mirror/munki
1
0
Fork 0
mirror of https://github.com/munki/munki.git synced 2026-05-18 04:08:33 -05:00
Code Issues Packages Projects Releases Wiki Activity

Adding bootstrapping functions

Browse Source
This commit is contained in:
Greg Neagle
2024-09-03 14:14:09 -07:00
parent cda1d155bf
commit ef13131b2b
2 changed files with 119 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
code/cli/munki/munki.xcodeproj/project.pbxproj
+6
View File
@@ -117,6 +117,8 @@
C043ED202C4822C70047C025 /* sqlite3.swift in Sources */ = {isa = PBXBuildFile; fileRef = C043ED1E2C4822C70047C025 /* sqlite3.swift */; };
C043ED232C483EEE0047C025 /* rmpkgs.swift in Sources */ = {isa = PBXBuildFile; fileRef = C043ED222C483EEE0047C025 /* rmpkgs.swift */; };
C043ED242C483EEE0047C025 /* rmpkgs.swift in Sources */ = {isa = PBXBuildFile; fileRef = C043ED222C483EEE0047C025 /* rmpkgs.swift */; };
C06C21342C8793720023E9D9 /* bootstrapping.swift in Sources */ = {isa = PBXBuildFile; fileRef = C06C21332C8793720023E9D9 /* bootstrapping.swift */; };
C06C21352C8793720023E9D9 /* bootstrapping.swift in Sources */ = {isa = PBXBuildFile; fileRef = C06C21332C8793720023E9D9 /* bootstrapping.swift */; };
C07074DC2C33AE5F00B86310 /* munkilog.swift in Sources */ = {isa = PBXBuildFile; fileRef = C07074DB2C33AE5F00B86310 /* munkilog.swift */; };
C07074DD2C33AE5F00B86310 /* munkilog.swift in Sources */ = {isa = PBXBuildFile; fileRef = C07074DB2C33AE5F00B86310 /* munkilog.swift */; };
C07074DF2C33B9A000B86310 /* reports.swift in Sources */ = {isa = PBXBuildFile; fileRef = C07074DE2C33B9A000B86310 /* reports.swift */; };
@@ -358,6 +360,7 @@
C030A9F52C435183007F0B34 /* readline.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = readline.swift; sourceTree = "<group>"; };
C043ED1E2C4822C70047C025 /* sqlite3.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = sqlite3.swift; sourceTree = "<group>"; };
C043ED222C483EEE0047C025 /* rmpkgs.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = rmpkgs.swift; sourceTree = "<group>"; };
C06C21332C8793720023E9D9 /* bootstrapping.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = bootstrapping.swift; sourceTree = "<group>"; };
C07074DB2C33AE5F00B86310 /* munkilog.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = munkilog.swift; sourceTree = "<group>"; };
C07074DE2C33B9A000B86310 /* reports.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = reports.swift; sourceTree = "<group>"; };
C07074E12C3489FA00B86310 /* pkginfolib.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = pkginfolib.swift; sourceTree = "<group>"; };
@@ -655,6 +658,7 @@
C07AED652C66D0A000DE6119 /* facts.swift */,
C0011CAB2C7A64F30004ED70 /* Predicates.m */,
C07A9D992C83DDD000D5D4B2 /* installinfo.swift */,
C06C21332C8793720023E9D9 /* bootstrapping.swift */,
);
path = shared;
sourceTree = "<group>";
@@ -1106,6 +1110,7 @@
C07A9D9A2C83DDD000D5D4B2 /* installinfo.swift in Sources */,
C07074EB2C34A6AD00B86310 /* versionutils.swift in Sources */,
C01792E82C74F989008CBC22 /* selfservice.swift in Sources */,
C06C21342C8793720023E9D9 /* bootstrapping.swift in Sources */,
C030A9BF2C409738007F0B34 /* iconutils.swift in Sources */,
C07AED6F2C67DF6B00DE6119 /* gurl.swift in Sources */,
C07AED632C66CFBD00DE6119 /* appinventory.swift in Sources */,
@@ -1167,6 +1172,7 @@
C07AED6C2C66F56C00DE6119 /* manifests.swift in Sources */,
C07074E62C34910F00B86310 /* osutils.swift in Sources */,
C030A9C12C419565007F0B34 /* osinstaller.swift in Sources */,
C06C21352C8793720023E9D9 /* bootstrapping.swift in Sources */,
C0D9C2B12C62D4120019A067 /* powermanager.swift in Sources */,
C0D9C2982C6012C80019A067 /* dmg.swift in Sources */,
C030A9C22C41B556007F0B34 /* pkginfolib.swift in Sources */,
code/cli/munki/shared/bootstrapping.swift
+113
View File
@@ -4,5 +4,118 @@
//
// Created by Greg Neagle on 9/3/24.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
import Foundation
func disableFDEAutoLogin() {
// Disables autologin to the unlocking user's account on a FileVault-
// encrypted machines.
//
// See https://support.apple.com/en-us/HT202842
// We attempt to store the original value of com.apple.loginwindow
// DisableFDEAutoLogin so if the local admin has set it to True for #reasons
// we don't inadvertently clear it when clearing bootstrap mode
//
// is OriginalDisableFDEAutoLogin already set? If so, bootstrap mode was
// already enabled, and never properly cleared. Don't stomp on it.
let originalValue = CFPreferencesCopyValue(
"OriginalDisableFDEAutoLogin" as CFString,
"com.apple.loginwindow" as CFString,
kCFPreferencesAnyUser, kCFPreferencesCurrentHost
)
if originalValue == nil {
// store the current value of DisableFDEAutoLogin if any
let currentValue = CFPreferencesCopyValue(
"DisableFDEAutoLogin" as CFString,
"com.apple.loginwindow" as CFString,
kCFPreferencesAnyUser, kCFPreferencesCurrentHost
)
let valueToSet: CFPropertyList? = if currentValue == nil {
"<not set>" as CFString
} else {
currentValue!
}
CFPreferencesSetValue(
"OriginalDisableFDEAutoLogin" as CFString,
valueToSet,
"com.apple.loginwindow" as CFString,
kCFPreferencesAnyUser, kCFPreferencesCurrentHost
)
}
// set com.apple.loginwindow DisableFDEAutoLogin to True
CFPreferencesSetValue(
"DisableFDEAutoLogin" as CFString,
true as CFPropertyList?,
"com.apple.loginwindow" as CFString,
kCFPreferencesAnyUser, kCFPreferencesCurrentHost
)
CFPreferencesAppSynchronize("com.apple.loginwindow" as CFString)
}
func resetFDEAutoLogin() {
// Resets the state of com.apple.loginwindow DisableFDEAutoLogin
// to its value before we set it to true
// get the previous value of DisableFDEAutoLogin if any
var originalValue = CFPreferencesCopyValue(
"OriginalDisableFDEAutoLogin" as CFString,
"com.apple.loginwindow" as CFString,
kCFPreferencesAnyUser, kCFPreferencesCurrentHost
)
if let value = originalValue as? String,
value == "<not set>"
{
originalValue = nil
}
// reset DisableFDEAutoLogin to original value (if originalValue is nil,
// the key gets deleted)
CFPreferencesSetValue(
"DisableFDEAutoLogin" as CFString,
originalValue,
"com.apple.loginwindow" as CFString,
kCFPreferencesAnyUser, kCFPreferencesCurrentHost
)
// delete the OriginalDisableFDEAutoLogin key
CFPreferencesSetValue(
"OriginalDisableFDEAutoLogin" as CFString,
nil,
"com.apple.loginwindow" as CFString,
kCFPreferencesAnyUser, kCFPreferencesCurrentHost
)
CFPreferencesAppSynchronize("com.apple.loginwindow" as CFString)
}
func setBootstrapMode() throws {
// Set up bootstrap mode
// turn off auto login of FV unlocking user
disableFDEAutoLogin()
// create CHECKANDINSTALLATSTARTUPFLAG file
if !FileManager.default.createFile(
atPath: CHECKANDINSTALLATSTARTUPFLAG, contents: nil
) {
resetFDEAutoLogin()
throw MunkiError("Could not reate bootstrapping flag file")
}
}
func clearBootstrapMode() throws {
// Clear bootstrap mode
resetFDEAutoLogin()
if pathExists(CHECKANDINSTALLATSTARTUPFLAG) {
do {
try FileManager.default.removeItem(atPath: CHECKANDINSTALLATSTARTUPFLAG)
} catch {
throw MunkiError("Could not remove bootstrapping flag file: \(error.localizedDescription)")
}
}
}