Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
f
Federico Alliani
05/05/2023, 1:40 PMHello!
To be able to use the bootstrap package, do you have to pay for the apple developer license to sign it?
because it gives me the following error:
Error: Couldn't edit bootstrap_package. The bootstrap_package must be signed.r
roberto
05/05/2023, 2:43 PMHey Federico, Apple requires all packages installed through MDM to be signed, that's why we're checking before updating the setting.
Indeed, you need to pay for a developer ID certificate, but again that's an Apple restriction.
f
Federico Alliani
05/05/2023, 3:18 PMAfter signing and upload bootstrap pkg, I create a pkg of fleet to enroll new mac and the pkg are not installed.
My fleet config is:
mdm:
apple_bm_default_team: ""
apple_bm_terms_expired: false
enabled_and_configured: true
macos_settings:
custom_settings: null
enable_disk_encryption: true
macos_setup:
bootstrap_package: <http://my-server/munkitools-signed.pkg>
macos_updates:
deadline: ""
minimum_version: ""I need to add another configuration?
r
roberto
05/05/2023, 6:11 PMthat config looks good. Just to sanity check: are you enrolling the machine using DEP or is this a manual enrollment? bootstrap packages are only supported for DEP
f
Federico Alliani
05/05/2023, 7:04 PMI am using manual enrollment 😞
there is no way to use manual enrollment?
r
roberto
05/05/2023, 8:30 PMfor bootstrap packages no, at the moment those are intended to be installed when the machine is unboxed during DEP
I'm curious: what's your use case? I wonder if we could make a compelling case and ask product to consider allowing bootstrap packages during manual enrollment
f
Federico Alliani
05/05/2023, 8:45 PMWe are beginning the ISO27001 certification and the certifications asked to have a software inventory of the company's workstations and control to install and uninstall software from workstations.
Our idea was to use Fleet as inventory + MDM and munki as manager software.
My idea is shared the fleet agent and ask them (i couldn't enforce) to do the manual enrollment and configure there so that munki is installed in the bootstrap.
The other way would be to pass two installers, but I wanted to avoid that.
If you have another form to do that, or any recommendations , please let me know 😄
We are a 30 people , all people from differents countries
r
roberto
05/05/2023, 10:20 PMgotcha, thanks for the details. What about adding the fleet agent + munki to a package and distributing that instead of fleet alone? optionally what about distributing munki and adding the fleet agent via munki?