You may have, when using (or creating) a .munki AutoPkg recipe, come across a situation in which you run it:
and then get something back like this:
even though you’re sure the item is newer than the one in the Munki repo.
That has to do with the find_matching_item_in_repo() function the MunkiImporter processor uses to determine whether the item exists already or not.
It compares a number of things between the to-be-imported item and what’s already in the Munki repo—installer item hash, installs, receipts, files and paths, etc. If any of those matches up, MunkiImporter considers it a match.
So, for example, if you have BADLYPACKAGEDBYVENDOR 3.7.3, which is an update for BADLYPACKAGEDBYVENDOR 3.7.2, but the receipts for both are just 1 (yes, 1 and not 3.7.2 or 3.7.3), the MunkiImporter processor will see the two as the same and not do “another” import of the same item. Likewise, if the version in the app bundle is 3.7 and not 3.7.2 or 3.7.3, the MunkiImporter processor will see them as the same. I’ve even run into situations in which a vendor artificially ups the number but the “new” package or .app bundle is exactly the same. In that case, the installer hash will be the same, and the MunkiImporter processor will see them as the same.
So what do you, apart from complain to the vendor and pray it fixes the problem?
There may not be anything you can do apart from force an import. You may find a convoluted workaround, though. For LockDown Browser, I had to create an installs array based on the executable and also essentially override the useless receipts array. You might have to do something similar, depending on how bad the vendor package is.
Leave a Reply