summarylogtreecommitdiffstats
diff options
context:
space:
mode:
authorGilbert Gilb's2022-05-12 17:02:13 +0200
committerGilbert Gilb's2022-05-12 19:52:18 +0200
commitc696df792c264322b4b500f021c143c919787352 (patch)
tree5494bae62bf97fca814af2875163fa3ff93e93d4
downloadaur-c696df792c264322b4b500f021c143c919787352.tar.gz
first release
Diffstat
-rw-r--r--.SRCINFO22
-rw-r--r--.gitignore1
-rw-r--r--.gitlab-ci.yml68
-rw-r--r--LICENSE19
-rw-r--r--PKGBUILD57
-rw-r--r--PKGBUILD.jinja57
-rwxr-xr-xfleet-orbit8
-rw-r--r--fleet-orbit-cleanup.hook8
-rw-r--r--fleet-orbit-config29
-rw-r--r--fleet-orbit.service15
-rw-r--r--metadata.json9
-rwxr-xr-xrender_pkgbuild.py90
-rw-r--r--requirements.txt3
13 files changed, 386 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO
new file mode 100644
index 000000000000..319f35ce97ac
--- /dev/null
+++ b/.SRCINFO
@@ -0,0 +1,22 @@
+pkgbase = fleet-orbit
+ pkgdesc = Eases the deployment of osquery connected with a Fleet server.
+ pkgver = 0.0.11
+ pkgrel = 1
+ url = https://github.com/fleetdm/fleet/tree/main/orbit
+ arch = x86_64
+ license = MIT
+ makedepends = go
+ depends = osquery
+ backup = etc/default/orbit
+ source = https://github.com/fleetdm/fleet/archive/refs/tags/orbit-v0.0.11.tar.gz
+ source = fleet-orbit
+ source = fleet-orbit-cleanup.hook
+ source = fleet-orbit-config
+ source = fleet-orbit.service
+ sha512sums = ad6891bd5deed9111759f14e478334d966275d98a42b13a02e69c80735567f017baa78c542159e5f55417fa8704a22bcfc556ef395e52c303468134c2084b075
+ sha512sums = 449f29d82564b3a0e56d529e0550bf83b22cfd672b960e20441015ef5c106f4d7508f4f0bb47631fe399e477e31b05c4a223549a36d23dc89ba9571d6468a75e
+ sha512sums = c4d4fdf980a891f5e56ca82173c57b60d0e157ef4af769fc5d9ecd7b9c70124402d694f35d48101e6633d0134ade9ab33cff3c129e2f603a6b7df1ee560eab5a
+ sha512sums = 781ba7743f8f176aeeef702cce67478af70981596029677e1e50f1a57b479c66832436e39d66b5e7f879477733b661326d306064050968acfb246adddfddf30a
+ sha512sums = 87aca00b0c053c194a36d583f474f34f22207c4e1e5319ed3722769f796599e8f69b920063daca95644f9ea11454cefdb4109011370c70ce27db90720d5f12e8
+
+pkgname = fleet-orbit
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 000000000000..fe22837fdb20
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+/*.pkg.tar.zst \ No newline at end of file
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 000000000000..8f9485f82479
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,68 @@
+stages:
+ - package
+ - deploy
+
+update_pkgbuild:
+ stage: package
+ image: python:latest
+ script:
+ - pip install -r requirements.txt
+ - ./render_pkgbuild.py
+ artifacts:
+ paths:
+ - ./metadata.json
+ - ./PKGBUILD
+ expire_in: 1 day
+
+build_package:
+ stage: package
+ needs: [update_pkgbuild]
+ image: archlinux:latest
+ script:
+ - pacman -Syu --noconfirm base-devel sudo
+ - useradd --create-home builder
+ - echo 'builder ALL=(ALL) ALL' >> /etc/sudoers.d/builder
+ - echo 'Defaults:builder !authenticate' >> /etc/sudoers.d/builder
+ - sudo -Hu builder makepkg --printsrcinfo > .SRCINFO
+ - sudo -Hu builder makepkg --noconfirm --syncdeps --clean
+ artifacts:
+ paths:
+ - ./.SRCINFO
+ - ./fleet-orbit-*.pkg.tar.zst
+ expire_in: 1 day
+
+test_package:
+ stage: package
+ needs: [build_package]
+ image: archlinux:latest
+ script:
+ - pacman -Syu --noconfirm
+ - pacman -U --noconfirm fleet-orbit-*.pkg.tar.zst
+ - fleet-orbit version
+
+push_package:
+ stage: deploy
+ image: alpine:latest
+ rules:
+ - if: $PUSH_PACKAGE == "true"
+ script:
+ - apk add git openssh-client
+ - eval $(ssh-agent -s)
+ - mkdir -p ~/.ssh
+ - chmod 700 ~/.ssh
+ - ssh-keyscan gitlab.com aur.archlinux.com >> ~/.ssh/known_hosts
+ - echo "${SSH_PRIVATE_KEY}" | tr -d '\r' | ssh-add -
+ - git clone git@gitlab.com:nlr/fleet-orbit-aur.git
+ - git remote add aur ssh://aur@aur.archlinux.org/fleet-orbit.git
+ - cp PKGBUILD .SRCINFO metadata.json fleet-orbit-aur/
+ - cd fleet-orbit-aur/
+ - git config user.name "[BOT] Gilbert Gilb's"
+ - git config user.email "gilbsgilbert@gmail.com"
+ - git add .
+ - |
+ if ! git diff --cached --exit-code; then
+ pkgver="$(grep -E '^pkgver=' PKGBUILD | cut -d'=' -f2)"
+ git commit -m "Update to ${pkgver}."
+ fi
+ - git push origin HEAD:main
+ - git push aur HEAD:master
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 000000000000..533b021a76fc
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,19 @@
+Copyright (c) 2022 Gilbert Gilb's
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/PKGBUILD b/PKGBUILD
new file mode 100644
index 000000000000..d0c80a4d22a4
--- /dev/null
+++ b/PKGBUILD
@@ -0,0 +1,57 @@
+# Maintainer: Gilbert Gilb's <gilbsgilbert@gmail.com>
+
+pkgname=fleet-orbit
+pkgver=0.0.10
+pkgrel=1
+pkgdesc='Eases the deployment of osquery connected with a Fleet server.'
+arch=(x86_64)
+url='https://github.com/fleetdm/fleet/tree/main/orbit'
+license=(MIT)
+depends=(osquery)
+makedepends=(go)
+backup=(etc/default/orbit)
+optdepends=()
+source=(
+ "https://github.com/fleetdm/fleet/archive/refs/tags/orbit-v$pkgver.tar.gz"
+ 'fleet-orbit'
+ 'fleet-orbit-cleanup.hook'
+ 'fleet-orbit-config'
+ 'fleet-orbit.service'
+)
+sha512sums=(
+ 'cd1323204a25978fde48de7b24726ff99b252561c0506f0c9c06f2ff2e08950a7fc7c299819d0edf55defe423527b09389ba0c4ade505739f02483b3bf18be2c'
+ '449f29d82564b3a0e56d529e0550bf83b22cfd672b960e20441015ef5c106f4d7508f4f0bb47631fe399e477e31b05c4a223549a36d23dc89ba9571d6468a75e'
+ 'c4d4fdf980a891f5e56ca82173c57b60d0e157ef4af769fc5d9ecd7b9c70124402d694f35d48101e6633d0134ade9ab33cff3c129e2f603a6b7df1ee560eab5a'
+ '781ba7743f8f176aeeef702cce67478af70981596029677e1e50f1a57b479c66832436e39d66b5e7f879477733b661326d306064050968acfb246adddfddf30a'
+ '87aca00b0c053c194a36d583f474f34f22207c4e1e5319ed3722769f796599e8f69b920063daca95644f9ea11454cefdb4109011370c70ce27db90720d5f12e8'
+)
+
+build() {
+ cd "$pkgname-v$pkgver"
+
+ mkdir -p build
+ go mod download
+ isodate=$(TZ=GMT date +"%Y-%m-%dT%H:%M:%SZ")
+ CGO_ENABLED=0 go build \
+ -o build/ \
+ -trimpath \
+ -buildvcs=false \
+ -ldflags "-s -w -X github.com/fleetdm/fleet/v4/orbit/pkg/build.Version=v$pkgver -X github.com/fleetdm/fleet/v4/orbit/pkg/build.Commit=7372777c56248aa10a7a15de971c63328e6d6b69 -X github.com/fleetdm/fleet/v4/orbit/pkg/build.Date=$isodate" \
+ ./orbit/cmd/orbit/
+}
+
+package() {
+ install -Dm644 'fleet-orbit-config' "$pkgdir/etc/default/fleet-orbit"
+ install -Dm644 'fleet-orbit.service' "$pkgdir/usr/lib/systemd/system/fleet-orbit.service"
+ install -Dm644 'fleet-orbit-cleanup.hook' "$pkgdir/usr/share/libalpm/hooks/fleet-orbit-cleanup.hook"
+
+ install -Dm644 "$pkgname-v$pkgver/LICENSE" "$pkgdir/usr/share/licenses/$pkgname/LICENSE"
+
+ install -Dm755 "$pkgname-v$pkgver/build/orbit" "$pkgdir/opt/fleet-orbit/bin/orbit/linux/stable/orbit"
+ ln -s "./linux/stable/orbit" "$pkgdir/opt/fleet-orbit/bin/orbit/orbit"
+
+ install -Dm755 "fleet-orbit" "$pkgdir/usr/bin/fleet-orbit"
+
+ mkdir -p "$pkgdir/opt/fleet-orbit/bin/osqueryd/linux/stable/"
+ ln -s /usr/bin/osqueryd "$pkgdir/opt/fleet-orbit/bin/osqueryd/linux/stable/osqueryd"
+} \ No newline at end of file
diff --git a/PKGBUILD.jinja b/PKGBUILD.jinja
new file mode 100644
index 000000000000..b5544ee93e85
--- /dev/null
+++ b/PKGBUILD.jinja
@@ -0,0 +1,57 @@
+# Maintainer: Gilbert Gilb's <gilbsgilbert@gmail.com>
+
+pkgname=fleet-orbit
+pkgver={{ metadata.tag_info.pkgver }}
+pkgrel=1
+pkgdesc='Eases the deployment of osquery connected with a Fleet server.'
+arch=(x86_64)
+url='https://github.com/fleetdm/fleet/tree/main/orbit'
+license=(MIT)
+depends=(osquery)
+makedepends=(go)
+backup=(etc/default/orbit)
+optdepends=()
+source=(
+ "https://github.com/fleetdm/fleet/archive/refs/tags/orbit-v$pkgver.tar.gz"
+ 'fleet-orbit'
+ 'fleet-orbit-cleanup.hook'
+ 'fleet-orbit-config'
+ 'fleet-orbit.service'
+)
+sha512sums=(
+ '{{ metadata.release_sha512sum }}'
+ '{{ sha512sum("fleet-orbit") }}'
+ '{{ sha512sum("fleet-orbit-cleanup.hook") }}'
+ '{{ sha512sum("fleet-orbit-config") }}'
+ '{{ sha512sum("fleet-orbit.service") }}'
+)
+
+build() {
+ cd "$pkgname-v$pkgver"
+
+ mkdir -p build
+ go mod download
+ isodate=$(TZ=GMT date +"%Y-%m-%dT%H:%M:%SZ")
+ CGO_ENABLED=0 go build \
+ -o build/ \
+ -trimpath \
+ -buildvcs=false \
+ -ldflags "-s -w -X github.com/fleetdm/fleet/v4/orbit/pkg/build.Version=v$pkgver -X github.com/fleetdm/fleet/v4/orbit/pkg/build.Commit={{ metadata.tag_info.commit_sha }} -X github.com/fleetdm/fleet/v4/orbit/pkg/build.Date=$isodate" \
+ ./orbit/cmd/orbit/
+}
+
+package() {
+ install -Dm644 'fleet-orbit-config' "$pkgdir/etc/default/fleet-orbit"
+ install -Dm644 'fleet-orbit.service' "$pkgdir/usr/lib/systemd/system/fleet-orbit.service"
+ install -Dm644 'fleet-orbit-cleanup.hook' "$pkgdir/usr/share/libalpm/hooks/fleet-orbit-cleanup.hook"
+
+ install -Dm644 "$pkgname-v$pkgver/LICENSE" "$pkgdir/usr/share/licenses/$pkgname/LICENSE"
+
+ install -Dm755 "$pkgname-v$pkgver/build/orbit" "$pkgdir/opt/fleet-orbit/bin/orbit/linux/stable/orbit"
+ ln -s "./linux/stable/orbit" "$pkgdir/opt/fleet-orbit/bin/orbit/orbit"
+
+ install -Dm755 "fleet-orbit" "$pkgdir/usr/bin/fleet-orbit"
+
+ mkdir -p "$pkgdir/opt/fleet-orbit/bin/osqueryd/linux/stable/"
+ ln -s /usr/bin/osqueryd "$pkgdir/opt/fleet-orbit/bin/osqueryd/linux/stable/osqueryd"
+}
diff --git a/fleet-orbit b/fleet-orbit
new file mode 100755
index 000000000000..94ae6949fe42
--- /dev/null
+++ b/fleet-orbit
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+. /etc/default/fleet-orbit
+
+export ORBIT_ROOT_DIR="${ORBIT_ROOT_DIR:-/opt/fleet-orbit}"
+export ORBIT_DISABLE_UPDATES="${ORBIT_DISABLE_UPDATES:-true}"
+
+exec /opt/fleet-orbit/bin/orbit/orbit "$@"
diff --git a/fleet-orbit-cleanup.hook b/fleet-orbit-cleanup.hook
new file mode 100644
index 000000000000..a3b4151b5306
--- /dev/null
+++ b/fleet-orbit-cleanup.hook
@@ -0,0 +1,8 @@
+[Trigger]
+Operation = Remove
+Type = Package
+Target = fleet-orbit
+
+[Action]
+When = PreTransaction
+Exec = /usr/bin/rm -Rf /opt/fleet-orbit/
diff --git a/fleet-orbit-config b/fleet-orbit-config
new file mode 100644
index 000000000000..390937cd2de2
--- /dev/null
+++ b/fleet-orbit-config
@@ -0,0 +1,29 @@
+# Root directory for Orbit state
+#ORBIT_ROOT_DIR=/opt/fleet-orbit
+
+# Disable TLS certificate verification
+#ORBIT_INSECURE=false
+
+# URL (host:port) of Fleet server
+#ORBIT_FLEET_URL=
+
+# Path to server certificate chain
+#ORBIT_FLEET_CERTIFICATE=
+
+# URL for update server
+#ORBIT_UPDATE_URL=https://tuf.fleetctl.com
+
+# Enroll secret for authenticating to Fleet server
+#ORBIT_ENROLL_SECRET=
+
+# Disables auto updates
+#ORBIT_DISABLE_UPDATES=false
+
+# Path to file containing enroll secret
+#ORBIT_ENROLL_SECRET_PATH=
+
+# Runs in development mode
+#ORBIT_DEV_MODE=false
+
+# Enable debug logging
+#ORBIT_DEBUG=false
diff --git a/fleet-orbit.service b/fleet-orbit.service
new file mode 100644
index 000000000000..e6cce5731e21
--- /dev/null
+++ b/fleet-orbit.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Orbit osquery
+After=network.service syslog.service
+
+[Service]
+TimeoutStartSec=0
+ExecStart=/usr/bin/fleet-orbit
+Restart=always
+RestartSec=60
+KillMode=control-group
+KillSignal=SIGTERM
+CPUQuota=5%
+
+[Install]
+WantedBy=multi-user.target
diff --git a/metadata.json b/metadata.json
new file mode 100644
index 000000000000..5b9b41ddfbd9
--- /dev/null
+++ b/metadata.json
@@ -0,0 +1,9 @@
+{
+ "release_sha512sum": "cd1323204a25978fde48de7b24726ff99b252561c0506f0c9c06f2ff2e08950a7fc7c299819d0edf55defe423527b09389ba0c4ade505739f02483b3bf18be2c",
+ "tag_info": {
+ "commit_sha": "7372777c56248aa10a7a15de971c63328e6d6b69",
+ "name": "orbit-v0.0.10",
+ "pkgver": "0.0.10",
+ "tarball_url": "https://github.com/fleetdm/fleet/archive/refs/tags/orbit-v0.0.10.tar.gz"
+ }
+} \ No newline at end of file
diff --git a/render_pkgbuild.py b/render_pkgbuild.py
new file mode 100755
index 000000000000..cd10e8f3093b
--- /dev/null
+++ b/render_pkgbuild.py
@@ -0,0 +1,90 @@
+#!/usr/bin/env python3
+import hashlib
+import json
+import pathlib
+import re
+import sys
+import typing
+
+import jinja2
+import requests
+from github import Github
+
+
+REPO_NAME = "fleetdm/fleet"
+VERSION_PATTERN = re.compile(r"orbit-v([0-9]+\.[0-9]+\.[0-9]+)")
+
+REPO = Github().get_repo(REPO_NAME)
+METADATA_PATH = pathlib.Path("./metadata.json")
+
+
+class TagInfo(typing.TypedDict):
+ name: str
+ pkgver: str
+ commit_sha: str
+ tarball_url: str
+
+
+class Metadata(typing.TypedDict):
+ tag_info: TagInfo
+ release_sha512sum: str
+
+
+def query_latest_tag_info() -> TagInfo:
+ for tag in REPO.get_tags():
+ match = VERSION_PATTERN.match(tag.name)
+ if match is not None:
+ return {
+ "name": tag.name,
+ "pkgver": match.group(1),
+ "commit_sha": tag.commit.sha,
+ "tarball_url": f"https://github.com/{REPO_NAME}/archive/refs/tags/{tag.name}.tar.gz",
+ }
+
+ raise RuntimeError("No tag matching pattern found.")
+
+
+def refresh_metadata(tag_info: TagInfo) -> Metadata:
+ release_sha512sum: typing.Optional[str] = None
+ if METADATA_PATH.exists():
+ old_metadata: Metadata = json.loads(METADATA_PATH.read_text())
+ if tag_info == old_metadata["tag_info"]:
+ release_sha512sum = old_metadata["release_sha512sum"]
+
+ metadata: Metadata = {
+ "tag_info": tag_info,
+ "release_sha512sum": release_sha512sum
+ or compute_remote_checksum(tag_info["tarball_url"]),
+ }
+
+ METADATA_PATH.write_text(json.dumps(metadata, sort_keys=True, indent=2))
+ return metadata
+
+
+def compute_remote_checksum(url: str, sumfunc=hashlib.sha512, chunk_size=1024) -> str:
+ s = sumfunc()
+ with requests.get(url, stream=True) as resp:
+ for content in resp.iter_content(chunk_size=chunk_size):
+ s.update(content)
+ return s.hexdigest()
+
+
+def render_pkgbuild(metadata: Metadata) -> None:
+ env = jinja2.Environment(loader=jinja2.FileSystemLoader("."))
+ env.globals["sha512sum"] = lambda path: hashlib.sha512(
+ pathlib.Path(path).read_bytes()
+ ).hexdigest()
+ template = env.get_template("./PKGBUILD.jinja")
+ result = template.render(metadata=metadata)
+ pathlib.Path("./PKGBUILD").write_text(result)
+
+
+def main() -> bool:
+ tag_info = query_latest_tag_info()
+ metadata = refresh_metadata(tag_info)
+ render_pkgbuild(metadata)
+ return True
+
+
+if __name__ == "__main__":
+ sys.exit(not bool(main()))
diff --git a/requirements.txt b/requirements.txt
new file mode 100644
index 000000000000..0b26c7487dc3
--- /dev/null
+++ b/requirements.txt
@@ -0,0 +1,3 @@
+jinja2
+pygithub
+requests \ No newline at end of file