Do you need to clean up the SelfServeManifest for your Munki clients?

What might be the issue?

Every now and then, on the #munki channel of the MacAdmins Slack, someone will ask about deleting or updating an entry in the SelfServeManifest.

The /Library/Managed Installs/manifests/SelfServeManifest file is where Munki keeps track of what optional installs items users choose to install via Managed Software Center. Once a user selects an optional install for install, Munki then puts that item into the SelfServeManifest as a managed install.

Do obsolete items need to be removed?

Some Munki admins who have removed an item from their repos have expressed concerns that the removal of that item from the repo will produce either an error or a warning if the item still exists in users’ SelfServeManifest files—this is actually not the case; more details below.

What if you rename an item?

Other Munki admins have had circumstances in which they want to rename (the actual name and not just display_name) an item in their repo that’s an optional install. If you rename ItemOldName to ItemNewName and your users still have <string>ItemOldName</string> in their SelfServeManifest files, Munki won’t know that they should have selected to install <string>ItemNewName</string>.

What you can do

Obsolete items

Good news! As alluded to earlier, for obsolete items, you don’t have to do anything! You won’t get any errors or warnings in the Munki logs or managedsoftwareupdate output (at least as of this writing—hopefully future Munki versions won’t change this behavior).

I tested this by having only an actual item in my site_default manifest called Actual item that exists.:

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>catalogs</key> <array> <string>production</string> </array> <key>optional_installs</key> <array> <string>Actual item that exists</string> </array> </dict> </plist>

Then, I made sure my SelfServeManifest had a fake item called Item not in the repo:

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>managed_installs</key> <array> <string>Item not in the repo</string> </array> <key>managed_uninstalls</key> <array/> </dict> </plist>

In the Munki run, you can see that Munki checks only for the actual item and doesn’t care that there’s an item in the SelfServeManifest that doesn’t exist in the Munki repo:

Starting... Checking for available updates... No client id specified. Requesting HOSTNAME.local... Getting manifest HOSTNAME.local... Retrieving list of software for this machine... Bytes received: 196 Request failed. Trying HOSTNAME... Getting manifest HOSTNAME... Retrieving list of software for this machine... Bytes received: 196 Request failed. Trying SERIALNUMBER... Getting manifest SERIALNUMBER... Retrieving list of software for this machine... Bytes received: 196 Request failed. Trying site_default... Getting manifest site_default... Retrieving list of software for this machine... 0..20..40..60..80..100 Retrieved manifest site_default Using manifest: site_default **Checking for installs** Getting catalog production... **Checking for removals** **Checking for managed updates** Running installcheck_script for Actual item that exists 1.0 is greater than or equal to 1.0 **Processing self-serve choices** Getting list of available icons... Bytes received: 196 Getting icon Actual item that exists.png for Actual item... Bytes received: 196 Getting client resources... Bytes received: 196 Getting client resources... Bytes received: 196 No change in InstallInfo. Finishing... Done.

Renamed Items

Renamed items are a bit trickier. There may be several valid approaches to this, but one of them would be to actually rename the item in the SelfServeManifest.

I’ve written up a script inside a custom package that can do this. Feel free to adapt as needed for your environment.