fleet
fleet copied to clipboard
fleetdm
FMA MSI uninstall scripts don't install other versions of the software
💥 Actual behavior
MSI uninstall scripts on FMAs use ProductCode rather than UpgradeCode, so attempts to uninstall an app with a different version than the one contained in the installer won't find the app. This is important because many apps (e.g. Chrome, 1Password) get updated at high frequency, so the version that is on a host has a good chance of not matching the version of the installer added to Fleet.
🧑💻 Steps to reproduce
- Install an older version of Cloudflare Warp (e.g. the one mentioned in the old version of this diff) on a Windows host.
- Add the current version of the Cloudflare Warp FMA.
- Attempt to uninstall Warp on the host that has it.
The above steps are equivalent to if someone added Warp as an FMA, had it installed via the FMA on a host, then later updated the FMA.
🕯️ More info
This ticket is separate from the identical problem for custom installers as the fix doesn't impact automatic policy creation or installer parsing, and while there's some overlap in fix code, the two fixes can happen independently and the FMA one can go out without a release.
🛠️ To fix
Use UpgradeCode (which seems to be available in a couple of WinGet manifests I checked, but could also be extracteed from an MSI and wouldn't change for subsequent version MSIs) and finding related installers by upgrade code to generate the uninstall script, uninstalling all software with the associated UpgradeCode rather than just the exact version with the ProductCode.
A side effect for this should be that our uninstall scripts for MSIs are stable across app versions.
QA Notes (In progress
Installed older versions of the following apps, then ensured uninstall actually uninstalled them:
-
[x] Cloudflare warp for Windows
-
[x] Box Drive for Windows
-
[🔴] Google Chrome for Windows - may need a different installer for older version, the one I tried didn't work.
@jmwatts To confirm, install on the old version worked, but uninstall didn't? Did the install script fail or did it say the uninstall happened but didn't actually happen? Once you answer the above, you can pull this back into In Progress and I'll dig in further.
FWIW ProductCode on the old version is 23EA1FC7-B8B0-3AD6-9F4E-5EB1CB232179 and UpgradeCode is C1DFDF69-5945-32F2-A35E-EE94C99C7CF4, which is the same as the current version of Chrome, so this should work, and Chrome 70.x is actually a decent test case for this since it's a ways back in version history.
I copied over the old installer to the host, then double clicked the installer to install the old version.
Then I refetched host vitals so Chrome showed as installed.
Then I added the new version to fleet as an FMA
Then I used that FMA to attempt an uninstall via Fleet
So, I just followed these steps on a Win11 x86 VM:
- Pointed Fleet at the branch for FMAs
- Copied over the old installer
- Installed fleetd and Chrome
- Added the Chrome Windows FMA and confirmed the new uninstall script was there (had the foreach in it)
- Refetched host vitals; Chrome showed as 133.xx
- Ran
SELECT * FROM programs WHERE name like '%chrome%'to confirm UpgradeCode was the same as I expected (it was) - Uninstalled Chrome via Fleet.
- Once the uninstall script ran, confirmed Chrome was gone.
@jmwatts Mind pasting the uninstall script you have here? Want to triple-check because there don't seem like enough moving pieces for this to fail this way...but also Chrome failed for you when Brave/Warp succeeded...
@iansltx this was my mistake. I was using a VM for testing, but the installer was for amd, thanks for the callout in your note!
This was successful after using my physical windows host.
QA Notes
Confirmed "uninstall" now works when older versions are installed:
- [x] Cloudflare Warp
- [x] Box Drive
- [x] Google Chrome
Old scripts fall short, fail, UpgradeCode the fresh spring gale, Fleet's path smooth, unveiled.
