2025-04-04 21:09:30 +00:00
|
|
|
FROM rust:latest@sha256:563b33de55d0add224b2e301182660b59bf3cf7219e9dc0fda68f8500e5fe14a AS builder
|
2022-07-25 23:06:10 +00:00
|
|
|
|
|
|
|
|
ARG transporter_url=https://itunesconnect.apple.com/WebObjects/iTunesConnect.woa/ra/resources/download/public/Transporter__Linux/bin
|
|
|
|
|
|
Fix notarization after latest Apple changes (#23843)
Notarization from the fleetctl-docker image is broken actually:
```
fleetctl package --type=pkg --fleet-url=myurl --enroll-secret=mysecret --macos-devid-pem-content=XYZ --notarize --app-store-connect-api-key-id=XYZ --app-store-connect-api-key-issuer=XYZ --app-store-connect-api-key-content=XYZ
[..]
transporter error> Package Summary:
transporter error>
transporter error> 1 package(s) were not uploaded because they had problems:
transporter error> /tmp/apple-codesign-QAsKT8/17081d03-fdc8-46cd-873a-2970f7be9c7c.itmsp - Error Messages:
transporter error> Notarization of MacOS applications using altool has been decommissioned. Please use notarytool. See: https://developer.apple.com/documentation/technotes/tn3147-migrating-to-the-latest-notarization-tool (4200)
transporter error> [2024-11-15 13:35:47 UTC] <main> DBG-X: Returning 1
Error: I/O error: command ["/usr/local/bin/iTMSTransporter", "-m", "upload", "-apiIssuer", "XYZ", "-apiKey", "XYZ", "-f", "/tmp/apple-codesign-QAsKT8/17081d03-fdc8-46cd-873a-2970f7be9c7c.itmsp", "-vp", "json"] exited with code 1
Error: rcodesign notarize: exit status 1
```
Luckily, bumping `rcodesign` version is enough to make it work again.
# Checklist for submitter
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
- [ ] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2025-04-04 19:53:39 +00:00
|
|
|
RUN cargo install --locked --version 0.28.0 apple-codesign \
|
2022-07-25 23:06:10 +00:00
|
|
|
&& curl -sSf $transporter_url -o transporter_install.sh \
|
|
|
|
|
&& sh transporter_install.sh --target transporter --accept --noexec
|
|
|
|
|
|
2026-02-24 20:50:22 +00:00
|
|
|
FROM debian:trixie-slim@sha256:f6e2cfac5cf956ea044b4bd75e6397b4372ad88fe00908045e9a0d21712ae3ba
|
2022-07-11 12:49:13 +00:00
|
|
|
|
2022-08-24 12:10:16 +00:00
|
|
|
ARG binpath=build/binary-bundle/linux/fleetctl
|
|
|
|
|
|
2022-07-11 12:49:13 +00:00
|
|
|
RUN apt-get update \
|
|
|
|
|
&& dpkg --add-architecture i386 \
|
|
|
|
|
&& apt update \
|
2023-07-27 23:00:51 +00:00
|
|
|
&& apt upgrade -y \
|
2022-07-11 12:49:13 +00:00
|
|
|
&& apt install -y --no-install-recommends ca-certificates cpio libxml2 wine wine32 libgtk-3-0 \
|
|
|
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
|
|
|
|
|
|
# copy macOS dependencies
|
|
|
|
|
COPY --from=fleetdm/bomutils:latest /usr/bin/mkbom /usr/local/bin/xar /usr/bin/
|
|
|
|
|
COPY --from=fleetdm/bomutils:latest /usr/local/lib /usr/local/lib/
|
2022-07-25 23:06:10 +00:00
|
|
|
COPY --from=builder /transporter/itms /usr/local/
|
|
|
|
|
COPY --from=builder /usr/local/cargo/bin/rcodesign /usr/local/bin
|
2022-07-11 12:49:13 +00:00
|
|
|
|
|
|
|
|
# copy Windows dependencies
|
|
|
|
|
COPY --from=fleetdm/wix:latest /home/wine /home/wine
|
|
|
|
|
|
|
|
|
|
# copy fleetctl
|
2022-08-24 12:10:16 +00:00
|
|
|
COPY ${binpath} /usr/bin/fleetctl
|
2022-07-11 12:49:13 +00:00
|
|
|
|
|
|
|
|
ENV FLEETCTL_NATIVE_TOOLING=1 WINEPREFIX=/home/wine/.wine WINEARCH=win32 PATH="/home/wine/bin:$PATH" WINEDEBUG=-all
|
|
|
|
|
|
|
|
|
|
ENTRYPOINT ["fleetctl"]
|