All notable changes to this project will be documented in this file. This project adheres to Semantic Versioning.
Nothing yet.
1.14.1 - 2023-11-20
- Fixed a bug that would cause a Python traceback when checking Munki repos that use
nopkgtype items.
1.14.0 - 2023-11-19
check-preference-manifestshook now outputs more specific error message ifpfm_documentation_urlis empty (#67, thanks to @relgit).check-munki-pkgsinfohook now detects path mismatches on case-sensitive filesystems (#66, thanks to @AaronBurchfield).
1.13.0 - 2023-11-18
- Now uses
packaging.version.Versioninstead ofdistutils.version.LooseVersionfor AutoPkg version comparisons. This may cause unexpected behavior if unusual versions are used inMinimumVersionkeys. - Updated
yaml.safe_load()toYAML(typ='safe').
1.12.4 - 2023-02-26
- Added compatibility checks for MunkiOptionalReceiptEditor processor, included in AutoPkg 2.7+.
- Added a
--require-pkg-blocking-appsargument for thecheck-munki-pkgsinfohook. If specified, tests will fail for any pkg installer that does not have ablocking_applicationsarray (even an empty one). This change maintains the alignment with Munki's design established in 1.12.3 while allowing Munki repo admins flexibility to be stricter in their own environments.
- Improved compatibility with Munki repos where the pkgsinfo folder is not at the root level. (#63, thanks to @kbrewersq)
1.12.3 - 2022-04-09
- Changed check-munki-pkgsinfo to WARN on the absence of the
blocking_applicationsarray for installers in pkg format, rather than to fail the pre-commit test. This better aligns with Munki's own design, which does not requireblocking_applications.
- Resolved an uncaught exception if the git config email is unset. (#58)
1.12.2 - 2022-02-27
- Adjusted preference manifest checks to require
pfm_namefor every preference key except immediate descendants of keys whosepfm_typeisarray(#54). - Improved preference manifest output to more accurately specify which key or subkey is failing
pfm_nameorpfm_typechecks. - Continued development work on a hook that checks Jamf JSON schema manifests.
1.12.1 - 2021-12-22
- Minor adjustments to
check-preference-manifestshook.
1.12.0 - 2021-12-19
- New
check-preference-manifestshook for checking Apple preference manifests like those used by ProfileCreator and iMazing Profile Editor manifests. - Check for the recommended order of JamfUploader processors.
1.11.0 - 2021-11-20
- Added processor type conventions for JamfUploader (
.jamf), PkgSigner (.sign), and GPGSignatureVerifier (.verify) families of recipes. BrewCaskInfoProviderhas been added to the list of deprecated AutoPkg processors.- More output when
check-git-config-emailfails.
1.10.1 - 2021-02-21
- In anticipation of AutoPkg 2.3, now supports checking YAML recipes (must have extension
.recipe.yaml). - In anticipation of AutoPkg 2.3, supports additional AutoPkg plist extension
.recipe.plist. - Supports JSON AutoPkg recipes (must have extension
.recipe.json). NOTE: AutoPkg itself does not yet support JSON recipes. - Built placeholder for checking for unused AutoPkg recipe input variables in the future. Check is disabled for now.
- Fixed a bug preventing display of AutoPkg recipe path and identifier if duplicate identifier is found in the repo.
1.9.0 - 2021-01-18
- Added check for any unexpected processor arguments in any AutoPkg processor.
- CodeSignatureVerifier processor argument verification (added in v1.8.2) has been replaced by the above.
1.8.2 - 2021-01-18
- Added check for unexpected processor arguments in CodeSignatureVerifier.
- Renamed default branch to
main.
1.8.1 - 2020-12-08
- Removed warning about setting MinimumVersion of AutoPkg recipes to 2.0+.
- Reverted 1.4 minimum version requirement for processors that use URLGetter (introduced in 1.7.0).
1.8.0 - 2020-10-08
- Replaced
plistlib.readPlist()withplistlib.load()
1.7.0 - 2020-10-06
- Added pre-commit-macadmin change log (this file)
- Ensure no superclass processors (e.g. URLGetter) are used, as these are intended to be referred to by other processors rather than directly used in recipes
- Warn if setting a MinimumVersion greater than or equal to 2 in AutoPkg recipes, because some administrators may be running 1.4.1 and waiting for processor authors to add Python 3 compatibility
- Validate
minimum_os_versionandmaximum_os_versionkeys in Munki pkginfo files
- Set MinimumVersion needed for [C]URL* processors to 1.4, to ensure utilization of URLGetter
- Updated valid Munki script shebangs to include Munki embedded Python symlink and path
1.6.2 - 2020-01-20
- Added missing sys module for Python version determination
1.6.1 - 2019-12-26
- Convert subprocess output to string
1.6.0 - 2019-12-26
- Validate possible values of RestartAction key in Munki pkginfo
- New hook to check Git user email configuration (
git config user.email)
1.5.2 - 2019-11-26
- Removed redundant EndOfCheckPhase check
- Added URLGetter minimum version (although we should never need this since URLGetter is not meant to be called directly)
1.5.1 - 2019-09-21
- Checking for downloader processors without EndOfCheckPhase
1.5.0 - 2019-09-17
- Warn if using deprecated AutoPkg processors (only one exists now: CURLDownloader)
- Allow specifying multiple acceptable recipe prefixes
- Updated minimum AutoPkg versions required for processors to only include significant digits for LooseVersion comparison
1.4.0 - 2019-08-22
- Detect and warn on AutoPkg recipe identifier duplication
- Warn if any Munki pkginfo script is missing a shebang
1.3.0 - 2019-07-03
--strictmode for check-autopkg-recipes hook, along with numerous conventions that it can validate- Catch identifier loops, where recipe and its parent have the same identifier
- Better handling of unicode
- Fixed warning output when recipe list is invalid
- Fixed shared FileWaveImporter processor identifier
- Handle recipe lists that have prefixes
- Allow pkg recipes with no process (stubs for software already in pkg format at time of download)
1.2.1 - 2019-06-28
- Better parsing of MunkiPkg build-info files, and validation of keys
- Better handle processors with missing Processor keys
- Warn if MunkiPkg project target disk is not the startup disk
- Validate required keys in MunkiPkg build-info files
- Validate bundle identifier in MunkiPkg build-info files
1.2.0 - 2019-06-27
- Checking AutoPkg recipe processors for missing Processor key
- Validation of EndOfCheckPhase placement within download recipes
- Created shared function for checking required keys for pkginfo files and AutoPkg recipes
- No longer requiring an Input key for AutoPkg recipes
1.1.4 - 2019-06-24
- Skip processor checks for AutoPkg recipes without a Process
1.1.3 - 2019-06-24
- Added
--ignore-min-vers-beforeargument to check-autopkg-recipes hook - Added checking for
%NAME%.appin check-autopkg-recipes hook
1.1.2 - 2019-06-22
- Added validation of AutoPkg recipe MinimumVersion in check-autopkg-recipes hook
- Fail early and stop processing files that don't parse
1.1.1 - 2019-06-13
- Fixed issue that returned wrong pass/fail result for check-munki-pkgsinfo and check-autopkg-recipes hooks
1.1.0 - 2019-06-13
- Added a note about combining list arguments in yaml config
- Added note about multi-line list args
- Ensure no trailing slashes on items_to_copy in check-munki-pkgsinfo
- Specified which yaml loader to use
- Removed zip as an package extension
- Fixed issue that caused incorrect pass/fail for check-munki-pkgsinfo and check-autopkg-recipes hooks
1.0.5 - 2019-03-15
- Added args documentation to read me
1.0.4 - 2019-03-14
- Added check for approved catalogs
1.0.3 - 2019-03-13
- Fixed variable capitalization
1.0.2 - 2019-03-13
- Enabled basic type checking for pkginfo dicts
- Adjusted required keys in check-munki-pkgsinfo to include name and description by default
- Temporarily skipping top level plist type (dict) checking
1.0.1 - 2019-03-03
- Added forbid-autopkg-trust-info hook
- Added check for recipe prefix enforcement
- Fixed bug in check-autopkg-recipes hook
- Initial release