search

macadmins / nudge

A tool for encouraging the installation of macOS security updates.
Apache License 2.0
1.05k stars 187 forks source link

Test preferences with mobileconfig and json and see if anything breaks if keys are missing. #114

Closed erikng closed 3 years ago

erikng commented 3 years ago

I need people to test permutations of the configurations and report here if things break. We know that at the very least to get Nudge working you need a configuration that contains at least this.

But what happens if other things are missing or added? Or what if fake keys are added? How will the code currently work?

com.github.macadmins.Nudge.json

{
  "optionalFeatures": {
    "asyncronousSoftwareUpdate": true,
    "attemptToFetchMajorUpgrade": true,
    "enforceMinorUpdates": true
  },
  "osVersionRequirements": [
    {
      "aboutUpdateURLs": [
        {
          "_language": "en",
          "aboutUpdateURL": "https://support.apple.com/en-us/HT211896#macos1121"
        },
        {
          "_language": "es",
          "aboutUpdateURL": "https://support.apple.com/es-es/HT211896"
        },
        {
          "_language": "fr",
          "aboutUpdateURL": "https://support.apple.com/fr-fr/HT211896"
        },
        {
          "_language": "de",
          "aboutUpdateURL": "https://support.apple.com/de-de/HT211896"
        }
      ],
      "majorUpgradeAppPath": "/Applications/Install macOS Big Sur.app",
      "requiredInstallationDate": "2021-02-28T00:00:00Z",
      "requiredMinimumOSVersion": "11.3",
      "targetedOSVersions": ["11.0", "11.0.1", "11.1", "11.2"]
    }
  ]
}

com.github.macadmins.Nudge.mobileconfig

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>PayloadContent</key>
    <array>
        <dict>
            <key>PayloadDescription</key>
            <string>Configures all Nudge preferences</string>
            <key>PayloadDisplayName</key>
            <string>Nudge Preferences</string>
            <key>PayloadIdentifier</key>
            <string>com.github.macadmins.Nudge.preferences.example</string>
            <key>PayloadOrganization</key>
            <string></string>
            <key>PayloadType</key>
            <string>com.github.macadmins.Nudge</string>
            <key>PayloadUUID</key>
            <string>CA02957C-7472-446B-9F77-3E0414405556</string>
            <key>PayloadVersion</key>
            <integer>1</integer>
            <key>osVersionRequirements</key>
            <array>
                <dict>
                    <key>aboutUpdateURLs</key>
                    <array>
                        <dict>
                            <key>_language</key>
                            <string>en</string>
                            <key>aboutUpdateURL</key>
                            <string>https://support.apple.com/en-us/HT211896#macos1121</string>
                        </dict>
                        <dict>
                            <key>_language</key>
                            <string>es</string>
                            <key>aboutUpdateURL</key>
                            <string>https://support.apple.com/es-es/HT211896</string>
                        </dict>
                        <dict>
                            <key>_language</key>
                            <string>fr</string>
                            <key>aboutUpdateURL</key>
                            <string>https://support.apple.com/fr-fr/HT211896</string>
                        </dict>
                        <dict>
                            <key>_language</key>
                            <string>de</string>
                            <key>aboutUpdateURL</key>
                            <string>https://support.apple.com/de-de/HT211896</string>
                        </dict>
                    </array>
                    <key>majorUpgradeAppPath</key>
                    <string>/Applications/Install macOS Big Sur.app</string>
                    <key>requiredInstallationDate</key>
                    <date>2021-02-28T00:00:00Z</date>
                    <key>requiredMinimumOSVersion</key>
                    <string>11.3</string>
                    <key>targetedOSVersions</key>
                    <array>
                        <string>11.0</string>
                        <string>11.0.1</string>
                        <string>11.1</string>
                        <string>11.2</string>
                        <string>11.2.1</string>
                    </array>
                </dict>
            </array>
        </dict>
    </array>
    <key>PayloadDescription</key>
    <string>Configures Nudge application</string>
    <key>PayloadDisplayName</key>
    <string>Nudge</string>
    <key>PayloadIdentifier</key>
    <string>com.github.macadmins.Nudge.example</string>
    <key>PayloadOrganization</key>
    <string>Nudge</string>
    <key>PayloadScope</key>
    <string>System</string>
    <key>PayloadType</key>
    <string>Configuration</string>
    <key>PayloadUUID</key>
    <string>2F54F734-132D-4539-B583-F1DCF23DB5EB</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
</dict>
</plist>
erikng commented 3 years ago

Full profiles can be found here:

https://github.com/macadmins/nudge/tree/main/Example%20Assets

rorymurdock commented 3 years ago

But what happens if other things are missing or added? Or what if fake keys are added? How will the code currently work?

If I set requiredMinimumOSVersion to MobileConfig: 11.6 JSON Config: 11.5

and install both, it will default to the MobileConfig, if I remove that key from mobileconfig but have the JSON it uses the 11.5 from JSON, If I remove the JSON file then the UI doesn't launch and this is logged 2021-02-18 04:34:46.070493-0800 localhost Nudge[48988]: [com.github.macadmins.Nudge:utilities] Current operating system (11.1) is greater than or equal to required operating system (0.0)

Putting an invalid 11.abc results in the comparison failing and no line Current operating system (11.1) is greater than or equal to required operating system xxx

Putting in unsused keys has no effect.

All in all it's pretty robust, are we comfortable mixing JSON and Profile prefs like this? Have DM'ed you some questions on some of the logic.

erikng commented 3 years ago

Yeah I have no issue with profile and json doing that. In fact that's exactly what I want.

One thing I'm curious about is what happens with the aboutUpdateURL and text if you supply a locale but nothing in it. Or specify the keys but no locale.

Thanks, Erik Gomez

From: Rory Murdock notifications@github.com Sent: Thursday, February 18, 2021 7:30:00 AM To: macadmins/nudge nudge@noreply.github.com Cc: Erik Gomez e@eriknicolasgomez.com; Author author@noreply.github.com Subject: Re: [macadmins/nudge] Test preferences with mobileconfig and json and see if anything breaks if keys are missing. (#114)

But what happens if other things are missing or added? Or what if fake keys are added? How will the code currently work?

If I set requiredMinimumOSVersion to MobileConfig: 11.6 JSON Config: 11.5

and install both, it will default to the MobileConfig, if I remove that key from mobileconfig but have the JSON it uses the 11.5 from JSON, If I remove the JSON file then the UI doesn't launch and this is logged 2021-02-18 04:34:46.070493-0800 localhost Nudge[48988]: [com.github.macadmins.Nudge:utilities] Current operating system (11.1) is greater than or equal to required operating system (0.0)

Putting an invalid 11.abc results in the comparison failing and no line Current operating system (11.1) is greater than or equal to required operating system xxx

Putting in unsused keys has no effect.

All in all it's pretty robust, are we comfortable mixing JSON and Profile prefs like this? Have DM'ed you some questions on some of the logic.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/macadmins/nudge/issues/114#issuecomment-781344421, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ABLL6GDHRSHBVNXB6436CZLS7UI5RANCNFSM4XZPAJSQ.

erikng commented 3 years ago

Putting an invalid 11.abc results in the comparison failing and no line Current operating system (11.1) is greater than or equal to required operating system xxx

This is incorrect. I tested this a Swift Playground

print("11.2".compare("11.3", options: .numeric))
orderedAscending

print("11.2".compare("11.abc", options: .numeric))
orderedAscending

print("11.2".compare("11.1", options: .numeric))
orderedDescending

The comparison is actually happening and Nudge is detecting that the machine is out of date. That line only gets printed if the machine is running a higher OS than the requiredOSVersion.

erikng commented 3 years ago 
One thing I'm curious about is what happens with the aboutUpdateURL and text if you supply a locale but nothing in it. Or specify the keys but no locale.

Tested this now. In both cases, Nudge does the right thing and does not display the More Info button.

erikng commented 3 years ago

I'm closing this. Feeling good about this.