Nudge window appears too frequently

[noahtalerman]

Fleet version: v4.33.1

🧑‍💻  Expected behavior

My Mac is assigned to a team that has a macOS minimum version set to 13.4.0 and deadline set to 2023-06-29.

At the time of filing this issue (2023-06-26), my Mac is on a macOS version earlier than 13.4.0.

After I dismiss the Nudge window, w/o updating macOS, I expect to see the Nudge window tomorrow because I'm > 1 day before the deadline. Expected Nudge behavior is documented here.

💥  Actual behavior

When I dismiss the Nudge window, I see the Nudge window again ~1 hour later.

Additional info

Seems like we're using the wrong keys, for example approachingRefreshCycle should actually be approachingWindowTime, as they both control related but different things.

We should double check all settings and update them accordingly

[roperzh]

@noahtalerman I see two devices in Dogfood:

The canary team had a deadline set to 2023-06-26, is it possible that this was the device getting the behavior you described?

[roperzh]

(sorry George, I accidentally unassigned you)

[noahtalerman]

Hey @roperzh, I wish that was the case but no. I saw this behavior on the Mac I use for work "Noah Talerman's MacBook Pro"

[roperzh]

@noahtalerman could you please provide your orbit and fleet desktop logs?

[noahtalerman]

Hey @roperzh! Happy to. What commands do I need to run to collect the logs?

Apologies if we have these commands documented somewhere (I took a quick look and couldn't find any).

[roperzh]

@noahtalerman don't worry! if you're able to grab and share with us (probably in drive) the contents of the following files:

• /var/log/orbit/orbit.stderr.log (you'll need administrator access)
• ~/Library/Logs/Fleet/fleet-desktop.log

would be awesome!

[roperzh]

Found the problem and added it to the issue description. Should be easy to fix

[roperzh]

update: I thought the problem was a Nudge config key that we were setting with the wrong name, but that's not the case, we're setting the config as it should be. Currently investigating what could have been the cause of this.

[gillespi314]

Linking #13202 as a potentially related ticket

[ireedy]

This bug has aged out. Moving back to product drafting.

[noahtalerman]

@georgekarrv is this bug a duplicate of #12771?

[lukeheath]

Bug has aged out. Moving back to product drafting.

[lukeheath]

Bug has aged out. Moving back to product drafting.

[roperzh]

We saw an occurrence of this today. The nudge configuration file on the device seems to be correct:

{
  "osVersionRequirements": [
    {
      "requiredInstallationDate": "2023-12-19T04:00:00Z",
      "requiredMinimumOSVersion": "14.2",
      "aboutUpdateURLs": [
        {
          "_language": "en",
          "aboutUpdateURL": "https://fleetdm.com/docs/using-fleet/mdm-macos-updates"
        }
      ]
    }
  ],
  "userInterface": {
    "simpleMode": true,
    "showDeferralCount": false,
    "updateElements": [
      {
        "_language": "en",
        "actionButtonText": "Update",
        "mainHeader": "Your device requires an update"
      }
    ]
  },
  "userExperience": {
    "initialRefreshCycle": 86400,
    "approachingRefreshCycle": 86400,
    "imminentRefreshCycle": 7200,
    "elapsedRefreshCycle": 3600
  }
}

[roperzh]

Ran a couple of scripts on the affected hosts and found the following:

1. There's something launching Nudge alongside fleetd, running log show --predicate 'subsystem == "com.github.macadmins.Nudge"' --info --debug --style syslog --color none shows entries like this:

[com.github.macadmins.Nudge:utilities] Current operating system (14.2) is greater than or equal to required operating system (0.0)

which hint that whomever is launching nudge is providing an empty config.

2. Running ls /Library/LaunchAgents/ on the affected hosts show that they have a plist in there with com.github.macadmins.Nudge.plist with:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>com.github.macadmins.Nudge</string>
    <key>LimitLoadToSessionType</key>
    <array>
        <string>Aqua</string>
    </array>
    <key>ProgramArguments</key>
    <array>
        <string>/Applications/Utilities/Nudge.app/Contents/MacOS/Nudge</string>
        <!-- <string>-json-url</string> -->
        <!-- <string>https://raw.githubusercontent.com/macadmins/nudge/main/Nudge/example.json</string> -->
        <!-- <string>-demo-mode</string> -->
    </array>
    <key>RunAtLoad</key>
    <true/>
    <key>StartCalendarInterval</key>
    <array>
        <dict>
            <key>Minute</key>
            <integer>0</integer>
        </dict>
        <dict>
            <key>Minute</key>
            <integer>30</integer>
        </dict>
    </array>
</dict>
</plist>

3. Before leaving, Guillaume did a training session where he showed that Nudge was being launched this way and configured via configuration profiles using our old MDM vendor.

Conclusion: this is not a Fleet bug, but we should clean up all Fleet machines.

@georgekarrv @noahtalerman is that something you would like me to do or do you want me to create a confidential issue so bizops can take care of it?

[roperzh]

as discussed in stand-up, closing in favor of https://github.com/fleetdm/confidential/issues/5274

[fleet-release]

Nudge window tamed, Harmony in update flow, Glass city unclaimed.