Package integrity verification is done on CasperShare over the network, and not on the client?

I hope I am wrong with what I just noticed :

When a client triggers a policy to download a package, jamf client checks the MD5 checksum directly on the Distribution Point, and not after the file has been transferred to the client???

When I run "ps -awwx" when a package is installed, I see this for example:

8483 ?? 0:00.05 /sbin/md5 -q /Volumes/CasperShare/Packages/Lync Full Installer 14.0.11.pkg

Beside the fact that md5 utility will need to read the file once on the DP through the network, to compare with hash value stored in JSS DB, the jamf client will need to download it a 2nd time later anyway :

8620 ?? 0:00.02 /bin/cp -R /Volumes/CasperShare/Packages/Lync Full Installer 14.0.11.pkg /Library/Application Support/JAMF/Downloads/

So here we have : - package is transferred twice over the network (1st time to calculate the hash + 2nd time for the "cp" command)
- package checksum seems not verified after the file is copied to the client's harddisk. If there a corruption during the 2nd transfer, the checksum verification done earlier is useless...

I just hope I am missing sth here...

Page 1 / 1

I believe you are correct, this was called out in another thread a couple weeks ago and seemed to be accurate based on my network usage tests. This is definitely an issue for larger packages.

There was this thread but also a longer thread a while back that I can not find that discussed this.

Network traffic...

The other thread from a while back was more useful, so I'll keep looking...

Yeah I discovered this last year when I had a 25GB+ package with integrity checking enabled - it would read the entire file from the server to carry out the integrity check then redownload it again. I turned off integrity checking after I found that. I have too many large packages (music samples etc)

@nigelg Where is this setting for integrity checking you speak of? Per package or server setting?
Thanks!

@millersc

It's

Computer Management > Security > Package Validation

I also have it off.

@Abdiaziz Thanks! I think many of us in edu world have some big pkg's we're pushing. So this should help with some of that pain.

Contact your TAM log it as a bug, only way to get some action on it

For those finding this thread afterwards, a Feature Request has been created.

@millersc Thank you. I set mine just now to Never but when I use Casper remote and I did say Refresh it still starts the Verify process. The packages that I install are very large at times here at the college so it would be nice to shut this function off.

Do I have to wait for some type of refresh cycle? Will it take affect immediately? Does it also shut it down in Casper Remote or just when installing via JSS Policy?

My apologies for al the questions but thank you in advance.

Have a very great day today!

Turning it of doesn't seem to help still.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded