diff --git a/.github/workflows/generate-desktop-targets.yml b/.github/workflows/generate-desktop-targets.yml
index 3dbe64eba8be..9f5534cae45c 100644
--- a/.github/workflows/generate-desktop-targets.yml
+++ b/.github/workflows/generate-desktop-targets.yml
@@ -13,6 +13,7 @@ defaults:
permissions:
id-token: write
attestations: write
+ contents: read
jobs:
set-version:
@@ -23,8 +24,9 @@ jobs:
- name: Set FLEET_DESKTOP_VERSION
id: set-version
run: |
- VERSION="${${GITHUB_REF#refs/tags/orbit-}#v}" # Strip 'orbit-v'
- "FLEET_DESKTOP_VERSION=$VERSION" >> "$GITHUB_OUTPUT"
+ # Remove refs/tags prefix and v prefix in version.
+ VERSION=$(echo $GITHUB_REF | sed -e 's|refs/tags/.*v||')
+ echo "FLEET_DESKTOP_VERSION=$VERSION" >> "$GITHUB_OUTPUT"
desktop-macos:
# Set macOS version to '13' (previously was macos-12, and it was deprecated) for
@@ -135,6 +137,54 @@ jobs:
DIGICERT_API_KEY: ${{ secrets.DIGICERT_API_KEY }}
DIGICERT_KEYLOCKER_CERTIFICATE_FINGERPRINT: ${{ secrets.DIGICERT_KEYLOCKER_CERTIFICATE_FINGERPRINT }}
+ desktop-windows-arm64:
+ needs: set-version
+ runs-on: ubuntu-latest
+ steps:
+ - name: Harden Runner
+ uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+ with:
+ egress-policy: audit
+
+ - name: Checkout
+ uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+
+ - name: Install Go
+ uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
+ with:
+ go-version-file: 'go.mod'
+
+ - name: Generate fleet-desktop.exe
+ run: |
+ FLEET_DESKTOP_VERSION=${{ needs.set-version.outputs.FLEET_DESKTOP_VERSION }} \
+ make desktop-windows-arm64
+
+ - name: Attest binary
+ continue-on-error: true
+ uses: actions/attest-build-provenance@619dbb2e03e0189af0c55118e7d3c5e129e99726 # v2.0
+ with:
+ subject-path: "fleet-desktop.exe"
+
+ - name: Upload fleet-desktop.exe
+ uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # 4.3.3
+ with:
+ name: unsigned-windows-arm64
+ path: fleet-desktop.exe
+
+ code-sign-windows-arm64:
+ needs: desktop-windows-arm64
+ uses: ./.github/workflows/code-sign-windows.yml
+ with:
+ filename: fleet-desktop.exe
+ upload_name: fleet-desktop-arm64.exe
+ download_name: unsigned-windows-arm64
+ secrets:
+ DIGICERT_KEYLOCKER_CERTIFICATE: ${{ secrets.DIGICERT_KEYLOCKER_CERTIFICATE }}
+ DIGICERT_KEYLOCKER_PASSWORD: ${{ secrets.DIGICERT_KEYLOCKER_PASSWORD }}
+ DIGICERT_KEYLOCKER_HOST_URL: ${{ secrets.DIGICERT_KEYLOCKER_HOST_URL }}
+ DIGICERT_API_KEY: ${{ secrets.DIGICERT_API_KEY }}
+ DIGICERT_KEYLOCKER_CERTIFICATE_FINGERPRINT: ${{ secrets.DIGICERT_KEYLOCKER_CERTIFICATE_FINGERPRINT }}
+
desktop-linux:
needs: set-version
runs-on: ubuntu-latest
diff --git a/.github/workflows/generate-osqueryd-targets.yml b/.github/workflows/generate-osqueryd-targets.yml
index c3a626ac9dc3..914f23c68a1d 100644
--- a/.github/workflows/generate-osqueryd-targets.yml
+++ b/.github/workflows/generate-osqueryd-targets.yml
@@ -51,7 +51,7 @@ jobs:
uses: actions/attest-build-provenance@619dbb2e03e0189af0c55118e7d3c5e129e99726 # v2.0
with:
subject-path: "osqueryd.app.tar.gz"
-
+
- name: Upload osqueryd.app.tar.gz
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
with:
@@ -156,3 +156,40 @@ jobs:
with:
name: osqueryd.exe
path: C:\temp\osquery\osqueryd\osqueryd.exe
+
+ generate-windows-arm64:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Harden Runner
+ uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+ with:
+ egress-policy: audit
+
+ - name: Checkout
+ uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+
+ - name: Download osquery msi for Windows
+ run: |
+ curl -L https://github.com/osquery/osquery/releases/download/${{ env.OSQUERY_VERSION }}/osquery-${{ env.OSQUERY_VERSION }}.windows_arm64.zip --output osquery-${{ env.OSQUERY_VERSION }}.windows_arm64.zip
+
+ - name: Install file
+ run: |
+ sudo apt-get install -y unzip file
+
+ - name: Extract osqueryd.exe for Windows
+ run: |
+ unzip osquery-${{ env.OSQUERY_VERSION }}.windows_arm64.zip
+ cp osquery-${{ env.OSQUERY_VERSION }}.windows_arm64/Program\ Files/osquery/osqueryd/osqueryd.exe .
+ file ./osqueryd.exe | grep "PE32+ executable (console) Aarch64"
+
+ - name: Attest binary
+ continue-on-error: true
+ uses: actions/attest-build-provenance@619dbb2e03e0189af0c55118e7d3c5e129e99726 # v2.0
+ with:
+ subject-path: osqueryd.exe
+
+ - name: Upload osqueryd for Windows
+ uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
+ with:
+ name: osqueryd-arm64.exe
+ path: osqueryd.exe
diff --git a/.github/workflows/goreleaser-orbit.yaml b/.github/workflows/goreleaser-orbit.yaml
index bfcbc637b29e..568c2bea6960 100644
--- a/.github/workflows/goreleaser-orbit.yaml
+++ b/.github/workflows/goreleaser-orbit.yaml
@@ -215,3 +215,59 @@ jobs:
DIGICERT_KEYLOCKER_HOST_URL: ${{ secrets.DIGICERT_KEYLOCKER_HOST_URL }}
DIGICERT_API_KEY: ${{ secrets.DIGICERT_API_KEY }}
DIGICERT_KEYLOCKER_CERTIFICATE_FINGERPRINT: ${{ secrets.DIGICERT_KEYLOCKER_CERTIFICATE_FINGERPRINT }}
+
+ goreleaser-windows-arm64:
+ runs-on: windows-2022
+ permissions:
+ contents: write
+ id-token: write
+ attestations: write
+ packages: write
+ steps:
+ - name: Harden Runner
+ uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+ with:
+ egress-policy: audit
+
+ - name: Checkout
+ uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+
+ # Note that goreleaser does not like the orbit- prefixed flag unless you use the closed-source
+ # paid version. We pay for goreleaser, but using the closed source build would weaken our
+ # supply-chain integrity goals, so we hack around it by replacing the tag.
+ - name: Replace tag
+ run: git tag $(echo ${{ github.ref_name }} | sed -e 's/orbit-//g') && git tag -d ${{ github.ref_name }}
+
+ - name: Set up Go
+ uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
+ with:
+ go-version-file: "go.mod"
+
+ - name: Run GoReleaser
+ run: go run github.com/goreleaser/goreleaser/v2@606c0e724fe9b980cd01090d08cbebff63cd0f72 release --verbose --clean --skip=publish -f orbit/goreleaser-windows-arm64.yml # v2.4.4
+
+ - name: Attest binary
+ continue-on-error: true
+ uses: actions/attest-build-provenance@619dbb2e03e0189af0c55118e7d3c5e129e99726 # v2.0
+ with:
+ subject-path: "dist/orbit_windows_arm64_v8.0/orbit.exe"
+
+ - name: Upload
+ uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # 4.3.3
+ with:
+ name: unsigned-windows-arm64
+ path: dist/orbit_windows_arm64_v8.0/orbit.exe
+
+ code-sign-windows-arm64:
+ needs: goreleaser-windows-arm64
+ uses: ./.github/workflows/code-sign-windows.yml
+ with:
+ filename: orbit.exe
+ upload_name: orbit-windows-arm64
+ download_name: unsigned-windows-arm64
+ secrets:
+ DIGICERT_KEYLOCKER_CERTIFICATE: ${{ secrets.DIGICERT_KEYLOCKER_CERTIFICATE }}
+ DIGICERT_KEYLOCKER_PASSWORD: ${{ secrets.DIGICERT_KEYLOCKER_PASSWORD }}
+ DIGICERT_KEYLOCKER_HOST_URL: ${{ secrets.DIGICERT_KEYLOCKER_HOST_URL }}
+ DIGICERT_API_KEY: ${{ secrets.DIGICERT_API_KEY }}
+ DIGICERT_KEYLOCKER_CERTIFICATE_FINGERPRINT: ${{ secrets.DIGICERT_KEYLOCKER_CERTIFICATE_FINGERPRINT }}
diff --git a/Makefile b/Makefile
index 1a5ab4b7c3b3..bdf1e3e35bb4 100644
--- a/Makefile
+++ b/Makefile
@@ -100,7 +100,7 @@ endif
.help-long--build:
@echo "Builds the specified binaries (defaults to building fleet and fleetctl)"
.help-usage--build:
- @echo "$(TOOL_CMD) build [binaries] [options]"
+ @echo "$(TOOL_CMD) build [binaries] [options]"
.help-options--build:
@echo "GO_BUILD_RACE_ENABLED"
@echo "Turn on data race detection when building"
@@ -216,7 +216,7 @@ lint-go:
.help-long--lint:
@echo "Runs the linters for Go and Javascript code. If linter type is not specified, all linters will be run."
.help-usage--lint:
- @echo "$(TOOL_CMD) lint [linter-type]"
+ @echo "$(TOOL_CMD) lint [linter-type]"
.help-extra--lint:
@echo "AVAILABLE LINTERS:"
@echo " go Lint Go files with golangci-lint"
@@ -239,13 +239,13 @@ dump-test-schema: test-schema
# PKG_TO_TEST: Go packages to test, e.g. "server/datastore/mysql". Separate multiple packages with spaces.
# TESTS_TO_RUN: Name specific tests to run in the specified packages. Leave blank to run all tests in the specified packages.
# GO_TEST_EXTRA_FLAGS: Used to specify other arguments to `go test`.
-# GO_TEST_MAKE_FLAGS: Internal var used by other targets to add arguments to `go test`.
+# GO_TEST_MAKE_FLAGS: Internal var used by other targets to add arguments to `go test`.
PKG_TO_TEST := ""
go_test_pkg_to_test := $(addprefix ./,$(PKG_TO_TEST)) # set paths for packages to test
dlv_test_pkg_to_test := $(addprefix github.com/fleetdm/fleet/v4/,$(PKG_TO_TEST)) # set URIs for packages to debug
.run-go-tests:
ifeq ($(PKG_TO_TEST), "")
- @echo "Please specify one or more packages to test. See '$(TOOL_CMD) help run-go-tests' for more info.";
+ @echo "Please specify one or more packages to test. See '$(TOOL_CMD) help run-go-tests' for more info.";
else
@echo Running Go tests with command:
go test -tags full,fts5,netgo -run=${TESTS_TO_RUN} ${GO_TEST_MAKE_FLAGS} ${GO_TEST_EXTRA_FLAGS} -parallel 8 -coverprofile=coverage.txt -covermode=atomic -coverpkg=github.com/fleetdm/fleet/v4/... $(go_test_pkg_to_test)
@@ -256,7 +256,7 @@ endif
# DEBUG_TEST_EXTRA_FLAGS: Internal var used by other targets to add arguments to `dlv test`.
.debug-go-tests:
ifeq ($(PKG_TO_TEST), "")
- @echo "Please specify one or more packages to debug. See '$(TOOL_CMD) help run-go-tests' for more info.";
+ @echo "Please specify one or more packages to debug. See '$(TOOL_CMD) help run-go-tests' for more info.";
else
@echo Debugging tests with command:
dlv test ${dlv_test_pkg_to_test} --api-version=2 --listen=127.0.0.1:61179 ${DEBUG_TEST_EXTRA_FLAGS} -- -test.v -test.run=${TESTS_TO_RUN} ${GO_TEST_EXTRA_FLAGS}
@@ -480,6 +480,8 @@ binary-bundle: xp-fleet xp-fleetctl
# Build orbit/fleetd fleetd_tables extension
fleetd-tables-windows:
GOOS=windows GOARCH=amd64 go build -o fleetd_tables_windows.exe ./orbit/cmd/fleetd_tables
+fleetd-tables-windows-arm64:
+ GOOS=windows GOARCH=arm64 go build -o fleetd_tables_windows_arm64.exe ./orbit/cmd/fleetd_tables
fleetd-tables-linux:
GOOS=linux GOARCH=amd64 go build -o fleetd_tables_linux.ext ./orbit/cmd/fleetd_tables
fleetd-tables-linux-arm64:
@@ -490,7 +492,7 @@ fleetd-tables-darwin_arm64:
GOOS=darwin GOARCH=arm64 CGO_ENABLED=1 go build -o fleetd_tables_darwin_arm64.ext ./orbit/cmd/fleetd_tables
fleetd-tables-darwin-universal: fleetd-tables-darwin fleetd-tables-darwin_arm64
lipo -create fleetd_tables_darwin.ext fleetd_tables_darwin_arm64.ext -output fleetd_tables_darwin_universal.ext
-fleetd-tables-all: fleetd-tables-windows fleetd-tables-linux fleetd-tables-darwin-universal fleetd-tables-linux-arm64
+fleetd-tables-all: fleetd-tables-windows fleetd-tables-linux fleetd-tables-darwin-universal fleetd-tables-linux-arm64 fleetd-tables-windows-arm64
fleetd-tables-clean:
rm -f fleetd_tables_windows.exe fleetd_tables_linux.ext fleetd_tables_linux_arm64.ext fleetd_tables_darwin.ext fleetd_tables_darwin_arm64.ext fleetd_tables_darwin_universal.ext
@@ -730,6 +732,19 @@ FLEET_DESKTOP_VERSION ?= unknown
desktop-windows:
go run ./orbit/tools/build/build-windows.go -version $(FLEET_DESKTOP_VERSION) -input ./orbit/cmd/desktop -output fleet-desktop.exe
+# Build desktop executable for Windows.
+# This generates desktop executable for Windows that includes versioninfo binary properties
+# These properties can be displayed when right-click on the binary in Windows Explorer.
+# See: https://docs.microsoft.com/en-us/windows/win32/menurc/versioninfo-resource
+# To sign this binary with a certificate, use signtool.exe or osslsigncode tool
+#
+# Usage:
+# FLEET_DESKTOP_VERSION=0.0.1 make desktop-windows-arm64
+#
+# Output: fleet-desktop.exe
+desktop-windows-arm64:
+ go run ./orbit/tools/build/build-windows.go -version $(FLEET_DESKTOP_VERSION) -input ./orbit/cmd/desktop -output fleet-desktop.exe -arch arm64
+
# Build desktop executable for Linux.
#
# Usage:
@@ -773,6 +788,19 @@ desktop-linux-arm64:
orbit-windows:
go run ./orbit/tools/build/build-windows.go -version $(ORBIT_VERSION) -input ./orbit/cmd/orbit -output orbit.exe
+# Build orbit executable for Windows.
+# This generates orbit executable for Windows that includes versioninfo binary properties
+# These properties can be displayed when right-click on the binary in Windows Explorer.
+# See: https://docs.microsoft.com/en-us/windows/win32/menurc/versioninfo-resource
+# To sign this binary with a certificate, use signtool.exe or osslsigncode tool
+#
+# Usage:
+# ORBIT_VERSION=0.0.1 make orbit-windows-arm64
+#
+# Output: orbit.exe
+orbit-windows-arm64:
+ go run ./orbit/tools/build/build-windows.go -version $(ORBIT_VERSION) -input ./orbit/cmd/orbit -output orbit.exe -arch arm64
+
# db-replica-setup setups one main and one read replica MySQL instance for dev/testing.
# - Assumes the docker containers are already running (tools/mysql-replica-testing/docker-compose.yml)
# - MySQL instance listening on 3308 is the main instance.
@@ -799,4 +827,4 @@ db-replica-reset: fleet
db-replica-run: fleet
FLEET_MYSQL_ADDRESS=127.0.0.1:3308 FLEET_MYSQL_READ_REPLICA_ADDRESS=127.0.0.1:3309 FLEET_MYSQL_READ_REPLICA_USERNAME=fleet FLEET_MYSQL_READ_REPLICA_DATABASE=fleet FLEET_MYSQL_READ_REPLICA_PASSWORD=insecure ./build/fleet serve --dev --dev_license
-include ./tools/makefile-support/helpsystem-targets
\ No newline at end of file
+include ./tools/makefile-support/helpsystem-targets
diff --git a/changes/27275-windows-arm64 b/changes/27275-windows-arm64
new file mode 100644
index 000000000000..6c8d0d720813
--- /dev/null
+++ b/changes/27275-windows-arm64
@@ -0,0 +1 @@
+- Added support for native Windows ARM64 in fleetd (`fleetctl package --arch=arm64 --type=msi`)
diff --git a/cmd/fleetctl/package.go b/cmd/fleetctl/package.go
index 73318d5cf180..7dd7b34490ea 100644
--- a/cmd/fleetctl/package.go
+++ b/cmd/fleetctl/package.go
@@ -41,7 +41,7 @@ func packageCommand() *cli.Command {
},
&cli.StringFlag{
Name: "arch",
- Usage: "Target CPU Architecture for the installer package (Only supported with '--type' deb or rpm)",
+ Usage: "Target CPU Architecture for the installer package (Only supported with '--type' deb, rpm, or msi)",
Destination: &opt.Architecture,
Value: "amd64",
},
@@ -343,8 +343,9 @@ func packageCommand() *cli.Command {
case "deb", "rpm":
linuxPackage = true
}
+ windowsPackage := c.String("type") == "msi"
- if opt.Architecture != packaging.ArchAmd64 && !linuxPackage {
+ if opt.Architecture != packaging.ArchAmd64 && !(linuxPackage || windowsPackage) {
return fmt.Errorf("can't use '--arch' with '--type %s'", c.String("type"))
}
@@ -355,12 +356,28 @@ func packageCommand() *cli.Command {
var buildFunc func(packaging.Options) (string, error)
switch c.String("type") {
case "pkg":
+ opt.NativePlatform = "darwin"
buildFunc = packaging.BuildPkg
case "deb":
+ if opt.Architecture == packaging.ArchAmd64 {
+ opt.NativePlatform = "linux"
+ } else {
+ opt.NativePlatform = "linux-arm64"
+ }
buildFunc = packaging.BuildDeb
case "rpm":
+ if opt.Architecture == packaging.ArchAmd64 {
+ opt.NativePlatform = "linux"
+ } else {
+ opt.NativePlatform = "linux-arm64"
+ }
buildFunc = packaging.BuildRPM
case "msi":
+ if opt.Architecture == packaging.ArchAmd64 {
+ opt.NativePlatform = "windows"
+ } else {
+ opt.NativePlatform = "windows-arm64"
+ }
buildFunc = packaging.BuildMSI
default:
return errors.New("type must be one of ('pkg', 'deb', 'rpm', 'msi')")
diff --git a/ee/fleetctl/updates.go b/ee/fleetctl/updates.go
index bb920093fcac..787c5b52177f 100644
--- a/ee/fleetctl/updates.go
+++ b/ee/fleetctl/updates.go
@@ -284,7 +284,7 @@ func updatesAddFunc(c *cli.Context) error {
dstPath = filepath.Join(name, platform, tag, name)
}
switch {
- case name == constant.DesktopTUFTargetName && platform == "windows":
+ case name == constant.DesktopTUFTargetName && (platform == "windows" || platform == "windows-arm64"):
// This is a special case for the desktop target on Windows.
dstPath = filepath.Join(filepath.Dir(dstPath), constant.DesktopAppExecName+".exe")
case name == constant.DesktopTUFTargetName && (platform == "linux" || platform == "linux-arm64"):
diff --git a/frontend/components/AddHostsModal/AddHostsModal.tests.tsx b/frontend/components/AddHostsModal/AddHostsModal.tests.tsx
index 87238882fd06..55f48f2a48b1 100644
--- a/frontend/components/AddHostsModal/AddHostsModal.tests.tsx
+++ b/frontend/components/AddHostsModal/AddHostsModal.tests.tsx
@@ -61,9 +61,7 @@ describe("AddHostsModal", () => {
const linuxDebText = screen.getByText(/--type=deb/i);
expect(linuxDebText).toBeInTheDocument();
expect(screen.queryByText(/--enable-scripts/i)).toBeInTheDocument();
- expect(
- screen.queryByText(/CentOS, Red Hat, and Fedora Linux, use --type=rpm/i)
- ).toBeInTheDocument();
+ expect(screen.queryByText(/--type=rpm/i)).toBeInTheDocument();
await user.click(screen.getByRole("tab", { name: "ChromeOS" }));
const extensionId = screen.getByDisplayValue(
diff --git a/frontend/components/AddHostsModal/PlatformWrapper/PlatformWrapper.tsx b/frontend/components/AddHostsModal/PlatformWrapper/PlatformWrapper.tsx
index 5677e089bf83..7713d9934e23 100644
--- a/frontend/components/AddHostsModal/PlatformWrapper/PlatformWrapper.tsx
+++ b/frontend/components/AddHostsModal/PlatformWrapper/PlatformWrapper.tsx
@@ -347,15 +347,24 @@ const PlatformWrapper = ({
}`,
};
- let packageTypeHelpText = "";
+ let packageTypeHelpText;
if (packageType === "deb") {
- packageTypeHelpText =
- "Install this package to add hosts to Fleet. For CentOS, Red Hat, and Fedora Linux, use --type=rpm.";
+ packageTypeHelpText = (
+ <>
+ For CentOS, Red Hat, and Fedora Linux, use --type=rpm.
+ For ARM, use --arch=arm64
+
+ );
} else if (packageType === "msi") {
- packageTypeHelpText =
- "Install this package to add hosts to Fleet. For Windows, this generates an MSI package.";
+ packageTypeHelpText = (
+ <>
+ For ARM, use --arch=arm64
+
+ );
} else if (packageType === "pkg") {
packageTypeHelpText = "Install this package to add hosts to Fleet.";
+ } else {
+ packageTypeHelpText = "";
}
if (packageType === "chromeos") {
diff --git a/orbit/README.md b/orbit/README.md
index 0c7d7f4b63ae..2d9fd4d2adf1 100644
--- a/orbit/README.md
+++ b/orbit/README.md
@@ -15,6 +15,7 @@ For reference, here are the build configuration files:
- [goreleaser-linux-arm64.yml](./goreleaser-linux-arm64.yml)
- [goreleaser-macos.yml](./goreleaser-macos.yml)
- [goreleaser-windows.yml](./goreleaser-windows.yml)
+ - [goreleaser-windows.yml](./goreleaser-windows-arm64.yml)
Following are the commands to build in case you can't use goreleaser.
diff --git a/orbit/changes/27275-windows-arm64 b/orbit/changes/27275-windows-arm64
new file mode 100644
index 000000000000..91823c347a2b
--- /dev/null
+++ b/orbit/changes/27275-windows-arm64
@@ -0,0 +1 @@
+- Added support for Windows ARM64 platform in fleetd (`fleetctl package --arch=arm64 --type=msi`)
diff --git a/orbit/cmd/orbit/orbit.go b/orbit/cmd/orbit/orbit.go
index 530a62a16b89..e821f1f79bac 100644
--- a/orbit/cmd/orbit/orbit.go
+++ b/orbit/cmd/orbit/orbit.go
@@ -504,7 +504,11 @@ func main() {
case "darwin":
opt.Targets[constant.DesktopTUFTargetName] = update.DesktopMacOSTarget
case "windows":
- opt.Targets[constant.DesktopTUFTargetName] = update.DesktopWindowsTarget
+ if runtime.GOARCH == "arm64" {
+ opt.Targets[constant.DesktopTUFTargetName] = update.DesktopWindowsArm64Target
+ } else {
+ opt.Targets[constant.DesktopTUFTargetName] = update.DesktopWindowsTarget
+ }
case "linux":
if runtime.GOARCH == "arm64" {
opt.Targets[constant.DesktopTUFTargetName] = update.DesktopLinuxArm64Target
diff --git a/orbit/goreleaser-windows-arm64.yml b/orbit/goreleaser-windows-arm64.yml
new file mode 100644
index 000000000000..e7e30a292629
--- /dev/null
+++ b/orbit/goreleaser-windows-arm64.yml
@@ -0,0 +1,44 @@
+version: 2
+
+project_name: orbit
+
+#################################################################################################
+# If this is updated make sure to update the "How to build from source" section in the README.md.
+#################################################################################################
+
+builds:
+ - id: orbit
+ dir: ./orbit/cmd/orbit/
+ binary: orbit
+ env:
+ - CGO_ENABLED=0
+ goos:
+ - windows
+ goarch:
+ - arm64
+ flags:
+ - -trimpath
+ ldflags:
+ - -X github.com/fleetdm/fleet/v4/orbit/pkg/build.Version={{.Version}}
+ - -X github.com/fleetdm/fleet/v4/orbit/pkg/build.Commit={{.Commit}}
+ - -X github.com/fleetdm/fleet/v4/orbit/pkg/build.Date={{.Date}}
+ hooks:
+ pre: "go run ./orbit/tools/build/build-windows.go -version {{.Version}} -input ./orbit/cmd/orbit -resource=true -arch arm64"
+
+archives:
+ - id: orbit
+ builds:
+ - orbit
+ name_template: orbit_{{.Version}}_{{.Os}}
+ format_overrides:
+ - goos: windows
+ format: zip
+
+checksum:
+ name_template: 'checksums.txt'
+
+snapshot:
+ version_template: "{{ .Tag }}-untagged"
+
+changelog:
+ disable: true
diff --git a/orbit/pkg/packaging/packaging.go b/orbit/pkg/packaging/packaging.go
index 279da1dc5e71..d03bc2ff4ea4 100644
--- a/orbit/pkg/packaging/packaging.go
+++ b/orbit/pkg/packaging/packaging.go
@@ -129,6 +129,8 @@ type Options struct {
OsqueryDB string
// Architecture that the package is being built for. (amd64, arm64)
Architecture string
+ // TUF platform name. windows, windows-arm64, linux, linux-arm64, darwin
+ NativePlatform string
}
const (
diff --git a/orbit/pkg/packaging/windows.go b/orbit/pkg/packaging/windows.go
index d81c6d8cd21d..6071862f8f62 100644
--- a/orbit/pkg/packaging/windows.go
+++ b/orbit/pkg/packaging/windows.go
@@ -27,7 +27,7 @@ import (
"golang.org/x/mod/semver"
)
-const wixDownload = "https://github.com/wixtoolset/wix3/releases/download/wix3112rtm/wix311-binaries.zip"
+const wixDownload = "https://github.com/wixtoolset/wix3/releases/download/wix3141rtm/wix314-binaries.zip"
// BuildMSI builds a Windows .msi.
// Note: this function is not safe for concurrent use
@@ -52,7 +52,11 @@ func BuildMSI(opt Options) (string, error) {
updateOpt := update.DefaultOptions
updateOpt.RootDirectory = orbitRoot
- updateOpt.Targets = update.WindowsTargets
+ if opt.Architecture == ArchAmd64 {
+ updateOpt.Targets = update.WindowsTargets
+ } else {
+ updateOpt.Targets = update.WindowsArm64Targets
+ }
updateOpt.ServerCertificatePath = opt.UpdateTLSServerCertificate
if opt.UpdateTLSClientCertificate != "" {
@@ -64,7 +68,11 @@ func BuildMSI(opt Options) (string, error) {
}
if opt.Desktop {
- updateOpt.Targets[constant.DesktopTUFTargetName] = update.DesktopWindowsTarget
+ if opt.Architecture == ArchArm64 {
+ updateOpt.Targets[constant.DesktopTUFTargetName] = update.DesktopWindowsArm64Target
+ } else {
+ updateOpt.Targets[constant.DesktopTUFTargetName] = update.DesktopWindowsTarget
+ }
// Override default channel with the provided value.
updateOpt.Targets.SetTargetChannel(constant.DesktopTUFTargetName, opt.DesktopChannel)
}
@@ -206,7 +214,7 @@ func BuildMSI(opt Options) (string, error) {
return "", fmt.Errorf("transform heat: %w", err)
}
- if err := wix.Candle(tmpDir, opt.NativeTooling, absWixDir); err != nil {
+ if err := wix.Candle(tmpDir, opt.NativeTooling, absWixDir, opt.Architecture); err != nil {
return "", fmt.Errorf("build package: %w", err)
}
@@ -215,6 +223,9 @@ func BuildMSI(opt Options) (string, error) {
}
filename := "fleet-osquery.msi"
+ if opt.Architecture == ArchArm64 {
+ filename = "fleet-osquery-arm64.msi"
+ }
if opt.NativeTooling {
filename = filepath.Join("build", filename)
}
@@ -299,13 +310,15 @@ func writePowershellInstallerUtilsFile(opt Options, rootPath string) error {
// writeManifestXML creates the manifest.xml file used when generating the 'resource_windows.syso' metadata
// (see writeResourceSyso). Returns the path of the newly created file.
-func writeManifestXML(vParts []string, orbitPath string) (string, error) {
+func writeManifestXML(vParts []string, orbitPath string, arch string) (string, error) {
filePath := filepath.Join(orbitPath, "manifest.xml")
tmplOpts := struct {
Version string
+ Arch string
}{
Version: strings.Join(vParts, "."),
+ Arch: arch,
}
var contents bytes.Buffer
@@ -429,7 +442,7 @@ func writeResourceSyso(opt Options, orbitPath string) error {
return fmt.Errorf("invalid version %s: %w", opt.Version, err)
}
- manifestPath, err := writeManifestXML(vParts, orbitPath)
+ manifestPath, err := writeManifestXML(vParts, orbitPath, opt.Architecture)
if err != nil {
return fmt.Errorf("creating manifest.xml: %w", err)
}
@@ -444,7 +457,7 @@ func writeResourceSyso(opt Options, orbitPath string) error {
vi.Walk()
outPath := filepath.Join(orbitPath, "resource_windows.syso")
- if err := vi.WriteSyso(outPath, "amd64"); err != nil {
+ if err := vi.WriteSyso(outPath, opt.Architecture); err != nil {
return fmt.Errorf("creating syso file: %w", err)
}
diff --git a/orbit/pkg/packaging/windows_templates.go b/orbit/pkg/packaging/windows_templates.go
index 70fd998b4566..3fb58d9652da 100644
--- a/orbit/pkg/packaging/windows_templates.go
+++ b/orbit/pkg/packaging/windows_templates.go
@@ -11,7 +11,8 @@ var ManifestXMLTemplate = template.Must(template.New("").Option("missingkey=erro
type="win32"
name="Fleet osquery"
version="{{.Version}}"
- processorArchitecture="*"/>
+ processorArchitecture="{{.Arch}}"
+ />
@@ -92,7 +93,7 @@ var windowsWixTemplate = template.Must(template.New("").Option("missingkey=error
-
+
diff --git a/orbit/pkg/packaging/windows_test.go b/orbit/pkg/packaging/windows_test.go
index 2b6e0729ab59..017ee05083ba 100644
--- a/orbit/pkg/packaging/windows_test.go
+++ b/orbit/pkg/packaging/windows_test.go
@@ -58,7 +58,7 @@ func TestCreateVersionInfo(t *testing.T) {
func TestWriteResourceSyso(t *testing.T) {
t.Run("removes intermediary manifest.xml file", func(t *testing.T) {
path := t.TempDir()
- opt := Options{Version: "1.2.3"}
+ opt := Options{Version: "1.2.3", Architecture: ArchAmd64}
err := writeResourceSyso(opt, path)
require.NoError(t, err)
diff --git a/orbit/pkg/packaging/wix/wix.go b/orbit/pkg/packaging/wix/wix.go
index b980620d53ca..70a90471921f 100644
--- a/orbit/pkg/packaging/wix/wix.go
+++ b/orbit/pkg/packaging/wix/wix.go
@@ -101,7 +101,7 @@ func darwinWineExecutable() (string, error) {
//
// See
// https://wixtoolset.org/documentation/manual/v3/overview/candle.html.
-func Candle(path string, native bool, localWixDir string) error {
+func Candle(path string, native bool, localWixDir string, arch string) error {
var args []string
if !native && localWixDir == "" {
@@ -124,10 +124,16 @@ func Candle(path string, native bool, localWixDir string) error {
args = append(args, wineExec)
}
}
+
+ wixArch := "x64"
+ if arch == "arm64" {
+ wixArch = "arm64"
+ }
+
args = append(args,
candlePath, "heat.wxs", "main.wxs", // command
"-ext", "WixUtilExtension",
- "-arch", "x64",
+ "-arch", wixArch,
)
cmd := exec.Command(args[0], args[1:]...)
diff --git a/orbit/pkg/update/options.go b/orbit/pkg/update/options.go
index 437b7ce77587..8613ffe9b9c7 100644
--- a/orbit/pkg/update/options.go
+++ b/orbit/pkg/update/options.go
@@ -54,6 +54,20 @@ var (
},
}
+ WindowsArm64Targets = Targets{
+ constant.OrbitTUFTargetName: TargetInfo{
+ Platform: "windows-arm64",
+ Channel: "stable",
+ TargetFile: "orbit.exe",
+ },
+ // NOTE: Currently osquery doesn't fully support ARM64, this is experimental
+ constant.OsqueryTUFTargetName: TargetInfo{
+ Platform: "windows-arm64",
+ Channel: "stable",
+ TargetFile: "osqueryd.exe",
+ },
+ }
+
WindowsTargets = Targets{
constant.OrbitTUFTargetName: TargetInfo{
Platform: "windows",
@@ -80,6 +94,12 @@ var (
TargetFile: constant.DesktopAppExecName + ".exe",
}
+ DesktopWindowsArm64Target = TargetInfo{
+ Platform: "windows-arm64",
+ Channel: "stable",
+ TargetFile: constant.DesktopAppExecName + ".exe",
+ }
+
DesktopLinuxTarget = TargetInfo{
Platform: "linux",
Channel: "stable",
diff --git a/orbit/pkg/update/options_windows.go b/orbit/pkg/update/options_windows_amd64.go
similarity index 100%
rename from orbit/pkg/update/options_windows.go
rename to orbit/pkg/update/options_windows_amd64.go
diff --git a/orbit/pkg/update/options_windows_arm64.go b/orbit/pkg/update/options_windows_arm64.go
new file mode 100644
index 000000000000..73d04ce1721a
--- /dev/null
+++ b/orbit/pkg/update/options_windows_arm64.go
@@ -0,0 +1,24 @@
+package update
+
+import (
+ "os"
+ "path/filepath"
+
+ "github.com/theupdateframework/go-tuf/client"
+)
+
+var defaultOptions = Options{
+ RootDirectory: `C:\Program Files\Orbit`,
+ ServerURL: DefaultURL,
+ RootKeys: defaultRootMetadata,
+ LocalStore: client.MemoryLocalStore(),
+ InsecureTransport: false,
+ Targets: WindowsArm64Targets,
+}
+
+func init() {
+ // Set root directory to value of ProgramFiles environment variable if not set
+ if dir := os.Getenv("ProgramFiles"); dir != "" {
+ DefaultOptions.RootDirectory = filepath.Join(dir, "Orbit")
+ }
+}
diff --git a/orbit/pkg/update/update.go b/orbit/pkg/update/update.go
index 11f4bd43d5b9..9b6e65eceac1 100644
--- a/orbit/pkg/update/update.go
+++ b/orbit/pkg/update/update.go
@@ -570,6 +570,8 @@ func goosFromPlatform(platform string) (string, error) {
return platform, nil
case "linux-arm64":
return "linux", nil
+ case "windows-arm64":
+ return "windows", nil
default:
return "", fmt.Errorf("unknown platform: %s", platform)
}
@@ -581,6 +583,8 @@ func goarchFromPlatform(platform string) ([]string, error) {
return []string{"amd64", "arm64"}, nil
case "windows":
return []string{"amd64"}, nil
+ case "windows-arm64":
+ return []string{"arm64"}, nil
case "linux":
return []string{"amd64"}, nil
case "linux-arm64":
diff --git a/orbit/tools/build/build-windows.go b/orbit/tools/build/build-windows.go
index 9fe5dc362c12..05eee3e8c2fc 100644
--- a/orbit/tools/build/build-windows.go
+++ b/orbit/tools/build/build-windows.go
@@ -28,6 +28,7 @@ func main() {
flagIcon := flag.String("icon", "windows_app.ico", "Path to the icon file to embed on the binary")
flagOutputBinary := flag.String("output", "output.exe", "Path to the output binary")
flagCmdDir := flag.String("input", "", "Path to the directory containing the utility to build")
+ flagArch := flag.String("arch", "amd64", "Target platform architecture (amd64,arm64)")
flag.Usage = func() {
zlog.Fatal().Msgf("Usage: %s -version -input -output \n", os.Args[0])
@@ -52,7 +53,7 @@ func main() {
}
// then we need to create the manifest.xml file
- manifestPath, err := writeManifestXML(vParts, *flagCmdDir)
+ manifestPath, err := writeManifestXML(vParts, *flagCmdDir, *flagArch)
if err != nil {
zlog.Fatal().Err(err).Msg("creating manifest.xml")
os.Exit(1)
@@ -75,7 +76,7 @@ func main() {
// resource_windows.syso is the resource file that is going to be picked up by golang compiler
outPath := filepath.Join(*flagCmdDir, "resource_windows.syso")
- if err := vi.WriteSyso(outPath, "amd64"); err != nil {
+ if err := vi.WriteSyso(outPath, *flagArch); err != nil {
zlog.Fatal().Err(err).Msg("creating syso file")
os.Exit(1)
}
@@ -87,7 +88,7 @@ func main() {
defer os.Remove(outPath)
// now we can build the binary
- if err := buildTargetBinary(*flagCmdDir, *flagVersion, *flagOutputBinary); err != nil {
+ if err := buildTargetBinary(*flagCmdDir, *flagVersion, *flagOutputBinary, *flagArch); err != nil {
zlog.Fatal().Err(err).Msg("error building binary")
os.Exit(1)
}
@@ -170,13 +171,15 @@ func createVersionInfo(vParts []string, iconPath string, manifestPath string) (*
// writeManifestXML creates the manifest.xml file used when generating the 'resource_windows.syso' metadata
// (see writeResourceSyso). Returns the path of the newly created file.
-func writeManifestXML(vParts []string, orbitPath string) (string, error) {
+func writeManifestXML(vParts []string, orbitPath, arch string) (string, error) {
filePath := filepath.Join(orbitPath, "manifest.xml")
tmplOpts := struct {
Version string
+ Arch string
}{
Version: strings.Join(vParts, "."),
+ Arch: arch,
}
var contents bytes.Buffer
@@ -193,7 +196,7 @@ func writeManifestXML(vParts []string, orbitPath string) (string, error) {
}
// Build the target binary for Windows
-func buildTargetBinary(cmdDir string, version string, binaryPath string) error {
+func buildTargetBinary(cmdDir string, version string, binaryPath string, arch string) error {
var buildExec *exec.Cmd
// convert relative to full output path
@@ -211,7 +214,7 @@ func buildTargetBinary(cmdDir string, version string, binaryPath string) error {
linkFlags := fmt.Sprintf("-X=github.com/fleetdm/fleet/v4/orbit/pkg/build.Version=%s", version)
buildExec = exec.Command("go", "build", "-ldflags", linkFlags, "-o", outputBinary)
}
- buildExec.Env = append(os.Environ(), "GOOS=windows", "GOARCH=amd64")
+ buildExec.Env = append(os.Environ(), "GOOS=windows", fmt.Sprintf("GOARCH=%s", arch))
buildExec.Stderr = os.Stderr
buildExec.Stdout = os.Stdout
buildExec.Dir = cmdDir
diff --git a/tools/tuf/download-artifacts/download-artifacts.go b/tools/tuf/download-artifacts/download-artifacts.go
index 2b7b8c5500fa..56222958b1df 100644
--- a/tools/tuf/download-artifacts/download-artifacts.go
+++ b/tools/tuf/download-artifacts/download-artifacts.go
@@ -81,10 +81,11 @@ func orbitCommand() *cli.Command {
},
Action: func(c *cli.Context) error {
return downloadComponents("goreleaser-orbit.yaml", gitTag, map[string]string{
- "macos": "orbit-macos",
- "linux": "orbit-linux",
- "linux-arm64": "orbit-linux-arm64",
- "windows": "orbit-windows",
+ "macos": "orbit-macos",
+ "linux": "orbit-linux",
+ "linux-arm64": "orbit-linux-arm64",
+ "windows": "orbit-windows",
+ "windows-arm64": "orbit-windows-arm64",
}, outputDirectory, githubUsername, githubAPIToken, retry)
},
}
@@ -139,10 +140,11 @@ func desktopCommand() *cli.Command {
},
Action: func(c *cli.Context) error {
return downloadComponents("generate-desktop-targets.yml", gitBranch, map[string]string{
- "macos": "desktop.app.tar.gz",
- "linux": "desktop.tar.gz",
- "linux-arm64": "desktop-arm64.tar.gz",
- "windows": "fleet-desktop.exe",
+ "macos": "desktop.app.tar.gz",
+ "linux": "desktop.tar.gz",
+ "linux-arm64": "desktop-arm64.tar.gz",
+ "windows": "fleet-desktop.exe",
+ "windows-arm64": "fleet-desktop-arm64.exe",
}, outputDirectory, githubUsername, githubAPIToken, retry)
},
}
@@ -252,7 +254,7 @@ func downloadComponents(workflowName string, headBranch string, artifactNames ma
if err := os.RemoveAll(outputDirectory); err != nil {
return err
}
- for _, osPath := range []string{"macos", "windows", "linux", "linux-arm64"} {
+ for _, osPath := range []string{"macos", "windows", "windows-arm64", "linux", "linux-arm64"} {
if err := os.MkdirAll(filepath.Join(outputDirectory, osPath), constant.DefaultDirMode); err != nil {
return err
}
@@ -301,17 +303,19 @@ func downloadComponents(workflowName string, headBranch string, artifactNames ma
urls["macos"] = *artifact.ArchiveDownloadURL
case *artifact.Name == artifactNames["windows"]:
urls["windows"] = *artifact.ArchiveDownloadURL
+ case *artifact.Name == artifactNames["windows-arm64"]:
+ urls["windows-arm64"] = *artifact.ArchiveDownloadURL
default:
fmt.Printf("skipping artifact name: %q\n", *artifact.Name)
}
}
- if len(urls) == 4 || !retry {
+ if len(urls) == 5 || !retry {
break
}
fmt.Printf("All artifacts are not available yet, the workflow might still be running, retrying in 60s...\n")
time.Sleep(60 * time.Second)
}
- if len(urls) != 4 {
+ if len(urls) != 5 {
return fmt.Errorf("missing some artifact: %+v", urls)
}
for osName, downloadURL := range urls {
@@ -373,10 +377,11 @@ func osquerydCommand() *cli.Command {
},
Action: func(c *cli.Context) error {
return downloadComponents("generate-osqueryd-targets.yml", gitBranch, map[string]string{
- "macos": "osqueryd.app.tar.gz",
- "linux": "osqueryd",
- "linux-arm64": "osqueryd-arm64",
- "windows": "osqueryd.exe",
+ "macos": "osqueryd.app.tar.gz",
+ "linux": "osqueryd",
+ "linux-arm64": "osqueryd-arm64",
+ "windows": "osqueryd.exe",
+ "windows-arm64": "osqueryd-arm64.exe",
}, outputDirectory, githubUsername, githubAPIToken, retry)
},
}
diff --git a/tools/tuf/releaser.sh b/tools/tuf/releaser.sh
index 1f15d1823bdc..73c345d5260c 100755
--- a/tools/tuf/releaser.sh
+++ b/tools/tuf/releaser.sh
@@ -91,18 +91,21 @@ promote_component_edge_to_stable () {
"$GIT_REPOSITORY_DIRECTORY/build/fleetctl" updates add --target "$REPOSITORY_DIRECTORY/targets/orbit/linux/edge/orbit" --platform linux --name orbit --version "$component_version" -t "$major.$minor" -t "$major" -t stable
"$GIT_REPOSITORY_DIRECTORY/build/fleetctl" updates add --target "$REPOSITORY_DIRECTORY/targets/orbit/linux-arm64/edge/orbit" --platform linux-arm64 --name orbit --version "$component_version" -t "$major.$minor" -t "$major" -t stable
"$GIT_REPOSITORY_DIRECTORY/build/fleetctl" updates add --target "$REPOSITORY_DIRECTORY/targets/orbit/windows/edge/orbit.exe" --platform windows --name orbit --version "$component_version" -t "$major.$minor" -t "$major" -t stable
+ "$GIT_REPOSITORY_DIRECTORY/build/fleetctl" updates add --target "$REPOSITORY_DIRECTORY/targets/orbit/windows-arm64/edge/orbit.exe" --platform windows-arm64 --name orbit --version "$component_version" -t "$major.$minor" -t "$major" -t stable
;;
desktop)
"$GIT_REPOSITORY_DIRECTORY/build/fleetctl" updates add --target "$REPOSITORY_DIRECTORY/targets/desktop/macos/edge/desktop.app.tar.gz" --platform macos --name desktop --version "$component_version" -t "$major.$minor" -t "$major" -t stable
"$GIT_REPOSITORY_DIRECTORY/build/fleetctl" updates add --target "$REPOSITORY_DIRECTORY/targets/desktop/linux/edge/desktop.tar.gz" --platform linux --name desktop --version "$component_version" -t "$major.$minor" -t "$major" -t stable
"$GIT_REPOSITORY_DIRECTORY/build/fleetctl" updates add --target "$REPOSITORY_DIRECTORY/targets/desktop/linux-arm64/edge/desktop.tar.gz" --platform linux-arm64 --name desktop --version "$component_version" -t "$major.$minor" -t "$major" -t stable
"$GIT_REPOSITORY_DIRECTORY/build/fleetctl" updates add --target "$REPOSITORY_DIRECTORY/targets/desktop/windows/edge/fleet-desktop.exe" --platform windows --name desktop --version "$component_version" -t "$major.$minor" -t "$major" -t stable
+ "$GIT_REPOSITORY_DIRECTORY/build/fleetctl" updates add --target "$REPOSITORY_DIRECTORY/targets/desktop/windows-arm64/edge/fleet-desktop.exe" --platform windows-arm64 --name desktop --version "$component_version" -t "$major.$minor" -t "$major" -t stable
;;
osqueryd)
"$GIT_REPOSITORY_DIRECTORY/build/fleetctl" updates add --target "$REPOSITORY_DIRECTORY/targets/osqueryd/macos-app/edge/osqueryd.app.tar.gz" --platform macos-app --name osqueryd --version "$component_version" -t "$major.$minor" -t "$major" -t stable
"$GIT_REPOSITORY_DIRECTORY/build/fleetctl" updates add --target "$REPOSITORY_DIRECTORY/targets/osqueryd/linux/edge/osqueryd" --platform linux --name osqueryd --version "$component_version" -t "$major.$minor" -t "$major" -t stable
"$GIT_REPOSITORY_DIRECTORY/build/fleetctl" updates add --target "$REPOSITORY_DIRECTORY/targets/osqueryd/linux-arm64/edge/osqueryd" --platform linux-arm64 --name osqueryd --version "$component_version" -t "$major.$minor" -t "$major" -t stable
"$GIT_REPOSITORY_DIRECTORY/build/fleetctl" updates add --target "$REPOSITORY_DIRECTORY/targets/osqueryd/windows/edge/osqueryd.exe" --platform windows --name osqueryd --version "$component_version" -t "$major.$minor" -t "$major" -t stable
+ "$GIT_REPOSITORY_DIRECTORY/build/fleetctl" updates add --target "$REPOSITORY_DIRECTORY/targets/osqueryd/windows-arm64/edge/osqueryd.exe" --platform windows-arm64 --name osqueryd --version "$component_version" -t "$major.$minor" -t "$major" -t stable
;;
*)
echo "Unknown component $component_name"
@@ -157,10 +160,12 @@ release_fleetd_to_edge () {
"$GIT_REPOSITORY_DIRECTORY/build/fleetctl" updates add --target "$ORBIT_ARTIFACT_DOWNLOAD_DIRECTORY/linux/orbit" --platform linux --name orbit --version "$VERSION" -t edge
"$GIT_REPOSITORY_DIRECTORY/build/fleetctl" updates add --target "$ORBIT_ARTIFACT_DOWNLOAD_DIRECTORY/linux-arm64/orbit" --platform linux-arm64 --name orbit --version "$VERSION" -t edge
"$GIT_REPOSITORY_DIRECTORY/build/fleetctl" updates add --target "$ORBIT_ARTIFACT_DOWNLOAD_DIRECTORY/windows/orbit.exe" --platform windows --name orbit --version "$VERSION" -t edge
+ "$GIT_REPOSITORY_DIRECTORY/build/fleetctl" updates add --target "$ORBIT_ARTIFACT_DOWNLOAD_DIRECTORY/windows-arm64/orbit.exe" --platform windows-arm64 --name orbit --version "$VERSION" -t edge
"$GIT_REPOSITORY_DIRECTORY/build/fleetctl" updates add --target "$DESKTOP_ARTIFACT_DOWNLOAD_DIRECTORY/macos/desktop.app.tar.gz" --platform macos --name desktop --version "$VERSION" -t edge
"$GIT_REPOSITORY_DIRECTORY/build/fleetctl" updates add --target "$DESKTOP_ARTIFACT_DOWNLOAD_DIRECTORY/linux/desktop.tar.gz" --platform linux --name desktop --version "$VERSION" -t edge
"$GIT_REPOSITORY_DIRECTORY/build/fleetctl" updates add --target "$DESKTOP_ARTIFACT_DOWNLOAD_DIRECTORY/linux-arm64/desktop.tar.gz" --platform linux-arm64 --name desktop --version "$VERSION" -t edge
"$GIT_REPOSITORY_DIRECTORY/build/fleetctl" updates add --target "$DESKTOP_ARTIFACT_DOWNLOAD_DIRECTORY/windows/fleet-desktop.exe" --platform windows --name desktop --version "$VERSION" -t edge
+ "$GIT_REPOSITORY_DIRECTORY/build/fleetctl" updates add --target "$DESKTOP_ARTIFACT_DOWNLOAD_DIRECTORY/windows-arm64/fleet-desktop.exe" --platform windows-arm64 --name desktop --version "$VERSION" -t edge
popd
}
@@ -179,7 +184,7 @@ create_fleetd_release_pr () {
# Create a new branch to cherry pick the changelog commit to.
git checkout -b "$BRANCH_NAME"
# Cherry pick the changelog commit to the new branch.
- git cherry-pick "${BRANCH_NAME}-changelog"
+ git cherry-pick "${BRANCH_NAME}-changelog"
# Create a new PR with the changelog.
gh pr create -f -B main -t "Update changelog for fleetd $VERSION release"
# Delete the changelog branch.
@@ -215,6 +220,7 @@ release_osqueryd_to_edge () {
"$GIT_REPOSITORY_DIRECTORY/build/fleetctl" updates add --target "$OSQUERYD_ARTIFACT_DOWNLOAD_DIRECTORY/linux/osqueryd" --platform linux --name osqueryd --version "$VERSION" -t edge
"$GIT_REPOSITORY_DIRECTORY/build/fleetctl" updates add --target "$OSQUERYD_ARTIFACT_DOWNLOAD_DIRECTORY/linux-arm64/osqueryd" --platform linux-arm64 --name osqueryd --version "$VERSION" -t edge
"$GIT_REPOSITORY_DIRECTORY/build/fleetctl" updates add --target "$OSQUERYD_ARTIFACT_DOWNLOAD_DIRECTORY/windows/osqueryd.exe" --platform windows --name osqueryd --version "$VERSION" -t edge
+ "$GIT_REPOSITORY_DIRECTORY/build/fleetctl" updates add --target "$OSQUERYD_ARTIFACT_DOWNLOAD_DIRECTORY/windows-arm64/osqueryd.exe" --platform windows-arm64 --name osqueryd --version "$VERSION" -t edge
popd
}
diff --git a/tools/tuf/test/create_repository.sh b/tools/tuf/test/create_repository.sh
index d2ff96a94b73..490dafe23c2b 100755
--- a/tools/tuf/test/create_repository.sh
+++ b/tools/tuf/test/create_repository.sh
@@ -23,7 +23,7 @@ if [[ -d "$TUF_PATH" ]]; then
exit 0
fi
-SYSTEMS=${SYSTEMS:-macos linux linux-arm64 windows}
+SYSTEMS=${SYSTEMS:-macos linux linux-arm64 windows windows-arm64}
echo "Generating packages for $SYSTEMS"
@@ -45,6 +45,9 @@ for system in $SYSTEMS; do
osqueryd_system="$system"
if [[ $system == "windows" ]]; then
osqueryd="$osqueryd.exe"
+ elif [[ $system == "windows-arm64" ]]; then
+ osqueryd="$osqueryd.exe"
+ osqueryd_system="windows-arm64"
elif [[ $system == "macos" ]]; then
osqueryd="$osqueryd.app.tar.gz"
osqueryd_system="macos-app"
@@ -80,12 +83,16 @@ for system in $SYSTEMS; do
if [[ $system == "windows" ]]; then
goarch_value="amd64"
fi
+ if [[ $system == "windows-arm64" ]]; then
+ goose_value="windows"
+ goarch_value="arm64"
+ fi
if [[ $system == "linux-arm64" ]]; then
goose_value="linux"
goarch_value="arm64"
fi
orbit_target=orbit-$system
- if [[ $system == "windows" ]]; then
+ if [[ $system == "windows" ]] || [[ $system == "windows-arm64" ]]; then
orbit_target="${orbit_target}.exe"
fi
@@ -197,6 +204,19 @@ for system in $SYSTEMS; do
rm fleet-desktop.exe
fi
+ # Add Fleet Desktop application on windows-arm64 (if enabled).
+ if [[ $system == "windows-arm64" && -n "$FLEET_DESKTOP" ]]; then
+ FLEET_DESKTOP_VERSION=42.0.0 \
+ make desktop-windows-arm64
+ ./build/fleetctl updates add \
+ --path $TUF_PATH \
+ --target fleet-desktop.exe \
+ --platform windows-arm64 \
+ --name desktop \
+ --version 42.0.0 -t 42.0 -t 42 -t stable
+ rm fleet-desktop.exe
+ fi
+
# Add Fleet Desktop application on linux (if enabled).
if [[ $system == "linux" && -n "$FLEET_DESKTOP" ]]; then
FLEET_DESKTOP_VERSION=42.0.0 \
diff --git a/tools/tuf/test/gen_pkgs.sh b/tools/tuf/test/gen_pkgs.sh
index f1fcddeb58f6..94b85b70132b 100755
--- a/tools/tuf/test/gen_pkgs.sh
+++ b/tools/tuf/test/gen_pkgs.sh
@@ -179,6 +179,30 @@ if [ -n "$GENERATE_MSI" ]; then
--update-url=$MSI_TUF_URL
fi
+if [ -n "$GENERATE_MSI_ARM64" ]; then
+ echo "Generating msi (arm64)..."
+ ./build/fleetctl package \
+ --type=msi \
+ --arch=arm64 \
+ ${FLEET_DESKTOP:+--fleet-desktop} \
+ --fleet-url=$MSI_FLEET_URL \
+ --enroll-secret=$ENROLL_SECRET \
+ ${USE_FLEET_SERVER_CERTIFICATE:+--fleet-certificate=./tools/osquery/fleet.crt} \
+ ${USE_UPDATE_SERVER_CERTIFICATE:+--update-tls-certificate=./tools/osquery/fleet.crt} \
+ ${INSECURE:+--insecure} \
+ ${DEBUG:+--debug} \
+ --update-roots="$ROOT_KEYS" \
+ --update-interval=10s \
+ --disable-open-folder \
+ ${USE_FLEET_CLIENT_CERTIFICATE:+--fleet-tls-client-certificate=./tools/test-orbit-mtls/client.crt} \
+ ${USE_FLEET_CLIENT_CERTIFICATE:+--fleet-tls-client-key=./tools/test-orbit-mtls/client.key} \
+ ${USE_UPDATE_CLIENT_CERTIFICATE:+--update-tls-client-certificate=./tools/test-orbit-mtls/client.crt} \
+ ${USE_UPDATE_CLIENT_CERTIFICATE:+--update-tls-client-key=./tools/test-orbit-mtls/client.key} \
+ ${FLEET_DESKTOP_ALTERNATIVE_BROWSER_HOST:+--fleet-desktop-alternative-browser-host=$FLEET_DESKTOP_ALTERNATIVE_BROWSER_HOST} \
+ ${ENABLE_SCRIPTS:+--enable-scripts} \
+ --update-url=$MSI_TUF_URL
+fi
+
echo "Packages generated."
if [[ $OSTYPE == 'darwin'* && -n "$INSTALL_PKG" ]]; then
diff --git a/tools/tuf/test/main.sh b/tools/tuf/test/main.sh
index 88ff63a025ad..0de8404f37ed 100755
--- a/tools/tuf/test/main.sh
+++ b/tools/tuf/test/main.sh
@@ -52,6 +52,6 @@ if [ -z "$SKIP_SERVER" ]; then
./tools/tuf/test/run_server.sh
fi
-if [ -n "$GENERATE_PKG" ] || [ -n "$GENERATE_DEB" ] || [ -n "$GENERATE_RPM" ] || [ -n "$GENERATE_MSI" ] || [ -n "$GENERATE_DEB_ARM64" ] || [ -n "$GENERATE_RPM_ARM64" ]; then
+if [ -n "$GENERATE_PKG" ] || [ -n "$GENERATE_DEB" ] || [ -n "$GENERATE_RPM" ] || [ -n "$GENERATE_MSI" ] || [ -n "$GENERATE_DEB_ARM64" ] || [ -n "$GENERATE_RPM_ARM64" ] || [ -n "$GENERATE_MSI_ARM64" ]; then
bash ./tools/tuf/test/gen_pkgs.sh
fi
diff --git a/tools/wix-docker/Dockerfile b/tools/wix-docker/Dockerfile
index f9b78915afd2..727e9b0b5fb5 100644
--- a/tools/wix-docker/Dockerfile
+++ b/tools/wix-docker/Dockerfile
@@ -11,7 +11,7 @@ RUN true \
unzip \
osslsigncode \
&& mkdir /wix \
- && rm -rf /var/lib/apt/lists/*
+ && rm -rf /var/lib/apt/lists/*
WORKDIR /home/wine
ENV HOME=/home/wine WINEPREFIX=/home/wine/.wine WINEARCH=win32 PATH="/home/wine/bin:$PATH" WINEDEBUG=-all
@@ -23,7 +23,7 @@ RUN wine wineboot && \
wget https://dl.winehq.org/wine/wine-mono/6.4.0/wine-mono-6.4.0-x86.msi -nv -O mono.msi \
&& wine msiexec /i mono.msi \
&& rm -f mono.msi \
- && wget https://github.com/wixtoolset/wix3/releases/download/wix3112rtm/wix311-binaries.zip -nv -O wix.zip \
+ && wget https://github.com/wixtoolset/wix3/releases/download/wix3141rtm/wix314-binaries.zip -nv -O wix.zip \
&& mkdir wix \
&& unzip wix.zip -d wix \
&& rm -f wix.zip \
@@ -31,4 +31,4 @@ RUN wine wineboot && \
&& rm -f /home/wine/make-aliases.sh \
&& mkdir $WINEPREFIX/drive_c/temp
-WORKDIR /wix
\ No newline at end of file
+WORKDIR /wix