Enable code-signing for MAC OS based agents

Idea ID 1644129

Enable code-signing for MAC OS based agents

Apple is slowly closing macOS to non-verified development. As for macOS High Sierra every running process must be signed, and the installer must also be signed. AND it must be a PKG based, encrypted installer

5 Comments
Micro Focus Expert
Micro Focus Expert
Status changed to: Accepted
 
Micro Focus Expert
Micro Focus Expert
Status changed to: New Idea
 
Honored Contributor.
Honored Contributor.
Status changed to: Waiting for Votes

The idea has received an initial review to ensure adherence to our idea submission and community guidelines. We ask the community to help prioritize the idea with comments and community support (votes/kudos).

Honored Contributor.
Honored Contributor.

The idea has received an initial review to ensure adherence to our idea submission and community guidelines. We ask the community to help prioritize the idea with comments and community support (votes/kudos).

Outstanding Contributor.
Outstanding Contributor.

I really want to go through some of the details of this challenge.

Locating UD Agent software version info on macOS X

I can find that *.swidtag xml file easily enough…it’s not ideal but we can pull the version string using a basic grep.  

cat /Library/LaunchDaemons/HPDiscoveryAgent/*.swidtag | grep swid:product_title

cat /Library/LaunchDaemons/HPDiscoveryAgent/*.swidtag | grep swid:name

DESKTOPHOSTNAME:~ userna$ cat /Library/LaunchDaemons/HPDiscoveryAgent/*.swidtag | grep swid:product_title

<swid:product_title>Universal Discovery Agent (Complete)</swid:product_title>

j2xm0901129:~ jbunsto$ cat /Library/LaunchDaemons/HPDiscoveryAgent/*.swidtag | grep swid:name

        <swid:name>10.33</swid:name>

        <swid:name>Hewlett-Packard Development Company, L.P.</swid:name>

        <swid:name>Hewlett-Packard Development Company, L.P.</swid:name>

        <swid:name>Hewlett-Packard Development Company, L.P.</swid:name>

It’s OK we can grab it from here but’s it’s a silly way to parse this info. What other apps can find this?? I’ve noticed that macOS 10.x doesn’t detect the agent as installed software. The software scanning tools we use elsewhere also can’t even confirm if it’s installed. Below is from the macOS System Profiler. Note no HP UD Agent.

macOS System Profiler shows no UD Agent installedmacOS System Profiler shows no UD Agent installed
Tools such as Lansweeper dont pickup the UD Agent, there is no independent way to detect the agent.

 Finally, I can see an install receipt. This is *somewhat helpful but it only tells us an install was attempted. There is no version number.

no version numberno version number

The goal of this enhancement is to confirm that:

  • The agent is installed
  • The agent is functioning
  • The agent is configured correctly

We can do this for every piece of software out there on MAC's…except the UD agent.

About the Author
Bill has over 26 years of experience in the IT industry focusing on providing business solutions utilizing HPE Software’s tools at enterprise scale. He comes from the HPE-IT organization where he managed the first deployment of HPSC (now HPSM) and then later UCMDB with its discovery partner UD. Bill also managed a team of IT Developers, who created customized configuration management solutions for HPE-IT and HPE’s ES clients.
Most "Liked" Contributors
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.