Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add opendirectoryd_version artifact to check for installation of Secu… #9

Merged
merged 3 commits into from Dec 1, 2017

Conversation

Projects
None yet
3 participants
@haircut
Copy link
Contributor

commented Nov 30, 2017

…rity Update 2017-001 for High Sierra

SCCS project version checking as provided in https://support.apple.com/en-gb/HT208315

@clburlison
Copy link
Contributor

left a comment

My 2 cents

stdout = None

if stdout:
result = stdout.splitlines()[-1].split(':')[-1]

This comment has been minimized.

Copy link
@clburlison

clburlison Nov 30, 2017

Contributor

To match other "version" facts in this repo I would change this to:

result = stdout.splitlines()[-1].split('-')[-1]
Old 
<result>opendirectoryd-483.20.7</result>
vs new
<result>483.20.7</result>

This comment has been minimized.

Copy link
@haircut

haircut Nov 30, 2017

Author Contributor

I disagree, but you raise an important point about specificity.

This isn't really reporting the running version of opendirectoryd, rather the project version used to build the program.

From the what man page:

what -- show what versions of object modules were used to construct a file

what reads each file name and searches for sequences of the form
@(#)'', as inserted by the source code control system. It prints the remainder of the string following this marker, up to a null character, newline, double quote, or > character.''

In the case of a 10.13.1 system the output of what /usr/libexec/opendirectoryd includes PROJECT:opendirectoryd-483.20.7. In the relevant KB Apple refers to the full string as the "project version number", so for accuracy, the full string should be returned.

However, checking the version of /usr/libexec/opendirectoryd provides an altogether different output. Again, for a patched 10.13.1 system, the output of /usr/libexec/opendirectoryd --version is opendirectoryd (build 483.200). It would be more accurate to report 483.200 as the "version" of opendirectoryd.

Perhaps the best way forward here is actually:

  1. Rename this current artifact to opendirectoryd_project_version_number
  2. Create a new artifact to report the actual version of opendirectoryd and report it as 483.200 to match other "version" facts

If this sounds good I'm happy to do the work and add a new commit.

This comment has been minimized.

Copy link
@chilcote

chilcote Nov 30, 2017

Owner

TIL about /usr/bin/what

As for the PR, I really don't care as long as it doesn't break the run :)

This comment has been minimized.

Copy link
@clburlison

clburlison Nov 30, 2017

Contributor

I must have skimmed past that. I personally would prefer your recommendation to make rename this artifact. Also didn’t even realize/ think to look at the --version output.

@haircut

This comment has been minimized.

Copy link
Contributor Author

commented Nov 30, 2017

I've pushed the two changes.

  • Renamed the original subject artifact to opendirectoryd_project_version_number.py to more accurately reflect its purpose and output
  • Added opendirectoryd_build_number.py to report on that separately

No conflicts during the run @chilcote ;)

@chilcote chilcote merged commit 7793d74 into chilcote:master Dec 1, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.