micromdm / nanodep Goto Github PK

Latest version of DEP protocol is v7 as noted in Apple docs — example 1. While users of NanoDEP can explicitly set any protocol version they like we set default to 3 here:

Consider upping the default to the current version 7.

We check for an existing DSN (directory), but not if it is actually a directory.

#42The issue appears to be working correctly.
Can you release the latest version?
@jessepeterson

The fix for #1 guarded against uploading tokens with a differing consumer key. However if the CK legitimately changes there may be a need to allow "forcing" replacing the OAuth tokens for a given DEP name.

Hello,

Is there a way to check if the device is DEP enrolled?

Currently there's a bit of code duplication in DecryptTokenPKIHandler and StoreAuthTokensHandler. To de-dupe some of that.

Currently NanoDEP only has a file storage backend. Implement a MySQL store.

depsyncer specifies whether there is a quantity limit for DEP, and what is the impact of a large quantity?

It's clear that with the MAID jwt (see #24) that the DEP private key that the server holds will need to be used throughout the DEP server operation and not just at OAuth token exchange time. Thus we'd like to be able to have a 'staged' PKI set when we're generating/downloading keys that do not overwrite the primary in-use key when we upload a new one. Perhaps the in-use PKI set are replaced as soon as new OAuth1 tokens are uploaded.

[root@iZuf64hzarhamgerishd1nZ nanodep]# ./depsyncer-linux-amd64 -debug -limit 1000 -duration 60 dep
2024/01/22 00:55:28 level=debug component=syncer name=dep msg=starting timer duration=1m0s
2024/01/22 00:55:29 level=info component=syncer name=dep msg=error syncing phase=fetch cursor= err=DEP HTTP error: 400 Bad Request: USER_AGENT_INVALID
2024/01/22 00:56:29 level=info component=syncer name=dep msg=error syncing phase=fetch cursor= err=DEP HTTP error: 400 Bad Request: USER_AGENT_INVALID

As a beginner, I am using nanodep, and according to the reference documentation, I have made the settings, but I encountered a problem when enabling depsyncer. Please help me, thank you.

See micromdm/nanomdm#57

We'd like to implement a mongoDB connector that satisfies the AllStorage interface and maintain support for the connector as this project continues.

Check previous Consumer Key when uploading the tokens to try to prevent overwriting the wrong tokens.

@jessepeterson
New option --all is added to indicate operating all.
All I can think of is reading the database every time.
Although this may bring additional overhead

I am using pm2 to deploy depsyncer.
This is my pm2 ecosystem config file

module.exports = {
    apps: [
        {
            "name": "depsyncer",
            "cwd": "/var/www/nanodep",
            "script": "/var/www/nanodep/depsyncer-linux-amd64",
            "args": '-webhook-url "url" -storage mysql -storage-dsn "username:password@tcp(host:3306)/nanodep" -limit 100 -duration 10 DEP_NAME',
            "watch": false,
            "autorestart": true,
            "instances": 1,
            "interpreter": "",
        },
    ]
}

I would like to ask why the memory usage is getting higher and higher? Is this normal? @jessepeterson