2015-07-31 00:36:02 +03:00
|
|
|
// This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
// License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
|
|
//
|
|
|
|
// Contributor: Aaron Meihm ameihm@mozilla.com [:alm]
|
|
|
|
|
|
|
|
// The MIG loader is a simple bootstrapping tool for MIG. It can be scheduled
|
|
|
|
// to run on a host system and download the newest available version of the
|
|
|
|
// agent. If the loader identifies a newer version of the agent available, it
|
|
|
|
// will download the required files from the API, replace the existing files,
|
|
|
|
// and notify any existing agent it should terminate.
|
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
2016-02-18 20:10:32 +03:00
|
|
|
"bufio"
|
2015-07-31 00:36:02 +03:00
|
|
|
"bytes"
|
|
|
|
"compress/gzip"
|
|
|
|
"crypto/sha256"
|
|
|
|
"encoding/json"
|
2016-03-28 18:20:30 +03:00
|
|
|
"flag"
|
2015-07-31 00:36:02 +03:00
|
|
|
"fmt"
|
|
|
|
"github.com/jvehent/cljs"
|
|
|
|
"io"
|
|
|
|
"io/ioutil"
|
2018-07-11 20:11:22 +03:00
|
|
|
"github.com/mozilla/mig"
|
|
|
|
"github.com/mozilla/mig/mig-agent/agentcontext"
|
|
|
|
"github.com/mozilla/mig/pgp"
|
2015-07-31 00:36:02 +03:00
|
|
|
"net/http"
|
|
|
|
"net/url"
|
|
|
|
"os"
|
|
|
|
"runtime"
|
|
|
|
"strings"
|
|
|
|
"sync"
|
|
|
|
)
|
|
|
|
|
|
|
|
var ctx Context
|
|
|
|
var haveChanges bool
|
|
|
|
var apiManifest *mig.ManifestResponse
|
|
|
|
var wg sync.WaitGroup
|
|
|
|
|
|
|
|
func initializeHaveBundle() (ret []mig.BundleDictionaryEntry, err error) {
|
|
|
|
defer func() {
|
|
|
|
if e := recover(); e != nil {
|
|
|
|
err = fmt.Errorf("initializeHaveBundle() -> %v", e)
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
|
|
|
|
ret, err = mig.GetHostBundle()
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
ret, err = mig.HashBundle(ret)
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
2016-03-28 22:26:51 +03:00
|
|
|
logInfo("initialized local bundle information")
|
2015-07-31 00:36:02 +03:00
|
|
|
for _, x := range ret {
|
|
|
|
hv := x.SHA256
|
|
|
|
if hv == "" {
|
|
|
|
hv = "not found"
|
|
|
|
}
|
2016-03-28 22:26:51 +03:00
|
|
|
logInfo("%v %v -> %v", x.Name, x.Path, hv)
|
2015-07-31 00:36:02 +03:00
|
|
|
}
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
func requestManifest() (err error) {
|
|
|
|
defer func() {
|
|
|
|
if e := recover(); e != nil {
|
|
|
|
err = fmt.Errorf("requestManifest() -> %v", e)
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
|
2016-02-04 21:30:23 +03:00
|
|
|
murl := APIURL + "manifest/agent/"
|
2016-03-28 22:26:51 +03:00
|
|
|
logInfo("requesting manifest from %v", murl)
|
2015-07-31 00:36:02 +03:00
|
|
|
|
|
|
|
mparam := mig.ManifestParameters{}
|
|
|
|
mparam.AgentIdentifier = ctx.AgentIdentifier
|
|
|
|
buf, err := json.Marshal(mparam)
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
mstring := string(buf)
|
|
|
|
data := url.Values{"parameters": {mstring}}
|
|
|
|
r, err := http.NewRequest("POST", murl, strings.NewReader(data.Encode()))
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
r.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
2016-02-11 01:40:14 +03:00
|
|
|
r.Header.Add("X-LOADERKEY", ctx.LoaderKey)
|
2015-07-31 00:36:02 +03:00
|
|
|
client := http.Client{}
|
|
|
|
resp, err := client.Do(r)
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
defer resp.Body.Close()
|
|
|
|
body, err := ioutil.ReadAll(resp.Body)
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
var resource *cljs.Resource
|
|
|
|
err = json.Unmarshal(body, &resource)
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
|
2016-04-21 00:05:47 +03:00
|
|
|
if resp.StatusCode != http.StatusOK {
|
2016-02-04 21:49:53 +03:00
|
|
|
err = fmt.Errorf("HTTP %v, API call failed with error '%v' (code %s)", resp.StatusCode,
|
|
|
|
resource.Collection.Error.Message, resource.Collection.Error.Code)
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
|
2015-07-31 00:36:02 +03:00
|
|
|
// Extract our manifest from the response.
|
|
|
|
manifest, err := valueToManifest(resource.Collection.Items[0].Data[0].Value)
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
apiManifest = &manifest
|
2016-02-24 20:03:53 +03:00
|
|
|
err = apiManifest.Validate()
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
2016-08-19 00:17:41 +03:00
|
|
|
return checkManifestSignature(apiManifest, MANIFESTPGPKEYS[:])
|
2015-07-31 00:36:02 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
func valueToManifest(v interface{}) (m mig.ManifestResponse, err error) {
|
|
|
|
b, err := json.Marshal(v)
|
|
|
|
if err != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
err = json.Unmarshal(b, &m)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
func valueToFetchResponse(v interface{}) (m mig.ManifestFetchResponse, err error) {
|
|
|
|
b, err := json.Marshal(v)
|
|
|
|
if err != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
err = json.Unmarshal(b, &m)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
func fetchFile(n string) (ret []byte, err error) {
|
|
|
|
defer func() {
|
|
|
|
if e := recover(); e != nil {
|
|
|
|
err = fmt.Errorf("fetchFile() -> %v", e)
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
|
2016-02-04 22:07:26 +03:00
|
|
|
murl := APIURL + "manifest/fetch/"
|
2015-07-31 00:36:02 +03:00
|
|
|
|
2016-03-28 22:26:51 +03:00
|
|
|
logInfo("fetching file from %v", murl)
|
2015-07-31 00:36:02 +03:00
|
|
|
mparam := mig.ManifestParameters{}
|
|
|
|
mparam.AgentIdentifier = ctx.AgentIdentifier
|
|
|
|
mparam.Object = n
|
|
|
|
buf, err := json.Marshal(mparam)
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
mstring := string(buf)
|
|
|
|
data := url.Values{"parameters": {mstring}}
|
|
|
|
r, err := http.NewRequest("POST", murl, strings.NewReader(data.Encode()))
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
r.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
2016-02-11 01:40:14 +03:00
|
|
|
r.Header.Add("X-LOADERKEY", ctx.LoaderKey)
|
2015-07-31 00:36:02 +03:00
|
|
|
client := http.Client{}
|
|
|
|
resp, err := client.Do(r)
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
defer resp.Body.Close()
|
|
|
|
body, err := ioutil.ReadAll(resp.Body)
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
var resource *cljs.Resource
|
|
|
|
err = json.Unmarshal(body, &resource)
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Extract fetch response.
|
|
|
|
fetchresp, err := valueToFetchResponse(resource.Collection.Items[0].Data[0].Value)
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Decompress the returned file and return it as a byte slice.
|
|
|
|
b := bytes.NewBuffer(fetchresp.Data)
|
|
|
|
gz, err := gzip.NewReader(b)
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
ret, err = ioutil.ReadAll(gz)
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
func fetchAndReplace(entry mig.BundleDictionaryEntry, sig string) (err error) {
|
|
|
|
defer func() {
|
|
|
|
if e := recover(); e != nil {
|
|
|
|
err = fmt.Errorf("fetchAndReplace() -> %v", e)
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
|
|
|
|
// Grab the new file from the API.
|
|
|
|
filebuf, err := fetchFile(entry.Name)
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Stage the new file. Write the file recieved from the API to the
|
|
|
|
// file system and validate the signature of the new file to make
|
|
|
|
// sure it matches the signature from the manifest.
|
|
|
|
//
|
|
|
|
// Append .loader to the file name to use as the staged file path.
|
|
|
|
reppath := entry.Path + ".loader"
|
2016-04-26 17:39:43 +03:00
|
|
|
oldpath := entry.Path + ".old"
|
2016-04-04 03:47:02 +03:00
|
|
|
fd, err := os.OpenFile(reppath, os.O_CREATE|os.O_TRUNC|os.O_WRONLY,
|
|
|
|
entry.Perm)
|
2015-07-31 00:36:02 +03:00
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
_, err = fd.Write(filebuf)
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
fd.Close()
|
|
|
|
|
|
|
|
// Validate the signature on the new file.
|
2016-03-28 22:26:51 +03:00
|
|
|
logInfo("validating staged file signature")
|
2015-07-31 00:36:02 +03:00
|
|
|
h := sha256.New()
|
|
|
|
fd, err = os.Open(reppath)
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
buf := make([]byte, 4096)
|
|
|
|
for {
|
|
|
|
n, err := fd.Read(buf)
|
|
|
|
if err != nil {
|
|
|
|
if err == io.EOF {
|
|
|
|
break
|
|
|
|
}
|
|
|
|
fd.Close()
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
if n > 0 {
|
|
|
|
h.Write(buf[:n])
|
|
|
|
}
|
|
|
|
}
|
|
|
|
fd.Close()
|
|
|
|
if sig != fmt.Sprintf("%x", h.Sum(nil)) {
|
|
|
|
panic("staged file signature mismatch")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Got this far, OK to proceed with the replacement.
|
2016-04-26 17:39:43 +03:00
|
|
|
// Rename existing file first
|
|
|
|
logInfo("renaming existing file")
|
2016-04-30 00:19:01 +03:00
|
|
|
os.Rename(entry.Path, oldpath)
|
2016-04-26 17:39:43 +03:00
|
|
|
// Replace target file
|
2016-03-28 22:26:51 +03:00
|
|
|
logInfo("installing staged file")
|
2015-07-31 00:36:02 +03:00
|
|
|
err = os.Rename(reppath, entry.Path)
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
func checkEntry(entry mig.BundleDictionaryEntry) (err error) {
|
|
|
|
defer func() {
|
|
|
|
if e := recover(); e != nil {
|
|
|
|
err = fmt.Errorf("checkEntry() -> %v", e)
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
|
|
|
|
var compare mig.ManifestEntry
|
2016-03-28 22:26:51 +03:00
|
|
|
logInfo("comparing %v %v", entry.Name, entry.Path)
|
2015-07-31 00:36:02 +03:00
|
|
|
found := false
|
|
|
|
for _, x := range apiManifest.Entries {
|
|
|
|
if x.Name == entry.Name {
|
|
|
|
compare = x
|
|
|
|
found = true
|
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if !found {
|
2016-03-28 22:26:51 +03:00
|
|
|
logInfo("entry not in API manifest, ignoring")
|
2015-07-31 00:36:02 +03:00
|
|
|
return
|
|
|
|
}
|
|
|
|
hv := entry.SHA256
|
|
|
|
if hv == "" {
|
|
|
|
hv = "not found"
|
|
|
|
}
|
2016-03-28 22:26:51 +03:00
|
|
|
logInfo("we have %v", hv)
|
|
|
|
logInfo("they have %v", compare.SHA256)
|
2015-07-31 00:36:02 +03:00
|
|
|
if entry.SHA256 == compare.SHA256 {
|
2016-04-04 03:47:02 +03:00
|
|
|
logInfo("we have correct file, no need to replace")
|
|
|
|
return entryPermCheck(entry)
|
2015-07-31 00:36:02 +03:00
|
|
|
}
|
|
|
|
haveChanges = true
|
2016-03-28 22:26:51 +03:00
|
|
|
logInfo("refreshing %v", entry.Name)
|
2015-07-31 00:36:02 +03:00
|
|
|
err = fetchAndReplace(entry, compare.SHA256)
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2016-04-04 03:47:02 +03:00
|
|
|
// Check the file permissions set on a bundle entry and if they are
|
|
|
|
// incorrect fix the permissions
|
|
|
|
func entryPermCheck(entry mig.BundleDictionaryEntry) (err error) {
|
|
|
|
defer func() {
|
|
|
|
if e := recover(); e != nil {
|
|
|
|
err = fmt.Errorf("entryPermCheck() -> %v", e)
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
var fi os.FileInfo
|
|
|
|
fi, err = os.Stat(entry.Path)
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
if fi.Mode() != entry.Perm {
|
|
|
|
logInfo("%v has incorrect permissions, fixing", entry.Path)
|
|
|
|
err = os.Chmod(entry.Path, entry.Perm)
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2015-07-31 00:36:02 +03:00
|
|
|
// Compare the manifest that the API sent with our knowledge of what is
|
|
|
|
// currently installed. For each case there is a difference, we will
|
|
|
|
// request the new file and replace the existing entry.
|
|
|
|
func compareManifest(have []mig.BundleDictionaryEntry) (err error) {
|
|
|
|
defer func() {
|
|
|
|
if e := recover(); e != nil {
|
|
|
|
err = fmt.Errorf("compareManifest() -> %v", e)
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
|
|
|
|
for _, x := range have {
|
|
|
|
err := checkEntry(x)
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2016-08-19 00:17:41 +03:00
|
|
|
func checkManifestSignature(mr *mig.ManifestResponse, keylist []string) (err error) {
|
2016-02-04 23:12:19 +03:00
|
|
|
defer func() {
|
|
|
|
if e := recover(); e != nil {
|
|
|
|
err = fmt.Errorf("checkManifestSignature() -> %v", e)
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
|
|
|
|
var keys [][]byte
|
2016-08-19 00:17:41 +03:00
|
|
|
for _, pk := range keylist {
|
2016-02-04 23:12:19 +03:00
|
|
|
keys = append(keys, []byte(pk))
|
|
|
|
}
|
|
|
|
keyring, _, err := pgp.ArmoredKeysToKeyring(keys)
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
cnt, err := mr.VerifySignatures(keyring)
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
2016-03-28 22:26:51 +03:00
|
|
|
logInfo("%v valid signatures in manifest", cnt)
|
2016-02-04 23:12:19 +03:00
|
|
|
if cnt < REQUIREDSIGNATURES {
|
|
|
|
err = fmt.Errorf("Not enough valid signatures (got %v, need %v), rejecting",
|
|
|
|
cnt, REQUIREDSIGNATURES)
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2016-03-28 22:26:51 +03:00
|
|
|
func initContext() (err error) {
|
2015-07-31 00:36:02 +03:00
|
|
|
defer func() {
|
|
|
|
if e := recover(); e != nil {
|
|
|
|
err = fmt.Errorf("initContext() -> %v", e)
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
|
2017-09-11 23:02:42 +03:00
|
|
|
ctx.Logging, err = mig.InitLogger(LOGGINGCONF, "mig-loader")
|
2015-07-31 00:36:02 +03:00
|
|
|
if err != nil {
|
2016-03-28 22:26:51 +03:00
|
|
|
fmt.Fprintf(os.Stderr, "%v\n", err)
|
|
|
|
os.Exit(1)
|
2015-07-31 00:36:02 +03:00
|
|
|
}
|
2016-03-28 22:26:51 +03:00
|
|
|
wg.Add(1)
|
|
|
|
go func() {
|
|
|
|
var stop bool
|
|
|
|
for event := range ctx.Channels.Log {
|
|
|
|
stop, err = mig.ProcessLog(ctx.Logging, event)
|
|
|
|
if err != nil {
|
|
|
|
panic("unable to process log")
|
|
|
|
}
|
|
|
|
if stop {
|
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
|
|
|
wg.Done()
|
|
|
|
}()
|
|
|
|
logInfo("logging routine started")
|
|
|
|
|
2016-02-04 21:49:53 +03:00
|
|
|
ctx.LoaderKey = LOADERKEY
|
2015-07-31 00:36:02 +03:00
|
|
|
|
|
|
|
hints := agentcontext.AgentContextHints{
|
|
|
|
DiscoverPublicIP: DISCOVERPUBLICIP,
|
|
|
|
DiscoverAWSMeta: DISCOVERAWSMETA,
|
|
|
|
APIUrl: APIURL,
|
|
|
|
Proxies: PROXIES[:],
|
|
|
|
}
|
|
|
|
actx, err := agentcontext.NewAgentContext(ctx.Channels.Log, hints)
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
ctx.AgentIdentifier = actx.ToAgent()
|
2016-08-08 21:07:56 +03:00
|
|
|
ctx.AgentIdentifier.Tags = TAGS
|
2015-07-31 00:36:02 +03:00
|
|
|
|
2017-09-11 23:15:53 +03:00
|
|
|
ctx, err = initKeyring(ctx)
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
|
2015-07-31 00:36:02 +03:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2016-03-28 22:26:51 +03:00
|
|
|
func logInfo(s string, args ...interface{}) {
|
|
|
|
ctx.Channels.Log <- mig.Log{Desc: fmt.Sprintf(s, args...)}.Info()
|
|
|
|
}
|
|
|
|
|
|
|
|
func logError(s string, args ...interface{}) {
|
|
|
|
ctx.Channels.Log <- mig.Log{Desc: fmt.Sprintf(s, args...)}.Err()
|
|
|
|
}
|
|
|
|
|
2015-07-31 00:36:02 +03:00
|
|
|
func doExit(v int) {
|
|
|
|
close(ctx.Channels.Log)
|
|
|
|
wg.Wait()
|
|
|
|
os.Exit(v)
|
|
|
|
}
|
|
|
|
|
2016-02-18 20:10:32 +03:00
|
|
|
// Return the path to the expected loader key file location
|
|
|
|
func getLoaderKeyfile() string {
|
|
|
|
switch runtime.GOOS {
|
|
|
|
case "linux":
|
|
|
|
return "/etc/mig/mig-loader.key"
|
|
|
|
case "darwin":
|
|
|
|
return "/etc/mig/mig-loader.key"
|
2017-04-17 23:05:54 +03:00
|
|
|
case "windows":
|
|
|
|
return "C:\\mig\\mig-loader.key"
|
2016-02-18 20:10:32 +03:00
|
|
|
}
|
|
|
|
panic("loader does not support this operating system")
|
|
|
|
return ""
|
|
|
|
}
|
|
|
|
|
2016-03-04 20:46:05 +03:00
|
|
|
func loaderInitializePathLinux() error {
|
|
|
|
path := os.Getenv("PATH")
|
|
|
|
if path != "" {
|
|
|
|
path = path + ":"
|
|
|
|
}
|
|
|
|
path = path + "/bin:/sbin:/usr/bin:/usr/sbin"
|
|
|
|
return os.Setenv("PATH", path)
|
|
|
|
}
|
|
|
|
|
|
|
|
func loaderInitializePathDarwin() error {
|
|
|
|
path := os.Getenv("PATH")
|
|
|
|
if path != "" {
|
|
|
|
path = path + ":"
|
|
|
|
}
|
|
|
|
path = path + "/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"
|
|
|
|
return os.Setenv("PATH", path)
|
|
|
|
}
|
|
|
|
|
2017-04-17 23:05:54 +03:00
|
|
|
func loaderInitializePathWindows() error {
|
|
|
|
path := os.Getenv("PATH")
|
|
|
|
if path != "" {
|
|
|
|
path = path + ";"
|
|
|
|
}
|
|
|
|
path = path + "C:\\mig"
|
|
|
|
return os.Setenv("PATH", path)
|
|
|
|
}
|
|
|
|
|
2016-03-04 20:46:05 +03:00
|
|
|
func loaderInitializePath() error {
|
|
|
|
switch runtime.GOOS {
|
|
|
|
case "linux":
|
|
|
|
return loaderInitializePathLinux()
|
|
|
|
case "darwin":
|
|
|
|
return loaderInitializePathDarwin()
|
2017-04-17 23:05:54 +03:00
|
|
|
case "windows":
|
|
|
|
return loaderInitializePathWindows()
|
2016-03-04 20:46:05 +03:00
|
|
|
}
|
|
|
|
return fmt.Errorf("loader does not support this operating system")
|
|
|
|
}
|
|
|
|
|
2016-02-18 20:10:32 +03:00
|
|
|
// Attempt to obtain the loader key from the file system and override the
|
|
|
|
// built-in secret
|
|
|
|
func loadLoaderKey() error {
|
|
|
|
fd, err := os.Open(getLoaderKeyfile())
|
|
|
|
if err != nil {
|
|
|
|
if os.IsNotExist(err) {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
defer fd.Close()
|
|
|
|
buf, _, err := bufio.NewReader(fd).ReadLine()
|
|
|
|
if err != nil {
|
|
|
|
// Nothing in the loader key file
|
|
|
|
if err == io.EOF {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
return err
|
|
|
|
}
|
2016-04-26 00:44:17 +03:00
|
|
|
// Also trim any leading and trailing spaces from the loader key
|
|
|
|
LOADERKEY = strings.Trim(string(buf), " ")
|
2016-07-07 23:13:32 +03:00
|
|
|
err = mig.ValidateLoaderPrefixAndKey(LOADERKEY)
|
2016-04-26 00:44:17 +03:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2016-03-28 22:26:51 +03:00
|
|
|
ctx.LoaderKey = LOADERKEY
|
2016-02-18 20:10:32 +03:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2015-07-31 00:36:02 +03:00
|
|
|
func main() {
|
2016-03-28 18:20:30 +03:00
|
|
|
var (
|
|
|
|
initialMode bool
|
2017-04-17 23:05:54 +03:00
|
|
|
runService bool
|
2017-09-11 23:02:42 +03:00
|
|
|
confPath string
|
2017-05-26 18:23:41 +03:00
|
|
|
checkOnly bool
|
2016-03-28 18:20:30 +03:00
|
|
|
err error
|
|
|
|
)
|
2015-07-31 00:36:02 +03:00
|
|
|
runtime.GOMAXPROCS(1)
|
|
|
|
|
2017-05-26 18:23:41 +03:00
|
|
|
flag.BoolVar(&checkOnly, "c", false, "only check if agent is running")
|
2017-09-11 23:02:42 +03:00
|
|
|
flag.StringVar(&confPath, "f", configDefault(), "Load configuration from file")
|
2016-03-28 18:20:30 +03:00
|
|
|
flag.BoolVar(&initialMode, "i", false, "initialization mode")
|
2017-04-17 23:05:54 +03:00
|
|
|
flag.BoolVar(&runService, "s", false, "persistent service mode")
|
2016-03-28 18:20:30 +03:00
|
|
|
flag.Parse()
|
|
|
|
|
2017-09-11 23:02:42 +03:00
|
|
|
ctx.Channels.Log = make(chan mig.Log, 37)
|
|
|
|
|
|
|
|
err = configLoad(confPath)
|
|
|
|
if err != nil {
|
|
|
|
logInfo("warning: unable to load configuration from %v, using built-in configuration", confPath)
|
|
|
|
} else {
|
|
|
|
logInfo("using external configuration from %v", confPath)
|
|
|
|
}
|
|
|
|
|
2017-04-17 23:05:54 +03:00
|
|
|
if runService {
|
|
|
|
err = serviceMode()
|
|
|
|
if err != nil {
|
|
|
|
logError("%v", err)
|
|
|
|
}
|
|
|
|
doExit(0)
|
|
|
|
}
|
|
|
|
|
2016-03-28 22:26:51 +03:00
|
|
|
err = initContext()
|
2016-03-04 20:46:05 +03:00
|
|
|
if err != nil {
|
2016-03-28 22:26:51 +03:00
|
|
|
logError("%v", err)
|
2016-03-04 20:46:05 +03:00
|
|
|
doExit(1)
|
|
|
|
}
|
|
|
|
|
2016-03-28 22:26:51 +03:00
|
|
|
err = loaderInitializePath()
|
2016-02-18 20:10:32 +03:00
|
|
|
if err != nil {
|
2016-03-28 22:26:51 +03:00
|
|
|
logError("%v", err)
|
2016-02-18 20:10:32 +03:00
|
|
|
doExit(1)
|
|
|
|
}
|
2016-03-28 22:26:51 +03:00
|
|
|
err = loadLoaderKey()
|
2015-07-31 00:36:02 +03:00
|
|
|
if err != nil {
|
2016-03-28 22:26:51 +03:00
|
|
|
logError("%v", err)
|
|
|
|
doExit(1)
|
2015-07-31 00:36:02 +03:00
|
|
|
}
|
|
|
|
|
2016-03-28 18:20:30 +03:00
|
|
|
// Do any service installation that might be required for this platform
|
|
|
|
if initialMode {
|
|
|
|
err = serviceDeploy()
|
|
|
|
if err != nil {
|
|
|
|
logError("%v", err)
|
|
|
|
doExit(1)
|
|
|
|
}
|
2017-05-26 18:23:41 +03:00
|
|
|
} else if checkOnly {
|
|
|
|
err = agentRunning()
|
|
|
|
if err != nil {
|
|
|
|
logInfo("agent does not appear to be running, trying to start")
|
|
|
|
err = runTriggers()
|
|
|
|
if err != nil {
|
|
|
|
logError("%v", err)
|
|
|
|
doExit(1)
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
logInfo("agent looks like it is running")
|
|
|
|
}
|
|
|
|
doExit(0)
|
2016-03-28 18:20:30 +03:00
|
|
|
}
|
|
|
|
|
2015-07-31 00:36:02 +03:00
|
|
|
// Get our current status from the file system.
|
|
|
|
have, err := initializeHaveBundle()
|
|
|
|
if err != nil {
|
2016-03-28 22:26:51 +03:00
|
|
|
logError("%v", err)
|
2015-07-31 00:36:02 +03:00
|
|
|
doExit(1)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Retrieve our manifest from the API.
|
|
|
|
err = requestManifest()
|
|
|
|
if err != nil {
|
2016-03-28 22:26:51 +03:00
|
|
|
logError("%v", err)
|
2015-07-31 00:36:02 +03:00
|
|
|
doExit(1)
|
|
|
|
}
|
|
|
|
|
|
|
|
err = compareManifest(have)
|
|
|
|
if err != nil {
|
2016-03-28 22:26:51 +03:00
|
|
|
logError("%v", err)
|
2015-07-31 00:36:02 +03:00
|
|
|
doExit(1)
|
|
|
|
}
|
|
|
|
|
|
|
|
if haveChanges {
|
|
|
|
err = runTriggers()
|
|
|
|
if err != nil {
|
2016-03-28 22:26:51 +03:00
|
|
|
logError("%v", err)
|
2015-07-31 00:36:02 +03:00
|
|
|
doExit(1)
|
|
|
|
}
|
2016-02-23 23:00:17 +03:00
|
|
|
} else {
|
|
|
|
// If we don't have changes, just validate the agent is running,
|
|
|
|
// if it is not we will also execute the triggers to try to
|
|
|
|
// bump it.
|
|
|
|
err = agentRunning()
|
|
|
|
if err != nil {
|
2016-03-28 22:26:51 +03:00
|
|
|
logInfo("agent does not appear to be running, trying to start")
|
2016-02-23 23:00:17 +03:00
|
|
|
err = runTriggers()
|
|
|
|
if err != nil {
|
2016-03-28 22:26:51 +03:00
|
|
|
logError("%v", err)
|
2016-02-23 23:00:17 +03:00
|
|
|
doExit(1)
|
|
|
|
}
|
|
|
|
} else {
|
2016-03-28 22:26:51 +03:00
|
|
|
logInfo("agent looks like it is running")
|
2016-02-23 23:00:17 +03:00
|
|
|
}
|
2015-07-31 00:36:02 +03:00
|
|
|
}
|
|
|
|
doExit(0)
|
|
|
|
}
|