Categories

  • Get help with your FOG system.
    FOG Problems Hardware Compatibility Windows Problems Linux Problems Mac Problems General Problems
    12k Topics
    114k Posts
    Tom ElliottT

    @GregorS

    Found it. The ~1KB you were seeing isn’t a truncated snapin — it’s a 6-byte #!auth error response that the FOG Client wrote to disk and then hashed (which of course doesn’t match the real snapin’s SHA512).

    The root cause is on me. A recent security patch on dev-branch added a token check on the snapin download/checkin endpoints, but the deployed FOG Client doesn’t know to send that token — so every legitimate snapin download was getting rejected with #!auth. Closing one hole, opening a different one. Sorry about that.

    I’ve reverted the patch on both dev-branch and working-1.6. If you pull the latest and re-run the installer (or just git pull + your usual deploy method), snapins should start working again. Versions to look for:

    dev-branch: 1.5.10.1856
    working-1.6: 1.6.0-beta.2336
    The underlying security issue this was meant to address still needs a real fix, but that requires coordinated changes to both the server and the FOG Client itself, so it’ll be a future release rather than a hotfix.

    Let me know if pulling the revert gets your snapins running, and thanks for the detailed report — the “binary garbage” file you described was the clue that cracked it.

  • Get the latest news on what's happening.
    Security Advisories
    184 Topics
    825 Posts
    A

    @Tom-Elliott I really appreciate that you are putting effort into providing more frequent releases, which makes it easier for everyone to deploy new security fixes in time. Keep up the good work!

  • View tutorials or talk about FOG in general.
    General Tutorials
    2k Topics
    19k Posts
    J

    I don’t understand well everything but maybe it’s more complex than this and I understand nothing at all. haha

    On my server I have a “shimx64.efi” in “/boot/efi/EFI/debian/” can I use it directy and rename it to autoexec.efi since I have build my own binaries that call autoexec.efi at pxe boot or I must install shim-signed and use the shimx64.efi.signed ?

  • Report bugs, request features, or get the latest progress.
    General Feature Request Bug Reports
    2k Topics
    21k Posts
    J

    @Tom-Elliott Thanks for the clarification! I’ll try upgrading to the latest stable version, I was planning on doing this anyway.

    I’ll look into the Persistent Groups plugin and see how it works!

99

Online

12.7k

Users

17.6k

Topics

156.5k

Posts