Trouble installing SmartClient on MacOS Sierra
-
@kwetiaw That’s what’s odd. The statements in the file aren’t saying anything about file not existing. It’s stating permission denied, which is a totally different error.
If you run
ls -lhart
in terminal assudo ls -lhart "/usr/share/.*"
is nothing returned? -
Pinging @Joe-Schmitt because this is outside my knowledge area at this point, and I have zero Mac devices to test on.
-
Also, can you check if
sudo -lhart "/usr/local/share/.*"
has .mono within it? -
@Wayne-Workman thanks for pinging me, I was meaning to get back to this topic.
@kwetiaw in short here’s what’s happening. Starting with El Capitan OSX ships with a feature called system integrity protection (SIP). Many applications have had some difficulty adjusting to the new security model. Mono included. With the release of El Capitan they had to rebuild parts of their build process to be in compliance with SIP. Even then it took them awhile to figure out how to ensure their root keystore was also compliant with SIP. The client was actually OSX compatible a long time ago, but I and @Tom-S had to wait for mono to patch this issue.
I suspect with the release of OSX Sierra some changes were made to SIP. While mono still works (hence you can run the smart installer), the keystore is once again broken. This keystore is what allows the client to “pin” your FOG server for security purposes. If you can ensure you are running the latest version of mono (and if so report back with the exact version number
mono --version
) I can confirm the issue and check in with the Mono team about this issue. Also if you can, upload the entire SmartInstaller.log file.To clarify; this is not an issue with the client, but rather a bug with mono dealing with Apple’s SIP.
-
@Tom-Elliott Hi Tom,
It listed different folder but none of them is .mono -
@Tom-Elliott there isnt a folder called “share”
-
-
reboot into recovery > start terminal
csrutil disable
-
@kwetiaw I’m getting this same error on HS has this been resolved?
-
@ArtLong As Joe posted long time ago:
To clarify; this is not an issue with the client, but rather a bug with mono dealing with Apple’s SIP (system integrity protection).
I don’t have access to a Mac to test so we probably need other people to confirm this is still an issue. There is nothing much we can do about I suppose.
-
This is still an issue. Tested with Mono 5.20.1 Stable (5.20.1.19) on macOS 10.11.6, 10.13.6, and 10.14.5 with SmartInstaller.exe distributed with 1.5.5 and 1.5.6.
output from mono --version
Mono JIT compiler version 5.20.1.19 (2018-10/886c4901747 Tue Apr 9 12:37:29 EDT 2019) Copyright (C) 2002-2014 Novell, Inc, Xamarin Inc and Contributors. www.mono-project.com TLS: SIGSEGV: altstack Notification: kqueue Architecture: amd64 Disabled: none Misc: softdebug Interpreter: yes LLVM: yes(600) Suspend: hybrid GC: sgen (concurrent by default)
Issue on the mono GitHub related to this is certmgr System.UnauthorizedAccessException: Access to the path “/usr/share/.mono” is denied. #12005 and it is still in an open status.
-
@Daniel-Miller Good you brought this topic up again. We had a very similar thing on Linux where the fog-client wouldn’t be able to read back the certificates from the mono cert store. I can imagine this being the same issue.
Check out this: https://forums.fogproject.org/topic/13374/fog-client-under-ubuntu-18-04-authentication-error-could-not-authenticate
-
@Sebastian-Roth
Well, not the same, but likely related. The mono issue noted the problem was present on both Linux and macOS, but for different reasons. If the changes in that version of zazzles takes over the cert handling from mono, that solution might work, but the installer removes the client when it detects the failed install so I don’t have a means to test if it does. These are all new installations as part of an attempt to solve a large package deployment issue here, so I don’t have a previously working client base to play with unfortunately...#######:. ..,#,.. .::##::. .:###### .:;####:......;#;.. ...##... ...##;,;##::::.##... ,# ...##.....##:::## ..:: ## .::###,,##. . ##.::#.:######::. ...##:::###::....#. .. .#...#. #...#:::. ..:####:.. ..##......##::## .. # # . ...##:,;##;:::#: ... ##.. .# . .:;####;::::.##:::;#:.. # ..:;###.. ########################################### # FOG # # Free Computer Imaging Solution # # # # https://www.fogproject.org/ # # # # Credits: # # https://fogproject.org/Credits # # GNU GPL Version 3 # ########################################### # FOG Service Installer # ------------------------------------License----------------------------------- FOG Service Copyright (C) 2014-2017 FOG Project This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See your FOG server under 'FOG Configuration' -> 'License' for further information. ----------------------------------Information--------------------------------- Version................................................................0.11.16 OS.........................................................................Mac Current Path........................................../Users/x/Downloads Install Location............................................../opt/fog-service -----------------------------------Configure---------------------------------- FOG Server address [default: fogserver]: fogserver Webroot [default: /fog]: Enable tray icon? [Y/n]: y ----------------------------------Installing---------------------------------- Getting things ready....................................................[Pass] Installing files........................................................[Pass] Saving Configuration....................................................[Pass] Applying Configuration..................................................[Pass] Pinning FOG Project.....................................................[Fail] Installation failed, cleaning system -----------------------------------Uninstall---------------------------------- Uninstalling............................................................[Pass] -----------------------------------Finished----------------------------------- See /Users/x/Downloads/SmartInstaller.log for more information.
ASEGCB0240-06:opt x$ ls -al /opt total 0 drwxr-xr-x 2 root wheel 68 Jun 27 10:23 . drwxr-xr-x 40 root wheel 1428 Jun 26 16:37 ..
-
@Daniel-Miller said:
... FOG Server address [default: fogserver]: fogserver ...
Make sure you give the FOG server IP hear or it won’t be able to pin to it!
-
@Sebastian-Roth names were changed to protect the guilty.
-
@Daniel-Miller Ahh, I see. So then what do you get in
/Users/x/Downloads/SmartInstaller.log
?? -
-
@Daniel-Miller Dang… should have expected that.
I am not that great a C# coder than Joe is who created the whole new fog-client three years ago. Looking around I came across this: https://www.pinvoke.net/default.aspx/shell32/SHSetKnownFolderPath.html
Maybe we can use this on MacOS X to save the cert store in a different place?!
As well I am wondering what would happen if we change the fog-client code to not do:
var store = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
but
var store = new X509Store(StoreName.Root, StoreLocation.CurrentUser);
But I have no idea where it would put the store then and if things would work this way?!
-
@Daniel-Miller I just compiled a new SmartInstaller for you that does use the
StoreLocation.CurrentUser
. Lets see if that makes a difference on your MacOS X.Cant promise anything. Its just a first try and I am not really sure if it will run properly even if the installer itself is fixed. The whole project building and signing the binaries is a very complex process and I am not sure I got it all right.
-
@Sebastian-Roth
I can give it a go. Will need another link though; that one is returning an http error 404.