mirror of
https://github.com/fleetdm/fleet
synced 2026-05-24 09:28:54 +00:00
1fe49fb2e7
Added additional logic to the cleanup script to remove MDM artifacts. # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [ ] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] If paths of existing endpoints are modified without backwards compatibility, checked the frontend/CLI for any necessary changes - [ ] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [ ] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [ ] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [ ] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Orbit runs on macOS, Linux and Windows. Check if the orbit feature/bugfix should only apply to one platform (`runtime.GOOS`). - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
58 lines
1.9 KiB
Bash
Executable file
58 lines
1.9 KiB
Bash
Executable file
#!/bin/sh
|
|
|
|
if [ $(id -u) -ne 0 -a -z "$GITHUB_ACTIONS" ]; then
|
|
echo "Please run as root"
|
|
exit 1
|
|
fi
|
|
|
|
function remove_fleet {
|
|
set -x
|
|
|
|
rm -rf /Library/LaunchDaemons/com.fleetdm.orbit.plist /var/lib/orbit /usr/local/bin/orbit /var/log/orbit /opt/orbit/
|
|
|
|
pkgutil --forget com.fleetdm.orbit.base.pkg || true
|
|
|
|
launchctl stop com.fleetdm.orbit
|
|
launchctl unload /Library/LaunchDaemons/com.fleetdm.orbit.plist
|
|
|
|
pkill fleet-desktop || true
|
|
|
|
# Check MDM status on a macOS device
|
|
mdm_status=$(profiles status -type enrollment)
|
|
|
|
# Check for MDM enrollment status and cleanup enrollment profile
|
|
if echo "$mdm_status" | grep -q "MDM enrollment: Yes"; then
|
|
echo "This Mac is MDM enrolled. Removing enrollment profile."
|
|
profiles remove -identifier com.fleetdm.fleet.mdm.apple
|
|
elif echo "$mdm_status" | grep -q "MDM enrollment: No"; then
|
|
echo "This Mac is not MDM enrolled."
|
|
else
|
|
echo "MDM status is unknown."
|
|
fi
|
|
|
|
}
|
|
|
|
if [ "$1" = "remove" ]; then
|
|
# We are in the detached child process
|
|
# Give the parent process time to report the success before removing
|
|
echo "inside remove process" >>/tmp/fleet_remove_log.txt
|
|
sleep 15
|
|
if [ -z "$GITHUB_ACTIONS" ]; then
|
|
# We are root
|
|
remove_fleet >>/tmp/fleet_remove_log.txt 2>&1
|
|
else
|
|
# Inside a github action, sudo is passwordless
|
|
sudo remove_fleet >>/tmp/fleet_remove_log.txt 2>&1
|
|
fi
|
|
else
|
|
# We are in the parent shell, start the detached child and return success
|
|
echo "Removing fleet, system will be unenrolled in 15 seconds..."
|
|
echo "Executing detached child process"
|
|
if [ -z "$GITHUB_ACTIONS" ]; then
|
|
# We are root
|
|
bash -c "bash $0 remove >/dev/null 2>/dev/null </dev/null &"
|
|
else
|
|
# We are in a github action
|
|
sudo bash -c "bash $0 remove >/dev/null 2>/dev/null </dev/null &"
|
|
fi
|
|
fi
|