Rolling back versions in Munki and using blocking applications arrays

Downgrading software in Munki can be a bit tricky. One of the tricks you can use is to remove the higher version number from your Munki repo, and replace an .app bundle–based installs array with a binary-based one.

So, after removing the higher version from your repo, replacing the lower version’s pkginfo with something like

	<key>installs</key>
	<array>
		<dict>
			<key>md5checksum</key>
			<string>031eb69ec876d784b4330c3d6ccbf0a9</string>
			<key>path</key>
			<string>/Applications/Google Chrome.app/Contents/MacOS/Google Chrome</string>
			<key>type</key>
			<string>file</string>
		</dict>
	</array>

instead of something like

	<key>installs</key>
	<array>
		<dict>
			<key>CFBundleIdentifier</key>
			<string>com.google.Chrome</string>
			<key>CFBundleName</key>
			<string>Chrome</string>
			<key>CFBundleShortVersionString</key>
			<string>87.0.4280.88</string>
			<key>CFBundleVersion</key>
			<string>4280.88</string>
			<key>minosversion</key>
			<string>10.10.0</string>
			<key>path</key>
			<string>/Applications/Google Chrome.app</string>
			<key>type</key>
			<string>application</string>
			<key>version_comparison_key</key>
			<string>CFBundleShortVersionString</string>
		</dict>
	</array>

Just keep in mind that if you replace a bundle-based installs array with a binary-based installs array, you may want to put in an explicit blocking applications array, too.

From Blocking Applications:

Munki will skip any unattended_installs or unattended_uninstalls if:

  • There is a blocking_applications key in the pkginfo, and any application listed is running, or
  • There is no blocking_applications key in the pkginfo, and any application in the installs list (if it exists) is running.

Before, you had the application in the installs list, but now you don’t, so you need to have a blocking applications array:

	<key>blocking_applications</key>
	<array>
		<string>Google Chrome.app</string>
	</array>

Leave a comment

Your email address will not be published. Required fields are marked *