Update Fleet-maintained apps#43761
Merged
allenhouchins merged 1 commit intomainfrom Apr 20, 2026
Merged
Conversation
Generated automatically with cmd/maintained-apps.
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
There was a problem hiding this comment.
Claude Code Review
This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.
Tip: disable this comment in your organization's Code Review settings.
fleet-release
temporarily deployed
to
Docker Hub
GitHub Actions
Inactive
Contributor
Script Diff Resultsee/maintained-apps/outputs/tailscale-app/darwin.json=== Install Script (no changes) ===
=== Uninstall // 19c36d3e -> e671d925 ===
--- /tmp/old.YaUtNS 2026-04-20 14:33:49.597781526 +0000
+++ /tmp/new.eEVlp9 2026-04-20 14:33:49.597781526 +0000
@@ -136,6 +136,8 @@
quit_application 'io.tailscale.ipn.macsys'
remove_pkg_files 'com.tailscale.ipn.macsys'
forget_pkg 'com.tailscale.ipn.macsys'
+sudo rm -rf '/usr/local/bin/tailscale'
+sudo rm -rf '/usr/local/share/man/man8/tssentineld.8'
trash $LOGGED_IN_USER '/Library/Tailscale'
trash $LOGGED_IN_USER '~/Library/Application Scripts/*.io.tailscale.ipn.macsys'
trash $LOGGED_IN_USER '~/Library/Application Scripts/io.tailscale.ipn.macsys'ee/maintained-apps/outputs/whatsapp/darwin.json=== Install Script (no changes) ===
=== Uninstall Script (no changes) === |
Contributor
WalkthroughThis PR modifies two maintained-app configuration files. The Tailscale macOS app's uninstall script reference is updated from Possibly related PRs
🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 inconclusive)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@ee/maintained-apps/outputs/tailscale-app/darwin.json`:
- Line 20: The uninstall script is passing wildcard patterns quoted into trash,
preventing shell glob expansion; update either the calls (lines invoking trash
at the bottom) or the trash function to expand globs before acting: for each
pattern passed to trash (see calls like trash $LOGGED_IN_USER '~/Library/Group
Containers/*.io.tailscale.ipn.macsys'), iterate over the expanded matches (e.g.
for target in $pattern; do [ -e "$target" ] && mv -f "$target" "$trash/..." ;
done) and handle non-matches gracefully, or accept multiple args and run
expansion inside trash; modify the trash function (trash) or the call sites to
perform shell globbing expansion so wildcard paths are removed as intended.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: a1d8256f-b9c5-488c-b3b3-31891d0ac592
📒 Files selected for processing (2)
ee/maintained-apps/outputs/tailscale-app/darwin.jsonee/maintained-apps/outputs/whatsapp/darwin.json
| "19c36d3e": "#!/bin/sh\n\n# variables\nLOGGED_IN_USER=$(scutil <<< \"show State:/Users/ConsoleUser\" | awk '/Name :/ { print $3 }')\n# functions\n\nexpand_pkgid_and_map() {\n local PKGID=\"$1\"\n local FUNC=\"$2\"\n if [[ \"$PKGID\" == *\"*\" ]]; then\n local prefix=\"${PKGID%\\*}\"\n echo \"Expanding wildcard for PKGID: $PKGID\"\n for receipt in $(pkgutil --pkgs | grep \"^${prefix}\"); do\n echo \"Processing $receipt\"\n \"$FUNC\" \"$receipt\"\n done\n else\n \"$FUNC\" \"$PKGID\"\n fi\n}\n\nforget_pkg() {\n local PKGID=\"$1\"\n expand_pkgid_and_map \"$PKGID\" forget_receipt\n}\n\nforget_receipt() {\n local PKGID=\"$1\"\n sudo pkgutil --forget \"$PKGID\"\n}\n\nquit_application() {\n local bundle_id=\"$1\"\n local timeout_duration=10\n\n # check if the application is running\n local app_running\n app_running=$(osascript -e \"application id \\\"$bundle_id\\\" is running\" 2>/dev/null)\n if [[ \"$app_running\" != \"true\" ]]; then\n return\n fi\n\n local console_user\n console_user=$(stat -f \"%Su\" /dev/console)\n if [[ $EUID -eq 0 && \"$console_user\" == \"root\" ]]; then\n echo \"Not logged into a non-root GUI; skipping quitting application ID '$bundle_id'.\"\n return\n fi\n\n echo \"Quitting application '$bundle_id'...\"\n\n # try to quit the application within the timeout period\n local quit_success=false\n SECONDS=0\n while (( SECONDS < timeout_duration )); do\n if osascript -e \"tell application id \\\"$bundle_id\\\" to quit\" >/dev/null 2>&1; then\n if ! pgrep -f \"$bundle_id\" >/dev/null 2>&1; then\n echo \"Application '$bundle_id' quit successfully.\"\n quit_success=true\n break\n fi\n fi\n sleep 1\n done\n\n if [[ \"$quit_success\" = false ]]; then\n echo \"Application '$bundle_id' did not quit.\"\n fi\n}\n\n\nremove_pkg_files() {\n local PKGID=\"$1\"\n expand_pkgid_and_map \"$PKGID\" remove_receipt_files\n}\n\nremove_receipt_files() {\n local PKGID=\"$1\"\n local PKGINFO VOLUME INSTALL_LOCATION FULL_INSTALL_LOCATION\n\n echo \"pkgutil --pkg-info-plist \\\"$PKGID\\\"\"\n PKGINFO=$(pkgutil --pkg-info-plist \"$PKGID\")\n VOLUME=$(echo \"$PKGINFO\" | awk '/<key>volume<\\/key>/ {getline; gsub(/.*<string>|<\\/string>.*/, \"\"); print}')\n INSTALL_LOCATION=$(echo \"$PKGINFO\" | awk '/<key>install-location<\\/key>/ {getline; gsub(/.*<string>|<\\/string>.*/, \"\"); print}')\n\n if [ -z \"$INSTALL_LOCATION\" ] || [ \"$INSTALL_LOCATION\" = \"/\" ]; then\n FULL_INSTALL_LOCATION=\"$VOLUME\"\n else\n FULL_INSTALL_LOCATION=\"$VOLUME/$INSTALL_LOCATION\"\n FULL_INSTALL_LOCATION=$(echo \"$FULL_INSTALL_LOCATION\" | sed 's|//|/|g')\n fi\n\n echo \"sudo pkgutil --only-files --files \\\"$PKGID\\\" | sed \\\"s|^|${FULL_INSTALL_LOCATION}/|\\\" | tr '\\\\\\\\n' '\\\\\\\\0' | /usr/bin/sudo -u root -E -- /usr/bin/xargs -0 -- /bin/rm -rf\"\n sudo pkgutil --only-files --files \"$PKGID\" | sed \"s|^|/${INSTALL_LOCATION}/|\" | tr '\\n' '\\0' | /usr/bin/sudo -u root -E -- /usr/bin/xargs -0 -- /bin/rm -rf\n\n echo \"sudo pkgutil --only-dirs --files \\\"$PKGID\\\" | sed \\\"s|^|${FULL_INSTALL_LOCATION}/|\\\" | grep '\\\\.app$' | tr '\\\\\\\\n' '\\\\\\\\0' | /usr/bin/sudo -u root -E -- /usr/bin/xargs -0 -- /bin/rm -rf\"\n sudo pkgutil --only-dirs --files \"$PKGID\" | sed \"s|^|${FULL_INSTALL_LOCATION}/|\" | grep '\\.app$' | tr '\\n' '\\0' | /usr/bin/sudo -u root -E -- /usr/bin/xargs -0 -- /bin/rm -rf\n\n root_app_dir=$(\n sudo pkgutil --only-dirs --files \"$PKGID\" \\\n | sed \"s|^|${FULL_INSTALL_LOCATION}/|\" \\\n | grep 'Applications' \\\n | awk '{ print length, $0 }' \\\n | sort -n \\\n | head -n1 \\\n | cut -d' ' -f2-\n )\n if [ -n \"$root_app_dir\" ]; then\n echo \"sudo rmdir -p \\\"$root_app_dir\\\" 2>/dev/null || :\"\n sudo rmdir -p \"$root_app_dir\" 2>/dev/null || :\n fi\n}\n\ntrash() {\n local logged_in_user=\"$1\"\n local target_file=\"$2\"\n local timestamp=\"$(date +%Y-%m-%d-%s)\"\n local rand=\"$(jot -r 1 0 99999)\"\n\n # replace ~ with /Users/$logged_in_user\n if [[ \"$target_file\" == ~* ]]; then\n target_file=\"/Users/$logged_in_user${target_file:1}\"\n fi\n\n local trash=\"/Users/$logged_in_user/.Trash\"\n local file_name=\"$(basename \"${target_file}\")\"\n\n if [[ -e \"$target_file\" ]]; then\n echo \"removing $target_file.\"\n mv -f \"$target_file\" \"$trash/${file_name}_${timestamp}_${rand}\"\n else\n echo \"$target_file doesn't exist.\"\n fi\n}\n\nquit_application 'io.tailscale.ipn.macsys'\nremove_pkg_files 'com.tailscale.ipn.macsys'\nforget_pkg 'com.tailscale.ipn.macsys'\ntrash $LOGGED_IN_USER '/Library/Tailscale'\ntrash $LOGGED_IN_USER '~/Library/Application Scripts/*.io.tailscale.ipn.macsys'\ntrash $LOGGED_IN_USER '~/Library/Application Scripts/io.tailscale.ipn.macsys'\ntrash $LOGGED_IN_USER '~/Library/Application Scripts/io.tailscale.ipn.macsys.login-item-helper'\ntrash $LOGGED_IN_USER '~/Library/Application Scripts/io.tailscale.ipn.macsys.share-extension'\ntrash $LOGGED_IN_USER '~/Library/Caches/io.tailscale.ipn.macsys'\ntrash $LOGGED_IN_USER '~/Library/Containers/io.tailscale.ipn.macos.network-extension'\ntrash $LOGGED_IN_USER '~/Library/Containers/io.tailscale.ipn.macsys'\ntrash $LOGGED_IN_USER '~/Library/Containers/io.tailscale.ipn.macsys.login-item-helper'\ntrash $LOGGED_IN_USER '~/Library/Containers/io.tailscale.ipn.macsys.share-extension'\ntrash $LOGGED_IN_USER '~/Library/Containers/Tailscale'\ntrash $LOGGED_IN_USER '~/Library/Group Containers/*.io.tailscale.ipn.macsys'\ntrash $LOGGED_IN_USER '~/Library/HTTPStorages/io.tailscale.ipn.macsys'\ntrash $LOGGED_IN_USER '~/Library/HTTPStorages/io.tailscale.ipn.macsys.binarycookies'\ntrash $LOGGED_IN_USER '~/Library/Preferences/io.tailscale.ipn.macsys.plist'\n", | ||
| "aade28b0": "#!/bin/sh\n\n# variables\nAPPDIR=\"/Applications/\"\nTMPDIR=$(dirname \"$(realpath $INSTALLER_PATH)\")\n# functions\n\nquit_and_track_application() {\n local bundle_id=\"$1\"\n local var_name=\"APP_WAS_RUNNING_$(echo \"$bundle_id\" | tr '.-' '__')\"\n local timeout_duration=10\n\n # check if the application is running\n local app_running\n app_running=$(osascript -e \"application id \\\"$bundle_id\\\" is running\" 2>/dev/null)\n if [[ \"$app_running\" != \"true\" ]]; then\n eval \"export $var_name=0\"\n return\n fi\n\n local console_user\n console_user=$(stat -f \"%Su\" /dev/console)\n if [[ $EUID -eq 0 && \"$console_user\" == \"root\" ]]; then\n echo \"Not logged into a non-root GUI; skipping quitting application ID '$bundle_id'.\"\n eval \"export $var_name=0\"\n return\n fi\n\n # App was running, mark it for relaunch\n eval \"export $var_name=1\"\n echo \"Application '$bundle_id' was running; will relaunch after installation.\"\n\n echo \"Quitting application '$bundle_id'...\"\n\n # try to quit the application within the timeout period\n local quit_success=false\n SECONDS=0\n while (( SECONDS < timeout_duration )); do\n if osascript -e \"tell application id \\\"$bundle_id\\\" to quit\" >/dev/null 2>&1; then\n if ! pgrep -f \"$bundle_id\" >/dev/null 2>&1; then\n echo \"Application '$bundle_id' quit successfully.\"\n quit_success=true\n break\n fi\n fi\n sleep 1\n done\n\n if [[ \"$quit_success\" = false ]]; then\n echo \"Application '$bundle_id' did not quit.\"\n fi\n}\n\n\nrelaunch_application() {\n local bundle_id=\"$1\"\n local var_name=\"APP_WAS_RUNNING_$(echo \"$bundle_id\" | tr '.-' '__')\"\n local was_running\n\n # Check if the app was running before installation\n eval \"was_running=\\$$var_name\"\n if [[ \"$was_running\" != \"1\" ]]; then\n return\n fi\n\n local console_user\n console_user=$(stat -f \"%Su\" /dev/console)\n if [[ $EUID -eq 0 && \"$console_user\" == \"root\" ]]; then\n echo \"Not logged into a non-root GUI; skipping relaunching application ID '$bundle_id'.\"\n return\n fi\n\n echo \"Relaunching application '$bundle_id'...\"\n\n # Try to launch the application\n if osascript -e \"tell application id \\\"$bundle_id\\\" to activate\" >/dev/null 2>&1; then\n echo \"Application '$bundle_id' relaunched successfully.\"\n else\n echo \"Failed to relaunch application '$bundle_id'.\"\n fi\n}\n\n\n# install pkg files\nquit_and_track_application 'io.tailscale.ipn.macsys'\nsudo installer -pkg \"$TMPDIR/Tailscale-1.96.5-macos.pkg\" -target /\nrelaunch_application 'io.tailscale.ipn.macsys'\n" | ||
| "aade28b0": "#!/bin/sh\n\n# variables\nAPPDIR=\"/Applications/\"\nTMPDIR=$(dirname \"$(realpath $INSTALLER_PATH)\")\n# functions\n\nquit_and_track_application() {\n local bundle_id=\"$1\"\n local var_name=\"APP_WAS_RUNNING_$(echo \"$bundle_id\" | tr '.-' '__')\"\n local timeout_duration=10\n\n # check if the application is running\n local app_running\n app_running=$(osascript -e \"application id \\\"$bundle_id\\\" is running\" 2>/dev/null)\n if [[ \"$app_running\" != \"true\" ]]; then\n eval \"export $var_name=0\"\n return\n fi\n\n local console_user\n console_user=$(stat -f \"%Su\" /dev/console)\n if [[ $EUID -eq 0 && \"$console_user\" == \"root\" ]]; then\n echo \"Not logged into a non-root GUI; skipping quitting application ID '$bundle_id'.\"\n eval \"export $var_name=0\"\n return\n fi\n\n # App was running, mark it for relaunch\n eval \"export $var_name=1\"\n echo \"Application '$bundle_id' was running; will relaunch after installation.\"\n\n echo \"Quitting application '$bundle_id'...\"\n\n # try to quit the application within the timeout period\n local quit_success=false\n SECONDS=0\n while (( SECONDS < timeout_duration )); do\n if osascript -e \"tell application id \\\"$bundle_id\\\" to quit\" >/dev/null 2>&1; then\n if ! pgrep -f \"$bundle_id\" >/dev/null 2>&1; then\n echo \"Application '$bundle_id' quit successfully.\"\n quit_success=true\n break\n fi\n fi\n sleep 1\n done\n\n if [[ \"$quit_success\" = false ]]; then\n echo \"Application '$bundle_id' did not quit.\"\n fi\n}\n\n\nrelaunch_application() {\n local bundle_id=\"$1\"\n local var_name=\"APP_WAS_RUNNING_$(echo \"$bundle_id\" | tr '.-' '__')\"\n local was_running\n\n # Check if the app was running before installation\n eval \"was_running=\\$$var_name\"\n if [[ \"$was_running\" != \"1\" ]]; then\n return\n fi\n\n local console_user\n console_user=$(stat -f \"%Su\" /dev/console)\n if [[ $EUID -eq 0 && \"$console_user\" == \"root\" ]]; then\n echo \"Not logged into a non-root GUI; skipping relaunching application ID '$bundle_id'.\"\n return\n fi\n\n echo \"Relaunching application '$bundle_id'...\"\n\n # Try to launch the application\n if osascript -e \"tell application id \\\"$bundle_id\\\" to activate\" >/dev/null 2>&1; then\n echo \"Application '$bundle_id' relaunched successfully.\"\n else\n echo \"Failed to relaunch application '$bundle_id'.\"\n fi\n}\n\n\n# install pkg files\nquit_and_track_application 'io.tailscale.ipn.macsys'\nsudo installer -pkg \"$TMPDIR/Tailscale-1.96.5-macos.pkg\" -target /\nrelaunch_application 'io.tailscale.ipn.macsys'\n", | ||
| "e671d925": "#!/bin/sh\n\n# variables\nLOGGED_IN_USER=$(scutil <<< \"show State:/Users/ConsoleUser\" | awk '/Name :/ { print $3 }')\n# functions\n\nexpand_pkgid_and_map() {\n local PKGID=\"$1\"\n local FUNC=\"$2\"\n if [[ \"$PKGID\" == *\"*\" ]]; then\n local prefix=\"${PKGID%\\*}\"\n echo \"Expanding wildcard for PKGID: $PKGID\"\n for receipt in $(pkgutil --pkgs | grep \"^${prefix}\"); do\n echo \"Processing $receipt\"\n \"$FUNC\" \"$receipt\"\n done\n else\n \"$FUNC\" \"$PKGID\"\n fi\n}\n\nforget_pkg() {\n local PKGID=\"$1\"\n expand_pkgid_and_map \"$PKGID\" forget_receipt\n}\n\nforget_receipt() {\n local PKGID=\"$1\"\n sudo pkgutil --forget \"$PKGID\"\n}\n\nquit_application() {\n local bundle_id=\"$1\"\n local timeout_duration=10\n\n # check if the application is running\n local app_running\n app_running=$(osascript -e \"application id \\\"$bundle_id\\\" is running\" 2>/dev/null)\n if [[ \"$app_running\" != \"true\" ]]; then\n return\n fi\n\n local console_user\n console_user=$(stat -f \"%Su\" /dev/console)\n if [[ $EUID -eq 0 && \"$console_user\" == \"root\" ]]; then\n echo \"Not logged into a non-root GUI; skipping quitting application ID '$bundle_id'.\"\n return\n fi\n\n echo \"Quitting application '$bundle_id'...\"\n\n # try to quit the application within the timeout period\n local quit_success=false\n SECONDS=0\n while (( SECONDS < timeout_duration )); do\n if osascript -e \"tell application id \\\"$bundle_id\\\" to quit\" >/dev/null 2>&1; then\n if ! pgrep -f \"$bundle_id\" >/dev/null 2>&1; then\n echo \"Application '$bundle_id' quit successfully.\"\n quit_success=true\n break\n fi\n fi\n sleep 1\n done\n\n if [[ \"$quit_success\" = false ]]; then\n echo \"Application '$bundle_id' did not quit.\"\n fi\n}\n\n\nremove_pkg_files() {\n local PKGID=\"$1\"\n expand_pkgid_and_map \"$PKGID\" remove_receipt_files\n}\n\nremove_receipt_files() {\n local PKGID=\"$1\"\n local PKGINFO VOLUME INSTALL_LOCATION FULL_INSTALL_LOCATION\n\n echo \"pkgutil --pkg-info-plist \\\"$PKGID\\\"\"\n PKGINFO=$(pkgutil --pkg-info-plist \"$PKGID\")\n VOLUME=$(echo \"$PKGINFO\" | awk '/<key>volume<\\/key>/ {getline; gsub(/.*<string>|<\\/string>.*/, \"\"); print}')\n INSTALL_LOCATION=$(echo \"$PKGINFO\" | awk '/<key>install-location<\\/key>/ {getline; gsub(/.*<string>|<\\/string>.*/, \"\"); print}')\n\n if [ -z \"$INSTALL_LOCATION\" ] || [ \"$INSTALL_LOCATION\" = \"/\" ]; then\n FULL_INSTALL_LOCATION=\"$VOLUME\"\n else\n FULL_INSTALL_LOCATION=\"$VOLUME/$INSTALL_LOCATION\"\n FULL_INSTALL_LOCATION=$(echo \"$FULL_INSTALL_LOCATION\" | sed 's|//|/|g')\n fi\n\n echo \"sudo pkgutil --only-files --files \\\"$PKGID\\\" | sed \\\"s|^|${FULL_INSTALL_LOCATION}/|\\\" | tr '\\\\\\\\n' '\\\\\\\\0' | /usr/bin/sudo -u root -E -- /usr/bin/xargs -0 -- /bin/rm -rf\"\n sudo pkgutil --only-files --files \"$PKGID\" | sed \"s|^|/${INSTALL_LOCATION}/|\" | tr '\\n' '\\0' | /usr/bin/sudo -u root -E -- /usr/bin/xargs -0 -- /bin/rm -rf\n\n echo \"sudo pkgutil --only-dirs --files \\\"$PKGID\\\" | sed \\\"s|^|${FULL_INSTALL_LOCATION}/|\\\" | grep '\\\\.app$' | tr '\\\\\\\\n' '\\\\\\\\0' | /usr/bin/sudo -u root -E -- /usr/bin/xargs -0 -- /bin/rm -rf\"\n sudo pkgutil --only-dirs --files \"$PKGID\" | sed \"s|^|${FULL_INSTALL_LOCATION}/|\" | grep '\\.app$' | tr '\\n' '\\0' | /usr/bin/sudo -u root -E -- /usr/bin/xargs -0 -- /bin/rm -rf\n\n root_app_dir=$(\n sudo pkgutil --only-dirs --files \"$PKGID\" \\\n | sed \"s|^|${FULL_INSTALL_LOCATION}/|\" \\\n | grep 'Applications' \\\n | awk '{ print length, $0 }' \\\n | sort -n \\\n | head -n1 \\\n | cut -d' ' -f2-\n )\n if [ -n \"$root_app_dir\" ]; then\n echo \"sudo rmdir -p \\\"$root_app_dir\\\" 2>/dev/null || :\"\n sudo rmdir -p \"$root_app_dir\" 2>/dev/null || :\n fi\n}\n\ntrash() {\n local logged_in_user=\"$1\"\n local target_file=\"$2\"\n local timestamp=\"$(date +%Y-%m-%d-%s)\"\n local rand=\"$(jot -r 1 0 99999)\"\n\n # replace ~ with /Users/$logged_in_user\n if [[ \"$target_file\" == ~* ]]; then\n target_file=\"/Users/$logged_in_user${target_file:1}\"\n fi\n\n local trash=\"/Users/$logged_in_user/.Trash\"\n local file_name=\"$(basename \"${target_file}\")\"\n\n if [[ -e \"$target_file\" ]]; then\n echo \"removing $target_file.\"\n mv -f \"$target_file\" \"$trash/${file_name}_${timestamp}_${rand}\"\n else\n echo \"$target_file doesn't exist.\"\n fi\n}\n\nquit_application 'io.tailscale.ipn.macsys'\nremove_pkg_files 'com.tailscale.ipn.macsys'\nforget_pkg 'com.tailscale.ipn.macsys'\nsudo rm -rf '/usr/local/bin/tailscale'\nsudo rm -rf '/usr/local/share/man/man8/tssentineld.8'\ntrash $LOGGED_IN_USER '/Library/Tailscale'\ntrash $LOGGED_IN_USER '~/Library/Application Scripts/*.io.tailscale.ipn.macsys'\ntrash $LOGGED_IN_USER '~/Library/Application Scripts/io.tailscale.ipn.macsys'\ntrash $LOGGED_IN_USER '~/Library/Application Scripts/io.tailscale.ipn.macsys.login-item-helper'\ntrash $LOGGED_IN_USER '~/Library/Application Scripts/io.tailscale.ipn.macsys.share-extension'\ntrash $LOGGED_IN_USER '~/Library/Caches/io.tailscale.ipn.macsys'\ntrash $LOGGED_IN_USER '~/Library/Containers/io.tailscale.ipn.macos.network-extension'\ntrash $LOGGED_IN_USER '~/Library/Containers/io.tailscale.ipn.macsys'\ntrash $LOGGED_IN_USER '~/Library/Containers/io.tailscale.ipn.macsys.login-item-helper'\ntrash $LOGGED_IN_USER '~/Library/Containers/io.tailscale.ipn.macsys.share-extension'\ntrash $LOGGED_IN_USER '~/Library/Containers/Tailscale'\ntrash $LOGGED_IN_USER '~/Library/Group Containers/*.io.tailscale.ipn.macsys'\ntrash $LOGGED_IN_USER '~/Library/HTTPStorages/io.tailscale.ipn.macsys'\ntrash $LOGGED_IN_USER '~/Library/HTTPStorages/io.tailscale.ipn.macsys.binarycookies'\ntrash $LOGGED_IN_USER '~/Library/Preferences/io.tailscale.ipn.macsys.plist'\n" |
Contributor
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Read-only check: inspect the generated uninstall script for wildcard trash calls
# and the quoted target_file existence/move checks that prevent glob expansion.
python3 - <<'PY'
import json
from pathlib import Path
path = Path("ee/maintained-apps/outputs/tailscale-app/darwin.json")
data = json.loads(path.read_text())
script = data["refs"]["e671d925"]
checks = {
"quoted_exists_check": '[[ -e "$target_file" ]]' in script,
"quoted_move_source": 'mv -f "$target_file"' in script,
"application_scripts_wildcard_call": "trash $LOGGED_IN_USER '~/Library/Application Scripts/*.io.tailscale.ipn.macsys'" in script,
"group_containers_wildcard_call": "trash $LOGGED_IN_USER '~/Library/Group Containers/*.io.tailscale.ipn.macsys'" in script,
}
for name, ok in checks.items():
print(f"{name}: {ok}")
if all(checks.values()):
print("Wildcard arguments are currently passed literally and then checked quoted.")
PYRepository: fleetdm/fleet
Length of output: 259
Expand wildcard cleanup paths before calling trash.
The wildcard cleanup entries are passed as literal strings to trash, which checks the target_file variable quoted. This prevents glob expansion, and matching artifacts will not be removed during uninstall.
Proposed fix
trash() {
local logged_in_user="$1"
local target_file="$2"
@@
fi
}
+
+trash_glob() {
+ local logged_in_user="$1"
+ local target_pattern="$2"
+
+ if [[ "$target_pattern" == ~* ]]; then
+ target_pattern="/Users/$logged_in_user${target_pattern:1}"
+ fi
+
+ local parent pattern match found
+ parent="$(dirname "$target_pattern")"
+ pattern="$(basename "$target_pattern")"
+ found=0
+
+ for match in "$parent"/$pattern; do
+ if [[ -e "$match" ]]; then
+ found=1
+ trash "$logged_in_user" "$match"
+ fi
+ done
+
+ if [[ "$found" = 0 ]]; then
+ echo "$target_pattern doesn't exist."
+ fi
+}
@@
-trash $LOGGED_IN_USER '~/Library/Application Scripts/*.io.tailscale.ipn.macsys'
+trash_glob "$LOGGED_IN_USER" '~/Library/Application Scripts/*.io.tailscale.ipn.macsys'
@@
-trash $LOGGED_IN_USER '~/Library/Group Containers/*.io.tailscale.ipn.macsys'
+trash_glob "$LOGGED_IN_USER" '~/Library/Group Containers/*.io.tailscale.ipn.macsys'📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| "e671d925": "#!/bin/sh\n\n# variables\nLOGGED_IN_USER=$(scutil <<< \"show State:/Users/ConsoleUser\" | awk '/Name :/ { print $3 }')\n# functions\n\nexpand_pkgid_and_map() {\n local PKGID=\"$1\"\n local FUNC=\"$2\"\n if [[ \"$PKGID\" == *\"*\" ]]; then\n local prefix=\"${PKGID%\\*}\"\n echo \"Expanding wildcard for PKGID: $PKGID\"\n for receipt in $(pkgutil --pkgs | grep \"^${prefix}\"); do\n echo \"Processing $receipt\"\n \"$FUNC\" \"$receipt\"\n done\n else\n \"$FUNC\" \"$PKGID\"\n fi\n}\n\nforget_pkg() {\n local PKGID=\"$1\"\n expand_pkgid_and_map \"$PKGID\" forget_receipt\n}\n\nforget_receipt() {\n local PKGID=\"$1\"\n sudo pkgutil --forget \"$PKGID\"\n}\n\nquit_application() {\n local bundle_id=\"$1\"\n local timeout_duration=10\n\n # check if the application is running\n local app_running\n app_running=$(osascript -e \"application id \\\"$bundle_id\\\" is running\" 2>/dev/null)\n if [[ \"$app_running\" != \"true\" ]]; then\n return\n fi\n\n local console_user\n console_user=$(stat -f \"%Su\" /dev/console)\n if [[ $EUID -eq 0 && \"$console_user\" == \"root\" ]]; then\n echo \"Not logged into a non-root GUI; skipping quitting application ID '$bundle_id'.\"\n return\n fi\n\n echo \"Quitting application '$bundle_id'...\"\n\n # try to quit the application within the timeout period\n local quit_success=false\n SECONDS=0\n while (( SECONDS < timeout_duration )); do\n if osascript -e \"tell application id \\\"$bundle_id\\\" to quit\" >/dev/null 2>&1; then\n if ! pgrep -f \"$bundle_id\" >/dev/null 2>&1; then\n echo \"Application '$bundle_id' quit successfully.\"\n quit_success=true\n break\n fi\n fi\n sleep 1\n done\n\n if [[ \"$quit_success\" = false ]]; then\n echo \"Application '$bundle_id' did not quit.\"\n fi\n}\n\n\nremove_pkg_files() {\n local PKGID=\"$1\"\n expand_pkgid_and_map \"$PKGID\" remove_receipt_files\n}\n\nremove_receipt_files() {\n local PKGID=\"$1\"\n local PKGINFO VOLUME INSTALL_LOCATION FULL_INSTALL_LOCATION\n\n echo \"pkgutil --pkg-info-plist \\\"$PKGID\\\"\"\n PKGINFO=$(pkgutil --pkg-info-plist \"$PKGID\")\n VOLUME=$(echo \"$PKGINFO\" | awk '/<key>volume<\\/key>/ {getline; gsub(/.*<string>|<\\/string>.*/, \"\"); print}')\n INSTALL_LOCATION=$(echo \"$PKGINFO\" | awk '/<key>install-location<\\/key>/ {getline; gsub(/.*<string>|<\\/string>.*/, \"\"); print}')\n\n if [ -z \"$INSTALL_LOCATION\" ] || [ \"$INSTALL_LOCATION\" = \"/\" ]; then\n FULL_INSTALL_LOCATION=\"$VOLUME\"\n else\n FULL_INSTALL_LOCATION=\"$VOLUME/$INSTALL_LOCATION\"\n FULL_INSTALL_LOCATION=$(echo \"$FULL_INSTALL_LOCATION\" | sed 's|//|/|g')\n fi\n\n echo \"sudo pkgutil --only-files --files \\\"$PKGID\\\" | sed \\\"s|^|${FULL_INSTALL_LOCATION}/|\\\" | tr '\\\\\\\\n' '\\\\\\\\0' | /usr/bin/sudo -u root -E -- /usr/bin/xargs -0 -- /bin/rm -rf\"\n sudo pkgutil --only-files --files \"$PKGID\" | sed \"s|^|/${INSTALL_LOCATION}/|\" | tr '\\n' '\\0' | /usr/bin/sudo -u root -E -- /usr/bin/xargs -0 -- /bin/rm -rf\n\n echo \"sudo pkgutil --only-dirs --files \\\"$PKGID\\\" | sed \\\"s|^|${FULL_INSTALL_LOCATION}/|\\\" | grep '\\\\.app$' | tr '\\\\\\\\n' '\\\\\\\\0' | /usr/bin/sudo -u root -E -- /usr/bin/xargs -0 -- /bin/rm -rf\"\n sudo pkgutil --only-dirs --files \"$PKGID\" | sed \"s|^|${FULL_INSTALL_LOCATION}/|\" | grep '\\.app$' | tr '\\n' '\\0' | /usr/bin/sudo -u root -E -- /usr/bin/xargs -0 -- /bin/rm -rf\n\n root_app_dir=$(\n sudo pkgutil --only-dirs --files \"$PKGID\" \\\n | sed \"s|^|${FULL_INSTALL_LOCATION}/|\" \\\n | grep 'Applications' \\\n | awk '{ print length, $0 }' \\\n | sort -n \\\n | head -n1 \\\n | cut -d' ' -f2-\n )\n if [ -n \"$root_app_dir\" ]; then\n echo \"sudo rmdir -p \\\"$root_app_dir\\\" 2>/dev/null || :\"\n sudo rmdir -p \"$root_app_dir\" 2>/dev/null || :\n fi\n}\n\ntrash() {\n local logged_in_user=\"$1\"\n local target_file=\"$2\"\n local timestamp=\"$(date +%Y-%m-%d-%s)\"\n local rand=\"$(jot -r 1 0 99999)\"\n\n # replace ~ with /Users/$logged_in_user\n if [[ \"$target_file\" == ~* ]]; then\n target_file=\"/Users/$logged_in_user${target_file:1}\"\n fi\n\n local trash=\"/Users/$logged_in_user/.Trash\"\n local file_name=\"$(basename \"${target_file}\")\"\n\n if [[ -e \"$target_file\" ]]; then\n echo \"removing $target_file.\"\n mv -f \"$target_file\" \"$trash/${file_name}_${timestamp}_${rand}\"\n else\n echo \"$target_file doesn't exist.\"\n fi\n}\n\nquit_application 'io.tailscale.ipn.macsys'\nremove_pkg_files 'com.tailscale.ipn.macsys'\nforget_pkg 'com.tailscale.ipn.macsys'\nsudo rm -rf '/usr/local/bin/tailscale'\nsudo rm -rf '/usr/local/share/man/man8/tssentineld.8'\ntrash $LOGGED_IN_USER '/Library/Tailscale'\ntrash $LOGGED_IN_USER '~/Library/Application Scripts/*.io.tailscale.ipn.macsys'\ntrash $LOGGED_IN_USER '~/Library/Application Scripts/io.tailscale.ipn.macsys'\ntrash $LOGGED_IN_USER '~/Library/Application Scripts/io.tailscale.ipn.macsys.login-item-helper'\ntrash $LOGGED_IN_USER '~/Library/Application Scripts/io.tailscale.ipn.macsys.share-extension'\ntrash $LOGGED_IN_USER '~/Library/Caches/io.tailscale.ipn.macsys'\ntrash $LOGGED_IN_USER '~/Library/Containers/io.tailscale.ipn.macos.network-extension'\ntrash $LOGGED_IN_USER '~/Library/Containers/io.tailscale.ipn.macsys'\ntrash $LOGGED_IN_USER '~/Library/Containers/io.tailscale.ipn.macsys.login-item-helper'\ntrash $LOGGED_IN_USER '~/Library/Containers/io.tailscale.ipn.macsys.share-extension'\ntrash $LOGGED_IN_USER '~/Library/Containers/Tailscale'\ntrash $LOGGED_IN_USER '~/Library/Group Containers/*.io.tailscale.ipn.macsys'\ntrash $LOGGED_IN_USER '~/Library/HTTPStorages/io.tailscale.ipn.macsys'\ntrash $LOGGED_IN_USER '~/Library/HTTPStorages/io.tailscale.ipn.macsys.binarycookies'\ntrash $LOGGED_IN_USER '~/Library/Preferences/io.tailscale.ipn.macsys.plist'\n" | |
| "e671d925": "#!/bin/sh\n\n# variables\nLOGGED_IN_USER=$(scutil <<< \"show State:/Users/ConsoleUser\" | awk '/Name :/ { print $3 }')\n# functions\n\nexpand_pkgid_and_map() {\n local PKGID=\"$1\"\n local FUNC=\"$2\"\n if [[ \"$PKGID\" == *\"*\" ]]; then\n local prefix=\"${PKGID%\\*}\"\n echo \"Expanding wildcard for PKGID: $PKGID\"\n for receipt in $(pkgutil --pkgs | grep \"^${prefix}\"); do\n echo \"Processing $receipt\"\n \"$FUNC\" \"$receipt\"\n done\n else\n \"$FUNC\" \"$PKGID\"\n fi\n}\n\nforget_pkg() {\n local PKGID=\"$1\"\n expand_pkgid_and_map \"$PKGID\" forget_receipt\n}\n\nforget_receipt() {\n local PKGID=\"$1\"\n sudo pkgutil --forget \"$PKGID\"\n}\n\nquit_application() {\n local bundle_id=\"$1\"\n local timeout_duration=10\n\n # check if the application is running\n local app_running\n app_running=$(osascript -e \"application id \\\"$bundle_id\\\" is running\" 2>/dev/null)\n if [[ \"$app_running\" != \"true\" ]]; then\n return\n fi\n\n local console_user\n console_user=$(stat -f \"%Su\" /dev/console)\n if [[ $EUID -eq 0 && \"$console_user\" == \"root\" ]]; then\n echo \"Not logged into a non-root GUI; skipping quitting application ID '$bundle_id'.\"\n return\n fi\n\n echo \"Quitting application '$bundle_id'...\"\n\n # try to quit the application within the timeout period\n local quit_success=false\n SECONDS=0\n while (( SECONDS < timeout_duration )); do\n if osascript -e \"tell application id \\\"$bundle_id\\\" to quit\" >/dev/null 2>&1; then\n if ! pgrep -f \"$bundle_id\" >/dev/null 2>&1; then\n echo \"Application '$bundle_id' quit successfully.\"\n quit_success=true\n break\n fi\n fi\n sleep 1\n done\n\n if [[ \"$quit_success\" = false ]]; then\n echo \"Application '$bundle_id' did not quit.\"\n fi\n}\n\n\nremove_pkg_files() {\n local PKGID=\"$1\"\n expand_pkgid_and_map \"$PKGID\" remove_receipt_files\n}\n\nremove_receipt_files() {\n local PKGID=\"$1\"\n local PKGINFO VOLUME INSTALL_LOCATION FULL_INSTALL_LOCATION\n\n echo \"pkgutil --pkg-info-plist \\\"$PKGID\\\"\"\n PKGINFO=$(pkgutil --pkg-info-plist \"$PKGID\")\n VOLUME=$(echo \"$PKGINFO\" | awk '/<key>volume<\\/key>/ {getline; gsub(/.*<string>|<\\/string>.*/, \"\"); print}')\n INSTALL_LOCATION=$(echo \"$PKGINFO\" | awk '/<key>install-location<\\/key>/ {getline; gsub(/.*<string>|<\\/string>.*/, \"\"); print}')\n\n if [ -z \"$INSTALL_LOCATION\" ] || [ \"$INSTALL_LOCATION\" = \"/\" ]; then\n FULL_INSTALL_LOCATION=\"$VOLUME\"\n else\n FULL_INSTALL_LOCATION=\"$VOLUME/$INSTALL_LOCATION\"\n FULL_INSTALL_LOCATION=$(echo \"$FULL_INSTALL_LOCATION\" | sed 's|//|/|g')\n fi\n\n echo \"sudo pkgutil --only-files --files \\\"$PKGID\\\" | sed \\\"s|^|${FULL_INSTALL_LOCATION}/|\\\" | tr '\\\\\\\\n' '\\\\\\\\0' | /usr/bin/sudo -u root -E -- /usr/bin/xargs -0 -- /bin/rm -rf\"\n sudo pkgutil --only-files --files \"$PKGID\" | sed \"s|^|/${INSTALL_LOCATION}/|\" | tr '\\n' '\\0' | /usr/bin/sudo -u root -E -- /usr/bin/xargs -0 -- /bin/rm -rf\n\n echo \"sudo pkgutil --only-dirs --files \\\"$PKGID\\\" | sed \\\"s|^|${FULL_INSTALL_LOCATION}/|\\\" | grep '\\\\.app$' | tr '\\\\\\\\n' '\\\\\\\\0' | /usr/bin/sudo -u root -E -- /usr/bin/xargs -0 -- /bin/rm -rf\"\n sudo pkgutil --only-dirs --files \"$PKGID\" | sed \"s|^|${FULL_INSTALL_LOCATION}/|\" | grep '\\.app$' | tr '\\n' '\\0' | /usr/bin/sudo -u root -E -- /usr/bin/xargs -0 -- /bin/rm -rf\n\n root_app_dir=$(\n sudo pkgutil --only-dirs --files \"$PKGID\" \\\n | sed \"s|^|${FULL_INSTALL_LOCATION}/|\" \\\n | grep 'Applications' \\\n | awk '{ print length, $0 }' \\\n | sort -n \\\n | head -n1 \\\n | cut -d' ' -f2-\n )\n if [ -n \"$root_app_dir\" ]; then\n echo \"sudo rmdir -p \\\"$root_app_dir\\\" 2>/dev/null || :\"\n sudo rmdir -p \"$root_app_dir\" 2>/dev/null || :\n fi\n}\n\ntrash() {\n local logged_in_user=\"$1\"\n local target_file=\"$2\"\n local timestamp=\"$(date +%Y-%m-%d-%s)\"\n local rand=\"$(jot -r 1 0 99999)\"\n\n # replace ~ with /Users/$logged_in_user\n if [[ \"$target_file\" == ~* ]]; then\n target_file=\"/Users/$logged_in_user${target_file:1}\"\n fi\n\n local trash=\"/Users/$logged_in_user/.Trash\"\n local file_name=\"$(basename \"${target_file}\")\"\n\n if [[ -e \"$target_file\" ]]; then\n echo \"removing $target_file.\"\n mv -f \"$target_file\" \"$trash/${file_name}_${timestamp}_${rand}\"\n else\n echo \"$target_file doesn't exist.\"\n fi\n}\n\ntrash_glob() {\n local logged_in_user=\"$1\"\n local target_pattern=\"$2\"\n\n if [[ \"$target_pattern\" == ~* ]]; then\n target_pattern=\"/Users/$logged_in_user${target_pattern:1}\"\n fi\n\n local parent pattern match found\n parent=\"$(dirname \"$target_pattern\")\"\n pattern=\"$(basename \"$target_pattern\")\"\n found=0\n\n for match in \"$parent\"/$pattern; do\n if [[ -e \"$match\" ]]; then\n found=1\n trash \"$logged_in_user\" \"$match\"\n fi\n done\n\n if [[ \"$found\" = 0 ]]; then\n echo \"$target_pattern doesn't exist.\"\n fi\n}\n\nquit_application 'io.tailscale.ipn.macsys'\nremove_pkg_files 'com.tailscale.ipn.macsys'\nforget_pkg 'com.tailscale.ipn.macsys'\nsudo rm -rf '/usr/local/bin/tailscale'\nsudo rm -rf '/usr/local/share/man/man8/tssentineld.8'\ntrash $LOGGED_IN_USER '/Library/Tailscale'\ntrash_glob \"$LOGGED_IN_USER\" '~/Library/Application Scripts/*.io.tailscale.ipn.macsys'\ntrash $LOGGED_IN_USER '~/Library/Application Scripts/io.tailscale.ipn.macsys'\ntrash $LOGGED_IN_USER '~/Library/Application Scripts/io.tailscale.ipn.macsys.login-item-helper'\ntrash $LOGGED_IN_USER '~/Library/Application Scripts/io.tailscale.ipn.macsys.share-extension'\ntrash $LOGGED_IN_USER '~/Library/Caches/io.tailscale.ipn.macsys'\ntrash $LOGGED_IN_USER '~/Library/Containers/io.tailscale.ipn.macos.network-extension'\ntrash $LOGGED_IN_USER '~/Library/Containers/io.tailscale.ipn.macsys'\ntrash $LOGGED_IN_USER '~/Library/Containers/io.tailscale.ipn.macsys.login-item-helper'\ntrash $LOGGED_IN_USER '~/Library/Containers/io.tailscale.ipn.macsys.share-extension'\ntrash $LOGGED_IN_USER '~/Library/Containers/Tailscale'\ntrash_glob \"$LOGGED_IN_USER\" '~/Library/Group Containers/*.io.tailscale.ipn.macsys'\ntrash $LOGGED_IN_USER '~/Library/HTTPStorages/io.tailscale.ipn.macsys'\ntrash $LOGGED_IN_USER '~/Library/HTTPStorages/io.tailscale.ipn.macsys.binarycookies'\ntrash $LOGGED_IN_USER '~/Library/Preferences/io.tailscale.ipn.macsys.plist'\n" |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@ee/maintained-apps/outputs/tailscale-app/darwin.json` at line 20, The
uninstall script is passing wildcard patterns quoted into trash, preventing
shell glob expansion; update either the calls (lines invoking trash at the
bottom) or the trash function to expand globs before acting: for each pattern
passed to trash (see calls like trash $LOGGED_IN_USER '~/Library/Group
Containers/*.io.tailscale.ipn.macsys'), iterate over the expanded matches (e.g.
for target in $pattern; do [ -e "$target" ] && mv -f "$target" "$trash/..." ;
done) and handle non-matches gracefully, or accept multiple args and run
expansion inside trash; modify the trash function (trash) or the call sites to
perform shell globbing expansion so wildcard paths are removed as intended.
allenhouchins
approved these changes
Apr 20, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Automated ingestion of latest Fleet-maintained app data.
Summary by CodeRabbit