From cbb1e08e2664e1b8fb3a68ee34e3e47aeb3a425f Mon Sep 17 00:00:00 2001 From: Sam Ess Date: Sat, 16 Oct 2021 16:42:56 -0400 Subject: [PATCH 1/6] Move root user check forward Root user check is now moved from the installation function to main. The new location is after parsing the label but before printing the log for blocking process and notify settings. This prevents a downloading an application that can't be installed. Resolves issue #88 --- fragments/main.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fragments/main.sh b/fragments/main.sh index dfba2c9..08406ca 100644 --- a/fragments/main.sh +++ b/fragments/main.sh @@ -5,6 +5,10 @@ ;; esac +# MARK: check for root + if [ "$(whoami)" != "root" ]; then + # not running as root + cleanupAndExit 6 "not running as root, exiting" # MARK: application download and installation starts here From b6bc0b12691abca147a85403f4b336ed0b5adbeb Mon Sep 17 00:00:00 2001 From: Sam Ess Date: Sat, 16 Oct 2021 18:46:36 -0400 Subject: [PATCH 2/6] Add debug mode 2 Restores functionality of running script as a non-root user for testing purposes. Resolves issue #88 --- fragments/functions.sh | 38 ++++++++++++++++++-------------------- fragments/header.sh | 4 +++- fragments/main.sh | 16 ++++++++-------- 3 files changed, 29 insertions(+), 29 deletions(-) diff --git a/fragments/functions.sh b/fragments/functions.sh index ebf6e58..9201db4 100644 --- a/fragments/functions.sh +++ b/fragments/functions.sh @@ -4,7 +4,7 @@ cleanupAndExit() { # $1 = exit code, $2 message if [[ -n $2 && $1 -ne 0 ]]; then printlog "ERROR: $2" fi - if [ "$DEBUG" -eq 0 ]; then + if [ "$DEBUG" -ne 1 ]; then # remove the temporary working directory when done printlog "Deleting $tmpDir" rm -Rf "$tmpDir" @@ -192,9 +192,9 @@ getAppVersion() { } checkRunningProcesses() { - # don't check in DEBUG mode - if [[ $DEBUG -ne 0 ]]; then - printlog "DEBUG mode, not checking for blocking processes" + # don't check in DEBUG mode 1 + if [[ $DEBUG -eq 1 ]]; then + printlog "DEBUG mode 1, not checking for blocking processes" return fi @@ -299,9 +299,9 @@ reopenClosedProcess() { return fi - # don't reopen in DEBUG mode - if [[ $DEBUG -ne 0 ]]; then - printlog "DEBUG mode, not reopening anything" + # don't reopen in DEBUG mode 1 + if [[ $DEBUG -eq 1 ]]; then + printlog "DEBUG mode 1, not reopening anything" return fi @@ -358,16 +358,15 @@ installAppWithPath() { # $1: path to app to install in $targetDir printlog "Downloaded version of $name is $appNewVersion (replacing version $appversion)." fi - # skip install for DEBUG - if [ "$DEBUG" -ne 0 ]; then - printlog "DEBUG enabled, skipping remove, copy and chown steps" + # skip install for DEBUG 1 + if [ "$DEBUG" -eq 1 ]; then + printlog "DEBUG mode 1 enabled, skipping remove, copy and chown steps" return 0 fi - # check for root - if [ "$(whoami)" != "root" ]; then - # not running as root - cleanupAndExit 6 "not running as root, exiting" + # skip install for DEBUG 2 + if [ "$DEBUG" -eq 2 ]; then + cleanupAndExit 0 "DEBUG mode 2 enabled, exiting" fi # remove existing application @@ -462,16 +461,15 @@ installFromPKG() { fi fi - # skip install for DEBUG - if [ "$DEBUG" -ne 0 ]; then + # skip install for DEBUG 1 + if [ "$DEBUG" -eq 1 ]; then printlog "DEBUG enabled, skipping installation" return 0 fi - # check for root - if [ "$(whoami)" != "root" ]; then - # not running as root - cleanupAndExit 6 "not running as root, exiting" + # skip install for DEBUG 2 + if [ "$DEBUG" -eq 2 ]; then + cleanupAndExit 0 "DEBUG 2 enabled, exiting" fi # install pkg diff --git a/fragments/header.sh b/fragments/header.sh index a845b98..703773f 100644 --- a/fragments/header.sh +++ b/fragments/header.sh @@ -20,9 +20,11 @@ export PATH=/usr/bin:/bin:/usr/sbin:/sbin # NOTE: adjust these variables: -# set to 0 for production, 1 for debugging +# set to 0 for production, 1 or 2 for debugging # while debugging, items will be downloaded to the parent directory of this script # also no actual installation will be performed +# debug mode 1 will download to the directory the script is run in, but will not check version +# debug mode 2 will download to the temp directory, check for blocking processes, check version, but will not install anything or remove the current version DEBUG=1 # notify behavior diff --git a/fragments/main.sh b/fragments/main.sh index 08406ca..edd706c 100644 --- a/fragments/main.sh +++ b/fragments/main.sh @@ -6,7 +6,7 @@ esac # MARK: check for root - if [ "$(whoami)" != "root" ]; then + if [ "$(whoami)" != "root" || "$DEBUG" -eq 2 ]; then # not running as root cleanupAndExit 6 "not running as root, exiting" @@ -100,7 +100,7 @@ if [[ -z $blockingProcesses ]]; then fi # MARK: determine tmp dir -if [ "$DEBUG" -ne 0 ]; then +if [ "$DEBUG" -eq 1 ]; then # for debugging use script dir as working directory tmpDir=$(dirname "$0") else @@ -124,7 +124,7 @@ printlog "appversion: $appversion" if [[ -n $appNewVersion ]]; then printlog "Latest version of $name is $appNewVersion" if [[ $appversion == $appNewVersion ]]; then - if [[ $DEBUG -eq 0 ]]; then + if [[ $DEBUG -ne 1 ]]; then printlog "There is no newer version available." if [[ $INSTALL != "force" ]]; then message="$name, version $appNewVersion, is the latest version." @@ -138,7 +138,7 @@ if [[ -n $appNewVersion ]]; then updateTool="" fi else - printlog "DEBUG mode enabled, not exiting, but there is no new version of app." + printlog "DEBUG mode 1 enabled, not exiting, but there is no new version of app." fi fi else @@ -152,7 +152,7 @@ fi # MARK: check if this is an Update and we can use updateTool if [[ (-n $appversion && -n "$updateTool") || "$type" == "updateronly" ]]; then printlog "appversion & updateTool" - if [[ $DEBUG -eq 0 ]]; then + if [[ $DEBUG -ne 1 ]]; then if runUpdateTool; then finishing cleanupAndExit 0 @@ -161,13 +161,13 @@ if [[ (-n $appversion && -n "$updateTool") || "$type" == "updateronly" ]]; then cleanupAndExit 0 fi # otherwise continue else - printlog "DEBUG mode enabled, not running update tool" + printlog "DEBUG mode 1 enabled, not running update tool" fi fi # MARK: download the archive -if [ -f "$archiveName" ] && [ "$DEBUG" -ne 0 ]; then - printlog "$archiveName exists and DEBUG enabled, skipping download" +if [ -f "$archiveName" ] && [ "$DEBUG" -eq 1 ]; then + printlog "$archiveName exists and DEBUG mode 1 enabled, skipping download" else # download the dmg printlog "Downloading $downloadURL to $archiveName" From c85a7a1fba8695e899b2da006a58b40d03d4ed4a Mon Sep 17 00:00:00 2001 From: Sam Ess Date: Sat, 16 Oct 2021 19:03:29 -0400 Subject: [PATCH 3/6] Add in missing fi Close check for root loop -_- --- fragments/main.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/fragments/main.sh b/fragments/main.sh index edd706c..e54097f 100644 --- a/fragments/main.sh +++ b/fragments/main.sh @@ -6,9 +6,10 @@ esac # MARK: check for root - if [ "$(whoami)" != "root" || "$DEBUG" -eq 2 ]; then - # not running as root - cleanupAndExit 6 "not running as root, exiting" +if [ "$(whoami)" != "root" || "$DEBUG" -eq 2 ]; then + # not running as root + cleanupAndExit 6 "not running as root, exiting" +fi # MARK: application download and installation starts here From d402f46c3c116d37493a3d6553565622586b4014 Mon Sep 17 00:00:00 2001 From: Sam Ess Date: Sat, 16 Oct 2021 19:17:06 -0400 Subject: [PATCH 4/6] Fixed printlog issue --- fragments/functions.sh | 6 ++++-- fragments/main.sh | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/fragments/functions.sh b/fragments/functions.sh index 9201db4..9ec7ebe 100644 --- a/fragments/functions.sh +++ b/fragments/functions.sh @@ -366,7 +366,8 @@ installAppWithPath() { # $1: path to app to install in $targetDir # skip install for DEBUG 2 if [ "$DEBUG" -eq 2 ]; then - cleanupAndExit 0 "DEBUG mode 2 enabled, exiting" + printlog "DEBUG mode 2 enabled, exiting" + cleanupAndExit 0 fi # remove existing application @@ -469,7 +470,8 @@ installFromPKG() { # skip install for DEBUG 2 if [ "$DEBUG" -eq 2 ]; then - cleanupAndExit 0 "DEBUG 2 enabled, exiting" + printlog "DEBUG mode 2 enabled, exiting" + cleanupAndExit 0 fi # install pkg diff --git a/fragments/main.sh b/fragments/main.sh index e54097f..79e5685 100644 --- a/fragments/main.sh +++ b/fragments/main.sh @@ -6,7 +6,7 @@ esac # MARK: check for root -if [ "$(whoami)" != "root" || "$DEBUG" -eq 2 ]; then +if [[ "$(whoami)" != "root" && "$DEBUG" -ne 2 ]]; then # not running as root cleanupAndExit 6 "not running as root, exiting" fi From 2a15a2142d15982bb70f437328c702d99380e39e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=B8ren=20Theilgaard?= Date: Tue, 23 Nov 2021 08:59:44 +0100 Subject: [PATCH 5/6] Moved root check to before case statement We can have code in the case statement, so no need to run that, if we were supposed to exit. --- fragments/arguments.sh | 5 +++++ fragments/main.sh | 5 ----- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/fragments/arguments.sh b/fragments/arguments.sh index 4fca81e..0ce33a2 100644 --- a/fragments/arguments.sh +++ b/fragments/arguments.sh @@ -46,6 +46,11 @@ versionKey="CFBundleShortVersionString" # get current user currentUser=$(scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ { print $3 }') +# MARK: check for root +if [[ "$(whoami)" != "root" && "$DEBUG" -ne 2 ]]; then + # not running as root + cleanupAndExit 6 "not running as root, exiting" +fi # MARK: labels in case statement case $label in diff --git a/fragments/main.sh b/fragments/main.sh index 79e5685..51f9c9f 100644 --- a/fragments/main.sh +++ b/fragments/main.sh @@ -5,11 +5,6 @@ ;; esac -# MARK: check for root -if [[ "$(whoami)" != "root" && "$DEBUG" -ne 2 ]]; then - # not running as root - cleanupAndExit 6 "not running as root, exiting" -fi # MARK: application download and installation starts here From 5fcb4174f01e4b68ad2d7405c234a92a12d43d9f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=B8ren=20Theilgaard?= Date: Tue, 23 Nov 2021 09:06:03 +0100 Subject: [PATCH 6/6] Update CHANGELOG.md --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8f2685f..099342b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,5 @@ +- Improved DEBUG handling with two different modes. `DEBUG=0` is still for production, and `1` is still for the DEBUG we previously knew downloading to the directory it is running from, but `2` will download to temporary folder, will detect updates, but will not install anything, but it will notify the user. + ## v0.7 - default for `BLOCKING_PROCESS_ACTION`is now `BLOCKING_PROCESS_ACTION=tell_user` and not `prompt_user`. It will demand the user to quit the app to get it updated, and not present any option to skip it. In considering various use cases in different MDM solutions this is the best option going forward. Users usually choose to update, and is most often not bothered much with this information. If it's absoultely a bad time, then they can move the dialog box to the side, and click it when ready.