Hi all, the default MSI provided overwrites the .flags file during upgrade. Is there any way to avoid it from wiping it? Its an empty file anyway so it would be great if it would keep whatever is there or generate a new blank one if doesn't exist

heads up @Stefano Bonicatti and @thor our Windows packaging experts 🙂

I have to look at the generated wix files first ^^'. In theory from https://docs.microsoft.com/en-us/windows/win32/msi/both-files-have-a-version?redirectedfrom=MSDN and https://docs.microsoft.com/en-us/windows/win32/msi/neither-file-has-a-version?redirectedfrom=MSDN, the installer should not replace files, but it also might be that with an upgrade it's doing an uninstall, which then deletes the file. Probably we should not install that file at all and have osquery generate it; this is a similar "issue" we have on Linux and the systemctl service file.

Yeah I like that behavior, I’d rather the packages didn’t modify it. I think I’m the past the chocolates scripts would touch the file if it wasn’t there just so the service would come online right after install. I can investigate as well here on a bit

I mean there are definitely ways to tell the installer not to overwrite it, by customizing things, but we should probably not install files that the user is likely to modify

A bit of background in case I should be doing something different: I was going to change the MSI file using Orca or any other editor but I don’t think is a good practice from my side. Also thought that building from source and packaging the flags/cert/secret on each release is not scalable either. At my former employer we used launcher so we didn’t have this issue. We also had Puppet to manage the config files independently of the installers so we could ensure the config was enforced at all times. Right now we deploy the “official installer” and the rest of our config via a separate package on our MDM. The problem is that we can’t enforce these to be installed in a specific order and if I update the osquery client the flags file gets deleted. As I can see during the install, the upgrade is done by removing the old files and installing the new ones. Taking into account that the flags file of the installer is empty maybe this can be either set to no overwrite or just to not be created or managed via the installer and leave it to the user to create/deploy their own.

I would open an issue; a similar case is for the osquery.conf where we only ship an example file and then a user would need to make its copy. For the flagfile I would definitely have osquery create it if not found, and would remove it from the package

Thanks I have raised https://github.com/osquery/osquery/issues/6891