mirror of
https://github.com/fleetdm/fleet
synced 2026-05-24 09:28:54 +00:00
6e3248237c
The current approach to read the enroll secret and fleet url from a configuration profile is not ideal because: 1. (important) We're looking for a profile with a `ProfileIdentifier` equal to `com.fleetdm.fleetd.config`. This is not ideal because `ProfileIdentifier` is often modified by MDM vendors to ensure that's unique across all profiles in the system. 2. (nit) To look for the relevant profile, we were running `profiles list -o stdout-xml`, which can output a large amount of data that we need to parse and loop through to find the right profile. I have also considered: 1. Reading the value from a file that gets created at `/Library/Managed Preferences/com.fleetdm.fleetd.config.plist`, but I couldn't find any official sources on the reliablity of this, and after consulting internally and in the macAdmins slack I decided to not rely on it. 2. Keep on reading from the output of `profiles` but be smarter parsing the output (we should still be able to find the right profile) At the end, I decided to use osascript to read the value directly from the system. |
||
|---|---|---|
| .. | ||
| profiles.go | ||
| profiles_darwin.go | ||
| profiles_darwin_test.go | ||
| profiles_notdarwin.go | ||
| profiles_notdarwin_test.go | ||