Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deprecate osx_profile resource since it can longer silently install profiles #14278

Open
williamtheaker opened this issue Mar 7, 2024 · 1 comment
Open

Deprecate osx_profile resource since it can longer silently install profiles #14278

williamtheaker opened this issue Mar 7, 2024 · 1 comment
Labels
Status: Untriaged An issue that has yet to be triaged.

Comments

@williamtheaker
Copy link
Contributor

Context

In 2020, Apple dropped support for non-interactively installing configuration profiles. The final macOS version to support this was macOS Catalina (version 10.15), which was released in 2019 and stopped receiving security updates in 2022.

This change was only really documented in the man page for the profiles tool:

DESCRIPTION
     profiles is used to handle various profile types on macOS.   Starting with macOS 11.0 (profiles tool 8.0 or later), this tool cannot be
         used to install configuration profiles.  You should add your profiles using the System Settings Profiles
         preference pane.    Additionally, startup profiles are no longer supported.

Frustratingly, this requires access to a macOS device because Apple doesn't publish man pages online and the profiles tool is nonfree/proprietary so there's no public source code to link as documentation.

This line in a video transcript of a June 2020 dev talk is the closest I can get to an Apple statement on the subject:

As of macOS Big Sur, you will no longer be able to completely install profiles using Terminal.

https://developer.apple.com/videos/play/wwdc2020/10639/?time=629

Motivation

As a Chef user,
I want Chef core resources to match my expectations,
so that using Chef is easier.

(copied from RFC-98 Deprecate deploy and erl_call)

Specification

Since this resource can't install new profiles, it doesn't really do anything useful on currently-supported versions of macOS.

Anyone who was using this resource has almost certainly replaced it with MDM-managed profiles a long time ago, since the overlap between having an MDM server and needing config profiles on nodes should be near 1:1. This could be marked as deprecated in the next Chef Infra 18 release and eventually removed in either Chef Infra 19 or 20.

Downstream Impact

I searched Github for repos referencing osx_profile and didn't find any repos that were updated in the last five years.
@williamtheaker williamtheaker added the Status: Untriaged An issue that has yet to be triaged. label Mar 7, 2024
@williamtheaker williamtheaker mentioned this issue Mar 7, 2024
Open
11 tasks
@erikng
Copy link
Contributor

erikng commented Mar 7, 2024
edited

I would be so bold and say it should be fully removed without any deprecation notice, since Chef currently only supports macOS 12 and higher. https://docs.chef.io/platforms/

Platform and Version | Vendor End-of-Life Date | Chef End-of-Life Date
-- | -- | --
Apple macOS 11 | Sep 26, 2023 | Sep 26, 2023
-- | -- | --

If you attempt to use this resource on a support version of macOS, chef will fail without explicitly marking as ignore_failure true

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Status: Untriaged An issue that has yet to be triaged.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@williamtheaker @erikng