fleet-maintained apps Cloudfare WARP & Box Drive fail to uninstall, give false positive

[PezHub]

Fleet version: latest main

Web browser and operating system: N/A

---

💥  Actual behavior

Both FMAs fail to uninstall and provide the user with a false positive "successful uninstall" message. Note: The uninstalls were both attempted while the apps were closed.

🧑‍💻  Steps to reproduce

1. Install both FMAs on a host
2. Once complete, uninstall from the host details page
3. Observe the output for each one, but check the host to verify the app is still in the Applications folder and can be launched successfully

🕯️ More info (optional)

WARP results -

uninstall script output -

Uninstall script output:
Removing launchctl service com.cloudflare.1dot1dot1dot1.macos.loginlauncherapp
Removing launchctl service com.cloudflare.1dot1dot1dot1.macos.warp.daemon
false
Quitting application 'com.cloudflare.1dot1dot1dot1.macos'...
Application 'com.cloudflare.1dot1dot1dot1.macos' quit successfully.
Forgot package 'com.cloudflare.1dot1dot1dot1.macos' on '/'.
/Users/gabe/Library/Application Scripts/com.cloudflare.1dot1dot1dot1.macos.loginlauncherapp doesn't exist.
removing /Users/gabe/Library/Application Support/com.cloudflare.1dot1dot1dot1.macos.
removing /Users/gabe/Library/Caches/com.cloudflare.1dot1dot1dot1.macos.
removing /Users/gabe/Library/Caches/com.plausiblelabs.crashreporter.data/com.cloudflare.1dot1dot1dot1.macos.
mv: rename /Users/gabe/Library/Caches/com.plausiblelabs.crashreporter.data/com.cloudflare.1dot1dot1dot1.macos to /Users/gabe/.Trash/com.cloudflare.1dot1dot1dot1.macos_2024-10-08-1728427723/com.cloudflare.1dot1dot1dot1.macos: Directory not empty
/Users/gabe/Library/Containers/com.cloudflare.1dot1dot1dot1.macos.loginlauncherapp doesn't exist.
removing /Users/gabe/Library/HTTPStorages/com.cloudflare.1dot1dot1dot1.macos.
mv: rename /Users/gabe/Library/HTTPStorages/com.cloudflare.1dot1dot1dot1.macos to /Users/gabe/.Trash/com.cloudflare.1dot1dot1dot1.macos_2024-10-08-1728427723/com.cloudflare.1dot1dot1dot1.macos: Directory not empty
removing /Users/gabe/Library/HTTPStorages/com.cloudflare.1dot1dot1dot1.macos.binarycookies.
removing /Users/gabe/Library/Preferences/com.cloudflare.1dot1dot1dot1.macos.plist.

Box Drive results -

uninstall script output -

Uninstall script output:
Removing launchctl service com.box.desktop.helper
false
Quitting application 'com.box.desktop'...
Application 'com.box.desktop' quit successfully.
true
Quitting application 'com.box.desktop.findersyncext'...
Application 'com.box.desktop.findersyncext' quit successfully.
true
Quitting application 'com.box.desktop.helper'...
Application 'com.box.desktop.helper' quit successfully.
false
Quitting application 'com.box.desktop.ui'...
Application 'com.box.desktop.ui' quit successfully.
shell-init: error retrieving current directory: getcwd: cannot access parent directories: Permission denied
removing domain
job-working-directory: error retrieving current directory: getcwd: cannot access parent directories: Permission denied
/usr/bin/fileproviderctl
job-working-directory: error retrieving current directory: getcwd: cannot access parent directories: Permission denied
[2024-10-08 15:42:11.914283] [0x0000000200fd3240] [info]    Not on macOS 14+ and/or the feature flip is off, skipping FPFS API check
[2024-10-08 15:42:11.920754] [0x000000016f067000] [error]   Failed to get domains from system with error: Couldn’t communicate with a helper application.
[2024-10-08 15:42:11.920785] [0x0000000200fd3240] [info]    No existing domain was found with display name: Box
[2024-10-08 15:42:11.920789] [0x0000000200fd3240] [info]    No domain named 'Box' was found, returning
job-working-directory: error retrieving current directory: getcwd: cannot access parent directories: Permission denied
File Provider control utility.
fileproviderctl <command> <options>

Commands:
  dump [<domain|provider>]                                       - dump state of fileprovider's daemon
      --limit-dump-size                                                 limit the number of items dumped
  evaluate <item>                                                - evaluate finder actions and decorations on item
  evaluate <action> [<item>] <target item>                       - evaluate finder interactions
  check | repair                                                 - run FPCK
      -f                                                                perform a full dump (all items)
      -a <path>                                                         perform check under path
      -b <path>                                                         operate on an already created DB backup. If this is set you need to set -a to point to the domain root
      -o <path>                                                         write output into file at path
      -P                                                                no-pager output
      -d                                                                dimisss low-importance invariants
      -v                                                                print out files with broken invariants
      -m [<providerDomainID>]                                           perform check on the d2d migration backup
      -x xpc|daemon                                                     launch in XPC Service vs daemon (default)
  obfuscate [<filename>/<path>...]                               - return the obfuscated form of the filename
job-working-directory: error retrieving current directory: getcwd: cannot access parent directories: Permission denied
No matching processes belonging to you were found
job-working-directory: error retrieving current directory: getcwd: cannot access parent directories: Permission denied
0
job-working-directory: error retrieving current directory: getcwd: cannot access parent directories: Permission denied
job-working-directory: error retrieving current directory: getcwd: cannot access parent directories: Permission denied
match: Connection invalid
job-working-directory: error retrieving current directory: getcwd: cannot access parent directories: Permission denied
No matching processes belonging to you were found
job-working-directory: error retrieving current directory: getcwd: cannot access parent directories: Permission denied
sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper
sudo: a password is required
job-working-directory: error retrieving current directory: getcwd: cannot access parent directories: Permission denied
Remove favorite: Box not found
Remove login item: Box not found
job-working-directory: error retrieving current directory: getcwd: cannot access parent directories: Permission denied
2024-10-08 15:42:12.158 defaults[1956:30716] 
Domain (com.box.desktop.installer) not found.
Defaults have not been changed.
job-working-directory: error retrieving current directory: getcwd: cannot access parent directories: Permission denied
job-working-directory: error retrieving current directory: getcwd: cannot access parent directories: Permission denied
job-working-directory: error retrieving current directory: getcwd: cannot access parent directories: Permission denied
security: SecKeychainSearchCopyNext: The specified item could not be found in the keychain.

* * * * * *

Box Drive has been uninstalled.

* * * * * *

No receipt for 'com.box.desktop.installer.*' found at '/'.
/Users/gabe/.Box_* doesn't exist.
removing /Users/gabe/Library/Application Support/Box/Box.
removing /Users/gabe/Library/Application Support/FileProvider/com.box.desktop.boxfileprovider.
mv: rename /Users/gabe/Library/Application Support/FileProvider/com.box.desktop.boxfileprovider to /Users/gabe/.Trash/com.box.desktop.boxfileprovider_2024-10-08-1728427332: Operation not permitted
removing /Users/gabe/Library/Containers/com.box.desktop.findersyncext.
mv: rename /Users/gabe/Library/Containers/com.box.desktop.findersyncext to /Users/gabe/.Trash/com.box.desktop.findersyncext_2024-10-08-1728427332: Operation not permitted
removing /Users/gabe/Library/Logs/Box/Box.
removing /Users/gabe/Library/Preferences/com.box.desktop.plist.
removing /Users/gabe/Library/Preferences/com.box.desktop.ui.plist.

[roperzh]

@georgekarrv @PezHub take it with a grain of salt as this might be an error on how I understand the homebrew stranzas, but I believe unless we customize the scripts ourselves, this is how those are going to work. I sent a message about this in Slack:

For the uninstall script, we're translating metadata we get from homebrew. I noticed that some apps don't include directives to quit the app when open, for example (as I would expect an uninstall script to do). So each app will have to be quaed with some nuance

ccing @George Karr on this one. for Box Drive, it has a script directive to run an uninstall script the app provides. When run as root you get an error, when run as a user you get asked for the root password... so this one doesn't work great

[PezHub]

QA Notes:

Box drive uninstalled successfully but Cloudfare stuck around, regardless of whether or not the app was open on the host at the time of uninstall.

It still gave a false positive message that the uninstall succeeded. Here's the output

@dantecatalfamo

[PezHub]

QA Notes:

uninstall succeeded after fix! confirmed removed on host.

[fleet-release]

Uninstall false cheer, Apps persist, yet Fleet sees clear, Fix will bring users near.