This repository contains packaging scripts to convert a Kolide K2 Launcher Debian (.deb
) package into a clean Arch Linux package.
Kolide provides an endpoint security solution based on osquery. The managed Kolide K2 service integrates with Slack for easy set-up and also provides a dashboard for users.
The Kolide Slack app can give users a download link for a personalized installer package, the Kolide Launcher (source code). It contains:
osquery
itself- some
osquery
extensions - an auto-update mechanism
- configuration data
- a personal secret value to enroll a device
Note: NEVER share personal packages with others, since it contains a personal secret!
-
git clone
this repository -
Download the
.deb
package as a starting point:- Open a private chat with the Kolide Slack app
- Type
installers
- Download the
.deb
file
-
Move the
.deb
package into the repository worktree. -
Since each package has a unique name, create a symlink so that the packaging script knows which file to use:
ln -sf xkxp-*-kolide-launcher.deb kolide-k2-launcher.deb
-
Convert it into a personal Arch package:
makepkg --skipinteg
Note that skipping the usual file integrity checks is fine here: each
.deb
package is unique and contains a personal secret, so each cryptographic hash will be different. -
Install the resulting package:
sudo pacman -U kolide-k2-launcher-*.pkg.tar.zst
-
Yet another reminder: do not share this file with others!
-
Check that the
systemd
service is running:systemctl status kolide-k2-launcher.service
Note: unlike many other Arch packages, installing this package will automatically enable the
kolide-k2-launcher
systemd unit, which means it will immediately start, and will also automatically start on boot. You're most likely installing this package because of mandatory company policy anyway. This package will make your device compliant with the policy by default. -
Check the log output:
journalctl -f -u kolide-k2-launcher.service
The Linux installers come in Debian/Ubuntu and RPM flavours. There is no official Arch linux package.
While the Debian (.deb
) packaging for the Kolide K2 Launcher is mostly functional, the package itself is rather sloppy, and the RPM package is no different. Using a tool like debtap to convert it into an Arch package will result in an equally sloppy Arch package.
For instance, it pollutes the system with files in non-standard places such as /usr/local/kolide-k2
(application) and /var/kolide-k2
(state). This goes against common Linux packaging practices. The Arch package guidelines (and similar guidelines for other Linux distributions) make it very clear that packages should never install into /usr/local/
and that /var/lib/{pkg}
is the correct place for persistent application storage.
The packaging scripts do not change the application in any way, but the packaging is a lot more sensible:
- the application is installed into
/opt/kolide-k2/
- configuration data (including the secret) is stored in
/etc/kolide-k2/
- state is stored in
/var/lib/kolide-k2/
- the systemd service is named
kolide-k2-launcher
(instead oflauncher.kolide-k2
which is confusing and ugly)