Hi All, I have kolide fleet installed to a centos 7 box in azure - what's the best way to install a persistent launcher to my endpoints?

That is not what the documentation should be saying. You should install either launcher or osquery. (Launcher carries it’s own osquery with it)

hi @seph - there are prebuilt binaries in "releases" I shouldn't use those? and where's the guide for building an msi? I couldn't really find one which is why I came here - sorry if it's obvious and I just missed it

The binary releases are just binaries. You can use them, there’s no MSI there.

ok but where's the documentation for building the msi -- is there something I'm missing?

There is almost nothing in that document that is platform specific.

So to recap, to use 

package-builder

, you must: • Be on macOS • Be able to 

docker run

 something • Build 

package-builder

 from source

No.

very confusing

The macOS package is built and signed using the pkgbuild command, which is only found on macOS. There are plans to allow for the building of mac packages on Linux but until then, it is a requirement to use a macOS machine when running the package-builder tool.

is misleading. That’s saying you can only build a mac package on macOS. Just as you only build a windows package on windows.

so to use pkgbuild I need to install GO? or does it use a C compiler?

pkgbuild

is a macOS command to build mac packages

er sorry package-builder

package-builder must be built using go. yes. You don’t need docker to build windows packages.

I'd be happy to help flesh out that documentation... but I'll probably have a lot more questions along the way

Feel free to open a PR with updates! I’m happy to read and consider them

PR?

“Pull Request” github tool for proposing changes to things

ah I see

I’m not very available to answer questions. I would generally recommend messaging here. I will try to answer, but others may also

ok

I am a kolide developer, and a member of the osquery technical steering committee. (So, yes, but I’m one of several)

Cool

In order to build the MSI you must build on Windows and have WiX installed. My build command looks like this:

./package-builder.exe make \
      --hostname="$(FLEET_HOSTNAME)" \
      --enroll_secret="$(FLEET_ENROLL_SECRET)" \
      --update_channel stable \
      --osquery_version ./osqueryd.exe \
      --launcher_version ./launcher.exe \
      --extension_version ./osquery-extension.exe \
      --notary_url="$(NOTARY_URL)" \
      --mirror_url="$(MIRROR_URL)" \
      --notary_prefix="$(NOTARY_PREFIX)" \
      --targets=windows-service-msi \
      --package_version=$(PACKAGE_VERSION) \
      --output_dir .

While I am primarily a unix person, I did not write that to exclude windows. But, it does have a bunch of assumptions. (like the wix install path)

It might be more useful if you ask questions like “I’m running

make package builder

and getting

Some Error I copy Pasted

, what do I do?” Instead you’re just asking questions that don’t have good answers.

make package-builder 'make' is not recognized as an internal or external command, operable program or batch file. not a terribly useful error - I'll check out what sundsta did

make

is a common build tool. If you don’t have make installed, you might be able to run the underlying files. But it’s simpler if you have make. I wonder if I should ship package-builder with the launcher releases. “maybe”

honestly if there was an MSI already there that I could just feed arguments to that would be ideal

Most people who want an MSI, want it to include the enrollment secret. So they must be built for a site

I can easily open a prebuild msi and modify the internal argument though

You can also just run osqueryd from a shell with the correct arguments to connect it to Fleet without installing it

brb

I do not distribute MSIs without secrets. I understand the desire, but generally I’ve opted to enable this by distributing the tools we use to build MSIs

could make it not work unless the secret is changed with something like orca

To hypothesize…. Building and signing MSIs is work. Most people don’t have that automated. So it’s easier to build a single MSI, and push the work to end users and clients. We took the other route. We build customer specific MSIs. This enables our customers and end users to have a much smoother setup path.

other patterns are wrong?

Ha. Missed a negative.

it just seems arbitrary

Other patterns are not wrong, But this is what works for us

mmm

We build an MSI for each customer. I have some amount of automation around that.

launcher and osquery both read their configs from a file. If you have automation for deploying the MSI you can probably also automate updating the config on disk after

ok so @sundsta - you got like a set of steps I can follow? or atleast where you learned how to use wix?

PS C:\Users\Security\Downloads\launcher-master> make package-builder ./build/package-builder make --help make : The term 'make' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:1 char:1 + make package-builder + ~~ + CategoryInfo : ObjectNotFound: (make:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException ./build/package-builder : The term './build/package-builder' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:2 char:1 + ./build/package-builder make --help + ~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (./build/package-builder:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundExceptionPS C:\Users\Security\Downloads\launcher-master> make package-builder ./build/package-builder make --help make : The term 'make' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:1 char:1 + make package-builder + ~~ + CategoryInfo : ObjectNotFound: (make:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException ./build/package-builder : The term './build/package-builder' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:2 char:1 + ./build/package-builder make --help + ~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (./build/package-builder:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException

You need make

where do I get that

chocolatey maybe? I’d google “how to install make on windows”

so I've used make - when I compile C code