From 4df0fd3374ba695024184ee09b3476d1869fb688 Mon Sep 17 00:00:00 2001 From: seph Date: Tue, 3 Oct 2023 15:13:40 -0400 Subject: [PATCH] Move the initial `osquery --version` to using runsimple (#1379) --- cmd/launcher/launcher.go | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/cmd/launcher/launcher.go b/cmd/launcher/launcher.go index 83bb77748..c175e0d1b 100644 --- a/cmd/launcher/launcher.go +++ b/cmd/launcher/launcher.go @@ -1,6 +1,7 @@ package main import ( + "bytes" "context" "crypto/tls" "crypto/x509" @@ -9,7 +10,6 @@ import ( "net" "net/http" "os" - "os/exec" "os/signal" "path/filepath" "runtime" @@ -48,6 +48,7 @@ import ( "github.com/kolide/launcher/pkg/log/logshipper" "github.com/kolide/launcher/pkg/log/teelogger" "github.com/kolide/launcher/pkg/osquery" + "github.com/kolide/launcher/pkg/osquery/runsimple" osqueryInstanceHistory "github.com/kolide/launcher/pkg/osquery/runtime/history" "github.com/kolide/launcher/pkg/rungroup" "github.com/kolide/launcher/pkg/service" @@ -476,23 +477,34 @@ func writePidFile(path string) error { // runOsqueryVersionCheck execs the osqueryd binary in the background when we're running // on darwin. Operating on our theory that some startup delay issues for osquery might // be due to the notarization check taking too long, we execute the binary here ahead -// of time in the hopes of getting the check out of the way. +// of time in the hopes of getting the check out of the way. This is expected to be called +// from a goroutine, and thus does not return an error. func runOsqueryVersionCheck(ctx context.Context, logger log.Logger, osquerydPath string) { if runtime.GOOS != "darwin" { return } + logger = log.With(logger, "component", "osquery-version-check") + + var output bytes.Buffer + + osq, err := runsimple.NewOsqueryProcess(osquerydPath, runsimple.WithStdout(&output)) + if err != nil { + level.Error(logger).Log("msg", "unable to create process", "err", err) + return + } + + // This has a somewhat long timeout, in case there's a notarization fetch versionCtx, versionCancel := context.WithTimeout(ctx, 30*time.Second) defer versionCancel() - versionCmd := exec.CommandContext(versionCtx, osquerydPath, "--version") - startTime := time.Now().UnixMilli() - out, err := versionCmd.CombinedOutput() + + osqErr := osq.RunVersion(versionCtx) executionTimeMs := time.Now().UnixMilli() - startTime - outTrimmed := strings.TrimSpace(string(out)) + outTrimmed := strings.TrimSpace(output.String()) - if err != nil { + if osqErr != nil { level.Error(logger).Log("msg", "could not check osqueryd version", "output", outTrimmed, "err", err, "execution_time_ms", executionTimeMs) return }