Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-20 15:38:39 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 107
fleet/orbit/pkg/packaging
History
Lucas Manuel Rodriguez 4948325892
fleetd generate TPM key and issue SCEP certificate (#30932) 
#30461

This PR contains the changes for the happy path.
On a separate PR we will be adding tests and further fixes for edge
cases.

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [ ] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Make sure fleetd is compatible with the latest released version of
Fleet (see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md)).
- [ ] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Added support for using a TPM-backed key and SCEP-issued certificate
to sign HTTP requests, enhancing security through hardware-based key
management.
* Introduced new CLI and environment flags to enable TPM-backed client
certificates for Linux packages and Orbit.
* Added a local HTTPS proxy that automatically signs requests using the
TPM-backed key.

* **Bug Fixes**
* Improved cleanup and restart behavior when authentication fails with a
host identity certificate.

* **Tests**
* Added comprehensive tests for SCEP client functionality and TPM
integration.

* **Chores**
* Updated scripts and documentation to support TPM-backed client
certificate packaging and configuration.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-18 11:31:52 -03:00
..
wix Orbit for Windows ARM64 (#27882) 2025-04-11 10:18:28 -04:00
certs.pem Update Orbit CA certs [automated] (#20148) 2024-07-02 15:22:52 -03:00
deb.go update documentation of orbit/pkg/packaging (#6819) 2022-07-25 20:14:20 -03:00
linux_shared.go fleetd generate TPM key and issue SCEP certificate (#30932) 2025-07-18 11:31:52 -03:00
macos.go Adding optional parameter outfile to fleetctl package (#29579) 2025-06-12 10:25:40 -05:00
macos_notarize.go Update to latest gon with notarytool until we find a better solution (#14918) 2023-11-03 18:56:30 -05:00
macos_rcodesign.go device_token endpoint improvements (#15849) 2023-12-28 14:20:36 -06:00
macos_templates.go Enable launch daemon before trying to bootstrap it (#22764) 2024-10-23 13:54:41 -03:00
mk-ca-bundle.pl Update mk-ca-bundle.pl tool in repository (#8184) 2022-10-12 12:01:18 -03:00
packaging.go fleetd generate TPM key and issue SCEP certificate (#30932) 2025-07-18 11:31:52 -03:00
rpm.go update documentation of orbit/pkg/packaging (#6819) 2022-07-25 20:14:20 -03:00
windows.go Adding optional parameter outfile to fleetctl package (#29579) 2025-06-12 10:25:40 -05:00
windows_templates.go Orbit for Windows ARM64 (#27882) 2025-04-11 10:18:28 -04:00
windows_test.go Orbit for Windows ARM64 (#27882) 2025-04-11 10:18:28 -04:00