Title
#fleet
j

Jaideep Natu

10/13/2021, 10:29 PM
I’m trying to generate a Windows MSI package using fleetctl. However I get this error if try it on Linux, and I get the following error if I try it on Windows inside VM:
>fleetctl package --type msi --fleet-url=<url>:8412 --insecure --enroll-secret=<secret
{"level":"debug","path":"C:\\Users\\<user>\\AppData\\Local\\Temp\\2\\orbit-package743500111","time":"2021-10-13T10:47:05-07:00","message":"created temp dir"}
initialize updates: failed to update metadata: update metadata: open file store: File C:\Users\<user>\AppData\Local\Temp\2\orbit-package743500111\root\tuf-metadata.json already exists with mode 666 instead of the expected 600
Need help to figure out what is wrong
10:34 PM
The directory orbit-package743500111 doesn’t exist when I check. Tried this with Admin privileges too.
Tomas Touceda

Tomas Touceda

10/14/2021, 1:28 PM
hi there, the permissions check is a security check that is not working properly in windows yet, we are going to be looking into this issue and the other in linux
1:29 PM
I'll see if I can find a workaround for you in the meantime
7:33 PM
sadly, we don't currently have any workarounds for you, but I'm going to double check that these issues are reflected in github and we'll work on them asap
zwass

zwass

10/15/2021, 12:21 AM
I know @Tomas Touceda was able to reproduce this on his M1 mac. I'm not able to reproduce it on my Intel mac --
fleetctl package --type msi --fleet-url=<https://something:8412> --insecure --enroll-secret=secret --debug
completes successfully. @Jaideep Natu are you running locally on some hardware or are you using VMs in the cloud? Can you provide any more info about the hardware you are using?
j

Jaideep Natu

10/15/2021, 3:21 PM
CentOS VM running on ESXi for the heat.exe error
3.10.0-1160.42.2.el7.x86_64
Current issue was on Windows 10 running on both ESXi and Parallels.
Tomas Touceda

Tomas Touceda

10/15/2021, 4:06 PM
I wonder if this has to do with the different levels of virtualization, m1 might be running some of these things with rosetta
zwass

zwass

10/15/2021, 4:08 PM
Yeah I am suspecting something to do with nested virtualization
j

Jaideep Natu

10/18/2021, 7:57 PM
@Tomas Touceda @zwass is there a way execute the fleetctl package command without the dependency on docker? I assume thats what is causing the virtualization issues
Tomas Touceda

Tomas Touceda

10/18/2021, 7:59 PM
not currently, but Zach has a PR that fixes these issues: https://github.com/fleetdm/fleet/pull/2548
zwass

zwass

10/18/2021, 8:01 PM
@Jaideep Natu if I send you a fleetctl binary can you test it on your systems?
j

Jaideep Natu

10/18/2021, 8:02 PM
sure I can do that
zwass

zwass

10/18/2021, 11:43 PM
Attached are Windows and Linux binaries. Please let us know if this works out for you! Note there's no code-signing, so Windows might not want to execute it.
j

Jaideep Natu

10/19/2021, 5:34 PM
The Windows binary worked! Got the same “tuf-metadata.json already exists with mode 666 instead of the expected 600” error on Linux
5:34 PM
thank you Zach
Tomas Touceda

Tomas Touceda

10/19/2021, 5:35 PM
you'll have to fix the permissions on Linux with chmod by hand, that error is not going away for security reasons
zwass

zwass

10/19/2021, 5:36 PM
Glad to hear it worked on Windows! Let's see if we can improve the UX on Linux.
Tomas Touceda

Tomas Touceda

10/19/2021, 5:37 PM
we can at least try chmod ourselves? not sure if there'll be a race somewhere there
j

Jaideep Natu

10/19/2021, 5:43 PM
I meant the Linux fleetctl binary worked for this. Running the fleetctl package command on Windows gave me the mode 666 error again. The folder doesn’t exist on Win if I try to change permissions manually
Tomas Touceda

Tomas Touceda

10/19/2021, 5:44 PM
oh, interesting, that's a different story
zwass

zwass

10/19/2021, 5:44 PM
It did work on Windows (successfully generated MSI). It did not work on Linux (with the permission error you mentioned). ^ Do I have that right?
j

Jaideep Natu

10/19/2021, 5:48 PM
“fleetctl package” worked on Linux, didn’t work on Windows with files provided by Zach
5:48 PM
sorry about the confusion
zwass

zwass

10/19/2021, 6:29 PM
I see, thank you. We'll keep working on making this packaging experience easier and more reliable.