mirror of
https://github.com/fleetdm/fleet
synced 2026-05-23 00:49:03 +00:00
d4a1b4d218
#9253 - ~[ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information.~ - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [X] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~ --------- Co-authored-by: Sharon Katz <121527325+sharon-fdm@users.noreply.github.com>
111 lines
3 KiB
Go
111 lines
3 KiB
Go
//go:build ignore
|
|
// +build ignore
|
|
|
|
package main
|
|
|
|
// This tool builds Orbit as macOS Universal Binary, codesigns it and notarizes it.
|
|
// It currently doesn't support stapling of the binary.
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"os"
|
|
"os/exec"
|
|
"path/filepath"
|
|
|
|
"github.com/fleetdm/fleet/v4/orbit/pkg/packaging"
|
|
"github.com/fleetdm/fleet/v4/pkg/buildpkg"
|
|
"github.com/mitchellh/gon/package/zip"
|
|
zlog "github.com/rs/zerolog/log"
|
|
)
|
|
|
|
func main() {
|
|
// Codesigning configuration
|
|
codesignIdentity := os.Getenv("CODESIGN_IDENTITY")
|
|
|
|
// Notarization configuration
|
|
acUsername := os.Getenv("AC_USERNAME")
|
|
acPassword := os.Getenv("AC_PASSWORD")
|
|
acTeamID := os.Getenv("AC_TEAM_ID")
|
|
|
|
codesign := false
|
|
if codesignIdentity != "" {
|
|
codesign = true
|
|
} else {
|
|
zlog.Info().Msg("skipping running codesign: CODESIGN_IDENTITY not set")
|
|
}
|
|
|
|
notarize := false
|
|
if acUsername != "" && acPassword != "" && acTeamID != "" {
|
|
notarize = true
|
|
} else {
|
|
zlog.Info().Msg("skipping running notarization: AC_USERNAME, AC_PASSWORD, AC_TEAM_ID not all set")
|
|
}
|
|
|
|
const (
|
|
amdBinaryPath = "orbit-darwin-amd64"
|
|
armBinaryPath = "orbit-darwin-arm64"
|
|
binaryPath = "orbit-darwin"
|
|
bundleIdentifier = "com.fleetdm.orbit"
|
|
)
|
|
if err := buildOrbit(amdBinaryPath, "amd64"); err != nil {
|
|
panic(err)
|
|
}
|
|
if err := buildOrbit(armBinaryPath, "arm64"); err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
if err := buildpkg.MakeMacOSFatExecutable(binaryPath, amdBinaryPath, armBinaryPath); err != nil {
|
|
panic(err)
|
|
}
|
|
if err := os.Remove(amdBinaryPath); err != nil {
|
|
panic(err)
|
|
}
|
|
if err := os.Remove(armBinaryPath); err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
if codesign {
|
|
codeSign := exec.Command("codesign", "-s", codesignIdentity, "-i", bundleIdentifier,
|
|
"-f", "-v", "--timestamp", "--options", "runtime", binaryPath,
|
|
)
|
|
zlog.Info().Str("command", codeSign.String()).Msgf("signing %s", binaryPath)
|
|
|
|
codeSign.Stderr = os.Stderr
|
|
codeSign.Stdout = os.Stdout
|
|
if err := codeSign.Run(); err != nil {
|
|
panic(err)
|
|
}
|
|
}
|
|
|
|
if notarize {
|
|
const notarizationZip = "orbit.zip"
|
|
// NOTE(lucas): The binary needs to be zipped in order to upload to Apple for Notarization.
|
|
if err := zip.Zip(context.Background(), &zip.Options{Files: []string{binaryPath}, OutputPath: notarizationZip}); err != nil {
|
|
panic(err)
|
|
}
|
|
defer os.Remove(notarizationZip)
|
|
|
|
if err := packaging.Notarize(notarizationZip, bundleIdentifier); err != nil {
|
|
panic(err)
|
|
}
|
|
// TODO(lucas): packaging.Staple doesn't work on plain binaries.
|
|
}
|
|
}
|
|
|
|
func buildOrbit(binaryPath, arch string) error {
|
|
/* #nosec G204 -- arguments are actually well defined */
|
|
buildExec := exec.Command("go", "build",
|
|
"-o", binaryPath,
|
|
"./"+filepath.Join("orbit", "cmd", "orbit"),
|
|
)
|
|
buildExec.Env = append(os.Environ(), "GOOS=darwin", "GOARCH="+arch)
|
|
buildExec.Stderr = os.Stderr
|
|
buildExec.Stdout = os.Stdout
|
|
|
|
zlog.Info().Str("command", buildExec.String()).Str("arch", arch).Msg("build orbit executable")
|
|
if err := buildExec.Run(); err != nil {
|
|
return fmt.Errorf("compile for %s: %w", arch, err)
|
|
}
|
|
return nil
|
|
}
|