/AutoPkg/RecipeRepos/com.github.autopkg.timsutton-recipes',
                         u'/Users/XXXXXX/Library/AutoPkg/RecipeRepos/com.github.autopkg.recipes',
                         u'/Users/XXXXXX/Library/AutoPkg/RecipeRepos/com.github.autopkg.homebysix-recipes',
                         u'/Users/XXXXXX/Library/AutoPkg/RecipeRepos/com.github.autopkg.jss-recipes',
                         u'/Users/XXXXXX/Library/AutoPkg/RecipeRepos/com.github.autopkg.jss-recipes/AdobeFlashPlayer',
                         u'/Users/XXXXXX/Library/AutoPkg/RecipeRepos/com.github.autopkg.recipes/AdobeFlashPlayer'],
 u'SELF_SERVICE_DESCRIPTION': u'Adobe Flash Player is freeware software for using content created on the Adobe Flash platform, including viewing multimedia, executing rich Internet applications, and streaming video and audio.',
 u'SELF_SERVICE_ICON': u'AdobeFlashPlayer.png',
 'verbose': 3}
AdobeFlashURLProvider
{'Input': {}}
AdobeFlashURLProvider: Found URL https://fpdownload.macromedia.com/get/flashplayer/pdc/26.0.0.151/install_flash_player_osx.dmg
{'Output': {'url': 'https://fpdownload.macromedia.com/get/flashplayer/pdc/26.0.0.151/install_flash_player_osx.dmg'}}
URLDownloader
{'Input': {'filename': u'AdobeFlashPlayer.dmg',
           'url': 'https://fpdownload.macromedia.com/get/flashplayer/pdc/26.0.0.151/install_flash_player_osx.dmg'}}
URLDownloader: No value supplied for CURL_PATH, setting default value of: /usr/bin/curl
URLDownloader: No value supplied for CHECK_FILESIZE_ONLY, setting default value of: False
URLDownloader: Storing new Last-Modified header: Tue, 08 Aug 2017 03:23:45 GMT
URLDownloader: Storing new ETag header: "1249cf5-556357db27851"
URLDownloader: Downloaded /Users/XXXXXX/Library/AutoPkg/Cache/com.github.jss-recipes.jss.AdobeFlashPlayer/downloads/AdobeFlashPlayer.dmg
{'Output': {'download_changed': True,
            'etag': '"1249cf5-556357db27851"',
            'last_modified': 'Tue, 08 Aug 2017 03:23:45 GMT',
            'pathname': u'/Users/XXXXXX/Library/AutoPkg/Cache/com.github.jss-recipes.jss.AdobeFlashPlayer/downloads/AdobeFlashPlayer.dmg',
            'url_downloader_summary_result': {'data': {'download_path': u'/Users/XXXXXX/Library/AutoPkg/Cache/com.github.jss-recipes.jss.AdobeFlashPlayer/downloads/AdobeFlashPlayer.dmg'},
                                              'summary_text': 'The following new items were downloaded:'}}}
EndOfCheckPhase
{'Input': {}}
{'Output': {}}
CodeSignatureVerifier
{'Input': {'expected_authority_names': (
    "Developer ID Installer: Adobe Systems, Inc. (JQ525L2MZD)",
    "Developer ID Certification Authority",
    "Apple Root CA"
),
           'input_path': u'/Users/XXXXXX/Library/AutoPkg/Cache/com.github.jss-recipes.jss.AdobeFlashPlayer/downloads/AdobeFlashPlayer.dmg/Install Adobe Flash Player.app/Contents/Resources/Adobe Flash Player.pkg'}}
CodeSignatureVerifier: Mounted disk image /Users/XXXXXX/Library/AutoPkg/Cache/com.github.jss-recipes.jss.AdobeFlashPlayer/downloads/AdobeFlashPlayer.dmg
CodeSignatureVerifier: Verifying installer package signature...
CodeSignatureVerifier: Package "Adobe Flash Player.pkg":
CodeSignatureVerifier:    Status: signed by a certificate trusted by Mac OS X
CodeSignatureVerifier:    Certificate Chain:
CodeSignatureVerifier:     1. Developer ID Installer: Adobe Systems, Inc. (JQ525L2MZD)
CodeSignatureVerifier:        SHA1 fingerprint: F8 32 AC 81 E4 A3 FE A7 19 8E 1C 00 34 A2 F5 B4 F1 A2 BB 55
CodeSignatureVerifier:        -----------------------------------------------------------------------------
CodeSignatureVerifier:     2. Developer ID Certification Authority
CodeSignatureVerifier:        SHA1 fingerprint: 3B 16 6C 3B 7D C4 B7 51 C9 FE 2A FA B9 13 56 41 E3 88 E1 86
CodeSignatureVerifier:        -----------------------------------------------------------------------------
CodeSignatureVerifier:     3. Apple Root CA
CodeSignatureVerifier:        SHA1 fingerprint: 61 1E 5B 66 2C 59 3A 08 FF 58 D1 4A E2 24 52 D1 98 DF 6C 60
CodeSignatureVerifier: 
CodeSignatureVerifier: Signature is valid
CodeSignatureVerifier: Authority name chain is valid
{'Output': {}}
Versioner
{'Input': {'input_plist_path': u'/Users/XXXXXX/Library/AutoPkg/Cache/com.github.jss-recipes.jss.AdobeFlashPlayer/downloads/AdobeFlashPlayer.dmg/Install Adobe Flash Player.app/Contents/Info.plist',
           'plist_version_key': u'CFBundleVersion'}}
Versioner: Mounted disk image /Users/XXXXXX/Library/AutoPkg/Cache/com.github.jss-recipes.jss.AdobeFlashPlayer/downloads/AdobeFlashPlayer.dmg
Versioner: Found version 26.0.0.151 in file /private/tmp/dmg.PUWbT7/Install Adobe Flash Player.app/Contents/Info.plist
{'Output': {'version': u'26.0.0.151'}}
PkgCopier
{'Input': {'pkg_path': u'/Users/XXXXXX/Library/AutoPkg/Cache/com.github.jss-recipes.jss.AdobeFlashPlayer/AdobeFlashPlayer-26.0.0.151.pkg',
           'source_pkg': u'/Users/XXXXXX/Library/AutoPkg/Cache/com.github.jss-recipes.jss.AdobeFlashPlayer/downloads/AdobeFlashPlayer.dmg/Install Adobe Flash Player.app/Contents/Resources/Adobe Flash Player.pkg'}}
PkgCopier: Mounted disk image /Users/XXXXXX/Library/AutoPkg/Cache/com.github.jss-recipes.jss.AdobeFlashPlayer/downloads/AdobeFlashPlayer.dmg
PkgCopier: Copied /private/tmp/dmg.7AeFfO/Install Adobe Flash Player.app/Contents/Resources/Adobe Flash Player.pkg to /Users/XXXXXX/Library/AutoPkg/Cache/com.github.jss-recipes.jss.AdobeFlashPlayer/AdobeFlashPlayer-26.0.0.151.pkg
{'Output': {'pkg_copier_summary_result': {'data': {'pkg_path': u'/Users/XXXXXX/Library/AutoPkg/Cache/com.github.jss-recipes.jss.AdobeFlashPlayer/AdobeFlashPlayer-26.0.0.151.pkg'},
                                          'summary_text': 'The following packages were copied:'},
            'pkg_path': u'/Users/XXXXXX/Library/AutoPkg/Cache/com.github.jss-recipes.jss.AdobeFlashPlayer/AdobeFlashPlayer-26.0.0.151.pkg'}}
JSSImporter
{'Input': {'API_PASSWORD': u'XXXXXX',
           'API_USERNAME': u'XXXXXX',
           'JSS_REPOS': [{
    name = "jss.contoso.com";
    password = XXXXXX;
},
                         {
    name = "jss.domain.contoso.com";
    password = XXXXXXX;
},
                         {
    name = "jss.dmz.contoso.com";
    password = XXXXXXX;
}],
           'JSS_URL': u'https://jss.domain.contoso.com:8443',
           'JSS_VERIFY_SSL': False,
           'category': u'Digital Media',
           'extension_attributes': (
        {
        "ext_attribute_path" = "AdobeFlashPlayerExtensionAttribute.xml";
    }
),
           'groups': (
        {
        name = "AdobeFlashPlayer-update-smart";
        smart = 1;
        "template_path" = "AdobeFlashPlayerSmartGroupTemplate.xml";
    }
),
           'pkg_path': u'/Users/XXXXXX/Library/AutoPkg/Cache/com.github.jss-recipes.jss.AdobeFlashPlayer/AdobeFlashPlayer-26.0.0.151.pkg',
           'policy_category': u'Testing',
           'policy_template': u'PolicyTemplate.xml',
           'prod_name': u'AdobeFlashPlayer',
           'self_service_description': u'Adobe Flash Player is freeware software for using content created on the Adobe Flash platform, including viewing multimedia, executing rich Internet applications, and streaming video and audio.',
           'self_service_icon': u'AdobeFlashPlayer.png',
           'version': u'26.0.0.151'}}
JSSImporter: No value supplied for package_info, setting default value of: 
JSSImporter: No value supplied for package_notes, setting default value of: 
JSSImporter: No value supplied for JSS_MIGRATED, setting default value of: False
JSSImporter: No value supplied for os_requirements, setting default value of: 
JSSImporter: No value supplied for JSS_SUPPRESS_WARNINGS, setting default value of: True
Receipt written to /Users/XXXXXX/Library/AutoPkg/Cache/com.github.jss-recipes.jss.AdobeFlashPlayer/receipts/AdobeFlashPlayer-receipt-20170808-172311.plist `

The following recipes failed:
    AdobeFlashPlayer.jss
        Error in com.github.jss-recipes.jss.AdobeFlashPlayer: Processor: JSSImporter: Error: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:590)

The following packages were copied:
    Pkg Path                                                                                                         
    --------                                                                                                         
    /Users/XXXXXX/Library/AutoPkg/Cache/com.github.jss-recipes.jss.AdobeFlashPlayer/AdobeFlashPlayer-26.0.0.151.pkg  

The following new items were downloaded:
    Download Path                                                                                                   
    -------------                                                                                                   
    /Users/XXXXXX/Library/AutoPkg/Cache/com.github.jss-recipes.jss.AdobeFlashPlayer/downloads/AdobeFlashPlayer.dmg

sheagcraig commented 6 years ago

Hi @zipfch.

The most common SSL error that comes across with JSSImporter is with Sierra and now presumably High Sierra machines not having adequate python libraries for SSL.

Have you followed the README's instructions for: python -m ensurepip --user -U && pip install -I --user pyopenssl run as the user AutoPkg is running under?

Barring that, I'm working on updates to python-jss and JSSImporter that use curl instead of python for the HTTP requests which will avoid these dependency issues.

Also, if you're using a self-signed certificate, even the curl approach is going to have issues.

sheagcraig commented 6 years ago

At this point, indeed, let's move towards the new code to see if it helps.

You can check out the testing branch; the README includes instructions for building an installer package and/or testing by just copying the files.

I'll soon have a package already made for testing up in the releases section as a beta.

jssimporter / JSSImporter

SSL handshake failure (Error 590) #111