fleet/Dockerfile-desktop-linux

FROM --platform=linux/amd64 golang:1.25.6-bookworm@sha256:2f768d462dbffbb0f0b3a5171009f162945b086f326e0b2a8fd5d29c3219ff14
LABEL maintainer="Fleet Developers"

RUN apt-get update && apt-get install -y musl-tools && rm -rf /var/lib/apt/lists/*

RUN mkdir -p /usr/src/fleet
RUN mkdir -p /output

WORKDIR /usr/src/fleet

COPY orbit ./orbit
COPY server ./server
COPY ee ./ee
COPY pkg ./pkg
COPY ./third_party ./third_party
COPY go.mod go.sum ./

CMD /bin/bash
Bump Alpine (to 3.23.3), Go (to 1.25.6) to resolve vulns (#38973) 2026-01-29 00:51:15 +00:00			`FROM --platform=linux/amd64 golang:1.25.6-bookworm@sha256:2f768d462dbffbb0f0b3a5171009f162945b086f326e0b2a8fd5d29c3219ff14`
Drew bakerfdm remove email mentions (#8641) * Remove email address for redudancy Call to actions at the bottom of the page offer better forms of communication to join the community, trial Fleet, or ask questions. * Remove email mention * Remove email mention * Remove email mention 2022-11-10 16:59:08 +00:00			`LABEL maintainer="Fleet Developers"`
Add (beta) support for Fleet Desktop to linux (#5221) * Add (beta) support for Fleet Desktop to linux * Add dependency for linux desktop * Amend makefile uname check * Clarify env vars used for linux in execuser * Add final set of fixes * Remove -it from docker run * Add desktop to the update runner for Linux * Re-arrange tag.gz and fix upgrade check for linux desktop 2022-05-04 14:14:12 +00:00
Fix: GLIBC version incompatibility causes orbit agent failure on Ubuntu 20.04 during fleet-desktop update (#38648) <!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> Related issue: Resolves #35413 Applied the same fix as in https://github.com/fleetdm/fleet/pull/29186/files: - Added musl-tools to the container image. This provides musl-gcc, a compiler that links against musl libc instead of glibc. We use it for static linking as explained below. - Added static linking flags (CGO_ENABLED=1 CC=musl-gcc -linkmode external -extldflags "-static"). This produces a self-contained binary with all C library code embedded, eliminating runtime dependencies on the host system's glibc version. # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. ## Testing - [ ] Added/updated automated tests - [ ] Where appropriate, [automated tests simulate multiple hosts and test for host isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing) (updates to one hosts's records do not affect another) - [x] QA'd all new/changed functionality manually Steps: - Started TUF server for the first time. Generated a Linux x86_64 image. ``` SYSTEMS="linux" \ DEB_FLEET_URL=https://nicofleet.ngrok.io \ DEB_TUF_URL=http://nicotuf.ngrok.io \ GENERATE_DEB=1 \ ENROLL_SECRET=tm2CHBEF1I5BVuM1+4hzRRtpC5ZYV8vb \ FLEET_DESKTOP=1 \ DEBUG=1 \ ./tools/tuf/test/main.sh ``` - Installed `fleet-osquery_26.1.46030_amd64.deb` generated by the previous command on a Kubuntu 20.04 x86_64 VM. - Ran `sudo journalctl -u orbit` to debug logs and verified that the GLIBC incompatibility error was raised: ``` tammi 22 15:36:53 nicolas-Standard-PC-i440FX-PIIX-1996 sudo[125623]: pam_unix(sudo:session): session opened for user nicolas by (uid=0) tammi 22 15:36:53 nicolas-Standard-PC-i440FX-PIIX-1996 orbit[125624]: /opt/orbit/bin/desktop/linux/stable/fleet-desktop/fleet-desktop: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.32' not found (required by /opt/orbit/bin/desktop/linux/stable/fleet-desktop/fleet-desktop) tammi 22 15:36:53 nicolas-Standard-PC-i440FX-PIIX-1996 orbit[125624]: /opt/orbit/bin/desktop/linux/stable/fleet-desktop/fleet-desktop: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by /opt/orbit/bin/desktop/linux/stable/fleet-desktop/fleet-desktop) tammi 22 15:36:53 nicolas-Standard-PC-i440FX-PIIX-1996 sudo[125623]: pam_unix(sudo:session): session closed for user nicolas tammi 22 15:37:08 nicolas-Standard-PC-i440FX-PIIX-1996 orbit[125199]: 2026-01-22T15:37:08+02:00 INF killing any pre-existing fleet-desktop instances tammi 22 15:37:09 nicolas-Standard-PC-i440FX-PIIX-1996 orbit[125199]: 2026-01-22T15:37:09+02:00 INF attempting to get user session type and display id=1000 user=nicolas tammi 22 15:37:09 nicolas-Standard-PC-i440FX-PIIX-1996 orbit[125199]: 2026-01-22T15:37:09+02:00 ERR failed to get X11 display, using default :0 error="display not found on who output" ``` - Built a new version of the agent after applying the fixes on this PR and pushed it to the TUF server: ``` # 1. Hardcode orbit to a higher version export ORBIT_VERSION=26.1.46099 #2. Generate new package FLEET_DESKTOP_VERSION=$ORBIT_VERSION make desktop-linux #3. Update to TUF server ./tools/tuf/test/push_target.sh linux desktop desktop.tar.gz $ORBIT_VERSION ``` <img width="396" height="179" alt="Screenshot 2026-01-22 at 5 18 25 PM" src="https://github.com/user-attachments/assets/56182580-1d54-4945-af03-98762e7795e9" /> - In the VM, verified that an update for fleet desktop was detected by running `sudo journalctl -u orbit -g "update detected"`: ``` tammi 22 20:33:32 nicolas-Standard-PC-i440FX-PIIX-1996 orbit[4114]: 2026-01-22T20:33:32+02:00 INF update detected target=desktop ``` - Verified the new version is shown both on the desktop icon and the Fleet UI: <img width="1373" height="248" alt="Screenshot 2026-01-22 at 5 22 17 PM" src="https://github.com/user-attachments/assets/9fac73ac-a3a6-49ed-82c7-261abec43798" /> <img width="1420" height="496" alt="Screenshot 2026-01-22 at 5 22 46 PM" src="https://github.com/user-attachments/assets/55321108-9233-4799-b5e5-0713172c0138" /> ## fleetd/orbit/Fleet Desktop - [ ] Verified compatibility with the latest released version of Fleet (see [Must rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md)) - [ ] If the change applies to only one platform, confirmed that `runtime.GOOS` is used as needed to isolate changes - [x] Verified that fleetd runs on macOS, Linux and Windows - [x] Verified auto-update works from the released version of component to the new version (see [tools/tuf/test](../tools/tuf/test/README.md)) 2026-01-23 15:02:03 +00:00			`RUN apt-get update && apt-get install -y musl-tools && rm -rf /var/lib/apt/lists/*`

Add (beta) support for Fleet Desktop to linux (#5221) * Add (beta) support for Fleet Desktop to linux * Add dependency for linux desktop * Amend makefile uname check * Clarify env vars used for linux in execuser * Add final set of fixes * Remove -it from docker run * Add desktop to the update runner for Linux * Re-arrange tag.gz and fix upgrade check for linux desktop 2022-05-04 14:14:12 +00:00			`RUN mkdir -p /usr/src/fleet`
			`RUN mkdir -p /output`

			`WORKDIR /usr/src/fleet`

			`COPY orbit ./orbit`
use the new device client in Fleet Desktop (#5988) This uses the new device client introduced in #5987 to perform requests from Fleet Desktop. Related to #5697 2022-06-02 15:37:26 +00:00			`COPY server ./server`
			`COPY ee ./ee`
Add (beta) support for Fleet Desktop to linux (#5221) * Add (beta) support for Fleet Desktop to linux * Add dependency for linux desktop * Amend makefile uname check * Clarify env vars used for linux in execuser * Add final set of fixes * Remove -it from docker run * Add desktop to the update runner for Linux * Re-arrange tag.gz and fix upgrade check for linux desktop 2022-05-04 14:14:12 +00:00			`COPY pkg ./pkg`
TPM osquery-perf support (#30994) Fixes #30475 # Checklist for submitter - [x] Manual QA for all new/changed functionality <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * New Features * Introduced support for HTTP message signing in agent-server communications, enhancing request authentication. * Added a configurable option to control the probability of agents using HTTP message signatures via a new command-line flag. * Bug Fixes * Improved error logging for issues encountered during HTTP signature key retrieval, providing better visibility into failures. <!-- end of auto-generated comment: release notes by coderabbit.ai --> 2025-07-18 13:19:05 +00:00			`COPY ./third_party ./third_party`
Add (beta) support for Fleet Desktop to linux (#5221) * Add (beta) support for Fleet Desktop to linux * Add dependency for linux desktop * Amend makefile uname check * Clarify env vars used for linux in execuser * Add final set of fixes * Remove -it from docker run * Add desktop to the update runner for Linux * Re-arrange tag.gz and fix upgrade check for linux desktop 2022-05-04 14:14:12 +00:00			`COPY go.mod go.sum ./`

			`CMD /bin/bash`