+10Is anyone using hash tags for package/file verification before they install the packages on client machines?
We are looking for a way to ensure that none of our packages get corrupted either accidentally (through network issues) or intentionally (malicious intent). Short of writing a custom script for each installer to do a checksum, is anyone doing anything of the sorts for their JSS?
Thanks.
Chris
Best answer by Matt_Fjerstad
Hi Chris,
The ability to verify a package downloaded by the MD5 checksum is a new feature in version 9.3. This can be found under Settings > Computer Management > Security. For more information, refer to pages 102-103 in the 9.3 Casper Suite Administrator's Guide.
Matt
+8Hey Chris,
Consider this comment a bump because I'm also searching for a better way. In the past I've run into problems in my environment where the JSS was reporting packages were cached on clients when in fact they were incomplete/corrupt. I came up with the following fix which worked well enough for us in the past.
It's very important to note my cached packages were installed by scripts called by Self Service policies by choice.
Here's an example package install workflow:
Self Service policy called some Install_Some_App_Checksum.sh script to run the check to be sure the cached package file size met a predetermined minimum. The package was removed and re-cached if it didn't meet the minimum file size by another script and policy in the JSS... Below is an excerpt from one of my Install_Some_App_Checksum.sh scripts...
SIZE=$(du -s /Library/Application Support/JAMF/Waiting Room/Some_App.pkg | awk '{ print $1 }')
if ((SIZE<273054)); then
rm -rf /Library/Application Support/JAMF/Waiting Room/Some_App.pkg;
rm -rf /Library/Application Support/JAMF/Waiting Room/Some_App.pkg.xml;
sudo /Library/Application Support/JAMF/Waiting Room/Some_App-cache_again.sh;
else
sudo /Library/Application Support/JAMF/Waiting Room/install_Some_App_package.sh
fi
exit 0Best of luck and hopefully someone out there will chime in with an easier way to achieve the same result.
-Lionel
+4Hi Chris,
The ability to verify a package downloaded by the MD5 checksum is a new feature in version 9.3. This can be found under Settings > Computer Management > Security. For more information, refer to pages 102-103 in the 9.3 Casper Suite Administrator's Guide.
Matt
+10Thanks Matt,
Our rep pointed us in the same direction. Just waiting for the FileVault 2 Site Admin bug to be fixed then i will go through the upgrade.
Though this may be worth it on it's own merit.
Chris
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.