ae27d42a37
* Add blueprint for fleet packager service * Fix formatting * Add rate-limit comments and remove API versioning * Add review comments and notarization alternative * Other optimizations * Add storing of state and fix typo * Add error case for /create * Add installers for Sandbox document * Remove already done optimization * Add S3 alternative to package storage * Move to proposals directory * Last amends to specs * Add fleetctl proposal * Add comment from Guillaume
1.8 KiB
Goal
We need fleetctl package functionality to generate all types of packages (PKG, MSI, DEB and RPM) from Linux.
How
Create a new Docker image fleetdm/fleetctl that will contain fleetctl and all the dependencies ready to create packages.
Users can then use the image to generate packages
$ docker run ... fleetdm/fleetctl:latest package --type={pkg|msi|deb|rpm} ...
DEB and RPM
DEB and RPM package generation is already native and no extra dependencies are required (uses https://github.com/goreleaser/nfpm).
MSI
Packaging
We will need the same dependencies from fleetdm/wix:latest on the new fleetdm/fleetctl:latest image.
Signing (stretch goal)
For .msi signing functionality:
- The relic tool seems to allow
.msisigning (in Pure Go). - Alternatively, the osslsigncode tool could be embedded on the image.
This is mentioned as a stretch goal because we currently don't have .msi signing functionality in fleetctl package.
PKG
Packaging
To generate a .pkg we will need the same dependencies from fleetdm/bomutils:latest on the new fleetdm/fleetctl:latest image.
Signing
The relic tool seems to allow .pkg signing (in Pure Go).
Notarization
Upload
We can implement a Go package that uses the new Notary API to upload and notarize a .pkg (pure Go solution).
No Stapling
The Notary API currently does not offer a way to "staple" a package, and the stapler tool that allows this is only available on macOS.
It seems stapling is recommended but not a must, see #116812.