Releases: tbridge/munki-in-a-box
Bug Fixes!
Security Branch is Now Production
The 1.5.1 release of Munki in a Box completes the work done in the Security branch, and is now the primary production release of Munki in a Box. This uses SSL Certificates + HTTP Basic Auth by default, and includes the configuration of the Server.app Web Server to do this. You'll need to BYO Certificate, but the HTTP Basic Auth process will be done for you.
In addition, this release includes the creation of autopkg overrides for all the packages imported during the initial run, which will make it easier to manage AutoPkgr in the future. Trust matters, so please read up on the autopkg trust settings.
Welcome to a More Secure Munki-in-a-Box
Munki-in-a-Box has long been a good reference implementation for munki - useful for rolling out a testbed very quickly and giving you some basic tools to manage your munki repository. It's been fine for use in controlled circumstances, ideally by computers that never leave their homes. However, for machines that head outside their usual networks, that could put them at risk.
In previous versions of Munki-in-a-Box, you could easily turn on SSL by default and encrypt your communications layer, but that would still let just any client connect. This version uses HTTP Basic Authentication as described by the Munki documentation. This should be a substantive protection against unauthorized access to your repository.
Pull requests to make this simpler are absolutely welcome.
1.5.0 Beta 1: No Server.app Required
This release will install Server.app (if you haven't already), provided that you have a copy of the App Store Installer Package, configure it for use with munki, then proceed to configure munki as in previous versions.
This is a rough beta, but it works.
Non-root version of Munki-in-a-Box
This version of Munki-in-a-Box represents a major change. The original only ran through a sudo command, if you ran it without that sudo the script would not work as designed, and that was a problem.
This version runs as the logged in user. If the user can't complete a sudo successfully, the script will fail.
But, this solves an issue where autopkg gets very upset when you run it as root (for good reason!), and this version should complete successfully before the sudo timer kicks out. If it doesn't, please file an issue with details about your environment.
In addition, I have added a total of five repositories to autopkg in addition to the standard recipes file. I found myself adding them every time I stood up a new munki reference, so I added them to the script. You can comment them out, they're in lines L320-323.
Typos and Errors Addressed
1.4.0-beta-4 repo typo fixed
Now with more repositories!
Added five commonly-added AutoPKG repositories from awesome community members.
Run-as-User Version!
This version of munki-in-a-box runs as the logged in user, not as root.
Do NOT use this script with sudo, just invoke it from the command line as an admin user, and it will prompt you for your password where necessary.
Don't Run Me As Root
Now with an exit behavior if run as root via sudo.
Maintenance Release: munkireport-php and permissions and syntax
Fixed some syntactical issues that should have been embarrassing, but weren't, but why take the risk? Thanks to A.E. von Bochoven for the pull request, now folded in, to better deploy munkireport-php. Thanks to Keith Mitnick for some very helpful testing for permissions problems, and fixes are rolled in based on his notes.
Please note, this release should function on 10.8 and 10.9 with Server 2 and Server 3, but I haven't confirmed that it works as designed. 10.10.5 and 10.11.0 were tested and functioned as designed.
Please submit bug reports via the Issues section!