Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-24 09:28:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 30
fleet/pkg/file/management.go
Nico b42fc182fe
Fix fleetd in-band upgrade on macOS hosts (#42187) 
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #32126

# Checklist for submitter


- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

## Testing

- [ ] Added/updated automated tests

- [x] QA'd all new/changed functionality manually

Steps:
- Have fleetd installed on the host.
- `make build` and re-run the server.
- Generate a new fleetd package: `./build/fleetctl package --type=pkg
--enable-scripts --fleet-desktop --fleet-url=<URL>
--enroll-secret=<SECRET>`
- Upload the newly-generated `fleet-osquery.pkg` to Host details >
Software > Library.
- Click `Install`.
- When the install finishes, verify that the UI says `Installed`:

<img width="1433" height="392" alt="Screenshot 2026-03-20 at 4 42 19 PM"
src="https://github.com/user-attachments/assets/ec78b63e-e5c7-4b27-acde-4e4f63f5f7b2"
/>

- Verified logs:

`/var/log/orbit/orbit.stderr.log` logs after successful upgrade:

```
2026-03-20T16:24:58-03:00 INF hash(orbit)=4ba4729515dc6923cf54eaca610c6dbded344941a10e552579c19676b7419bc5643e98fd8cf404d8ed2cd6168d7b756b2df56997ff41b51b520fa6456b407979
2026-03-20T16:24:58-03:00 INF hash(osqueryd)=9d2ab3eb30537e38c78a089ae28196d34afc436030bca10ae60a06fd20e344bc911ab0e036e8abb44e401809b6056a04aa9dddf00d90386a451fe55ca3a0ffe8
2026-03-20T16:24:58-03:00 INF hash(desktop)=9317a1617709492dec2cb2ff3821412e5061c402b1c7988f16a99faa81b2c8dffa1fb038d5fb8c4dae67e5545a577bbe6b1a8c13adb39453b2ba7bddfb36dafa
2026-03-20T16:24:58-03:00 INF orbit version: 1.53.1
2026-03-20T16:25:00-03:00 INF Found osquery version: 5.21.0
2026-03-20T16:25:12-03:00 INF token rotation is enabled
2026-03-20T16:25:14-03:00 INF Found fleet-desktop version: 1.53.1
2026-03-20T16:25:14-03:00 INF checking for custom mdm enrollment profile with end user email
2026-03-20T16:25:14-03:00 INF get custom enrollment profile end user email: profile not found
2026-03-20T16:25:14-03:00 INF orbitClient.GetServerCapabilities() map[end_user_email:{} escrow_buddy:{} linux_disk_encryption_escrow:{} macos_web_setup_experience:{} orbit_endpoints:{} setup_experience:{} token_rotation:{} web_setup_experience:{}]
2026-03-20T16:25:14-03:00 INF opening path="/opt/orbit/bin/desktop/macos/stable/Fleet Desktop.app"
2026-03-20T16:25:14-03:00 INF start osqueryd cmd="/opt/orbit/bin/osqueryd/macos-app/stable/osquery.app/Contents/MacOS/osqueryd --pidfile=/opt/orbit/osquery.pid --extensions_socket=/opt/orbit/orbit-osquery.em --logger_path=/opt/orbit/osquery_log --enroll_secret_env ENROLL_SECRET --tls_hostname=nicofleet.ngrok.io --enroll_tls_endpoint=/api/v1/osquery/enroll --config_plugin=tls --config_tls_endpoint=/api/v1/osquery/config --config_refresh=60 --disable_distributed=false --distributed_plugin=tls --distributed_tls_max_attempts=10 --distributed_tls_read_endpoint=/api/v1/osquery/distributed/read --distributed_tls_write_endpoint=/api/v1/osquery/distributed/write --logger_plugin=tls,filesystem --logger_tls_endpoint=/api/v1/osquery/log --disable_carver=false --carver_disable_function=false --carver_start_endpoint=/api/v1/osquery/carve/begin --carver_continue_endpoint=/api/v1/osquery/carve/block --carver_block_size=8000000 --tls_accept_gzip=true --tls_server_certs /opt/orbit/certs.pem --augeas_lenses /opt/orbit/lenses --force --flagfile /opt/orbit/osquery.flags --host-identifier uuid --database_path /opt/orbit/osquery.db"
2026-03-20T16:25:14-03:00 INF killing any pre-existing fleet-desktop instances
I0320 16:25:20.108963 1878142976 interface.cpp:137] Registering extension (com.fleetdm.orbit.osquery_extension.v1, 45937, version=, sdk=)
I0320 16:25:30.446642 194764992 eventfactory.cpp:156] Event publisher not enabled: endpointsecurity: EndpointSecurity is disabled via configuration
I0320 16:25:30.474906 194764992 eventfactory.cpp:156] Event publisher not enabled: endpointsecurity_fim: EndpointSecurity is disabled via configuration
I0320 16:25:30.475134 194764992 eventfactory.cpp:156] Event publisher not enabled: openbsm: Publisher disabled via configuration
I0320 16:25:30.475183 194764992 eventfactory.cpp:156] Event publisher not enabled: scnetwork: Publisher not used
I0320 16:25:30.475217 194764992 eventfactory.cpp:156] Event publisher not enabled: event_tapping: Publisher disabled via configuration
2026-03-20T16:27:14-03:00 INF received notification for software installers: [147149e7-2634-4b23-b724-aafc995e3f09] runner=installer
2026-03-20T16:27:14-03:00 INF processing installerID=147149e7-2634-4b23-b724-aafc995e3f09 runner=installer
2026-03-20T16:27:14-03:00 INF fetching installer details installerID=147149e7-2634-4b23-b724-aafc995e3f09 runner=installer
2026-03-20T16:27:14-03:00 INF about to download software installer from Fleet installerID=147149e7-2634-4b23-b724-aafc995e3f09 runner=installer
2026-03-20T16:27:37-03:00 INF done downloading installerID=147149e7-2634-4b23-b724-aafc995e3f09 runner=installer
2026-03-20T16:27:37-03:00 INF software installer downloaded installerID=147149e7-2634-4b23-b724-aafc995e3f09 installerPath=/tmp/3354102551/fleet-osquery.pkg runner=installer
2026-03-20T16:27:37-03:00 INF about to run install script installerID=147149e7-2634-4b23-b724-aafc995e3f09 runner=installer
2026-03-20T16:27:40-03:00 INF install script exitCode=0 installerID=147149e7-2634-4b23-b724-aafc995e3f09 runner=installer
```

---------

Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com>
2026-03-27 09:04:14 -03:00

136 lines
3.3 KiB
Go
Raw Blame History

package file
import (
_ "embed"
"fmt"
"regexp"
"strings"
)
//go:embed scripts/install_pkg.sh
var installPkgScript string
//go:embed scripts/install_pkg_fleetd.sh
var InstallPkgFleetdScript string
// IsFleetdPkg returns true if the given package IDs indicate this is a
// fleet-osquery (fleetd/orbit) package.
func IsFleetdPkg(packageIDs []string) bool {
for _, id := range packageIDs {
if strings.HasPrefix(id, "com.fleetdm.orbit") {
return true
}
}
return false
}
//go:embed scripts/install_msi.ps1
var installMsiScript string
//go:embed scripts/install_deb.sh
var installDebScript string
//go:embed scripts/install_rpm.sh
var installRPMScript string
// GetInstallScript returns a script that can be used to install the given extension
func GetInstallScript(extension string) string {
switch extension {
case "msi":
return installMsiScript
case "deb":
return installDebScript
case "rpm":
return installRPMScript
case "pkg":
return installPkgScript
default:
return ""
}
}
//go:embed scripts/remove_exe.ps1
var removeExeScript string
//go:embed scripts/remove_pkg.sh
var removePkgScript string
//go:embed scripts/remove_msi.ps1
var removeMsiScript string
//go:embed scripts/remove_deb.sh
var removeDebScript string
//go:embed scripts/remove_rpm.sh
var removeRPMScript string
// GetRemoveScript returns a script that can be used to remove an
// installer with the given extension.
func GetRemoveScript(extension string) string {
switch extension {
case "msi":
return removeMsiScript
case "deb":
return removeDebScript
case "rpm":
return removeRPMScript
case "pkg":
return removePkgScript
case "exe":
return removeExeScript
default:
return ""
}
}
//go:embed scripts/uninstall_pkg.sh
var uninstallPkgScript string
//go:embed scripts/uninstall_msi.ps1
var uninstallMsiScript string
//go:embed scripts/uninstall_msi_with_upgrade_code.ps1
var UninstallMsiWithUpgradeCodeScript string
var PackageIDRegex = regexp.MustCompile(`((("\$PACKAGE_ID")|(\$PACKAGE_ID))(?P<suffix>\W|$))|(("\${PACKAGE_ID}")|(\${PACKAGE_ID}))`)
var UpgradeCodeRegex = regexp.MustCompile(`((("\$UPGRADE_CODE")|(\$UPGRADE_CODE))(?P<suffix>\W|$))|(("\${UPGRADE_CODE}")|(\${UPGRADE_CODE}))`)
// shellMetacharRegex matches shell metacharacters that are unsafe for script interpolation.
var shellMetacharRegex = regexp.MustCompile("['" + `"` + "`" + `$\\|;&><!\n\r]`)
// ValidatePackageIdentifiers checks that package IDs and upgrade codes do not
// contain shell metacharacters.
func ValidatePackageIdentifiers(packageIDs []string, upgradeCode string) error {
for _, id := range packageIDs {
if shellMetacharRegex.MatchString(id) {
return fmt.Errorf("package identifier %q contains invalid characters", id)
}
}
if upgradeCode != "" && shellMetacharRegex.MatchString(upgradeCode) {
return fmt.Errorf("upgrade code %q contains invalid characters", upgradeCode)
}
return nil
}
//go:embed scripts/uninstall_deb.sh
var uninstallDebScript string
//go:embed scripts/uninstall_rpm.sh
var uninstallRPMScript string
// GetUninstallScript returns a script that can be used to uninstall a
// software item with the given extension.
func GetUninstallScript(extension string) string {
switch extension {
case "msi":
return uninstallMsiScript
case "deb":
return uninstallDebScript
case "rpm":
return uninstallRPMScript
case "pkg":
return uninstallPkgScript
default:
return ""
}
}
Reference in a new issue View git blame Copy permalink