search

fleetdm / fleet

Open-source platform for IT, security, and infrastructure teams. (Linux, macOS, Chrome, Windows, cloud, data center)
https://fleetdm.com
Other
3.01k stars 418 forks source link

Publicly accessible, signed installer + manifest #10960

Closed roperzh closed 1 year ago

roperzh commented 1 year ago

Related user story

Related to #9459

Task

Using the tooling being introduced in https://github.com/fleetdm/fleet/pull/10959 and the orbit changes introduced in https://github.com/fleetdm/fleet/pull/10980

  1. Release a new version of orbit to edge when the changes from https://github.com/fleetdm/fleet/pull/10980 are good to go and merged.

  2. Create a fleetd installer

fleetctl package --type=pkg --fleet-desktop --orbit-channel=edge --use-system-configuration
  1. Sign the installer so it can be installed via MDM
productsign --sign "Developer ID Installer: $DEVID_INFO" fleet-osquery.pkg fleetd-base.pkg
  1. Run appmanifest
$ go run tools/mdm/apple/appmanifest/main.go \
    -pkg-file fleetd-base.pkg \
    -pkg-url $YOUR_URL > fleetd-base-manifest.plist
  1. Upload fleetd-base.pkg to $YOUR_URL and fleetd-base-manifest.plist to a publicly accessible location.

Condition of satisfaction

  1. A signed installer is publicly accessible in an URL of your choosing.
  2. A manifest with the output of the tooling described above is publicly accessible in an URL of your choosing.
lukeheath commented 1 year ago

@roperzh Thank you!

@zwass Would you please prioritize this task? It's the last step in our "Automatically enroll new ABM devices in Fleet" story that is required for us to begin QA.

roperzh commented 1 year ago

@lukeheath @zwass a heads-up that I have found a race condition while testing this and I introduced some orbit changes in https://github.com/fleetdm/fleet/pull/10980.

I updated the issue description with this.

image

zwass commented 1 year ago

Haha love the Bernie meme! Lmk when it's ready and I can deploy the new Orbit to edge and then upload a new installer.

roperzh commented 1 year ago

@zwass thank you! everything is in main now (the tool to generate manifests and the updates to orbit)

zwass commented 1 year ago

These are now available at https://download.fleetdm.com/fleetd-base.pkg (edge, version 1.9.0) and https://download.fleetdm.com/fleetd-base-manifest.plist.

fleet-release commented 1 year ago

I couldn't think of a haiku this time. (See fleetdm.com logs for more information.)