search

kolide / launcher

Osquery launcher, autoupdater, and packager
https://kolide.com/launcher
Other
500 stars 99 forks source link

Windows build issues with osquery & msi package #1655

Closed henningwagner closed 3 months ago

henningwagner commented 3 months ago

@RebeccaMahany you were so kind to point to me in the right direction when I was having build issues on MacOS a couple of weeks ago (GH issue #1509).

When I'm trying to build launcher for Windows I'm currently facing two issues:

Osquery permissions

The regular build was jammed on MacOS but on Windows I can create the launcher.exe both with make as well as make github-build. When I try it out, I face errors:

{"caller":"fileops.cpp:1190","component":"osquery","msg":"W0315 17:07:23.061259 14912 fileops.cpp:1190] Failed to apply safe permssions to the database","osqlevel":"stderr","severity":"info","ts":"2024-03-15T16:07:23.0612595Z"}
{"caller":"interface.cpp:137","component":"osquery","msg":"I0315 17:07:23.545825  3264 interface.cpp:137] Registering extension (kolide_grpc, 26086, version=, sdk=)","osqlevel":"stderr","severity":"info","ts":"2024-03-15T16:07:23.5458261Z"}
{"caller":"interface.cpp:143","component":"osquery","msg":"W0315 17:07:23.546401  3264 interface.cpp:143] Could not add extension kolide_grpc: SQLITE_CANTOPEN","osqlevel":"stderr","severity":"info","ts":"2024-03-15T16:07:23.5464023Z"}
{"caller":"osqueryinstance.go:627","err":"status 1 registering extension: Failed adding registry: SQLITE_CANTOPEN","extensionMangerServer":"kolide_grpc","extension_name":"kolide_grpc","msg":"Extension manager server startup got error","severity":"info","ts":"2024-03-15T16:07:23.5464023Z"}

After having gone through the documentation, the nearest I come towards permissions is this mention but it doesn't seem to have a direct reference to the osquery issue. At first glance it looks like the extensionManager error is coming due to the osquery permissions.

Might there be a different build step for Windows needed to resolve the permission issue?

MSI package

When I use the ./build/package-builder... command I receive an msi installer. Invoking an installation starts well as the User Account Control is showing up. But once I click on yes to allow the installation, the install dialogue pops up for a brief second, the progress bar fills up by a couple of pixels and then the whole dialogue disappears – but sadly without having installed anything.

Although the package installer behavior is a different topic than the osqueryd permissions, I'm bringing this up as well because it might be due to changes in the build process (that you had pointed me towards last time @RebeccaMahany)?

directionless commented 3 months ago

The issue you had with the macOS builds is entirely unrelated.

It sounds like this built a package, but that it's not running correctly. The error you're getting is from osquery, complaining that it cannot adjust the permissions on it's database. This makes me wonder if there's some odd path permissions in your setup.

But, the error from https://github.com/osquery/osquery/blob/master/osquery/filesystem/windows/fileops.cpp#L1339 while your log line says fileops.cpp:1190, which also makes me think your osquery version is quite old

henningwagner commented 3 months ago

Thanks @directionless for the info. I fully wiped my development system based on your version observation. Seems like an old version had snuck its way into the lookup paths – now I can build and run the Windows agent without any issues.