Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request: Verify checksum of installer #23

Closed
redshirtdave opened this issue Jun 16, 2017 · 4 comments
Closed

Feature Request: Verify checksum of installer #23

redshirtdave opened this issue Jun 16, 2017 · 4 comments
Assignees
@kc9wwh
Labels
enhancement
Milestone
v2.6.0

Comments

@redshirtdave
Copy link

Would a quick md5 checksum verification be useful? sha1 is a bit slower and might be unnecessary, but could be used instead.

Some code I quickly put together, which replaces version checking with md5 verification.

#Use Parameter 7 in the JSS. Get this value by running 'md5 /Applications/Install\ macOS\ Sierra.app/Contents/SharedSupport/InstallESD.dmg'
OSChecksum="$7"

##Check for existing Sierra installer and verify checksum
if [ -e "$OSInstaller" ]; then
  /bin/echo "$OSInstaller found, verifying checksum."
  OSChecksumVerify=`/sbin/md5 /Applications/Install\ macOS\ Sierra.app/Contents/SharedSupport/InstallESD.dmg | awk '{print $6}'`
  if [ $OSChecksum = $OSChecksumVerify ]; then
  		/bin/echo "Checksum passed."
    	downloadSierra="No"
  else
    downloadSierra="Yes"
    ##Delete old version.
    /bin/echo "Installer found, but invalid. Deleting..."
    /bin/rm -rf "$OSInstaller"
  fi
else
  /bin/echo "Installer not found, will download."
  downloadSierra="Yes"
fi
@kc9wwh
Copy link
Owner

kc9wwh commented Jul 21, 2017

Hey @redshirtdave,

So after some discussion and contemplation over this I don't believe this is something I'd add due to added complexity on the admin part and that the jamf binary should already be handling the checksum for this when the package is installed/cached.

But I am willing to re-consider. If folks want to "up vote" for this feature, just reply to this thread and if there is enough I will work on adding it.

@patgmac
Copy link

patgmac commented Aug 11, 2017

@kc9wwh Jamf is not always the one doing the caching. It's now looking for an existing installer (presumably from Apple) and checking the version, if it matches the version from $4, it continues.

I don't think adding this would be a bad idea. Could even make it optional by checking for the existence of $7, if that's populated, check the checksum.

@redshirtdave
Copy link
Author

@patgmac yeah that was my exact reasoning for the check. i'm not terribly fussed

@Hacksore
Copy link

Hacksore commented Feb 5, 2018

+1

I think this is a great feature to have and like @patgmac said it can be optional by default.

@kc9wwh kc9wwh added this to the v2.6.0 milestone Apr 27, 2018
@kc9wwh kc9wwh self-assigned this Apr 27, 2018
kc9wwh pushed a commit that referenced this issue Apr 27, 2018
#23
db83aa4
@kc9wwh kc9wwh closed this as completed Apr 27, 2018
@kc9wwh kc9wwh mentioned this issue Apr 30, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kc9wwh kc9wwh

Labels
enhancement
Projects
None yet
Milestone
v2.6.0
Development

No branches or pull requests
4 participants
@patgmac @Hacksore @redshirtdave @kc9wwh