Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add CodeSignatureVerifier to Terraform Recipes #119

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Add CodeSignatureVerifier to Terraform Recipes #119

wants to merge 2 commits into from

Conversation

paul-cossey
Copy link
Contributor

Hi, @timsutton

The Current Recipes for Terraform do not check for a Code Signature on download. This PR adds in CodeSignatureVerifier to check the downloaded binary.

Additionally there is some de-tabbing on the download recipes, switching the unarchiving step to the download recipe, and PathDeleter added to the munki recipe.

Output from a successful -vv run

autopkg run -v Terraform.munki.recipe 
Looking for com.github.timsutton.pkg.Terraform...
Did not find com.github.timsutton.pkg.Terraform in recipe map
Rebuilding recipe map with current working directories...
Looking for com.github.timsutton.pkg.Terraform...
Found com.github.timsutton.pkg.Terraform in recipe map
Looking for com.github.timsutton.download.Terraform...
Found com.github.timsutton.download.Terraform in recipe map
**load_recipe time: 0.010180500015849248
Processing Terraform.munki.recipe...
WARNING: Terraform.munki.recipe is missing trust info and FAIL_RECIPES_WITHOUT_TRUST_INFO is not set. Proceeding...
io.github.hjuutilainen.SharedProcessors/HashiCorpURLProvider
HashiCorpURLProvider: Found URL https://releases.hashicorp.com/terraform/1.9.8/terraform_1.9.8_darwin_amd64.zip
URLDownloader
URLDownloader: Item at URL is unchanged.
URLDownloader: Using existing /Users/paul.cossey/Library/AutoPkg/Cache/com.github.timsutton.munki.Terraform/downloads/terraform_1.9.8_darwin_amd64.zip
EndOfCheckPhase
Unarchiver
Unarchiver: Guessed archive format 'zip' from filename terraform_1.9.8_darwin_amd64.zip
Unarchiver: Unarchived /Users/paul.cossey/Library/AutoPkg/Cache/com.github.timsutton.munki.Terraform/downloads/terraform_1.9.8_darwin_amd64.zip to /Users/paul.cossey/Library/AutoPkg/Cache/com.github.timsutton.munki.Terraform/pkgroot/usr/local/bin
CodeSignatureVerifier
CodeSignatureVerifier: Verifying code signature...
CodeSignatureVerifier: Deep verification enabled...
CodeSignatureVerifier: Strict verification disabled...
CodeSignatureVerifier: /Users/paul.cossey/Library/AutoPkg/Cache/com.github.timsutton.munki.Terraform/pkgroot/usr/local/bin/terraform: valid on disk
CodeSignatureVerifier: /Users/paul.cossey/Library/AutoPkg/Cache/com.github.timsutton.munki.Terraform/pkgroot/usr/local/bin/terraform: satisfies its Designated Requirement
CodeSignatureVerifier: /Users/paul.cossey/Library/AutoPkg/Cache/com.github.timsutton.munki.Terraform/pkgroot/usr/local/bin/terraform: explicit requirement satisfied
CodeSignatureVerifier: Signature is valid
PkgRootCreator
PkgRootCreator: Created /Users/paul.cossey/Library/AutoPkg/Cache/com.github.timsutton.munki.Terraform/pkgroot
PkgRootCreator: Created /Users/paul.cossey/Library/AutoPkg/Cache/com.github.timsutton.munki.Terraform/pkgroot/usr
PkgRootCreator: Created /Users/paul.cossey/Library/AutoPkg/Cache/com.github.timsutton.munki.Terraform/pkgroot/usr/local
PkgRootCreator: Created /Users/paul.cossey/Library/AutoPkg/Cache/com.github.timsutton.munki.Terraform/pkgroot/usr/local/bin
PkgCreator
PkgCreator: Connecting
PkgCreator: Sending packaging request
PkgCreator: Disconnecting
MunkiImporter
MunkiImporter: Using repo lib: AutoPkgLib
MunkiImporter:         plugin: FileRepo
MunkiImporter:           repo: /Users/Shared/munki_repo
MunkiImporter: Copied pkginfo to: /Users/Shared/munki_repo/pkgsinfo/apps/HashiCorp/Terraform/Terraform-1.9.8.plist
MunkiImporter:            pkg to: /Users/Shared/munki_repo/pkgs/apps/HashiCorp/Terraform/Terraform-1.9.8.pkg
PathDeleter
PathDeleter: Deleted /Users/paul.cossey/Library/AutoPkg/Cache/com.github.timsutton.munki.Terraform/pkgroot
Receipt written to /Users/paul.cossey/Library/AutoPkg/Cache/com.github.timsutton.munki.Terraform/receipts/Terraform.munki-receipt-20241126-165309.plist

The following packages were built:
    Identifier               Version  Pkg Path                                                                                           
    ----------               -------  --------                                                                                           
    com.hashicorp.Terraform  1.9.8    /Users/paul.cossey/Library/AutoPkg/Cache/com.github.timsutton.munki.Terraform/Terraform-1.9.8.pkg  

The following new items were imported into Munki:
    Name       Version  Catalogs  Pkginfo Path                                    Pkg Repo Path                                 Icon Repo Path  
    ----       -------  --------  ------------                                    -------------                                 --------------  
    Terraform  1.9.8    testing   apps/HashiCorp/Terraform/Terraform-1.9.8.plist  apps/HashiCorp/Terraform/Terraform-1.9.8.pkg

@paul-cossey
Add CodeSignatureVerifier to Terraform Recipes
6f689ae 
- Adds Steps for CodeSignatureVerifier to Terraform Recipes
@paul-cossey
Update Terraform.pkg.recipe
d72a4d1 
- Adds Unarchiver back to the pkg recipe, as the pkg wasn't built correctly without it.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@paul-cossey