-
-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
release: adding nupkg cpack build option, updating win deployment script #6262
Conversation
9cbbf21
to
f17a839
Compare
I'm going to follow-up this PR with some documentation on how to build this package. |
f17a839
to
ee3d624
Compare
This addresses #6248 |
ee3d624
to
8a737cd
Compare
8a737cd
to
f1cfa6b
Compare
cmake/packaging.cmake
Outdated
- Check that the file hash of the osqueryd.exe binary is correct: | ||
``` | ||
PS C:\\Users\\thor> (Get-FileHash -Algorithm sha256 'C:\\Program Files\\osquery\\osqueryd\\osqueryd.exe').Hash | ||
<Fill in with osqueryd.exe Sha256 before publishing to Chocolatey> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't really like doing it like this, but I'm not sure howe to get the file digest of the osqueryd.exe binary before cpack
is invoked. Right now we already need to manually swap out the binaries with the signed versions before calling cpack
anyway, so I'm going to say we just manually update the verification.txt
, unless someone smarter than I in cmake can tell me how to get the sha256 of osqueryd.exe at this point :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can add a custom command that runs after the build of a target, check this https://cmake.org/cmake/help/v3.16/command/add_custom_command.html and POST_BUILD.
EDIT: It's important to note though that this will run only if the target has not already been built, so for instance if you have a case where this has to be run always before packaging (but on the result of a target), and a previous saved value/result is not correct, this won't work.
If though is possible to create some dependency on some file which if it's not there, then the command has to be launched, then you can use a normal custom command that depends on such file and that runs each time it's missing.
There are also some other ways, depending on the specific behavior you want to obtain.
aed6295
to
a4d0054
Compare
cmake/packaging.cmake
Outdated
file(COPY "${CMAKE_SOURCE_DIR}/tools/wel/osquery.man" DESTINATION "${CMAKE_BINARY_DIR}/package/wix") | ||
install(FILES "${CMAKE_BINARY_DIR}/package/wix/osquery.man" DESTINATION .) | ||
file(WRITE "${CMAKE_BINARY_DIR}/package/${win_packager}/VERIFICATION.txt" " | ||
VERIFICATION |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you put this file into ./tools (into an appropriate sub folder) and then copy it similar to how CMake is copying other files.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I could, the issue I was originally having, and why this is here, is I wanted to grab the hashes of the built binaries and have them be included in this file. For now I'll just remove the pre-computed hashes and maybe that can be a follow-up for us, as I don't think it's required.
Where did we leave this? |
@directionless thanks for the ping! I didn't have a huge amount of time to get things fixed up, I think there's one or two more small bits that need addressing, I'll take another look tonight but I believe we could get this shipped and maybe cut a follow-up PR/Issue to track the additional bits that might need doing. |
e2bd231
to
056af4b
Compare
056af4b
to
cd51446
Compare
I believe all of the issues with this have been addressed. Any chance I could get another review and we could get this shipped? I'm VERY behind on shipping the osquery 4.3.0 chocolatey packages, and having this landed upstream would be extremely useful for anyone else wishing to build choco packages. Sorry for my delays y'all! |
cd51446
to
3619b2a
Compare
Summary:
This brings the NuGet packaging option to cpack. We can now produce Chocolatey/NuGet packages as well as MSI packages for Windows.
Test Plan:
Clean install of osquery
Upgrade of osquery, installation from upstream choco latest stable version
Uninstalling osquery from system: