A Patch Deep Dive

Transcript

1. View Slide

2. © JAMF Software, LLC
   Duncan McCracken
   Co-Founder / Technical Director
   
   Mondada Pty Ltd
   Luckie Vang
   Test Engineer
   
   Jamf
   

   View Slide

3. © JAMF Software, LLC
   A Patch Deep Dive
   Presentation agenda:
   
   About Version Control
   
   Jamf Patch History
   
   External Patch Endpoints
   
   Connecting to an External Source
   
   External Patch Source Projects
   

   View Slide

4. © JAMF Software, LLC
   A Patch Deep Dive
   Presentation agenda:
   
   Structure of a Patch Definition
   
   Creating Patch Definitions
   
   Pre-supplied Patch Definitions
   
   

   View Slide

5. © JAMF Software, LLC
   About Version Control
   Not as simple as it seems on the surface
   

   View Slide

6. © JAMF Software, LLC
   About Version Control
   • Where is the information stored?
   Not as simple as it seems on the surface
   

   View Slide

7. © JAMF Software, LLC
   About Version Control
   • Default Location

   .app/Contents/Info.plist
   
   • Default Key

   CFBundleShortVersionString
   Where is the information stored?
   

   View Slide

8. © JAMF Software, LLC
   About Version Control
   • Except for when it isn’t
   
   • In the Context of Jamf: Extension Attribute
   Where is the information stored?
   

   View Slide

9. © JAMF Software, LLC
   About Version Control
   • Where is the information stored?
   
   • Standards in version strings
   Not as simple as it seems on the surface
   

   View Slide

10. © JAMF Software, LLC
    About Version Control
    • What does a version string look like?
    Standards in version strings
    

    View Slide

11. © JAMF Software, LLC
    About Version Control
    • What does should a version string look like?
    
    • Major . Minor . Build [ . Revision ]
    Standards (or lack of) in version strings
    

    View Slide

12. © JAMF Software, LLC
    About Version Control
    • Lack of standards in version strings
    
    • Where the information is stored
    
    • Comparison vs Lookup
    Not as simple as it seems on the surface
    

    View Slide

13. © JAMF Software, LLC
    About Version Control
    • Comparison gives a Relative State
    Comparison vs Lookup
    

    View Slide

14. © JAMF Software, LLC
    About Version Control
    • Comparison gives a Relative State
    
    • Comparison requires consistency
    Comparison vs Lookup
    

    View Slide

15. © JAMF Software, LLC
    About Version Control
    • Comparison gives a Relative State
    
    • Comparison requires consistency
    
    • Comparison works most of the time
    Comparison vs Lookup
    

    View Slide

16. © JAMF Software, LLC
    About Version Control
    • Lookup doesn't care about consistency
    Comparison vs Lookup
    

    View Slide

17. © JAMF Software, LLC
    About Version Control
    • Lookup doesn't care about consistency
    
    • Lookup is reactive
    Comparison vs Lookup
    

    View Slide

18. © JAMF Software, LLC
    About Version Control
    • Lookup doesn't care about consistency
    
    • Lookup is reactive
    
    • Lookup works all the time
    Comparison vs Lookup
    

    View Slide

19. © JAMF Software, LLC
    Jamf Patch History
    • Patch Reporting in Jamf Pro 9.96
    The Road So Far…
    

    View Slide

20. © JAMF Software, LLC
    Jamf Patch History
    • Patch Reporting in Jamf Pro 9.96
    
    • Patch Management in Jamf Pro 10.0
    The Road So Far…
    

    View Slide

21. © JAMF Software, LLC
    Jamf Patch History
    • Patch Reporting in Jamf Pro 9.96
    
    • Patch Management in Jamf Pro 10.0
    
    • External Patch Sources in Jamf Pro 10.2
    The Road So Far…
    

    View Slide

22. © JAMF Software, LLC
    External Patch Endpoints
    https://www.jamf.com/jamf-nation/articles/497
    

    View Slide

23. © JAMF Software, LLC
    External Patch Endpoints
    • API - API communication
    https://www.jamf.com/jamf-nation/articles/497
    

    View Slide

24. © JAMF Software, LLC
    External Patch Endpoints
    • API - API communication
    
    • /software
    https://www.jamf.com/jamf-nation/articles/497
    

    View Slide

25. © JAMF Software, LLC
    

    View Slide

26. © JAMF Software, LLC
    External Patch Endpoints
    • API - API communication
    
    • /software
    
    • /software/{ids}
    https://www.jamf.com/jamf-nation/articles/497
    

    View Slide

27. © JAMF Software, LLC
    

    View Slide

28. © JAMF Software, LLC
    External Patch Endpoints
    • API - API communication
    
    • /software
    
    • /software/{ids}
    
    • /patch/{id}
    https://www.jamf.com/jamf-nation/articles/497
    

    View Slide

29. © JAMF Software, LLC
    

    View Slide

30. © JAMF Software, LLC
    

    View Slide

31. © JAMF Software, LLC
    Connecting to an External Source
    • The Java Keystore must trust the SSL Cert
    Things to Remember
    

    View Slide

32. © JAMF Software, LLC
    Connecting to an External Source
    • The Java Keystore must trust the SSL Cert
    
    • The Endpoint must have at least one definition
    Things to Remember
    

    View Slide

33. © JAMF Software, LLC
    Connecting to an External Source
    • The Java Keystore must trust the SSL Cert
    
    • The Endpoint must have at least one definition
    
    • Patch Definitions for 3rd-party sources can't
    be code-signed
    Things to Remember
    

    View Slide

34. © JAMF Software, LLC
    External Patch Source Projects
    • Patch Server for Jamf Pro

    https://patchserver.readthedocs.io/en/latest/
    Take a Look at These
    

    View Slide

35. © JAMF Software, LLC
    

    View Slide

36. © JAMF Software, LLC
    External Patch Source Projects
    • Patch Server for Jamf Pro

    https://patchserver.readthedocs.io/en/latest/
    
    • Kinobi Open Source

    https://kinobi.io/
    Take a Look at These
    

    View Slide

37. © JAMF Software, LLC
    

    View Slide

38. © JAMF Software, LLC
    Structure of a Patch Definition
    • Jamf Pro External Patch Source Endpoints

    https://www.jamf.com/jamf-nation/articles/497
    References
    

    View Slide

39. © JAMF Software, LLC
    Structure of a Patch Definition
    • Kinobi: Understanding Patch Definitions

    https://github.com/mondada/kinobi/wiki/
    Understanding-Patch-Definitions
    References
    

    View Slide

40. © JAMF Software, LLC
    

    View Slide

41. © JAMF Software, LLC
    Structure of a Patch Definition
    • Corresponds to the Jamf Pro Database
    Patch Data Structure
    

    View Slide

42. © JAMF Software, LLC
    Structure of a Patch Definition
    • Corresponds to the Jamf Pro Database
    
    • Modular and extensible
    Patch Data Structure
    

    View Slide

43. © JAMF Software, LLC
    Structure of a Patch Definition
    • Corresponds to the Jamf Pro Database
    
    • Modular and extensible
    
    • Not everything is used
    Patch Data Structure
    

    View Slide

44. © JAMF Software, LLC
    Structure of a Patch Definition
    • Corresponds to the Jamf Pro Database
    
    • Modular and extensible
    
    • Not everything is used
    
    • Some duplication of information
    Patch Data Structure
    

    View Slide

45. © JAMF Software, LLC
    Structure of a Patch Definition
    • Software Title
    
    • patch
    
    • components
    
    • extensionAttributes
    Object Types
    

    View Slide

46. © JAMF Software, LLC
    Structure of a Patch Definition
    • killApps
    
    • criteria (used for multiple things)
    Object Types
    

    View Slide

47. © JAMF Software, LLC
    Structure of a Patch Definition
    • name
    
    • publisher
    
    • appName
    
    • bundleId
    Software Title
    

    View Slide

48. © JAMF Software, LLC
    Structure of a Patch Definition
    • lastModified
    
    • currentVersion
    
    • id
    Software Title
    

    View Slide

49. © JAMF Software, LLC
    Structure of a Patch Definition
    • requirements
    
    • patches
    
    • extensionAttributes
    Software Title
    

    View Slide

50. © JAMF Software, LLC
    Structure of a Patch Definition
    • version
    
    • releaseDate
    
    • standalone
    
    • minimumOperatingSystem
    patch
    

    View Slide

51. © JAMF Software, LLC
    Structure of a Patch Definition
    • reboot
    patch
    

    View Slide

52. © JAMF Software, LLC
    Structure of a Patch Definition
    • killApps
    
    • components
    
    • capabilities
    
    • dependencies
    patch
    

    View Slide

53. © JAMF Software, LLC
    Structure of a Patch Definition
    • name
    
    • version
    components
    

    View Slide

54. © JAMF Software, LLC
    Structure of a Patch Definition
    • criteria
    components
    

    View Slide

55. © JAMF Software, LLC
    Structure of a Patch Definition
    • key
    
    • value
    
    • displayName
    extensionAttributes
    

    View Slide

56. © JAMF Software, LLC
    Structure of a Patch Definition
    • bundleId
    
    • appName
    killApps
    

    View Slide

57. © JAMF Software, LLC
    Structure of a Patch Definition
    • name
    
    • operator
    
    • value
    
    • type
    Criteria
    

    View Slide

58. © JAMF Software, LLC
    Structure of a Patch Definition
    • name
    
    • operator
    
    • value
    
    • type
    Criteria
    • and
    

    View Slide

59. © JAMF Software, LLC
    Creating Patch Definitions
    Hand-cutting the
    JSON
    

    View Slide

60. © JAMF Software, LLC
    Creating Patch Definitions
    Kinobi Editor
    

    View Slide

61. © JAMF Software, LLC
    

    View Slide

62. © JAMF Software, LLC
    

    View Slide

63. © JAMF Software, LLC
    

    View Slide

64. © JAMF Software, LLC
    

    View Slide

65. © JAMF Software, LLC
    

    View Slide

66. © JAMF Software, LLC
    

    View Slide

67. © JAMF Software, LLC
    

    View Slide

68. © JAMF Software, LLC
    

    View Slide

69. © JAMF Software, LLC
    

    View Slide

70. © JAMF Software, LLC
    

    View Slide

71. © JAMF Software, LLC
    

    View Slide

72. © JAMF Software, LLC
    

    View Slide

73. © JAMF Software, LLC
    

    View Slide

74. © JAMF Software, LLC
    

    View Slide

75. © JAMF Software, LLC
    

    View Slide

76. © JAMF Software, LLC
    

    View Slide

77. © JAMF Software, LLC
    

    View Slide

78. © JAMF Software, LLC
    

    View Slide

79. © JAMF Software, LLC
    

    View Slide

80. © JAMF Software, LLC
    

    View Slide

81. © JAMF Software, LLC
    

    View Slide

82. © JAMF Software, LLC
    

    View Slide

83. © JAMF Software, LLC
    

    View Slide

84. © JAMF Software, LLC
    

    View Slide

85. © JAMF Software, LLC
    

    View Slide

86. © JAMF Software, LLC
    

    View Slide

87. © JAMF Software, LLC
    

    View Slide

88. © JAMF Software, LLC
    

    View Slide

89. © JAMF Software, LLC
    

    View Slide

90. © JAMF Software, LLC
    

    View Slide

91. © JAMF Software, LLC
    

    View Slide

92. © JAMF Software, LLC
    

    View Slide

93. © JAMF Software, LLC
    

    View Slide

94. © JAMF Software, LLC
    

    View Slide

95. © JAMF Software, LLC
    

    View Slide

96. © JAMF Software, LLC
    

    View Slide

97. © JAMF Software, LLC
    

    View Slide

98. © JAMF Software, LLC
    

    View Slide

99. © JAMF Software, LLC
    

    View Slide

100. © JAMF Software, LLC
     

     View Slide

101. © JAMF Software, LLC
     

     View Slide

102. © JAMF Software, LLC
     

     View Slide

103. © JAMF Software, LLC
     Creating Patch Definitions
     • Validate Extension Attributes
     Pro Tips
     

     View Slide

104. © JAMF Software, LLC
     Creating Patch Definitions
     • Validate Extension Attributes
     
     • Use Advanced Searches in Jamf Pro
     Pro Tips
     

     View Slide

105. © JAMF Software, LLC
     Creating Patch Definitions
     • Validate Extension Attributes
     
     • Use Advanced Searches in Jamf Pro
     
     • Smart Groups without parenthesis
     Pro Tips
     

     View Slide

106. © JAMF Software, LLC
     Pre-supplied Patch Definitions
     • Community Patch

     https://communitypatch.readthedocs.io/
     If [insert annoying part] all seems too much…
     

     View Slide

107. © JAMF Software, LLC
     Pre-supplied Patch Definitions
     • Community Patch

     https://communitypatch.readthedocs.io/
     
     • Kinobi Subscription

     https://kinobi.io/kinobi/
     If [insert annoying part] all seems too much…
     

     View Slide

108. © JAMF Software, LLC
     One More Thing…
     NetSUS 5.0
     

     View Slide

109. © JAMF Software, LLC
     NetSUS 5.0
     • Improved UI
     
     • Enable / Disable Services
     
     • Additional System Management
     
     • Better Sanity Checking
     New Features
     

     View Slide

110. © JAMF Software, LLC
     NetSUS 5.0
     • File Sharing
     
     • Multiple NBIs
     
     • SUS Catalog Selection
     
     • And many more
     New Features
     

     View Slide

111. © JAMF Software, LL
     THANK YOU!
     

     View Slide