Closed jelockwood closed 2 years ago
homebysix
commented
2 years ago Hi @jelockwood - Could you check the contents of your ~/Library/Application Support/AutoPkgr/recipe_list.txt file to make sure the recipe that AutoPkgr is running is the override and not its parent?
You can also simulate an AutoPkgr run in the Terminal with this, to see more detailed output:
/usr/local/bin/autopkg run --verbose --recipe-list ~/Library/Application\ Support/AutoPkgr/recipe_list.txt
jelockwood
commented
2 years ago Hi @homebysix Yes ~/Library/Application Support/AutoPkgr/recipe_list.txt lists the local overrides below is a sample including entries for Zoom which is a brand new one I just added and also fails the same way.
local.munki.zoomus-intel
local.munki.zoomus-arm
MakeCatalogs.munkiHere is an extract from running AutoPkg run --verbose --recipe-list as requested
Me-Mac-mini1:Downloads zilchadmin$ /usr/local/bin/autopkg run --verbose --recipe-list ~/Library/Application\ Support/AutoPkgr/recipe_list.txt
Processing local.munki.zoomus-intel...
URLDownloader
URLDownloader: Item at URL is unchanged.
URLDownloader: Using existing /Users/me/Library/AutoPkg/Cache/local.munki.zoomus-intel/downloads/zoom.us.pkg
EndOfCheckPhase
CodeSignatureVerifier
CodeSignatureVerifier: Verifying installer package signature...
CodeSignatureVerifier: Package "zoom.us.pkg":
CodeSignatureVerifier: Status: signed by a developer certificate issued by Apple for distribution
CodeSignatureVerifier: Signed with a trusted timestamp on: 2022-07-19 09:29:52 +0000
CodeSignatureVerifier: Certificate Chain:
CodeSignatureVerifier: 1. Developer ID Installer: Zoom Video Communications, Inc. (BJ4HAAB9B3)
CodeSignatureVerifier: Expires: 2027-02-01 22:12:15 +0000
CodeSignatureVerifier: SHA256 Fingerprint:
CodeSignatureVerifier: 6D 70 1A 84 F0 5A D4 C1 C1 B3 AE 01 C2 EF 1F 2E AE FB 9F 5C A6 80
CodeSignatureVerifier: 48 A4 76 60 FF B5 F0 57 BB 8C
CodeSignatureVerifier: ------------------------------------------------------------------------
CodeSignatureVerifier: 2. Developer ID Certification Authority
CodeSignatureVerifier: Expires: 2027-02-01 22:12:15 +0000
CodeSignatureVerifier: SHA256 Fingerprint:
CodeSignatureVerifier: 7A FC 9D 01 A6 2F 03 A2 DE 96 37 93 6D 4A FE 68 09 0D 2D E1 8D 03
CodeSignatureVerifier: F2 9C 88 CF B0 B1 BA 63 58 7F
CodeSignatureVerifier: ------------------------------------------------------------------------
CodeSignatureVerifier: 3. Apple Root CA
CodeSignatureVerifier: Expires: 2035-02-09 21:40:36 +0000
CodeSignatureVerifier: SHA256 Fingerprint:
CodeSignatureVerifier: B0 B1 73 0E CB C7 FF 45 05 14 2C 49 F1 29 5E 6E DA 6B CA ED 7E 2C
CodeSignatureVerifier: 68 C5 BE 91 B5 A1 10 01 F0 24
CodeSignatureVerifier:
CodeSignatureVerifier: Signature is valid
CodeSignatureVerifier: Authority name chain is valid
MunkiImporter
MunkiImporter: Using repo lib: AutoPkgLib
MunkiImporter: plugin: FileRepo
MunkiImporter: repo: /Users/me/Library/Group Containers/G69SCX94XU.duck/Library/Application Support/duck/Volumes/zilch-ops-munki-s3-bucket.s3.amazonaws.com – S3/Munki_Repo
nfs server zilch-ops-munki-s3-bucket.s3.amazonaws.com – S3: not responding
nfs server zilch-ops-munki-s3-bucket.s3.amazonaws.com – S3: is alive again
MunkiImporter: Copied pkginfo to: /Users/me/Library/Group Containers/G69SCX94XU.duck/Library/Application Support/duck/Volumes/zilch-ops-munki-s3-bucket.s3.amazonaws.com – S3/Munki_Repo/pkgsinfo/apps/zoom.us/zoom.us-5.11.3.9065__1.plistSo running AutoPkg manually works and as I previously indicated the AutoPkg verify option also worked but it consistently fails in AutoPkgr. A colleague also setup AutoPkgr on a separate Mac and had the same problem with different recipes.
jelockwood
commented
2 years ago I suspect the following is related. I am seeing duplicate copies added to my Munki Repo. I have not yet fully established whether this is AutoPkg or AutoPkgr runs causing this.
homebysix
commented
2 years ago Duplicate items being added to the repo typically means the MakeCatalogs.munki recipe isn't running — which would make sense, if it's that recipe which is failing trust verification.
I notice you have MakeCatalogs.munki in your recipe list instead of local.munki.MakeCatalogs. Could you try removing that, and in AutoPkgr making an override for the MakeCatalogs recipe instead?
jelockwood
commented
2 years ago @homebysix I tried editing recipe_list.txt as you suggested and if anything that made things worse. It was not possible to do this via AutoPkgr itself.
I then actually in AutoPkgr found and deleted the MakeCatalogs override file and removed it.
Then Autopkgr was able to run recipes successfully. I can't remember if I add this override or if AutoOkgr did itself. (However remember a colleague indpendently installed and setup AutoPkgr on a separate Mac and had the same issue.)
jelockwood
commented
2 years ago @homebysix I tried editing recipe_list.txt as you suggested and if anything that made things worse. It was not possible to do this via AutoPkgr itself.
I then actually in AutoPkgr found and deleted the MakeCatalogs override file and removed it. (I had reverted the recipe_list.txt change.)
Then Autopkgr was able to run recipes successfully. I can't remember if I added this override or if AutoPkgr did itself. (However remember a colleague independently installed and setup AutoPkgr on a separate Mac and had the same issue.)
I am happy enough that it is working fine now. Thank you for this tool.
It has been a little while since I last setup AutoPkg and AutoPkgr but I don't think this is down to me.
I have a Mac mini running currently macOS 11.6.5 Big Sur, Git 2.2.1, AutoPkg 2.4.1, MunkiTools 5.7.2.4439 and AutoPkgr 1.6.
I have started off by adding a recipe for MunkiTools itself in order to ensure all client Macs keep their Munki aka Managed Software Centre up-to-date. I have as common created a recipe override for this.
When I run the following in Terminal as you can see AutoPkg reports it is happy.
autopkg verify-trust-info -vv /Users/me/Library/AutoPkg/RecipeOverrides/munkitools5.munki.recipe /Users/me/Library/AutoPkg/RecipeOverrides/munkitools5.munki.recipe: OKHowever the same recipe override when run using AutoPkgr results in the following error being shown.
Note: a full AutoPkg run of the same recipe override also works fine.