empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 17:05:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
36e12d02e3
fleet/proposals/Fleetctl-Docker-Image.md
Lucas Manuel Rodriguez ae27d42a37
Add blueprint for Fleet Packager service (#6229) 
* Add blueprint for fleet packager service

* Fix formatting

* Add rate-limit comments and remove API versioning

* Add review comments and notarization alternative

* Other optimizations

* Add storing of state and fix typo

* Add error case for /create

* Add installers for Sandbox document

* Remove already done optimization

* Add S3 alternative to package storage

* Move to proposals directory

* Last amends to specs

* Add fleetctl proposal

* Add comment from Guillaume
2022-07-18 14:30:17 -03:00

51 lines
1.8 KiB
Markdown
Raw Blame History

# Goal
We need `fleetctl package` functionality to generate all types of packages (PKG, MSI, DEB and RPM) from Linux.
# How
Create a new Docker image `fleetdm/fleetctl` that will contain `fleetctl` and all the dependencies ready to create packages.
Users can then use the image to generate packages
```sh
$ docker run ... fleetdm/fleetctl:latest package --type={pkg|msi|deb|rpm} ...
```
## DEB and RPM
DEB and RPM package generation is already native and no extra dependencies are required (uses https://github.com/goreleaser/nfpm).
## MSI
### Packaging
We will need the same dependencies from `fleetdm/wix:latest` on the new `fleetdm/fleetctl:latest` image.
### Signing (stretch goal)
For `.msi` signing functionality:
- The [relic](https://github.com/sassoftware/relic) tool seems to allow `.msi` signing (in Pure Go).
- Alternatively, the [osslsigncode](https://github.com/mtrojnar/osslsigncode) tool could be embedded on the image.
This is mentioned as a stretch goal because we currently don't have `.msi` signing functionality in `fleetctl package`.
## PKG
### Packaging
To generate a `.pkg` we will need the same dependencies from `fleetdm/bomutils:latest` on the new `fleetdm/fleetctl:latest` image.
### Signing
The [relic](https://github.com/sassoftware/relic) tool seems to allow `.pkg` signing (in Pure Go).
### Notarization
#### Upload
We can implement a Go package that uses the new [Notary API](https://developer.apple.com/documentation/notaryapi) to upload and notarize a `.pkg` (pure Go solution).
#### No Stapling
The Notary API currently does not offer a way to "staple" a package, and the `stapler` tool that allows this is only available on macOS.
It seems stapling is recommended but not a must, see [#116812](https://developer.apple.com/forums/thread/116812).
Reference in New Issue View Git Blame Copy Permalink