search

wazuh / wazuh-packages

Wazuh - Tools for packages creation
https://wazuh.com
GNU General Public License v2.0
103 stars 93 forks source link

Change macOS packages building tool #2006

Closed verdx closed 3 weeks ago

verdx commented 1 year ago
Wazuh version Install type Action performed Platform
all Agent Package building macOS

Problems with packagesbuild

To build the macOS Agent Packages, the tool packagesbuilder, from package Packages.dmg, which we download from website http://s.sudre.free.fr/. There is not much information on the website, only one tutorial, which doesn't mention the tools we use, only the graphical ones the package provides. There isn't a reference to the source code in the web, although there are some repositories in GitHub which could be related, although no mention of versions or how is it related to the downloadable package:

There is also no manual for the tool inside the man pages, only the help message:

Wazuhs-Mac-mini:~ jenkins$ packagesbuild -h
packagesbuild: invalid option -- h
Usage: packagesbuild [OPTIONS] file

Options:
  --verbose, -v                          provide additional status output
  --debug, -d                            build project in debug mode (i.e. disable locators)
  --temporary-build-location, -t PATH    use this folder as the temporary build folder
  --reference-folder, -F PATH            use this path as the reference folder
  --build-folder PATH                    create the build output in this folder
  --identity NAME                        sign the build output with this identity
  --keychain PATH                        look for the identity in the keychain at this path
  --package-version VERSION              set the version of the built raw package project to this value

Wazuhs-Mac-mini:~ jenkins$ man packagesbuild
No manual entry for packagesbuild
Wazuhs-Mac-mini:~ jenkins$

Summary:

Proposed solution

During the investigation for issue #1917 an alternative was found, https://github.com/munki/munki-pkg. The idea of the tool is the same, it creates packages for macOS, as well as their own managed software installation. It has a web with a well-structured tutorial of usage, a GitHub repository with the source code and even more documentation, and it is also mentioned in 3rd party tutorials and articles:

jotacarma90 commented 1 month ago

Update 22/07/2024

mjcr99 commented 1 month ago

Update

(26/07/2024) Researching munkipkg documentation, investigating changes impact and requirements. Set up and environment for development purposes. (29/07/2024) Testing munkipkg capabilities. I have found some problems regarding our package format and munkipkg capabilities to package it. It needs additional research and it's being done. (30/07/2024) Successfully created an installable and functional package using munkipkg. The testing package has not been signed or notarized, so this part of the procedure is still pending to be tested, but as mentioned, the created package is functional, simplifies the SPECS file, and maintains the permission level in the packaged files as it has been done until now. (30/07/2024) Created development brach working on tool changes adapting script and SPEC files. (05/08/2024) Added some modifications related to signature and notarization to successfully build a package using workflows. Opened PR: https://github.com/wazuh/wazuh-agent-packages/pull/69 to test and implement a change in the workflow. (06/08/2024) Added some minor fixes related to package name and version. (07/08/2024) Opened wazuh/wazuh PR with the final proposed solution.

jotacarma90 commented 3 weeks ago

Workflow testing