search

fleetdm / fleet

Open-source platform for IT, security, and infrastructure teams. (Linux, macOS, Chrome, Windows, cloud, data center)
https://fleetdm.com
Other
3.07k stars 425 forks source link

Manual enrollment profile downloads are broken #23162

Open iansltx opened 2 days ago

iansltx commented 2 days ago

Fleet version: At least main

💥  Actual behavior

When attempting to install a mobileconfig file downloaded from Fleet for manual MDM enrollment, macOS errors (verified on macOS 14 and 15):

image (12).png image (11).png

This appears to be a signature related issue; deleting the header and trailer from the XML part of the plist gives me a (unsigned) profile that will apply.

🧑‍💻  Steps to reproduce

  1. Set up MDM
  2. Install Fleet Desktop on a macOS device that isn't enrolled in MDM
  3. Follow steps via Fleet Desktop -> My Device to download the MDM profile
  4. Double-click the profile to queue it for install
  5. Go to System Settings, in the Profiles section, and see the error

🕯️ More info

See this Slack thread

iansltx commented 2 days ago

Found while troubleshooting #21317.

iansltx commented 2 days ago

Turns out, the issue was specific to downloading the config file in-browser due to a misconfigured HTTP getter function that was attempting to parse the download as JSON prior to saving. Fixing that fixes this issue.

PezHub commented 15 hours ago

QA Notes:

Confirmed the fix works and I'm able to manually enroll a host after installing fleetd then downloading and installing the enrollment profile.

I also retested the change that originally introduced the issue and validated it still worked on the host.