From c7b125e4c374a9b4cc4dc99aa1b8a95f918556b4 Mon Sep 17 00:00:00 2001 From: Elliot Jordan Date: Sun, 27 Jun 2021 14:24:47 -0700 Subject: [PATCH 1/9] Look for recipes in the "recipes" key of a plist https://github.com/autopkg/autopkg/wiki/Running-Multiple-Recipes --- pre_commit_hooks/check_autopkg_recipe_list.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pre_commit_hooks/check_autopkg_recipe_list.py b/pre_commit_hooks/check_autopkg_recipe_list.py index 048994a..753e90b 100755 --- a/pre_commit_hooks/check_autopkg_recipe_list.py +++ b/pre_commit_hooks/check_autopkg_recipe_list.py @@ -46,7 +46,7 @@ def main(argv=None): elif filename.endswith(".plist"): try: with open(filename, "rb") as openfile: - recipe_list = plistlib.load(openfile) + recipe_list = plistlib.load(openfile).get("recipes") except (ExpatError, ValueError) as err: print("{}: plist parsing error: {}".format(filename, err)) retval = 1 From 2bca13f4a08887b9647940f7dcb62314b999757f Mon Sep 17 00:00:00 2001 From: Elliot Jordan Date: Sun, 27 Jun 2021 14:24:58 -0700 Subject: [PATCH 2/9] Comment on YAML and JSON recipe lists --- pre_commit_hooks/check_autopkg_recipe_list.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pre_commit_hooks/check_autopkg_recipe_list.py b/pre_commit_hooks/check_autopkg_recipe_list.py index 753e90b..b3b6236 100755 --- a/pre_commit_hooks/check_autopkg_recipe_list.py +++ b/pre_commit_hooks/check_autopkg_recipe_list.py @@ -51,6 +51,8 @@ def main(argv=None): print("{}: plist parsing error: {}".format(filename, err)) retval = 1 elif filename.endswith((".yaml", ".yml")): + # AutoPkg does not support YAML recipe lists, but AutoPkg users + # may have developed custom tooling for this. try: with open(filename, "r") as openfile: recipe_list = yaml.load(openfile) @@ -58,6 +60,8 @@ def main(argv=None): print("{}: yaml parsing error: {}".format(filename, err)) retval = 1 elif filename.endswith(".json"): + # AutoPkg does not support JSON recipe lists, but AutoPkg users + # may have developed custom tooling for this. try: with open(filename, "r") as openfile: recipe_list = json.load(openfile) From 37e528b319664a09750b96c0b592635c3eb04b67 Mon Sep 17 00:00:00 2001 From: Elliot Jordan Date: Sat, 20 Nov 2021 15:21:22 -0800 Subject: [PATCH 3/9] Add BrewCaskInfoProvider as a deprecated processor --- pre_commit_hooks/check_autopkg_recipes.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pre_commit_hooks/check_autopkg_recipes.py b/pre_commit_hooks/check_autopkg_recipes.py index 7883231..080d587 100755 --- a/pre_commit_hooks/check_autopkg_recipes.py +++ b/pre_commit_hooks/check_autopkg_recipes.py @@ -246,7 +246,7 @@ def validate_no_deprecated_procs(process, filename): """Warn if any deprecated processors are used.""" # Processors that have been deprecated. - deprecated_procs = ("CURLDownloader",) + deprecated_procs = ("CURLDownloader", "BrewCaskInfoProvider") passed = True for proc in process: From e5c0b1eb91f17617b1dee62f64f18bbcb4b7177c Mon Sep 17 00:00:00 2001 From: Elliot Jordan Date: Sat, 20 Nov 2021 15:21:38 -0800 Subject: [PATCH 4/9] Update change log --- CHANGELOG.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4105dfa..1eb56dd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,12 @@ All notable changes to this project will be documented in this file. This project adheres to [Semantic Versioning](http://semver.org/). +## [1.10.2] - 2021-11-20 + +### Added +- `BrewCaskInfoProvider` has been added to the list of deprecated AutoPkg processors. +- More output when `check-git-config-email` fails. + ## [1.10.1] - 2021-02-21 ### Added @@ -227,7 +233,10 @@ All notable changes to this project will be documented in this file. This projec - Initial release -[Unreleased]: https://github.com/homebysix/pre-commit-macadmin/compare/v1.8.2...HEAD +[Unreleased]: https://github.com/homebysix/pre-commit-macadmin/compare/v1.10.2...HEAD +[1.10.2]: https://github.com/homebysix/pre-commit-macadmin/compare/v1.10.1...v1.10.2 +[1.10.1]: https://github.com/homebysix/pre-commit-macadmin/compare/v1.9.0...v1.10.1 +[1.9.0]: https://github.com/homebysix/pre-commit-macadmin/compare/v1.8.2...v1.9.0 [1.8.2]: https://github.com/homebysix/pre-commit-macadmin/compare/v1.8.1...v1.8.2 [1.8.1]: https://github.com/homebysix/pre-commit-macadmin/compare/v1.8.0...v1.8.1 [1.8.0]: https://github.com/homebysix/pre-commit-macadmin/compare/v1.7.0...v1.8.0 From d65b57ddad5e72a282283eccaf378c62a1e69fe5 Mon Sep 17 00:00:00 2001 From: Elliot Jordan Date: Sat, 20 Nov 2021 15:26:11 -0800 Subject: [PATCH 5/9] Add JamfUploader processor conventions --- CHANGELOG.md | 1 + pre_commit_hooks/check_autopkg_recipes.py | 15 +++++++++++++++ 2 files changed, 16 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1eb56dd..bce45ef 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ All notable changes to this project will be documented in this file. This projec ### Added - `BrewCaskInfoProvider` has been added to the list of deprecated AutoPkg processors. - More output when `check-git-config-email` fails. +- Added processor type conventions for [JamfUploader](https://grahamrpugh.com/2020/12/14/introducing-jamf-upload.html) (`.jamf`) family of recipes. ## [1.10.1] - 2021-02-21 diff --git a/pre_commit_hooks/check_autopkg_recipes.py b/pre_commit_hooks/check_autopkg_recipes.py index 080d587..5c725b8 100755 --- a/pre_commit_hooks/check_autopkg_recipes.py +++ b/pre_commit_hooks/check_autopkg_recipes.py @@ -354,7 +354,22 @@ def validate_proc_type_conventions(process, filename): ], "pkg": ["AppPkgCreator", "PkgCreator"], "install": ["InstallFromDMG", "Installer"], + # https://github.com/jssimporter/JSSImporter "jss": ["JSSImporter"], + # https://github.com/grahampugh/jamf-upload + "jamf": [ + "com.github.grahampugh.jamf-upload.processors/JamfCategoryUploader", + "com.github.grahampugh.jamf-upload.processors/JamfComputerGroupUploader", + "com.github.grahampugh.jamf-upload.processors/JamfComputerProfileUploader", + "com.github.grahampugh.jamf-upload.processors/JamfExtensionAttributeUploader", + "com.github.grahampugh.jamf-upload.processors/JamfPackageUploader", + "com.github.grahampugh.jamf-upload.processors/JamfPolicyDeleter", + "com.github.grahampugh.jamf-upload.processors/JamfPolicyUploader", + "com.github.grahampugh.jamf-upload.processors/JamfScriptUploader", + "com.github.grahampugh.jamf-upload.processors/JamfSoftwareRestrictionUploader", + "com.github.grahampugh.jamf-upload.processors/JamfUploaderSlacker", + ], + # https://github.com/autopkg/filewave "filewave": ["FileWaveImporter"], } From 3e5c5b6bb9758f3467ee599d79c5e7ad4b886faf Mon Sep 17 00:00:00 2001 From: Elliot Jordan Date: Sat, 20 Nov 2021 15:32:23 -0800 Subject: [PATCH 6/9] Add PkgSigner and GPGSignatureVerifier conventions --- CHANGELOG.md | 4 ++-- pre_commit_hooks/check_autopkg_recipes.py | 7 +++++++ 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index bce45ef..5ef5cb9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,12 +2,12 @@ All notable changes to this project will be documented in this file. This project adheres to [Semantic Versioning](http://semver.org/). -## [1.10.2] - 2021-11-20 +## [1.11.0] - 2021-11-20 ### Added +- Added processor type conventions for [JamfUploader](https://grahamrpugh.com/2020/12/14/introducing-jamf-upload.html) (`.jamf`), [PkgSigner](https://derflounder.wordpress.com/2021/07/30/signing-autopkg-built-packages-using-a-sign-recipe/) (`.sign`), and [GPGSignatureVerifier](https://github.com/autopkg/gerardkok-recipes/blob/master/SharedProcessors/GPGSignatureVerifier.py) (`.verify`) families of recipes. - `BrewCaskInfoProvider` has been added to the list of deprecated AutoPkg processors. - More output when `check-git-config-email` fails. -- Added processor type conventions for [JamfUploader](https://grahamrpugh.com/2020/12/14/introducing-jamf-upload.html) (`.jamf`) family of recipes. ## [1.10.1] - 2021-02-21 diff --git a/pre_commit_hooks/check_autopkg_recipes.py b/pre_commit_hooks/check_autopkg_recipes.py index 5c725b8..e023bc0 100755 --- a/pre_commit_hooks/check_autopkg_recipes.py +++ b/pre_commit_hooks/check_autopkg_recipes.py @@ -401,8 +401,15 @@ def validate_required_proc_for_types(process, filename): "munki": ["MunkiImporter"], "pkg": ["AppPkgCreator", "PkgCreator", "PkgCopier"], "install": ["InstallFromDMG", "Installer"], + # https://github.com/jssimporter/JSSImporter "jss": ["JSSImporter"], + # https://github.com/autopkg/filewave "filewave": ["com.github.autopkg.filewave.FWTool/FileWaveImporter"], + # https://derflounder.wordpress.com/2021/07/30/signing-autopkg-built-packages-using-a-sign-recipe/ + "sign": ["com.github.rtrouton.SharedProcessors/PkgSigner"], + "verify": [ + "com.github.autopkg.gerardkok-recipes.SharedProcessors/GPGSignatureVerifier" + ], } passed = True From b49760b7510ae309c2c3f15f36c2fb23ae484c39 Mon Sep 17 00:00:00 2001 From: Elliot Jordan Date: Sat, 20 Nov 2021 15:32:30 -0800 Subject: [PATCH 7/9] Bump version --- README.md | 8 ++++---- setup.py | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 58ac611..e8aba14 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ For any hook in this repo you wish to use, add the following to your pre-commit ```yaml - repo: https://github.com/homebysix/pre-commit-macadmin - rev: v1.10.1 + rev: v1.11.0 hooks: - id: check-plists # - id: ... @@ -121,7 +121,7 @@ When combining arguments that take lists (for example: `--required-keys`, `--cat ```yaml - repo: https://github.com/homebysix/pre-commit-macadmin - rev: v1.10.1 + rev: v1.11.0 hooks: - id: check-munki-pkgsinfo args: ['--catalogs', 'testing', 'stable', '--'] @@ -131,7 +131,7 @@ But if you also use the `--categories` argument, you would move the trailing `-- ```yaml - repo: https://github.com/homebysix/pre-commit-macadmin - rev: v1.10.1 + rev: v1.11.0 hooks: - id: check-munki-pkgsinfo args: ['--catalogs', 'testing', 'stable', '--categories', 'Design', 'Engineering', 'Web Browsers', '--'] @@ -143,7 +143,7 @@ If it looks better to your eye, feel free to use a multi-line list for long argu ```yaml - repo: https://github.com/homebysix/pre-commit-macadmin - rev: v1.10.1 + rev: v1.11.0 hooks: - id: check-munki-pkgsinfo args: [ diff --git a/setup.py b/setup.py index 880ea58..d2a6ab0 100755 --- a/setup.py +++ b/setup.py @@ -7,7 +7,7 @@ name="pre-commit-macadmin", description="Pre-commit hooks for Mac admins, client engineers, and IT consultants.", url="https://github.com/homebysix/pre-commit-macadmin", - version="1.10.1", + version="1.11.0", author="Elliot Jordan", author_email="elliot@elliotjordan.com", packages=["pre_commit_hooks"], From ae22f0de19ef4e5a418a8f0b439633ac6ac1a58e Mon Sep 17 00:00:00 2001 From: Elliot Jordan Date: Sat, 20 Nov 2021 15:37:22 -0800 Subject: [PATCH 8/9] Markdown linting --- CHANGELOG.md | 72 ++++++++++++++++++++++++++++++++++------------------ 1 file changed, 48 insertions(+), 24 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5ef5cb9..1c286e6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,9 +2,18 @@ All notable changes to this project will be documented in this file. This project adheres to [Semantic Versioning](http://semver.org/). + + ## [1.11.0] - 2021-11-20 ### Added + - Added processor type conventions for [JamfUploader](https://grahamrpugh.com/2020/12/14/introducing-jamf-upload.html) (`.jamf`), [PkgSigner](https://derflounder.wordpress.com/2021/07/30/signing-autopkg-built-packages-using-a-sign-recipe/) (`.sign`), and [GPGSignatureVerifier](https://github.com/autopkg/gerardkok-recipes/blob/master/SharedProcessors/GPGSignatureVerifier.py) (`.verify`) families of recipes. - `BrewCaskInfoProvider` has been added to the list of deprecated AutoPkg processors. - More output when `check-git-config-email` fails. @@ -12,228 +21,243 @@ All notable changes to this project will be documented in this file. This projec ## [1.10.1] - 2021-02-21 ### Added + - In anticipation of AutoPkg 2.3, now supports checking YAML recipes (must have extension `.recipe.yaml`). - In anticipation of AutoPkg 2.3, supports additional AutoPkg plist extension `.recipe.plist`. - Supports JSON AutoPkg recipes (must have extension `.recipe.json`). NOTE: AutoPkg itself does not yet support JSON recipes. - Built placeholder for checking for unused AutoPkg recipe input variables in the future. Check is disabled for now. ### Fixed + - Fixed a bug preventing display of AutoPkg recipe path and identifier if duplicate identifier is found in the repo. ## [1.9.0] - 2021-01-18 ### Added + - Added check for any unexpected processor arguments in any AutoPkg processor. ### Removed + - CodeSignatureVerifier processor argument verification (added in v1.8.2) has been replaced by the above. ## [1.8.2] - 2021-01-18 ### Added + - Added check for unexpected processor arguments in CodeSignatureVerifier. ### Changed + - Renamed default branch to `main`. ## [1.8.1] - 2020-12-08 ### Removed + - Removed warning about setting MinimumVersion of AutoPkg recipes to 2.0+. - Reverted 1.4 minimum version requirement for processors that use URLGetter (introduced in 1.7.0). - ## [1.8.0] - 2020-10-08 ### Changed -- Replaced `plistlib.readPlist()` with `plistlib.load()` +- Replaced `plistlib.readPlist()` with `plistlib.load()` ## [1.7.0] - 2020-10-06 ### Added + - Added pre-commit-macadmin change log (this file) - Ensure no superclass processors (e.g. URLGetter) are used, as these are intended to be referred to by other processors rather than directly used in recipes - Warn if setting a MinimumVersion greater than or equal to 2 in AutoPkg recipes, because some administrators may be running 1.4.1 and waiting for processor authors to add Python 3 compatibility - Validate `minimum_os_version` and `maximum_os_version` keys in Munki pkginfo files ### Changed + - Set MinimumVersion needed for [C]URL* processors to 1.4, to ensure utilization of URLGetter - Updated valid Munki script shebangs to include Munki embedded Python symlink and path - ## [1.6.2] - 2020-01-20 ### Fixed -- Added missing sys module for Python version determination +- Added missing sys module for Python version determination ## [1.6.1] - 2019-12-26 ### Fixed -- Convert subprocess output to string +- Convert subprocess output to string ## [1.6.0] - 2019-12-26 ### Added + - Validate possible values of RestartAction key in Munki pkginfo - New hook to check Git user email configuration (`git config user.email`) - ## [1.5.2] - 2019-11-26 ### Fixed + - Removed redundant EndOfCheckPhase check - Added URLGetter minimum version (although we should never need this since URLGetter is not meant to be called directly) - ## [1.5.1] - 2019-09-21 ### Added -- Checking for downloader processors without EndOfCheckPhase +- Checking for downloader processors without EndOfCheckPhase ## [1.5.0] - 2019-09-17 ### Added + - Warn if using deprecated AutoPkg processors (only one exists now: CURLDownloader) - Allow specifying multiple acceptable recipe prefixes ### Fixed -- Updated minimum AutoPkg versions required for processors to only include significant digits for LooseVersion comparison +- Updated minimum AutoPkg versions required for processors to only include significant digits for LooseVersion comparison ## [1.4.0] - 2019-08-22 ### Added + - Detect and warn on AutoPkg recipe identifier duplication - Warn if any Munki pkginfo script is missing a shebang - ## [1.3.0] - 2019-07-03 ### Added + - `--strict` mode for check-autopkg-recipes hook, along with numerous conventions that it can validate - Catch identifier loops, where recipe and its parent have the same identifier ### Fixed + - Better handling of unicode - Fixed warning output when recipe list is invalid - Fixed shared FileWaveImporter processor identifier ### Changed + - Handle recipe lists that have prefixes - Allow pkg recipes with no process (stubs for software already in pkg format at time of download) - ## [1.2.1] - 2019-06-28 ### Added + - Better parsing of MunkiPkg build-info files, and validation of keys - Better handle processors with missing Processor keys - Warn if MunkiPkg project target disk is not the startup disk - Validate required keys in MunkiPkg build-info files - Validate bundle identifier in MunkiPkg build-info files - ## [1.2.0] - 2019-06-27 ### Added + - Checking AutoPkg recipe processors for missing Processor key - Validation of EndOfCheckPhase placement within download recipes ### Changed + - Created shared function for checking required keys for pkginfo files and AutoPkg recipes - No longer requiring an Input key for AutoPkg recipes - ## [1.1.4] - 2019-06-24 ### Changed -- Skip processor checks for AutoPkg recipes without a Process +- Skip processor checks for AutoPkg recipes without a Process ## [1.1.3] - 2019-06-24 ### Added + - Added `--ignore-min-vers-before` argument to check-autopkg-recipes hook - Added checking for `%NAME%.app` in check-autopkg-recipes hook - ## [1.1.2] - 2019-06-22 ### Added + - Added validation of AutoPkg recipe MinimumVersion in check-autopkg-recipes hook ### Changed -- Fail early and stop processing files that don't parse +- Fail early and stop processing files that don't parse ## [1.1.1] - 2019-06-13 ### Fixed -- Fixed issue that returned wrong pass/fail result for check-munki-pkgsinfo and check-autopkg-recipes hooks +- Fixed issue that returned wrong pass/fail result for check-munki-pkgsinfo and check-autopkg-recipes hooks ## [1.1.0] - 2019-06-13 ### Added + - Added a note about combining list arguments in yaml config - Added note about multi-line list args - Ensure no trailing slashes on items_to_copy in check-munki-pkgsinfo ### Changed + - Specified which yaml loader to use - Removed zip as an package extension ### Fixed -- Fixed issue that caused incorrect pass/fail for check-munki-pkgsinfo and check-autopkg-recipes hooks +- Fixed issue that caused incorrect pass/fail for check-munki-pkgsinfo and check-autopkg-recipes hooks ## [1.0.5] - 2019-03-15 ### Added -- Added args documentation to read me +- Added args documentation to read me ## [1.0.4] - 2019-03-14 ### Added -- Added check for approved catalogs +- Added check for approved catalogs ## [1.0.3] - 2019-03-13 ### Fixed -- Fixed variable capitalization +- Fixed variable capitalization ## [1.0.2] - 2019-03-13 ### Added + - Enabled basic type checking for pkginfo dicts ### Changed + - Adjusted required keys in check-munki-pkgsinfo to include name and description by default - Temporarily skipping top level plist type (dict) checking - ## [1.0.1] - 2019-03-03 ### Added + - Added forbid-autopkg-trust-info hook - Added check for recipe prefix enforcement ### Fixed -- Fixed bug in check-autopkg-recipes hook +- Fixed bug in check-autopkg-recipes hook ## 1.0.0 - 2019-03-01 - Initial release - [Unreleased]: https://github.com/homebysix/pre-commit-macadmin/compare/v1.10.2...HEAD [1.10.2]: https://github.com/homebysix/pre-commit-macadmin/compare/v1.10.1...v1.10.2 [1.10.1]: https://github.com/homebysix/pre-commit-macadmin/compare/v1.9.0...v1.10.1 From 696474d11284bb0a12b876ea597ca7aa9db1a6bc Mon Sep 17 00:00:00 2001 From: Elliot Jordan Date: Sat, 20 Nov 2021 15:38:35 -0800 Subject: [PATCH 9/9] Add unreleased section and update diff links --- CHANGELOG.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1c286e6..e07df90 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,10 @@ All notable changes to this project will be documented in this file. This projec } --> +## [Unreleased] + +Nothing yet. + ## [1.11.0] - 2021-11-20 ### Added @@ -258,8 +262,8 @@ All notable changes to this project will be documented in this file. This projec - Initial release -[Unreleased]: https://github.com/homebysix/pre-commit-macadmin/compare/v1.10.2...HEAD -[1.10.2]: https://github.com/homebysix/pre-commit-macadmin/compare/v1.10.1...v1.10.2 +[Unreleased]: https://github.com/homebysix/pre-commit-macadmin/compare/v1.11.0...HEAD +[1.11.0]: https://github.com/homebysix/pre-commit-macadmin/compare/v1.10.1...v1.11.0 [1.10.1]: https://github.com/homebysix/pre-commit-macadmin/compare/v1.9.0...v1.10.1 [1.9.0]: https://github.com/homebysix/pre-commit-macadmin/compare/v1.8.2...v1.9.0 [1.8.2]: https://github.com/homebysix/pre-commit-macadmin/compare/v1.8.1...v1.8.2