mirror of
https://github.com/empayre/fleet.git
synced 2024-11-06 08:55:24 +00:00
6e3248237c
The current approach to read the enroll secret and fleet url from a configuration profile is not ideal because: 1. (important) We're looking for a profile with a `ProfileIdentifier` equal to `com.fleetdm.fleetd.config`. This is not ideal because `ProfileIdentifier` is often modified by MDM vendors to ensure that's unique across all profiles in the system. 2. (nit) To look for the relevant profile, we were running `profiles list -o stdout-xml`, which can output a large amount of data that we need to parse and loop through to find the right profile. I have also considered: 1. Reading the value from a file that gets created at `/Library/Managed Preferences/com.fleetdm.fleetd.config.plist`, but I couldn't find any official sources on the reliablity of this, and after consulting internally and in the macAdmins slack I decided to not rely on it. 2. Keep on reading from the output of `profiles` but be smarter parsing the output (we should still be able to find the right profile) At the end, I decided to use osascript to read the value directly from the system.
2 lines
124 B
Plaintext
2 lines
124 B
Plaintext
* Improve the logic to read enroll secrets from macOS configuration profiles to be compatible with different MDM providers.
|