Holiday Deals for Mac Admins

Several apps on the iOS App Store and Mac App Store have dropped prices for the holidays:

Also, my book “Packaging for Apple Administrators” is on sale for 20% less! Go get it and read it over the break!

The following apps are not necessarily just for admins I but I use and enjoy them all regularly:

  • TweetBot is simply the best Twitter client. Both iOS and Mac versions are on sale until Christmas Day
  • Deliveries is the best package tracker and will sync packages tracked between the Mac and iOS versions. Both iOS and Mac versions are on sale
  • Mini Metro is a fun puzzler where you have to build and maintain an insanely fast growing urban metro system.

Merry Christmas!

Book Presentation at Dutch MacAdmin Meetup

I will be presenting my book at the MacAdmin meetup/ontmoeting in Schiedam (Netherlands) next week. The presentation will be on my first book “Packaging for Apple Administrators” with a sneak peek in to future projects.

The meet up will be on Tuesday, Dec 20, 13:30-16:30. LAI has been kind enough to host it at their offices.

My presentation will only be a small part of the meeting, there will also be a discussion on Active Directory and NoMAD and maybe some other presentations.

It’ll be great to see you all there!

Packaging Book on Sale and other Deals for Apple Admins

Remember that my book “Packaging for Apple Administrators” is on sale until Cybermonday! 20% off!

I have gathered a few other interesting Black Friday Sales for Admins:

  • HumbleBundle Books Unix is an amazing bundle of 15 O’Reilly books for Unix. Many of these books are also extremely useful for macOS administrators
  • VMware sale: VMware products, including VMware Fusion Pro are 40% off
  • Parallels Black Friday Bundle: Parallels is offering an interesting bundle of applications along with a license of their virtualisation software
  • Edovia Screens VNC for iOS and for Mac are 50% off
  • Deliveries Package Tracker for iOS and for Mac has reduced price as well

Thanksgiving-Black-Friday-Cybermonday Sale!

“Packaging for Apple Administrators” is on Sale until Cyber Monday!

Get 20% off!

Here in Europe we call the upcoming week-end the… uh… last week-end in November.

However, Americans have this wonderful week-end of commercial frenzy ahead. So I decided to give everyone who has been considering buying the book, but is still reluctant, a friendly nudge. And even though Thanksgiving-Black-Friday-Cybermonday is a US thing, my sale is in all the countries where my book is available!

Go and get the book on the iBook Store!

 

Prepare for autopkg Recipe auditing

Note: I am working on my next book ‘Automated Packaging for Apple Adminstrators’ and will cover this and other new features of autopkg v1.0 more in depth there. To pass the time until that book is published, get prepared with ‘Packaging for Apple Administrators’

A release candidate for autopkg v1.0 was released yesterday. As the version number implies, this is a big and important one.

Among a few other features, this release adds a new verb audit which checks a recipe and its parents for certain features which may have security implications. From the release notes:

New audit verb, used to output helpful information about any recipes that:

  • Are missing a CodeSignatureVerifier step
  • Use non-HTTP URLs for downloads
  • Supply their own processors and thus will run code not provided by AutoPkg itself
  • Use processors that may potentially be modifying the original software downloaded from the vendor

If you are hosting and sharing recipes, then there are a few steps you need to do to prepare for the release.

Once you have downloaded and installed the release candidate on your test machine, you can audit a recipe:

$ autopkg audit VMwareHorizonClient.download
    File path:        ./VMwareHorizonClient/VMwareHorizonClient.download.recipe
    Missing CodeSignatureVerifier

You can run audit against your entire repository with the find command:

$ cd ~/Library/AutoPkg/RecipeRepos/com.github.autopkg.scriptingosx-recipes/
$ find . -name '*.recipe' -exec autopkg audit {} ';' | open -f

This command pipes the output into TextEdit so you can review it better. You can of course pipe it into a file ( > audit.txt ) or your preferred text editor.

Then you have to work your way through the warnings.

Before you start working on fixes, you want to branch your repository, because some of the updated recipes may not work with older versions. You do not want to break your recipes until the final version of autopkg 1.0 is released. Remember to update the MinimumVersion value in your recipes.

There may be good reasons that you cannot fix all warnings. For example, there are a few products in my repository that aren’t signed by the developer, so I cannot add a CodeSignatureVerifier step.

I am not yet finished, but you can check out my branched recipe repository with the changes.

Here are a few notes as to what you may need to do:

Code Signature Verifier

Missing CodeSignatureVerifier

If the product you download is signed, you need to add a CodeSignatureVerifier Process to the download recipe. Read about this here: Using Code Signature Verification

Modifying Processors

The following processors make modifications and their use in this recipe should be more closely inspected:
        PkgCreator
        Copier

This warns of recipe processor that can change the content of what is downloaded. Of course in most cases this is intentional by the recipe author. However, the audit is merely warning you as a recipe user that you need to verify what is happening here.

As an author, you need to check if you can replace the common sequence of PkgRootCreator, Copier, PkgCreator with the new AppPkgCreator processor. This will not always be possible, but if you can this audit warning will go away (because AppPkgCreator does not change the content).

Insecure http URLs

    The following http URLs were found in the recipe:
        Input:
            DOWNLOAD_URL: http://download.ap.bittorrent.com/track/stable/endpoint/utmac/os/osx

Check if the software provider has secure https URLs instead.

Non standard Processors

    The following processors are non-core and can execute arbitrary code, performing any action.
    Be sure you understand what the processor does and/or you trust its source:
        Python3URLProvider

You will get this warning every time a recipe uses a Processor that is not part of the core processors provided by autopkg. If you use a custom processor to parse an URL and the version out of a website, you should check wether you can use URLTextSearcher instead.