Skip to content

Update Fleet-maintained apps#48305

Closed
fleet-release wants to merge 1 commit into
mainfrom
fma-2606252028
Closed

Update Fleet-maintained apps#48305
fleet-release wants to merge 1 commit into
mainfrom
fma-2606252028

Conversation

@fleet-release

@fleet-release fleet-release commented Jun 25, 2026

Copy link
Copy Markdown
Contributor

Automated ingestion of latest Fleet-maintained app data.

Summary by CodeRabbit

  • New Features
    • Updated installer metadata for multiple maintained apps, including Firefox, GitHub Desktop, LibreOffice, Arc, Bitwarden, Claude Desktop, Codex, IINA, Granola, Modern CSV, Workflowy, Copilot Money, Webex, Adobe Acrobat Reader, and A Better Finder Rename.
  • Bug Fixes
    • Refreshed version checks, download links, and checksums so the latest releases are detected and installed correctly.
    • Updated Citrix Workspace install and removal handling to match the newest release.

Generated automatically with cmd/maintained-apps.

@claude claude Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

Tip: disable this comment in your organization's Code Review settings.

@github-actions

Copy link
Copy Markdown
Contributor

Script Diff Results

ee/maintained-apps/outputs/a-better-finder-rename/darwin.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

ee/maintained-apps/outputs/adobe-acrobat-reader/windows.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

ee/maintained-apps/outputs/arc/darwin.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

ee/maintained-apps/outputs/bitwarden/darwin.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

ee/maintained-apps/outputs/citrix-workspace/darwin.json

=== Install // fe7ba180 -> f4f3e7be ===

--- /tmp/old.LF2DIR	2026-06-25 20:36:13.841421909 +0000
+++ /tmp/new.XDKpbE	2026-06-25 20:36:13.841421909 +0000
@@ -96,5 +96,5 @@
 
 # install pkg files
 quit_and_track_application 'com.citrix.receiver.nomas'
-sudo installer -pkg "$TMPDIR/CitrixWorkspaceAppUniversal26.03.0.49.pkg" -target /
+sudo installer -pkg "$TMPDIR/CitrixWorkspaceAppUniversal26.03.11.41.pkg" -target /
 relaunch_application 'com.citrix.receiver.nomas'

=== Uninstall // ed152120 -> a1c686b5 ===

--- /tmp/old.C2FBUy	2026-06-25 20:36:13.874422082 +0000
+++ /tmp/new.VEq32c	2026-06-25 20:36:13.874422082 +0000
@@ -210,6 +210,7 @@
 remove_launchctl_service 'com.citrix.devicetrust.launchagent'
 remove_launchctl_service 'com.citrix.ReceiverHelper'
 remove_launchctl_service 'com.citrix.ReceiverUninstallHelper'
+remove_launchctl_service 'com.citrix.ReceiverUpdaterHelper'
 remove_launchctl_service 'com.citrix.safariadapter'
 remove_launchctl_service 'com.citrix.ServiceRecords'
 remove_launchctl_service 'com.citrix.UninstallMonitor'
@@ -231,6 +232,8 @@
 forget_pkg 'com.citrix.ICAClientcwa'
 remove_pkg_files 'com.citrix.ICAClienthdx'
 forget_pkg 'com.citrix.ICAClienthdx'
+remove_pkg_files 'com.citrix.receiver.bcr'
+forget_pkg 'com.citrix.receiver.bcr'
 trash $LOGGED_IN_USER '~/Library/Application Support/Citrix Receiver'
 trash $LOGGED_IN_USER '~/Library/Application Support/Citrix Workspace'
 trash $LOGGED_IN_USER '~/Library/Application Support/Citrix'

ee/maintained-apps/outputs/claude/darwin.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

ee/maintained-apps/outputs/codex-app/darwin.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

ee/maintained-apps/outputs/copilot-money/darwin.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

ee/maintained-apps/outputs/firefox/darwin.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

ee/maintained-apps/outputs/firefox/windows.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

ee/maintained-apps/outputs/github/darwin.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

ee/maintained-apps/outputs/granola/darwin.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

ee/maintained-apps/outputs/iina/darwin.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

ee/maintained-apps/outputs/libreoffice/darwin.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

ee/maintained-apps/outputs/modern-csv/darwin.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

ee/maintained-apps/outputs/webex/windows.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

ee/maintained-apps/outputs/workflowy/darwin.json

=== Install Script (no changes) ===
=== Uninstall Script (no changes) ===

@coderabbitai

coderabbitai Bot commented Jun 25, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Walkthrough

This PR updates maintained-app release metadata across multiple Darwin and Windows JSON entries. Each affected entry bumps the recorded version, changes the patched version-comparison target, updates the installer URL, and refreshes the checksum. The Citrix Workspace entry also updates the release entry and replaces the install and uninstall script reference contents.

Possibly related PRs

  • fleetdm/fleet#47570: Updates ee/maintained-apps/outputs/codex-app/darwin.json with the same version, patched query, installer URL, and checksum pattern.
  • fleetdm/fleet#47849: Updates ee/maintained-apps/outputs/arc/darwin.json with the same release metadata fields.
  • fleetdm/fleet#48196: Updates ee/maintained-apps/outputs/github/darwin.json with the same maintained-app release metadata fields.
🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Description check ⚠️ Warning The description is far too brief and misses the required template sections, checklist items, and related issue reference. Expand it to match the template: add Related issue, complete relevant checklist items, and include Testing/DB/other sections as applicable.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title is concise and accurately summarizes the main change: an automated update to Fleet-maintained apps.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fma-2606252028

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (1)
ee/maintained-apps/outputs/citrix-workspace/darwin.json (1)

20-20: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Install directly from $INSTALLER_PATH.

Line 20 hard-codes the versioned pkg basename even though Fleet already passes the downloaded file path in $INSTALLER_PATH. Using that variable removes the need to replace the script ref on every Citrix version bump and avoids basename-coupling.

Suggested fix
-APPDIR="/Applications/"
-TMPDIR=$(dirname "$(realpath "$INSTALLER_PATH")")
+APPDIR="/Applications/"
@@
-sudo installer -pkg "$TMPDIR/CitrixWorkspaceAppUniversal26.03.11.41.pkg" -target /
+sudo installer -pkg "$INSTALLER_PATH" -target /
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@ee/maintained-apps/outputs/citrix-workspace/darwin.json` at line 20, The
install step is still hard-coding the Citrix pkg filename instead of using the
downloaded installer path provided by $INSTALLER_PATH. Update the package
install command in the script to use $INSTALLER_PATH (or a path derived from it)
rather than the versioned CitrixWorkspaceAppUniversal26.03.11.41.pkg basename,
while keeping the existing quit_and_track_application and relaunch_application
flow unchanged.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@ee/maintained-apps/outputs/citrix-workspace/darwin.json`:
- Line 19: The non-sudo path in remove_launchctl_service is using the current
process context, so when this uninstall runs as root it removes LaunchAgents
from /var/root instead of the console user’s domain. Update
remove_launchctl_service to unload and delete plist files for the logged-in user
captured in LOGGED_IN_USER, and make sure the launchctl/remove logic targets
that user domain rather than relying on HOME/current context.

---

Nitpick comments:
In `@ee/maintained-apps/outputs/citrix-workspace/darwin.json`:
- Line 20: The install step is still hard-coding the Citrix pkg filename instead
of using the downloaded installer path provided by $INSTALLER_PATH. Update the
package install command in the script to use $INSTALLER_PATH (or a path derived
from it) rather than the versioned CitrixWorkspaceAppUniversal26.03.11.41.pkg
basename, while keeping the existing quit_and_track_application and
relaunch_application flow unchanged.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 4f4a296c-6f40-47bf-979d-2e136c78a2c3

📥 Commits

Reviewing files that changed from the base of the PR and between 8e62917 and a6fd85c.

📒 Files selected for processing (17)
  • ee/maintained-apps/outputs/a-better-finder-rename/darwin.json
  • ee/maintained-apps/outputs/adobe-acrobat-reader/windows.json
  • ee/maintained-apps/outputs/arc/darwin.json
  • ee/maintained-apps/outputs/bitwarden/darwin.json
  • ee/maintained-apps/outputs/citrix-workspace/darwin.json
  • ee/maintained-apps/outputs/claude/darwin.json
  • ee/maintained-apps/outputs/codex-app/darwin.json
  • ee/maintained-apps/outputs/copilot-money/darwin.json
  • ee/maintained-apps/outputs/firefox/darwin.json
  • ee/maintained-apps/outputs/firefox/windows.json
  • ee/maintained-apps/outputs/github/darwin.json
  • ee/maintained-apps/outputs/granola/darwin.json
  • ee/maintained-apps/outputs/iina/darwin.json
  • ee/maintained-apps/outputs/libreoffice/darwin.json
  • ee/maintained-apps/outputs/modern-csv/darwin.json
  • ee/maintained-apps/outputs/webex/windows.json
  • ee/maintained-apps/outputs/workflowy/darwin.json

"refs": {
"ed152120": "#!/bin/bash\n\n# variables\nLOGGED_IN_USER=$(scutil <<< \"show State:/Users/ConsoleUser\" | awk '/Name :/ { print $3 }')\n# functions\n\nexpand_pkgid_and_map() {\n local PKGID=\"$1\"\n local FUNC=\"$2\"\n if [[ \"$PKGID\" == *\"*\" ]]; then\n local prefix=\"${PKGID%\\*}\"\n echo \"Expanding wildcard for PKGID: $PKGID\"\n for receipt in $(pkgutil --pkgs | grep \"^${prefix}\"); do\n echo \"Processing $receipt\"\n \"$FUNC\" \"$receipt\"\n done\n else\n \"$FUNC\" \"$PKGID\"\n fi\n}\n\nforget_pkg() {\n local PKGID=\"$1\"\n expand_pkgid_and_map \"$PKGID\" forget_receipt\n}\n\nforget_receipt() {\n local PKGID=\"$1\"\n sudo pkgutil --forget \"$PKGID\"\n}\n\nquit_application() {\n local bundle_id=\"$1\"\n local timeout_duration=10\n\n # check if the application is running\n local app_running\n app_running=$(osascript -e \"application id \\\"$bundle_id\\\" is running\" 2>/dev/null)\n if [[ \"$app_running\" != \"true\" ]]; then\n return\n fi\n\n local console_user\n console_user=$(stat -f \"%Su\" /dev/console)\n if [[ -z \"$console_user\" || \"$console_user\" == \"root\" || \"$console_user\" == \"loginwindow\" ]]; then\n echo \"Not logged into a non-root GUI; skipping quitting application ID '$bundle_id'.\"\n return\n fi\n\n echo \"Quitting application '$bundle_id'...\"\n\n # try to quit the application within the timeout period\n local quit_success=false\n SECONDS=0\n while (( SECONDS < timeout_duration )); do\n if osascript -e \"tell application id \\\"$bundle_id\\\" to quit\" >/dev/null 2>&1; then\n if ! pgrep -f \"$bundle_id\" >/dev/null 2>&1; then\n echo \"Application '$bundle_id' quit successfully.\"\n quit_success=true\n break\n fi\n fi\n sleep 1\n done\n\n if [[ \"$quit_success\" = false ]]; then\n echo \"Application '$bundle_id' did not quit.\"\n fi\n}\n\n\nremove_launchctl_service() {\n local service=\"$1\"\n local booleans=(\"true\" \"false\")\n local plist_status\n local paths\n local should_sudo\n\n echo \"Removing launchctl service ${service}\"\n\n for should_sudo in \"${booleans[@]}\"; do\n plist_status=$(launchctl list \"${service}\" 2>/dev/null)\n\n if [[ $plist_status == \\{* ]]; then\n if [[ $should_sudo == \"true\" ]]; then\n sudo launchctl remove \"${service}\"\n else\n launchctl remove \"${service}\"\n fi\n sleep 1\n fi\n\n paths=(\n \"/Library/LaunchAgents/${service}.plist\"\n \"/Library/LaunchDaemons/${service}.plist\"\n )\n\n # if not using sudo, prepend the home directory to the paths\n if [[ $should_sudo == \"false\" ]]; then\n for i in \"${!paths[@]}\"; do\n paths[i]=\"${HOME}${paths[i]}\"\n done\n fi\n\n for path in \"${paths[@]}\"; do\n if [[ -e \"$path\" ]]; then\n if [[ $should_sudo == \"true\" ]]; then\n sudo rm -f -- \"$path\"\n else\n rm -f -- \"$path\"\n fi\n fi\n done\n done\n}\n\nremove_pkg_files() {\n local PKGID=\"$1\"\n expand_pkgid_and_map \"$PKGID\" remove_receipt_files\n}\n\nremove_receipt_files() {\n local PKGID=\"$1\"\n local PKGINFO VOLUME INSTALL_LOCATION FULL_INSTALL_LOCATION\n\n echo \"pkgutil --pkg-info-plist \\\"$PKGID\\\"\"\n PKGINFO=$(pkgutil --pkg-info-plist \"$PKGID\")\n VOLUME=$(echo \"$PKGINFO\" | awk '/<key>volume<\\/key>/ {getline; gsub(/.*<string>|<\\/string>.*/, \"\"); print}')\n INSTALL_LOCATION=$(echo \"$PKGINFO\" | awk '/<key>install-location<\\/key>/ {getline; gsub(/.*<string>|<\\/string>.*/, \"\"); print}')\n\n if [ -z \"$INSTALL_LOCATION\" ] || [ \"$INSTALL_LOCATION\" = \"/\" ]; then\n FULL_INSTALL_LOCATION=\"$VOLUME\"\n else\n FULL_INSTALL_LOCATION=\"$VOLUME/$INSTALL_LOCATION\"\n FULL_INSTALL_LOCATION=$(echo \"$FULL_INSTALL_LOCATION\" | sed 's|//|/|g')\n fi\n\n echo \"sudo pkgutil --only-files --files \\\"$PKGID\\\" | sed \\\"s|^|${FULL_INSTALL_LOCATION}/|\\\" | tr '\\\\\\\\n' '\\\\\\\\0' | /usr/bin/sudo -u root -E -- /usr/bin/xargs -0 -- /bin/rm -rf\"\n sudo pkgutil --only-files --files \"$PKGID\" | sed \"s|^|/${INSTALL_LOCATION}/|\" | tr '\\n' '\\0' | /usr/bin/sudo -u root -E -- /usr/bin/xargs -0 -- /bin/rm -rf\n\n echo \"sudo pkgutil --only-dirs --files \\\"$PKGID\\\" | sed \\\"s|^|${FULL_INSTALL_LOCATION}/|\\\" | grep '\\\\.app$' | tr '\\\\\\\\n' '\\\\\\\\0' | /usr/bin/sudo -u root -E -- /usr/bin/xargs -0 -- /bin/rm -rf\"\n sudo pkgutil --only-dirs --files \"$PKGID\" | sed \"s|^|${FULL_INSTALL_LOCATION}/|\" | grep '\\.app$' | tr '\\n' '\\0' | /usr/bin/sudo -u root -E -- /usr/bin/xargs -0 -- /bin/rm -rf\n\n root_app_dir=$(\n sudo pkgutil --only-dirs --files \"$PKGID\" \\\n | sed \"s|^|${FULL_INSTALL_LOCATION}/|\" \\\n | grep 'Applications' \\\n | awk '{ print length, $0 }' \\\n | sort -n \\\n | head -n1 \\\n | cut -d' ' -f2-\n )\n if [ -n \"$root_app_dir\" ]; then\n echo \"sudo rmdir -p \\\"$root_app_dir\\\" 2>/dev/null || :\"\n sudo rmdir -p \"$root_app_dir\" 2>/dev/null || :\n fi\n}\n\ntrash() {\n local logged_in_user=\"$1\"\n local target_file=\"$2\"\n local timestamp=\"$(date +%Y-%m-%d-%s)\"\n local rand=\"$(jot -r 1 0 99999)\"\n\n # replace ~ with /Users/$logged_in_user\n if [[ \"$target_file\" == ~* ]]; then\n target_file=\"/Users/$logged_in_user${target_file:1}\"\n fi\n\n local trash=\"/Users/$logged_in_user/.Trash\"\n\n # If the target contains glob characters, expand it and move each match.\n if [[ \"$target_file\" == *[*?[]* ]]; then\n local file file_name\n local matched=false\n local i=0\n # compgen -G expands the (quoted) pattern itself, so paths containing\n # spaces glob correctly; reading line by line keeps each match intact.\n while IFS= read -r file; do\n [[ -n \"$file\" ]] || continue\n [[ -e \"$file\" || -L \"$file\" ]] || continue\n matched=true\n i=$((i + 1))\n file_name=\"$(basename \"$file\")\"\n echo \"removing $file.\"\n # The per-match counter keeps matches that share a basename from\n # overwriting each other in the trash.\n mv -f \"$file\" \"$trash/${file_name}_${timestamp}_${rand}_${i}\"\n done < <(compgen -G \"$target_file\" 2>/dev/null)\n if [[ \"$matched\" == false ]]; then\n echo \"$target_file doesn't exist.\"\n fi\n return\n fi\n\n local file_name=\"$(basename \"${target_file}\")\"\n\n if [[ -e \"$target_file\" ]]; then\n echo \"removing $target_file.\"\n mv -f \"$target_file\" \"$trash/${file_name}_${timestamp}_${rand}\"\n else\n echo \"$target_file doesn't exist.\"\n fi\n}\n\nremove_launchctl_service 'com.citrix.AuthManager_Mac'\nremove_launchctl_service 'com.citrix.ctxusbd'\nremove_launchctl_service 'com.citrix.CtxWorkspaceHelperDaemon'\nremove_launchctl_service 'com.citrix.ctxworkspaceupdater'\nremove_launchctl_service 'com.citrix.devicetrust.launchagent'\nremove_launchctl_service 'com.citrix.ReceiverHelper'\nremove_launchctl_service 'com.citrix.ReceiverUninstallHelper'\nremove_launchctl_service 'com.citrix.safariadapter'\nremove_launchctl_service 'com.citrix.ServiceRecords'\nremove_launchctl_service 'com.citrix.UninstallMonitor'\nquit_application 'Citrix.ServiceRecords'\nquit_application 'com.citrix.CitrixReceiverLauncher'\nquit_application 'com.citrix.receiver.nomas'\nquit_application 'com.citrix.ReceiverHelper'\nremove_pkg_files 'com.citrix.common'\nforget_pkg 'com.citrix.common'\nremove_pkg_files 'com.citrix.devicetrust.client'\nforget_pkg 'com.citrix.devicetrust.client'\nremove_pkg_files 'com.citrix.devicetrust.client.ica'\nforget_pkg 'com.citrix.devicetrust.client.ica'\nremove_pkg_files 'com.citrix.enterprisebrowserinstaller'\nforget_pkg 'com.citrix.enterprisebrowserinstaller'\nremove_pkg_files 'com.citrix.ICAClient'\nforget_pkg 'com.citrix.ICAClient'\nremove_pkg_files 'com.citrix.ICAClientcwa'\nforget_pkg 'com.citrix.ICAClientcwa'\nremove_pkg_files 'com.citrix.ICAClienthdx'\nforget_pkg 'com.citrix.ICAClienthdx'\ntrash $LOGGED_IN_USER '~/Library/Application Support/Citrix Receiver'\ntrash $LOGGED_IN_USER '~/Library/Application Support/Citrix Workspace'\ntrash $LOGGED_IN_USER '~/Library/Application Support/Citrix'\ntrash $LOGGED_IN_USER '~/Library/Application Support/com.citrix.CitrixReceiverLauncher'\ntrash $LOGGED_IN_USER '~/Library/Application Support/com.citrix.HdxRtcEngine'\ntrash $LOGGED_IN_USER '~/Library/Application Support/com.citrix.receiver*'\ntrash $LOGGED_IN_USER '~/Library/Application Support/com.citrix.ReceiverUpdater'\ntrash $LOGGED_IN_USER '~/Library/Caches/com.citrix.receiver*'\ntrash $LOGGED_IN_USER '~/Library/HTTPStorages/com.citrix.CitrixReceiverLauncher'\ntrash $LOGGED_IN_USER '~/Library/HTTPStorages/com.citrix.receiver*'\ntrash $LOGGED_IN_USER '~/Library/Logs/Citrix Workspace'\ntrash $LOGGED_IN_USER '~/Library/Preferences/com.citrix.AuthManager.plist'\ntrash $LOGGED_IN_USER '~/Library/Preferences/com.citrix.CitrixReceiverLauncher.plist'\ntrash $LOGGED_IN_USER '~/Library/Preferences/com.citrix.HdxRtcEngine.plist'\ntrash $LOGGED_IN_USER '~/Library/Preferences/com.citrix.receiver*.plist'\ntrash $LOGGED_IN_USER '~/Library/Preferences/com.citrix.Receiver*.plist'\ntrash $LOGGED_IN_USER '~/Library/Saved Application State/com.citrix.receiver.nomas.savedState'\ntrash $LOGGED_IN_USER '~/Library/WebKit/com.citrix.receiver.nomas'\n",
"fe7ba180": "#!/bin/bash\n\n# variables\nAPPDIR=\"/Applications/\"\nTMPDIR=$(dirname \"$(realpath \"$INSTALLER_PATH\")\")\n# functions\n\nquit_and_track_application() {\n local bundle_id=\"$1\"\n local var_name=\"APP_WAS_RUNNING_$(echo \"$bundle_id\" | tr '.-' '__')\"\n local timeout_duration=10\n\n # check if the application is running\n local app_running\n app_running=$(osascript -e \"application id \\\"$bundle_id\\\" is running\" 2>/dev/null)\n if [[ \"$app_running\" != \"true\" ]]; then\n eval \"export $var_name=0\"\n return\n fi\n\n local console_user\n console_user=$(stat -f \"%Su\" /dev/console)\n if [[ -z \"$console_user\" || \"$console_user\" == \"root\" || \"$console_user\" == \"loginwindow\" ]]; then\n echo \"Not logged into a non-root GUI; skipping quitting application ID '$bundle_id'.\"\n eval \"export $var_name=0\"\n return\n fi\n\n # App was running, mark it for relaunch\n eval \"export $var_name=1\"\n echo \"Application '$bundle_id' was running; will relaunch after installation.\"\n\n echo \"Quitting application '$bundle_id'...\"\n\n # try to quit the application within the timeout period\n local quit_success=false\n SECONDS=0\n while (( SECONDS < timeout_duration )); do\n if osascript -e \"tell application id \\\"$bundle_id\\\" to quit\" >/dev/null 2>&1; then\n if ! pgrep -f \"$bundle_id\" >/dev/null 2>&1; then\n echo \"Application '$bundle_id' quit successfully.\"\n quit_success=true\n break\n fi\n fi\n sleep 1\n done\n\n if [[ \"$quit_success\" = false ]]; then\n echo \"Application '$bundle_id' did not quit.\"\n fi\n}\n\n\nrelaunch_application() {\n local bundle_id=\"$1\"\n local var_name=\"APP_WAS_RUNNING_$(echo \"$bundle_id\" | tr '.-' '__')\"\n local was_running\n\n # Check if the app was running before installation\n eval \"was_running=\\$$var_name\"\n if [[ \"$was_running\" != \"1\" ]]; then\n return\n fi\n\n local console_user\n console_user=$(stat -f \"%Su\" /dev/console)\n if [[ -z \"$console_user\" || \"$console_user\" == \"root\" || \"$console_user\" == \"loginwindow\" ]]; then\n echo \"Not logged into a non-root GUI; skipping relaunching application ID '$bundle_id'.\"\n return\n fi\n\n echo \"Relaunching application '$bundle_id'...\"\n\n # Launch the app in the logged-in user's GUI session. Apps launched by root\n # won't register with the user's Dock/GUI, so run 'open' as the console user.\n # Use 'launchctl asuser' to bootstrap into the console user's Mach namespace\n # and GUI session — 'sudo -u' alone doesn't do this, which can cause\n # LSOpenURLsWithRole() failures even when 'open' exits 0.\n local open_status=0\n if [[ $EUID -eq 0 ]]; then\n local console_uid\n console_uid=$(id -u \"$console_user\")\n /bin/launchctl asuser \"$console_uid\" sudo -u \"$console_user\" open -b \"$bundle_id\" >/dev/null 2>&1 || open_status=$?\n else\n open -b \"$bundle_id\" >/dev/null 2>&1 || open_status=$?\n fi\n\n if [[ $open_status -eq 0 ]]; then\n echo \"Application '$bundle_id' relaunched successfully.\"\n else\n echo \"Failed to relaunch application '$bundle_id'.\"\n fi\n}\n\n\n# install pkg files\nquit_and_track_application 'com.citrix.receiver.nomas'\nsudo installer -pkg \"$TMPDIR/CitrixWorkspaceAppUniversal26.03.0.49.pkg\" -target /\nrelaunch_application 'com.citrix.receiver.nomas'\n"
"a1c686b5": "#!/bin/bash\n\n# variables\nLOGGED_IN_USER=$(scutil <<< \"show State:/Users/ConsoleUser\" | awk '/Name :/ { print $3 }')\n# functions\n\nexpand_pkgid_and_map() {\n local PKGID=\"$1\"\n local FUNC=\"$2\"\n if [[ \"$PKGID\" == *\"*\" ]]; then\n local prefix=\"${PKGID%\\*}\"\n echo \"Expanding wildcard for PKGID: $PKGID\"\n for receipt in $(pkgutil --pkgs | grep \"^${prefix}\"); do\n echo \"Processing $receipt\"\n \"$FUNC\" \"$receipt\"\n done\n else\n \"$FUNC\" \"$PKGID\"\n fi\n}\n\nforget_pkg() {\n local PKGID=\"$1\"\n expand_pkgid_and_map \"$PKGID\" forget_receipt\n}\n\nforget_receipt() {\n local PKGID=\"$1\"\n sudo pkgutil --forget \"$PKGID\"\n}\n\nquit_application() {\n local bundle_id=\"$1\"\n local timeout_duration=10\n\n # check if the application is running\n local app_running\n app_running=$(osascript -e \"application id \\\"$bundle_id\\\" is running\" 2>/dev/null)\n if [[ \"$app_running\" != \"true\" ]]; then\n return\n fi\n\n local console_user\n console_user=$(stat -f \"%Su\" /dev/console)\n if [[ -z \"$console_user\" || \"$console_user\" == \"root\" || \"$console_user\" == \"loginwindow\" ]]; then\n echo \"Not logged into a non-root GUI; skipping quitting application ID '$bundle_id'.\"\n return\n fi\n\n echo \"Quitting application '$bundle_id'...\"\n\n # try to quit the application within the timeout period\n local quit_success=false\n SECONDS=0\n while (( SECONDS < timeout_duration )); do\n if osascript -e \"tell application id \\\"$bundle_id\\\" to quit\" >/dev/null 2>&1; then\n if ! pgrep -f \"$bundle_id\" >/dev/null 2>&1; then\n echo \"Application '$bundle_id' quit successfully.\"\n quit_success=true\n break\n fi\n fi\n sleep 1\n done\n\n if [[ \"$quit_success\" = false ]]; then\n echo \"Application '$bundle_id' did not quit.\"\n fi\n}\n\n\nremove_launchctl_service() {\n local service=\"$1\"\n local booleans=(\"true\" \"false\")\n local plist_status\n local paths\n local should_sudo\n\n echo \"Removing launchctl service ${service}\"\n\n for should_sudo in \"${booleans[@]}\"; do\n plist_status=$(launchctl list \"${service}\" 2>/dev/null)\n\n if [[ $plist_status == \\{* ]]; then\n if [[ $should_sudo == \"true\" ]]; then\n sudo launchctl remove \"${service}\"\n else\n launchctl remove \"${service}\"\n fi\n sleep 1\n fi\n\n paths=(\n \"/Library/LaunchAgents/${service}.plist\"\n \"/Library/LaunchDaemons/${service}.plist\"\n )\n\n # if not using sudo, prepend the home directory to the paths\n if [[ $should_sudo == \"false\" ]]; then\n for i in \"${!paths[@]}\"; do\n paths[i]=\"${HOME}${paths[i]}\"\n done\n fi\n\n for path in \"${paths[@]}\"; do\n if [[ -e \"$path\" ]]; then\n if [[ $should_sudo == \"true\" ]]; then\n sudo rm -f -- \"$path\"\n else\n rm -f -- \"$path\"\n fi\n fi\n done\n done\n}\n\nremove_pkg_files() {\n local PKGID=\"$1\"\n expand_pkgid_and_map \"$PKGID\" remove_receipt_files\n}\n\nremove_receipt_files() {\n local PKGID=\"$1\"\n local PKGINFO VOLUME INSTALL_LOCATION FULL_INSTALL_LOCATION\n\n echo \"pkgutil --pkg-info-plist \\\"$PKGID\\\"\"\n PKGINFO=$(pkgutil --pkg-info-plist \"$PKGID\")\n VOLUME=$(echo \"$PKGINFO\" | awk '/<key>volume<\\/key>/ {getline; gsub(/.*<string>|<\\/string>.*/, \"\"); print}')\n INSTALL_LOCATION=$(echo \"$PKGINFO\" | awk '/<key>install-location<\\/key>/ {getline; gsub(/.*<string>|<\\/string>.*/, \"\"); print}')\n\n if [ -z \"$INSTALL_LOCATION\" ] || [ \"$INSTALL_LOCATION\" = \"/\" ]; then\n FULL_INSTALL_LOCATION=\"$VOLUME\"\n else\n FULL_INSTALL_LOCATION=\"$VOLUME/$INSTALL_LOCATION\"\n FULL_INSTALL_LOCATION=$(echo \"$FULL_INSTALL_LOCATION\" | sed 's|//|/|g')\n fi\n\n echo \"sudo pkgutil --only-files --files \\\"$PKGID\\\" | sed \\\"s|^|${FULL_INSTALL_LOCATION}/|\\\" | tr '\\\\\\\\n' '\\\\\\\\0' | /usr/bin/sudo -u root -E -- /usr/bin/xargs -0 -- /bin/rm -rf\"\n sudo pkgutil --only-files --files \"$PKGID\" | sed \"s|^|/${INSTALL_LOCATION}/|\" | tr '\\n' '\\0' | /usr/bin/sudo -u root -E -- /usr/bin/xargs -0 -- /bin/rm -rf\n\n echo \"sudo pkgutil --only-dirs --files \\\"$PKGID\\\" | sed \\\"s|^|${FULL_INSTALL_LOCATION}/|\\\" | grep '\\\\.app$' | tr '\\\\\\\\n' '\\\\\\\\0' | /usr/bin/sudo -u root -E -- /usr/bin/xargs -0 -- /bin/rm -rf\"\n sudo pkgutil --only-dirs --files \"$PKGID\" | sed \"s|^|${FULL_INSTALL_LOCATION}/|\" | grep '\\.app$' | tr '\\n' '\\0' | /usr/bin/sudo -u root -E -- /usr/bin/xargs -0 -- /bin/rm -rf\n\n root_app_dir=$(\n sudo pkgutil --only-dirs --files \"$PKGID\" \\\n | sed \"s|^|${FULL_INSTALL_LOCATION}/|\" \\\n | grep 'Applications' \\\n | awk '{ print length, $0 }' \\\n | sort -n \\\n | head -n1 \\\n | cut -d' ' -f2-\n )\n if [ -n \"$root_app_dir\" ]; then\n echo \"sudo rmdir -p \\\"$root_app_dir\\\" 2>/dev/null || :\"\n sudo rmdir -p \"$root_app_dir\" 2>/dev/null || :\n fi\n}\n\ntrash() {\n local logged_in_user=\"$1\"\n local target_file=\"$2\"\n local timestamp=\"$(date +%Y-%m-%d-%s)\"\n local rand=\"$(jot -r 1 0 99999)\"\n\n # replace ~ with /Users/$logged_in_user\n if [[ \"$target_file\" == ~* ]]; then\n target_file=\"/Users/$logged_in_user${target_file:1}\"\n fi\n\n local trash=\"/Users/$logged_in_user/.Trash\"\n\n # If the target contains glob characters, expand it and move each match.\n if [[ \"$target_file\" == *[*?[]* ]]; then\n local file file_name\n local matched=false\n local i=0\n # compgen -G expands the (quoted) pattern itself, so paths containing\n # spaces glob correctly; reading line by line keeps each match intact.\n while IFS= read -r file; do\n [[ -n \"$file\" ]] || continue\n [[ -e \"$file\" || -L \"$file\" ]] || continue\n matched=true\n i=$((i + 1))\n file_name=\"$(basename \"$file\")\"\n echo \"removing $file.\"\n # The per-match counter keeps matches that share a basename from\n # overwriting each other in the trash.\n mv -f \"$file\" \"$trash/${file_name}_${timestamp}_${rand}_${i}\"\n done < <(compgen -G \"$target_file\" 2>/dev/null)\n if [[ \"$matched\" == false ]]; then\n echo \"$target_file doesn't exist.\"\n fi\n return\n fi\n\n local file_name=\"$(basename \"${target_file}\")\"\n\n if [[ -e \"$target_file\" ]]; then\n echo \"removing $target_file.\"\n mv -f \"$target_file\" \"$trash/${file_name}_${timestamp}_${rand}\"\n else\n echo \"$target_file doesn't exist.\"\n fi\n}\n\nremove_launchctl_service 'com.citrix.AuthManager_Mac'\nremove_launchctl_service 'com.citrix.ctxusbd'\nremove_launchctl_service 'com.citrix.CtxWorkspaceHelperDaemon'\nremove_launchctl_service 'com.citrix.ctxworkspaceupdater'\nremove_launchctl_service 'com.citrix.devicetrust.launchagent'\nremove_launchctl_service 'com.citrix.ReceiverHelper'\nremove_launchctl_service 'com.citrix.ReceiverUninstallHelper'\nremove_launchctl_service 'com.citrix.ReceiverUpdaterHelper'\nremove_launchctl_service 'com.citrix.safariadapter'\nremove_launchctl_service 'com.citrix.ServiceRecords'\nremove_launchctl_service 'com.citrix.UninstallMonitor'\nquit_application 'Citrix.ServiceRecords'\nquit_application 'com.citrix.CitrixReceiverLauncher'\nquit_application 'com.citrix.receiver.nomas'\nquit_application 'com.citrix.ReceiverHelper'\nremove_pkg_files 'com.citrix.common'\nforget_pkg 'com.citrix.common'\nremove_pkg_files 'com.citrix.devicetrust.client'\nforget_pkg 'com.citrix.devicetrust.client'\nremove_pkg_files 'com.citrix.devicetrust.client.ica'\nforget_pkg 'com.citrix.devicetrust.client.ica'\nremove_pkg_files 'com.citrix.enterprisebrowserinstaller'\nforget_pkg 'com.citrix.enterprisebrowserinstaller'\nremove_pkg_files 'com.citrix.ICAClient'\nforget_pkg 'com.citrix.ICAClient'\nremove_pkg_files 'com.citrix.ICAClientcwa'\nforget_pkg 'com.citrix.ICAClientcwa'\nremove_pkg_files 'com.citrix.ICAClienthdx'\nforget_pkg 'com.citrix.ICAClienthdx'\nremove_pkg_files 'com.citrix.receiver.bcr'\nforget_pkg 'com.citrix.receiver.bcr'\ntrash $LOGGED_IN_USER '~/Library/Application Support/Citrix Receiver'\ntrash $LOGGED_IN_USER '~/Library/Application Support/Citrix Workspace'\ntrash $LOGGED_IN_USER '~/Library/Application Support/Citrix'\ntrash $LOGGED_IN_USER '~/Library/Application Support/com.citrix.CitrixReceiverLauncher'\ntrash $LOGGED_IN_USER '~/Library/Application Support/com.citrix.HdxRtcEngine'\ntrash $LOGGED_IN_USER '~/Library/Application Support/com.citrix.receiver*'\ntrash $LOGGED_IN_USER '~/Library/Application Support/com.citrix.ReceiverUpdater'\ntrash $LOGGED_IN_USER '~/Library/Caches/com.citrix.receiver*'\ntrash $LOGGED_IN_USER '~/Library/HTTPStorages/com.citrix.CitrixReceiverLauncher'\ntrash $LOGGED_IN_USER '~/Library/HTTPStorages/com.citrix.receiver*'\ntrash $LOGGED_IN_USER '~/Library/Logs/Citrix Workspace'\ntrash $LOGGED_IN_USER '~/Library/Preferences/com.citrix.AuthManager.plist'\ntrash $LOGGED_IN_USER '~/Library/Preferences/com.citrix.CitrixReceiverLauncher.plist'\ntrash $LOGGED_IN_USER '~/Library/Preferences/com.citrix.HdxRtcEngine.plist'\ntrash $LOGGED_IN_USER '~/Library/Preferences/com.citrix.receiver*.plist'\ntrash $LOGGED_IN_USER '~/Library/Preferences/com.citrix.Receiver*.plist'\ntrash $LOGGED_IN_USER '~/Library/Saved Application State/com.citrix.receiver.nomas.savedState'\ntrash $LOGGED_IN_USER '~/Library/WebKit/com.citrix.receiver.nomas'\n",

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

Unload and delete LaunchAgents in the console user’s domain.

Line 19’s remove_launchctl_service non-sudo branch still uses the current process context (launchctl remove + $HOME). When this uninstall runs as root, it targets /var/root instead of /Users/$LOGGED_IN_USER, so the added Citrix user LaunchAgents are left behind.

Suggested fix
 remove_launchctl_service() {
   local service="$1"
+  local console_uid
+  console_uid=$(id -u "$LOGGED_IN_USER")
   local booleans=("true" "false")
   local plist_status
   local paths
   local should_sudo
@@
-    if [[ $plist_status == \{* ]]; then
+    if [[ $plist_status == \{* ]]; then
       if [[ $should_sudo == "true" ]]; then
         sudo launchctl remove "${service}"
       else
-        launchctl remove "${service}"
+        /bin/launchctl asuser "$console_uid" launchctl remove "${service}"
       fi
       sleep 1
     fi
 
-    paths=(
-      "/Library/LaunchAgents/${service}.plist"
-      "/Library/LaunchDaemons/${service}.plist"
-    )
-
-    # if not using sudo, prepend the home directory to the paths
-    if [[ $should_sudo == "false" ]]; then
-      for i in "${!paths[@]}"; do
-        paths[i]="${HOME}${paths[i]}"
-      done
-    fi
+    if [[ $should_sudo == "true" ]]; then
+      paths=(
+        "/Library/LaunchAgents/${service}.plist"
+        "/Library/LaunchDaemons/${service}.plist"
+      )
+    else
+      paths=(
+        "/Users/$LOGGED_IN_USER/Library/LaunchAgents/${service}.plist"
+      )
+    fi
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@ee/maintained-apps/outputs/citrix-workspace/darwin.json` at line 19, The
non-sudo path in remove_launchctl_service is using the current process context,
so when this uninstall runs as root it removes LaunchAgents from /var/root
instead of the console user’s domain. Update remove_launchctl_service to unload
and delete plist files for the logged-in user captured in LOGGED_IN_USER, and
make sure the launchctl/remove logic targets that user domain rather than
relying on HOME/current context.

@github-actions

Copy link
Copy Markdown
Contributor

Closing in favor of #48308.

@github-actions github-actions Bot closed this Jun 25, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants