github macadmins/outset v4.3.0.22014
Outset 4.3.0.22014 Beta 1
on GitHub

pre-release11 hours ago

Notes

This is a version of Outset created by GitHub Actions.
Outset.app has been signed and notarized. The package has been signed, notarized and stapled.

Fixed

  • Managed profile payload processing (Login.swift, Payloads.swift, closes #64): three related bugs prevented scripts delivered via MDM managed profiles from running correctly when local Outset directories were empty.

  • DMG package installation (installPackage): corrected a variable assignment bug where the DMG mount path was used as the package path instead of the actual .pkg/.mpkg file path. Also fixed a loop that overwrote a single variable on each iteration, meaning only the last package in a DMG was ever installed.

  • Network timeout (Boot.swift): the configured network_timeout preference value was being divided by 10 before being passed to waitForNetworkUp, causing the actual wait to be ten times shorter than configured.

  • Privileged login trigger (Login.swift): the condition that fires the login-privileged launchd trigger used || (OR) instead of && (AND), meaning the trigger would only fire when both the login-privileged-once and login-privileged-every directories were non-empty.

  • Log file path is now context-aware (Globals.swift, writeFileLog): Outset runs in both root context (boot, login-privileged, on-demand-privileged) and user context (login-every, login-once, on-demand). The previous single log path (/usr/local/outset/logs/outset.log) is in a root-owned directory, so user-context runs could not write to it. The log path is now determined at runtime: root context continues to log to /usr/local/outset/logs/outset.log; user-context runs log to ~/Library/Logs/outset.log. Log file permissions are 0o644 in both cases (previously 0o666).

  • LaunchDaemon Program key (io.macadmins.Outset.on-demand-privileged.plist, closes #72): the Program key was incorrectly typed as an <array> instead of a <string>. All LaunchDaemon plists now use the correct <string> type for the Program key as required by launchd.

Added

  • Background script execution: scripts whose filename begins with an underscore (e.g. _my-task.sh) are now dispatched concurrently on background threads while the remaining foreground scripts continue to execute sequentially. Documentation here

  • Ed25519 script signing: scripts can now be signed with an Ed25519 private key, with the signature embedded directly in the script as a # ed25519: <base64sig> comment. When an MDM-delivered public key (manifest_signing_key preference) is present, every script must carry a valid embedded signature — scripts without a valid signature are refused with an error log. Documentation here

Changelog

  • 675de98 - Made the EA more robust to any future changes in the number of agents/daemons. This should fix #59
  • 96023e1 - Added check in case directories we want to look at are missing
  • af323b9 - Some initial cleanup and re-arranging to assist with addressing issue #64
  • fc44464 - Some more tidy up. Initial work on getting boot-once data recorded. More to do
  • c5a6ca6 - Fixes boot-once issue when specifying a boot-once script as an MDM payload. run info is now properly recorded
  • 9ace5fe - fix for making sure login-privileged-once only runs once
  • fd49645 - more cleanup and comments. Also identified a logic error in removeIgnoredUsers
  • b921a27 - update add and remove for ignored users and overrides
  • 8f31c21 - Update created by
  • 9cd6191 - fix logic issue loading and writing runeonce for boot-once when running as root
  • 0ec1681 - Merge pull request #66 from macadmins/bugfix/jamf-ea
  • 5bac290 - Merge pull request #65 from macadmins/bugfix/64-managed-profiles
  • 737331e - Change program from type array to type string
  • e53d1d4 - Merge pull request #67 from macadmins/bugfix/on-demand-privileged
  • c873097 - Updated build number to 4.2.1
  • 7c08827 - Merge pull request #68 from macadmins/v4.2.1
  • 3ff2fb4 - Fix DMG package installation bugs in installPackage
  • 8fadd59 - Fix network timeout being 10x shorter than configured value
  • 4c34ea6 - Fix privileged login trigger not firing when only one directory has content
  • 2d562c4 - Guard against empty array in computeChecksum
  • e67b621 - Fix log file permissions and remove force unwraps in Logging and Shell
  • 4ccab98 - Eliminate global mutable state; pass consoleUser explicitly (Option B)
  • 7068957 - Add OutsetTests target with 27 unit tests
  • 264c288 - Add UntestableFunctionality.swift documenting test coverage gaps
  • e7fcb6f - Integration testing
  • e889ca9 - Version bump
  • 24c852b - Updated file permissions for integrated tests
  • 044716c - Add background script execution support (closes #69)
  • 9f0bfb5 - Update changelog
  • 3307f2a - Fix managed profile payload processing bugs (closes #64)
  • e34ba8d - Add Ed25519 embedded script signing (closes #70)
  • 5a9bfde - Add --verify-script command to validate embedded Ed25519 signatures
  • 7536b34 - Enforce MDM-managed requirement for manifest_signing_key
  • c70f42e - Merge branch 'fix/payload-processing-64' into code_review
  • b1d3397 - Update build workflow to use macos-latest and dynamic Xcode path
  • f075c25 - Fix Info.plist version to match project.pbxproj (4.3.0)
  • f263f77 - Update CHANGELOG for 4.3.0
  • 8dbe841 - Remove stale DEVELOPMENT_TEAM SDK override from Outset Release config
  • e180c6b - Context-aware log path: root logs to /usr/local/outset/logs, user to ~/Library/Logs
  • 51e28b4 - Add managed profile payload processing fix to CHANGELOG (closes #64)
  • b04be4c - Merge pull request #73 from macadmins/code_review
Check out latest releases or
releases around macadmins/outset v4.3.0.22014

Don't miss a new outset release

NewReleases is sending notifications on new releases.

Get notifications