empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 00:45:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fleetctl package command to check for PEM file (#3375)

Browse Source 
#3374
This commit is contained in:
Lucas Manuel Rodriguez 2021-12-29 22:32:55 -03:00 committed by GitHub
parent aaa5b7ec3c
commit 2f4ecb1b6b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 31 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
changes/issue-3374-fleetctl-check-pem-file Normal file
View File

@ -0,0 +1 @@
* Make `fleetctl package` check `--fleet-certificate` is a valid PEM file.

20
cmd/fleetctl/package.go
View File

@ -1,8 +1,10 @@
package main
import (
"encoding/pem"
"errors"
"fmt"
"io/ioutil"
"path/filepath"
"runtime"
@ -128,6 +130,13 @@ func packageCommand() *cli.Command {
return errors.New("Windows can only build MSI packages.")
}
if opt.FleetCertificate != "" {
err := checkPEMCertificate(opt.FleetCertificate)
if err != nil {
return fmt.Errorf("failed to read certificate %q: %w", opt.FleetCertificate, err)
}
}
var buildFunc func(packaging.Options) (string, error)
switch c.String("type") {
case "pkg":
@ -165,3 +174,14 @@ To add other devices to Fleet, distribute this installer using Chef, Ansible, Ja
},
}
}
func checkPEMCertificate(path string) error {
cert, err := ioutil.ReadFile(path)
if err != nil {
return err
}
if p, _ := pem.Decode(cert); p == nil {
return errors.New("invalid PEM file")
}
return nil
}

10
cmd/fleetctl/package_test.go
View File

@ -1,7 +1,10 @@
package main
import (
"fmt"
"io/ioutil"
"os"
"path/filepath"
"testing"
"github.com/stretchr/testify/require"
@ -22,6 +25,13 @@ func TestPackage(t *testing.T) {
// --insecure and --fleet-certificate are mutually exclusive
runAppCheckErr(t, []string{"package", "--type=deb", "--insecure", "--fleet-certificate=test123"}, "--insecure and --fleet-certificate may not be provided together")
// Test invalid PEM file provided in --fleet-certificate.
certDir := t.TempDir()
fleetCertificate := filepath.Join(certDir, "fleet.pem")
err := ioutil.WriteFile(fleetCertificate, []byte("undefined"), os.FileMode(0644))
require.NoError(t, err)
runAppCheckErr(t, []string{"package", "--type=deb", fmt.Sprintf("--fleet-certificate=%s", fleetCertificate)}, fmt.Sprintf("failed to read certificate %q: invalid PEM file", fleetCertificate))
// run package tests, each should output their respective package type
// fleet-osquery_0.0.3_amd64.deb
runAppForTest(t, []string{"package", "--type=deb", "--insecure"})