Re-add iMazing Profile Editor as a macOS FMA#43574
Merged
allenhouchins merged 1 commit intomainfrom Apr 14, 2026
Merged
Conversation
Register iMazing Profile Editor as a Fleet-maintained app: add input metadata, add app entry to outputs/apps.json, and add darwin-specific version/installer info with install/uninstall scripts and checks. Update frontend icon mapping to include the human-readable name, and adjust fleet configs (workstations self-service slug, dynamic label bundle identifier, and macOS patch policy) to reference the new imazing-profile-editor/darwin slug and com.DigiDNA.iMazingProfileEditorMac bundle ID.
fleet-release
approved these changes
Apr 14, 2026
allenhouchins
temporarily deployed
to
Docker Hub
GitHub Actions
Inactive
Contributor
Script Diff Resultsee/maintained-apps/inputs/homebrew/imazing-profile-editor.jsonERROR: Could not retrieve previous version of file (file may not exist in previous commit)ee/maintained-apps/outputs/imazing-profile-editor/darwin.jsonERROR: Could not retrieve previous version of file (file may not exist in previous commit) |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #43574 +/- ##
=======================================
Coverage 66.90% 66.90%
=======================================
Files 2600 2600
Lines 208391 208391
Branches 9333 9334 +1
=======================================
+ Hits 139428 139432 +4
+ Misses 56275 56271 -4
Partials 12688 12688
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
fleet-release
approved these changes
Apr 14, 2026
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
There was a problem hiding this comment.
Claude Code Review
This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.
Tip: disable this comment in your organization's Code Review settings.
Contributor
|
Caution Review failedThe pull request is closed. ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (7)
WalkthroughThis PR adds iMazing Profile Editor as a new Fleet-maintained application for macOS. It includes creating the input manifest definition with metadata (bundle identifier Possibly related PRs
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Contributor
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Registers iMazing Profile Editor as a Fleet-maintained macOS app and updates Fleet configs/UI mappings to reference the new imazing-profile-editor/darwin slug and bundle ID.
Changes:
- Adds new maintained-app input metadata and generated darwin output (version, queries, installer URL, install/uninstall scripts).
- Registers the app in
outputs/apps.jsonand updates Fleet configs (policy, dynamic label, workstation self-service entry). - Updates the frontend software icon mapping to support the human-readable name.
Reviewed changes
Copilot reviewed 4 out of 7 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| it-and-security/lib/macos/policies/patch-fleet-maintained-apps.yml | Renames/retargets patch policy to the new imazing-profile-editor/darwin slug and label. |
| it-and-security/lib/all/labels/macs-with-fleet-maintained-apps-installed.yml | Updates the dynamic label to match the Profile Editor bundle ID. |
| it-and-security/fleets/workstations.yml | Updates self-service software slug to the new maintained-app slug. |
| frontend/pages/SoftwarePage/components/icons/index.ts | Adds a name-to-icon mapping for “imazing profile editor”. |
| ee/maintained-apps/outputs/imazing-profile-editor/darwin.json | Introduces Profile Editor darwin output with version metadata and install/uninstall scripts. |
| ee/maintained-apps/outputs/apps.json | Registers the new app entry (name/slug/platform/unique_identifier/description). |
| ee/maintained-apps/inputs/homebrew/imazing-profile-editor.json | Adds input metadata for generating the maintained app. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
103
to
+113
| install_software: false | ||
| labels_include_any: | ||
| - Macs with UTM installed | ||
| - name: macOS - iMazing up to date | ||
| description: The host may have an outdated version of iMazing, potentially risking security vulnerabilities or compatibility issues. | ||
| resolution: "Download the latest version from Self-service or check for updates using iMazing's built-in update functionality. You can also delete iMazing if you are no longer using it." | ||
| - name: macOS - iMazing Profile Editor up to date | ||
| description: The host may have an outdated version of iMazing Profile Editor, potentially risking security vulnerabilities or compatibility issues. | ||
| resolution: "Download the latest version from Self-service or check for updates using iMazing Profile Editor's built-in update functionality. You can also delete iMazing Profile Editor if you are no longer using it." | ||
| type: patch | ||
| fleet_maintained_app_slug: imazing/darwin | ||
| fleet_maintained_app_slug: imazing-profile-editor/darwin | ||
| install_software: false | ||
| labels_include_any: | ||
| - Macs with iMazing installed | ||
| - Macs with iMazing Profile Editor installed |
There was a problem hiding this comment.
The indentation of the newly added policy block appears inconsistent: - name: at line 106 is not indented, and the labels_include_any list item at line 113 is aligned with the key instead of being indented beneath it. In YAML this can change the parsed structure (or fail parsing entirely), which can break policy loading. Align indentation to match the surrounding policy list entries and ensure list items under labels_include_any: are indented more than the key.
Comment on lines
+66
to
70
| - name: Macs with iMazing Profile Editor installed | ||
| description: macOS hosts with iMazing Profile Editor installed | ||
| query: SELECT 1 FROM apps WHERE bundle_identifier = 'com.DigiDNA.iMazingProfileEditorMac'; | ||
| label_membership_type: dynamic | ||
| platform: darwin |
There was a problem hiding this comment.
The indentation of this label entry looks inconsistent with the rest of the file (the - name: entry is flush-left in this hunk). If the surrounding YAML defines these labels under a parent key (common for Fleet label bundles), this will break the document structure. Adjust indentation to match the other label entries in this file.
| ], | ||
| "refs": { | ||
| "b32c3dd9": "#!/bin/sh\n\n# variables\nAPPDIR=\"/Applications/\"\nLOGGED_IN_USER=$(scutil <<< \"show State:/Users/ConsoleUser\" | awk '/Name :/ { print $3 }')\n# functions\n\nquit_application() {\n local bundle_id=\"$1\"\n local timeout_duration=10\n\n # check if the application is running\n local app_running\n app_running=$(osascript -e \"application id \\\"$bundle_id\\\" is running\" 2>/dev/null)\n if [[ \"$app_running\" != \"true\" ]]; then\n return\n fi\n\n local console_user\n console_user=$(stat -f \"%Su\" /dev/console)\n if [[ $EUID -eq 0 && \"$console_user\" == \"root\" ]]; then\n echo \"Not logged into a non-root GUI; skipping quitting application ID '$bundle_id'.\"\n return\n fi\n\n echo \"Quitting application '$bundle_id'...\"\n\n # try to quit the application within the timeout period\n local quit_success=false\n SECONDS=0\n while (( SECONDS < timeout_duration )); do\n if osascript -e \"tell application id \\\"$bundle_id\\\" to quit\" >/dev/null 2>&1; then\n if ! pgrep -f \"$bundle_id\" >/dev/null 2>&1; then\n echo \"Application '$bundle_id' quit successfully.\"\n quit_success=true\n break\n fi\n fi\n sleep 1\n done\n\n if [[ \"$quit_success\" = false ]]; then\n echo \"Application '$bundle_id' did not quit.\"\n fi\n}\n\n\ntrash() {\n local logged_in_user=\"$1\"\n local target_file=\"$2\"\n local timestamp=\"$(date +%Y-%m-%d-%s)\"\n local rand=\"$(jot -r 1 0 99999)\"\n\n # replace ~ with /Users/$logged_in_user\n if [[ \"$target_file\" == ~* ]]; then\n target_file=\"/Users/$logged_in_user${target_file:1}\"\n fi\n\n local trash=\"/Users/$logged_in_user/.Trash\"\n local file_name=\"$(basename \"${target_file}\")\"\n\n if [[ -e \"$target_file\" ]]; then\n echo \"removing $target_file.\"\n mv -f \"$target_file\" \"$trash/${file_name}_${timestamp}_${rand}\"\n else\n echo \"$target_file doesn't exist.\"\n fi\n}\n\nquit_application 'com.DigiDNA.iMazingProfileEditorMac'\nsudo rm -rf \"$APPDIR/iMazing Profile Editor.app\"\ntrash $LOGGED_IN_USER '~/Library/Application Scripts/com.DigiDNA.iMazingProfileEditorMac'\ntrash $LOGGED_IN_USER '~/Library/Caches/com.plausiblelabs.crashreporter.data/com.DigiDNA.iMazingProfileEditorMac.Mini'\ntrash $LOGGED_IN_USER '~/Library/Containers/com.DigiDNA.iMazingProfileEditorMac'\ntrash $LOGGED_IN_USER '~/Library/Saved Application State/com.DigiDNA.iMazingProfileEditorMac.savedState'\n", | ||
| "c8f6c7ba": "#!/bin/sh\n\n# variables\nAPPDIR=\"/Applications/\"\nTMPDIR=$(dirname \"$(realpath $INSTALLER_PATH)\")\n# functions\n\nquit_and_track_application() {\n local bundle_id=\"$1\"\n local var_name=\"APP_WAS_RUNNING_$(echo \"$bundle_id\" | tr '.-' '__')\"\n local timeout_duration=10\n\n # check if the application is running\n local app_running\n app_running=$(osascript -e \"application id \\\"$bundle_id\\\" is running\" 2>/dev/null)\n if [[ \"$app_running\" != \"true\" ]]; then\n eval \"export $var_name=0\"\n return\n fi\n\n local console_user\n console_user=$(stat -f \"%Su\" /dev/console)\n if [[ $EUID -eq 0 && \"$console_user\" == \"root\" ]]; then\n echo \"Not logged into a non-root GUI; skipping quitting application ID '$bundle_id'.\"\n eval \"export $var_name=0\"\n return\n fi\n\n # App was running, mark it for relaunch\n eval \"export $var_name=1\"\n echo \"Application '$bundle_id' was running; will relaunch after installation.\"\n\n echo \"Quitting application '$bundle_id'...\"\n\n # try to quit the application within the timeout period\n local quit_success=false\n SECONDS=0\n while (( SECONDS < timeout_duration )); do\n if osascript -e \"tell application id \\\"$bundle_id\\\" to quit\" >/dev/null 2>&1; then\n if ! pgrep -f \"$bundle_id\" >/dev/null 2>&1; then\n echo \"Application '$bundle_id' quit successfully.\"\n quit_success=true\n break\n fi\n fi\n sleep 1\n done\n\n if [[ \"$quit_success\" = false ]]; then\n echo \"Application '$bundle_id' did not quit.\"\n fi\n}\n\n\nrelaunch_application() {\n local bundle_id=\"$1\"\n local var_name=\"APP_WAS_RUNNING_$(echo \"$bundle_id\" | tr '.-' '__')\"\n local was_running\n\n # Check if the app was running before installation\n eval \"was_running=\\$$var_name\"\n if [[ \"$was_running\" != \"1\" ]]; then\n return\n fi\n\n local console_user\n console_user=$(stat -f \"%Su\" /dev/console)\n if [[ $EUID -eq 0 && \"$console_user\" == \"root\" ]]; then\n echo \"Not logged into a non-root GUI; skipping relaunching application ID '$bundle_id'.\"\n return\n fi\n\n echo \"Relaunching application '$bundle_id'...\"\n\n # Try to launch the application\n if osascript -e \"tell application id \\\"$bundle_id\\\" to activate\" >/dev/null 2>&1; then\n echo \"Application '$bundle_id' relaunched successfully.\"\n else\n echo \"Failed to relaunch application '$bundle_id'.\"\n fi\n}\n\n\n# extract contents\nMOUNT_POINT=$(mktemp -d /tmp/dmg_mount_XXXXXX)\nhdiutil attach -plist -nobrowse -readonly -mountpoint \"$MOUNT_POINT\" \"$INSTALLER_PATH\"\nsudo cp -R \"$MOUNT_POINT\"/* \"$TMPDIR\"\nhdiutil detach \"$MOUNT_POINT\"\n# copy to the applications folder\nquit_and_track_application 'com.DigiDNA.iMazingProfileEditorMac'\nif [ -d \"$APPDIR/iMazing Profile Editor.app\" ]; then\n\tsudo mv \"$APPDIR/iMazing Profile Editor.app\" \"$TMPDIR/iMazing Profile Editor.app.bkp\"\nfi\nsudo cp -R \"$TMPDIR/iMazing Profile Editor.app\" \"$APPDIR\"\nrelaunch_application 'com.DigiDNA.iMazingProfileEditorMac'\n" |
There was a problem hiding this comment.
The embedded install/uninstall scripts are likely to be brittle in managed execution contexts: (1) they declare #!/bin/sh but use non-POSIX constructs ([[ ... ]], local, (( ... )), SECONDS), which can break if /bin/sh is not bash-compatible; (2) they call sudo even though these scripts are typically executed as root by management tooling, and sudo can fail in non-interactive sessions; (3) the install script does not ensure the DMG is detached/temporary mountpoint removed on failure (no trap/cleanup), which can leave stale mounts/directories; and (4) realpath $INSTALLER_PATH is unquoted, so paths containing spaces can break. Recommendation: either switch the shebang to an interpreter that matches the used syntax (e.g., bash) or make the scripts strictly POSIX-sh; remove sudo and instead enforce/assume root execution; add a trap-based cleanup for detach/removal; and quote $INSTALLER_PATH in the realpath call.
Suggested change
| "c8f6c7ba": "#!/bin/sh\n\n# variables\nAPPDIR=\"/Applications/\"\nTMPDIR=$(dirname \"$(realpath $INSTALLER_PATH)\")\n# functions\n\nquit_and_track_application() {\n local bundle_id=\"$1\"\n local var_name=\"APP_WAS_RUNNING_$(echo \"$bundle_id\" | tr '.-' '__')\"\n local timeout_duration=10\n\n # check if the application is running\n local app_running\n app_running=$(osascript -e \"application id \\\"$bundle_id\\\" is running\" 2>/dev/null)\n if [[ \"$app_running\" != \"true\" ]]; then\n eval \"export $var_name=0\"\n return\n fi\n\n local console_user\n console_user=$(stat -f \"%Su\" /dev/console)\n if [[ $EUID -eq 0 && \"$console_user\" == \"root\" ]]; then\n echo \"Not logged into a non-root GUI; skipping quitting application ID '$bundle_id'.\"\n eval \"export $var_name=0\"\n return\n fi\n\n # App was running, mark it for relaunch\n eval \"export $var_name=1\"\n echo \"Application '$bundle_id' was running; will relaunch after installation.\"\n\n echo \"Quitting application '$bundle_id'...\"\n\n # try to quit the application within the timeout period\n local quit_success=false\n SECONDS=0\n while (( SECONDS < timeout_duration )); do\n if osascript -e \"tell application id \\\"$bundle_id\\\" to quit\" >/dev/null 2>&1; then\n if ! pgrep -f \"$bundle_id\" >/dev/null 2>&1; then\n echo \"Application '$bundle_id' quit successfully.\"\n quit_success=true\n break\n fi\n fi\n sleep 1\n done\n\n if [[ \"$quit_success\" = false ]]; then\n echo \"Application '$bundle_id' did not quit.\"\n fi\n}\n\n\nrelaunch_application() {\n local bundle_id=\"$1\"\n local var_name=\"APP_WAS_RUNNING_$(echo \"$bundle_id\" | tr '.-' '__')\"\n local was_running\n\n # Check if the app was running before installation\n eval \"was_running=\\$$var_name\"\n if [[ \"$was_running\" != \"1\" ]]; then\n return\n fi\n\n local console_user\n console_user=$(stat -f \"%Su\" /dev/console)\n if [[ $EUID -eq 0 && \"$console_user\" == \"root\" ]]; then\n echo \"Not logged into a non-root GUI; skipping relaunching application ID '$bundle_id'.\"\n return\n fi\n\n echo \"Relaunching application '$bundle_id'...\"\n\n # Try to launch the application\n if osascript -e \"tell application id \\\"$bundle_id\\\" to activate\" >/dev/null 2>&1; then\n echo \"Application '$bundle_id' relaunched successfully.\"\n else\n echo \"Failed to relaunch application '$bundle_id'.\"\n fi\n}\n\n\n# extract contents\nMOUNT_POINT=$(mktemp -d /tmp/dmg_mount_XXXXXX)\nhdiutil attach -plist -nobrowse -readonly -mountpoint \"$MOUNT_POINT\" \"$INSTALLER_PATH\"\nsudo cp -R \"$MOUNT_POINT\"/* \"$TMPDIR\"\nhdiutil detach \"$MOUNT_POINT\"\n# copy to the applications folder\nquit_and_track_application 'com.DigiDNA.iMazingProfileEditorMac'\nif [ -d \"$APPDIR/iMazing Profile Editor.app\" ]; then\n\tsudo mv \"$APPDIR/iMazing Profile Editor.app\" \"$TMPDIR/iMazing Profile Editor.app.bkp\"\nfi\nsudo cp -R \"$TMPDIR/iMazing Profile Editor.app\" \"$APPDIR\"\nrelaunch_application 'com.DigiDNA.iMazingProfileEditorMac'\n" | |
| "c8f6c7ba": "#!/bin/bash\n\nset -e\n\n# variables\nAPPDIR=\"/Applications/\"\nTMPDIR=$(dirname \"$(realpath \"$INSTALLER_PATH\")\")\nMOUNT_POINT=\"\"\n\nif [[ $EUID -ne 0 ]]; then\n echo \"This installer must be run as root.\"\n exit 1\nfi\n\ncleanup() {\n if [[ -n \"$MOUNT_POINT\" && -d \"$MOUNT_POINT\" ]]; then\n hdiutil detach \"$MOUNT_POINT\" >/dev/null 2>&1 || true\n rmdir \"$MOUNT_POINT\" >/dev/null 2>&1 || true\n fi\n}\n\ntrap cleanup EXIT\n\n# functions\n\nquit_and_track_application() {\n local bundle_id=\"$1\"\n local var_name=\"APP_WAS_RUNNING_$(echo \"$bundle_id\" | tr '.-' '__')\"\n local timeout_duration=10\n\n # check if the application is running\n local app_running\n app_running=$(osascript -e \"application id \\\"$bundle_id\\\" is running\" 2>/dev/null)\n if [[ \"$app_running\" != \"true\" ]]; then\n eval \"export $var_name=0\"\n return\n fi\n\n local console_user\n console_user=$(stat -f \"%Su\" /dev/console)\n if [[ $EUID -eq 0 && \"$console_user\" == \"root\" ]]; then\n echo \"Not logged into a non-root GUI; skipping quitting application ID '$bundle_id'.\"\n eval \"export $var_name=0\"\n return\n fi\n\n # App was running, mark it for relaunch\n eval \"export $var_name=1\"\n echo \"Application '$bundle_id' was running; will relaunch after installation.\"\n\n echo \"Quitting application '$bundle_id'...\"\n\n # try to quit the application within the timeout period\n local quit_success=false\n SECONDS=0\n while (( SECONDS < timeout_duration )); do\n if osascript -e \"tell application id \\\"$bundle_id\\\" to quit\" >/dev/null 2>&1; then\n if ! pgrep -f \"$bundle_id\" >/dev/null 2>&1; then\n echo \"Application '$bundle_id' quit successfully.\"\n quit_success=true\n break\n fi\n fi\n sleep 1\n done\n\n if [[ \"$quit_success\" = false ]]; then\n echo \"Application '$bundle_id' did not quit.\"\n fi\n}\n\n\nrelaunch_application() {\n local bundle_id=\"$1\"\n local var_name=\"APP_WAS_RUNNING_$(echo \"$bundle_id\" | tr '.-' '__')\"\n local was_running\n\n # Check if the app was running before installation\n eval \"was_running=\\$$var_name\"\n if [[ \"$was_running\" != \"1\" ]]; then\n return\n fi\n\n local console_user\n console_user=$(stat -f \"%Su\" /dev/console)\n if [[ $EUID -eq 0 && \"$console_user\" == \"root\" ]]; then\n echo \"Not logged into a non-root GUI; skipping relaunching application ID '$bundle_id'.\"\n return\n fi\n\n echo \"Relaunching application '$bundle_id'...\"\n\n # Try to launch the application\n if osascript -e \"tell application id \\\"$bundle_id\\\" to activate\" >/dev/null 2>&1; then\n echo \"Application '$bundle_id' relaunched successfully.\"\n else\n echo \"Failed to relaunch application '$bundle_id'.\"\n fi\n}\n\n\n# extract contents\nMOUNT_POINT=$(mktemp -d /tmp/dmg_mount_XXXXXX)\nhdiutil attach -plist -nobrowse -readonly -mountpoint \"$MOUNT_POINT\" \"$INSTALLER_PATH\"\ncp -R \"$MOUNT_POINT\"/* \"$TMPDIR\"\n# copy to the applications folder\nquit_and_track_application 'com.DigiDNA.iMazingProfileEditorMac'\nif [ -d \"$APPDIR/iMazing Profile Editor.app\" ]; then\n\tmv \"$APPDIR/iMazing Profile Editor.app\" \"$TMPDIR/iMazing Profile Editor.app.bkp\"\nfi\ncp -R \"$TMPDIR/iMazing Profile Editor.app\" \"$APPDIR\"\nrelaunch_application 'com.DigiDNA.iMazingProfileEditorMac'\n" |
This was referenced Apr 15, 2026
This was referenced Apr 27, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Register iMazing Profile Editor as a Fleet-maintained app: add input metadata, add app entry to outputs/apps.json, and add darwin-specific version/installer info with install/uninstall scripts and checks. Update frontend icon mapping to include the human-readable name, and adjust fleet configs (workstations self-service slug, dynamic label bundle identifier, and macOS patch policy) to reference the new imazing-profile-editor/darwin slug and com.DigiDNA.iMazingProfileEditorMac bundle ID.
Summary by CodeRabbit
New Features
Chores