v1.0.8

v1.0.8 has several updates and bug fixes. Some notable callouts:

• On windows, there is no longer a 2 minute delay on service startup. Further, this setting is adjusted on autoupdate.
• There are a handful of performance improvements relating to how timers are used
• There is a fix for two desktop icons appearing. Note while this fixes an underlying cause, it cannot clean up the stale icon. You will need to reboot (or manually kill the process) to repair

Table Changes

• Fix kolide_remotectl to account for Features array by @RebeccaMahany in #1174
• Fix kolide_mdmclient parsing by @RebeccaMahany in #1176

General

• Autoupdate: Small autoupdate improvements by @RebeccaMahany in #1119
• Control: adds control server accelertion on menu open event, adds more failsafes for shutting down desktop when parent gone by @James-Pickett in #1159
• Desktop: Add LastMenuUpdateTime to menu template variables, improved relativeTime to handle timestamps in the past by @seejdev in #1137
• Desktop: Allow future new menu item actions to be easier to introduce by @seejdev in #1186
• Desktop: Change menu template data to a map type by @seejdev in #1154
• Desktop: Fixed an edge case where no menu/icon shows up by @seejdev in #1179
• Desktop: Hide command prompt window when launching URLs on Windows by @seejdev in #1131
• Desktop: restructures desktop source layouts to differentiate between runner and user components by @James-Pickett in #1167
• Log process info on osqueryd init error by @RebeccaMahany in #1130
• Performance: Adding missing defer ticker.Stop() calls by @seejdev in #1132
• Performance: Increasing thrift's ServerConnectivityCheckInterval from 5ms to 100ms by @seejdev in #1173
• Reducing spammy log messages by @seejdev in #1153
• Use text/template instead of html/template in packagekit by @directionless in #1184
• Introducing Flags interface, with implementation for control server related flags by @seejdev in #1114
• Moving remaining launcher flags to Knapsack by @seejdev in #1138
• Pass knapsack in to tuf autoupdater to simplify configuration by @RebeccaMahany in #1168
• Removing unnecessary Knapsack/Flags setters by @seejdev in #1170

Build and Package

• Add CodeQL workflow for GitHub code scanning by @lgtm-com in #933
• Cross-compile for Linux by @RebeccaMahany in #1152
• Fixing a nondeterministic flag controller test by @seejdev in #1134
• Make test failures more specific to track down flaky TUF test by @RebeccaMahany in #1162
• Modify registry data to adjust Windows service configuration by @RebeccaMahany in #1156
• Replace delayed auto-start with service dependency in Wix configuration by @RebeccaMahany in #1142
• Update build environment to macos-12 @RebeccaMahany in #1151
• Update Go 1.20.4 by @seejdev in #1182
• Update Go to 1.20 by @seejdev in #1172
• Update gopsutil module to v3 by @seejdev in #1133
• Update krypto library by @seejdev in #1164
• Update osquery-go package to latest by @seejdev in #1171
• Update osquery-go version to get distributed stats by @RebeccaMahany in #1163
• Use kolide/toast fork by @RebeccaMahany in #1136

Full Changelog: v1.0.7...v1.0.8

v1.0.7

v1.0.7 is a small patch to v1.0.6, it fixes a missing case in the kolide_softwareupdate and improves how Kolide Desktop finds console users on windows.

Table Changes

• Add kolide_softwareupdate_scan table by @RebeccaMahany in #1126
• Add UpToDate key to kolide_softwareupdate tables when there are no recommended updates by @RebeccaMahany in #1127

General

• Add option to include stderr with stdout for execparser by @RebeccaMahany in #1129
• Autoupdate: Add library manager to handle TUF downloads by @RebeccaMahany in #1111
• Desktop: Add additional context to error messages during user lookup by @directionless in #1124
• Desktop: Allowing Windows to find console users without requiring User.UiD by @seejdev in #1128

Full Changelog: v1.0.6...v1.0.7

v1.0.6

v1.0.6 is a small release. It adds a new software update table and functionality to the control server to improve the device trust flow.

Table Changes

• Additional tables to expose data from the new TUF autoupdater by @RebeccaMahany in #1103
• Add kolide_softwareupdate table by @RebeccaMahany in #1123

General

• Autoupdate: Run TUF side-by-side with notary by @RebeccaMahany in #1081
• Autoupdate: Don't return an error during TUF errorlog cleanup (fixes raciness in Test_cleanUpOldErrors) by @RebeccaMahany in #1107
• Autoupdate: Point to production TUF infra by @RebeccaMahany in #1108
• Autoupdate: Perform retry on TUF update by @RebeccaMahany in #1110
• Localserver: Add endpoint to trigger control data fetch by @James-Pickett in #1099
• Localserver: adds logic and endpoint to accelerate control server fetch interval by @James-Pickett in #1105
• Localserver: Handle more developer URLs by @directionless in #1113
• Localserver: bufferedHttpResponse makes http.Header if nil when accessed by @James-Pickett in #1115
• Localserver: fix dropped error by @alrs in #1118
• Desktop: adds server for desktop process to monitor parent by @James-Pickett in #1109
• Desktop: Made relativeTime text output title case to match k2 style by @seejdev in #1112
• Desktop Updated menu template tests to use backticks by @seejdev in #1121
• bbolt begone: Phase 2 by @seejdev in #1102

Build and Package

• Bump to golang 1.19.8 to address govulncheck issues by @RebeccaMahany in #1120

Full Changelog: v1.0.3...v1.0.6

v1.0.3

This release represents a big step for the Kolide Agent as a product, and as such, we have opted to declare this 1.0. 🎉

Huge shoutouts to everyone who's contributed over the years. We have come a long way.

There are significant improvement in the Kolide Agent's EE features. These are under the Kolide Desktop process -- including a new menubar setup and notifications. This allows the Kolide SaaS to provide timely information directly to users.

The Open Source side of things remains much the same.

Table Changes

• converts kolide_server_data table to be generic launcher_db table, adds table for agent_flags by @James-Pickett in #1092

General

• Fix log stream error relating to notifications by @RebeccaMahany in #1096
• Lower log verbosity during desktop runner shutdown by @James-Pickett in #1095
• Add local key info to initial enrollment request by @directionless in #1032
• Add default certs to interactive mode if no cert set as flag by @James-Pickett in #1054
• Fix CI by ignoring a process.Wait() in runner users process test by @James-Pickett in #1053
• bumps up log write timeout in test to 4 seconds in effort to reduce flakeyness in CI by @James-Pickett in #1055
• Add additional log checkpoint information by @directionless in #1070
• Adds flag to run ee componments regardless of server url by @James-Pickett in #1069
• Update docs for process spawning enabled by @RebeccaMahany in #1076
• Begin adding internal interfaces -- bbolt begone: phase 1 by @seejdev in #1062
• Consolidating agent temp path/dir creation to a single function by @seejdev in #1015
• Add docs + script for using Multipass by @RebeccaMahany in #1043
• Control: Revert disabling control server by @RebeccaMahany in #1024
• Control: Add auth to control server requests by @RebeccaMahany in #1020
• Control: Several small updates by @directionless in #1026
• Localserver: adds hardware signer to local server ec middleware, moar tests by @James-Pickett in #1025
• Localserver: query over localserver by @James-Pickett in #1030
• Localserver: removes v1 krypto from local server by @James-Pickett in #1044
• Localserver: Remove debugging output from localserver by @blaedj in #1058
• Localserver: adds endpoint to run scheduled queries on demand over by @James-Pickett in #1064
• Desktop: Add Menu icons and generator function by @directionless in #1018
• Desktop: Update and improve icons @seejdev in #1036, #1045, #1060, #1077
• Desktop: Limit spawning to human console users only by @seejdev in #1035
• Desktop: Don't run as root on macOS by @RebeccaMahany in #1049
• Desktop: Monitor correct parent process by @RebeccaMahany in #1050
• Desktop: Activation actions for notifications by @RebeccaMahany in #1017
• Desktop: Ensure one malformed notification doesn't prevent us from processing the rest of the batch by @RebeccaMahany in #1063
• Desktop: Support notification actions for Ubuntu 22.04/Wayland by @RebeccaMahany in #1065
• Desktop: Using Kolide's fork of systray by @seejdev in #1021
• Desktop: Flag day for the new menu format by @directionless in #1088
• Desktop: Fix stale menus by @seejdev in #1052
• Desktop: Periodically refresh the desktop menu by @seejdev in #1079
• Desktop: Template functions to support relative times in menu items by @seejdev in #1078
• Desktop: Integrating new icons into menu bar by @seejdev in #1031
• Desktop: Fix double read from an io.Reader inside the menu generation by @directionless in #1038
• Desktop: Improve menu items to allow templated strings by @seejdev in #992
• Desktop: Remove NonProdOnly and rename IsSeparator to Separator by @directionless in #1042
• Desktop: Dark mode support for macOS & Windows by @seejdev in #1048
• Desktop: Fixed dark mode support on macOS by @seejdev in #1066
• Desktop: Fix desktop not running on restart by @seejdev in #1094

Build and Package

• Address GO-2023-1568, GO-2023-1571 by @RebeccaMahany in #1039
• Bump golang.org/x/image from 0.3.0 to 0.5.0 by @dependabot in #1040
• Bump go version from 1.19.6 to 1.19.7 to address crypto vuln GO-2023-1621 by @James-Pickett in #1087
• Backmerge 0.13.6 into main by @RebeccaMahany in #1023

Full Changelog: v0.13.5...v1.0.3

v0.13.6

This release disables an internal tool that was connecting to localhost:3000. This was not intended to go live, and was an inadvertent addition to v0.13.5.

What's Changed

• Disable connections to localhost:3000 by @RebeccaMahany in #1022

Full Changelog: v0.13.5...v0.13.6

v0.13.5

This release changes how launcher identifies itself to K2. Previously, we used RSA and AES to secure some communication, now we use ECC keys and NaCl boxes. This changes parts of the Device Trust Authentication flow.

But the bulk if changes are changes to how upcoming features (Kolide Desktop and it's control protocol) will work. As these features are disabled outside of Kolide's test environment, these should be low impact.

Table Changes

(None)

General

• Control server phase 3: Desktop subsystem implementation by @seejdev in #984
• Persist lastFetched control data across launcher restarts by @seejdev in #990
• Let launcher choose debug icon when running in non-prod by @seejdev in #1014
• First pass at notifications by @RebeccaMahany in #985
• Use dispatch semaphore to signal completion of notifications by @RebeccaMahany in #991
• Small notification adjustments for Darwin by @RebeccaMahany in #1001
• Enable Kolide Desktop, for internal kolide PRs by @seejdev in #1002
• Enable desktop for linux by @RebeccaMahany in #983
• Name changes for desktop / control server systems by @seejdev in #987
• Run desktop process with launchctl asuser so that notifications work by @RebeccaMahany in #1003
• Add ECC Key Support by @directionless in #993
• updates local server the handle new challenge protocol with ecc keys by @James-Pickett in #1000
• Add png encoding back by @directionless in #1004
• adds kolide-krypto header to v2 local server krypto by @James-Pickett in #1005
• makes ec middleware test valid, adds some sanity assertions to test by @James-Pickett in #1006
• Disable hardware keys by @James-Pickett in #1008
• adds local key and hardware key to launcher_info table, fixes vscode debugging, increases local server write timeout by @James-Pickett in #1012
• adds timeout to console users func on local server request id, returns empty array of users if error by @James-Pickett in #1011
• Add documentation on research for user context/secure enclave/notifications by @RebeccaMahany in #1009
• Update README by @directionless in #981

Build and Package

• Entitlements File by @directionless in #996
• Update Entitlements by @directionless in #998
• update krypto, go mod tidy by @James-Pickett in #997
• entitlements-application-identifier by @James-Pickett in #999
• Bump github.com/docker/distribution from 2.7.1+incompatible to 2.8.0+incompatible by @dependabot in #989
• Compile launcher Windows as a GUI binary to avoid cmd window prompts by @seejdev in #1007

Full Changelog: v0.13.2...v0.13.5

v0.13.2

This release is the first in the v0.13 line. It moves parts of the underlying macOS install to being an Application Bundle.

Table Changes

• New kolide_remotectl table for macOS by @RebeccaMahany in #915
• Removing old references to target_membership table by @seejdev in #957
• Add kolide_xfconf table for devices using xfce by @RebeccaMahany in #948
• Remove launcher specific tables when running in interactive mode. by @seejdev in #960

General

• Adding clang format file for local use by @seejdev in #912
• updates consoleuser.CurrentUids on macOS to examine kCGSSessionOnConsoleKey when determining console user by @James-Pickett in #911
• kills desktop process if initial ping fails by @James-Pickett in #914
• Create app bundle for launcher during build process by @RebeccaMahany in #923
• Small Makefile Fixes by @directionless in #925
• Build launcher app bundle in build/darwin./ by @RebeccaMahany in #926
• Upgrade go to 1.19.3 by @directionless in #927
• When shipping app bundle, ship launcher binary as symlink by @RebeccaMahany in #929
• Revert "When shipping app bundle, ship launcher binary as symlink" by @RebeccaMahany in #931
• Point to newest binary inside most recently updated app bundle if available by @RebeccaMahany in #932
• Replace errors.Wrap() with fmt.Errorf() by @James-Pickett in #937
• updates launcher interactive to find latest osquery binary when no osquery path provided by @James-Pickett in #941
• kolide server data table by @James-Pickett in #940
• Change file extension to .json for debug log by @RebeccaMahany in #944
• Set stdin when running launcher in interactive mode on Windows by @RebeccaMahany in #945
• ioutil deprecation by @RebeccaMahany in #946
• Lock version for ubuntu build container to 20.04 by @RebeccaMahany in #949
• Lock build container image for macOS to 11 by @RebeccaMahany in #950
• Packaging for app bundle by @RebeccaMahany in #934
• Add post-create-command script for vscode's dev containers by @RebeccaMahany in #958
• Do not rely on environment variable in parallel tests by @RebeccaMahany in #962
• remove windows cmd prompt on desktop start by @James-Pickett in #964
• Control server phase 1 by @seejdev in #961
• bump to go 1.19.4 by @James-Pickett in #965
• Removed control options from packaging code. by @seejdev in #967
• Control flags compatibility by @seejdev in #968
• Add provisioning profile for Kolide endpoint agent by @RebeccaMahany in #971
• Update filename for provisioning profile by @RebeccaMahany in #972
• Move app bundle install location out of bin directory; create launcher symlink in bin directory by @RebeccaMahany in #975
• Ensure we always put app bundle updates in the bin directory by @RebeccaMahany in #977
• Launcher needs an uninstall by @seejdev in #924
• Replaced deprecated set-output usage by @seejdev in #974
• Control server phase 2 by @seejdev in #966
• Ensure findnew finds the updates dir even with the new app bundle location by @RebeccaMahany in #980
• Ensure Windows launcher prints version to console on launcher.exe version by @RebeccaMahany in #982

Full Changelog: v0.12.3...v0.13.2

v0.12.3

This release brings in many new tables, always exciting to see them.

This also introduces the ee directory. This represent a portion of the Launcher code that is not open source. See license and comments. This is not expected to impact open source builds.

Tables

• Add kolide_apple_silicon_security_policy table to capture the boot policies on Apple Silicon Macs by @seejdev in #890
• Add kolide_dev_table_tooling table to capture output of allowed commands by @seejdev in #881
• Add kolide_dsregcmd table, and a new abstraction for exec and parse by @directionless in #901
• Add kolide_falcon_kernel_check table to capture CrowdStrike status data by @seejdev in #888
• Add kolide_falconctl_stats table for macOS by @FritzX6 in #858
• Add kolide_falconctl_systags and kolide_falconctl_options tables by @directionless in #903
• Add kolide_firefox_preferences table by @goronfreeman in #863
• Add kolide_macos_available_products table by @seejdev in #908
• Add kolide_macos_recommended_updates table by @seejdev in #904
• Fix table names to start with kolide_ by @directionless in #910
• Update error messages from kolide_airport_util table by @seejdev in #892

General

• Create EE directory by @directionless in #861
• Update project workflows by @directionless in #893
• Simple helper function for testing launcher by @directionless in #724
• Add instructions and files for vs code debugging - v0.2 by @James-Pickett in #897
• Fix typo in error output of exec function by @FritzX6 in #853
• Add launcher generated RSA keys to local database by @directionless in #855
• Dataflatten tables should not error out on exec failure by @directionless in #856
• Add a local http server designed to communicate with the Kolide SaaS in by @directionless in #864, #870, #874
• Add additional information to the local http server by @James-Pickett in #905
• Add Kolide Desktop as an expirmental local interface, this should be limited to Kolide Staff by @James-Pickett in #854, #859, #862, #867, #869, #875, #883, #884, #887, #891

Build and Package

• Add govulncheck by @James-Pickett in #880
• Fix flakey desktop runner tests by @James-Pickett in #909
• Move the augeas lens assets to using fsutil.CopyFSToDisk by @directionless in #899
• Rename the main git branch from master to main by @directionless in #860
• Upgrade go to 1.19 by @James-Pickett in #879
• Upgrade go to 1.19.2 to address tar vuln by @James-Pickett in #906
• Upgrade kolide/kit and handle fs to fsutil rename by @directionless in #871
• Upgraded golang.org/x/net to patch vuln go-2022-0969 by @James-Pickett in #885
• increased timeouts and reduced parallelism for flakey tests by @James-Pickett in #889

New Contributors

• @goronfreeman made their first contribution in #863
• @seejdev made their first contribution in #881

Full Changelog: v0.12.1...v0.12.3

v0.12.1

This release removes the Rosetta dependancy. Though both launcher and osquery have been universal binaries for some time, the launcher package still depended on Rosetta. No more! 🎉

Additionally, launcher now includes an "interactive" mode. This is similar to running osqueryi, but includes the launcher provided tables. Check out launcher interactive.

Tables

• Add persistence to osquery_instance_history table (#831)

General

• Remove Rosetta dependancies (#838, #839)
• Launcher interactive mode (#841, #845, #846)
• Correctly drop logs that are too big (#847)
• updated checkpoint logs to be more clear (#835)
• Exempt tls from --extensions_require (#842)
• fix bug where waiting for socket to become available was using timer instead of ticker (#849)
• Rename the initial kolide plugin to kolide_grpc (#851)

Build and Package

• test: use T.TempDir to create temporary test directory (#834)
• disabled watifor tests on macos due to flakeyness (#844)
• added w flag to postinstall-launchd.sh launchctl command so agent always marked as enabled (#843)

New Contributors

• @Juneezee made their first contribution in #834

Full Changelog: v0.11.26...v0.12.1

v0.11.26

This release reorders some of the startup and enrollment behaviors. We hope this can resolve some of the initial enrollment issues that crop up from time to time.

Tables

• Add airport table, update dataflatten to handle common map case by @James-Pickett in #814

General

• Add additional information to the log checkpoints by @directionless in #810
• Add helper to run a function using setuid by @directionless in #809
• updated socket mode to include launcher tables, added kolide_launcher_osquery_instance_history table by @James-Pickett in #806
• converted updater initial delay to select statement, updated updater logging to specify binary being updated by @James-Pickett in #812
• Adjust some osquery locks by @directionless in #816
• Updates tests to stop occasional failing by @James-Pickett in #817
• Changes to Enrollment by @directionless in #819
• split pkg/osquery/runtime/runtime.go into separate files for osquery instance and runner by @James-Pickett in #822
• Use two ExtensionManagerServer threads by @directionless in #823
• Write NodeKey during startup by @directionless in #829
• moved enrollment mutext to lock before node key fetch in enroll func by @James-Pickett in #830

Build and Package

• Fix the duplicate GitHub Actions by @directionless in #820
• Bump github.com/gogo/protobuf from 1.2.0 to 1.3.2 by @dependabot in #811
• Add macOS universal builds to GitHub Actions by @directionless in #824
• Workflow should build on tags as well by @directionless in #832

Full Changelog: v0.11.25...v0.11.26