How (Not) To Do Bad Things With AutoPkg

Speakers: Elliot Jordan

Level: Intermediate, Lecture

Excerpt: AutoPkg is the time-savingest thing since sliced bread. But if you administer a software distribution system that includes AutoPkg, you owe it to yourself to be suspicious of recipes and processors. During this newly updated talk, I’ll go over a few key ways AutoPkg automation can go bad, provide methods for avoiding such problems, and generally provoke a healthy sense of paranoia in all who attend.

Description: “With great power comes great responsibility” is the key point in this presentation that demonstrates some of the potential mishaps that can occur while using AutoPkg and how to mitigate them.

I’ll show you some malicious, unexpected, or just plain stupid things that can be done using AutoPkg recipes and processors. I’ll urge you to pay attention to changes in AutoPkg repos, put your tools in sandboxes to limit their damage potential, carefully inspect packages before deploying them to your fleet, keep trust information up to date, and many other tips.

When you leave this session, you’ll have a few actionable recommendations for securing your automation workflow, along with just enough paranoia to make sure you actually follow through on them.

About the speaker

Elliot Jordan (Twitter: @homebysix) – –

As an IT consultant for 10 years in the San Francisco Bay Area, Elliot helped a diverse range of companies manage large fleets of Macs. A frequent open source contributor and collaborator, he led the AutoPkgr development team, co-created Recipe Robot, and maintains over 1,000 AutoPkg recipes. Now, Elliot lives with his wife Jacqueline in Los Angeles, California, where you’ll find him riding his bike and taking photos of palm trees.

This entry was posted in MacAdmins 2017 Sessions. Bookmark the permalink.