From 90dcb6171b7d9404a7684d4a977922eb739ed146 Mon Sep 17 00:00:00 2001 From: Erik Gomez Date: Mon, 4 Mar 2024 16:41:31 -0600 Subject: [PATCH 1/7] Move installer scripts within Nudge.app --- Nudge.xcodeproj/project.pbxproj | 24 ++++++++++ Nudge/Scripts/postinstall-launchagent | 51 +++++++++++++++++++++ Nudge/Scripts/postinstall-logger | 34 ++++++++++++++ Nudge/Scripts/postinstall-suite | 66 +++++++++++++++++++++++++++ Nudge/Scripts/preinstall-app | 34 ++++++++++++++ build_assets/postinstall-launchagent | 38 ++------------- build_assets/postinstall-logger | 21 ++------- build_assets/postinstall-suite | 53 ++------------------- build_assets/preinstall-app | 21 ++------- 9 files changed, 222 insertions(+), 120 deletions(-) create mode 100755 Nudge/Scripts/postinstall-launchagent create mode 100755 Nudge/Scripts/postinstall-logger create mode 100755 Nudge/Scripts/postinstall-suite create mode 100755 Nudge/Scripts/preinstall-app diff --git a/Nudge.xcodeproj/project.pbxproj b/Nudge.xcodeproj/project.pbxproj index 5a709c3a..04a33126 100644 --- a/Nudge.xcodeproj/project.pbxproj +++ b/Nudge.xcodeproj/project.pbxproj @@ -41,6 +41,10 @@ 63D7D0F625C9E9A500236281 /* NudgeTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 63D7D0F525C9E9A500236281 /* NudgeTests.swift */; }; 63D7D10125C9E9A500236281 /* NudgeUITests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 63D7D10025C9E9A500236281 /* NudgeUITests.swift */; }; 63D7D12725C9F1EE00236281 /* StandardMode.swift in Sources */ = {isa = PBXBuildFile; fileRef = 63D7D12625C9F1EE00236281 /* StandardMode.swift */; }; + 63FD280F2B96846A004E0108 /* postinstall-launchagent in Resources */ = {isa = PBXBuildFile; fileRef = 63FD280B2B9682CD004E0108 /* postinstall-launchagent */; }; + 63FD28102B96846E004E0108 /* postinstall-logger in Resources */ = {isa = PBXBuildFile; fileRef = 63FD280C2B9682F9004E0108 /* postinstall-logger */; }; + 63FD28112B968472004E0108 /* postinstall-suite in Resources */ = {isa = PBXBuildFile; fileRef = 63FD280D2B968309004E0108 /* postinstall-suite */; }; + 63FD28122B968475004E0108 /* preinstall-app in Resources */ = {isa = PBXBuildFile; fileRef = 63FD280E2B96831F004E0108 /* preinstall-app */; }; 73CC1D7829B81EE500FBF8E2 /* com.github.macadmins.Nudge.SMAppService.plist in Resources */ = {isa = PBXBuildFile; fileRef = 73CC1D7729B81EE500FBF8E2 /* com.github.macadmins.Nudge.SMAppService.plist */; }; 73CC1D7A29B81F0600FBF8E2 /* com.github.macadmins.Nudge.SMAppService.plist in CopyFiles */ = {isa = PBXBuildFile; fileRef = 73CC1D7729B81EE500FBF8E2 /* com.github.macadmins.Nudge.SMAppService.plist */; settings = {ATTRIBUTES = (CodeSignOnCopy, ); }; }; /* End PBXBuildFile section */ @@ -118,6 +122,10 @@ 63D7D10025C9E9A500236281 /* NudgeUITests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = NudgeUITests.swift; sourceTree = ""; }; 63D7D10225C9E9A500236281 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = ""; }; 63D7D12625C9F1EE00236281 /* StandardMode.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = StandardMode.swift; sourceTree = ""; }; + 63FD280B2B9682CD004E0108 /* postinstall-launchagent */ = {isa = PBXFileReference; lastKnownFileType = text; path = "postinstall-launchagent"; sourceTree = ""; }; + 63FD280C2B9682F9004E0108 /* postinstall-logger */ = {isa = PBXFileReference; lastKnownFileType = text; path = "postinstall-logger"; sourceTree = ""; }; + 63FD280D2B968309004E0108 /* postinstall-suite */ = {isa = PBXFileReference; lastKnownFileType = text; path = "postinstall-suite"; sourceTree = ""; }; + 63FD280E2B96831F004E0108 /* preinstall-app */ = {isa = PBXFileReference; lastKnownFileType = text; path = "preinstall-app"; sourceTree = ""; }; 73CC1D7729B81EE500FBF8E2 /* com.github.macadmins.Nudge.SMAppService.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = com.github.macadmins.Nudge.SMAppService.plist; sourceTree = ""; }; /* End PBXFileReference section */ @@ -255,6 +263,7 @@ 639B6B5425DF374600E38EC1 /* UI */, 639B6B3925DF1FEB00E38EC1 /* Preferences */, 639B6B4725DF218900E38EC1 /* Utilities */, + 63FD280A2B968290004E0108 /* Scripts */, 63D7D0E625C9E9A500236281 /* Assets.xcassets */, 63D7D0EB25C9E9A500236281 /* Info.plist */, 63D7D0EC25C9E9A500236281 /* Nudge.entitlements */, @@ -291,6 +300,17 @@ path = NudgeUITests; sourceTree = ""; }; + 63FD280A2B968290004E0108 /* Scripts */ = { + isa = PBXGroup; + children = ( + 63FD280B2B9682CD004E0108 /* postinstall-launchagent */, + 63FD280C2B9682F9004E0108 /* postinstall-logger */, + 63FD280D2B968309004E0108 /* postinstall-suite */, + 63FD280E2B96831F004E0108 /* preinstall-app */, + ); + path = Scripts; + sourceTree = ""; + }; /* End PBXGroup section */ /* Begin PBXNativeTarget section */ @@ -412,13 +432,17 @@ isa = PBXResourcesBuildPhase; buildActionMask = 2147483647; files = ( + 63FD280F2B96846A004E0108 /* postinstall-launchagent in Resources */, 63D7D0EA25C9E9A500236281 /* Preview Assets.xcassets in Resources */, + 63FD28122B968475004E0108 /* preinstall-app in Resources */, 63D7D0E725C9E9A500236281 /* Assets.xcassets in Resources */, 639B6B0F25DC9ED300E38EC1 /* com.github.macadmins.Nudge.mobileconfig in Resources */, 73CC1D7829B81EE500FBF8E2 /* com.github.macadmins.Nudge.SMAppService.plist in Resources */, 63C6A08E2833FB6500D5264A /* com.github.macadmins.Nudge.tester.json in Resources */, 035C2AEC25D8ABC400429458 /* com.github.macadmins.Nudge.json in Resources */, + 63FD28112B968472004E0108 /* postinstall-suite in Resources */, 6316F0E72832CA0700E1354D /* Schema in Resources */, + 63FD28102B96846E004E0108 /* postinstall-logger in Resources */, 637CEBC12A30C9E700EFA3E9 /* Localizable.xcstrings in Resources */, ); runOnlyForDeploymentPostprocessing = 0; diff --git a/Nudge/Scripts/postinstall-launchagent b/Nudge/Scripts/postinstall-launchagent new file mode 100755 index 00000000..17deaa57 --- /dev/null +++ b/Nudge/Scripts/postinstall-launchagent @@ -0,0 +1,51 @@ +# +# Copyright 2021-Present Erik Gomez. +# +# Licensed under the Apache License, Version 2.0 (the 'License'); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an 'AS IS' BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# If you change your agent file name, update the following line +launch_agent_plist_name='com.github.macadmins.Nudge.plist' + +# Base paths +launch_agent_base_path='Library/LaunchAgents/' + +# Load agent if installing to a running system +if [[ $3 == "/" ]] ; then + # Fail the install if the admin forgets to change their paths and they don't exist. + if [ ! -e "$3/${launch_agent_base_path}${launch_agent_plist_name}" ]; then + echo "LaunchAgent missing, exiting" + exit 1 + fi + + # Current console user information + console_user=$(/usr/bin/stat -f "%Su" /dev/console) + console_user_uid=$(/usr/bin/id -u "$console_user") + + # Only enable the LaunchAgent if there is a user logged in, otherwise rely on built in LaunchAgent behavior + if [[ -z "$console_user" ]]; then + echo "Did not detect user" + elif [[ "$console_user" == "loginwindow" ]]; then + echo "Detected Loginwindow Environment" + elif [[ "$console_user" == "_mbsetupuser" ]]; then + echo "Detect SetupAssistant Environment" + elif [[ "$console_user" == "root" ]]; then + echo "Detect root as currently logged-in user" + else + # Unload the agent so it can be triggered on re-install + /bin/launchctl asuser "${console_user_uid}" /bin/launchctl unload -w "$3${launch_agent_base_path}${launch_agent_plist_name}" + # Kill Nudge just in case (say someone manually opens it and not launched via launchagent + /usr/bin/killall Nudge + # Load the launch agent + /bin/launchctl asuser "${console_user_uid}" /bin/launchctl load -w "$3${launch_agent_base_path}${launch_agent_plist_name}" + fi +fi diff --git a/Nudge/Scripts/postinstall-logger b/Nudge/Scripts/postinstall-logger new file mode 100755 index 00000000..66813978 --- /dev/null +++ b/Nudge/Scripts/postinstall-logger @@ -0,0 +1,34 @@ +# +# Copyright 2021-Present Erik Gomez. +# +# Licensed under the Apache License, Version 2.0 (the 'License'); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an 'AS IS' BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# If you change your agent file name, update the following line +launch_daemon_plist_name='com.github.macadmins.Nudge.logger.plist' + +# Base paths +launch_daemon_base_path='Library/LaunchDaemons/' + +# Load agent if installing to a running system +if [[ $3 == "/" ]] ; then + # Fail the install if the admin forgets to change their paths and they don't exist. + if [ ! -e "$3/${launch_daemon_base_path}${launch_daemon_plist_name}" ]; then + echo "LaunchDaemon missing, exiting" + exit 1 + fi + + # Unload the agent so it can be triggered on re-install + /bin/launchctl unload -w "$3${launch_daemon_base_path}${launch_daemon_plist_name}" + # Load the launch agent + /bin/launchctl load -w "$3${launch_daemon_base_path}${launch_daemon_plist_name}" +fi diff --git a/Nudge/Scripts/postinstall-suite b/Nudge/Scripts/postinstall-suite new file mode 100755 index 00000000..8a055636 --- /dev/null +++ b/Nudge/Scripts/postinstall-suite @@ -0,0 +1,66 @@ +# +# Copyright 2021-Present Erik Gomez. +# +# Licensed under the Apache License, Version 2.0 (the 'License'); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an 'AS IS' BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# If you change your agent/daemon files name, update the following lines +launch_agent_plist_name='com.github.macadmins.Nudge.plist' +launch_daemon_plist_name='com.github.macadmins.Nudge.logger.plist' + +# Base paths +launch_agent_base_path='Library/LaunchAgents/' +launch_daemon_base_path='Library/LaunchDaemons/' + +# Load agent and daemon if installing to a running system +if [[ $3 == "/" ]] ; then + ## Agent + # Fail the install if the admin forgets to change their paths and they don't exist. + if [ ! -e "$3/${launch_agent_base_path}${launch_agent_plist_name}" ]; then + echo "LaunchAgent missing, exiting" + exit 1 + fi + + # Current console user information + console_user=$(/usr/bin/stat -f "%Su" /dev/console) + console_user_uid=$(/usr/bin/id -u "$console_user") + + # Only enable the LaunchAgent if there is a user logged in, otherwise rely on built in LaunchAgent behavior + if [[ -z "$console_user" ]]; then + echo "Did not detect user" + elif [[ "$console_user" == "loginwindow" ]]; then + echo "Detected Loginwindow Environment" + elif [[ "$console_user" == "_mbsetupuser" ]]; then + echo "Detect SetupAssistant Environment" + elif [[ "$console_user" == "root" ]]; then + echo "Detect root as currently logged-in user" + else + # Unload the agent so it can be triggered on re-install + /bin/launchctl asuser "${console_user_uid}" /bin/launchctl unload -w "$3${launch_agent_base_path}${launch_agent_plist_name}" + # Kill Nudge just in case (say someone manually opens it and not launched via launchagent + /usr/bin/killall Nudge + # Load the launch agent + /bin/launchctl asuser "${console_user_uid}" /bin/launchctl load -w "$3${launch_agent_base_path}${launch_agent_plist_name}" + fi + + ## Daemon Logger + # Fail the install if the admin forgets to change their paths and they don't exist. + if [ ! -e "$3/${launch_daemon_base_path}${launch_daemon_plist_name}" ]; then + echo "LaunchDaemon missing, exiting" + exit 1 + fi + + # Unload the agent so it can be triggered on re-install + /bin/launchctl unload -w "$3${launch_daemon_base_path}${launch_daemon_plist_name}" + # Load the launch agent + /bin/launchctl load -w "$3${launch_daemon_base_path}${launch_daemon_plist_name}" +fi diff --git a/Nudge/Scripts/preinstall-app b/Nudge/Scripts/preinstall-app new file mode 100755 index 00000000..9cea8714 --- /dev/null +++ b/Nudge/Scripts/preinstall-app @@ -0,0 +1,34 @@ +# +# Copyright 2021-Present Erik Gomez. +# +# Licensed under the Apache License, Version 2.0 (the 'License'); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an 'AS IS' BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Only run if on a running system +if [[ $3 == "/" ]] ; then + # Current console user information + console_user=$(/usr/bin/stat -f "%Su" /dev/console) + + # Only run if there is a user logged in, otherwise do nothing + if [[ -z "$console_user" ]]; then + echo "Did not detect user" + elif [[ "$console_user" == "loginwindow" ]]; then + echo "Detected Loginwindow Environment" + elif [[ "$console_user" == "_mbsetupuser" ]]; then + echo "Detect SetupAssistant Environment" + elif [[ "$console_user" == "root" ]]; then + echo "Detect root as currently logged-in user" + else + # Kill Nudge is running + /usr/bin/pgrep -i Nudge | /usr/bin/xargs kill + fi +fi diff --git a/build_assets/postinstall-launchagent b/build_assets/postinstall-launchagent index 2fdc8bc3..fb75dcac 100755 --- a/build_assets/postinstall-launchagent +++ b/build_assets/postinstall-launchagent @@ -1,4 +1,4 @@ -#!/bin/zsh +#!/bin/sh # # Copyright 2021-Present Erik Gomez. # @@ -14,39 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -# If you change your agent file name, update the following line -launch_agent_plist_name='com.github.macadmins.Nudge.plist' - -# Base paths -launch_agent_base_path='Library/LaunchAgents/' - -# Load agent if installing to a running system +# Only run if on a running system if [[ $3 == "/" ]] ; then - # Fail the install if the admin forgets to change their paths and they don't exist. - if [ ! -e "$3/${launch_agent_base_path}${launch_agent_plist_name}" ]; then - echo "LaunchAgent missing, exiting" - exit 1 - fi - - # Current console user information - console_user=$(/usr/bin/stat -f "%Su" /dev/console) - console_user_uid=$(/usr/bin/id -u "$console_user") - - # Only enable the LaunchAgent if there is a user logged in, otherwise rely on built in LaunchAgent behavior - if [[ -z "$console_user" ]]; then - echo "Did not detect user" - elif [[ "$console_user" == "loginwindow" ]]; then - echo "Detected Loginwindow Environment" - elif [[ "$console_user" == "_mbsetupuser" ]]; then - echo "Detect SetupAssistant Environment" - elif [[ "$console_user" == "root" ]]; then - echo "Detect root as currently logged-in user" - else - # Unload the agent so it can be triggered on re-install - /bin/launchctl asuser "${console_user_uid}" /bin/launchctl unload -w "$3${launch_agent_base_path}${launch_agent_plist_name}" - # Kill Nudge just in case (say someone manually opens it and not launched via launchagent - /usr/bin/killall Nudge - # Load the launch agent - /bin/launchctl asuser "${console_user_uid}" /bin/launchctl load -w "$3${launch_agent_base_path}${launch_agent_plist_name}" - fi + /bin/zsh --no-rcs -c '/Applications/Utilities/Nudge.app/Contents/Resources/postinstall-launchagent' fi diff --git a/build_assets/postinstall-logger b/build_assets/postinstall-logger index 2e6fad73..20491b20 100755 --- a/build_assets/postinstall-logger +++ b/build_assets/postinstall-logger @@ -1,4 +1,4 @@ -#!/bin/zsh +#!/bin/sh # # Copyright 2021-Present Erik Gomez. # @@ -14,22 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -# If you change your agent file name, update the following line -launch_daemon_plist_name='com.github.macadmins.Nudge.logger.plist' - -# Base paths -launch_daemon_base_path='Library/LaunchDaemons/' - -# Load agent if installing to a running system +# Only run if on a running system if [[ $3 == "/" ]] ; then - # Fail the install if the admin forgets to change their paths and they don't exist. - if [ ! -e "$3/${launch_daemon_base_path}${launch_daemon_plist_name}" ]; then - echo "LaunchDaemon missing, exiting" - exit 1 - fi - - # Unload the agent so it can be triggered on re-install - /bin/launchctl unload -w "$3${launch_daemon_base_path}${launch_daemon_plist_name}" - # Load the launch agent - /bin/launchctl load -w "$3${launch_daemon_base_path}${launch_daemon_plist_name}" + /bin/zsh --no-rcs -c '/Applications/Utilities/Nudge.app/Contents/Resources/postinstall-logger' fi diff --git a/build_assets/postinstall-suite b/build_assets/postinstall-suite index 000d968d..4c5d65fc 100755 --- a/build_assets/postinstall-suite +++ b/build_assets/postinstall-suite @@ -1,4 +1,4 @@ -#!/bin/zsh +#!/bin/sh # # Copyright 2021-Present Erik Gomez. # @@ -14,54 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -# If you change your agent/daemon files name, update the following lines -launch_agent_plist_name='com.github.macadmins.Nudge.plist' -launch_daemon_plist_name='com.github.macadmins.Nudge.logger.plist' - -# Base paths -launch_agent_base_path='Library/LaunchAgents/' -launch_daemon_base_path='Library/LaunchDaemons/' - -# Load agent and daemon if installing to a running system +# Only run if on a running system if [[ $3 == "/" ]] ; then - ## Agent - # Fail the install if the admin forgets to change their paths and they don't exist. - if [ ! -e "$3/${launch_agent_base_path}${launch_agent_plist_name}" ]; then - echo "LaunchAgent missing, exiting" - exit 1 - fi - - # Current console user information - console_user=$(/usr/bin/stat -f "%Su" /dev/console) - console_user_uid=$(/usr/bin/id -u "$console_user") - - # Only enable the LaunchAgent if there is a user logged in, otherwise rely on built in LaunchAgent behavior - if [[ -z "$console_user" ]]; then - echo "Did not detect user" - elif [[ "$console_user" == "loginwindow" ]]; then - echo "Detected Loginwindow Environment" - elif [[ "$console_user" == "_mbsetupuser" ]]; then - echo "Detect SetupAssistant Environment" - elif [[ "$console_user" == "root" ]]; then - echo "Detect root as currently logged-in user" - else - # Unload the agent so it can be triggered on re-install - /bin/launchctl asuser "${console_user_uid}" /bin/launchctl unload -w "$3${launch_agent_base_path}${launch_agent_plist_name}" - # Kill Nudge just in case (say someone manually opens it and not launched via launchagent - /usr/bin/killall Nudge - # Load the launch agent - /bin/launchctl asuser "${console_user_uid}" /bin/launchctl load -w "$3${launch_agent_base_path}${launch_agent_plist_name}" - fi - - ## Daemon Logger - # Fail the install if the admin forgets to change their paths and they don't exist. - if [ ! -e "$3/${launch_daemon_base_path}${launch_daemon_plist_name}" ]; then - echo "LaunchDaemon missing, exiting" - exit 1 - fi - - # Unload the agent so it can be triggered on re-install - /bin/launchctl unload -w "$3${launch_daemon_base_path}${launch_daemon_plist_name}" - # Load the launch agent - /bin/launchctl load -w "$3${launch_daemon_base_path}${launch_daemon_plist_name}" + /bin/zsh --no-rcs -c '/Applications/Utilities/Nudge.app/Contents/Resources/postinstall-suite' fi diff --git a/build_assets/preinstall-app b/build_assets/preinstall-app index f25417d7..e7f5129b 100755 --- a/build_assets/preinstall-app +++ b/build_assets/preinstall-app @@ -1,4 +1,4 @@ -#!/bin/zsh +#!/bin/sh # # Copyright 2021-Present Erik Gomez. # @@ -16,20 +16,7 @@ # Only run if on a running system if [[ $3 == "/" ]] ; then - # Current console user information - console_user=$(/usr/bin/stat -f "%Su" /dev/console) - - # Only run if there is a user logged in, otherwise do nothing - if [[ -z "$console_user" ]]; then - echo "Did not detect user" - elif [[ "$console_user" == "loginwindow" ]]; then - echo "Detected Loginwindow Environment" - elif [[ "$console_user" == "_mbsetupuser" ]]; then - echo "Detect SetupAssistant Environment" - elif [[ "$console_user" == "root" ]]; then - echo "Detect root as currently logged-in user" - else - # Kill Nudge is running - /usr/bin/pgrep -i Nudge | /usr/bin/xargs kill - fi + # TODO: There may be a race condition if this script materially changes in future versions + # where the install calls the current installed script + /bin/zsh --no-rcs -c '/Applications/Utilities/Nudge.app/Contents/Resources/preinstall-app' fi From fe21c7933f226aa38ac84a794caacc53f00201c6 Mon Sep 17 00:00:00 2001 From: Erik Gomez Date: Mon, 4 Mar 2024 16:55:36 -0600 Subject: [PATCH 2/7] bring back legacy logic for now --- build_assets/preinstall-app | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/build_assets/preinstall-app b/build_assets/preinstall-app index e7f5129b..7bb8c027 100755 --- a/build_assets/preinstall-app +++ b/build_assets/preinstall-app @@ -16,7 +16,27 @@ # Only run if on a running system if [[ $3 == "/" ]] ; then - # TODO: There may be a race condition if this script materially changes in future versions - # where the install calls the current installed script - /bin/zsh --no-rcs -c '/Applications/Utilities/Nudge.app/Contents/Resources/preinstall-app' + # TODO: This depends on the file existing one time, which means prior to this change, we cannot + # invoke the current logic + if [[ -e /Applications/Utilities/Nudge.app/Contents/Resources/preinstall-app ]]; then + # TODO: There will be a race condition if this script materially changes in future versions + # where the install calls the current installed script + /bin/zsh --no-rcs -c '/Applications/Utilities/Nudge.app/Contents/Resources/preinstall-app' + else # Legacy logic now in the .app + # Current console user information + console_user=$(/usr/bin/stat -f "%Su" /dev/console) + # Only run if there is a user logged in, otherwise do nothing + if [[ -z "$console_user" ]]; then + echo "Did not detect user" + elif [[ "$console_user" == "loginwindow" ]]; then + echo "Detected Loginwindow Environment" + elif [[ "$console_user" == "_mbsetupuser" ]]; then + echo "Detect SetupAssistant Environment" + elif [[ "$console_user" == "root" ]]; then + echo "Detect root as currently logged-in user" + else + # Kill Nudge is running + /usr/bin/pgrep -i Nudge | /usr/bin/xargs kill + fi + fi fi From 91f433aa50c4547b99ecdab97ed98155da5cccd7 Mon Sep 17 00:00:00 2001 From: Erik Gomez Date: Tue, 5 Mar 2024 12:22:49 -0600 Subject: [PATCH 3/7] move everything to postinstalls and cleanup duplicate code --- Nudge.xcodeproj/project.pbxproj | 12 ++-- .../{preinstall-app => postinstall-nudge} | 0 Nudge/Scripts/postinstall-suite | 66 ------------------- build_assets/postinstall-nudge | 20 ++++++ build_assets/postinstall-suite | 4 +- build_assets/preinstall-app | 42 ------------ build_nudge.zsh | 3 +- 7 files changed, 28 insertions(+), 119 deletions(-) rename Nudge/Scripts/{preinstall-app => postinstall-nudge} (100%) delete mode 100755 Nudge/Scripts/postinstall-suite create mode 100755 build_assets/postinstall-nudge delete mode 100755 build_assets/preinstall-app diff --git a/Nudge.xcodeproj/project.pbxproj b/Nudge.xcodeproj/project.pbxproj index 04a33126..636edf4f 100644 --- a/Nudge.xcodeproj/project.pbxproj +++ b/Nudge.xcodeproj/project.pbxproj @@ -43,8 +43,7 @@ 63D7D12725C9F1EE00236281 /* StandardMode.swift in Sources */ = {isa = PBXBuildFile; fileRef = 63D7D12625C9F1EE00236281 /* StandardMode.swift */; }; 63FD280F2B96846A004E0108 /* postinstall-launchagent in Resources */ = {isa = PBXBuildFile; fileRef = 63FD280B2B9682CD004E0108 /* postinstall-launchagent */; }; 63FD28102B96846E004E0108 /* postinstall-logger in Resources */ = {isa = PBXBuildFile; fileRef = 63FD280C2B9682F9004E0108 /* postinstall-logger */; }; - 63FD28112B968472004E0108 /* postinstall-suite in Resources */ = {isa = PBXBuildFile; fileRef = 63FD280D2B968309004E0108 /* postinstall-suite */; }; - 63FD28122B968475004E0108 /* preinstall-app in Resources */ = {isa = PBXBuildFile; fileRef = 63FD280E2B96831F004E0108 /* preinstall-app */; }; + 63FD28122B968475004E0108 /* postinstall-nudge in Resources */ = {isa = PBXBuildFile; fileRef = 63FD280E2B96831F004E0108 /* postinstall-nudge */; }; 73CC1D7829B81EE500FBF8E2 /* com.github.macadmins.Nudge.SMAppService.plist in Resources */ = {isa = PBXBuildFile; fileRef = 73CC1D7729B81EE500FBF8E2 /* com.github.macadmins.Nudge.SMAppService.plist */; }; 73CC1D7A29B81F0600FBF8E2 /* com.github.macadmins.Nudge.SMAppService.plist in CopyFiles */ = {isa = PBXBuildFile; fileRef = 73CC1D7729B81EE500FBF8E2 /* com.github.macadmins.Nudge.SMAppService.plist */; settings = {ATTRIBUTES = (CodeSignOnCopy, ); }; }; /* End PBXBuildFile section */ @@ -124,8 +123,7 @@ 63D7D12625C9F1EE00236281 /* StandardMode.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = StandardMode.swift; sourceTree = ""; }; 63FD280B2B9682CD004E0108 /* postinstall-launchagent */ = {isa = PBXFileReference; lastKnownFileType = text; path = "postinstall-launchagent"; sourceTree = ""; }; 63FD280C2B9682F9004E0108 /* postinstall-logger */ = {isa = PBXFileReference; lastKnownFileType = text; path = "postinstall-logger"; sourceTree = ""; }; - 63FD280D2B968309004E0108 /* postinstall-suite */ = {isa = PBXFileReference; lastKnownFileType = text; path = "postinstall-suite"; sourceTree = ""; }; - 63FD280E2B96831F004E0108 /* preinstall-app */ = {isa = PBXFileReference; lastKnownFileType = text; path = "preinstall-app"; sourceTree = ""; }; + 63FD280E2B96831F004E0108 /* postinstall-nudge */ = {isa = PBXFileReference; lastKnownFileType = text; path = "postinstall-nudge"; sourceTree = ""; }; 73CC1D7729B81EE500FBF8E2 /* com.github.macadmins.Nudge.SMAppService.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = com.github.macadmins.Nudge.SMAppService.plist; sourceTree = ""; }; /* End PBXFileReference section */ @@ -305,8 +303,7 @@ children = ( 63FD280B2B9682CD004E0108 /* postinstall-launchagent */, 63FD280C2B9682F9004E0108 /* postinstall-logger */, - 63FD280D2B968309004E0108 /* postinstall-suite */, - 63FD280E2B96831F004E0108 /* preinstall-app */, + 63FD280E2B96831F004E0108 /* postinstall-nudge */, ); path = Scripts; sourceTree = ""; @@ -434,13 +431,12 @@ files = ( 63FD280F2B96846A004E0108 /* postinstall-launchagent in Resources */, 63D7D0EA25C9E9A500236281 /* Preview Assets.xcassets in Resources */, - 63FD28122B968475004E0108 /* preinstall-app in Resources */, + 63FD28122B968475004E0108 /* postinstall-nudge in Resources */, 63D7D0E725C9E9A500236281 /* Assets.xcassets in Resources */, 639B6B0F25DC9ED300E38EC1 /* com.github.macadmins.Nudge.mobileconfig in Resources */, 73CC1D7829B81EE500FBF8E2 /* com.github.macadmins.Nudge.SMAppService.plist in Resources */, 63C6A08E2833FB6500D5264A /* com.github.macadmins.Nudge.tester.json in Resources */, 035C2AEC25D8ABC400429458 /* com.github.macadmins.Nudge.json in Resources */, - 63FD28112B968472004E0108 /* postinstall-suite in Resources */, 6316F0E72832CA0700E1354D /* Schema in Resources */, 63FD28102B96846E004E0108 /* postinstall-logger in Resources */, 637CEBC12A30C9E700EFA3E9 /* Localizable.xcstrings in Resources */, diff --git a/Nudge/Scripts/preinstall-app b/Nudge/Scripts/postinstall-nudge similarity index 100% rename from Nudge/Scripts/preinstall-app rename to Nudge/Scripts/postinstall-nudge diff --git a/Nudge/Scripts/postinstall-suite b/Nudge/Scripts/postinstall-suite deleted file mode 100755 index 8a055636..00000000 --- a/Nudge/Scripts/postinstall-suite +++ /dev/null @@ -1,66 +0,0 @@ -# -# Copyright 2021-Present Erik Gomez. -# -# Licensed under the Apache License, Version 2.0 (the 'License'); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an 'AS IS' BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# If you change your agent/daemon files name, update the following lines -launch_agent_plist_name='com.github.macadmins.Nudge.plist' -launch_daemon_plist_name='com.github.macadmins.Nudge.logger.plist' - -# Base paths -launch_agent_base_path='Library/LaunchAgents/' -launch_daemon_base_path='Library/LaunchDaemons/' - -# Load agent and daemon if installing to a running system -if [[ $3 == "/" ]] ; then - ## Agent - # Fail the install if the admin forgets to change their paths and they don't exist. - if [ ! -e "$3/${launch_agent_base_path}${launch_agent_plist_name}" ]; then - echo "LaunchAgent missing, exiting" - exit 1 - fi - - # Current console user information - console_user=$(/usr/bin/stat -f "%Su" /dev/console) - console_user_uid=$(/usr/bin/id -u "$console_user") - - # Only enable the LaunchAgent if there is a user logged in, otherwise rely on built in LaunchAgent behavior - if [[ -z "$console_user" ]]; then - echo "Did not detect user" - elif [[ "$console_user" == "loginwindow" ]]; then - echo "Detected Loginwindow Environment" - elif [[ "$console_user" == "_mbsetupuser" ]]; then - echo "Detect SetupAssistant Environment" - elif [[ "$console_user" == "root" ]]; then - echo "Detect root as currently logged-in user" - else - # Unload the agent so it can be triggered on re-install - /bin/launchctl asuser "${console_user_uid}" /bin/launchctl unload -w "$3${launch_agent_base_path}${launch_agent_plist_name}" - # Kill Nudge just in case (say someone manually opens it and not launched via launchagent - /usr/bin/killall Nudge - # Load the launch agent - /bin/launchctl asuser "${console_user_uid}" /bin/launchctl load -w "$3${launch_agent_base_path}${launch_agent_plist_name}" - fi - - ## Daemon Logger - # Fail the install if the admin forgets to change their paths and they don't exist. - if [ ! -e "$3/${launch_daemon_base_path}${launch_daemon_plist_name}" ]; then - echo "LaunchDaemon missing, exiting" - exit 1 - fi - - # Unload the agent so it can be triggered on re-install - /bin/launchctl unload -w "$3${launch_daemon_base_path}${launch_daemon_plist_name}" - # Load the launch agent - /bin/launchctl load -w "$3${launch_daemon_base_path}${launch_daemon_plist_name}" -fi diff --git a/build_assets/postinstall-nudge b/build_assets/postinstall-nudge new file mode 100755 index 00000000..2ed274da --- /dev/null +++ b/build_assets/postinstall-nudge @@ -0,0 +1,20 @@ +#!/bin/sh +# +# Copyright 2021-Present Erik Gomez. +# +# Licensed under the Apache License, Version 2.0 (the 'License'); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an 'AS IS' BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Only run if on a running system +if [[ $3 == "/" ]] ; then + /bin/zsh --no-rcs -c '/Applications/Utilities/Nudge.app/Contents/Resources/postinstall-nudge' +fi diff --git a/build_assets/postinstall-suite b/build_assets/postinstall-suite index 4c5d65fc..32b94151 100755 --- a/build_assets/postinstall-suite +++ b/build_assets/postinstall-suite @@ -16,5 +16,7 @@ # Only run if on a running system if [[ $3 == "/" ]] ; then - /bin/zsh --no-rcs -c '/Applications/Utilities/Nudge.app/Contents/Resources/postinstall-suite' + /bin/zsh --no-rcs -c '/Applications/Utilities/Nudge.app/Contents/Resources/postinstall-nudge' + /bin/zsh --no-rcs -c '/Applications/Utilities/Nudge.app/Contents/Resources/postinstall-logger' + /bin/zsh --no-rcs -c '/Applications/Utilities/Nudge.app/Contents/Resources/postinstall-launchagent' fi diff --git a/build_assets/preinstall-app b/build_assets/preinstall-app deleted file mode 100755 index 7bb8c027..00000000 --- a/build_assets/preinstall-app +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/sh -# -# Copyright 2021-Present Erik Gomez. -# -# Licensed under the Apache License, Version 2.0 (the 'License'); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an 'AS IS' BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Only run if on a running system -if [[ $3 == "/" ]] ; then - # TODO: This depends on the file existing one time, which means prior to this change, we cannot - # invoke the current logic - if [[ -e /Applications/Utilities/Nudge.app/Contents/Resources/preinstall-app ]]; then - # TODO: There will be a race condition if this script materially changes in future versions - # where the install calls the current installed script - /bin/zsh --no-rcs -c '/Applications/Utilities/Nudge.app/Contents/Resources/preinstall-app' - else # Legacy logic now in the .app - # Current console user information - console_user=$(/usr/bin/stat -f "%Su" /dev/console) - # Only run if there is a user logged in, otherwise do nothing - if [[ -z "$console_user" ]]; then - echo "Did not detect user" - elif [[ "$console_user" == "loginwindow" ]]; then - echo "Detected Loginwindow Environment" - elif [[ "$console_user" == "_mbsetupuser" ]]; then - echo "Detect SetupAssistant Environment" - elif [[ "$console_user" == "root" ]]; then - echo "Detect root as currently logged-in user" - else - # Kill Nudge is running - /usr/bin/pgrep -i Nudge | /usr/bin/xargs kill - fi - fi -fi diff --git a/build_nudge.zsh b/build_nudge.zsh index 7e0ad999..11d76945 100755 --- a/build_nudge.zsh +++ b/build_nudge.zsh @@ -88,7 +88,7 @@ fi /bin/mkdir -p "$NUDGE_PKG_PATH/scripts" /usr/bin/sudo /usr/sbin/chown -R ${CONSOLEUSER}:wheel "$NUDGE_PKG_PATH" /bin/cp -R "${BUILDSDIR}/Release/Nudge.app" "$NUDGE_PKG_PATH/payload/Nudge.app" -/bin/cp "${TOOLSDIR}/build_assets/preinstall-app" "$NUDGE_PKG_PATH/scripts/preinstall" +/bin/cp "${TOOLSDIR}/build_assets/postinstall-nudge" "$NUDGE_PKG_PATH/scripts/postinstall" # Download specific version of munki-pkg echo "Downloading munki-pkg tool from github..." @@ -229,7 +229,6 @@ fi /bin/mkdir -p "$SUITE_PKG_PATH/scripts" /usr/bin/sudo /usr/sbin/chown -R ${CONSOLEUSER}:wheel "$SUITE_PKG_PATH" /bin/cp -R "${BUILDSDIR}/Release/Nudge.app" "$SUITE_PKG_PATH/payload/Applications/Utilities/Nudge.app" -/bin/cp "${TOOLSDIR}/build_assets/preinstall-app" "$SUITE_PKG_PATH/scripts/preinstall" echo "Moving LaunchAgent to payload folder" /bin/cp "${TOOLSDIR}/build_assets/com.github.macadmins.Nudge.plist" "$SUITE_PKG_PATH/payload/Library/LaunchAgents" echo "Moving LaunchDaemon to logging payload folder" From 89c8a0bec29ce1db6c57e087fcbe463844f98105 Mon Sep 17 00:00:00 2001 From: Erik Gomez Date: Tue, 5 Mar 2024 17:53:40 -0600 Subject: [PATCH 4/7] fix upper bounds in calendar range --- Nudge/UI/Common/DeferView.swift | 31 +++++++++++++++++++++++++------ 1 file changed, 25 insertions(+), 6 deletions(-) diff --git a/Nudge/UI/Common/DeferView.swift b/Nudge/UI/Common/DeferView.swift index 6c1e29c1..a452369f 100644 --- a/Nudge/UI/Common/DeferView.swift +++ b/Nudge/UI/Common/DeferView.swift @@ -74,13 +74,32 @@ struct DeferView: View { LoggerUtilities().logUserDeferrals() UIUtilities().userInitiatedExit() } - + private var limitRange: ClosedRange { - let windowTime = [ "approachingWindowTime": UserExperienceVariables.approachingWindowTime, - "imminentWindowTime": UserExperienceVariables.imminentWindowTime ] - let daysToAdd = appState.daysRemaining > 0 ? appState.daysRemaining - (windowTime[UserExperienceVariables.calendarDeferralUnit] ?? UserExperienceVariables.imminentWindowTime / 24) : 0 - // Do not let the user defer past the point of the windowTime - return DateManager().getCurrentDate()...Calendar.current.date(byAdding: .day, value: daysToAdd, to: DateManager().getCurrentDate())! + // Ensure the current date is consistently used throughout the calculation. + let currentDate = DateManager().getCurrentDate() + + // Calculate the window time in days based on the UserExperienceVariables.calendarDeferralUnit. + let windowTimeInDays: Int + switch UserExperienceVariables.calendarDeferralUnit { + case "approachingWindowTime": + windowTimeInDays = UserExperienceVariables.approachingWindowTime / 24 + case "imminentWindowTime": + windowTimeInDays = UserExperienceVariables.imminentWindowTime / 24 + default: + windowTimeInDays = UserExperienceVariables.imminentWindowTime / 24 // Default or fallback case + } + + // Calculate daysToAdd ensuring it's not negative. + // It subtracts the windowTimeInDays from appState.daysRemaining, falling back to 0 if daysRemaining is negative. + let daysToAdd = max(appState.daysRemaining - windowTimeInDays, 0) + + // Safely calculate the upper bound date by adding daysToAdd to the current date. + guard let upperBoundDate = Calendar.current.date(byAdding: .day, value: daysToAdd, to: currentDate) else { + fatalError("Could not calculate the upper bound date.") // Consider handling this more gracefully in production code. + } + + return currentDate...upperBoundDate } } From f860e46b84241a8549964afc98e5da6204993328 Mon Sep 17 00:00:00 2001 From: Erik Gomez Date: Wed, 6 Mar 2024 08:43:45 -0600 Subject: [PATCH 5/7] Create a new Essentials package just the agent and app also try and notarize the LaunchAgent and Logger packages --- build_assets/postinstall-essentials | 21 ++++++++++ build_nudge.zsh | 59 +++++++++++++++++++++++++++++ 2 files changed, 80 insertions(+) create mode 100755 build_assets/postinstall-essentials diff --git a/build_assets/postinstall-essentials b/build_assets/postinstall-essentials new file mode 100755 index 00000000..1c566f63 --- /dev/null +++ b/build_assets/postinstall-essentials @@ -0,0 +1,21 @@ +#!/bin/sh +# +# Copyright 2021-Present Erik Gomez. +# +# Licensed under the Apache License, Version 2.0 (the 'License'); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an 'AS IS' BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Only run if on a running system +if [[ $3 == "/" ]] ; then + /bin/zsh --no-rcs -c '/Applications/Utilities/Nudge.app/Contents/Resources/postinstall-nudge' + /bin/zsh --no-rcs -c '/Applications/Utilities/Nudge.app/Contents/Resources/postinstall-launchagent' +fi diff --git a/build_nudge.zsh b/build_nudge.zsh index 11d76945..bb9949fa 100755 --- a/build_nudge.zsh +++ b/build_nudge.zsh @@ -88,6 +88,7 @@ fi /bin/mkdir -p "$NUDGE_PKG_PATH/scripts" /usr/bin/sudo /usr/sbin/chown -R ${CONSOLEUSER}:wheel "$NUDGE_PKG_PATH" /bin/cp -R "${BUILDSDIR}/Release/Nudge.app" "$NUDGE_PKG_PATH/payload/Nudge.app" +echo "Moving postinstall to scripts folder" /bin/cp "${TOOLSDIR}/build_assets/postinstall-nudge" "$NUDGE_PKG_PATH/scripts/postinstall" # Download specific version of munki-pkg @@ -146,7 +147,9 @@ fi /bin/mkdir -p "$NUDGE_LA_PKG_PATH/payload" /bin/mkdir -p "$NUDGE_LA_PKG_PATH/scripts" /usr/bin/sudo /usr/sbin/chown -R ${CONSOLEUSER}:wheel "$NUDGE_LA_PKG_PATH" +echo "Moving LaunchAgent to payload folder" /bin/cp "${TOOLSDIR}/build_assets/com.github.macadmins.Nudge.plist" "$NUDGE_LA_PKG_PATH/payload" +echo "Moving postinstall to scripts folder" /bin/cp "${TOOLSDIR}/build_assets/postinstall-launchagent" "$NUDGE_LA_PKG_PATH/scripts/postinstall" # Create the json file for the signed munkipkg LaunchAgent pkg @@ -173,6 +176,9 @@ PKG_RESULT="$?" if [ "${PKG_RESULT}" != "0" ]; then echo "Could not sign package: ${PKG_RESULT}" 1>&2 else + # Notarize launchagent package + $XCODE_NOTARY_PATH submit "$NUDGE_LA_PKG_PATH/build/Nudge_LaunchAgent-1.0.1.pkg" --keychain-profile "nudge" --wait + $XCODE_STAPLER_PATH staple "$NUDGE_LA_PKG_PATH/build/Nudge_LaunchAgent-1.0.1.pkg" # Move the signed pkg /bin/mv "$NUDGE_LA_PKG_PATH/build/Nudge_LaunchAgent-1.0.1.pkg" "$OUTPUTSDIR" fi @@ -186,7 +192,9 @@ fi /bin/mkdir -p "$NUDGE_LD_PKG_PATH/payload" /bin/mkdir -p "$NUDGE_LD_PKG_PATH/scripts" /usr/bin/sudo /usr/sbin/chown -R ${CONSOLEUSER}:wheel "$NUDGE_LD_PKG_PATH" +echo "Moving LaunchDaemon to logging payload folder" /bin/cp "${TOOLSDIR}/build_assets/com.github.macadmins.Nudge.logger.plist" "$NUDGE_LD_PKG_PATH/payload" +echo "Moving postinstall to scripts folder" /bin/cp "${TOOLSDIR}/build_assets/postinstall-logger" "$NUDGE_LD_PKG_PATH/scripts/postinstall" # Create the json file for the signed munkipkg LaunchAgent pkg @@ -213,10 +221,60 @@ PKG_RESULT="$?" if [ "${PKG_RESULT}" != "0" ]; then echo "Could not sign package: ${PKG_RESULT}" 1>&2 else + # Notarize logger package + $XCODE_NOTARY_PATH submit "$NUDGE_LD_PKG_PATH/build/Nudge_Logger-1.0.1.pkg" --keychain-profile "nudge" --wait + $XCODE_STAPLER_PATH staple "$NUDGE_LD_PKG_PATH/build/Nudge_Logger-1.0.1.pkg" # Move the signed pkg /bin/mv "$NUDGE_LD_PKG_PATH/build/Nudge_Logger-1.0.1.pkg" "$OUTPUTSDIR" fi +# Create the Essentials package +echo "Moving Nudge.app to payload folder" +ESSENTIALS_PKG_PATH="$TOOLSDIR/NudgePkgEssentials" +if [ -e $ESSENTIALS_PKG_PATH ]; then + /bin/rm -rf $ESSENTIALS_PKG_PATH +fi +/bin/mkdir -p "$ESSENTIALS_PKG_PATH/payload/Applications/Utilities" +/bin/mkdir -p "$ESSENTIALS_PKG_PATH/payload/Library/LaunchAgents" +/bin/mkdir -p "$ESSENTIALS_PKG_PATH/scripts" +/usr/bin/sudo /usr/sbin/chown -R ${CONSOLEUSER}:wheel "$ESSENTIALS_PKG_PATH" +/bin/cp -R "${BUILDSDIR}/Release/Nudge.app" "$ESSENTIALS_PKG_PATH/payload/Applications/Utilities/Nudge.app" +echo "Moving LaunchAgent to payload folder" +/bin/cp "${TOOLSDIR}/build_assets/com.github.macadmins.Nudge.plist" "$ESSENTIALS_PKG_PATH/payload/Library/LaunchAgents" +echo "Moving postinstall to scripts folder" +/bin/cp "${TOOLSDIR}/build_assets/postinstall-essentials" "$ESSENTIALS_PKG_PATH/scripts/postinstall" + +# Create the json file for signed munkipkg Nudge Essentials pkg +/bin/cat << SIGNED_JSONFILE > "$ESSENTIALS_PKG_PATH/build-info.json" +{ + "ownership": "recommended", + "suppress_bundle_relocation": true, + "identifier": "com.github.macadmins.Nudge.Essentials", + "postinstall_action": "none", + "distribution_style": true, + "version": "$AUTOMATED_NUDGE_BUILD", + "name": "Nudge_Essentials-$AUTOMATED_NUDGE_BUILD.pkg", + "install_location": "/", + "signing_info": { + "identity": "$INSTALLER_SIGNING_IDENTITY", + "timestamp": true + } +} +SIGNED_JSONFILE + +# Create the signed Nudge Essentials pkg +python3 "${MP_BINDIR}/munki-pkg-${MP_SHA}/munkipkg" "$ESSENTIALS_PKG_PATH" +PKG_RESULT="$?" +if [ "${PKG_RESULT}" != "0" ]; then + echo "Could not sign package: ${PKG_RESULT}" 1>&2 +else + # Notarize Nudge Essentials package + $XCODE_NOTARY_PATH submit "$ESSENTIALS_PKG_PATH/build/Nudge_Essentials-$AUTOMATED_NUDGE_BUILD.pkg" --keychain-profile "nudge" --wait + $XCODE_STAPLER_PATH staple "$ESSENTIALS_PKG_PATH/build/Nudge_Essentials-$AUTOMATED_NUDGE_BUILD.pkg" + # Move the Nudge Essentials signed/notarized pkg + /bin/mv "$ESSENTIALS_PKG_PATH/build/Nudge_Essentials-$AUTOMATED_NUDGE_BUILD.pkg" "$OUTPUTSDIR" +fi + # Create the Suite package echo "Moving Nudge.app to payload folder" SUITE_PKG_PATH="$TOOLSDIR/NudgePkgSuite" @@ -233,6 +291,7 @@ echo "Moving LaunchAgent to payload folder" /bin/cp "${TOOLSDIR}/build_assets/com.github.macadmins.Nudge.plist" "$SUITE_PKG_PATH/payload/Library/LaunchAgents" echo "Moving LaunchDaemon to logging payload folder" /bin/cp "${TOOLSDIR}/build_assets/com.github.macadmins.Nudge.logger.plist" "$SUITE_PKG_PATH/payload/Library/LaunchDaemons" +echo "Moving postinstall to scripts folder" /bin/cp "${TOOLSDIR}/build_assets/postinstall-suite" "$SUITE_PKG_PATH/scripts/postinstall" # Create the json file for signed munkipkg Nudge Suite pkg From 67232e3fe0a63b1c6c72a6f05df871d780800f5e Mon Sep 17 00:00:00 2001 From: Erik Gomez Date: Wed, 6 Mar 2024 08:54:38 -0600 Subject: [PATCH 6/7] only run the logger postinstalls if they exist --- build_assets/postinstall-launchagent | 6 +++++- build_assets/postinstall-logger | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/build_assets/postinstall-launchagent b/build_assets/postinstall-launchagent index fb75dcac..b632cab9 100755 --- a/build_assets/postinstall-launchagent +++ b/build_assets/postinstall-launchagent @@ -16,5 +16,9 @@ # Only run if on a running system if [[ $3 == "/" ]] ; then - /bin/zsh --no-rcs -c '/Applications/Utilities/Nudge.app/Contents/Resources/postinstall-launchagent' + if [ -f '/Applications/Utilities/Nudge.app/Contents/Resources/postinstall-launchagent' ]; then + /bin/zsh --no-rcs -c '/Applications/Utilities/Nudge.app/Contents/Resources/postinstall-launchagent' + else + echo "File does not exist: Please ensure Nudge is installed prior to installation of these packages" + fi fi diff --git a/build_assets/postinstall-logger b/build_assets/postinstall-logger index 20491b20..6148f6c8 100755 --- a/build_assets/postinstall-logger +++ b/build_assets/postinstall-logger @@ -16,5 +16,9 @@ # Only run if on a running system if [[ $3 == "/" ]] ; then - /bin/zsh --no-rcs -c '/Applications/Utilities/Nudge.app/Contents/Resources/postinstall-logger' + if [ -f '/Applications/Utilities/Nudge.app/Contents/Resources/postinstall-logger' ]; then + /bin/zsh --no-rcs -c '/Applications/Utilities/Nudge.app/Contents/Resources/postinstall-logger' + else + echo "File does not exist: Please ensure Nudge is installed prior to installation of these packages" + fi fi From bedf0a5adef3587fcf9d0788307ff79e35c787b1 Mon Sep 17 00:00:00 2001 From: Erik Gomez Date: Thu, 7 Mar 2024 09:08:17 -0600 Subject: [PATCH 7/7] bump to v1.1.15 --- CHANGELOG.md | 29 +++++++++++++++++++++++++++++ Nudge/Info.plist | 4 ++-- 2 files changed, 31 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c9b5ca90..c04e043a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,35 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [1.1.15] - 2024-03-07 +This will be the **final Nudge release** for macOS 11 and potentially other versions of macOS. + +Due to several bugs found in the v1.1.14 release, including many subsequent v1.1.14.x builds, this release is being created to address them. + +There are currently no known regressions from v1.1.13. + +### Added +- `Essentials` Package + - This signed and notarized package contains the Nudge application and LaunchAgent +- Additional shortcut keys to ignore list when Nudge is in the forefront +- `Security.md` file added for pentesters to send potential security issues within the project + +### Changed +- macOS upgrade logic now uses `/System/Library/CoreServices/Software Update.app` as the default path for unknown installer versions +- The LaunchAgent and Logger packages are now signed and notarized +- The Zsh package scripts are now embedded into the Nudge application + - Please note that if you install the LaunchAgent or Logger packages, you will need to install them **after** the Nudge application package. Failure to do this will result in the `postinstall` scripts not triggering. +- The `postinstall` script is now in Bash, but calls Zsh without global/user environment variables +- Moved the `preinstall` script logic to `postinstall` + - This materially changes the Nudge application package and the Suite package + +### Fixed +- All known regressions in v1.1.14 +- Some ignored shortcut keys were improperly designed and not working +- `userSessionDeferrals` were not being accurately calculated +- When using `calendarDeferralUnit`, the upper bounds of the calendar may return a negative integer, causing Nudge to crash. + - The behavior will now return `0` + ## [1.1.14] - 2024-01-30 This will be the **final Nudge release** for macOS 11 and potentially other versions of macOS. diff --git a/Nudge/Info.plist b/Nudge/Info.plist index 0d3c1ce8..226ca27a 100644 --- a/Nudge/Info.plist +++ b/Nudge/Info.plist @@ -15,9 +15,9 @@ CFBundlePackageType $(PRODUCT_BUNDLE_PACKAGE_TYPE) CFBundleShortVersionString - 1.1.14 + 1.1.15 CFBundleVersion - 1.1.14 + 1.1.15 LSApplicationCategoryType public.app-category.utilities LSMinimumSystemVersion