Add macOS mesh agent tar.gz archive delivery with .msh config #2348
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
For macOS agents, download both mesh binary and .msh configuration file from MeshCentral, compress as tar.gz, and deliver via /api/v3/meshexe/ endpoint. - Add get_mesh_msh_url(): constructs /meshsettings endpoint URL - Add download_mesh_agent_with_msh(): downloads both files, creates tar.gz archive - Modify MeshExe.post(): use archive for darwin, single binary for windows Files changed: - api/tacticalrmm/core/utils.py - api/tacticalrmm/apiv3/views.py 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
…d filenames - Add SHA256SUMS file to tar.gz archive for integrity verification - Generate random 8-char suffix for mesh agent filenames to prevent unwanted in-place upgrades - Simplify macOS mesh agent URL format to use id=10005 directly - Strip leading blank lines from .msh configuration files - Update tests to reflect simplified URL format 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Enhance macOS mesh agent download with SHA256 checksums and randomized filenames
7 tasks
Author
|
Closing this PR - will recreate targeting main branch instead of develop |
7 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Implements tar.gz archive delivery for macOS mesh agents with enhanced security features including SHA256 checksum verification and randomized filenames to prevent unwanted in-place upgrades.
Changes
Core Functionality
Client-Side Changes Required:
This requires corresponding changes in the rmmagent to handle the tar.gz archive and
--copy-msh="1"installation. See: amidaware/rmmagent#68Implementation Details
get_mesh_msh_url(): Constructs /meshsettings endpoint URLdownload_mesh_agent_with_msh(): Downloads both files, creates tar.gz archive with checksumsget_meshagent_url(): Added macOS-specific branch to use clean binary URL format (onlyidparameter) to preserve code signatures. Downloads unmodified binary fromhttp://[mesh_server]/meshagents?id=10005- mesh configuration provided separately via .msh file rather than embedded in binary by MeshCentralMeshExe.post()inapiv3/views.py: Use archive for darwin, single binary for windowsFiles Modified
api/tacticalrmm/core/utils.py- Core download and archive functionality (+86 lines)api/tacticalrmm/apiv3/views.py- Endpoint logic for archive delivery (+13 lines)api/tacticalrmm/core/tests.py- Updated tests for simplified URL format (8 lines changed)Test Plan
Completed Testing (macOS)
Recommended Validations
Related PRs
🤖 Generated with Claude Code