Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-24 01:18:42 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 59

Improve TUF-Update-Guide.md docs (#14996)

Browse source 
#14933
This commit is contained in:
Lucas Manuel Rodriguez 2023-11-07 14:33:40 -03:00 committed by GitHub
parent 4dff885b16
commit 0c4661ebd4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
orbit/docs/TUF-Update-Guide.md
View file

@ -9,6 +9,7 @@ This document is a walkthrough guide for:
- The TUF keys for `targets`, `snapshot` and `timestamp` should be stored on a USB stick (used solely for this purpose). Whenever you need to push updates to Fleet's TUF repository you can temporarily copy the encrypted keys to your workstation (under the `keys/` folder, more on this below).
- The keys should be stored encrypted with its passphrase stored in 1Password (on a private vault).
- Every `fleetctl updates` command will prompt for the passphrases to decrypt the encrypted keys. You can input the passphrases every time or can alternatively set the following environment variables: `FLEET_TIMESTAMP_PASSPHRASE`, `FLEET_SNAPSHOT_PASSPHRASE` and `FLEET_TARGETS_PASSPHRASE`. Make sure to not leave traces of the passphrases (scripts, history and/or environment) when you are done.
## Syncing Fleet's TUF repository
@ -124,6 +125,11 @@ fleetctl updates add --target /path/to/downloaded/linux/osqueryd --platform linu
fleetctl updates add --target /path/to/downloaded/windows/osqueryd.exe --platform windows --name osqueryd --version 5.9.1 -t edge
```
#### Push updates
Once all components are updated in your local repository we need to push the changes to the remote repository.
See [Pushing releases to Fleet's TUF repository](#pushing-releases-to-fleets-tuf-repository).
### Promoting `edge` to the `stable` channel
> Make sure to install fleetd components using the `stable` channels in the three supported OSs (this is useful to smoke test the update).
@ -185,7 +191,12 @@ fleetctl updates add --target ./repository/targets/osqueryd/linux/edge/osqueryd
fleetctl updates add --target ./repository/targets/osqueryd/windows/edge/osqueryd.exe --platform windows --name osqueryd --version 5.9.1 -t 5.9 -t 5 -t stable
```
#### Pushing releases to Fleet's TUF repository
#### Push updates
Once all components are updated in your local repository we need to push the changes to the remote repository.
See [Pushing releases to Fleet's TUF repository](#pushing-releases-to-fleets-tuf-repository).
### Pushing releases to Fleet's TUF repository
Once you are done with the changes on your local repository, you can use the following command to review the changes before pushing (`--dryrun` allows us to verify the upgrade before pushing):
```sh