Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[NixOS support] Run patchelf after autoupdate download #1468

Merged
merged 11 commits into from
Nov 22, 2023
Merged

[NixOS support] Run patchelf after autoupdate download #1468

merged 11 commits into from
Nov 22, 2023

Conversation

RebeccaMahany
Copy link
Contributor

@RebeccaMahany RebeccaMahany commented Nov 21, 2023
edited
Loading

Closes #1200

Relates to #896

Relates to #954

Testing notes

Tested on a NixOS 23.05 VM with a bespoke launcher installation.

Uploaded the binary and used patchelf --set-interpreter to patch it. Updated the launcher installation so that launcher.flag's localdev_path pointed to the updated binary. Removed all updates from the launcher updates directory, and adjusted the autoupdate interval to something short.

Waited for launcher to download a new update. Verified with patchelf --print-interpreter that the downloaded binary had been patched appropriately.

github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 21, 2023
View reviewed changes
ee/tuf/finalize_linux.go Fixed Show fixed Hide fixed
@RebeccaMahany RebeccaMahany marked this pull request as ready for review November 21, 2023 18:04
James-Pickett
James-Pickett previously approved these changes Nov 21, 2023
View reviewed changes
zackattack01
zackattack01 previously approved these changes Nov 21, 2023
View reviewed changes
directionless
directionless requested changes Nov 22, 2023
View reviewed changes
Copy link
Contributor

@directionless directionless left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Structure looks okay, but I don't think that's the way we should be working with the nix store

ee/tuf/finalize_linux.go Outdated Show resolved Hide resolved
ee/tuf/finalize_linux.go Outdated Show resolved Hide resolved
directionless
directionless approved these changes Nov 22, 2023
View reviewed changes
Copy link
Contributor

@directionless directionless left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm still not sure we're doing the patching correctly, but I think we can try and iterate

pkg/allowedcmd/cmd.go
Comment on lines +46 to +47
checkedIsNixOS = false
isNixOS = false
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could also use a pointer to a bool. But this is fine

@RebeccaMahany RebeccaMahany added this pull request to the merge queue Nov 22, 2023
Merged via the queue into kolide:main with commit 54774b3 Nov 22, 2023
24 checks passed
@RebeccaMahany RebeccaMahany deleted the becca/patchelf branch November 22, 2023 20:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@directionless directionless directionless approved these changes

@zackattack01 zackattack01 zackattack01 left review comments

@James-Pickett James-Pickett James-Pickett left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Nix will need some kind of finalization step on downloaded osqueryd binaries
4 participants
@RebeccaMahany @directionless @James-Pickett @zackattack01