Trouble installing SmartClient on MacOS Sierra
-
@Daniel-Miller Good you brought this topic up again. We had a very similar thing on Linux where the fog-client wouldn’t be able to read back the certificates from the mono cert store. I can imagine this being the same issue.
Check out this: https://forums.fogproject.org/topic/13374/fog-client-under-ubuntu-18-04-authentication-error-could-not-authenticate
-
@Sebastian-Roth
Well, not the same, but likely related. The mono issue noted the problem was present on both Linux and macOS, but for different reasons. If the changes in that version of zazzles takes over the cert handling from mono, that solution might work, but the installer removes the client when it detects the failed install so I don’t have a means to test if it does. These are all new installations as part of an attempt to solve a large package deployment issue here, so I don’t have a previously working client base to play with unfortunately...#######:. ..,#,.. .::##::. .:###### .:;####:......;#;.. ...##... ...##;,;##::::.##... ,# ...##.....##:::## ..:: ## .::###,,##. . ##.::#.:######::. ...##:::###::....#. .. .#...#. #...#:::. ..:####:.. ..##......##::## .. # # . ...##:,;##;:::#: ... ##.. .# . .:;####;::::.##:::;#:.. # ..:;###.. ########################################### # FOG # # Free Computer Imaging Solution # # # # https://www.fogproject.org/ # # # # Credits: # # https://fogproject.org/Credits # # GNU GPL Version 3 # ########################################### # FOG Service Installer # ------------------------------------License----------------------------------- FOG Service Copyright (C) 2014-2017 FOG Project This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See your FOG server under 'FOG Configuration' -> 'License' for further information. ----------------------------------Information--------------------------------- Version................................................................0.11.16 OS.........................................................................Mac Current Path........................................../Users/x/Downloads Install Location............................................../opt/fog-service -----------------------------------Configure---------------------------------- FOG Server address [default: fogserver]: fogserver Webroot [default: /fog]: Enable tray icon? [Y/n]: y ----------------------------------Installing---------------------------------- Getting things ready....................................................[Pass] Installing files........................................................[Pass] Saving Configuration....................................................[Pass] Applying Configuration..................................................[Pass] Pinning FOG Project.....................................................[Fail] Installation failed, cleaning system -----------------------------------Uninstall---------------------------------- Uninstalling............................................................[Pass] -----------------------------------Finished----------------------------------- See /Users/x/Downloads/SmartInstaller.log for more information.
ASEGCB0240-06:opt x$ ls -al /opt total 0 drwxr-xr-x 2 root wheel 68 Jun 27 10:23 . drwxr-xr-x 40 root wheel 1428 Jun 26 16:37 ..
-
@Daniel-Miller said:
... FOG Server address [default: fogserver]: fogserver ...
Make sure you give the FOG server IP hear or it won’t be able to pin to it!
-
@Sebastian-Roth names were changed to protect the guilty.
-
@Daniel-Miller Ahh, I see. So then what do you get in
/Users/x/Downloads/SmartInstaller.log
?? -
-
@Daniel-Miller Dang… should have expected that.
I am not that great a C# coder than Joe is who created the whole new fog-client three years ago. Looking around I came across this: https://www.pinvoke.net/default.aspx/shell32/SHSetKnownFolderPath.html
Maybe we can use this on MacOS X to save the cert store in a different place?!
As well I am wondering what would happen if we change the fog-client code to not do:
var store = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
but
var store = new X509Store(StoreName.Root, StoreLocation.CurrentUser);
But I have no idea where it would put the store then and if things would work this way?!
-
@Daniel-Miller I just compiled a new SmartInstaller for you that does use the
StoreLocation.CurrentUser
. Lets see if that makes a difference on your MacOS X.Cant promise anything. Its just a first try and I am not really sure if it will run properly even if the installer itself is fixed. The whole project building and signing the binaries is a very complex process and I am not sure I got it all right.
-
@Sebastian-Roth
I can give it a go. Will need another link though; that one is returning an http error 404. -
@Daniel-Miller Strange, the link worked yesterday. Will upload somewere else later on.
-
@Daniel-Miller I know this doesn’t look very official uploading the installer to some cloud thing but it’s just for testing and the easiest for me right now: https://cloud.mi.hdm-stuttgart.de/index.php/s/LZnrNB9cWrmqsz7
-
@Sebastian-Roth no worries
Good News:
The installer finished up without error.
After rebooting the machine and logging back into the admin user, the tray icon appeared, the service process appears to be running, and/opt/fog-server/fog.log
appears to be initially happy:6/28/2019 11:29 AM Middleware::Communication URL: http://fogserver/fog/management/index.php?sub=requestClientInfo &configure&newService&json 6/28/2019 11:29 AM Middleware::Response Success 6/28/2019 11:29 AM Middleware::Communication URL: http://fogserver/fog/management/index.php?sub=requestClientInfo &mac=00:25:00:F0:83:DF|00:25:00:F0:6F:45|00:25:4B:FF:FE:FB:69:24&newService&json 6/28/2019 11:29 AM Middleware::Response Invalid host 6/28/2019 11:29 AM Middleware::Communication URL: http://fogserver/fog/service/getversion.php?clientver&newServic e&json 6/28/2019 11:29 AM Middleware::Communication URL: http://fogserver/fog/service/getversion.php?newService&json 6/28/2019 11:29 AM Service Creating user agent cache 6/28/2019 11:29 AM Middleware::Response Module is disabled on the host 6/28/2019 11:29 AM Middleware::Response Module is disabled on the host 6/28/2019 11:29 AM Middleware::Response Module is disabled globally on the FOG server
Bad News:
Certificate store appears to be~/.config/.mono/certs/Trust
with respect to the installing user account and the service doesn’t appear to be reliably pulling from that store after further reboots. From/opt/fog-service/fog.log
:------------------------------------------------------------------------------ --------------------------------Authentication-------------------------------- ------------------------------------------------------------------------------ 6/28/2019 11:44 AM Client-Info Version: 0.11.16 6/28/2019 11:44 AM Client-Info OS: Mac 6/28/2019 11:44 AM Middleware::Authentication Waiting for authentication timeout to pass 6/28/2019 11:46 AM Middleware::Communication Download: http://fogserver/fog/management/other/ssl/srvpublic.crt 6/28/2019 11:46 AM Data::RSA ERROR: Unable to retrieve FOG Server CA 6/28/2019 11:46 AM Data::RSA ERROR: FOG Server CA NOT found in keystore 6/28/2019 11:46 AM Middleware::Authentication ERROR: Could not authenticate 6/28/2019 11:46 AM Middleware::Authentication ERROR: Value cannot be null. Parameter name: authority 6/28/2019 11:46 AM Middleware::Communication URL: http://fogserver/fog/management/index.php?sub=requestClientInfo&configure&newService&json 6/28/2019 11:46 AM Middleware::Response Success 6/28/2019 11:46 AM Middleware::Communication URL: http://fogserver/fog/management/index.php?sub=requestClientInfo&mac=00:25:00:F0:83:DF|00:25:00:F0:6F:45|00:25:4B:FF:FE:FB:69:24&newService&json 6/28/2019 11:46 AM Middleware::Authentication Waiting for authentication timeout to pass 6/28/2019 11:48 AM Middleware::Communication Download: http://fogserver/fog/management/other/ssl/srvpublic.crt 6/28/2019 11:48 AM Data::RSA ERROR: Unable to retrieve FOG Server CA 6/28/2019 11:48 AM Data::RSA ERROR: FOG Server CA NOT found in keystore 6/28/2019 11:48 AM Middleware::Authentication ERROR: Could not authenticate 6/28/2019 11:48 AM Middleware::Authentication ERROR: Value cannot be null. Parameter name: authority 6/28/2019 11:48 AM Middleware::Response Success 6/28/2019 11:48 AM Middleware::Communication URL: http://fogserver/fog/service/getversion.php?clientver&newService&json 6/28/2019 11:48 AM Middleware::Communication URL: http://fogserver/fog/service/getversion.php?newService&json 6/28/2019 11:48 AM Service Creating user agent cache 6/28/2019 11:48 AM Middleware::Response ERROR: Unable to get subsection 6/28/2019 11:48 AM Middleware::Response ERROR: Object reference not set to an instance of an object 6/28/2019 11:48 AM Middleware::Response ERROR: Unable to get subsection 6/28/2019 11:48 AM Middleware::Response ERROR: Object reference not set to an instance of an object 6/28/2019 11:48 AM Middleware::Response ERROR: Unable to get subsection 6/28/2019 11:48 AM Middleware::Response ERROR: Object reference not set to an instance of an object 6/28/2019 11:48 AM Service Initializing modules
Being the service appears to start as root, I’m not entirely certain how it was initially able to access the cert store (I blame unicorns). Unfortunately, the constructor for X509Store appears to be doing exactly what it was told without any pleasant side effects.
Additionally, even when the service was checking in, the fog server didn’t appear to be acknowledging the communications; the http requests were showing up in other_vhosts_access.log on the fog server, but no pending registrations appeared in the web interface and, when I manually added the host and scheduled a hardware inventory, no task reboot information appeared to be passed to the client. This may be attributable to the lack of CA (or the aforementioned unicorns).
I did try swapping out the Zazzles.dll with the one posted in Client not authenticating, but it is giving the same results.
-
@Daniel-Miller Well at least looks like we are making a bit of progress here. Not perfect but still seems like we got some space to try things out.
First I might ask you to try and run the installer as
root
and see if you can make it work that way.6/28/2019 11:46 AM Data::RSA ERROR: Unable to retrieve FOG Server CA 6/28/2019 11:46 AM Data::RSA ERROR: FOG Server CA NOT found in keystore
This is most probably due to it not finding the cert store in the right place. No chance to make it work using the Zazzles.dll I patched for Linux.
-
@Sebastian-Roth Nice call.
Installation, both under the auspices of asudo su -l
in terminal and asroot
through ARD, appear to be behaving after a manual kick to launchctl. The newest iMacs don’t seem to be triggering a pending host notification, but they are logging the communication on the client and in the apache logs. I suspect there might be too many mac addresses, but I am thinking that is a Monday problem. -
Cross linking a new post on the same issue: https://forums.fogproject.org/topic/13611/unable-to-complete-smartinstaller-exe-on-macos-mojave-10-14-6
Probably something we should try to fix but it’s a tough one, I don’t have Mac OS X to test and very little time. @Daniel-Miller Are you willing and keen to setup a fog-client development environment and help work on this?
-
@Sebastian-Roth I have a couple units I can probably play with and might be able to find a little time to cobble something together.
-
@Daniel-Miller Any news on this topic?
-
@Sebastian-Roth
Start of semester … time is an illusion
It is just a matter of relaunching the installer if on a mac and not running as ‘root’ in addition to the change you made. That was just substituting StoreLocation.CurrentUser for StoreLocation.LocalMachine in GenericSetup.cs, yes? I have some logic framed in for the relaunch that puts it in the right user context, but something about how the installer is built isn’t getting the auxiliary files (.sh, .dll, etc.) packed with the executable, so while the relaunched environment looks right, I can’t definitively say it works. Can drop the diff here unless you have a better means of getting things from point A to B. -
@Daniel-Miller I have read you message at least four times now but I still don’t fully understand.
That was just substituting StoreLocation.CurrentUser for StoreLocation.LocalMachine in GenericSetup.cs, yes?
Yes I think so. Just checked the diff I had lying around:
diff --git a/SetupHelper/GenericSetup.cs b/SetupHelper/GenericSetup.cs index a9b7a72..d4e2f41 100644 --- a/SetupHelper/GenericSetup.cs +++ b/SetupHelper/GenericSetup.cs @@ -110,7 +110,7 @@ namespace FOG try { - var store = new X509Store(StoreName.Root, StoreLocation.LocalMachine); + var store = new X509Store(StoreName.Root, StoreLocation.CurrentUser); store.Open(OpenFlags.ReadWrite); store.Remove(cert); store.Close(); @@ -129,7 +129,7 @@ namespace FOG try { var cert = new X509Certificate2(location); - var store = new X509Store(StoreName.Root, StoreLocation.LocalMachine); + var store = new X509Store(StoreName.Root, StoreLocation.CurrentUser); store.Open(OpenFlags.ReadWrite); var cers = store.Certificates.Find(X509FindType.FindBySubjectName, "FOG Project", true); @@ -168,7 +168,7 @@ namespace FOG try { X509Certificate2 CAroot = null; - var store = new X509Store(StoreName.Root, StoreLocation.LocalMachine); + var store = new X509Store(StoreName.Root, StoreLocation.CurrentUser); store.Open(OpenFlags.ReadOnly); var cers = store.Certificates.Find(X509FindType.FindBySubjectName, "FOG Project", true); @@ -191,7 +191,7 @@ namespace FOG try { - var store = new X509Store(StoreName.Root, StoreLocation.LocalMachine); + var store = new X509Store(StoreName.Root, StoreLocation.CurrentUser); store.Open(OpenFlags.ReadWrite); store.Remove(cert); store.Close();
but something about how the installer is built isn’t getting the auxiliary files (.sh, .dll, etc.) packed with the executable
Can you be more specific on what’s going wrong here or why you think the files are not packed?
Which version are you trying to build from? Latest
master
? Since we talked about this last in June (!) I have pushed a commit to update dependencies. This is causing a bit of trouble and I have not found the time to properly get this right again. Please use commit b2995511 for now! Sorry for that.You might also want to change the build script to get more output:
diff --git a/build.ps1 b/build.ps1 index 0773e88..f15bfc0 100644 --- a/build.ps1 +++ b/build.ps1 @@ -118,7 +118,7 @@ Copy-Item "$PSScriptRoot\bin\FOGService.msi" $InstallerMSI Copy-Item "$PSScriptRoot\bin\FOGService.msi" "$PSScriptRoot\out\FOGService.msi" Write-Host "Building Smart Installer" -Invoke-Expression ($msbuild + $installerConfig) | out-null +Invoke-Expression ($msbuild + $installerConfig) #| out-null Write-Host "ILMerging Smart Installer"
-
@Sebastian-Roth
That diff matches the one I had for GenericSetup.cs.Lots of little things, like Visual Studio complaining about the name of OSX-FOG-TRAY.ZIP (renamed it to make it happy, but don’t know if I found all the references), SmartInstaller.exe only being 4.5 MB, and initial error messages about not being able to find Zazzles.dll when running the executable. Resynches off the current master and that commit seems to do the same thing, so I’m almost certain it’s something wrong with how my environment is set up and very likely due to MS not distributing ilmerge any more. Does this GitHub for ILMerge look like the same beast?
And this is all assuming I am actually synching to the points I am intending to … I’m a little new to using source control.