Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Connect: Make sure tsh auto-updates are turned off #49180

Merged
merged 3 commits into from
Nov 19, 2024

Conversation

ravicious
Copy link
Member

@ravicious ravicious commented Nov 19, 2024

This PR makes it so that tsh never attempts to auto-update itself when it's executed by Connect, as described in RFD 144.

I think I haven't missed any place. I verified that this works by starting Connect, starting an SSH session and a local terminal and then running ps eww <pid> | rg TELEPORT on the tsh daemon process and the tsh ssh process. I also verified that the env var is present in the local terminal session.

I also verified that the env var is set correctly on Windows in cmd.exe, pwsh.exe and wsl.exe and that the launch daemon receives the env var.

@ravicious ravicious added no-changelog Indicates that a PR does not require a changelog entry backport/branch/v17 labels Nov 19, 2024
@ravicious ravicious marked this pull request as ready for review November 19, 2024 12:05
@ravicious ravicious requested review from gzdunek and removed request for flyinghermit November 19, 2024 12:06
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@gzdunek I added this folder so we can start sorting shared files. I imagine we'd also want to create a folder called "universal" for files that are used both in the browser and in Node.js.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good idea.

<!-- Auto-updates are disabled because $HOME isn't available,
but let's also disable them explicitly anyway. -->
<key>TELEPORT_TOOLS_VERSION</key>
<string>off</string>
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The env vars available in the launch daemon process are just these:

TELEPORT_TOOLS_VERSION=off XPC_SERVICE_NAME=com.goteleport.tshdev.vnetd PATH=/usr/bin:/bin:/usr/sbin:/sbin XPC_FLAGS=1

@ravicious ravicious added this pull request to the merge queue Nov 19, 2024
Merged via the queue into master with commit 1936663 Nov 19, 2024
45 checks passed
@ravicious ravicious deleted the r7s/connect-client-updates branch November 19, 2024 15:55
@public-teleport-github-review-bot

@ravicious See the table below for backport results.

Branch Result
branch/v17 Create PR

ravicious added a commit that referenced this pull request Nov 19, 2024
* Add dir for code shared between Node.js processes

* Connect: Make sure tsh auto-updates are turned off

* Pass TELEPORT_TOOLS_VERSION=off to tsh vnet-daemon
@ravicious
Copy link
Member Author

github-merge-queue bot pushed a commit that referenced this pull request Dec 4, 2024
* Expose client tools auto update for find endpoint (#46785)

* Expose client tools auto update for find endpoint

* Group auto update settings in find response
Log error instead returning error
Add tests auto update settings in find endpoint
Add check for not implemented error

* Add more test cases

* Client AutoUpdate proto structure changes (#47532)

* Update client autoupdate proto structure

* Replace with reserved

* Fix unit tests

* Add more info in proto

* Rename proto to be aligned RFD namings

* Replace enum type for ToolsMode to string

* Add packaging utility for client tools auto updates (#47060)

* Add packaging utility for client tools auto updates

* Add error handling for close functions

* Move archive to existing utils package

* Move archive helpers to integration/helper
CR changes

* CR changes

* CR changes

* CR changes
Replace creating directory with extract path as argument

* CR changes

* Validate full size before un-archive
Extract files to extractDir with ignore dir structure

* Change compressing with relative paths
Add test for cleanup and fix skip logic

* CR changes

* CR changes

* Fix linter

* Client tools auto update (#47466)

* Add client tools auto update

* Replace fork for posix platform for re-exec
Move integration tests to client tools specific dir
Use context cancellation with SIGTERM, SIGINT
Remove cancelable tee reader with context replacement
Renaming

* Fix syscall path execution
Fix archive cleanup if hash is not valid
Limit the archive write bytes

* Cover the case with single package for darwin platform after v17

* Move updater logic to tools package

* Move context out from the library
Base URL renaming

* Add more context in comments

* Changes in find endpoint

* Replace test http server with `httptest`
Replace hash for bytes matching
Proper temp file close for archive download

* Add more context to comments

* Move feature flag to main package to be reused

* Constant rename

* Replace build tag with lib/modules to identify enterprise build

* Replace fips tag with modules flag

* Client auto updates integration for {tctl,tsh} (#47815)

* Client auto updates integration for tctl/tsh

* Add version validation
Fix recursive version check for darwin platform
Fix cleanup for multi-package support

* Fix identifying tools removal from home directory

* Replace ToolsMode with ToolsAutoUpdate

* Reuse insecure flag for tests

* Fix CheckRemote with login

* Fix windows administrative access requirement
Update must be able to be canceled, re-execute with latest version or last updated
Show progress bar before request is made

* Fix update cancellation for login action
Address review comments

* Add signal handler with stack context cancellation

* Use copy instead of hard link for windows
Fix progress bar if we can't receive size of package

* Replace with list in order to support manual cancel

* Download archive package to temp directory

* Decrease timeout for client tools proxy call

* Add audit logs for auto update resources (#48218)

* Connect: Make sure tsh auto-updates are turned off (#49180)

* Add dir for code shared between Node.js processes

* Connect: Make sure tsh auto-updates are turned off

* Pass TELEPORT_TOOLS_VERSION=off to tsh vnet-daemon

* Disable client tools auto update disabled if there are no home dir (#49159)

Move updater to general tools package

* Move client auto update helper to lib package (#49247)

---------

Co-authored-by: Rafał Cieślak <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport/branch/v17 no-changelog Indicates that a PR does not require a changelog entry size/sm ui
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants