Verify package integrity - "package could not be verified"

J_Morgan
New Contributor III

So I've created a new package using Jamf Pro web GUI, pointed it to a newly uploaded file on repository, and tried to deploy, but all installs are failing because the "package could not be verified".

 

Never had this issue with Jamf Admin...just sayin'

 

Jim

1 ACCEPTED SOLUTION

I only meant when you have a new package to deploy, create a new entry for it in the Jamf->Computer Management -> Packages section, instead of updating an existing package definition entry there.  That seems to solve the recent issue of invalid checksums (an issue Jamf Admin used to handle for us!).  After you create your new entry, it is OK to update it afterwards (seems to be a 11.9 glitch with the removal of a "Ignore" setting in the verify packages sections of Computer Management -> Security settings).

View solution in original post

10 REPLIES 10

J_Morgan
New Contributor III

This is a .pkg installer I downloaded from our GoToAssist's customer portal, not some random or self-baked .pkg

 

Do we need to create our own packages using Composer and add our own developer certificate of authority (which we don't have) for Jamf to be able to use this package?

 

Jim

AJPinto
Honored Contributor III

Assuming the package runs fine locally, I would intercept the package that Jamf is deploying and inspect it. Packages cache to the Jamf waiting room on the device and will stay there for a few minutes. Grab the package before Jamf deletes it and look at the package with Suspicious Package and see if anything looks strange.

 

If the package does not run locally, then the package is bad.

 

As far as using composer, if you have Jamf Pro you do not need to sign in house packages. Jamf Pro does not use Apples MDM framework to deploy packages and does not care if they are signed. If you are using Jamf Now, that uses Apples MDM framework to deploy packages, and they do need to be signed.

SGill
Contributor III

We are seeing this now, too.  It started with the recent upgrade of jamf pro from 11.6 to 11.9.  Jamf has removed the option to ignore package verification now in Settings->Computer Management ->Package Validation, as well as having removed the app Jamf Admin in Jamf Pro 11.6.  Jamf Admin used to handle the verification for us, and now both options for bypassing this are seemingly gone....

Scarecrow8745
New Contributor

I'm just encountering this issue.

I'm currently running 'JAMF Sync' to calculate checksums.  Doesn't do anything for Verification Bypass that I'm aware of, looks like JAMF only allows the option of "If checksum present".

MattuSk
New Contributor

Got the same issues

SGill
Contributor III

Jamf support had me create new (not renamed or reused) package definitions for the latest pkgs in Jamf ...that seems to have resolved the trouble we were seeing...

njablonskinvcc
New Contributor

What do you mean by create new package definitions? Having this problem with a recently created pkg from Jamf Composer.

I only meant when you have a new package to deploy, create a new entry for it in the Jamf->Computer Management -> Packages section, instead of updating an existing package definition entry there.  That seems to solve the recent issue of invalid checksums (an issue Jamf Admin used to handle for us!).  After you create your new entry, it is OK to update it afterwards (seems to be a 11.9 glitch with the removal of a "Ignore" setting in the verify packages sections of Computer Management -> Security settings).

njablonskinvcc
New Contributor

Ahh ok. That makes total sense because I'm only having this issue with an updated package. My newly created entry from yesterday is working fine. Annoying they removed the option to ignore checksums entirely. Thanks for replying!

FutureFacinLuke
Contributor II

Added an FR requesting Jamf force a calculation of the checksum when a package is replaced.

Go upvote it so we can use one of the best timesavers switching to Jamf Cloud gave us.

https://ideas.jamf.com/ideas/JPRO-I-842