Add my slack recipe to autopkg

[killahquam]

Please add my slack recipe to autopkg
https://github.com/killahquam/killahquam-recipes
Thanks

[arubdesu]

Hey Quam, great work! I'm not trying to sound picky, but (even though it passes plutil's checking and works) you've got a stray closing tag in your pkg recipe here. I'd also use their app identifier, com.tinyspeck.slackmacgap for the pkg, rather than just 'com.Slack'.
I'm also big on the codeSignatureVerification step being added to download recipes, but that's a somewhat contentious thing it seems. If you were interested, it's done like so, after an unarchiver step to place the binary in a downloads subfolder of the recipe cache dir:

<dict>
    <key>Processor</key>
    <string>CodeSignatureVerifier</string>
    <key>Arguments</key>
    <dict>
        <key>input_path</key>
        <string>%RECIPE_CACHE_DIR%/downloads/%NAME%.app</string>
        <key>requirement</key>
        <string>identifier "com.tinyspeck.slackmacgap" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = BQR82RBBHL</string>
    </dict>
</dict>

You could also disable it by default with a DISABLE_CODE_SIGNATURE_VERIFICATION boolean to give folks the option of whether they want it.

[arubdesu]

Hey Quam, great work! I'm not trying to sound picky, but (even though it passes plutil's checking and works) you've got a stray closing tag in your pkg recipe here. I'd also use their app identifier, com.tinyspeck.slackmacgap for the pkg, rather than just 'com.Slack'.
I'm also big on the codeSignatureVerification step being added to download recipes, but that's a somewhat contentious thing it seems. If you were interested, it's done like so, after an unarchiver step to place the binary in a downloads subfolder of the recipe cache dir:

<dict>
    <key>Processor</key>
    <string>CodeSignatureVerifier</string>
    <key>Arguments</key>
    <dict>
        <key>input_path</key>
        <string>%RECIPE_CACHE_DIR%/downloads/%NAME%.app</string>
        <key>requirement</key>
        <string>identifier "com.tinyspeck.slackmacgap" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = BQR82RBBHL</string>
    </dict>
</dict>

You could also disable it by default with a DISABLE_CODE_SIGNATURE_VERIFICATION boolean to give folks the option of whether they want it.

[killahquam]

Thanks Allister, I will look into it and make the needed changes.
Good feedback as always
Quam

On Monday, March 30, 2015, Allister Banks notifications@github.com wrote:

Hey Quam, great work! I'm not trying to sound picky, but (even though it
passes plutil's checking and works) you've got a stray closing tag in your
pkg recipe here
https://github.com/killahquam/killahquam-recipes/blob/master/Slack/Slack.pkg.recipe#L7.
I'd also use their app identifier, com.tinyspeck.slackmacgap for the pkg,
rather than just 'com.Slack
https://github.com/killahquam/killahquam-recipes/blob/master/Slack/Slack.pkg.recipe#L15'.

I'm also big on the codeSignatureVerification step being added to download
recipes, but that's a somewhat contentious thing it seems. If you were
interested, it's done like so, after an unarchiver step to place the binary
in a downloads subfolder of the recipe cache dir:

Processor CodeSignatureVerifier Arguments input_path %RECIPE_CACHE_DIR%/downloads/%NAME%.app requirement identifier "com.tinyspeck.slackmacgap" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /\* exists _/ and certificate leaf[field.1.2.840.113635.100.6.1.13] /_ exists */ and certificate leaf[subject.OU] = BQR82RBBHL

You could also disable it by default with a
DISABLE_CODE_SIGNATURE_VERIFICATION boolean to give folks the option of
whether they want it.

—
Reply to this email directly or view it on GitHub
#168 (comment).

[killahquam]

Thanks Allister, I will look into it and make the needed changes.
Good feedback as always
Quam

On Monday, March 30, 2015, Allister Banks notifications@github.com wrote:

Hey Quam, great work! I'm not trying to sound picky, but (even though it
passes plutil's checking and works) you've got a stray closing tag in your
pkg recipe here
https://github.com/killahquam/killahquam-recipes/blob/master/Slack/Slack.pkg.recipe#L7.
I'd also use their app identifier, com.tinyspeck.slackmacgap for the pkg,
rather than just 'com.Slack
https://github.com/killahquam/killahquam-recipes/blob/master/Slack/Slack.pkg.recipe#L15'.

I'm also big on the codeSignatureVerification step being added to download
recipes, but that's a somewhat contentious thing it seems. If you were
interested, it's done like so, after an unarchiver step to place the binary
in a downloads subfolder of the recipe cache dir:

Processor CodeSignatureVerifier Arguments input_path %RECIPE_CACHE_DIR%/downloads/%NAME%.app requirement identifier "com.tinyspeck.slackmacgap" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /\* exists _/ and certificate leaf[field.1.2.840.113635.100.6.1.13] /_ exists */ and certificate leaf[subject.OU] = BQR82RBBHL

You could also disable it by default with a
DISABLE_CODE_SIGNATURE_VERIFICATION boolean to give folks the option of
whether they want it.

—
Reply to this email directly or view it on GitHub
#168 (comment).

[killahquam]

All set, please let me know if there is anything I may have overlooked.
Thanks again!

[killahquam]

All set, please let me know if there is anything I may have overlooked.
Thanks again!

[arubdesu]

Awesome, have you tested it with code signing enabled? Looks like some chars encoding got swapped here

[arubdesu]

Awesome, have you tested it with code signing enabled? Looks like some chars encoding got swapped here

[killahquam]

Thanks, All should be good now including code verification. Thank you very much. Let me know if anything.

[killahquam]

Thanks, All should be good now including code verification. Thank you very much. Let me know if anything.

[timsutton]

The way you included the DISABLE_CODE_SIGNATURE_VERIFICATION argument for the CodeSignatureVerifier processor brings up an important distinction about how input variables work. Any variables given explicitly to a processor via the Arguments dictionary (as you do here) are not overridable. Variables that exist in a recipe's Input dictionary are, and then these are either substituted in steps later using % signs (like this), or are simply used internally by the processor, but not expected to be defined explicitly in every recipe file (such as MUNKI_REPO).

Another similar example is the use of pkginfo in every Munki recipe. Several of the Munki-related processors know to look for this special variable and do things with it, but one typically isn't passing in pkginfo directly in the processor Arguments - instead it's defined up top in a place where it can be safely overridden.

CodeSignatureVerifier does already try to output some helpful usage info about DISABLE_CODE_SIGNATURE_VERIFICATION if the verification step fails, but if you want to put it in your recipe as a usage indicator, make sure that it's done in the Input section and then left out of the processor's Arguments dictionary altogether.

[timsutton]

The way you included the DISABLE_CODE_SIGNATURE_VERIFICATION argument for the CodeSignatureVerifier processor brings up an important distinction about how input variables work. Any variables given explicitly to a processor via the Arguments dictionary (as you do here) are not overridable. Variables that exist in a recipe's Input dictionary are, and then these are either substituted in steps later using % signs (like this), or are simply used internally by the processor, but not expected to be defined explicitly in every recipe file (such as MUNKI_REPO).

Another similar example is the use of pkginfo in every Munki recipe. Several of the Munki-related processors know to look for this special variable and do things with it, but one typically isn't passing in pkginfo directly in the processor Arguments - instead it's defined up top in a place where it can be safely overridden.

CodeSignatureVerifier does already try to output some helpful usage info about DISABLE_CODE_SIGNATURE_VERIFICATION if the verification step fails, but if you want to put it in your recipe as a usage indicator, make sure that it's done in the Input section and then left out of the processor's Arguments dictionary altogether.

[killahquam]

Thanks Tim, Changes were made. Let me know.
Thanks
Q

[killahquam]

Thanks Tim, Changes were made. Let me know.
Thanks
Q

[timsutton]

Done, and available here:

https://github.com/autopkg/killahquam-recipes

[timsutton]

Done, and available here:

https://github.com/autopkg/killahquam-recipes

[killahquam]

Thanks Tim. Awesome... I am IN :)

On Tue, Mar 31, 2015 at 1:31 PM, Timothy Sutton notifications@github.com
wrote:

Done, and available here:

https://github.com/autopkg/killahquam-recipes

—
Reply to this email directly or view it on GitHub
#168 (comment).

[killahquam]

Thanks Tim. Awesome... I am IN :)

On Tue, Mar 31, 2015 at 1:31 PM, Timothy Sutton notifications@github.com
wrote:

Done, and available here:

https://github.com/autopkg/killahquam-recipes

—
Reply to this email directly or view it on GitHub
#168 (comment).

[timsutton]

Since we already have some context here: DISABLE_CODE_SIGNATURE_VERIFICATION was something we added as a way to disable the verification steps for cases where a recipe is failing for one issue or another related to the code signature verification step. As such, it's not set by default, functioning as if it's empty or false. It's no harm for you to leave it in your Inputs as a hint, but you may want to set it to true so that it's verifying by default.

[timsutton]

Since we already have some context here: DISABLE_CODE_SIGNATURE_VERIFICATION was something we added as a way to disable the verification steps for cases where a recipe is failing for one issue or another related to the code signature verification step. As such, it's not set by default, functioning as if it's empty or false. It's no harm for you to leave it in your Inputs as a hint, but you may want to set it to true so that it's verifying by default.

[killahquam]

Will do. Thank you!

On Tue, Mar 31, 2015 at 1:35 PM, Timothy Sutton notifications@github.com
wrote:

Since we already have some context here:
DISABLE_CODE_SIGNATURE_VERIFICATION was something we added as a way to
disable the verification steps for cases where a recipe is failing for one
issue or another related to the code signature verification step. As such,
it's not set by default, functioning as if it's empty or false. It's no
harm for you to leave it in your Inputs as a hint, but you may want to set
it to true so that it's verifying by default.

—
Reply to this email directly or view it on GitHub
#168 (comment).

[killahquam]

Will do. Thank you!

On Tue, Mar 31, 2015 at 1:35 PM, Timothy Sutton notifications@github.com
wrote:

Since we already have some context here:
DISABLE_CODE_SIGNATURE_VERIFICATION was something we added as a way to
disable the verification steps for cases where a recipe is failing for one
issue or another related to the code signature verification step. As such,
it's not set by default, functioning as if it's empty or false. It's no
harm for you to leave it in your Inputs as a hint, but you may want to set
it to true so that it's verifying by default.

—
Reply to this email directly or view it on GitHub
#168 (comment).

[killahquam]

Tim,
I have it set by default to true or are you seen something else??
Q

On Tue, Mar 31, 2015 at 1:37 PM, Quam Sodji qsodji@gmail.com wrote:

Will do. Thank you!

On Tue, Mar 31, 2015 at 1:35 PM, Timothy Sutton notifications@github.com
wrote:

Since we already have some context here:
DISABLE_CODE_SIGNATURE_VERIFICATION was something we added as a way to
disable the verification steps for cases where a recipe is failing for one
issue or another related to the code signature verification step. As such,
it's not set by default, functioning as if it's empty or false. It's no
harm for you to leave it in your Inputs as a hint, but you may want to set
it to true so that it's verifying by default.

—
Reply to this email directly or view it on GitHub
#168 (comment).

[killahquam]

Tim,
I have it set by default to true or are you seen something else??
Q

On Tue, Mar 31, 2015 at 1:37 PM, Quam Sodji qsodji@gmail.com wrote:

Will do. Thank you!

On Tue, Mar 31, 2015 at 1:35 PM, Timothy Sutton notifications@github.com
wrote:

Since we already have some context here:
DISABLE_CODE_SIGNATURE_VERIFICATION was something we added as a way to
disable the verification steps for cases where a recipe is failing for one
issue or another related to the code signature verification step. As such,
it's not set by default, functioning as if it's empty or false. It's no
harm for you to leave it in your Inputs as a hint, but you may want to set
it to true so that it's verifying by default.

—
Reply to this email directly or view it on GitHub
#168 (comment).

[timsutton]

Sorry, too many double negatives - I meant to suggest you set it to false so that it's not disabled, which is the same behaviour as if someone would run any other download recipe (with a CodeSignatureVerifier step) with no additional overrides or switches.

[timsutton]

Sorry, too many double negatives - I meant to suggest you set it to false so that it's not disabled, which is the same behaviour as if someone would run any other download recipe (with a CodeSignatureVerifier step) with no additional overrides or switches.

[killahquam]

Gotcha, will do it right now. Thank you very much!

On Tue, Mar 31, 2015 at 1:42 PM, Timothy Sutton notifications@github.com
wrote:

Sorry, too many double negatives - I meant to suggest you set it to false
so that it's not disabled, which is the same behaviour as if someone
would run any other download recipe (with a CodeSignatureVerifier step)
with no additional overrides or switches.

—
Reply to this email directly or view it on GitHub
#168 (comment).

[killahquam]

Gotcha, will do it right now. Thank you very much!

On Tue, Mar 31, 2015 at 1:42 PM, Timothy Sutton notifications@github.com
wrote:

Sorry, too many double negatives - I meant to suggest you set it to false
so that it's not disabled, which is the same behaviour as if someone
would run any other download recipe (with a CodeSignatureVerifier step)
with no additional overrides or switches.

—
Reply to this email directly or view it on GitHub
#168 (comment).