Suddenly many of my packages are failing due to an expired signature

msnowdon
Contributor

All of a sudden I’m seeing packages fail with the error: Certificate used to sign package is not trusted. Use -allowUntrusted to override. All happen to be Apple packages. Some of these were used just last week without a problem. All clients are running OS X 10.10.5

I found an article that supposedly fixes the package by using the pkgutil command: https://managingosx.wordpress.com/2012/03/24/fixing-packages-with-expired-signatures/

I just think it’s weird that this started happening all at once. Could something have expired that I’m not aware of? My Mac server’s Apple Push Notifications Certificate was just renewed but I wouldn’t think that would have anything to do with my packages on the Casper server. I only use it for imaging computers with Deploy Studio.

I don’t know if Apple changed something recently.

5 REPLIES 5

bpavlov
Honored Contributor

Exactly what it means. The packages are signed and the certificates expired. Open 1 of the packages and click on the little lock in the top right corner. That should give you information on the certificate.

Also if this is related to Apple installers, read this:
https://derflounder.wordpress.com/2016/02/15/certificate-expiration-and-downloaded-mac-app-store-ins...

jduvalmtb
Contributor

Ran into the same issue. I typically use the 2 policy method of 1) Cache and 2) Install Cache (both scoped to smart groups). I changed the Install Cache policy to not install the cached package as normal, but rather run this command:

installer -allowUntrusted -pkg /Library/Application Support/JAMF/Waiting Room/PagesUpdate-5.6.pkg -target /; rm /Library/Application Support/JAMF/Waiting Room/PagesUpdate-5.6.pkg; rm /Library/Application Support/JAMF/Waiting Room/PagesUpdate-5.6.pkg.cache.xml

works for the couple of packages affected by this until I update with the signed packages.

msnowdon
Contributor

@bpavlov , I checked the failing packages and sure enough they all happened to expire on Feb 14, 2016.

@jduvalmtb I do happen to use the caching method on some of the larger packages such as GarageBand & Xcode. Thanks for the suggestion.

Michael_Meyers
Contributor

I have been using Rich Troutman's system to download the Apple Apps from the Mac App Store. I experienced the same thing after the middle of February. I had to download the latest versions from the Mac App Store again, package them again, and it took care of the issue.

bpavlov
Honored Contributor

freudian slip?
Rich Troutman = der flounder = @rtrouton
;)