fleet/orbit/pkg/constant/constant.go

package constant

import "time"

const (
	// DefaultDirMode is the default file mode to apply to created directories.
	DefaultDirMode = 0o755
	// DefaultFileMode is the default file mode to apply to created files.
	DefaultFileMode = 0o600
	// DefaultWorldReadableFileMode is the default file mode to apply to files
	// that can be read by other processes.
	DefaultWorldReadableFileMode = 0o644
	// DefaultSystemdUnitMode is the required file mode to systemd unit files.
	DefaultSystemdUnitMode = DefaultWorldReadableFileMode
	// DesktopAppExecName is the name of Fleet's Desktop executable.
	//
	// We use fleet-desktop as name to properly identify the process when listing
	// running processes/tasks.
	DesktopAppExecName = "fleet-desktop"
	// OrbitNodeKeyFileName is the filename on disk where we write the orbit node key to
	OrbitNodeKeyFileName = "secret-orbit-node-key.txt"
	// OrbitEnrollMaxRetries is the max number of retries when doing an enroll request.
	// We set it to 6 to allow the retry backoff to take effect.
	OrbitEnrollMaxRetries = 6
	// OrbitEnrollBackoffMultiplier is the multiplier to use for backing off between enroll retries.
	OrbitEnrollBackoffMultiplier = 2
	// OrbitEnrollRetrySleep is the duration to sleep between enroll retries.
	OrbitEnrollRetrySleep = 10 * time.Second
	// OsquerydName is the name of osqueryd binary
	// We use osqueryd as name to properly identify the process when listing
	// running processes/tasks.
	OsquerydName = "osqueryd"
	// OsqueryPidfile is the file containing the PID of the running osqueryd process
	OsqueryPidfile = "osquery.pid"
	// OsqueryEnrollSecretFileName is the filename on disk where we write
	// the orbit enroll secret.
	OsqueryEnrollSecretFileName = "secret.txt"
	// SystemServiceName is the name of Orbit system service
	// The service name is used by the OS service management framework
	SystemServiceName = "Fleet osquery"
	// FleetTLSClientCertificateFileName is the name of the TLS client certificate file
	// used when connecting to the Fleet server.
	FleetTLSClientCertificateFileName = "fleet_client.crt"
	// FleetTLSClientKeyFileName is the name of the TLS client private key file
	// used when connecting to the Fleet server.
	FleetTLSClientKeyFileName = "fleet_client.key"
	// UpdateTLSClientCertificateFileName is the name of the TLS client certificate file
	// used when connecting to the update server.
	UpdateTLSClientCertificateFileName = "update_client.crt"
	// UpdateTLSClientKeyFileName is the name of the TLS client private key file
	// used when connecting to the update server.
	UpdateTLSClientKeyFileName = "update_client.key"
	// SilenceEnrollLogErrorEnvVer is an environment variable name for disabling enroll log errors
	SilenceEnrollLogErrorEnvVar = "FLEETD_SILENCE_ENROLL_ERROR"
	// ServerOverridesFileName is the name of the file in the root directory
	// that specifies the override configuration fetched from the server.
	ServerOverridesFileName = "server-overrides.json"
)
Add constant package Currently only file and directory mode defaults. 2020-12-24 03:20:31 +00:00			`package constant`

Orbit enroll retry on unauth (#7928) 2022-09-23 21:46:33 +00:00			`import "time"`

Add constant package Currently only file and directory mode defaults. 2020-12-24 03:20:31 +00:00			`const (`
			`// DefaultDirMode is the default file mode to apply to created directories.`
PoC of packaging and autoupdate working together - Linux packaging works (tested on Ubuntu 20) - Packaging needs to be made configurable via flags 2021-01-26 03:53:51 +00:00			`DefaultDirMode = 0o755`
Add constant package Currently only file and directory mode defaults. 2020-12-24 03:20:31 +00:00			`// DefaultFileMode is the default file mode to apply to created files.`
			`DefaultFileMode = 0o600`
token rotation for fleet desktop (#7779) This implements what's described in detail here https://github.com/fleetdm/fleet/blob/main/proposals/fleet-desktop-token-rotation.md 2022-10-10 20:15:35 +00:00			`// DefaultWorldReadableFileMode is the default file mode to apply to files`
			`// that can be read by other processes.`
			`DefaultWorldReadableFileMode = 0o644`
Shebang should be on the first line of script (#5747) * Shebang should be on the first line of script * Set 644 file mode for SystemD unit file 2022-05-23 22:18:19 +00:00			`// DefaultSystemdUnitMode is the required file mode to systemd unit files.`
token rotation for fleet desktop (#7779) This implements what's described in detail here https://github.com/fleetdm/fleet/blob/main/proposals/fleet-desktop-token-rotation.md 2022-10-10 20:15:35 +00:00			`DefaultSystemdUnitMode = DefaultWorldReadableFileMode`
Fleet Desktop MVP (#4530) * WIP * WIP2 * Fix orbit and fleetctl tests * Amend macos-app default * Add some fixes * Use fleetctl updates roots command * Add more fixes to Updater * Fixes to app publishing and downloading * Add more changes to support fleetctl cross generation * Amend comment * Add pkg generation to ease testing * Make more fixes * Add changes entry * Add legacy targets (until our TUF system exposes the new app) * Fix fleetctl preview * Fix bool flag * Fix orbit logic for disabled-updates and dev-mode * Fix TestPreview * Remove constant and fix zip-slip attack (codeql) * Return unknown error * Fix updater's checkExec * Add support for executable signing in init_tuf.sh * Try only signing orbit * Fix init_tuf.sh targets, macos-app only for osqueryd * Specify GOARCH to support M1s * Add workflow to generate osqueryd.app.tar.gz * Use 5.2.2 on init_tuf.sh * Add unit test for tar.gz target * Use artifacts instead of releases * Remove copy paste residue * Fleet Desktop Packaging WIP * Ignore gosec warning * Trigger on PR too * Install Go in workflow * Pass url parameter to desktop app * Fix fleetctl package * Final set of changes for v1 of Fleet Desktop * Add changes * PR fixes * Fix CI build * add larger menu bar icon * Add transparency item * Delete host_device_auth entry on host deletion * Add SetTargetChannel * Update white logo and add desktop to update runner * Add fleet-desktop monitoring to orbit * Define fleet-desktop app exec name * Fix update runner creation * Add API test before enabling the My device menu item Co-authored-by: Zach Wasserman <zach@fleetdm.com> 2022-03-21 17:53:53 +00:00			`// DesktopAppExecName is the name of Fleet's Desktop executable.`
Orbit: Add Fleet Desktop support to Windows (#4873) * Orbit: Add Fleet Desktop support to Windows * Rename workflow, fix linux build * Do not compile systray on linux * nolint on unused * Fix lint properly * nolint both checkers * Fix monitor logic in desktopRunner * Fix interrupt and execute order 2022-04-01 20:28:51 +00:00			`//`
			`// We use fleet-desktop as name to properly identify the process when listing`
			`// running processes/tasks.`
Fleet Desktop MVP (#4530) * WIP * WIP2 * Fix orbit and fleetctl tests * Amend macos-app default * Add some fixes * Use fleetctl updates roots command * Add more fixes to Updater * Fixes to app publishing and downloading * Add more changes to support fleetctl cross generation * Amend comment * Add pkg generation to ease testing * Make more fixes * Add changes entry * Add legacy targets (until our TUF system exposes the new app) * Fix fleetctl preview * Fix bool flag * Fix orbit logic for disabled-updates and dev-mode * Fix TestPreview * Remove constant and fix zip-slip attack (codeql) * Return unknown error * Fix updater's checkExec * Add support for executable signing in init_tuf.sh * Try only signing orbit * Fix init_tuf.sh targets, macos-app only for osqueryd * Specify GOARCH to support M1s * Add workflow to generate osqueryd.app.tar.gz * Use 5.2.2 on init_tuf.sh * Add unit test for tar.gz target * Use artifacts instead of releases * Remove copy paste residue * Fleet Desktop Packaging WIP * Ignore gosec warning * Trigger on PR too * Install Go in workflow * Pass url parameter to desktop app * Fix fleetctl package * Final set of changes for v1 of Fleet Desktop * Add changes * PR fixes * Fix CI build * add larger menu bar icon * Add transparency item * Delete host_device_auth entry on host deletion * Add SetTargetChannel * Update white logo and add desktop to update runner * Add fleet-desktop monitoring to orbit * Define fleet-desktop app exec name * Fix update runner creation * Add API test before enabling the My device menu item Co-authored-by: Zach Wasserman <zach@fleetdm.com> 2022-03-21 17:53:53 +00:00			`DesktopAppExecName = "fleet-desktop"`
Orbit enroll retry on unauth (#7928) 2022-09-23 21:46:33 +00:00			`// OrbitNodeKeyFileName is the filename on disk where we write the orbit node key to`
			`OrbitNodeKeyFileName = "secret-orbit-node-key.txt"`
Add exponential backoff to orbit enroll retries (#17368) #16594 - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [X] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [X] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)). 2024-03-13 10:57:00 +00:00			`// OrbitEnrollMaxRetries is the max number of retries when doing an enroll request.`
			`// We set it to 6 to allow the retry backoff to take effect.`
			`OrbitEnrollMaxRetries = 6`
			`// OrbitEnrollBackoffMultiplier is the multiplier to use for backing off between enroll retries.`
			`OrbitEnrollBackoffMultiplier = 2`
			`// OrbitEnrollRetrySleep is the duration to sleep between enroll retries.`
			`OrbitEnrollRetrySleep = 10 * time.Second`
Bug 7874: Adding SCM calls to register Orbit as a windows service (#7934) * Bug 7874: Adding SCM calls to register Orbit as a windows service 2022-09-27 14:52:41 +00:00			`// OsquerydName is the name of osqueryd binary`
			`// We use osqueryd as name to properly identify the process when listing`
			`// running processes/tasks.`
			`OsquerydName = "osqueryd"`
			`// OsqueryPidfile is the file containing the PID of the running osqueryd process`
			`OsqueryPidfile = "osquery.pid"`
Write an enroll secret to osquery when it's read from config profile (#11066) #11065 Since `secret.txt` is written when the installer is built, but installers using `--use-system-config` don't have an enroll secret at build time, this file was empty and causing osquery to have trouble enrolling. This PR writes the file when the values are read from a configuration profile. 2023-04-07 22:34:16 +00:00			`// OsqueryEnrollSecretFileName is the filename on disk where we write`
			`// the orbit enroll secret.`
			`OsqueryEnrollSecretFileName = "secret.txt"`
Bug 7874: Adding SCM calls to register Orbit as a windows service (#7934) * Bug 7874: Adding SCM calls to register Orbit as a windows service 2022-09-27 14:52:41 +00:00			`// SystemServiceName is the name of Orbit system service`
			`// The service name is used by the OS service management framework`
			`SystemServiceName = "Fleet osquery"`
Add mTLS support to fleetd (#11319) #7970 - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [x] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)). 2023-04-27 11:44:39 +00:00			`// FleetTLSClientCertificateFileName is the name of the TLS client certificate file`
			`// used when connecting to the Fleet server.`
			`FleetTLSClientCertificateFileName = "fleet_client.crt"`
			`// FleetTLSClientKeyFileName is the name of the TLS client private key file`
			`// used when connecting to the Fleet server.`
			`FleetTLSClientKeyFileName = "fleet_client.key"`
			`// UpdateTLSClientCertificateFileName is the name of the TLS client certificate file`
			`// used when connecting to the update server.`
			`UpdateTLSClientCertificateFileName = "update_client.crt"`
			`// UpdateTLSClientKeyFileName is the name of the TLS client private key file`
			`// used when connecting to the update server.`
			`UpdateTLSClientKeyFileName = "update_client.key"`
environment variable to disable orbit enroll logs (#13519) 2023-08-25 21:25:07 +00:00			`// SilenceEnrollLogErrorEnvVer is an environment variable name for disabling enroll log errors`
			`SilenceEnrollLogErrorEnvVar = "FLEETD_SILENCE_ENROLL_ERROR"`
Remotely configure fleetd update channels (#15848) #13825 - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [X] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [X] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [X] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)). --------- Co-authored-by: Victor Lyuboslavsky <victor.lyuboslavsky@gmail.com> 2024-01-02 20:59:40 +00:00			`// ServerOverridesFileName is the name of the file in the root directory`
			`// that specifies the override configuration fetched from the server.`
			`ServerOverridesFileName = "server-overrides.json"`
Add constant package Currently only file and directory mode defaults. 2020-12-24 03:20:31 +00:00			`)`