Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-19 15:09:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 72
fleet/ee/maintained-apps
History
Victor Lyuboslavsky 6b7d232522
Additional CA validation (#27169) 
For #26623

- Updated `github.com/groob/plist` to `github.com/micromdm/plist` -- it
was renamed
- Added validation that restricts DigiCert Fleet variables to
`com.apple.security.pkcs12` payloads plus additional restrictions
- Added validation that restricts Custom SCEP Fleet variables to
`com.apple.security.scep` payloads plus additional restrictions
- Enabled multiple CAs (Fleet variables) to be present in an Apple MDM
profile. But each CA can only be used once. For example, we can have
DigiCert CA and Custom SCEP CA in one Apple profile.

# Checklist for submitter
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-03-19 08:27:55 -05:00
..
ingesters Additional CA validation (#27169) 2025-03-19 08:27:55 -05:00
inputs add pre and post install script fields to FMAv2 input schema (#27214) 2025-03-17 19:28:50 -04:00
outputs Update Fleet-maintained apps (#27217) 2025-03-17 18:54:39 -05:00
maintained_apps.go FMAv2 ingestion functionality (#27018) 2025-03-12 17:51:14 -04:00
README.md add pre and post install script fields to FMAv2 input schema (#27214) 2025-03-17 19:28:50 -04:00

README.md

Fleet-maintained apps

Adding a new FMA

  1. Decide on a source for the app's metadata. We currently support homebrew as a source for macOS apps.
  2. Find that app's metadata. For homebrew, you can visit https://formulae.brew.sh/ and find the app there.
  3. Create a new file called $YOUR_APP_NAME.json in the inputs/$SOURCE directory. For example, if you wanted to add Box Drive and use homebrew as the source, you would create the file inputs/homebrew/box-drive.json.
  4. Fill out the file according to the breakdown below. For our example Box Drive app, it would look like this: 
    {
   "name": "Box Drive",
   "slug": "box-drive/darwin",
   "unique_identifier": "com.box.desktop",
   "token": "box-drive",
   "installer_format": "pkg",
   "pre_uninstall_scripts": [
      "(cd /Users/$LOGGED_IN_USER; sudo -u $LOGGED_IN_USER fileproviderctl domain remove -A com.box.desktop.boxfileprovider)",
      "(cd /Users/$LOGGED_IN_USER; sudo -u $LOGGED_IN_USER /Applications/Box.app/Contents/MacOS/fpe/streem --remove-fpe-domain-and-archive-unsynced-content Box)",
      "(cd /Users/$LOGGED_IN_USER; sudo -u $LOGGED_IN_USER /Applications/Box.app/Contents/MacOS/fpe/streem --remove-fpe-domain-and-preserve-unsynced-content Box)",
      "(cd /Users/$LOGGED_IN_USER; defaults delete com.box.desktop)",
      "echo \"${LOGGED_IN_USER} ALL = (root) NOPASSWD: /Library/Application\\ Support/Box/uninstall_box_drive_r\" >> /etc/sudoers.d/box_uninstall"
   ],
   "post_uninstall_scripts": ["rm /etc/sudoers.d/box_uninstall"]
}
  5. Open a PR to the fleet repository with the new app file. This will trigger a CI job which will automatically update your PR with the required output files. These files contain important data such as the install and uninstall scripts for the app.
  6. A Fleetie will test and review the PR. Once approved and merged, the app should appear in the Fleet-maintained apps section when adding new software to Fleet.

Input file schema

name

This is the user-facing name of the application.

unique_identifier

This is the platform-specific unique identifier for the app. On macOS, this is the app's bundle identifier.

token

This is the identifier used by homebrew for the app; it is the token field on the homebrew API response.

installer_format

This is the file format for the app's installer. Currently supported values are:

  • zip
  • dmg
  • pkg

To find the app's installer format, you can look at the url field on the homebrew API response. The installer's extension should be at the end of this URL.

Sometimes the file type is not included in the installer's URL. In this case, you can download the installer and use the extension of the downloaded file.

slug

The slug identifies a specific app and platform combination. It is used to name the manifest files that contain the metadata that Fleet needs to add, install, and uninstall this app.

The slug is composed of a filesystem-friendly version of the app name, and an operating system platform identifier, separated by a /.

For the app name part, use - to separate words if necessary, for example adobe-acrobat-reader.

The platform part can be any of these values:

  • darwin

For example, use a slug of box-drive/darwin for Box Drive on macOS.

pre_uninstall_scripts

These are command lines that will be run before the generated uninstall script is executed.

post_uninstall_scripts

These are command lines that will be run after the generated uninstall script is executed.