mirror of
https://github.com/fleetdm/fleet
synced 2026-04-30 18:07:56 +00:00
59a73b1e47
**Related issue:** Resolves #32084 This PR modifies `isValidAppFilePath` to allow subdirectors in `Applications/`, like in this case `Applications/Cisco/Cisco Secure Client.app`. This also changes the metadata extraction from packageinfo to trim `.app` from the name in all cases. # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] If paths of existing endpoints are modified without backwards compatibility, checked the frontend/CLI for any necessary changes ## Testing - [x] Added/updated automated tests - [ ] Where appropriate, [automated tests simulate multiple hosts and test for host isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing) (updates to one hosts's records do not affect another) - [x] QA'd all new/changed functionality manually ### Test plan: --- I ran this on my local environment and it seemed fine - Have environment with the bug recreated, it has two software titles for "Cisco Secure Client", and the one with the bundle id `com.cisco.pkg.anyconnect.vpn` is used by the installer. - URL to pkg: https://fndtnfleetmsp.blob.core.windows.net/fndtnpkgs/cisco-secure-client-macos-5.1.3.62-core-vpn-webdeploy-k9.pkg - Cisco Secure Client doesn't show as installed in UI even after installing. - Run the new migration. - Cisco Secure Client shows as installed now in ui, software title with bundle id `com.cisco.pkg.anyconnect.vpn` is gone from the database, and the software installer references the correct title (`com.cisco.secureclient.gui`). - Check that deleting and reuploading the installer doesn't recreate the bad software title. ### QA Note: --- There are some problems with the install script, but that is probably a different scope than this ticket. `Reinstall` wont work, it says Cisco Secure Client is already installed. Uninstalling through Fleet then Installing again works fine though.
90 lines
4.6 KiB
XML
90 lines
4.6 KiB
XML
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
|
<installer-gui-script minSpecVersion="1">
|
|
<title>Cisco Secure Client</title>
|
|
<background file="pkg_background.png" scaling="proportional" alignment="bottomleft"/>
|
|
<license file="License.rtf"/>
|
|
<options customize="never" rootVolumeOnly="true" hostArchitectures="x86_64,arm64"/>
|
|
<choices-outline>
|
|
<line choice="choice_anyconnect_vpn"/>
|
|
</choices-outline>
|
|
<choice id="choice_anyconnect_vpn" visible="true" title="AnyConnect VPN" description="Installs the module that enables VPN capabilities.">
|
|
<pkg-ref id="com.cisco.pkg.anyconnect.vpn"/>
|
|
</choice>
|
|
<pkg-ref id="com.cisco.pkg.anyconnect.vpn" version="5.1.3.62" installKBytes="63364">#vpn_module.pkg</pkg-ref>
|
|
<installation-check script="InstallationCheck()"/>
|
|
<volume-check script="VolumeCheck()"/>
|
|
<script>
|
|
function InstallationCheck()
|
|
{
|
|
if(!(system.compareVersions(system.version.ProductVersion, '11.0') >= 0))
|
|
{
|
|
my.result.title = 'Cisco Secure Client';
|
|
my.result.message = 'This software requires macOS 11 or later.';
|
|
my.result.type = 'Fatal';
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
function VolumeCheck()
|
|
{
|
|
// version of VPN being installed has to be higher than the version already installed
|
|
|
|
var vpnReceipt = my.target.receiptForIdentifier("com.cisco.pkg.anyconnect.vpn");
|
|
var vpnPackage = choices.choice_anyconnect_vpn.packages[0];
|
|
|
|
// if the receipt is not there assume no VPN installed or pre-3.1.1 version so it is OK to install
|
|
if (vpnReceipt)
|
|
{
|
|
// there is a 3.1.1+ version of VPN already installed
|
|
// check to see if version in this package is newer
|
|
var comparison = system.compareVersions(vpnReceipt.version, vpnPackage.version);
|
|
|
|
if (comparison == 0)
|
|
{
|
|
// versions are the same
|
|
my.result.message = 'Version ' + vpnReceipt.version + ' of Cisco Secure Client is already installed.';
|
|
my.result.type = 'Fatal';
|
|
return false;
|
|
}
|
|
else if (comparison > 0)
|
|
{
|
|
// installed version is newer
|
|
my.result.message = 'Newer version ' + vpnReceipt.version + ' of Cisco Secure Client is already installed.';
|
|
my.result.type = 'Fatal';
|
|
return false;
|
|
}
|
|
}
|
|
|
|
// Check if standalone NVM is installed
|
|
|
|
var nvmStandaloneReceipt = my.target.receiptForIdentifier("com.cisco.pkg.anyconnect.nvmstandalone");
|
|
if(nvmStandaloneReceipt)
|
|
{
|
|
// if version of standalone NVM installed is greater than Cisco Secure Client package version, fail with an error message
|
|
var comparison = system.compareVersions(nvmStandaloneReceipt.version, vpnPackage.version);
|
|
|
|
if (comparison > 0)
|
|
{
|
|
my.result.message = 'Version ' + nvmStandaloneReceipt.version + ' of Cisco Secure Client - Standalone Network Visibility Module is already installed.';
|
|
my.result.type = 'Fatal';
|
|
return false;
|
|
}
|
|
}
|
|
|
|
return true;
|
|
}
|
|
</script>
|
|
<pkg-ref id="com.cisco.pkg.anyconnect.vpn">
|
|
<bundle-version>
|
|
<bundle CFBundleShortVersionString="5.1.3.62" CFBundleVersion="5.1.3.62" id="com.cisco.secureclient.vpn.notification" path="opt/cisco/secureclient/bin/Cisco Secure Client - Notification.app"/>
|
|
<bundle id="com.cisco.secureclient.vpn.service" path="opt/cisco/secureclient/bin/Cisco Secure Client - AnyConnect VPN Service.app"/>
|
|
<bundle CFBundleVersion="5.1.3.62" id="com.cisco.secureclient.vpndownloader" path="opt/cisco/secureclient/bin/vpndownloader.app"/>
|
|
<bundle CFBundleShortVersionString="5.1.3.62" CFBundleVersion="5.1.3.62" id="com.cisco.secureclient.gui" path="Applications/Cisco/Cisco Secure Client.app"/>
|
|
<bundle CFBundleShortVersionString="5.1.3.14" CFBundleVersion="5.1.3.14" id="com.cisco.anyconnect.macos.acsock" path="Applications/Cisco/Cisco Secure Client - Socket Filter.app"/>
|
|
<bundle CFBundleShortVersionString="1.0" CFBundleVersion="1" id="com.cisco.secureclient.acwebhelper" path="opt/cisco/secureclient/bin/Cisco Secure Client - Web Browser.app"/>
|
|
<bundle CFBundleShortVersionString="5.1.3.62" CFBundleVersion="5.1.3.62" id="com.cisco.secureclient.uninstaller" path="Applications/Cisco/Uninstall Cisco Secure Client.app"/>
|
|
</bundle-version>
|
|
</pkg-ref>
|
|
</installer-gui-script>
|