fix: make macOS config seed world-readable#618
Open
madhavilosetty-intel wants to merge 1 commit into
Open
Conversation
There was a problem hiding this comment.
Pull request overview
Updates the macOS installer/uninstaller scripts to relocate the machine-wide configuration seed into /Library/Application Support/device-management-toolkit and adjust permissions so multiple users’ tray instances can read the same seed config.
Changes:
- Move macOS config seed path from
$APP_DIR/config/config.ymlto/Library/Application Support/device-management-toolkit/config.yml. - Make the machine-wide config seed world-readable (
chmod 644) and adjust related installer/uninstaller messaging. - Enhance
configure.shto overwrite/update the per-user tray config after reconfiguration.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 8 comments.
| File | Description |
|---|---|
| installers/macos/uninstall.sh | Updates config path references and uninstall messaging to the new machine-wide config directory. |
| installers/macos/scripts/preinstall | Reads the installed-version fallback from the new machine-wide config location. |
| installers/macos/scripts/postinstall | Writes/uses the new machine-wide config location and changes config permissions to be readable by non-root users. |
| installers/macos/configure.sh | Writes config to the new machine-wide location and adds logic to overwrite the per-user tray config on reconfigure. |
Comments suppressed due to low confidence (1)
installers/macos/scripts/postinstall:45
CONFIG_DIRis created withchmod 755, but ownership isn’t enforced. If the directory already exists and is owned/writable by a non-root user, that user could potentially replaceconfig.yml(or swap it with a symlink) before/after installs. It’s safer to ensure the directory is root-owned as well.
# Per-user DB lives in ~/Library/Application Support via os.UserConfigDir(); this
# is the machine-wide seed dir the binary reads (machineConfigPath).
if [ ! -d "$CONFIG_DIR" ]; then
mkdir -p "$CONFIG_DIR"
chmod 755 "$CONFIG_DIR"
fi
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
2c2b50f to
d29720b
Compare
67c492a to
165aee4
Compare
Propagate the machine config to the per-user tray config on reconfigure, hand the per-user data dir to the console user so the tray can create the DB, and write the per-user config owner-only via install -m 600.
165aee4 to
8b195de
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.