Upload `.rpm` files

[willmayhone88]

Goal

User story
As an IT admin on the software page,
I want to upload rpm files
so that I can install software manually or via policy automation for rpm based linux distros (e.g. Fedora).

Context

• Requestor(s): @dherder
• Product designer: @rachaelshaw

More info

• There is a Go library to extract RPM files: https://github.com/cavaliergopher/rpm

Changes

Product

• [ ] Reference documentation changes:
  • [x] Update "Add package" API docs (PR)
  • [ ] Check "Edit package" docs once those are merged in (currently unreleased, part of v4.57)
• [ ] UI changes: Figma
• [x] CLI (fleetctl) usage changes: N/A
• [x] YAML changes: N/A
• [ ] REST API changes: Uploading .rpm files does not fail validation
• [x] Fleet's agent (fleetd) changes: N/A
• [x] Permissions changes: N/A
• [x] Changes to paid features or tiers: N/A

Engineering

• [ ] Feature guide changes: TODO
• [ ] Database schema migrations: TODO
• [ ] Load testing: TODO

ℹ️  Please read this issue carefully and understand it. Pay special attention to UI wireframes, especially "dev notes".

QA

Risk assessment

• Requires load testing: TODO
• Risk level: Low / High TODO
• Risk description: TODO

Manual testing steps

1. Step 1
2. Step 2
3. Step 3

Testing notes

Confirmation

1. [ ] Engineer (@____): Added comment to user story confirming successful completion of QA.
2. [ ] QA (@____): Added comment to user story confirming successful completion of QA.

[noahtalerman]

upload rpm files to Fleet's software management for rpm based linux distros

Hey @willmayhone88, thanks for tracking this.

What Linux distros exactly is prospect-redwine looking to install software on?

cc @dherder

[dherder]

@noahtalerman Linux distros: Fedora and RHEL

[noahtalerman]

Design capacity: S

[rachaelshaw]

Original feature request below:

Problem

I want to upload rpm files to Fleet's software management for rpm based linux distros, because .deb isn't support on those distros. I hear I can repackage it somehow, but I don't know how, and Fleet doesn't tell me.

What have you tried?

I tried uploading a rpm file, and was not able to.

Potential solutions

Add the ability to upload and distribute rpm packages to linux distros.

What is the expected workflow as a result of your proposal?

A fleet user can upload the rpm file and distribute it similar to current workflows with deb files.

[lukeheath]

Go library for RPM extraction: https://github.com/cavaliergopher/rpm

[noahtalerman]

Luke: There’s a Go RPM library with 125+ stars that could make this very straightforward to implement.

Hey @lukeheath what's the library?

[lukeheath]

@noahtalerman Added the link to the issue description.

[noahtalerman]

Hey @zayhanlon and @dherder, heads up this didn't make the 3 week drafting timeline. We left it on the drafting board b/c the plan is to carry this into the upcoming design sprint.

[sharon-fdm]

Est. BE: 5-8 Victor FE: 3 Rachel

[RachelElysia]

FE portion will build upon work of revamping upload packages from a modal to page level after #21810 (MDM - @gillespi314) work is merged.

[iansltx]

Heads-up: we'll need a docs PR for this, to update everywhere that says we can do .deb to .deb + .rpm. Should be quick, just need to make sure it gets done.

[lucasmrod]

@rachaelshaw @noahtalerman

Couple of questions/comments.

Policy platform "granularity"

Policies can run on macOS, Windows, "Linux" or ChromeOS. "Linux" policies will run on both "RPM based" systems (e.g. Fedora) and "DEB based" systems (e.g. Ubuntu). A "Linux" policy that checks for a deb package being installed will (unexpectedly) run on a Fedora hosts. A "Linux" policy that checks for an RPM package being installed will (unexpectedly) run on Ubuntu hosts. The current way to "solve" this is to document that user should put RPM hosts and DEB hosts on separate teams. In the future, we can think about increasing policy OS granularity or (more flexible idea) add labels to policies (e.g. Policy X should only run on hosts with label Y.) - old related issue: https://github.com/fleetdm/fleet/issues/2238.

Policy automations for installing software

Related to the above, do we want (on this iteration) to prevent Fleet automatic installation of DEB packages on Fedora/RHEL systems? (and similarly, prevent RPM packages from being automatically installed on Ubuntu/Debian based systems?).

---

Let me know if I'm making sense.

[noahtalerman]

The current way to "solve" this is to document that user should put RPM hosts and DEB hosts on separate teams.

@lucasmrod I think let's document that the best practice is handling this in the policy's query in this iteration. I think we want to maintain this best practice.

It's ok if an Ubuntu policy runs and passes on Fedora hosts.

Then, I think we can come back to making it easier to prevent automatic install of DEB packages on Fedora and vice versa. We can come back to this in a later pass.

This way, the best practice won't change as we iterate on making this easier.