Posted on 10-24-2017 09:06 AM
v9.9.9
Hello Jamf community, I use the Always Verify Checksum feature to ensure my packages .PKG files are verified by the client when installed using self-service. I'm using a HTTP distro point on a local network to host packages for my managed Macs. I cannot use HTTPS on the distro point as I do not have a certificate or PKI at this time.
When I setup a policy to install the package everything works as I expect. When a policy is set to install cached package and then another policy is set to subsequently 'Install cached packages' at logout policy the package fails to install. The logs show because the checksum is missing. If I then set the Always Verify Checksum to Only verify when present the install cached packages will install ok.
It seems like package 'installed cached' is stripping the checksum away so that it cannot be later verified by the logout policy install.
For high security environment I have two options, jamf checksums or HTTPS to ensure packages are integral. Due to remote users with limited bandwidth and very large Microsoft packages it's very advantageous to cache packages in the background before installing. We install packages at logout to minimise the interruption to users from multiple updates and packages.
Thanks for any help
Posted on 10-24-2017 09:38 AM
Does the package contain a checksum in Jamf Pro?
http://docs.jamf.com/9.99.0/casper-suite/administrator-guide/Managing_Packages.html
Not sure if this was fixed in the recent Jamf Pro versions, but checksum isn't validated at/after download.