Fixed macOS MSI package -- using local wine and wix

[getvictor]

New flow for fleetctl --package --type=msi on macOS using arm64 processor (M1, M2, etc.)

• wine must be installed locally. See ./orbit/tools/build/install-wine-macos.sh and https://wiki.winehq.org/MacOS for reference.
• --local-wix-dir can be used to point to a local Wix3 installation (using this switch requires a current Fleet EE subscription)
  Building Windows .msi packages for fleetd on Apple Silicon #15463

PR for docs: #16459

Checklist for submitter

If some of the following don't apply, delete the relevant line.

• Changes file added for user-visible changes in changes/ or orbit/changes/.
  See Changes files for more information.
• Manual QA for all new/changed functionality

[codecov]

Codecov Report

Attention: 123 lines in your changes are missing coverage. Please review.

Comparison is base (576405b) 65.46% compared to head (079499f) 65.53%.
Report is 65 commits behind head on main.

Files	Patch %	Lines
orbit/pkg/packaging/windows.go	25.60%	78 Missing and 15 partials ⚠️
orbit/pkg/packaging/wix/wix.go	0.00%	27 Missing ⚠️
cmd/fleetctl/package.go	40.00%	2 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #16307      +/-   ##
==========================================
+ Coverage   65.46%   65.53%   +0.07%     
==========================================
  Files        1124     1127       +3     
  Lines       97575    98765    +1190     
  Branches     2413     2413              
==========================================
+ Hits        63875    64729     +854     
- Misses      28918    29167     +249     
- Partials     4782     4869      +87     

Flag	Coverage Δ
backend	66.58% <22.15%> (+0.06%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[getvictor]

@noahtalerman FYI.

The new flow for fleetctl --package --type=msi on macOS using arm64 processors (M1, M2, etc.) will require the user to install wine. If they do not have it, the error message will point them to our install script on main. Currently, the script is only this branch: https://github.com/fleetdm/fleet/blob/victor/15463-msi-on-mac/orbit/tools/build/install-wine-macos.sh

The change is that this flow will no longer use docker, and will use a local build flow.

[mostlikelee]

Some initial questions, primarily for Product:

• is it reasonable to ask customers to install homebrew, wget, and wine?

[lucasmrod]

Looks good, left a couple of comments.

[noahtalerman]

is it reasonable to ask customers to install homebrew, wget, and wine?

@getvictor and @mostlikelee what are the required tools today v. what they will be with this change?

@getvictor is this PR also a fix for "fleetctl on Apple Silicon" (#9047) ? If so, what are the required tools v. what they will be after this change?

Trying to get a feel for whether this is a step in the right direction: fewer dependencies = better UX

[lucasmrod]

We may need similar docs here:

fleet/docs/Using Fleet/enroll-hosts.md

Lines 297 to 313 in 7d00d5a

	### Generating Windows installers using local WiX toolset
	`Applies only to Fleet Premium`
	When creating a fleetd installer for Windows hosts (**.msi**) on a Windows machine, you can tell `fleetctl package` to
	use local installations of the 3 WiX v3 binaries used by this command (`heat.exe`, `candle.exe`, and
	`light.exe`) instead of those in a pre-configured container, which is the default behavior. To do
	so:
	1. Install the WiX v3 binaries. To install, you can download them
	[here](https://github.com/wixtoolset/wix3/releases/download/wix3112rtm/wix311-binaries.zip), then unzip the downloaded file.
	2. Find the absolute filepath of the directory containing your local WiX v3 binaries. This will be wherever you saved the unzipped package contents.
	3. Run `fleetctl package`, and pass the absolute path above as the string argument to the
	`--local-wix-dir` flag. For example:
	```
	fleetctl package --type msi --fleet-url=[YOUR FLEET URL] --enroll-secret=[YOUR ENROLLMENT SECRET] --local-wix-dir "\Users\me\AppData\Local\Temp\wix311-binaries"
	```
	If the provided path doesn't contain all 3 binaries, the command will fail.

[getvictor]

@noahtalerman The current requirement is to have docker installed. The new requirement is to have wine installed. We need this fix, since the current flow fails half the time, and always prints error messages such as:

=================================================================
	Native Crash Reporting
=================================================================
Got a UNKNOWN while executing native code. This usually indicates
a fatal error in the mono runtime or one of the native libraries
used by your application.

The fix for #9047 has already been merged into main.

[getvictor]

@lucasmrod Please re-review. I met with Noah to review this PR and made some changes.

[lucasmrod]

Looks good. Left a small comment around checking the response status.

Also, should we add docs here?
https://github.com/fleetdm/fleet/blob/main/docs/Using%20Fleet/enroll-hosts.md?plain=1#L297-L313

[getvictor]

Looks good. Left a small comment around checking the response status.

Also, should we add docs here? https://github.com/fleetdm/fleet/blob/main/docs/Using%20Fleet/enroll-hosts.md?plain=1#L297-L313

Docs added in this PR: #16459