Skip to content

fix: make macOS config seed world-readable#618

Open
madhavilosetty-intel wants to merge 1 commit into
mainfrom
macos-installer
Open

fix: make macOS config seed world-readable#618
madhavilosetty-intel wants to merge 1 commit into
mainfrom
macos-installer

Conversation

@madhavilosetty-intel

Copy link
Copy Markdown
Contributor

No description provided.

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the macOS installer/uninstaller scripts to relocate the machine-wide configuration seed into /Library/Application Support/device-management-toolkit and adjust permissions so multiple users’ tray instances can read the same seed config.

Changes:

  • Move macOS config seed path from $APP_DIR/config/config.yml to /Library/Application Support/device-management-toolkit/config.yml.
  • Make the machine-wide config seed world-readable (chmod 644) and adjust related installer/uninstaller messaging.
  • Enhance configure.sh to overwrite/update the per-user tray config after reconfiguration.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 8 comments.

File Description
installers/macos/uninstall.sh Updates config path references and uninstall messaging to the new machine-wide config directory.
installers/macos/scripts/preinstall Reads the installed-version fallback from the new machine-wide config location.
installers/macos/scripts/postinstall Writes/uses the new machine-wide config location and changes config permissions to be readable by non-root users.
installers/macos/configure.sh Writes config to the new machine-wide location and adds logic to overwrite the per-user tray config on reconfigure.
Comments suppressed due to low confidence (1)

installers/macos/scripts/postinstall:45

  • CONFIG_DIR is created with chmod 755, but ownership isn’t enforced. If the directory already exists and is owned/writable by a non-root user, that user could potentially replace config.yml (or swap it with a symlink) before/after installs. It’s safer to ensure the directory is root-owned as well.
# Per-user DB lives in ~/Library/Application Support via os.UserConfigDir(); this
# is the machine-wide seed dir the binary reads (machineConfigPath).
if [ ! -d "$CONFIG_DIR" ]; then
    mkdir -p "$CONFIG_DIR"
    chmod 755 "$CONFIG_DIR"
fi

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread installers/macos/scripts/postinstall Outdated
Comment thread installers/macos/scripts/postinstall Outdated
Comment thread installers/macos/scripts/postinstall
Comment thread installers/macos/configure.sh
Comment thread installers/macos/configure.sh Outdated
Comment thread installers/macos/configure.sh Outdated
Comment thread installers/macos/uninstall.sh Outdated
Comment thread installers/macos/uninstall.sh Outdated
@madhavilosetty-intel madhavilosetty-intel changed the title fix(installer): make macOS config seed world-readable fix: make macOS config seed world-readable Jun 24, 2026
@madhavilosetty-intel madhavilosetty-intel changed the title fix: make macOS config seed world-readable fix: make macOS config seed world-readable Jun 24, 2026
@madhavilosetty-intel madhavilosetty-intel force-pushed the macos-installer branch 2 times, most recently from 67c492a to 165aee4 Compare June 25, 2026 04:13
Propagate the machine config to the per-user tray config on reconfigure,
hand the per-user data dir to the console user so the tray can create the DB,
and write the per-user config owner-only via install -m 600.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants