[PR #2344] [CLOSED] Add macOS mesh agent tar.gz archive delivery with .msh config

## 📋 Pull Request Information **Original PR:** https://github.com/amidaware/tacticalrmm/pull/2344 **Author:** [@PeetMcK](https://github.com/PeetMcK) **Created:** 11/13/2025 **Status:** ❌ Closed **Base:** `develop` ← **Head:** `develop` --- ### 📝 Commits (3) - [`36eae42`](https://github.com/amidaware/tacticalrmm/commit/36eae4272608643354bb17e47f8c6dd2f007c8c5) Add macOS mesh agent tar.gz archive delivery with .msh config - [`90953eb`](https://github.com/amidaware/tacticalrmm/commit/90953eb12ec1752b538e6a1daab2855448fbb2b6) Enhance macOS mesh agent download with SHA256 checksums and randomized filenames - [`4d7e1c9`](https://github.com/amidaware/tacticalrmm/commit/4d7e1c9cb7563324926719359e0d75e334030caf) Merge pull request #1 from PeetMcK/macOS-refactorv2 ### 📊 Changes **3 files changed** (+102 additions, -5 deletions) <details> <summary>View changed files</summary> 📝 `api/tacticalrmm/apiv3/views.py` (+12 -1) 📝 `api/tacticalrmm/core/tests.py` (+4 -4) 📝 `api/tacticalrmm/core/utils.py` (+86 -0) </details> ### 📄 Description ## Summary Implements tar.gz archive delivery for macOS mesh agents with enhanced security features including SHA256 checksum verification and randomized filenames to prevent unwanted in-place upgrades. ## Changes ### Core Functionality - **Archive Creation**: Download both mesh binary and .msh configuration file from MeshCentral and compress as tar.gz - **SHA256 Checksums**: Generate SHA256SUMS file included in archive for integrity verification - **Randomized Filenames**: Add random 8-character suffix to mesh agent filenames to prevent unwanted in-place upgrades - **Configuration Cleanup**: Strip leading blank lines from .msh configuration files - **Code Signature Preservation**: Use clean binary URL format to download unmodified binaries that preserve code signatures **Client-Side Changes Required:** This requires corresponding changes in the rmmagent andle the tar.gz archive and `--copy-msh="1"` installation. See: https://github.com/amidaware/rmmagent/pull/68 ### Implementation Details - Added `get_mesh_msh_url()`: Constructs /meshsettings endpoint URL - Added `download_mesh_agent_with_msh()`: Downloads both files, creates tar.gz archive with checksums - Modified `get_meshagent_url()`: Added macOS-specific branch to use clean binary URL format (only `id` parameter) to preserve code signatures. Downloads unmodified binary from `http://[mesh_server]/meshagents?id=10005` - mesh configuration provided separately via .msh file rather than embedded in binary by MeshCentral - Modified `MeshExe.post()` in `apiv3/views.py`: Use archive for darwin, single binary for windows ### Files Modified - `api/tacticalrmm/core/utils.py` - Core download and archive functionality (+86 lines) - `api/tacticalrmm/apiv3/views.py` - Endpoint logic for archive delivery (+13 lines) - `api/tacticalrmm/core/tests.py` - Updated tests for simplified URL format (8 lines changed) ## Test Plan ### Completed Testing (macOS) - [x] Verify mesh agent downloads complete successfully for macOS - [x] Confirm tar.gz archive contains mesh binary, .msh config, and SHA256SUMS - [x] Validate SHA256 checksums match downloaded files - [x] Test that randomized filenames are generated properly (8-char suffix) - [x] Confirm .msh files have leading blank lines stripped - [x] Verify clean binary URL format preserves code signature integrity - [x] Verified meshagent installation with no errors - [x] Verified meshagent/tacticalrmm integration ### Recommended Validations - [ ] Verify macOS functionality in your environment - [ ] Verify Windows agents have no regression - [ ] Verify Linux agents have no regression ## Related PRs - **Client-side:** https://github.com/amidaware/rmmagent/pull/68 🤖 Generated with [Claude Code](https://claude.com/claude-code) --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

kerem commented

2026-03-02 02:25:18 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/amidaware/tacticalrmm/pull/2344
Author: @PeetMcK
Created: 11/13/2025
Status: ❌ Closed

Base: develop ← Head: develop

📝 Commits (3)

36eae42 Add macOS mesh agent tar.gz archive delivery with .msh config
90953eb Enhance macOS mesh agent download with SHA256 checksums and randomized filenames
4d7e1c9 Merge pull request #1 from PeetMcK/macOS-refactorv2

📊 Changes

3 files changed (+102 additions, -5 deletions)

View changed files

📝 api/tacticalrmm/apiv3/views.py (+12 -1)
📝 api/tacticalrmm/core/tests.py (+4 -4)
📝 api/tacticalrmm/core/utils.py (+86 -0)

📄 Description

Summary

Implements tar.gz archive delivery for macOS mesh agents with enhanced security features including SHA256 checksum verification and randomized filenames to prevent unwanted in-place upgrades.

Changes

Core Functionality

Archive Creation: Download both mesh binary and .msh configuration file from MeshCentral and compress as tar.gz
SHA256 Checksums: Generate SHA256SUMS file included in archive for integrity verification
Randomized Filenames: Add random 8-character suffix to mesh agent filenames to prevent unwanted in-place upgrades
Configuration Cleanup: Strip leading blank lines from .msh configuration files
Code Signature Preservation: Use clean binary URL format to download unmodified binaries that preserve code signatures

Client-Side Changes Required:
This requires corresponding changes in the rmmagent andle the tar.gz archive and --copy-msh="1" installation. See: https://github.com/amidaware/rmmagent/pull/68

Implementation Details

Added get_mesh_msh_url(): Constructs /meshsettings endpoint URL
Added download_mesh_agent_with_msh(): Downloads both files, creates tar.gz archive with checksums
Modified get_meshagent_url(): Added macOS-specific branch to use clean binary URL format (only id parameter) to preserve code signatures. Downloads unmodified binary from http://[mesh_server]/meshagents?id=10005 - mesh configuration provided separately via .msh file rather than embedded in binary by MeshCentral
Modified MeshExe.post() in apiv3/views.py: Use archive for darwin, single binary for windows

Files Modified

api/tacticalrmm/core/utils.py - Core download and archive functionality (+86 lines)
api/tacticalrmm/apiv3/views.py - Endpoint logic for archive delivery (+13 lines)
api/tacticalrmm/core/tests.py - Updated tests for simplified URL format (8 lines changed)

Test Plan

Completed Testing (macOS)

Verify mesh agent downloads complete successfully for macOS
Confirm tar.gz archive contains mesh binary, .msh config, and SHA256SUMS
Validate SHA256 checksums match downloaded files
Test that randomized filenames are generated properly (8-char suffix)
Confirm .msh files have leading blank lines stripped
Verify clean binary URL format preserves code signature integrity
Verified meshagent installation with no errors
Verified meshagent/tacticalrmm integration

Recommended Validations

Verify macOS functionality in your environment
Verify Windows agents have no regression
Verify Linux agents have no regression

Client-side: https://github.com/amidaware/rmmagent/pull/68

🤖 Generated with Claude Code

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem

closed this issue
added the
pull-request
label

kerem referenced this issue

2026-03-14 06:41:56 +03:00

[GH-ISSUE #1924] Cant move agent between sites #3142

Rows
Columns

[PR #2344] [CLOSED] Add macOS mesh agent tar.gz archive delivery with .msh config #1924