bb310e685d
#18925 (Should also fix #17660.) Tests: - Ubuntu 22.04.2 - Wayland - Works with chrome ✅ - Doesn't work with Firefox. ❌ - Xorg - Works with Chrome. ✅ - Works with Firefox. ✅ - Ubuntu 24.04 - Wayland - Doesn't work with Chrome. ❌ - Doesn't work with Firefox. ❌ - Xorg (when using Xorg it defaults to `DISPLAY=:1`, and with the changes in this PR it works): - Works with Chrome. ✅ - Works with Firefox. ✅ --- How to change between Wayland and Xorg: - Set `WaylandEnable=false` in `/etc/gdm3/custom.conf` and reboot. --- How to determine what's running: ```sh $ loginctl SESSION UID USER SEAT TTY 2 1000 luk seat0 tty2 c2 1000 luk $ loginctl show-session 2 -p Type # will output Type=wayland or Type=x11 ``` --- - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [X] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [x] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)). |
||
|---|---|---|
| .. | ||
| create_repository.sh | ||
| docker_package.sh | ||
| Dockerfile | ||
| Fleetd-auto-update-test-guide.md | ||
| gen_pkgs.sh | ||
| main.sh | ||
| Nudge-auto-update-test-guide.md | ||
| push_target.sh | ||
| README.md | ||
| run_server.sh | ||
Testing TUF
Scripts in this directory aim to ease the testing of Orbit and the TUF system.
WARNING: All of these scripts are for testing only, they are not safe for production use.
Setup
- The script is executed on a macOS host.
- Fleet server also running on the same macOS host.
- All VMs (and the macOS host itself) are configured to resolve
host.docker.internalto the macOS host IP (by modifying theirhostsfile). - The hosts are running on the same GOARCH as the macOS host. If not, you can set the
GOARCHenvironment variable to compile for the desired architecture. For example:GOARCH=amd64
PS: We use
host.docker.internalbecause the testing certificate./tools/osquery/fleet.crthas such hostname (andlocalhost) defined as SANs.
PPS: Make sure you set the macOSX deployment target to the lowest macOS version you intend to support. See Troubleshooting for more details.
Run
The main.sh creates and runs the TUF repository and optionally generate the installers (GENERATE_PKGS):
SYSTEMS="macos windows linux" \
PKG_FLEET_URL=https://localhost:8080 \
PKG_TUF_URL=http://localhost:8081 \
DEB_FLEET_URL=https://host.docker.internal:8080 \
DEB_TUF_URL=http://host.docker.internal:8081 \
RPM_FLEET_URL=https://host.docker.internal:8080 \
RPM_TUF_URL=http://host.docker.internal:8081 \
MSI_FLEET_URL=https://host.docker.internal:8080 \
MSI_TUF_URL=http://host.docker.internal:8081 \
GENERATE_PKG=1 \
GENERATE_DEB=1 \
GENERATE_RPM=1 \
GENERATE_MSI=1 \
ENROLL_SECRET=6/EzU/+jPkxfTamWnRv1+IJsO4T9Etju \
FLEET_DESKTOP=1 \
USE_FLEET_SERVER_CERTIFICATE=1 \
DEBUG=1 \
./tools/tuf/test/main.sh
Separate
*_FLEET_URLand*_TUF_URLvariables are defined for each package type to support different setups.
To publish test extensions you can set comma-separated executable paths in the {MACOS|WINDOWS|LINUX}_TEST_EXTENSIONS environment variables:
Here's a sample to use the hello_world and hello_mars test extensions:
# Build `hello_word` and `hello_mars` test extensions.
./tools/test_extensions/hello_world/build.sh
[...]
MACOS_TEST_EXTENSIONS="./tools/test_extensions/hello_world/macos/hello_world_macos.ext,./tools/test_extensions/hello_world/macos/hello_mars_macos.ext" \
WINDOWS_TEST_EXTENSIONS="./tools/test_extensions/hello_world/windows/hello_world_windows.ext.exe,./tools/test_extensions/hello_world/windows/hello_mars_windows.ext.exe" \
LINUX_TEST_EXTENSIONS="./tools/test_extensions/hello_world/linux/hello_world_linux.ext,./tools/test_extensions/hello_world/linux/hello_mars_linux.ext" \
[...]
./tools/tuf/test/main.sh
To build for a specific architecture, you can pass the GOARCH environment variable:
[...]
GOARCH=arm64 # defaults to amd64
[...]
./tools/tuf/test/main.sh
Add new updates
To add new updates (osqueryd or orbit), use push_target.sh.
E.g. to add a new version of orbit for Windows:
# Compile a new version of Orbit:
GOOS=windows GOARCH=amd64 go build -o orbit-windows.exe ./orbit/cmd/orbit
# Push the compiled Orbit as a new version
./tools/tuf/test/push_target.sh windows orbit orbit-windows.exe 43
If the script was executed on a macOS host, the Orbit binary will be an universal binary. To push updates you can do:
# Compile a universal binary of Orbit:
CGO_ENABLED=1 \
ORBIT_VERSION=42 \
ORBIT_BINARY_PATH="orbit-macos" \
go run ./orbit/tools/build/build.go
# Push the compiled Orbit as a new version
./tools/tuf/test/push_target.sh macos orbit orbit-macos 43
E.g. to add a new version of osqueryd for macOS:
# Generate osqueryd app bundle.
make osqueryd-app-tar-gz version=5.5.1 out-path=.
# Push the osqueryd target as a new version
./tools/tuf/test/push_target.sh macos-app osqueryd osqueryd.app.tar.gz 5.5.1
NOTE: Contributors on macOS with Apple silicon ran into issues running osqueryd downloaded from GitHub. Until this issue is root caused, the workaround is to download osqueryd from Fleet's TUF.
E.g. to add a new version of desktop for macOS:
# Compile a new version of fleet-desktop
make desktop-app-tar-gz
# Push the desktop target as a new version
./tools/tuf/test/push_target.sh macos desktop desktop.app.tar.gz 43
Troubleshooting
Fleet Desktop Startup Issue on macOS
When running Fleet Desktop on an older macOS version than it was compiled on, Orbit may not launch it due to an error:
_LSOpenURLsWithCompletionHandler() failed with error -10825
Solution: Set the MACOSX_DEPLOYMENT_TARGET environment variable to the lowest macOS version you intend to support:
export MACOSX_DEPLOYMENT_TARGET=13 # replace '13' with your target macOS version