diff --git a/CHANGELOG.md b/CHANGELOG.md index c9b5ca90..c04e043a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,35 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [1.1.15] - 2024-03-07 +This will be the **final Nudge release** for macOS 11 and potentially other versions of macOS. + +Due to several bugs found in the v1.1.14 release, including many subsequent v1.1.14.x builds, this release is being created to address them. + +There are currently no known regressions from v1.1.13. + +### Added +- `Essentials` Package + - This signed and notarized package contains the Nudge application and LaunchAgent +- Additional shortcut keys to ignore list when Nudge is in the forefront +- `Security.md` file added for pentesters to send potential security issues within the project + +### Changed +- macOS upgrade logic now uses `/System/Library/CoreServices/Software Update.app` as the default path for unknown installer versions +- The LaunchAgent and Logger packages are now signed and notarized +- The Zsh package scripts are now embedded into the Nudge application + - Please note that if you install the LaunchAgent or Logger packages, you will need to install them **after** the Nudge application package. Failure to do this will result in the `postinstall` scripts not triggering. +- The `postinstall` script is now in Bash, but calls Zsh without global/user environment variables +- Moved the `preinstall` script logic to `postinstall` + - This materially changes the Nudge application package and the Suite package + +### Fixed +- All known regressions in v1.1.14 +- Some ignored shortcut keys were improperly designed and not working +- `userSessionDeferrals` were not being accurately calculated +- When using `calendarDeferralUnit`, the upper bounds of the calendar may return a negative integer, causing Nudge to crash. + - The behavior will now return `0` + ## [1.1.14] - 2024-01-30 This will be the **final Nudge release** for macOS 11 and potentially other versions of macOS. diff --git a/Nudge.xcodeproj/project.pbxproj b/Nudge.xcodeproj/project.pbxproj index 5a709c3a..636edf4f 100644 --- a/Nudge.xcodeproj/project.pbxproj +++ b/Nudge.xcodeproj/project.pbxproj @@ -41,6 +41,9 @@ 63D7D0F625C9E9A500236281 /* NudgeTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 63D7D0F525C9E9A500236281 /* NudgeTests.swift */; }; 63D7D10125C9E9A500236281 /* NudgeUITests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 63D7D10025C9E9A500236281 /* NudgeUITests.swift */; }; 63D7D12725C9F1EE00236281 /* StandardMode.swift in Sources */ = {isa = PBXBuildFile; fileRef = 63D7D12625C9F1EE00236281 /* StandardMode.swift */; }; + 63FD280F2B96846A004E0108 /* postinstall-launchagent in Resources */ = {isa = PBXBuildFile; fileRef = 63FD280B2B9682CD004E0108 /* postinstall-launchagent */; }; + 63FD28102B96846E004E0108 /* postinstall-logger in Resources */ = {isa = PBXBuildFile; fileRef = 63FD280C2B9682F9004E0108 /* postinstall-logger */; }; + 63FD28122B968475004E0108 /* postinstall-nudge in Resources */ = {isa = PBXBuildFile; fileRef = 63FD280E2B96831F004E0108 /* postinstall-nudge */; }; 73CC1D7829B81EE500FBF8E2 /* com.github.macadmins.Nudge.SMAppService.plist in Resources */ = {isa = PBXBuildFile; fileRef = 73CC1D7729B81EE500FBF8E2 /* com.github.macadmins.Nudge.SMAppService.plist */; }; 73CC1D7A29B81F0600FBF8E2 /* com.github.macadmins.Nudge.SMAppService.plist in CopyFiles */ = {isa = PBXBuildFile; fileRef = 73CC1D7729B81EE500FBF8E2 /* com.github.macadmins.Nudge.SMAppService.plist */; settings = {ATTRIBUTES = (CodeSignOnCopy, ); }; }; /* End PBXBuildFile section */ @@ -118,6 +121,9 @@ 63D7D10025C9E9A500236281 /* NudgeUITests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = NudgeUITests.swift; sourceTree = ""; }; 63D7D10225C9E9A500236281 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = ""; }; 63D7D12625C9F1EE00236281 /* StandardMode.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = StandardMode.swift; sourceTree = ""; }; + 63FD280B2B9682CD004E0108 /* postinstall-launchagent */ = {isa = PBXFileReference; lastKnownFileType = text; path = "postinstall-launchagent"; sourceTree = ""; }; + 63FD280C2B9682F9004E0108 /* postinstall-logger */ = {isa = PBXFileReference; lastKnownFileType = text; path = "postinstall-logger"; sourceTree = ""; }; + 63FD280E2B96831F004E0108 /* postinstall-nudge */ = {isa = PBXFileReference; lastKnownFileType = text; path = "postinstall-nudge"; sourceTree = ""; }; 73CC1D7729B81EE500FBF8E2 /* com.github.macadmins.Nudge.SMAppService.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = com.github.macadmins.Nudge.SMAppService.plist; sourceTree = ""; }; /* End PBXFileReference section */ @@ -255,6 +261,7 @@ 639B6B5425DF374600E38EC1 /* UI */, 639B6B3925DF1FEB00E38EC1 /* Preferences */, 639B6B4725DF218900E38EC1 /* Utilities */, + 63FD280A2B968290004E0108 /* Scripts */, 63D7D0E625C9E9A500236281 /* Assets.xcassets */, 63D7D0EB25C9E9A500236281 /* Info.plist */, 63D7D0EC25C9E9A500236281 /* Nudge.entitlements */, @@ -291,6 +298,16 @@ path = NudgeUITests; sourceTree = ""; }; + 63FD280A2B968290004E0108 /* Scripts */ = { + isa = PBXGroup; + children = ( + 63FD280B2B9682CD004E0108 /* postinstall-launchagent */, + 63FD280C2B9682F9004E0108 /* postinstall-logger */, + 63FD280E2B96831F004E0108 /* postinstall-nudge */, + ); + path = Scripts; + sourceTree = ""; + }; /* End PBXGroup section */ /* Begin PBXNativeTarget section */ @@ -412,13 +429,16 @@ isa = PBXResourcesBuildPhase; buildActionMask = 2147483647; files = ( + 63FD280F2B96846A004E0108 /* postinstall-launchagent in Resources */, 63D7D0EA25C9E9A500236281 /* Preview Assets.xcassets in Resources */, + 63FD28122B968475004E0108 /* postinstall-nudge in Resources */, 63D7D0E725C9E9A500236281 /* Assets.xcassets in Resources */, 639B6B0F25DC9ED300E38EC1 /* com.github.macadmins.Nudge.mobileconfig in Resources */, 73CC1D7829B81EE500FBF8E2 /* com.github.macadmins.Nudge.SMAppService.plist in Resources */, 63C6A08E2833FB6500D5264A /* com.github.macadmins.Nudge.tester.json in Resources */, 035C2AEC25D8ABC400429458 /* com.github.macadmins.Nudge.json in Resources */, 6316F0E72832CA0700E1354D /* Schema in Resources */, + 63FD28102B96846E004E0108 /* postinstall-logger in Resources */, 637CEBC12A30C9E700EFA3E9 /* Localizable.xcstrings in Resources */, ); runOnlyForDeploymentPostprocessing = 0; diff --git a/Nudge/Info.plist b/Nudge/Info.plist index 0d3c1ce8..226ca27a 100644 --- a/Nudge/Info.plist +++ b/Nudge/Info.plist @@ -15,9 +15,9 @@ CFBundlePackageType $(PRODUCT_BUNDLE_PACKAGE_TYPE) CFBundleShortVersionString - 1.1.14 + 1.1.15 CFBundleVersion - 1.1.14 + 1.1.15 LSApplicationCategoryType public.app-category.utilities LSMinimumSystemVersion diff --git a/Nudge/Scripts/postinstall-launchagent b/Nudge/Scripts/postinstall-launchagent new file mode 100755 index 00000000..17deaa57 --- /dev/null +++ b/Nudge/Scripts/postinstall-launchagent @@ -0,0 +1,51 @@ +# +# Copyright 2021-Present Erik Gomez. +# +# Licensed under the Apache License, Version 2.0 (the 'License'); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an 'AS IS' BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# If you change your agent file name, update the following line +launch_agent_plist_name='com.github.macadmins.Nudge.plist' + +# Base paths +launch_agent_base_path='Library/LaunchAgents/' + +# Load agent if installing to a running system +if [[ $3 == "/" ]] ; then + # Fail the install if the admin forgets to change their paths and they don't exist. + if [ ! -e "$3/${launch_agent_base_path}${launch_agent_plist_name}" ]; then + echo "LaunchAgent missing, exiting" + exit 1 + fi + + # Current console user information + console_user=$(/usr/bin/stat -f "%Su" /dev/console) + console_user_uid=$(/usr/bin/id -u "$console_user") + + # Only enable the LaunchAgent if there is a user logged in, otherwise rely on built in LaunchAgent behavior + if [[ -z "$console_user" ]]; then + echo "Did not detect user" + elif [[ "$console_user" == "loginwindow" ]]; then + echo "Detected Loginwindow Environment" + elif [[ "$console_user" == "_mbsetupuser" ]]; then + echo "Detect SetupAssistant Environment" + elif [[ "$console_user" == "root" ]]; then + echo "Detect root as currently logged-in user" + else + # Unload the agent so it can be triggered on re-install + /bin/launchctl asuser "${console_user_uid}" /bin/launchctl unload -w "$3${launch_agent_base_path}${launch_agent_plist_name}" + # Kill Nudge just in case (say someone manually opens it and not launched via launchagent + /usr/bin/killall Nudge + # Load the launch agent + /bin/launchctl asuser "${console_user_uid}" /bin/launchctl load -w "$3${launch_agent_base_path}${launch_agent_plist_name}" + fi +fi diff --git a/Nudge/Scripts/postinstall-logger b/Nudge/Scripts/postinstall-logger new file mode 100755 index 00000000..66813978 --- /dev/null +++ b/Nudge/Scripts/postinstall-logger @@ -0,0 +1,34 @@ +# +# Copyright 2021-Present Erik Gomez. +# +# Licensed under the Apache License, Version 2.0 (the 'License'); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an 'AS IS' BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# If you change your agent file name, update the following line +launch_daemon_plist_name='com.github.macadmins.Nudge.logger.plist' + +# Base paths +launch_daemon_base_path='Library/LaunchDaemons/' + +# Load agent if installing to a running system +if [[ $3 == "/" ]] ; then + # Fail the install if the admin forgets to change their paths and they don't exist. + if [ ! -e "$3/${launch_daemon_base_path}${launch_daemon_plist_name}" ]; then + echo "LaunchDaemon missing, exiting" + exit 1 + fi + + # Unload the agent so it can be triggered on re-install + /bin/launchctl unload -w "$3${launch_daemon_base_path}${launch_daemon_plist_name}" + # Load the launch agent + /bin/launchctl load -w "$3${launch_daemon_base_path}${launch_daemon_plist_name}" +fi diff --git a/build_assets/preinstall-app b/Nudge/Scripts/postinstall-nudge similarity index 99% rename from build_assets/preinstall-app rename to Nudge/Scripts/postinstall-nudge index f25417d7..9cea8714 100755 --- a/build_assets/preinstall-app +++ b/Nudge/Scripts/postinstall-nudge @@ -1,4 +1,3 @@ -#!/bin/zsh # # Copyright 2021-Present Erik Gomez. # diff --git a/Nudge/UI/Common/DeferView.swift b/Nudge/UI/Common/DeferView.swift index 6c1e29c1..a452369f 100644 --- a/Nudge/UI/Common/DeferView.swift +++ b/Nudge/UI/Common/DeferView.swift @@ -74,13 +74,32 @@ struct DeferView: View { LoggerUtilities().logUserDeferrals() UIUtilities().userInitiatedExit() } - + private var limitRange: ClosedRange { - let windowTime = [ "approachingWindowTime": UserExperienceVariables.approachingWindowTime, - "imminentWindowTime": UserExperienceVariables.imminentWindowTime ] - let daysToAdd = appState.daysRemaining > 0 ? appState.daysRemaining - (windowTime[UserExperienceVariables.calendarDeferralUnit] ?? UserExperienceVariables.imminentWindowTime / 24) : 0 - // Do not let the user defer past the point of the windowTime - return DateManager().getCurrentDate()...Calendar.current.date(byAdding: .day, value: daysToAdd, to: DateManager().getCurrentDate())! + // Ensure the current date is consistently used throughout the calculation. + let currentDate = DateManager().getCurrentDate() + + // Calculate the window time in days based on the UserExperienceVariables.calendarDeferralUnit. + let windowTimeInDays: Int + switch UserExperienceVariables.calendarDeferralUnit { + case "approachingWindowTime": + windowTimeInDays = UserExperienceVariables.approachingWindowTime / 24 + case "imminentWindowTime": + windowTimeInDays = UserExperienceVariables.imminentWindowTime / 24 + default: + windowTimeInDays = UserExperienceVariables.imminentWindowTime / 24 // Default or fallback case + } + + // Calculate daysToAdd ensuring it's not negative. + // It subtracts the windowTimeInDays from appState.daysRemaining, falling back to 0 if daysRemaining is negative. + let daysToAdd = max(appState.daysRemaining - windowTimeInDays, 0) + + // Safely calculate the upper bound date by adding daysToAdd to the current date. + guard let upperBoundDate = Calendar.current.date(byAdding: .day, value: daysToAdd, to: currentDate) else { + fatalError("Could not calculate the upper bound date.") // Consider handling this more gracefully in production code. + } + + return currentDate...upperBoundDate } } diff --git a/build_assets/postinstall-essentials b/build_assets/postinstall-essentials new file mode 100755 index 00000000..1c566f63 --- /dev/null +++ b/build_assets/postinstall-essentials @@ -0,0 +1,21 @@ +#!/bin/sh +# +# Copyright 2021-Present Erik Gomez. +# +# Licensed under the Apache License, Version 2.0 (the 'License'); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an 'AS IS' BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Only run if on a running system +if [[ $3 == "/" ]] ; then + /bin/zsh --no-rcs -c '/Applications/Utilities/Nudge.app/Contents/Resources/postinstall-nudge' + /bin/zsh --no-rcs -c '/Applications/Utilities/Nudge.app/Contents/Resources/postinstall-launchagent' +fi diff --git a/build_assets/postinstall-launchagent b/build_assets/postinstall-launchagent index 2fdc8bc3..b632cab9 100755 --- a/build_assets/postinstall-launchagent +++ b/build_assets/postinstall-launchagent @@ -1,4 +1,4 @@ -#!/bin/zsh +#!/bin/sh # # Copyright 2021-Present Erik Gomez. # @@ -14,39 +14,11 @@ # See the License for the specific language governing permissions and # limitations under the License. -# If you change your agent file name, update the following line -launch_agent_plist_name='com.github.macadmins.Nudge.plist' - -# Base paths -launch_agent_base_path='Library/LaunchAgents/' - -# Load agent if installing to a running system +# Only run if on a running system if [[ $3 == "/" ]] ; then - # Fail the install if the admin forgets to change their paths and they don't exist. - if [ ! -e "$3/${launch_agent_base_path}${launch_agent_plist_name}" ]; then - echo "LaunchAgent missing, exiting" - exit 1 - fi - - # Current console user information - console_user=$(/usr/bin/stat -f "%Su" /dev/console) - console_user_uid=$(/usr/bin/id -u "$console_user") - - # Only enable the LaunchAgent if there is a user logged in, otherwise rely on built in LaunchAgent behavior - if [[ -z "$console_user" ]]; then - echo "Did not detect user" - elif [[ "$console_user" == "loginwindow" ]]; then - echo "Detected Loginwindow Environment" - elif [[ "$console_user" == "_mbsetupuser" ]]; then - echo "Detect SetupAssistant Environment" - elif [[ "$console_user" == "root" ]]; then - echo "Detect root as currently logged-in user" + if [ -f '/Applications/Utilities/Nudge.app/Contents/Resources/postinstall-launchagent' ]; then + /bin/zsh --no-rcs -c '/Applications/Utilities/Nudge.app/Contents/Resources/postinstall-launchagent' else - # Unload the agent so it can be triggered on re-install - /bin/launchctl asuser "${console_user_uid}" /bin/launchctl unload -w "$3${launch_agent_base_path}${launch_agent_plist_name}" - # Kill Nudge just in case (say someone manually opens it and not launched via launchagent - /usr/bin/killall Nudge - # Load the launch agent - /bin/launchctl asuser "${console_user_uid}" /bin/launchctl load -w "$3${launch_agent_base_path}${launch_agent_plist_name}" + echo "File does not exist: Please ensure Nudge is installed prior to installation of these packages" fi fi diff --git a/build_assets/postinstall-logger b/build_assets/postinstall-logger index 2e6fad73..6148f6c8 100755 --- a/build_assets/postinstall-logger +++ b/build_assets/postinstall-logger @@ -1,4 +1,4 @@ -#!/bin/zsh +#!/bin/sh # # Copyright 2021-Present Erik Gomez. # @@ -14,22 +14,11 @@ # See the License for the specific language governing permissions and # limitations under the License. -# If you change your agent file name, update the following line -launch_daemon_plist_name='com.github.macadmins.Nudge.logger.plist' - -# Base paths -launch_daemon_base_path='Library/LaunchDaemons/' - -# Load agent if installing to a running system +# Only run if on a running system if [[ $3 == "/" ]] ; then - # Fail the install if the admin forgets to change their paths and they don't exist. - if [ ! -e "$3/${launch_daemon_base_path}${launch_daemon_plist_name}" ]; then - echo "LaunchDaemon missing, exiting" - exit 1 + if [ -f '/Applications/Utilities/Nudge.app/Contents/Resources/postinstall-logger' ]; then + /bin/zsh --no-rcs -c '/Applications/Utilities/Nudge.app/Contents/Resources/postinstall-logger' + else + echo "File does not exist: Please ensure Nudge is installed prior to installation of these packages" fi - - # Unload the agent so it can be triggered on re-install - /bin/launchctl unload -w "$3${launch_daemon_base_path}${launch_daemon_plist_name}" - # Load the launch agent - /bin/launchctl load -w "$3${launch_daemon_base_path}${launch_daemon_plist_name}" fi diff --git a/build_assets/postinstall-nudge b/build_assets/postinstall-nudge new file mode 100755 index 00000000..2ed274da --- /dev/null +++ b/build_assets/postinstall-nudge @@ -0,0 +1,20 @@ +#!/bin/sh +# +# Copyright 2021-Present Erik Gomez. +# +# Licensed under the Apache License, Version 2.0 (the 'License'); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an 'AS IS' BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Only run if on a running system +if [[ $3 == "/" ]] ; then + /bin/zsh --no-rcs -c '/Applications/Utilities/Nudge.app/Contents/Resources/postinstall-nudge' +fi diff --git a/build_assets/postinstall-suite b/build_assets/postinstall-suite index 000d968d..32b94151 100755 --- a/build_assets/postinstall-suite +++ b/build_assets/postinstall-suite @@ -1,4 +1,4 @@ -#!/bin/zsh +#!/bin/sh # # Copyright 2021-Present Erik Gomez. # @@ -14,54 +14,9 @@ # See the License for the specific language governing permissions and # limitations under the License. -# If you change your agent/daemon files name, update the following lines -launch_agent_plist_name='com.github.macadmins.Nudge.plist' -launch_daemon_plist_name='com.github.macadmins.Nudge.logger.plist' - -# Base paths -launch_agent_base_path='Library/LaunchAgents/' -launch_daemon_base_path='Library/LaunchDaemons/' - -# Load agent and daemon if installing to a running system +# Only run if on a running system if [[ $3 == "/" ]] ; then - ## Agent - # Fail the install if the admin forgets to change their paths and they don't exist. - if [ ! -e "$3/${launch_agent_base_path}${launch_agent_plist_name}" ]; then - echo "LaunchAgent missing, exiting" - exit 1 - fi - - # Current console user information - console_user=$(/usr/bin/stat -f "%Su" /dev/console) - console_user_uid=$(/usr/bin/id -u "$console_user") - - # Only enable the LaunchAgent if there is a user logged in, otherwise rely on built in LaunchAgent behavior - if [[ -z "$console_user" ]]; then - echo "Did not detect user" - elif [[ "$console_user" == "loginwindow" ]]; then - echo "Detected Loginwindow Environment" - elif [[ "$console_user" == "_mbsetupuser" ]]; then - echo "Detect SetupAssistant Environment" - elif [[ "$console_user" == "root" ]]; then - echo "Detect root as currently logged-in user" - else - # Unload the agent so it can be triggered on re-install - /bin/launchctl asuser "${console_user_uid}" /bin/launchctl unload -w "$3${launch_agent_base_path}${launch_agent_plist_name}" - # Kill Nudge just in case (say someone manually opens it and not launched via launchagent - /usr/bin/killall Nudge - # Load the launch agent - /bin/launchctl asuser "${console_user_uid}" /bin/launchctl load -w "$3${launch_agent_base_path}${launch_agent_plist_name}" - fi - - ## Daemon Logger - # Fail the install if the admin forgets to change their paths and they don't exist. - if [ ! -e "$3/${launch_daemon_base_path}${launch_daemon_plist_name}" ]; then - echo "LaunchDaemon missing, exiting" - exit 1 - fi - - # Unload the agent so it can be triggered on re-install - /bin/launchctl unload -w "$3${launch_daemon_base_path}${launch_daemon_plist_name}" - # Load the launch agent - /bin/launchctl load -w "$3${launch_daemon_base_path}${launch_daemon_plist_name}" + /bin/zsh --no-rcs -c '/Applications/Utilities/Nudge.app/Contents/Resources/postinstall-nudge' + /bin/zsh --no-rcs -c '/Applications/Utilities/Nudge.app/Contents/Resources/postinstall-logger' + /bin/zsh --no-rcs -c '/Applications/Utilities/Nudge.app/Contents/Resources/postinstall-launchagent' fi diff --git a/build_nudge.zsh b/build_nudge.zsh index 7e0ad999..bb9949fa 100755 --- a/build_nudge.zsh +++ b/build_nudge.zsh @@ -88,7 +88,8 @@ fi /bin/mkdir -p "$NUDGE_PKG_PATH/scripts" /usr/bin/sudo /usr/sbin/chown -R ${CONSOLEUSER}:wheel "$NUDGE_PKG_PATH" /bin/cp -R "${BUILDSDIR}/Release/Nudge.app" "$NUDGE_PKG_PATH/payload/Nudge.app" -/bin/cp "${TOOLSDIR}/build_assets/preinstall-app" "$NUDGE_PKG_PATH/scripts/preinstall" +echo "Moving postinstall to scripts folder" +/bin/cp "${TOOLSDIR}/build_assets/postinstall-nudge" "$NUDGE_PKG_PATH/scripts/postinstall" # Download specific version of munki-pkg echo "Downloading munki-pkg tool from github..." @@ -146,7 +147,9 @@ fi /bin/mkdir -p "$NUDGE_LA_PKG_PATH/payload" /bin/mkdir -p "$NUDGE_LA_PKG_PATH/scripts" /usr/bin/sudo /usr/sbin/chown -R ${CONSOLEUSER}:wheel "$NUDGE_LA_PKG_PATH" +echo "Moving LaunchAgent to payload folder" /bin/cp "${TOOLSDIR}/build_assets/com.github.macadmins.Nudge.plist" "$NUDGE_LA_PKG_PATH/payload" +echo "Moving postinstall to scripts folder" /bin/cp "${TOOLSDIR}/build_assets/postinstall-launchagent" "$NUDGE_LA_PKG_PATH/scripts/postinstall" # Create the json file for the signed munkipkg LaunchAgent pkg @@ -173,6 +176,9 @@ PKG_RESULT="$?" if [ "${PKG_RESULT}" != "0" ]; then echo "Could not sign package: ${PKG_RESULT}" 1>&2 else + # Notarize launchagent package + $XCODE_NOTARY_PATH submit "$NUDGE_LA_PKG_PATH/build/Nudge_LaunchAgent-1.0.1.pkg" --keychain-profile "nudge" --wait + $XCODE_STAPLER_PATH staple "$NUDGE_LA_PKG_PATH/build/Nudge_LaunchAgent-1.0.1.pkg" # Move the signed pkg /bin/mv "$NUDGE_LA_PKG_PATH/build/Nudge_LaunchAgent-1.0.1.pkg" "$OUTPUTSDIR" fi @@ -186,7 +192,9 @@ fi /bin/mkdir -p "$NUDGE_LD_PKG_PATH/payload" /bin/mkdir -p "$NUDGE_LD_PKG_PATH/scripts" /usr/bin/sudo /usr/sbin/chown -R ${CONSOLEUSER}:wheel "$NUDGE_LD_PKG_PATH" +echo "Moving LaunchDaemon to logging payload folder" /bin/cp "${TOOLSDIR}/build_assets/com.github.macadmins.Nudge.logger.plist" "$NUDGE_LD_PKG_PATH/payload" +echo "Moving postinstall to scripts folder" /bin/cp "${TOOLSDIR}/build_assets/postinstall-logger" "$NUDGE_LD_PKG_PATH/scripts/postinstall" # Create the json file for the signed munkipkg LaunchAgent pkg @@ -213,10 +221,60 @@ PKG_RESULT="$?" if [ "${PKG_RESULT}" != "0" ]; then echo "Could not sign package: ${PKG_RESULT}" 1>&2 else + # Notarize logger package + $XCODE_NOTARY_PATH submit "$NUDGE_LD_PKG_PATH/build/Nudge_Logger-1.0.1.pkg" --keychain-profile "nudge" --wait + $XCODE_STAPLER_PATH staple "$NUDGE_LD_PKG_PATH/build/Nudge_Logger-1.0.1.pkg" # Move the signed pkg /bin/mv "$NUDGE_LD_PKG_PATH/build/Nudge_Logger-1.0.1.pkg" "$OUTPUTSDIR" fi +# Create the Essentials package +echo "Moving Nudge.app to payload folder" +ESSENTIALS_PKG_PATH="$TOOLSDIR/NudgePkgEssentials" +if [ -e $ESSENTIALS_PKG_PATH ]; then + /bin/rm -rf $ESSENTIALS_PKG_PATH +fi +/bin/mkdir -p "$ESSENTIALS_PKG_PATH/payload/Applications/Utilities" +/bin/mkdir -p "$ESSENTIALS_PKG_PATH/payload/Library/LaunchAgents" +/bin/mkdir -p "$ESSENTIALS_PKG_PATH/scripts" +/usr/bin/sudo /usr/sbin/chown -R ${CONSOLEUSER}:wheel "$ESSENTIALS_PKG_PATH" +/bin/cp -R "${BUILDSDIR}/Release/Nudge.app" "$ESSENTIALS_PKG_PATH/payload/Applications/Utilities/Nudge.app" +echo "Moving LaunchAgent to payload folder" +/bin/cp "${TOOLSDIR}/build_assets/com.github.macadmins.Nudge.plist" "$ESSENTIALS_PKG_PATH/payload/Library/LaunchAgents" +echo "Moving postinstall to scripts folder" +/bin/cp "${TOOLSDIR}/build_assets/postinstall-essentials" "$ESSENTIALS_PKG_PATH/scripts/postinstall" + +# Create the json file for signed munkipkg Nudge Essentials pkg +/bin/cat << SIGNED_JSONFILE > "$ESSENTIALS_PKG_PATH/build-info.json" +{ + "ownership": "recommended", + "suppress_bundle_relocation": true, + "identifier": "com.github.macadmins.Nudge.Essentials", + "postinstall_action": "none", + "distribution_style": true, + "version": "$AUTOMATED_NUDGE_BUILD", + "name": "Nudge_Essentials-$AUTOMATED_NUDGE_BUILD.pkg", + "install_location": "/", + "signing_info": { + "identity": "$INSTALLER_SIGNING_IDENTITY", + "timestamp": true + } +} +SIGNED_JSONFILE + +# Create the signed Nudge Essentials pkg +python3 "${MP_BINDIR}/munki-pkg-${MP_SHA}/munkipkg" "$ESSENTIALS_PKG_PATH" +PKG_RESULT="$?" +if [ "${PKG_RESULT}" != "0" ]; then + echo "Could not sign package: ${PKG_RESULT}" 1>&2 +else + # Notarize Nudge Essentials package + $XCODE_NOTARY_PATH submit "$ESSENTIALS_PKG_PATH/build/Nudge_Essentials-$AUTOMATED_NUDGE_BUILD.pkg" --keychain-profile "nudge" --wait + $XCODE_STAPLER_PATH staple "$ESSENTIALS_PKG_PATH/build/Nudge_Essentials-$AUTOMATED_NUDGE_BUILD.pkg" + # Move the Nudge Essentials signed/notarized pkg + /bin/mv "$ESSENTIALS_PKG_PATH/build/Nudge_Essentials-$AUTOMATED_NUDGE_BUILD.pkg" "$OUTPUTSDIR" +fi + # Create the Suite package echo "Moving Nudge.app to payload folder" SUITE_PKG_PATH="$TOOLSDIR/NudgePkgSuite" @@ -229,11 +287,11 @@ fi /bin/mkdir -p "$SUITE_PKG_PATH/scripts" /usr/bin/sudo /usr/sbin/chown -R ${CONSOLEUSER}:wheel "$SUITE_PKG_PATH" /bin/cp -R "${BUILDSDIR}/Release/Nudge.app" "$SUITE_PKG_PATH/payload/Applications/Utilities/Nudge.app" -/bin/cp "${TOOLSDIR}/build_assets/preinstall-app" "$SUITE_PKG_PATH/scripts/preinstall" echo "Moving LaunchAgent to payload folder" /bin/cp "${TOOLSDIR}/build_assets/com.github.macadmins.Nudge.plist" "$SUITE_PKG_PATH/payload/Library/LaunchAgents" echo "Moving LaunchDaemon to logging payload folder" /bin/cp "${TOOLSDIR}/build_assets/com.github.macadmins.Nudge.logger.plist" "$SUITE_PKG_PATH/payload/Library/LaunchDaemons" +echo "Moving postinstall to scripts folder" /bin/cp "${TOOLSDIR}/build_assets/postinstall-suite" "$SUITE_PKG_PATH/scripts/postinstall" # Create the json file for signed munkipkg Nudge Suite pkg