Add launcher and publishing support to the mirror command #93
Conversation
cmd/package-builder/README.md
Outdated
| @@ -53,6 +53,22 @@ To authenticate to GCloud, use the following: | |||
| ``` | |||
| gcloud auth application-default login | |||
| ``` | |||
| #### Notary Setup | |||
| Notary Client must be properly installed and **be in your search path** in order to publish | |||
| binaries. Notary Client can be found [here](https://github.com/docker/notary). Prepare | |||
There was a problem hiding this comment.
nit: don't wrap your lines to 80 in this file
cmd/package-builder/README.md
Outdated
| osqueryd-stable.tar.gz | ||
| osqueryd-2.6.0.tar.gz | ||
| ``` | ||
| The tarballs are stored in the `gs://binaries-for-launcher` GCS bucket, and exposed at the `https://dl.kolide.com/kolide/<binary>/<platform>/<tarball>` url. |
There was a problem hiding this comment.
in which GCP organization?
cmd/package-builder/README.md
Outdated
| @@ -67,6 +83,46 @@ To use the tool to generate Kolide internal development packages, run: | |||
|
|
|||
| To use the tool to generate Kolide production packages, run: | |||
There was a problem hiding this comment.
it looks like the next section of the docs got weirdly inserted in the production packages section
cmd/package-builder/README.md
Outdated
| may be used to produce tar archives for both Launcher and Osquery, upload them | ||
| to the mirror site, and register them with Notary so that they can be validated as | ||
| part of the Launcher autoupdate process. The following commands would download and | ||
| publish the latest version of Osquery, and would publish version 1.2 of Launcher to |
There was a problem hiding this comment.
I don't think you need a VERSION env for this as the package builder is already built with github.com/kolide/kit/version metadata.
cmd/package-builder/mirror.go
Outdated
| mirror | ||
| } | ||
|
|
||
| func (m mirror) upload(binary, source string) error { |
There was a problem hiding this comment.
these two mirror methods are operating on a non-pointer mirror here. is that intentional?
cmd/package-builder/mirror.go
Outdated
| } | ||
|
|
||
| // implements methods to post launcher to mirror | ||
| type launcher struct { |
cmd/package-builder/mirror.go
Outdated
| return errors.Wrap(err, "preparing osquery mirror upload") | ||
| } | ||
| bkt := client.Bucket(mirrorBucketname) | ||
| objectName := fmt.Sprintf("kolide/%s/%s/%s", binary, m.platform, filepath.Base(source)) |
There was a problem hiding this comment.
Would path.join be useful here?
cmd/package-builder/mirror.go
Outdated
| } | ||
| // we assume we are running from project root | ||
| // but just in case, check for binary | ||
| launcherPath := filepath.Join("build", runtime.GOOS, "launcher") |
There was a problem hiding this comment.
you can do filepath.Join(packaging.LauncherSource(), "build", "runtime.GOOS, "launcher") here for the absolute path.
cmd/package-builder/mirror.go
Outdated
| if _, err := os.Stat(launcherPath); err != nil { | ||
| return "", errors.Wrap(err, "getting launcher version") | ||
| } | ||
| cmd := exec.Command(launcherPath, "-version") |
There was a problem hiding this comment.
Package builder is compiled with github.com/kolide/kit/version metadata, so executing the binary is not required to get the version.
cmd/package-builder/mirror.go
Outdated
| "output", tarFilePath, | ||
| ) | ||
| sources := []string{ | ||
| filepath.Join("build", l.platform, "launcher"), |
There was a problem hiding this comment.
use LauncherSource() here for the absolute path
There was a problem hiding this comment.
This is looking a lot better. My main concern now, like I said in one of the comments, is that all of the options complicate the control flow. Ideally, I could just run package-builder mirror and (assuming I had the keys and notary configured locally) the mirror would be created, binaries uploaded, etc.
cmd/package-builder/mirror.go
Outdated
| // name of GCS bucket where tarballs are saved to | ||
| const ( | ||
| mirrorBucketname = "binaries-for-launcher" | ||
| stagingPath = "/tmp/osquery_mirror" |
There was a problem hiding this comment.
use ioutil.TempDir instead of a hardcoded temp deirectory
cmd/package-builder/mirror.go
Outdated
| ) | ||
| flPlatform = flagset.String( | ||
| "platform", | ||
| "darwin", |
There was a problem hiding this comment.
Perhaps just do all platforms and remove this flag?
cmd/package-builder/mirror.go
Outdated
| flTar = flagset.Bool( | ||
| "tar", | ||
| true, | ||
| "create osqueryd.tar.gz archive from binary", |
There was a problem hiding this comment.
why wouldn't I want to do this when running the mirror command?
cmd/package-builder/mirror.go
Outdated
| flExtract = flagset.Bool( | ||
| "extract", | ||
| true, | ||
| "extract binary from downloaded archive", |
There was a problem hiding this comment.
why wouldn't I want to do this when running the mirror command?
cmd/package-builder/mirror.go
Outdated
| flDownload = flagset.Bool( | ||
| "download", | ||
| true, | ||
| "download a fresh copy of osquery from s3", |
There was a problem hiding this comment.
package-builder dev and prod don't give you the option on whether or not you should download anything, I don't think this should either.
cmd/package-builder/mirror.go
Outdated
| flUpdateChannel = flagset.String( | ||
| "update_channel", | ||
| "stable", | ||
| "create a tarball for a specific autoupdate channel. Valid values: stable,beta,nightly", |
There was a problem hiding this comment.
Similar to platform, I think this should not be an option and it should just loop through all of them.
There was a problem hiding this comment.
Well, here I disagree. You can't mark a beta binary as stable for example.
You have to make that decision before running the utility.
There was a problem hiding this comment.
I think that all of this conditional logic should be flattened out and
- for each update channel
- for each platform
the binaries should be
- downloaded
- extracted
- tar'd
- uploaded
- published
There was a problem hiding this comment.
why can't you make sure that all of the update channels are appropriately published?
There was a problem hiding this comment.
we resolved this one in chat with regards to update channel.
cmd/package-builder/mirror.go
Outdated
| return errors.Wrap(err, "uploading") | ||
| } | ||
| } | ||
| if m.wantUpload && m.wantPublish { |
There was a problem hiding this comment.
I think all of the flags that are allowed to be used in this tool make the control flow very complex. It's likely that there are several combinations of options that don't work together, for example. I think we should remove most of the command-line options from this tool and have the default behavior just do all of the things you want.
| "msg", "starting", | ||
| ) | ||
| ctx := context.Background() | ||
| client, err := storage.NewClient(ctx) |
tools/packaging/download/Makefile
Outdated
| @@ -0,0 +1,33 @@ | |||
| all: clean-darwin dl-darwin extract-darwin tar-darwin dl-linux tar-linux | |||
There was a problem hiding this comment.
Is this makefile still necessary?
| target, | ||
| archive, | ||
| "-p", | ||
| ) |
There was a problem hiding this comment.
Probably want to add stdout/stderr to the publish command in case it fails.
tools/packaging/mirror/mirror.go
Outdated
| buildDir := filepath.Join(packaging.LauncherSource(), "build") | ||
| sources := []string{ | ||
| filepath.Join(buildDir, platform, "launcher"), | ||
| filepath.Join(buildDir, platform, "osquery-extension.ext"), |
There was a problem hiding this comment.
You're publishing the .ext file as well. I am not sure it's necessary. It's unlikely to change, it's already shipped with the package.
I also don't think the autoupdate code supports tarballs with multiple binaries.
If you include the launcher, definitely double-check the autoupdate code.
cmd/package-builder/README.md
Outdated
| ``` | ||
|
|
||
|
|
||
| ### Version info |
There was a problem hiding this comment.
It looks like this got a little out of place as the next section here isn't about version info as far as I can tell.
This PR includes @groob #69. It adds the following capabilities to the package-builder mirror command.