Skip to main content
Question

Suddenly many of my packages are failing due to an expired signature

  • March 3, 2016
  • 5 replies
  • 36 views
M
Forum|alt.badge.img+10

All of a sudden I’m seeing packages fail with the error: Certificate used to sign package is not trusted. Use -allowUntrusted to override. All happen to be Apple packages. Some of these were used just last week without a problem. All clients are running OS X 10.10.5

I found an article that supposedly fixes the package by using the pkgutil command: https://managingosx.wordpress.com/2012/03/24/fixing-packages-with-expired-signatures/

I just think it’s weird that this started happening all at once. Could something have expired that I’m not aware of? My Mac server’s Apple Push Notifications Certificate was just renewed but I wouldn’t think that would have anything to do with my packages on the Casper server. I only use it for imaging computers with Deploy Studio.

I don’t know if Apple changed something recently.

    5 replies

    bpavlov
    Forum|alt.badge.img+18
    • bpavlov
    • Esteemed Contributor
    • March 3, 2016

    Exactly what it means. The packages are signed and the certificates expired. Open 1 of the packages and click on the little lock in the top right corner. That should give you information on the certificate.

    Also if this is related to Apple installers, read this:
    https://derflounder.wordpress.com/2016/02/15/certificate-expiration-and-downloaded-mac-app-store-installers/

    J
    Forum|alt.badge.img+8
    • jduvalmtb
    • Contributor
    • March 3, 2016

    Ran into the same issue. I typically use the 2 policy method of 1) Cache and 2) Install Cache (both scoped to smart groups). I changed the Install Cache policy to not install the cached package as normal, but rather run this command:

    installer -allowUntrusted -pkg /Library/Application Support/JAMF/Waiting Room/PagesUpdate-5.6.pkg -target /; rm /Library/Application Support/JAMF/Waiting Room/PagesUpdate-5.6.pkg; rm /Library/Application Support/JAMF/Waiting Room/PagesUpdate-5.6.pkg.cache.xml

    works for the couple of packages affected by this until I update with the signed packages.

    M
    Forum|alt.badge.img+10
    • msnowdon
    • Author
    • Contributor
    • March 3, 2016

    @bpavlov , I checked the failing packages and sure enough they all happened to expire on Feb 14, 2016.

    @jduvalmtb I do happen to use the caching method on some of the larger packages such as GarageBand & Xcode. Thanks for the suggestion.

    M
    Forum|alt.badge.img+11
    • Michael_Meyers
    • Valued Contributor
    • March 14, 2016

    I have been using Rich Troutman's system to download the Apple Apps from the Mac App Store. I experienced the same thing after the middle of February. I had to download the latest versions from the Mac App Store again, package them again, and it took care of the issue.

    bpavlov
    Forum|alt.badge.img+18
    • bpavlov
    • Esteemed Contributor
    • March 14, 2016

    freudian slip?
    Rich Troutman = der flounder = @rtrouton
    ;)

    Terms & ConditionsCookie settingsAccessibility statement