mirror of
https://github.com/fleetdm/fleet
synced 2026-05-24 09:28:54 +00:00
fa38063590
This pull request addresses a startup issue with Fleet Desktop on openSUSE Leap 16 and similar Linux distributions. The main change is to adjust how Fleet Desktop and key-escrow dialogs are launched to avoid environment variable loss caused by login shell profile scripts. The fix is scoped specifically to openSUSE Leap 16+ to avoid impacting other distributions. **Distribution-specific sudo invocation changes:** * The `-i` (login shell) flag is now omitted from the `sudo` command when launching Fleet Desktop and key-escrow dialogs on openSUSE Leap 16 and newer, preventing environment variables from being lost due to profile script interference. [[1]](diffhunk://#diff-633ab361af6795ef458233819e2806dfba4ca56f684866d956321825b8fd2e91R1) [[2]](diffhunk://#diff-3e8315d9f12512bce490457c5d20bd7c5aebaa2a8e18b1abf50e504815dd7a9dR178-R193) * For all other supported distributions, the previous behavior (using `-i`) is preserved to maintain compatibility and avoid unnecessary re-testing. **Detection logic:** * Introduced a new helper function `isOpenSUSELeap16Plus` in `execuser_linux.go` to detect if the host is running openSUSE Leap 16 or newer by parsing `/etc/os-release`. This ensures the workaround is only applied where necessary. --- **Related issue:** N/A — surfaced via field investigation on openSUSE Leap 16 (arm64). This PR addresses two distinct issues that together prevent Fleet Desktop from working on openSUSE Leap 16, both validated end-to-end on a real Leap 16 (arm64) host. ## 1. Launch reliability — drop `sudo -i` `orbit/pkg/execuser/execuser_linux.go` On Linux, Orbit launches Fleet Desktop with: ``` sudo -n -i -u <user> -H env WAYLAND_DISPLAY=… … FLEET_DESKTOP_DEVICE_IDENTIFIER_PATH=/opt/orbit/identifier … /…/fleet-desktop ``` The `-i` flag makes sudo "simulate initial login" — it runs the target user's shell as a login shell and wraps the rest of the command in `bash --login -c '<escaped>'`. That sources `/etc/profile` and every script in `/etc/profile.d/*` before our `env KEY=val … fleet-desktop` line runs, and shell metacharacters (`=`, `:`, `/`, `.`) get backslash-escaped through the shell layer. On **openSUSE Leap 16 (arm64)**, that indirection causes the inline env-var assignments to not reach `fleet-desktop`, which exits immediately with: ``` FTL missing URL environment FLEET_DESKTOP_DEVICE_IDENTIFIER_PATH ``` Orbit then respawns it every ~15 s in a tight kill-and-respawn loop, so the tray icon never appears. **Fix:** drop `-i` from the sudo invocation. We don't need a login shell: - `-H` already sets `HOME` to the target user. - sudo's default `env_reset` sets `USER` / `LOGNAME` / `SHELL` / `MAIL` and `PATH` to `secure_path`. - All session vars (`WAYLAND_DISPLAY`, `DISPLAY`, `DBUS_SESSION_BUS_ADDRESS`, `LD_LIBRARY_PATH`) and every `FLEET_DESKTOP_*` var are already passed explicitly via `env KEY=val …`. After the change, sudo `execve()`s `env` directly with no shell layer in between, so `/etc/profile.d` sourcing and shell-escaping are out of the picture. The `runuser -l` /proc/keys-leak regression from PR #32309 does not apply — that was specific to `runuser -l` creating session keyrings; sudo without `-i` doesn't. # Checklist for submitter - [x] Changes file added: `orbit/changes/fleet-desktop-linux-no-login-shell` - [x] Input data is properly validated; untrusted data interpolated into shell scripts/commands is validated against shell metacharacters. - [x] Timeouts are implemented and retries are limited to avoid infinite loops (script's wait loop now bounded at 90s). - [x] If paths of existing endpoints are modified without backwards compatibility, checked the frontend/CLI for any necessary changes — N/A. ## Testing Manual QA needed before merge: - [x] **openSUSE Leap 16 (arm64)** — Fleet Desktop process starts, stays running, env vars present, no FTL respawn loop. Done via `sudo` shim. - [x] **openSUSE Leap 16 (arm64) — extension fallback** — manual tarball install + schema compilation produces a working tray icon (matching what the script automates). - [ ] **Ubuntu 22.04 / 24.04** — regression check: Fleet Desktop tray icon still appears, key-escrow zenity dialog still renders, AppIndicator script still installs via the official path. - [ ] **Fedora (recent)** — regression check: same as above. - [ ] **Debian** — regression check: same as above. - [ ] **openSUSE Tumbleweed** — confirm `InstallRemoteExtension` path still works (no fallback path triggered). ## fleetd/orbit/Fleet Desktop - [x] Verified compatibility with the latest released version of Fleet — pure launch-flag change plus a script update; no protocol or schema impact. - [x] If the change applies to only one platform, confirmed that `runtime.GOOS` is used as needed to isolate changes — Go change is in `execuser_linux.go`, only built on Linux. The script is Linux-only by construction. - [ ] Verified that fleetd runs on macOS, Linux and Windows — Linux re-verification pending QA above; macOS/Windows code paths unchanged. - [ ] Verified auto-update works from the released version of component to the new version. ## Notes for reviewers - The tray-icon visibility issue is an OS-side prerequisite (GNOME 3.26+ has no native tray), so the AppIndicator extension is required regardless. Even after installing it, Wayland requires a logout/login to pick up new extensions — this is documented behavior and not specific to the fallback path. |
||
|---|---|---|
| .. | ||
| augeas | ||
| bitlocker | ||
| build | ||
| constant | ||
| cryptoinfo | ||
| dataflatten | ||
| dialog | ||
| execuser | ||
| go-paniclog | ||
| insecure | ||
| installer | ||
| kdialog | ||
| keystore | ||
| logging | ||
| luks | ||
| lvm | ||
| migration | ||
| osquery | ||
| osservice | ||
| packaging | ||
| platform | ||
| process | ||
| profiles | ||
| scripts | ||
| setup_experience | ||
| swiftdialog | ||
| table | ||
| token | ||
| update | ||
| user | ||
| useraction | ||
| windows | ||
| zenity | ||