-
Notifications
You must be signed in to change notification settings - Fork 102
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add launcher and publishing support to the mirror command #93
Conversation
cmd/package-builder/README.md
Outdated
@@ -53,6 +53,22 @@ To authenticate to GCloud, use the following: | |||
``` | |||
gcloud auth application-default login | |||
``` | |||
#### Notary Setup | |||
Notary Client must be properly installed and **be in your search path** in order to publish | |||
binaries. Notary Client can be found [here](https://github.com/docker/notary). Prepare |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: don't wrap your lines to 80 in this file
cmd/package-builder/README.md
Outdated
osqueryd-stable.tar.gz | ||
osqueryd-2.6.0.tar.gz | ||
``` | ||
The tarballs are stored in the `gs://binaries-for-launcher` GCS bucket, and exposed at the `https://dl.kolide.com/kolide/<binary>/<platform>/<tarball>` url. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
in which GCP organization?
cmd/package-builder/README.md
Outdated
@@ -67,6 +83,46 @@ To use the tool to generate Kolide internal development packages, run: | |||
|
|||
To use the tool to generate Kolide production packages, run: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it looks like the next section of the docs got weirdly inserted in the production packages section
cmd/package-builder/README.md
Outdated
may be used to produce tar archives for both Launcher and Osquery, upload them | ||
to the mirror site, and register them with Notary so that they can be validated as | ||
part of the Launcher autoupdate process. The following commands would download and | ||
publish the latest version of Osquery, and would publish version 1.2 of Launcher to |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think you need a VERSION
env for this as the package builder is already built with github.com/kolide/kit/version
metadata.
cmd/package-builder/mirror.go
Outdated
mirror | ||
} | ||
|
||
func (m mirror) upload(binary, source string) error { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
these two mirror methods are operating on a non-pointer mirror
here. is that intentional?
cmd/package-builder/mirror.go
Outdated
} | ||
|
||
// implements methods to post launcher to mirror | ||
type launcher struct { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
maybe launcherMirror
?
cmd/package-builder/mirror.go
Outdated
return errors.Wrap(err, "preparing osquery mirror upload") | ||
} | ||
bkt := client.Bucket(mirrorBucketname) | ||
objectName := fmt.Sprintf("kolide/%s/%s/%s", binary, m.platform, filepath.Base(source)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would path.join
be useful here?
cmd/package-builder/mirror.go
Outdated
} | ||
// we assume we are running from project root | ||
// but just in case, check for binary | ||
launcherPath := filepath.Join("build", runtime.GOOS, "launcher") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you can do filepath.Join(packaging.LauncherSource(), "build", "runtime.GOOS, "launcher")
here for the absolute path.
cmd/package-builder/mirror.go
Outdated
if _, err := os.Stat(launcherPath); err != nil { | ||
return "", errors.Wrap(err, "getting launcher version") | ||
} | ||
cmd := exec.Command(launcherPath, "-version") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Package builder is compiled with github.com/kolide/kit/version
metadata, so executing the binary is not required to get the version.
cmd/package-builder/mirror.go
Outdated
"output", tarFilePath, | ||
) | ||
sources := []string{ | ||
filepath.Join("build", l.platform, "launcher"), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
use LauncherSource()
here for the absolute path
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is looking a lot better. My main concern now, like I said in one of the comments, is that all of the options complicate the control flow. Ideally, I could just run package-builder mirror
and (assuming I had the keys and notary configured locally) the mirror would be created, binaries uploaded, etc.
cmd/package-builder/mirror.go
Outdated
// name of GCS bucket where tarballs are saved to | ||
const ( | ||
mirrorBucketname = "binaries-for-launcher" | ||
stagingPath = "/tmp/osquery_mirror" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
use ioutil.TempDir
instead of a hardcoded temp deirectory
cmd/package-builder/mirror.go
Outdated
) | ||
flPlatform = flagset.String( | ||
"platform", | ||
"darwin", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perhaps just do all platforms and remove this flag?
cmd/package-builder/mirror.go
Outdated
flTar = flagset.Bool( | ||
"tar", | ||
true, | ||
"create osqueryd.tar.gz archive from binary", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why wouldn't I want to do this when running the mirror command?
cmd/package-builder/mirror.go
Outdated
flExtract = flagset.Bool( | ||
"extract", | ||
true, | ||
"extract binary from downloaded archive", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why wouldn't I want to do this when running the mirror command?
cmd/package-builder/mirror.go
Outdated
flDownload = flagset.Bool( | ||
"download", | ||
true, | ||
"download a fresh copy of osquery from s3", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
package-builder dev
and prod
don't give you the option on whether or not you should download anything, I don't think this should either.
cmd/package-builder/mirror.go
Outdated
flUpdateChannel = flagset.String( | ||
"update_channel", | ||
"stable", | ||
"create a tarball for a specific autoupdate channel. Valid values: stable,beta,nightly", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Similar to platform
, I think this should not be an option and it should just loop through all of them.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well, here I disagree. You can't mark a beta
binary as stable for example.
You have to make that decision before running the utility.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think that all of this conditional logic should be flattened out and
- for each update channel
- for each platform
the binaries should be
- downloaded
- extracted
- tar'd
- uploaded
- published
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why can't you make sure that all of the update channels are appropriately published?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we resolved this one in chat with regards to update channel.
cmd/package-builder/mirror.go
Outdated
return errors.Wrap(err, "uploading") | ||
} | ||
} | ||
if m.wantUpload && m.wantPublish { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think all of the flags that are allowed to be used in this tool make the control flow very complex. It's likely that there are several combinations of options that don't work together, for example. I think we should remove most of the command-line options from this tool and have the default behavior just do all of the things you want.
"msg", "starting", | ||
) | ||
ctx := context.Background() | ||
client, err := storage.NewClient(ctx) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Neat!
tools/packaging/download/Makefile
Outdated
@@ -0,0 +1,33 @@ | |||
all: clean-darwin dl-darwin extract-darwin tar-darwin dl-linux tar-linux |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this makefile still necessary?
target, | ||
archive, | ||
"-p", | ||
) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably want to add stdout/stderr to the publish command in case it fails.
tools/packaging/mirror/mirror.go
Outdated
buildDir := filepath.Join(packaging.LauncherSource(), "build") | ||
sources := []string{ | ||
filepath.Join(buildDir, platform, "launcher"), | ||
filepath.Join(buildDir, platform, "osquery-extension.ext"), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You're publishing the .ext file as well. I am not sure it's necessary. It's unlikely to change, it's already shipped with the package.
I also don't think the autoupdate code supports tarballs with multiple binaries.
If you include the launcher, definitely double-check the autoupdate code.
cmd/package-builder/README.md
Outdated
``` | ||
|
||
|
||
### Version info |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks like this got a little out of place as the next section here isn't about version info as far as I can tell.
This PR includes @groob #69. It adds the following capabilities to the package-builder mirror command.