Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-23 08:58:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 114
fleet/cmd/fleetctl/package.go

432 lines
15 KiB
Go
Raw Normal View History

added package command from orbit as fleetctl command (#1802) * added package command from orbit as fleetctl command * update deployment docs * add changes file * added tests for package command, run go mod tidy & go mod verify * validate that package files exist * comment out msi packaging test until we can investigate github runner permission issues
2021-09-09 05:34:12 +00:00
package main
import (
Add mTLS support to fleetd (#11319) #7970 - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [x] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-04-27 11:44:39 +00:00
"crypto/tls"
`fleetctl package` command to check for PEM file (#3375) #3374
2021-12-30 01:32:55 +00:00
"encoding/pem"
Use new error handling approach in other packages (#2954)
2021-11-22 14:13:26 +00:00
"errors"
Add explanation output to fleetctl package (#2864)
2021-11-15 13:40:58 +00:00
"fmt"
chore: remove refs to deprecated io/ioutil (#14485) # Checklist for submitter If some of the following don't apply, delete the relevant line. - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md) - [ ] Documented any permissions changes (docs/Using Fleet/manage-access.md) - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)). Signed-off-by: guoguangwu <guoguangwu@magic-shield.com>
2023-10-27 18:28:54 +00:00
"os"
Add explanation output to fleetctl package (#2864)
2021-11-15 13:40:58 +00:00
"path/filepath"
Updates and fixes for packaging (#2682) - Fix Windows MSI generation by changing permissions (#2655). - Refactor temp directory initialization. - Use root user for Wine in WiX Docker container. - Support .pkg packaging on Linux without dependencies (besides Docker)
2021-10-27 23:17:41 +00:00
"runtime"
Allow custom osquery database on fleetd (#16554) #16014 - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [x] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2024-02-05 12:41:06 +00:00
"strings"
Make Orbit update interval configurable (#5032) * Make Orbit update interval configurable - Also increase default interval from 10s to 15m * Add update-interval configuration to fleetctl package (#5050) Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com>
2022-04-11 20:42:36 +00:00
"time"
Updates and fixes for packaging (#2682) - Fix Windows MSI generation by changing permissions (#2655). - Refactor temp directory initialization. - Use root user for Wine in WiX Docker container. - Support .pkg packaging on Linux without dependencies (besides Docker)
2021-10-27 23:17:41 +00:00
Move code for `--local-wix-dir` into `ee` directory (#14104)
2023-09-25 17:38:03 +00:00
eefleetctl "github.com/fleetdm/fleet/v4/ee/fleetctl"
added package command from orbit as fleetctl command (#1802) * added package command from orbit as fleetctl command * update deployment docs * add changes file * added tests for package command, run go mod tidy & go mod verify * validate that package files exist * comment out msi packaging test until we can investigate github runner permission issues
2021-09-09 05:34:12 +00:00
"github.com/fleetdm/fleet/v4/orbit/pkg/packaging"
Changes to migrate to new TUF repository (#23588) # Changes - orbit >= 1.38.0, when configured to connect to https://tuf.fleetctl.com (existing fleetd deployments) will now connect to https://updates.fleetdm.com and start using the metadata in path `/opt/orbit/updates-metadata.json`. - orbit >= 1.38.0, when configured to connect to some custom TUF (not Fleet's TUFs) will copy `/opt/orbit/tuf-metadata.json` to `/opt/orbit/updates-metadata.json` (if it doesn't exist) and start using the latter. - fleetctl `4.63.0` will now generate artifacts using https://updates.fleetdm.com by default (or a custom TUF if `--update-url` is set) and generate two (same file) metadata files `/opt/orbit/updates-metadata.json` and the legacy one to support downgrades `/opt/orbit/tuf-metadata.json`. - fleetctl `4.62.0` when configured to use custom TUF (not Fleet's TUF) will generate just the legacy metadata file `/opt/orbit/tuf-metadata.json`. ## User stories See "User stories" in https://github.com/fleetdm/confidential/issues/8488. - [x] Update `update.defaultRootMetadata` and `update.DefaultURL` when the new repository is ready. - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [X] Orbit runs on macOS, Linux and Windows. Check if the orbit feature/bugfix should only apply to one platform (`runtime.GOOS`). - [X] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [X] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2025-01-10 17:27:30 +00:00
"github.com/fleetdm/fleet/v4/orbit/pkg/update"
Allow custom osquery database on fleetd (#16554) #16014 - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [x] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2024-02-05 12:41:06 +00:00
"github.com/fleetdm/fleet/v4/pkg/filepath_windows"
Custom email device-mapping: implement the CLI (fleetd + fleetctl) changes (#15763) Co-authored-by: Sarah Gillespie <73313222+gillespi314@users.noreply.github.com>
2023-12-21 17:22:59 +00:00
"github.com/fleetdm/fleet/v4/server/fleet"
Add explanation output to fleetctl package (#2864)
2021-11-15 13:40:58 +00:00
"github.com/rs/zerolog"
zlog "github.com/rs/zerolog/log"
"github.com/skratchdot/open-golang/open"
added package command from orbit as fleetctl command (#1802) * added package command from orbit as fleetctl command * update deployment docs * add changes file * added tests for package command, run go mod tidy & go mod verify * validate that package files exist * comment out msi packaging test until we can investigate github runner permission issues
2021-09-09 05:34:12 +00:00
"github.com/urfave/cli/v2"
)
Changes to support fleetctl preview with custom TUF server (#5418)
2022-04-27 21:17:20 +00:00
var (
opt packaging.Options
disableOpenFolder bool
)
added package command from orbit as fleetctl command (#1802) * added package command from orbit as fleetctl command * update deployment docs * add changes file * added tests for package command, run go mod tidy & go mod verify * validate that package files exist * comment out msi packaging test until we can investigate github runner permission issues
2021-09-09 05:34:12 +00:00
func packageCommand() *cli.Command {
return &cli.Command{
Name: "package",
Aliases: nil,
Update `fleetctl package` usage description (#18545) Slight verbiage change requested by @noahtalerman re: #16512
2024-04-26 20:10:28 +00:00
Usage: "Create a fleetd agent",
added package command from orbit as fleetctl command (#1802) * added package command from orbit as fleetctl command * update deployment docs * add changes file * added tests for package command, run go mod tidy & go mod verify * validate that package files exist * comment out msi packaging test until we can investigate github runner permission issues
2021-09-09 05:34:12 +00:00
Description: "An easy way to create fully boot-strapped installer packages for Windows, macOS, or Linux",
Flags: []cli.Flag{
&cli.StringFlag{
Name: "type",
Usage: "Type of package to build",
Required: true,
},
Add support for Linux ARM64 (#19931) #1845 Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com> Co-authored-by: Roberto Dip <rroperzh@gmail.com>
2024-07-17 20:07:59 +00:00
&cli.StringFlag{
Name: "arch",
Orbit for Windows ARM64 (#27882) #27275 and #27274 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [x] Make sure fleetd is compatible with the latest released version of Fleet (see [Must rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/fleetd-development-and-release-strategy.md)). - [x] Orbit runs on macOS, Linux and Windows. Check if the orbit feature/bugfix should only apply to one platform (`runtime.GOOS`). - [x] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)). --------- Co-authored-by: Lucas Rodriguez <lucas@fleetdm.com>
2025-04-11 14:18:28 +00:00
Usage: "Target CPU Architecture for the installer package (Only supported with '--type' deb, rpm, or msi)",
Add support for Linux ARM64 (#19931) #1845 Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com> Co-authored-by: Roberto Dip <rroperzh@gmail.com>
2024-07-17 20:07:59 +00:00
Destination: &opt.Architecture,
Value: "amd64",
},
added package command from orbit as fleetctl command (#1802) * added package command from orbit as fleetctl command * update deployment docs * add changes file * added tests for package command, run go mod tidy & go mod verify * validate that package files exist * comment out msi packaging test until we can investigate github runner permission issues
2021-09-09 05:34:12 +00:00
&cli.StringFlag{
Name: "enroll-secret",
Usage: "Enroll secret for authenticating to Fleet server",
Destination: &opt.EnrollSecret,
},
&cli.StringFlag{
Name: "fleet-url",
Usage: "URL (host:port) of Fleet server",
Destination: &opt.FleetURL,
},
&cli.StringFlag{
Name: "fleet-certificate",
Add mTLS support to fleetd (#11319) #7970 - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [x] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-04-27 11:44:39 +00:00
Usage: "Path to the Fleet server certificate chain",
added package command from orbit as fleetctl command (#1802) * added package command from orbit as fleetctl command * update deployment docs * add changes file * added tests for package command, run go mod tidy & go mod verify * validate that package files exist * comment out msi packaging test until we can investigate github runner permission issues
2021-09-09 05:34:12 +00:00
Destination: &opt.FleetCertificate,
},
Add mTLS support to fleetd (#11319) #7970 - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [x] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-04-27 11:44:39 +00:00
&cli.StringFlag{
Name: "fleet-tls-client-certificate",
Usage: "Path to a TLS client certificate to use when connecting to the Fleet server. This functionality is licensed under the Fleet EE License. Usage requires a current Fleet EE subscription.",
Destination: &opt.FleetTLSClientCertificate,
},
&cli.StringFlag{
Name: "fleet-tls-client-key",
Usage: "Path to a TLS client private key to use when connecting to the Fleet server. This functionality is licensed under the Fleet EE License. Usage requires a current Fleet EE subscription.",
Destination: &opt.FleetTLSClientKey,
},
&cli.StringFlag{
Name: "fleet-desktop-alternative-browser-host",
Usage: "Alternative host:port to use for Fleet Desktop in the browser (this may be required when using TLS client authentication in the Fleet server)",
Destination: &opt.FleetDesktopAlternativeBrowserHost,
},
added package command from orbit as fleetctl command (#1802) * added package command from orbit as fleetctl command * update deployment docs * add changes file * added tests for package command, run go mod tidy & go mod verify * validate that package files exist * comment out msi packaging test until we can investigate github runner permission issues
2021-09-09 05:34:12 +00:00
&cli.StringFlag{
Name: "identifier",
Usage: "Identifier for package product",
Value: "com.fleetdm.orbit",
Destination: &opt.Identifier,
},
&cli.BoolFlag{
Name: "insecure",
Usage: "Disable TLS certificate verification",
Destination: &opt.Insecure,
},
&cli.BoolFlag{
Name: "service",
Usage: "Install orbit/osquery with a persistence service (launchd, systemd, etc.)",
Value: true,
Destination: &opt.StartService,
},
&cli.StringFlag{
Name: "sign-identity",
Usage: "Identity to use for macOS codesigning",
Destination: &opt.SignIdentity,
},
&cli.BoolFlag{
Name: "notarize",
Usage: "Whether to notarize macOS packages",
Destination: &opt.Notarize,
},
&cli.StringFlag{
Name: "osqueryd-channel",
Usage: "Update channel of osqueryd to use",
Value: "stable",
Destination: &opt.OsquerydChannel,
},
Fleet Desktop MVP (#4530) * WIP * WIP2 * Fix orbit and fleetctl tests * Amend macos-app default * Add some fixes * Use fleetctl updates roots command * Add more fixes to Updater * Fixes to app publishing and downloading * Add more changes to support fleetctl cross generation * Amend comment * Add pkg generation to ease testing * Make more fixes * Add changes entry * Add legacy targets (until our TUF system exposes the new app) * Fix fleetctl preview * Fix bool flag * Fix orbit logic for disabled-updates and dev-mode * Fix TestPreview * Remove constant and fix zip-slip attack (codeql) * Return unknown error * Fix updater's checkExec * Add support for executable signing in init_tuf.sh * Try only signing orbit * Fix init_tuf.sh targets, macos-app only for osqueryd * Specify GOARCH to support M1s * Add workflow to generate osqueryd.app.tar.gz * Use 5.2.2 on init_tuf.sh * Add unit test for tar.gz target * Use artifacts instead of releases * Remove copy paste residue * Fleet Desktop Packaging WIP * Ignore gosec warning * Trigger on PR too * Install Go in workflow * Pass url parameter to desktop app * Fix fleetctl package * Final set of changes for v1 of Fleet Desktop * Add changes * PR fixes * Fix CI build * add larger menu bar icon * Add transparency item * Delete host_device_auth entry on host deletion * Add SetTargetChannel * Update white logo and add desktop to update runner * Add fleet-desktop monitoring to orbit * Define fleet-desktop app exec name * Fix update runner creation * Add API test before enabling the My device menu item Co-authored-by: Zach Wasserman <zach@fleetdm.com>
2022-03-21 17:53:53 +00:00
&cli.StringFlag{
Name: "desktop-channel",
Usage: "Update channel of desktop to use",
Value: "stable",
Destination: &opt.DesktopChannel,
},
added package command from orbit as fleetctl command (#1802) * added package command from orbit as fleetctl command * update deployment docs * add changes file * added tests for package command, run go mod tidy & go mod verify * validate that package files exist * comment out msi packaging test until we can investigate github runner permission issues
2021-09-09 05:34:12 +00:00
&cli.StringFlag{
Name: "orbit-channel",
Usage: "Update channel of Orbit to use",
Value: "stable",
Destination: &opt.OrbitChannel,
},
Allow disabling auto updates in `fleetctl package` and `orbit` (#4296) * Add disable-updates flag to fleetctl and orbit * Fix ruleguard execution error on make lint-go * Introduce dev-mode for ease of development of orbit * Add changes file
2022-02-18 18:42:39 +00:00
&cli.BoolFlag{
Name: "disable-updates",
Usage: "Disable auto updates on the generated package",
Destination: &opt.DisableUpdates,
},
added package command from orbit as fleetctl command (#1802) * added package command from orbit as fleetctl command * update deployment docs * add changes file * added tests for package command, run go mod tidy & go mod verify * validate that package files exist * comment out msi packaging test until we can investigate github runner permission issues
2021-09-09 05:34:12 +00:00
&cli.StringFlag{
Name: "update-url",
Usage: "URL for update server",
Changes to migrate to new TUF repository (#23588) # Changes - orbit >= 1.38.0, when configured to connect to https://tuf.fleetctl.com (existing fleetd deployments) will now connect to https://updates.fleetdm.com and start using the metadata in path `/opt/orbit/updates-metadata.json`. - orbit >= 1.38.0, when configured to connect to some custom TUF (not Fleet's TUFs) will copy `/opt/orbit/tuf-metadata.json` to `/opt/orbit/updates-metadata.json` (if it doesn't exist) and start using the latter. - fleetctl `4.63.0` will now generate artifacts using https://updates.fleetdm.com by default (or a custom TUF if `--update-url` is set) and generate two (same file) metadata files `/opt/orbit/updates-metadata.json` and the legacy one to support downgrades `/opt/orbit/tuf-metadata.json`. - fleetctl `4.62.0` when configured to use custom TUF (not Fleet's TUF) will generate just the legacy metadata file `/opt/orbit/tuf-metadata.json`. ## User stories See "User stories" in https://github.com/fleetdm/confidential/issues/8488. - [x] Update `update.defaultRootMetadata` and `update.DefaultURL` when the new repository is ready. - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [X] Orbit runs on macOS, Linux and Windows. Check if the orbit feature/bugfix should only apply to one platform (`runtime.GOOS`). - [X] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [X] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2025-01-10 17:27:30 +00:00
Value: update.DefaultURL,
added package command from orbit as fleetctl command (#1802) * added package command from orbit as fleetctl command * update deployment docs * add changes file * added tests for package command, run go mod tidy & go mod verify * validate that package files exist * comment out msi packaging test until we can investigate github runner permission issues
2021-09-09 05:34:12 +00:00
Destination: &opt.UpdateURL,
},
&cli.StringFlag{
Name: "update-roots",
Usage: "Root key JSON metadata for update server (from fleetctl updates roots)",
Destination: &opt.UpdateRoots,
},
Add mTLS support to fleetd (#11319) #7970 - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [x] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-04-27 11:44:39 +00:00
&cli.StringFlag{
Name: "update-tls-certificate",
Usage: "Path to the update server TLS certificate chain",
Destination: &opt.UpdateTLSServerCertificate,
},
&cli.StringFlag{
Name: "update-tls-client-certificate",
Usage: "Path to a TLS client certificate to use when connecting to the update server. This functionality is licensed under the Fleet EE License. Usage requires a current Fleet EE subscription.",
Destination: &opt.UpdateTLSClientCertificate,
},
&cli.StringFlag{
Name: "update-tls-client-key",
Usage: "Path to a TLS client private key to use when connecting to the update server. This functionality is licensed under the Fleet EE License. Usage requires a current Fleet EE subscription.",
Destination: &opt.UpdateTLSClientKey,
},
Add osquery flagfile support in Orbit (#3006) - Orbit automatically loads the flagfile when it exists in the orbit root. - Add packaging support to include flagfile with package. - Fix a panic when osquery fails to start up.
2021-11-18 23:06:33 +00:00
&cli.StringFlag{
Name: "osquery-flagfile",
Usage: "Flagfile to package and provide to osquery",
Destination: &opt.OsqueryFlagfile,
},
added package command from orbit as fleetctl command (#1802) * added package command from orbit as fleetctl command * update deployment docs * add changes file * added tests for package command, run go mod tidy & go mod verify * validate that package files exist * comment out msi packaging test until we can investigate github runner permission issues
2021-09-09 05:34:12 +00:00
&cli.BoolFlag{
Name: "debug",
Add explanation output to fleetctl package (#2864)
2021-11-15 13:40:58 +00:00
Usage: "Enable debug logging in orbit",
added package command from orbit as fleetctl command (#1802) * added package command from orbit as fleetctl command * update deployment docs * add changes file * added tests for package command, run go mod tidy & go mod verify * validate that package files exist * comment out msi packaging test until we can investigate github runner permission issues
2021-09-09 05:34:12 +00:00
Destination: &opt.Debug,
},
Add explanation output to fleetctl package (#2864)
2021-11-15 13:40:58 +00:00
&cli.BoolFlag{
Name: "verbose",
Usage: "Log detailed information when building the package",
},
Fleet Desktop MVP (#4530) * WIP * WIP2 * Fix orbit and fleetctl tests * Amend macos-app default * Add some fixes * Use fleetctl updates roots command * Add more fixes to Updater * Fixes to app publishing and downloading * Add more changes to support fleetctl cross generation * Amend comment * Add pkg generation to ease testing * Make more fixes * Add changes entry * Add legacy targets (until our TUF system exposes the new app) * Fix fleetctl preview * Fix bool flag * Fix orbit logic for disabled-updates and dev-mode * Fix TestPreview * Remove constant and fix zip-slip attack (codeql) * Return unknown error * Fix updater's checkExec * Add support for executable signing in init_tuf.sh * Try only signing orbit * Fix init_tuf.sh targets, macos-app only for osqueryd * Specify GOARCH to support M1s * Add workflow to generate osqueryd.app.tar.gz * Use 5.2.2 on init_tuf.sh * Add unit test for tar.gz target * Use artifacts instead of releases * Remove copy paste residue * Fleet Desktop Packaging WIP * Ignore gosec warning * Trigger on PR too * Install Go in workflow * Pass url parameter to desktop app * Fix fleetctl package * Final set of changes for v1 of Fleet Desktop * Add changes * PR fixes * Fix CI build * add larger menu bar icon * Add transparency item * Delete host_device_auth entry on host deletion * Add SetTargetChannel * Update white logo and add desktop to update runner * Add fleet-desktop monitoring to orbit * Define fleet-desktop app exec name * Fix update runner creation * Add API test before enabling the My device menu item Co-authored-by: Zach Wasserman <zach@fleetdm.com>
2022-03-21 17:53:53 +00:00
&cli.BoolFlag{
Name: "fleet-desktop",
Usage: "Include the Fleet Desktop Application in the package",
Destination: &opt.Desktop,
},
Make Orbit update interval configurable (#5032) * Make Orbit update interval configurable - Also increase default interval from 10s to 15m * Add update-interval configuration to fleetctl package (#5050) Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com>
2022-04-11 20:42:36 +00:00
&cli.DurationFlag{
Name: "update-interval",
Usage: "Interval that Orbit will use to check for new updates (10s, 1h, etc.)",
Value: 15 * time.Minute,
Destination: &opt.OrbitUpdateInterval,
},
Changes to support fleetctl preview with custom TUF server (#5418)
2022-04-27 21:17:20 +00:00
&cli.BoolFlag{
Name: "disable-open-folder",
Usage: "Disable opening the folder at the end",
Destination: &disableOpenFolder,
},
implement a docker image to package orbit natively in Linux (#6504) Related to #6364 and #6363, this: - Adds a new Docker image, `fleetdm/fleetctl` equipped with all necessary dependencies to build Fleet-osquery binaries for all platforms - Modifies the package generation logic to special case this scenario via an environment variable `FLEETCTL_NATIVE_TOOLING` - Adds a new GitHub workflow to test this There are more details in the README, but part of the special-casing logic is in place to output the binaries to a folder named `build` when they are run with `FLEETCTL_NATIVE_TOOLING`, this is so we can persist the binary generated by the docker container via a bind mount: ```bash docker run -v "$(pwd):/build" fleetdm/fleetctl package --type=msi ``` To test this changeset, I have generated packages for all platforms, both via the new Docker image and via the classic `fleetctl package`.
2022-07-11 12:49:13 +00:00
&cli.BoolFlag{
Name: "native-tooling",
Usage: "Build the package using native tooling (only available in Linux)",
EnvVars: []string{"FLEETCTL_NATIVE_TOOLING"},
Destination: &opt.NativeTooling,
},
Move code for `--local-wix-dir` into `ee` directory (#14104)
2023-09-25 17:38:03 +00:00
eefleetctl.LocalWixDirFlag(&opt.LocalWixDir),
add support for notarization in fleetdm/fleetctl images (#6818) #6674
2022-07-25 23:06:10 +00:00
&cli.StringFlag{
Name: "macos-devid-pem-content",
Usage: "Dev ID certificate keypair content in PEM format",
EnvVars: []string{"FLEETCTL_MACOS_DEVID_PEM_CONTENT"},
Destination: &opt.MacOSDevIDCertificateContent,
},
&cli.StringFlag{
Name: "app-store-connect-api-key-id",
Usage: "App Store Connect API key used for notarization",
EnvVars: []string{"FLEETCTL_APP_STORE_CONNECT_API_KEY_ID"},
Destination: &opt.AppStoreConnectAPIKeyID,
},
&cli.StringFlag{
Name: "app-store-connect-api-key-issuer",
Usage: "Issuer of the App Store Connect API key",
EnvVars: []string{"FLEETCTL_APP_STORE_CONNECT_API_KEY_ISSUER"},
Destination: &opt.AppStoreConnectAPIKeyIssuer,
},
&cli.StringFlag{
Name: "app-store-connect-api-key-content",
Usage: "Contents of the .p8 App Store Connect API key",
EnvVars: []string{"FLEETCTL_APP_STORE_CONNECT_API_KEY_CONTENT"},
Destination: &opt.AppStoreConnectAPIKeyContent,
},
explicitly enable orbit to read config from the system (#10980) in #10134 we added a silent mechanism to try to read configuration values from macOS configuration profiles if --fleet-url and --enroll-secret weren't present. while using this logic to test #9459 I have found that there's a race condition where sometimes `fleetd` is installed before the configuration profile with the values delivered by Fleet, causing orbit to get stuck forever. I added logic to loop every 30 seconds and try to fetch the values again if none are found, but I didn't felt comfortable adding this logic without also adding an extra flag to explicitly enable this behavior.
2023-04-05 18:02:18 +00:00
&cli.BoolFlag{
Name: "use-system-configuration",
Add mTLS support to fleetd (#11319) #7970 - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [x] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-04-27 11:44:39 +00:00
Usage: "Try to read --fleet-url and --enroll-secret using configuration in the host (currently only macOS profiles are supported)",
explicitly enable orbit to read config from the system (#10980) in #10134 we added a silent mechanism to try to read configuration values from macOS configuration profiles if --fleet-url and --enroll-secret weren't present. while using this logic to test #9459 I have found that there's a race condition where sometimes `fleetd` is installed before the configuration profile with the values delivered by Fleet, causing orbit to get stuck forever. I added logic to loop every 30 seconds and try to fetch the values again if none are found, but I didn't felt comfortable adding this logic without also adding an extra flag to explicitly enable this behavior.
2023-04-05 18:02:18 +00:00
EnvVars: []string{"FLEETCTL_USE_SYSTEM_CONFIGURATION"},
Destination: &opt.UseSystemConfiguration,
},
Allow to configure `fleetd` for script execution (#13564) Related to #13310 and #13304 this adds two ways to enable script execution in `fleetd` (the orbit component) - By building a package with `--enable-scripts` - By providing a setting via a configuration profile (macOS only) Due to how the profile assignment works, this change automatically updates the `com.fleetdm.fleetd.config` for hosts that already have the profile installed. > [!NOTE] > Documentation is in [#13577](https://github.com/fleetdm/fleet/pull/13577) to decouple reviews.
2023-08-30 13:18:34 +00:00
&cli.BoolFlag{
Name: "enable-scripts",
Usage: "Enable script execution",
EnvVars: []string{"FLEETCTL_ENABLE_SCRIPTS"},
Destination: &opt.EnableScripts,
},
Allow enrolling fleetd using osquery's `instance` identifier (#15570) #14879 - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [x] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-12-15 18:26:32 +00:00
&cli.StringFlag{
Name: "host-identifier",
Usage: "Sets the host identifier that orbit and osquery will use when enrolling to Fleet. Options: 'uuid' and 'instance' (requires Fleet >= v4.42.0)",
Value: "uuid",
EnvVars: []string{"FLEETCTL_HOST_IDENTIFIER"},
Destination: &opt.HostIdentifier,
},
Custom email device-mapping: implement the CLI (fleetd + fleetctl) changes (#15763) Co-authored-by: Sarah Gillespie <73313222+gillespi314@users.noreply.github.com>
2023-12-21 17:22:59 +00:00
&cli.StringFlag{
Name: "end-user-email",
Update CLI help to document usage of `--end-user-email` flag (#19959)
2024-06-24 20:13:04 +00:00
Usage: "End user's email that populates human to host mapping in Fleet (only available on Windows and Linux)",
Custom email device-mapping: implement the CLI (fleetd + fleetctl) changes (#15763) Co-authored-by: Sarah Gillespie <73313222+gillespi314@users.noreply.github.com>
2023-12-21 17:22:59 +00:00
EnvVars: []string{"FLEETCTL_END_USER_EMAIL"},
Destination: &opt.EndUserEmail,
},
Enroll secret in macOS keychain and Windows Credential Manager (#16068) #13832 For macOS hosts, fleetd now stores and retrieves enroll secret from macOS keychain. - this feature must use the official signed and notarized version of fleetd - for contributors, this feature can disabled with either: - fleetctl package flag: --disable-keystore - fleetd runtime flag: --disable-keystore This feature does not cover the MDM usecase where enroll secret is stored in the MDM profile. This usecase will hopefully be worked on next sprint with the MDM team. For Windows hosts, fleetd now stores and retrieves enroll secret from Windows Credential Manager. # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [x] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2024-01-16 12:51:37 +00:00
&cli.BoolFlag{
Name: "disable-keystore",
Usage: "Disables the use of the keychain on macOS and Credentials Manager on Windows",
EnvVars: []string{"FLEETCTL_DISABLE_KEYSTORE"},
Destination: &opt.DisableKeystore,
},
Allow custom osquery database on fleetd (#16554) #16014 - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [x] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2024-02-05 12:41:06 +00:00
&cli.StringFlag{
Name: "osquery-db",
Usage: "Sets a custom osquery database directory, it must be an absolute path (requires orbit >= v1.22.0)",
EnvVars: []string{"FLEETCTL_OSQUERY_DB"},
Destination: &opt.OsqueryDB,
},
added package command from orbit as fleetctl command (#1802) * added package command from orbit as fleetctl command * update deployment docs * add changes file * added tests for package command, run go mod tidy & go mod verify * validate that package files exist * comment out msi packaging test until we can investigate github runner permission issues
2021-09-09 05:34:12 +00:00
},
Action: func(c *cli.Context) error {
if opt.FleetURL != "" || opt.EnrollSecret != "" {
if opt.FleetURL == "" || opt.EnrollSecret == "" {
return errors.New("--enroll-secret and --fleet-url must be provided together")
}
}
if opt.Insecure && opt.FleetCertificate != "" {
return errors.New("--insecure and --fleet-certificate may not be provided together")
}
Add mTLS support to fleetd (#11319) #7970 - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [x] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-04-27 11:44:39 +00:00
if opt.Insecure && opt.UpdateTLSServerCertificate != "" {
return errors.New("--insecure and --update-tls-certificate may not be provided together")
}
Allow enrolling fleetd using osquery's `instance` identifier (#15570) #14879 - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [x] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-12-15 18:26:32 +00:00
if opt.HostIdentifier != "uuid" && opt.HostIdentifier != "instance" {
return fmt.Errorf("--host-identifier=%s is not supported, currently supported values are 'uuid' and 'instance'", opt.HostIdentifier)
}
Add mTLS support to fleetd (#11319) #7970 - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [x] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-04-27 11:44:39 +00:00
// Perform checks on the provided fleet client certificate and key.
if (opt.FleetTLSClientCertificate != "") != (opt.FleetTLSClientKey != "") {
return errors.New("must specify both fleet-tls-client-certificate and fleet-tls-client-key")
}
if opt.FleetTLSClientKey != "" {
if _, err := tls.LoadX509KeyPair(opt.FleetTLSClientCertificate, opt.FleetTLSClientKey); err != nil {
return fmt.Errorf("error loading fleet client certificate and key: %w", err)
}
}
// Perform checks on the provided update client certificate and key.
if (opt.UpdateTLSClientCertificate != "") != (opt.UpdateTLSClientKey != "") {
return errors.New("must specify both update-tls-client-certificate and update-tls-client-key")
}
if opt.UpdateTLSClientKey != "" {
if _, err := tls.LoadX509KeyPair(opt.UpdateTLSClientCertificate, opt.UpdateTLSClientKey); err != nil {
return fmt.Errorf("error loading update client certificate and key: %w", err)
}
}
Allow custom osquery database on fleetd (#16554) #16014 - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [x] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2024-02-05 12:41:06 +00:00
if opt.OsqueryDB != "" && !isAbsolutePath(opt.OsqueryDB, c.String("type")) {
return fmt.Errorf("--osquery-db must be an absolute path: %q", opt.OsqueryDB)
}
Updates and fixes for packaging (#2682) - Fix Windows MSI generation by changing permissions (#2655). - Refactor temp directory initialization. - Use root user for Wine in WiX Docker container. - Support .pkg packaging on Linux without dependencies (besides Docker)
2021-10-27 23:17:41 +00:00
if runtime.GOOS == "windows" && c.String("type") != "msi" {
return errors.New("Windows can only build MSI packages.")
}
implement a docker image to package orbit natively in Linux (#6504) Related to #6364 and #6363, this: - Adds a new Docker image, `fleetdm/fleetctl` equipped with all necessary dependencies to build Fleet-osquery binaries for all platforms - Modifies the package generation logic to special case this scenario via an environment variable `FLEETCTL_NATIVE_TOOLING` - Adds a new GitHub workflow to test this There are more details in the README, but part of the special-casing logic is in place to output the binaries to a folder named `build` when they are run with `FLEETCTL_NATIVE_TOOLING`, this is so we can persist the binary generated by the docker container via a bind mount: ```bash docker run -v "$(pwd):/build" fleetdm/fleetctl package --type=msi ``` To test this changeset, I have generated packages for all platforms, both via the new Docker image and via the classic `fleetctl package`.
2022-07-11 12:49:13 +00:00
if opt.NativeTooling && runtime.GOOS != "linux" {
return errors.New("native tooling is only available in Linux")
}
Fixed macOS MSI package -- using local wine and wix (#16307) New flow for `fleetctl --package --type=msi` on macOS using arm64 processor (M1, M2, etc.) - wine must be installed locally. See ./orbit/tools/build/install-wine-macos.sh and https://wiki.winehq.org/MacOS for reference. - --local-wix-dir can be used to point to a local Wix3 installation (using this switch requires a current Fleet EE subscription) #15463 PR for docs: https://github.com/fleetdm/fleet/pull/16459 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
2024-01-30 17:08:21 +00:00
if opt.LocalWixDir != "" && runtime.GOOS != "windows" && runtime.GOOS != "darwin" {
return errors.New(
`Could not use local WiX to generate an osquery installer. This option is only available on Windows and macOS.
Add ability for `fleetctl package` to use local WiX v3 binaries when generating installer .msi (#14033)
2023-09-22 15:49:01 +00:00
Visit https://wixtoolset.org/ for more information about how to use WiX.`)
}
Custom email device-mapping: implement the CLI (fleetd + fleetctl) changes (#15763) Co-authored-by: Sarah Gillespie <73313222+gillespi314@users.noreply.github.com>
2023-12-21 17:22:59 +00:00
if opt.EndUserEmail != "" {
if !fleet.IsLooseEmail(opt.EndUserEmail) {
return errors.New("Invalid email address specified for --end-user-email.")
}
Add support for `--end-user-email` option when building fleetd packages for Linux (#19795)
2024-06-18 15:10:19 +00:00
switch c.String("type") {
case "msi", "deb", "rpm":
// ok
default:
return errors.New("Can only set --end-user-email when building an MSI, DEB, or RPM package.")
}
Custom email device-mapping: implement the CLI (fleetd + fleetctl) changes (#15763) Co-authored-by: Sarah Gillespie <73313222+gillespi314@users.noreply.github.com>
2023-12-21 17:22:59 +00:00
}
`fleetctl package` command to check for PEM file (#3375) #3374
2021-12-30 01:32:55 +00:00
if opt.FleetCertificate != "" {
err := checkPEMCertificate(opt.FleetCertificate)
if err != nil {
Add mTLS support to fleetd (#11319) #7970 - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [x] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-04-27 11:44:39 +00:00
return fmt.Errorf("failed to read fleet server certificate %q: %w", opt.FleetCertificate, err)
}
}
if opt.UpdateTLSServerCertificate != "" {
err := checkPEMCertificate(opt.UpdateTLSServerCertificate)
if err != nil {
return fmt.Errorf("failed to read update server certificate %q: %w", opt.UpdateTLSServerCertificate, err)
`fleetctl package` command to check for PEM file (#3375) #3374
2021-12-30 01:32:55 +00:00
}
}
explicitly enable orbit to read config from the system (#10980) in #10134 we added a silent mechanism to try to read configuration values from macOS configuration profiles if --fleet-url and --enroll-secret weren't present. while using this logic to test #9459 I have found that there's a race condition where sometimes `fleetd` is installed before the configuration profile with the values delivered by Fleet, causing orbit to get stuck forever. I added logic to loop every 30 seconds and try to fetch the values again if none are found, but I didn't felt comfortable adding this logic without also adding an extra flag to explicitly enable this behavior.
2023-04-05 18:02:18 +00:00
if opt.UseSystemConfiguration && c.String("type") != "pkg" {
return errors.New("--use-system-configuration is only available for pkg installers")
}
Add support for Linux ARM64 (#19931) #1845 Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com> Co-authored-by: Roberto Dip <rroperzh@gmail.com>
2024-07-17 20:07:59 +00:00
linuxPackage := false
switch c.String("type") {
case "deb", "rpm":
linuxPackage = true
}
Orbit for Windows ARM64 (#27882) #27275 and #27274 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [x] Make sure fleetd is compatible with the latest released version of Fleet (see [Must rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/fleetd-development-and-release-strategy.md)). - [x] Orbit runs on macOS, Linux and Windows. Check if the orbit feature/bugfix should only apply to one platform (`runtime.GOOS`). - [x] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)). --------- Co-authored-by: Lucas Rodriguez <lucas@fleetdm.com>
2025-04-11 14:18:28 +00:00
windowsPackage := c.String("type") == "msi"
Add support for Linux ARM64 (#19931) #1845 Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com> Co-authored-by: Roberto Dip <rroperzh@gmail.com>
2024-07-17 20:07:59 +00:00
Orbit for Windows ARM64 (#27882) #27275 and #27274 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [x] Make sure fleetd is compatible with the latest released version of Fleet (see [Must rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/fleetd-development-and-release-strategy.md)). - [x] Orbit runs on macOS, Linux and Windows. Check if the orbit feature/bugfix should only apply to one platform (`runtime.GOOS`). - [x] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)). --------- Co-authored-by: Lucas Rodriguez <lucas@fleetdm.com>
2025-04-11 14:18:28 +00:00
if opt.Architecture != packaging.ArchAmd64 && !(linuxPackage || windowsPackage) {
Add support for Linux ARM64 (#19931) #1845 Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com> Co-authored-by: Roberto Dip <rroperzh@gmail.com>
2024-07-17 20:07:59 +00:00
return fmt.Errorf("can't use '--arch' with '--type %s'", c.String("type"))
}
if opt.Architecture != packaging.ArchAmd64 && opt.Architecture != packaging.ArchArm64 {
return errors.New("arch must be one of ('amd64', 'arm64')")
}
Add explanation output to fleetctl package (#2864)
2021-11-15 13:40:58 +00:00
var buildFunc func(packaging.Options) (string, error)
added package command from orbit as fleetctl command (#1802) * added package command from orbit as fleetctl command * update deployment docs * add changes file * added tests for package command, run go mod tidy & go mod verify * validate that package files exist * comment out msi packaging test until we can investigate github runner permission issues
2021-09-09 05:34:12 +00:00
switch c.String("type") {
case "pkg":
Orbit for Windows ARM64 (#27882) #27275 and #27274 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [x] Make sure fleetd is compatible with the latest released version of Fleet (see [Must rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/fleetd-development-and-release-strategy.md)). - [x] Orbit runs on macOS, Linux and Windows. Check if the orbit feature/bugfix should only apply to one platform (`runtime.GOOS`). - [x] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)). --------- Co-authored-by: Lucas Rodriguez <lucas@fleetdm.com>
2025-04-11 14:18:28 +00:00
opt.NativePlatform = "darwin"
Add explanation output to fleetctl package (#2864)
2021-11-15 13:40:58 +00:00
buildFunc = packaging.BuildPkg
added package command from orbit as fleetctl command (#1802) * added package command from orbit as fleetctl command * update deployment docs * add changes file * added tests for package command, run go mod tidy & go mod verify * validate that package files exist * comment out msi packaging test until we can investigate github runner permission issues
2021-09-09 05:34:12 +00:00
case "deb":
Orbit for Windows ARM64 (#27882) #27275 and #27274 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [x] Make sure fleetd is compatible with the latest released version of Fleet (see [Must rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/fleetd-development-and-release-strategy.md)). - [x] Orbit runs on macOS, Linux and Windows. Check if the orbit feature/bugfix should only apply to one platform (`runtime.GOOS`). - [x] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)). --------- Co-authored-by: Lucas Rodriguez <lucas@fleetdm.com>
2025-04-11 14:18:28 +00:00
if opt.Architecture == packaging.ArchAmd64 {
opt.NativePlatform = "linux"
} else {
opt.NativePlatform = "linux-arm64"
}
Add explanation output to fleetctl package (#2864)
2021-11-15 13:40:58 +00:00
buildFunc = packaging.BuildDeb
added package command from orbit as fleetctl command (#1802) * added package command from orbit as fleetctl command * update deployment docs * add changes file * added tests for package command, run go mod tidy & go mod verify * validate that package files exist * comment out msi packaging test until we can investigate github runner permission issues
2021-09-09 05:34:12 +00:00
case "rpm":
Orbit for Windows ARM64 (#27882) #27275 and #27274 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [x] Make sure fleetd is compatible with the latest released version of Fleet (see [Must rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/fleetd-development-and-release-strategy.md)). - [x] Orbit runs on macOS, Linux and Windows. Check if the orbit feature/bugfix should only apply to one platform (`runtime.GOOS`). - [x] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)). --------- Co-authored-by: Lucas Rodriguez <lucas@fleetdm.com>
2025-04-11 14:18:28 +00:00
if opt.Architecture == packaging.ArchAmd64 {
opt.NativePlatform = "linux"
} else {
opt.NativePlatform = "linux-arm64"
}
Add explanation output to fleetctl package (#2864)
2021-11-15 13:40:58 +00:00
buildFunc = packaging.BuildRPM
added package command from orbit as fleetctl command (#1802) * added package command from orbit as fleetctl command * update deployment docs * add changes file * added tests for package command, run go mod tidy & go mod verify * validate that package files exist * comment out msi packaging test until we can investigate github runner permission issues
2021-09-09 05:34:12 +00:00
case "msi":
Orbit for Windows ARM64 (#27882) #27275 and #27274 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [x] Make sure fleetd is compatible with the latest released version of Fleet (see [Must rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/fleetd-development-and-release-strategy.md)). - [x] Orbit runs on macOS, Linux and Windows. Check if the orbit feature/bugfix should only apply to one platform (`runtime.GOOS`). - [x] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)). --------- Co-authored-by: Lucas Rodriguez <lucas@fleetdm.com>
2025-04-11 14:18:28 +00:00
if opt.Architecture == packaging.ArchAmd64 {
opt.NativePlatform = "windows"
} else {
opt.NativePlatform = "windows-arm64"
}
Add explanation output to fleetctl package (#2864)
2021-11-15 13:40:58 +00:00
buildFunc = packaging.BuildMSI
added package command from orbit as fleetctl command (#1802) * added package command from orbit as fleetctl command * update deployment docs * add changes file * added tests for package command, run go mod tidy & go mod verify * validate that package files exist * comment out msi packaging test until we can investigate github runner permission issues
2021-09-09 05:34:12 +00:00
default:
return errors.New("type must be one of ('pkg', 'deb', 'rpm', 'msi')")
}
Add explanation output to fleetctl package (#2864)
2021-11-15 13:40:58 +00:00
// disable detailed logging unless verbose is set
if !c.Bool("verbose") {
zlog.Logger = zerolog.Nop()
}
feat: update fleetctl output to reference fleetd (#16612) > Related issue: #16382 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Manual QA for all new/changed functionality
2024-02-06 14:30:00 +00:00
fmt.Println("Generating your fleetd agent...")
Fixed macOS MSI package -- using local wine and wix (#16307) New flow for `fleetctl --package --type=msi` on macOS using arm64 processor (M1, M2, etc.) - wine must be installed locally. See ./orbit/tools/build/install-wine-macos.sh and https://wiki.winehq.org/MacOS for reference. - --local-wix-dir can be used to point to a local Wix3 installation (using this switch requires a current Fleet EE subscription) #15463 PR for docs: https://github.com/fleetdm/fleet/pull/16459 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
2024-01-30 17:08:21 +00:00
path, err := buildFunc(opt)
Add explanation output to fleetctl package (#2864)
2021-11-15 13:40:58 +00:00
if err != nil {
return err
}
Implement retries when building MSI on Apple M1 architecture (#7367)
2022-08-24 18:52:32 +00:00
Add explanation output to fleetctl package (#2864)
2021-11-15 13:40:58 +00:00
path, _ = filepath.Abs(path)
fmt.Printf(`
feat: update fleetctl output to reference fleetd (#16612) > Related issue: #16382 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Manual QA for all new/changed functionality
2024-02-06 14:30:00 +00:00
Success! You generated fleetd at %s
Add explanation output to fleetctl package (#2864)
2021-11-15 13:40:58 +00:00
`fleetctl`: update `package` command output (#26500) For #26489 --------- Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-03-04 18:21:07 +00:00
To add hosts to Fleet, install fleetd.
Learn how: https://fleetdm.com/learn-more-about/enrolling-hosts
`, path)
Changes to support fleetctl preview with custom TUF server (#5418)
2022-04-27 21:17:20 +00:00
if !disableOpenFolder {
Enable `errcheck` linter for `golangci-lint` (#8899)
2022-12-05 22:50:49 +00:00
open.Start(filepath.Dir(path)) //nolint:errcheck
Changes to support fleetctl preview with custom TUF server (#5418)
2022-04-27 21:17:20 +00:00
}
Add explanation output to fleetctl package (#2864)
2021-11-15 13:40:58 +00:00
return nil
added package command from orbit as fleetctl command (#1802) * added package command from orbit as fleetctl command * update deployment docs * add changes file * added tests for package command, run go mod tidy & go mod verify * validate that package files exist * comment out msi packaging test until we can investigate github runner permission issues
2021-09-09 05:34:12 +00:00
},
}
}
`fleetctl package` command to check for PEM file (#3375) #3374
2021-12-30 01:32:55 +00:00
func checkPEMCertificate(path string) error {
chore: remove refs to deprecated io/ioutil (#14485) # Checklist for submitter If some of the following don't apply, delete the relevant line. - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md) - [ ] Documented any permissions changes (docs/Using Fleet/manage-access.md) - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)). Signed-off-by: guoguangwu <guoguangwu@magic-shield.com>
2023-10-27 18:28:54 +00:00
cert, err := os.ReadFile(path)
`fleetctl package` command to check for PEM file (#3375) #3374
2021-12-30 01:32:55 +00:00
if err != nil {
return err
}
if p, _ := pem.Decode(cert); p == nil {
return errors.New("invalid PEM file")
}
return nil
}
Allow custom osquery database on fleetd (#16554) #16014 - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [x] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2024-02-05 12:41:06 +00:00
// isAbsolutePath returns whether a path is absolute.
// It does not make use of filepath.IsAbs to support
// checking Windows paths from Go code running in unix.
func isAbsolutePath(path, pkgType string) bool {
if pkgType == "msi" {
return filepath_windows.IsAbs(path)
}
return strings.HasPrefix(path, "/") // this is the unix implementation of filepath.IsAbs
}
Reference in a new issue Copy permalink