This is a release candidate of Munki 5.7, a feature-add and bug-fix release of the Munki tools.
Known issues
- Munki cannot yet do major OS upgrades on Apple silicon Macs.
- Managed Software Center has a visual issue under Catalina and earlier: a thin separator line appears between the "title bar" and "content" areas of the window. (This is not an issue new to this release. I am not actively working on this issue; this would be an excellent opportunity for someone to contribute a fix.)
Bug fixes
- A fix for an issue where clicking on a Notification Center notification would not reliably launch Managed Software Center.app in some configurations. This change may require some additional admin effort -- see "Notification Center changes" below for details
- A fix for an issue where an "aggressive/obnoxious" notification triggered when there was another application in full screen mode might result in all interaction being blocked. See #1108 for more details on the issue.
- This version includes a fix for a crashing issue when using client certs on macOS Mojave (and probably earlier) that occurred in 5.7 beta 2 (and probably beta 1)
- This version includes a fix for a "Segmentation fault" issue in 5.7 Beta 1 on macOS 10.14 and earlier
- Included Python version has been changed to 3.9.13 (down from 3.10.4 in earlier betas) to address an upgrade issue detailed here: #1136
Changes
- PyObjC version has been bumped to 8.5
- Included Python version is now 3.9.13
- This version has a more "lightweight" PyObjC install than did Munki 5.6.x and earlier. If you are using munki-python with your own scripts, you should test them thoroughly against this release candidate, and consider using a non-Munki python for your non-Munki uses.
- A new option (
-A) tomake_munki_mpkg.shtrigger amanagedsoftwareupdate --autorun immediately after install. This is intended for use with a DEP/ADE-style enrollment where the user creates their account in the Setup Assistant. Once the Setup Assistant exits, the user is automatically logged into their newly-created account, skipping any chance for Munki to bootstrap at the loginwindow. Using this option will cause Munki to do an automatic run in the background immediately. Use with care. - Removed the
-moption tomake_munki_mpkg.sh: the package generated should work in both DEP/ADM install scenarios and other installation scenarios.
Notification Center changes
- Notification Center notifications are posted by the munki-notifier.app, which is a helper app included inside the Managed Software Center application. Prior to Munki 5.7, it used a "clever" but unsupported technique to "spoof" the bundle identifier of Managed Software Center.app (
com.googlecode.munki.ManagedSoftwareCenter). This technique caused Notification Center to display MSC.app's icon in the notifications, and to attempt to launch MSC.app (instead of munki-notifier) when a notification was clicked on. - For reasons not entirely understood yet (though I have some theories), this spoofing technique failed in some configurations, with
usernotifydcomplaining that it could not "...find appropriate application to launch for com.googlecode.munki.ManagedSoftwareCenter..." and therefore failing to launch MSC.app. - This issue seemed to affect Apple silicon Macs 100% of the time. I suspect it has to do with the fact that all code must be signed on Apple silicon (by default Munki's code is "ad-hoc" signed on Apple silicon), and that the signature of the real MSC.app does not match the signature of munki-notifier. This might explain the failure for some people even on Intel -- perhaps they were signing the GUI apps.
- The problem can be avoided by abandoning the bundle identifier "spoofing" technique and letting a click on a notification just (re-)launch munki-notifier, which in turn can launch MSC.app. We can make munki-notifier look like MSC.app when posting notifications by giving it the same icon as MSC.app and using localized display names to cause it to display the same name as MSC.app. From a user's point-of-view, it still looks like the notifications are coming from MSC.app. But from Notification Center's perspective, the notifications are coming from munki-notifier, which has a bundle identifier of
com.googlecode.munki.munki-notifier. - Machines that ran releases of Munki prior to 5.7 will now likely have two entries for "Managed Software Center" in the Notification Center preferences pane. One would be the "old" one for the
com.googlecode.munki.ManagedSoftwareCenterbundle identifier; the other will be the new one for munki-notifier's actualcom.googlecode.munki.munki-notifierbundle identifier. - Administrator task: If you are currently installing a configuration profile to ensure Managed Software Center notifications are being allowed/delivered, you'll need to update that profile (or add a new one) to allow notifications from munki-notifier (bundle identifier
com.googlecode.munki.munki-notifier). If you do not install a profile, your users (running Catalina and above) will get a new notification asking if they want to allow "Managed Software Center" to send them notifications. Assume that many will say no. - Administrator task: If you "re-brand" Managed Software Center, you'll need to make changes to the munki-notifier app as well, since it now shares an icon and localized display names with Managed Software Center. Tools like munki-rebrand (https://github.com/ox-it/munki-rebrand) will need to be updated.
Other changes
A complete list of changes is here:
v5.6.4...v5.7.0RC1
Build info
The GUI apps and the Python framework were built under Xcode 13.3.1 on macOS 12.3.1. Earlier versions of Xcode have not been tested and may or may not have issues.
Package versioning
- metapackage version: 5.7.0.4424
- munki core tools version: 5.7.0.4423
- LaunchAgents/LaunchDaemons version: 3.0.3265
- Apps package version: 5.6.0.4423
- Python package version: 3.9.13.4424
Attachment info
munkitools-5.7.0.4424.pkg is a package that should install without requiring a restart unless upgrading from an extremely old Munki tools (like one of the 3.x releases or earlier). It should be suitable for most initial deployment scenarios, including those driven by DEP/ADE.