Giter Site home page Giter Site logo

micromdm / nanodep Goto Github PK

View Code? Open in Web Editor NEW
31.0 4.0 11.0 155 KB

NanoDEP is a set of tools and a Go library powering them for communicating with Apple's Device Enrollment Program (DEP) API servers.

License: MIT License

Dockerfile 0.19% Makefile 1.64% Go 96.06% Shell 2.11%

nanodep's Introduction

NanoDEP

Go Go Reference

NanoDEP is a set of tools and a Go library powering them for communicating with Apple's Device Enrollment Program (DEP) API servers.

Getting started & Documentation

  • Quickstart
    A guide to get NanoDEP up and running quickly.

  • Operations Guide
    A brief overview of the various tools and utilities for working with NanoDEP.

Getting the latest version

  • Release .zip files containing the project should be attached to every GitHub release.
    • Release zips are also published for every main branch commit.
  • A Docker container is built and published to the GHCR.io registry for every release.
    • docker pull ghcr.io/micromdm/nanodep:latestdocker run ghcr.io/micromdm/nanodep:latest
    • A Docker container is also published for every main branch commit (and tagged with :main)
  • If you have a Go toolchain installed you can checkout the source and simply run make.

Tools and utilities

NanoDEP contains a few tools and utilities. At a high level:

  • DEP configuration & reverse proxy server. The primary server component, called depserver is used for configuring NanoDEP and talking with Apple's DEP servers. It hosts its own API for configuring MDM server instances used with Apple's servers (called DEP names) and also hosts a transparently authenticating reverse proxy for talking 'directly' to Apple's DEP API endpoints.
  • Device sync & assigner. The depsyncer tool handles the device fetch/sync cursor logic to continually retrieve the assigned devices from one or more Apple DEP MDM server instance(s).
  • Scripts, tools, and helpers.
    • A set of tools and utilities for talking to the Apple DEP API services — mostly implemented as shell scripts that communicate to the depserver.
    • A stand-alone deptokens tool for locally working with certificate generation for DEP token decryption.

See the Operations Guide for more details and usage documentation.

Go library

NanoDEP is also a Go library for accessing the Apple DEP APIs. There are two components to the Go library:

  • The higher-level godep package implements Go methods and structures for talking to the individual DEP API endpoints.
  • The lower-level client package implements primitives, helpers, and middleware for authenticating to the DEP API and managing sessions tokens.

See the Go Reference documentation (or the Go source itself, of course) for details on these packages.

nanodep's People

Contributors

alwatts avatar dependabot[bot] avatar jessepeterson avatar lucasmrod avatar maksymilian-lewicki avatar yohan460 avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar

nanodep's Issues

MongoDB Support

See micromdm/nanomdm#57

We'd like to implement a mongoDB connector that satisfies the AllStorage interface and maintain support for the connector as this project continues.

depsyncer error: 400 Bad Request: USER_AGENT_INVALID

[root@iZuf64hzarhamgerishd1nZ nanodep]# ./depsyncer-linux-amd64 -debug -limit 1000 -duration 60 dep
2024/01/22 00:55:28 level=debug component=syncer name=dep msg=starting timer duration=1m0s
2024/01/22 00:55:29 level=info component=syncer name=dep msg=error syncing phase=fetch cursor= err=DEP HTTP error: 400 Bad Request: USER_AGENT_INVALID
2024/01/22 00:56:29 level=info component=syncer name=dep msg=error syncing phase=fetch cursor= err=DEP HTTP error: 400 Bad Request: USER_AGENT_INVALID

As a beginner, I am using nanodep, and according to the reference documentation, I have made the settings, but I encountered a problem when enabling depsyncer. Please help me, thank you.

[BUG]depsyncer callback error dep_name

When multiple DEPNAME are configured, the device_response_event.dep_name in the callback data is always the last one.

example

./nanodep/depsyncer-linux-amd64 -webhook-url "http://webhook" -storage mysql -storage-dsn "root:root@tcp(host:3306)/nanodep" -limit 100 -duration 600 foo bar

device_response_event.dep_name in the callback is always bar

[depsyncer]memory usage is getting higher and higher

I am using pm2 to deploy depsyncer.
This is my pm2 ecosystem config file

module.exports = {
    apps: [
        {
            "name": "depsyncer",
            "cwd": "/var/www/nanodep",
            "script": "/var/www/nanodep/depsyncer-linux-amd64",
            "args": '-webhook-url "url" -storage mysql -storage-dsn "username:password@tcp(host:3306)/nanodep" -limit 100 -duration 10 DEP_NAME',
            "watch": false,
            "autorestart": true,
            "instances": 1,
            "interpreter": "",
        },
    ]
}

I would like to ask why the memory usage is getting higher and higher? Is this normal? @jessepeterson

support an in-progress certificate update workflow

It's clear that with the MAID jwt (see #24) that the DEP private key that the server holds will need to be used throughout the DEP server operation and not just at OAuth token exchange time. Thus we'd like to be able to have a 'staged' PKI set when we're generating/downloading keys that do not overwrite the primary in-use key when we upload a new one. Perhaps the in-use PKI set are replaced as soon as new OAuth1 tokens are uploaded.

Consider ability to force CK change

The fix for #1 guarded against uploading tokens with a differing consumer key. However if the CK legitimately changes there may be a need to allow "forcing" replacing the OAuth tokens for a given DEP name.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.