From 3d1cf985a78df3191ae1dc6d1dfcbfab56028d53 Mon Sep 17 00:00:00 2001
From: Zach Wasserman <zach@fleetdm.com>
Date: Fri, 16 Apr 2021 17:24:11 -0700
Subject: [PATCH] Revert "Initial Windows support (#10)" (#11)

This reverts commit 7767da94e87c7559b03eeb41a04218fd46f34468.

This was accidentally force-pushed before merging and included the incorrect changes.
---
 cmd/orbit/orbit.go                 |  18 +----
 cmd/package/package.go             |   4 +-
 pkg/database/database.go           |  22 +-----
 pkg/packaging/macos.go             |  14 ++++
 pkg/packaging/macos_templates.go   |   2 +-
 pkg/packaging/packaging.go         |  16 ----
 pkg/packaging/windows.go           | 104 --------------------------
 pkg/packaging/windows_templates.go |  78 --------------------
 pkg/packaging/wix/transform.go     | 113 -----------------------------
 pkg/packaging/wix/wix.go           |  88 ----------------------
 10 files changed, 21 insertions(+), 438 deletions(-)
 delete mode 100644 pkg/packaging/windows.go
 delete mode 100644 pkg/packaging/windows_templates.go
 delete mode 100644 pkg/packaging/wix/transform.go
 delete mode 100644 pkg/packaging/wix/wix.go

diff --git a/cmd/orbit/orbit.go b/cmd/orbit/orbit.go
index 0106eecf73..649cde203a 100644
--- a/cmd/orbit/orbit.go
+++ b/cmd/orbit/orbit.go
@@ -11,7 +11,6 @@ import (
 	"strings"
 	"time"
 
-	"github.com/dgraph-io/badger/v2"
 	"github.com/fleetdm/orbit/pkg/certificate"
 	"github.com/fleetdm/orbit/pkg/constant"
 	"github.com/fleetdm/orbit/pkg/database"
@@ -27,6 +26,7 @@ import (
 )
 
 const (
+	certPath       = "/tmp/fleet.pem"
 	defaultRootDir = "/var/lib/orbit"
 )
 
@@ -143,18 +143,9 @@ func main() {
 			return errors.Wrap(err, "initialize root dir")
 		}
 
-		dbPath := filepath.Join(c.String("root-dir"), "orbit.db")
-		db, err := database.Open(dbPath)
+		db, err := database.Open(filepath.Join(c.String("root-dir"), "orbit.db"))
 		if err != nil {
-			if errors.Is(err, badger.ErrTruncateNeeded) {
-				db, err = database.OpenTruncate(dbPath)
-				if err != nil {
-					return err
-				}
-				log.Warn().Msg("Open badger required truncate. Possible data loss.")
-			} else {
-				return err
-			}
+			return err
 		}
 		defer func() {
 			if err := db.Close(); err != nil {
@@ -238,8 +229,7 @@ func main() {
 			)
 
 			// Write cert that proxy uses
-			certPath := filepath.Join(opt.RootDirectory, "insecure-cert.pem")
-			err = ioutil.WriteFile(filepath.Join(opt.RootDirectory, "insecure-cert.pem"), []byte(insecure.ServerCert), os.ModePerm)
+			err = ioutil.WriteFile(certPath, []byte(insecure.ServerCert), os.ModePerm)
 			if err != nil {
 				return errors.Wrap(err, "write server cert")
 			}
diff --git a/cmd/package/package.go b/cmd/package/package.go
index 8060c42a29..b2521f2d78 100644
--- a/cmd/package/package.go
+++ b/cmd/package/package.go
@@ -129,10 +129,8 @@ func main() {
 			return packaging.BuildDeb(opt)
 		case "rpm":
 			return packaging.BuildRPM(opt)
-		case "msi":
-			return packaging.BuildMSI(opt)
 		default:
-			return errors.New("type must be one of ('pkg', 'deb', 'rpm', 'msi')")
+			return errors.New("type must be one of ('pkg', 'deb', 'rpm')")
 		}
 	}
 
diff --git a/pkg/database/database.go b/pkg/database/database.go
index ac3481b54b..100377348d 100644
--- a/pkg/database/database.go
+++ b/pkg/database/database.go
@@ -22,7 +22,7 @@ type BadgerDB struct {
 	closeChan chan struct{}
 }
 
-// Open opens (initializing if necessary) a Badger database at the specified
+// Open opens (initializing if necessary) a new Badger database at the specified
 // path. Users must close the DB with Close().
 func Open(path string) (*BadgerDB, error) {
 	// DefaultOptions sets synchronous writes to true (maximum data integrity).
@@ -38,26 +38,6 @@ func Open(path string) (*BadgerDB, error) {
 	return b, nil
 }
 
-// OpenTruncate opens (initializing and/or truncating if necessary) a Badger
-// database at the specified path. Users must close the DB with Close().
-//
-// Prefer Open in the general case, but after a bad shutdown it may be necessary
-// to call OpenTruncate. This may cause data loss. Detect this situation by
-// looking for badger.ErrTruncateNeeded.
-func OpenTruncate(path string) (*BadgerDB, error) {
-	// DefaultOptions sets synchronous writes to true (maximum data integrity).
-	// TODO implement logging?
-	db, err := badger.Open(badger.DefaultOptions(path).WithLogger(nil).WithTruncate(true))
-	if err != nil {
-		return nil, errors.Wrapf(err, "open badger with truncate %s", path)
-	}
-
-	b := &BadgerDB{DB: db}
-	b.startBackgroundCompaction()
-
-	return b, nil
-}
-
 // startBackgroundCompaction starts a background loop that will call the
 // compaction method on the database. Badger does not do this automatically, so
 // we need to be sure to do so here (or elsewhere).
diff --git a/pkg/packaging/macos.go b/pkg/packaging/macos.go
index ea8871a7b9..96eb12a5b7 100644
--- a/pkg/packaging/macos.go
+++ b/pkg/packaging/macos.go
@@ -156,6 +156,20 @@ func writeScripts(opt Options, rootPath string) error {
 	return nil
 }
 
+func writeSecret(opt Options, orbitRoot string) error {
+	// Enroll secret
+	path := filepath.Join(orbitRoot, "secret")
+	if err := os.MkdirAll(filepath.Dir(path), constant.DefaultDirMode); err != nil {
+		return errors.Wrap(err, "mkdir")
+	}
+
+	if err := ioutil.WriteFile(path, []byte(opt.EnrollSecret), 0600); err != nil {
+		return errors.Wrap(err, "write file")
+	}
+
+	return nil
+}
+
 func writeLaunchd(opt Options, rootPath string) error {
 	// launchd is the service mechanism on macOS
 	path := filepath.Join(rootPath, "Library", "LaunchDaemons", "com.fleetdm.orbit.plist")
diff --git a/pkg/packaging/macos_templates.go b/pkg/packaging/macos_templates.go
index e315f297c8..a0420cb171 100644
--- a/pkg/packaging/macos_templates.go
+++ b/pkg/packaging/macos_templates.go
@@ -71,7 +71,7 @@ var macosLaunchdTemplate = template.Must(template.New("").Option("missingkey=err
       {{ if .Insecure }}<key>ORBIT_INSECURE</key><string>true</string>{{ end }}
       {{ if .FleetURL }}<key>ORBIT_FLEET_URL</key><string>{{ .FleetURL }}</string>{{ end }}
       {{ if .FleetCertificate }}<key>ORBIT_FLEET_CERTIFICATE</key><string>/var/lib/orbit/fleet.pem</string>{{ end }}
-      {{ if .EnrollSecret }}<key>ORBIT_ENROLL_SECRET_PATH</key><string>/var/lib/orbit/secret.txt</string>{{ end }}
+      {{ if .EnrollSecret }}<key>ORBIT_ENROLL_SECRET_PATH</key><string>/var/lib/orbit/secret</string>{{ end }}
       {{ if .Debug }}<key>ORBIT_DEBUG</key><string>true</string>{{ end }}
     </dict>
     <key>KeepAlive</key><true/>
diff --git a/pkg/packaging/packaging.go b/pkg/packaging/packaging.go
index f3f2c518ce..a12ef7954e 100644
--- a/pkg/packaging/packaging.go
+++ b/pkg/packaging/packaging.go
@@ -3,11 +3,9 @@ package packaging
 
 import (
 	"io"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 
-	"github.com/fleetdm/orbit/pkg/constant"
 	"github.com/fleetdm/orbit/pkg/update"
 	"github.com/fleetdm/orbit/pkg/update/filestore"
 	"github.com/pkg/errors"
@@ -100,17 +98,3 @@ func initializeUpdates(updateOpt update.Options) error {
 
 	return nil
 }
-
-// writeSecret writes the enroll secret to a text file
-func writeSecret(opt Options, orbitRoot string) error {
-	path := filepath.Join(orbitRoot, "secret.txt")
-	if err := os.MkdirAll(filepath.Dir(path), constant.DefaultDirMode); err != nil {
-		return errors.Wrap(err, "mkdir")
-	}
-
-	if err := ioutil.WriteFile(path, []byte(opt.EnrollSecret), 0600); err != nil {
-		return errors.Wrap(err, "write file")
-	}
-
-	return nil
-}
diff --git a/pkg/packaging/windows.go b/pkg/packaging/windows.go
deleted file mode 100644
index cad1f53ee8..0000000000
--- a/pkg/packaging/windows.go
+++ /dev/null
@@ -1,104 +0,0 @@
-package packaging
-
-import (
-	"bytes"
-	"fmt"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-
-	"github.com/fleetdm/orbit/pkg/constant"
-	"github.com/fleetdm/orbit/pkg/packaging/wix"
-	"github.com/fleetdm/orbit/pkg/update"
-	"github.com/pkg/errors"
-	"github.com/rs/zerolog/log"
-)
-
-// BuildMSI builds a Windows .msi.
-func BuildMSI(opt Options) error {
-	// Initialize directories
-	tmpDir, err := ioutil.TempDir("", "orbit-package")
-	if err != nil {
-		return errors.Wrap(err, "failed to create temp dir")
-	}
-	defer os.RemoveAll(tmpDir)
-	log.Debug().Str("path", tmpDir).Msg("created temp dir")
-
-	filesystemRoot := filepath.Join(tmpDir, "root")
-	if err := os.MkdirAll(filesystemRoot, constant.DefaultDirMode); err != nil {
-		return errors.Wrap(err, "create root dir")
-	}
-	orbitRoot := filesystemRoot
-	if err := os.MkdirAll(orbitRoot, constant.DefaultDirMode); err != nil {
-		return errors.Wrap(err, "create orbit dir")
-	}
-
-	// Initialize autoupdate metadata
-
-	updateOpt := update.DefaultOptions
-	updateOpt.Platform = "windows"
-	updateOpt.RootDirectory = orbitRoot
-	updateOpt.OrbitChannel = opt.OrbitChannel
-	updateOpt.OsquerydChannel = opt.OsquerydChannel
-	updateOpt.ServerURL = opt.UpdateURL
-	if opt.UpdateRoots != "" {
-		updateOpt.RootKeys = opt.UpdateRoots
-	}
-
-	if err := initializeUpdates(updateOpt); err != nil {
-		return errors.Wrap(err, "initialize updates")
-	}
-
-	// Write files
-
-	if err := writeSecret(opt, orbitRoot); err != nil {
-		return errors.Wrap(err, "write enroll secret")
-	}
-
-	if err := writeWixFile(opt, tmpDir); err != nil {
-		return errors.Wrap(err, "write wix file")
-	}
-
-	if err := wix.Heat(tmpDir); err != nil {
-		return errors.Wrap(err, "package root files")
-	}
-
-	if err := wix.TransformHeat(filepath.Join(tmpDir, "heat.wxs")); err != nil {
-		return errors.Wrap(err, "transform heat")
-	}
-
-	if err := wix.Candle(tmpDir); err != nil {
-		return errors.Wrap(err, "build package")
-	}
-
-	if err := wix.Light(tmpDir); err != nil {
-		return errors.Wrap(err, "build package")
-	}
-
-	filename := fmt.Sprintf("orbit-osquery_%s.msi", opt.Version)
-	if err := os.Rename(filepath.Join(tmpDir, "orbit.msi"), filename); err != nil {
-		return errors.Wrap(err, "rename msi")
-	}
-	log.Info().Str("path", filename).Msg("wrote msi package")
-
-	return nil
-}
-
-func writeWixFile(opt Options, rootPath string) error {
-	// PackageInfo is metadata for the pkg
-	path := filepath.Join(rootPath, "main.wxs")
-	if err := os.MkdirAll(filepath.Dir(path), constant.DefaultDirMode); err != nil {
-		return errors.Wrap(err, "mkdir")
-	}
-
-	var contents bytes.Buffer
-	if err := windowsWixTemplate.Execute(&contents, opt); err != nil {
-		return errors.Wrap(err, "execute template")
-	}
-
-	if err := ioutil.WriteFile(path, contents.Bytes(), 0o666); err != nil {
-		return errors.Wrap(err, "write file")
-	}
-
-	return nil
-}
diff --git a/pkg/packaging/windows_templates.go b/pkg/packaging/windows_templates.go
deleted file mode 100644
index 6558200144..0000000000
--- a/pkg/packaging/windows_templates.go
+++ /dev/null
@@ -1,78 +0,0 @@
-package packaging
-
-import "text/template"
-
-// Partially adapted from Launcher's wix XML in
-// https://github.com/kolide/launcher/blob/master/pkg/packagekit/internal/assets/main.wxs.
-var windowsWixTemplate = template.Must(template.New("").Option("missingkey=error").Parse(
-	`<?xml version="1.0" encoding="UTF-8"?>
-<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi" xmlns:util="http://schemas.microsoft.com/wix/UtilExtension">
-  <Product
-    Id="C2C2437D-0562-465E-A0BB-2C4484025BD6"
-    Name="Orbit osquery"
-    Language="1033"
-    Version="{{.Version}}"
-    Manufacturer="Fleet Device Management (fleetdm.com)"
-    UpgradeCode="B681CB20-107E-428A-9B14-2D3C1AFED244" >
-
-    <Package
-      Id="*"
-      Keywords='orbit osquery'
-      Description="Orbit osquery"
-      InstallerVersion="500"
-      Compressed="yes"
-      InstallScope="perMachine"
-      InstallPrivileges="elevated"
-      Languages="1033" />
-
-    <MediaTemplate EmbedCab="yes" />
-
-    <MajorUpgrade AllowDowngrades="yes" />
-
-    <Directory Id="TARGETDIR" Name="SourceDir">
-      <Directory Id="ProgramFiles64Folder">
-        <Directory Id="ORBITROOT" Name="Orbit">
-          <Component Id="C_ORBITROOT" Guid="A7DFD09E-2D2B-4535-A04F-5D4DE90F3863">
-            <CreateFolder>
-              <PermissionEx Sddl="O:SYG:SYD:P(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;BU)" />
-            </CreateFolder>
-          </Component>
-          <Directory Id="ORBITBIN" Name="bin">
-            <Component Id="C_ORBITBIN" Guid="AF347B4E-B84B-4DD4-9C4D-133BE17B613D">
-              <CreateFolder>
-                <PermissionEx Sddl="O:SYG:SYD:P(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;BU)" />
-              </CreateFolder>
-              <File Source="root\bin\orbit\windows\stable\orbit.exe">
-                <PermissionEx Sddl="O:SYG:SYD:P(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;BU)" />
-              </File>
-              <ServiceInstall
-                Name="Orbit osquery"
-                Account="NT AUTHORITY\SYSTEM"
-                ErrorControl="ignore"
-                Start="auto"
-                Type="ownProcess"
-                Arguments='--root-dir "[ORBITROOT]." {{ if .FleetURL }}--fleet-url "{{ .FleetURL }}"{{ end }} {{ if .EnrollSecret }}--enroll-secret-path "[ORBITROOT]secret.txt"{{ end }} {{if .Insecure }}--insecure{{ end }} {{ if .UpdateURL }}--update-url "{{ .UpdateURL }}"{{ end }}'
-              >
-              </ServiceInstall>
-              <ServiceControl
-                Id="StartOrbitService"
-                Name="Orbit osquery"
-                Start="install"
-                Stop="both"
-                Remove="uninstall"
-              />
-            </Component>
-          </Directory>
-        </Directory>
-      </Directory>
-    </Directory>
-
-    <Feature Id="Orbit" Title="Orbit osquery" Level="1" Display="hidden">
-      <ComponentGroupRef Id="OrbitFiles" />
-      <ComponentRef Id="C_ORBITBIN" />
-      <ComponentRef Id="C_ORBITROOT" />
-    </Feature>
-
-  </Product>
-</Wix>
-`))
diff --git a/pkg/packaging/wix/transform.go b/pkg/packaging/wix/transform.go
deleted file mode 100644
index e95a935efd..0000000000
--- a/pkg/packaging/wix/transform.go
+++ /dev/null
@@ -1,113 +0,0 @@
-package wix
-
-import (
-	"bytes"
-	"encoding/xml"
-	"io/ioutil"
-
-	"github.com/pkg/errors"
-)
-
-type node struct {
-	XMLName  xml.Name
-	Attrs    attrs   `xml:",any,attr"`
-	Content  string  `xml:",chardata"`
-	Children []*node `xml:",any"`
-}
-
-type attrs []*xml.Attr
-
-// Get the value of the attr with the provided name, otherwise returning an
-// empty string.
-func (a attrs) Get(name string) string {
-	for _, attr := range a {
-		if attr.Name.Local == name {
-			return attr.Value
-		}
-	}
-
-	return ""
-}
-
-func xmlAttr(name, value string) *xml.Attr {
-	return &xml.Attr{Name: xml.Name{Local: name}, Value: value}
-}
-
-func xmlNode(name string, attrs ...*xml.Attr) *node {
-	return &node{
-		XMLName: xml.Name{Local: name},
-		Attrs:   attrs,
-	}
-}
-
-func TransformHeat(path string) error {
-	contents, err := ioutil.ReadFile(path)
-	if err != nil {
-		return errors.Wrap(err, "read file")
-	}
-
-	// Eliminate line feeds (they cause extra junk in the result)
-	contents = bytes.ReplaceAll(contents, []byte("\r"), []byte(""))
-
-	var n node
-	if err := xml.Unmarshal(contents, &n); err != nil {
-		return errors.Wrap(err, "unmarshal xml")
-	}
-
-	stack := []*node{}
-	if err := transform(&n, &stack); err != nil {
-		return errors.Wrap(err, "in transform")
-	}
-
-	contents, err = xml.MarshalIndent(n, "", "  ")
-	if err != nil {
-		return errors.Wrap(err, "marshal xml")
-	}
-
-	if err := ioutil.WriteFile(path, contents, 0o600); err != nil {
-		return errors.Wrap(err, "write file")
-	}
-
-	return nil
-}
-
-func transform(cur *node, stack *[]*node) error {
-	// Clear namespace on all elements (generates unnecessarily noisy output if
-	// this is not done).
-	cur.XMLName.Space = ""
-
-	// Change permissions for all files
-	if cur.XMLName.Local == "File" {
-		// This SDDL copied directly from osqueryd.exe after a regular
-		// osquery MSI install. We assume that osquery is getting the
-		// permissions correct and use exactly the same for our files.
-		// Using this cryptic string seems to be the only way to disable
-		// permission inheritance in a WiX package, so we may not have
-		// any option for something more readable.
-		sddl := "O:SYG:SYD:P(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;BU)"
-		if cur.Attrs.Get("Name") == "secret.txt" {
-			// This SDDL copied from properly configured file on a Windows
-			// 10 machine. Permissions are same as below but with read
-			// access removed for regular users.
-			sddl = "O:SYG:SYD:PAI(A;;FA;;;SY)(A;;FA;;;BA)"
-
-		}
-		cur.Children = append(cur.Children, xmlNode(
-			"PermissionEx",
-			xmlAttr("Sddl", sddl),
-		))
-	}
-
-	// push current node onto stack
-	*stack = append(*stack, cur)
-	// Recursively walk the children
-	for _, child := range cur.Children {
-		if err := transform(child, stack); err != nil {
-			return err
-		}
-	}
-	// pop current node from stack
-	*stack = (*stack)[:len(*stack)-1]
-
-	return nil
-}
diff --git a/pkg/packaging/wix/wix.go b/pkg/packaging/wix/wix.go
deleted file mode 100644
index c068d9cbd1..0000000000
--- a/pkg/packaging/wix/wix.go
+++ /dev/null
@@ -1,88 +0,0 @@
-// Package wix runs the WiX packaging tools via Docker.
-//
-// WiX's documentation is available at https://wixtoolset.org/.
-package wix
-
-import (
-	"os"
-	"os/exec"
-
-	"github.com/pkg/errors"
-)
-
-const (
-	directoryReference = "ORBITROOT"
-)
-
-// Heat runs the WiX Heat command on the provided directory.
-//
-// The Heat command creates XML fragments allowing WiX to include the entire
-// directory. See
-// https://wixtoolset.org/documentation/manual/v3/overview/heat.html.
-func Heat(path string) error {
-	cmd := exec.Command(
-		"docker", "run", "--rm", "--platform", "linux/386",
-		"--volume", path+":/wix", // mount volume
-		"dactiv/wix:latest",   // image name
-		"heat", "dir", "root", // command in image
-		"-out", "heat.wxs",
-		"-gg", "-g1", // generate UUIDs (required by wix)
-		"-cg", "OrbitFiles", // set ComponentGroup name
-		"-scom", "-sfrag", "-srd", "-sreg", // suppress unneccesary generated items
-		"-dr", directoryReference, // set reference name
-		"-ke", // keep empty directories
-	)
-	cmd.Stdout, cmd.Stderr = os.Stdout, os.Stderr
-
-	if err := cmd.Run(); err != nil {
-		return errors.Wrap(err, "heat failed")
-	}
-
-	return nil
-}
-
-// Candle runs the WiX Candle command on the provided directory.
-//
-// See
-// https://wixtoolset.org/documentation/manual/v3/overview/candle.html.
-func Candle(path string) error {
-	cmd := exec.Command(
-		"docker", "run", "--rm", "--platform", "linux/386",
-		"--volume", path+":/wix", // mount volume
-		"dactiv/wix:latest",              // image name
-		"candle", "heat.wxs", "main.wxs", // command in image
-		"-ext", "WixUtilExtension",
-		"-arch", "x64",
-	)
-	cmd.Stdout, cmd.Stderr = os.Stdout, os.Stderr
-
-	if err := cmd.Run(); err != nil {
-		return errors.Wrap(err, "candle failed")
-	}
-
-	return nil
-}
-
-// Light runs the WiX Light command on the provided directory.
-//
-// See
-// https://wixtoolset.org/documentation/manual/v3/overview/light.html.
-func Light(path string) error {
-	cmd := exec.Command(
-		"docker", "run", "--rm", "--platform", "linux/386",
-		"--volume", path+":/wix", // mount volume
-		"dactiv/wix:latest",                   // image name
-		"light", "heat.wixobj", "main.wixobj", // command in image
-		"-ext", "WixUtilExtension",
-		"-b", "root", // Set directory for finding heat files
-		"-out", "orbit.msi",
-		"-sval", // skip validation (otherwise Wine crashes)
-	)
-	cmd.Stdout, cmd.Stderr = os.Stdout, os.Stderr
-
-	if err := cmd.Run(); err != nil {
-		return errors.Wrap(err, "light failed")
-	}
-
-	return nil
-}