Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-24 09:28:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 30
fleet/tools/tuf/test
History
Roberto Dip 4103e77e90
add swiftDialog to TUF (#11643) 
Related to #11534 this is an extract from the code I used to build a
prototype to see if `swiftDialog` would work for us.

This is very similar to the work we did for Nudge previously.
2023-05-11 15:01:43 -03:00
..
create_repository.sh add swiftDialog to TUF (#11643) 2023-05-11 15:01:43 -03:00
gen_pkgs.sh Add mTLS support to fleetd (#11319) 2023-04-27 08:44:39 -03:00
main.sh Add mTLS support to fleetd (#11319) 2023-04-27 08:44:39 -03:00
Nudge-auto-update-test-guide.md Enable installation and auto-updates of Nudge via Orbit (#9605) 2023-02-10 17:03:43 -03:00
Orbit-auto-update-test-guide.md Add mTLS support to fleetd (#11319) 2023-04-27 08:44:39 -03:00
push_target.sh Prepare TUF scripts for CI and support different dev setups (#5616) 2022-05-11 17:00:18 -03:00
README.md Add mTLS support to fleetd (#11319) 2023-04-27 08:44:39 -03:00
run_server.sh Prepare TUF scripts for CI and support different dev setups (#5616) 2022-05-11 17:00:18 -03:00

README.md

Testing TUF

Scripts in this directory aim to ease the testing of Orbit and the TUF system.

WARNING: All of these scripts are for testing only, they are not safe for production use.

Setup

  1. The script is executed on a macOS host.
  2. Fleet server also running on the same macOS host.
  3. All VMs (and the macOS host itself) are configured to resolve host.docker.internal to the macOS host IP (by modifying their hosts file).

PS: We use host.docker.internal because the testing certificate ./tools/osquery/fleet.crt has such hostname (and localhost) defined as SANs.

Run

The main.sh creates and runs the TUF repository and optionally generate the installers (GENERATE_PKGS):

SYSTEMS="macos windows linux" \
PKG_FLEET_URL=https://localhost:8080 \
PKG_TUF_URL=http://localhost:8081 \
DEB_FLEET_URL=https://host.docker.internal:8080 \
DEB_TUF_URL=http://host.docker.internal:8081 \
RPM_FLEET_URL=https://host.docker.internal:8080 \
RPM_TUF_URL=http://host.docker.internal:8081 \
MSI_FLEET_URL=https://host.docker.internal:8080 \
MSI_TUF_URL=http://host.docker.internal:8081 \
GENERATE_PKG=1 \
GENERATE_DEB=1 \
GENERATE_RPM=1 \
GENERATE_MSI=1 \
ENROLL_SECRET=6/EzU/+jPkxfTamWnRv1+IJsO4T9Etju \
FLEET_DESKTOP=1 \
USE_FLEET_SERVER_CERTIFICATE=1 \
./tools/tuf/test/main.sh

Separate *_FLEET_URL and *_TUF_URL variables are defined for each package type to support different setups.

Add new updates

To add new updates (osqueryd or orbit), use push_target.sh.

E.g. to add a new version of orbit for Windows:

# Compile a new version of Orbit:
GOOS=windows GOARCH=amd64 go build -o orbit-windows.exe ./orbit/cmd/orbit

# Push the compiled Orbit as a new version
./tools/tuf/test/push_target.sh windows orbit orbit-windows.exe 43

E.g. to add a new version of osqueryd for macOS:

# Generate osqueryd app bundle.
make osqueryd-app-tar-gz version=5.5.1 out-path=.

# Push the osqueryd target as a new version
./tools/tuf/test/push_target.sh macos-app osqueryd osqueryd.app.tar.gz 5.5.1

E.g. to add a new version of desktop for macOS:

# Compile a new version of fleet-desktop
make desktop-app-tar-gz

# Push the desktop target as a new version
./tools/tuf/test/push_target.sh macos desktop desktop.app.tar.gz 43