mirror of
https://github.com/fleetdm/fleet
synced 2026-04-21 21:47:20 +00:00
52ce6a204c
<!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> **Related issue:** Resolves #42673 Every manifest version now matches what hosts report. Here's the before/after comparison: | App | Before (Library) | After (Library) | Host Reports | Match? | |-----|-----------------|----------------|-------------|--------| | Android Studio | `2025.3.2.6` | `2025.3` | `2025.3` | Yes | | Citrix Workspace | `25.11.1.42` | `25.11.1` | `25.11.1` | Yes | | Elgato Stream Deck | `7.3.1.22604` | `7.3.1` | `7.3.1` | Yes | | FileMaker Pro | `22.0.5.500` | `22.0.5` | `22.0.5` | Yes | | Microsoft Auto Update | `4.82.26020434` | `4.82` | `4.82` | Yes | | Opera | `129.0.5823.28` | `129.0` | `129.0` | Yes | | Royal TSX | `6.4.2.1000` | `6.4.2` | `6.4.2` | Yes | | Twingate | `2026.29.22575` | `2026.29` | `2026.29` | Yes | | Microsoft OneNote | `16.107.26032211` | `16.107.2` | `16.107.2` | Yes | | Microsoft Outlook | `16.107.26032211` | `16.107.2` | `16.107.2` | Yes | | Microsoft PowerPoint | `16.107.26032211` | `16.107.2` | `16.107.2` | Yes | | Sublime Text | `4200` | `Build 4200` | `Build 4200` | Yes | | Sublime Merge | `2123` | `Build 2123` | `Build 2123` | Yes | | MySQL Workbench | `8.0.46` | `8.0.46.CE` | `8.0.46.CE` | Yes | | Lens | `2026.3.251250` | `2026.3.251250-latest` | `2026.3.251250-latest` | Yes | The library version, the patch policy `version_compare`, and the frontend comparison will all use versions that match what hosts actually report. # Checklist for submitter If some of the following don't apply, delete the relevant line. - [ ] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements), JS inline code is prevented especially for url redirects, and untrusted data interpolated into shell scripts/commands is validated against shell metacharacters. - [ ] If paths of existing endpoints are modified without backwards compatibility, checked the frontend/CLI for any necessary changes ## Testing - [ ] Added/updated automated tests - [ ] Where appropriate, [automated tests simulate multiple hosts and test for host isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing) (updates to one hosts's records do not affect another) - [ ] QA'd all new/changed functionality manually For unreleased bug fixes in a release candidate, one of: - [ ] Confirmed that the fix is not expected to adversely impact load test results - [ ] Alerted the release DRI if additional load testing is needed ## Database migrations - [ ] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [ ] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [ ] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). ## New Fleet configuration settings - [ ] Setting(s) is/are explicitly excluded from GitOps If you didn't check the box above, follow this checklist for GitOps-enabled settings: - [ ] Verified that the setting is exported via `fleetctl generate-gitops` - [ ] Verified the setting is documented in a separate PR to [the GitOps documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485) - [ ] Verified that the setting is cleared on the server if it is not supplied in a YAML file (or that it is documented as being optional) - [ ] Verified that any relevant UI is disabled when GitOps mode is enabled ## fleetd/orbit/Fleet Desktop - [ ] Verified compatibility with the latest released version of Fleet (see [Must rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md)) - [ ] If the change applies to only one platform, confirmed that `runtime.GOOS` is used as needed to isolate changes - [ ] Verified that fleetd runs on macOS, Linux and Windows - [ ] Verified auto-update works from the released version of component to the new version (see [tools/tuf/test](../tools/tuf/test/README.md))
22 lines
11 KiB
JSON
22 lines
11 KiB
JSON
{
|
|
"versions": [
|
|
{
|
|
"version": "4.82",
|
|
"queries": {
|
|
"exists": "SELECT 1 FROM apps WHERE bundle_identifier = 'com.microsoft.autoupdate2';",
|
|
"patched": "SELECT 1 WHERE NOT EXISTS (SELECT 1 FROM apps WHERE bundle_identifier = 'com.microsoft.autoupdate2' AND version_compare(bundle_short_version, '4.82') < 0);"
|
|
},
|
|
"installer_url": "https://officecdnmac.microsoft.com/pr/C1297A47-86C4-4C1F-97FA-950631F94777/MacAutoupdate/Microsoft_AutoUpdate_4.82.26020434_Updater.pkg",
|
|
"install_script_ref": "f5717059",
|
|
"uninstall_script_ref": "25fbcbeb",
|
|
"sha256": "c0801456f39feb52f9bbca50be9e6c9dbfe05bbb043e2802aac5ce3f24a71567",
|
|
"default_categories": [
|
|
"Productivity"
|
|
]
|
|
}
|
|
],
|
|
"refs": {
|
|
"25fbcbeb": "#!/bin/sh\n\n# variables\nLOGGED_IN_USER=$(scutil <<< \"show State:/Users/ConsoleUser\" | awk '/Name :/ { print $3 }')\n# functions\n\nexpand_pkgid_and_map() {\n local PKGID=\"$1\"\n local FUNC=\"$2\"\n if [[ \"$PKGID\" == *\"*\" ]]; then\n local prefix=\"${PKGID%\\*}\"\n echo \"Expanding wildcard for PKGID: $PKGID\"\n for receipt in $(pkgutil --pkgs | grep \"^${prefix}\"); do\n echo \"Processing $receipt\"\n \"$FUNC\" \"$receipt\"\n done\n else\n \"$FUNC\" \"$PKGID\"\n fi\n}\n\nforget_pkg() {\n local PKGID=\"$1\"\n expand_pkgid_and_map \"$PKGID\" forget_receipt\n}\n\nforget_receipt() {\n local PKGID=\"$1\"\n sudo pkgutil --forget \"$PKGID\"\n}\n\nquit_application() {\n local bundle_id=\"$1\"\n local timeout_duration=10\n\n # check if the application is running\n local app_running\n app_running=$(osascript -e \"application id \\\"$bundle_id\\\" is running\" 2>/dev/null)\n if [[ \"$app_running\" != \"true\" ]]; then\n return\n fi\n\n local console_user\n console_user=$(stat -f \"%Su\" /dev/console)\n if [[ $EUID -eq 0 && \"$console_user\" == \"root\" ]]; then\n echo \"Not logged into a non-root GUI; skipping quitting application ID '$bundle_id'.\"\n return\n fi\n\n echo \"Quitting application '$bundle_id'...\"\n\n # try to quit the application within the timeout period\n local quit_success=false\n SECONDS=0\n while (( SECONDS < timeout_duration )); do\n if osascript -e \"tell application id \\\"$bundle_id\\\" to quit\" >/dev/null 2>&1; then\n if ! pgrep -f \"$bundle_id\" >/dev/null 2>&1; then\n echo \"Application '$bundle_id' quit successfully.\"\n quit_success=true\n break\n fi\n fi\n sleep 1\n done\n\n if [[ \"$quit_success\" = false ]]; then\n echo \"Application '$bundle_id' did not quit.\"\n fi\n}\n\n\nremove_launchctl_service() {\n local service=\"$1\"\n local booleans=(\"true\" \"false\")\n local plist_status\n local paths\n local should_sudo\n\n echo \"Removing launchctl service ${service}\"\n\n for should_sudo in \"${booleans[@]}\"; do\n plist_status=$(launchctl list \"${service}\" 2>/dev/null)\n\n if [[ $plist_status == \\{* ]]; then\n if [[ $should_sudo == \"true\" ]]; then\n sudo launchctl remove \"${service}\"\n else\n launchctl remove \"${service}\"\n fi\n sleep 1\n fi\n\n paths=(\n \"/Library/LaunchAgents/${service}.plist\"\n \"/Library/LaunchDaemons/${service}.plist\"\n )\n\n # if not using sudo, prepend the home directory to the paths\n if [[ $should_sudo == \"false\" ]]; then\n for i in \"${!paths[@]}\"; do\n paths[i]=\"${HOME}${paths[i]}\"\n done\n fi\n\n for path in \"${paths[@]}\"; do\n if [[ -e \"$path\" ]]; then\n if [[ $should_sudo == \"true\" ]]; then\n sudo rm -f -- \"$path\"\n else\n rm -f -- \"$path\"\n fi\n fi\n done\n done\n}\n\nremove_pkg_files() {\n local PKGID=\"$1\"\n expand_pkgid_and_map \"$PKGID\" remove_receipt_files\n}\n\nremove_receipt_files() {\n local PKGID=\"$1\"\n local PKGINFO VOLUME INSTALL_LOCATION FULL_INSTALL_LOCATION\n\n echo \"pkgutil --pkg-info-plist \\\"$PKGID\\\"\"\n PKGINFO=$(pkgutil --pkg-info-plist \"$PKGID\")\n VOLUME=$(echo \"$PKGINFO\" | awk '/<key>volume<\\/key>/ {getline; gsub(/.*<string>|<\\/string>.*/, \"\"); print}')\n INSTALL_LOCATION=$(echo \"$PKGINFO\" | awk '/<key>install-location<\\/key>/ {getline; gsub(/.*<string>|<\\/string>.*/, \"\"); print}')\n\n if [ -z \"$INSTALL_LOCATION\" ] || [ \"$INSTALL_LOCATION\" = \"/\" ]; then\n FULL_INSTALL_LOCATION=\"$VOLUME\"\n else\n FULL_INSTALL_LOCATION=\"$VOLUME/$INSTALL_LOCATION\"\n FULL_INSTALL_LOCATION=$(echo \"$FULL_INSTALL_LOCATION\" | sed 's|//|/|g')\n fi\n\n echo \"sudo pkgutil --only-files --files \\\"$PKGID\\\" | sed \\\"s|^|${FULL_INSTALL_LOCATION}/|\\\" | tr '\\\\\\\\n' '\\\\\\\\0' | /usr/bin/sudo -u root -E -- /usr/bin/xargs -0 -- /bin/rm -rf\"\n sudo pkgutil --only-files --files \"$PKGID\" | sed \"s|^|/${INSTALL_LOCATION}/|\" | tr '\\n' '\\0' | /usr/bin/sudo -u root -E -- /usr/bin/xargs -0 -- /bin/rm -rf\n\n echo \"sudo pkgutil --only-dirs --files \\\"$PKGID\\\" | sed \\\"s|^|${FULL_INSTALL_LOCATION}/|\\\" | grep '\\\\.app$' | tr '\\\\\\\\n' '\\\\\\\\0' | /usr/bin/sudo -u root -E -- /usr/bin/xargs -0 -- /bin/rm -rf\"\n sudo pkgutil --only-dirs --files \"$PKGID\" | sed \"s|^|${FULL_INSTALL_LOCATION}/|\" | grep '\\.app$' | tr '\\n' '\\0' | /usr/bin/sudo -u root -E -- /usr/bin/xargs -0 -- /bin/rm -rf\n\n root_app_dir=$(\n sudo pkgutil --only-dirs --files \"$PKGID\" \\\n | sed \"s|^|${FULL_INSTALL_LOCATION}/|\" \\\n | grep 'Applications' \\\n | awk '{ print length, $0 }' \\\n | sort -n \\\n | head -n1 \\\n | cut -d' ' -f2-\n )\n if [ -n \"$root_app_dir\" ]; then\n echo \"sudo rmdir -p \\\"$root_app_dir\\\" 2>/dev/null || :\"\n sudo rmdir -p \"$root_app_dir\" 2>/dev/null || :\n fi\n}\n\ntrash() {\n local logged_in_user=\"$1\"\n local target_file=\"$2\"\n local timestamp=\"$(date +%Y-%m-%d-%s)\"\n local rand=\"$(jot -r 1 0 99999)\"\n\n # replace ~ with /Users/$logged_in_user\n if [[ \"$target_file\" == ~* ]]; then\n target_file=\"/Users/$logged_in_user${target_file:1}\"\n fi\n\n local trash=\"/Users/$logged_in_user/.Trash\"\n local file_name=\"$(basename \"${target_file}\")\"\n\n if [[ -e \"$target_file\" ]]; then\n echo \"removing $target_file.\"\n mv -f \"$target_file\" \"$trash/${file_name}_${timestamp}_${rand}\"\n else\n echo \"$target_file doesn't exist.\"\n fi\n}\n\nremove_launchctl_service 'com.microsoft.autoupdate.helper'\nremove_launchctl_service 'com.microsoft.autoupdate.helpertool'\nremove_launchctl_service 'com.microsoft.update.agent'\nquit_application 'com.microsoft.autoupdate.fba'\nquit_application 'com.microsoft.autoupdate2'\nquit_application 'com.microsoft.errorreporting'\nremove_pkg_files 'com.microsoft.package.Microsoft_AU_Bootstrapper.app'\nforget_pkg 'com.microsoft.package.Microsoft_AU_Bootstrapper.app'\nremove_pkg_files 'com.microsoft.package.Microsoft_AutoUpdate.app'\nforget_pkg 'com.microsoft.package.Microsoft_AutoUpdate.app'\nsudo rm -rf '/Library/Caches/com.microsoft.autoupdate.fba'\nsudo rm -rf '/Library/Caches/com.microsoft.autoupdate.helper'\nsudo rm -rf '/Library/LaunchDaemons/com.microsoft.autoupdate.helper.plist'\nsudo rm -rf '/Library/Preferences/com.microsoft.autoupdate2.plist'\nsudo rm -rf '/Library/PrivilegedHelperTools/com.microsoft.autoupdate.helper'\nsudo rmdir '~/Library/Caches/Microsoft'\nsudo rmdir '~/Library/Caches/Microsoft/uls'\ntrash $LOGGED_IN_USER '~/Library/Application Scripts/UBF8T346G9.com.microsoft.oneauth'\ntrash $LOGGED_IN_USER '~/Library/Application Support/Microsoft AutoUpdate'\ntrash $LOGGED_IN_USER '~/Library/Caches/com.microsoft.autoupdate.fba'\ntrash $LOGGED_IN_USER '~/Library/Caches/com.microsoft.autoupdate2'\ntrash $LOGGED_IN_USER '~/Library/Caches/Microsoft/uls/com.microsoft.autoupdate.fba'\ntrash $LOGGED_IN_USER '~/Library/Caches/Microsoft/uls/com.microsoft.autoupdate2'\ntrash $LOGGED_IN_USER '~/Library/Cookies/com.microsoft.autoupdate.fba.binarycookies'\ntrash $LOGGED_IN_USER '~/Library/Cookies/com.microsoft.autoupdate2.binarycookies'\ntrash $LOGGED_IN_USER '~/Library/Group Containers/UBF8T346G9.com.microsoft.oneauth'\ntrash $LOGGED_IN_USER '~/Library/Group Containers/UBF8T346G9.ms'\ntrash $LOGGED_IN_USER '~/Library/HTTPStorages/com.microsoft.autoupdate.fba'\ntrash $LOGGED_IN_USER '~/Library/HTTPStorages/com.microsoft.autoupdate2'\ntrash $LOGGED_IN_USER '~/Library/Preferences/com.microsoft.autoupdate.fba.plist'\ntrash $LOGGED_IN_USER '~/Library/Preferences/com.microsoft.autoupdate2.plist'\ntrash $LOGGED_IN_USER '~/Library/Preferences/com.microsoft.shared.plist'\ntrash $LOGGED_IN_USER '~/Library/Saved Application State/com.microsoft.autoupdate2.savedState'\n",
|
|
"f5717059": "#!/bin/sh\n\n# variables\nAPPDIR=\"/Applications/\"\nTMPDIR=$(dirname \"$(realpath $INSTALLER_PATH)\")\n# functions\n\nquit_and_track_application() {\n local bundle_id=\"$1\"\n local var_name=\"APP_WAS_RUNNING_$(echo \"$bundle_id\" | tr '.-' '__')\"\n local timeout_duration=10\n\n # check if the application is running\n local app_running\n app_running=$(osascript -e \"application id \\\"$bundle_id\\\" is running\" 2>/dev/null)\n if [[ \"$app_running\" != \"true\" ]]; then\n eval \"export $var_name=0\"\n return\n fi\n\n local console_user\n console_user=$(stat -f \"%Su\" /dev/console)\n if [[ $EUID -eq 0 && \"$console_user\" == \"root\" ]]; then\n echo \"Not logged into a non-root GUI; skipping quitting application ID '$bundle_id'.\"\n eval \"export $var_name=0\"\n return\n fi\n\n # App was running, mark it for relaunch\n eval \"export $var_name=1\"\n echo \"Application '$bundle_id' was running; will relaunch after installation.\"\n\n echo \"Quitting application '$bundle_id'...\"\n\n # try to quit the application within the timeout period\n local quit_success=false\n SECONDS=0\n while (( SECONDS < timeout_duration )); do\n if osascript -e \"tell application id \\\"$bundle_id\\\" to quit\" >/dev/null 2>&1; then\n if ! pgrep -f \"$bundle_id\" >/dev/null 2>&1; then\n echo \"Application '$bundle_id' quit successfully.\"\n quit_success=true\n break\n fi\n fi\n sleep 1\n done\n\n if [[ \"$quit_success\" = false ]]; then\n echo \"Application '$bundle_id' did not quit.\"\n fi\n}\n\n\nrelaunch_application() {\n local bundle_id=\"$1\"\n local var_name=\"APP_WAS_RUNNING_$(echo \"$bundle_id\" | tr '.-' '__')\"\n local was_running\n\n # Check if the app was running before installation\n eval \"was_running=\\$$var_name\"\n if [[ \"$was_running\" != \"1\" ]]; then\n return\n fi\n\n local console_user\n console_user=$(stat -f \"%Su\" /dev/console)\n if [[ $EUID -eq 0 && \"$console_user\" == \"root\" ]]; then\n echo \"Not logged into a non-root GUI; skipping relaunching application ID '$bundle_id'.\"\n return\n fi\n\n echo \"Relaunching application '$bundle_id'...\"\n\n # Try to launch the application\n if osascript -e \"tell application id \\\"$bundle_id\\\" to activate\" >/dev/null 2>&1; then\n echo \"Application '$bundle_id' relaunched successfully.\"\n else\n echo \"Failed to relaunch application '$bundle_id'.\"\n fi\n}\n\n\n# install pkg files\nquit_and_track_application 'com.microsoft.autoupdate2'\nsudo installer -pkg \"$TMPDIR/Microsoft_AutoUpdate_4.82.26020434_Updater.pkg\" -target /\nrelaunch_application 'com.microsoft.autoupdate2'\n"
|
|
}
|
|
}
|