- Jamf Nation Community
- Products
- Jamf Pro
- Re: JSS 9.31: Checksums required for all PKGs by d...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-03-2014 10:52 AM
After our 8.73 > 9.31 migration, we had a bit of a struggle getting policies to work. Our JAMF buddy found the problem. JSS 9.31 has "Verify Packages" on by default. So packages without checksums will fail given the default "Always" setting. Set to "When available" if you want packages with checksums to be validated, else if no checksum it'll skip verification. Alerted JAMF, they're looking into changing the default to "Never" so checksums are ignored by default.
HTH,
Don
--
https://donmontalvo.com
https://donmontalvo.com
Solved! Go to Solution.
3 ACCEPTED SOLUTIONS
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-03-2014 10:57 AM
Hello again @donmontalvo ! :)
Just for reference, that behavior is filed under D-006775 (for those of you that like to track them).
It's currently open with a disposition of Planned for Release, so we'll hopefully be seeing a fix for it soon.
In the mean time, as you've mentioned, we can either set it to "When available" or "Never" through Computer Management >> Security.
Amanda Wulff
JAMF Software Support
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-03-2014 11:18 AM
We should be able to get it to calculate the checksum by right clicking on the package in Admin and selecting "Calculate Selected Package Checksum(s)". There should be an option in the context menu to create one if no checksum is present as well.
Normally, Admin displays the checksum if one is present, however. It may not pull the correct one on an unmigrated database due to D-006777, but you'll notice that right away as it will put the local path of the file as the "checksum".
Amanda Wulff
JAMF Software Support
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-03-2014 11:43 AM
You should be able to select multiple packages, right click (or use the File menu), and have the option to generate a checksum.
As far as I'm seeing, that's the only way to do it currently as the isn't an option to just search the share and generate a checksum for packages that don't have one. It may be possible to do a Command A to select all and see if it's an option, though.
If you're looking for an option more along the lines of 'scan the share, find packages that don't have a checksum, and generate one for them' I'd recommend a feature request.
Amanda Wulff
JAMF Software Support
14 REPLIES 14
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-03-2014 10:57 AM
Hello again @donmontalvo ! :)
Just for reference, that behavior is filed under D-006775 (for those of you that like to track them).
It's currently open with a disposition of Planned for Release, so we'll hopefully be seeing a fix for it soon.
In the mean time, as you've mentioned, we can either set it to "When available" or "Never" through Computer Management >> Security.
Amanda Wulff
JAMF Software Support
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-03-2014 11:07 AM
Is there a way to populate the checksums?
I guess if not I'll file a FR.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-03-2014 11:18 AM
We should be able to get it to calculate the checksum by right clicking on the package in Admin and selecting "Calculate Selected Package Checksum(s)". There should be an option in the context menu to create one if no checksum is present as well.
Normally, Admin displays the checksum if one is present, however. It may not pull the correct one on an unmigrated database due to D-006777, but you'll notice that right away as it will put the local path of the file as the "checksum".
Amanda Wulff
JAMF Software Support
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-03-2014 11:37 AM
Thanks @amanda.wulff, but that's one by one.. Anyway to have it run across the whole share?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-03-2014 11:43 AM
You should be able to select multiple packages, right click (or use the File menu), and have the option to generate a checksum.
As far as I'm seeing, that's the only way to do it currently as the isn't an option to just search the share and generate a checksum for packages that don't have one. It may be possible to do a Command A to select all and see if it's an option, though.
If you're looking for an option more along the lines of 'scan the share, find packages that don't have a checksum, and generate one for them' I'd recommend a feature request.
Amanda Wulff
JAMF Software Support
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-04-2014 06:05 AM
@amanda.wulff Yep we did a COMMAND-A and created checksums for all the PKGs in our DP, worked like a charm. :)
--
https://donmontalvo.com
https://donmontalvo.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-19-2014 11:58 AM
@amanda.wulff and what do you do if you don't have the option to generate checksums? Running 9.31 and logged into Casper Admin as a user with full admin privs.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-19-2014 12:10 PM
If you're not seeing the Calculate Package Checksum option either in the file menu or when right clicking on a pkg or dmg file, and we've verified that:
- We're on the matching version of Admin.
- Not logged in as a Site Administrator (and the last user logged into the JSS wasn't a site administrator).
- Certain about the privileges.
I would recommend getting in touch with your Technical Account Manager; even if the option to Calculate Package Checksum is grayed out due to lack of permissions, it should always show up in the File menu or when right clicking on a pkg or dmg. If it's not showing up at all, something else is going on and we'd need to look at it a bit closer.
Thanks!
Amanda Wulff
JAMF Software Support
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-19-2014 12:17 PM
1) Yep, on the same version as the server, 9.31 for JSS and 9.31 for Casper Admin.
2) The account I am using is a Full Access Administrator. I verified all permissions are checked for everything.
3) See #2
So I guess I'll be contacting my support person. Thanks!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-19-2014 12:21 PM
I do know if you right click on, say, a script, or a printer, or something that isn't a .dmg or a .pkg it won't show the option in the context menu, but that's expected behavior and it should still appear grayed out in the File menu regardless.
Very odd that the option isn't there at all! If you can grab some screenshots of the right click menu and the opened file menu in Admin to send along with the case I'm sure that'd be helpful for them to start out with.
A zipped up JAMFSoftwareServer.log wouldn't hurt either, just in case something is kicking back errors in there.
It may also be helpful to include a link to this thread for them as well, so they can see what we've checked on already.
Amanda Wulff
JAMF Software Support
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-19-2014 12:47 PM
@amanda.wulff
Already done. Thanks!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-19-2014 01:07 PM
@amanda.wulff
What about .pkg.zip files? Should they have checksums? That is the filetype for me that is not showing a checksum?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-19-2014 01:09 PM
I just stumbled across this post today, and I'm seeing the same issue with some of my packages. In fact, the packages that have as a checksum:
md5:,/Volumes/<blah,blah>
I'm not given the opportunity to generate a checksum when right-clicking the files. I'm in the same boat: same version of Casper Imaging (9.32), admin with full privileges, and so on.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-19-2014 02:04 PM
That would be D-006777.
When a distribution point hasn't been migrated yet, we see this happen even if Package Validation is set to Never.
Those packages likely will not install either when pushed out by the JSS and you'll see a "could not verify package" error in the policy log.
The only way, currently, to get around D-006777 is to hit the Migrate button in Casper Admin.
I do have a slightly longer write up on that one over in this thread: https://jamfnation.jamfsoftware.com/discussion.html?id=10800
Amanda Wulff
JAMF Software Support
