tpkg

Application packaging and deployment


Tpkg includes a reporting server written in Ruby on Rails. The reporting server is completely optional, the client will only report to it if configured to do so. The server tracks which packages are installed and which machines they are installed on, so that if your security team wants to know who's running the vulnerable 1.57 version of widgetapp you can check in a central location. If you want to start up the reporting app here's how to do so:

  • Install SQLite
    • Red Hat: yum install sqlite
    • Mac OS X 10.5: Comes with the OS
    • Debian: apt-get install sqlite3 libsqlite3-dev
    • OpenSuSE: Install following packages with Yast: sqlite3, sqlite3-devel
    • FreeBSD: pkg_add -r sqlite3
  • Install Ruby
    • Red Hat: yum install ruby ruby-ri ruby-devel
    • Mac OS X 10.5: Comes with the OS
    • Debian: apt-get install ruby ruby-dev rake
    • FreeBSD: pkg_add -r ruby
  • Install Ruby Gems
    • Red Hat: RPM available from Extra Packages for Enterprise Linux (EPEL)
    • Mac OS X 10.5: Comes with the OS
    • Debian: apt-get install rubygems
    • OpenSuse: Install with Yast: rubygems
      • then in a shell (as "root"):
      • gem update --system
      • (if it fails, try: gem install rubygems-update; update_rubygems)
      • gem update
    • FreeBSD: pkg_add -r ruby18-gems
    • Others: Download and install from main site: http://docs.rubygems.org/read/chapter/3
  • gem install rails -v 2.2.2
  • gem install mongrel
  • gem install sqlite3-ruby
  • Download the tpkg server and unpack it
  • Create database:
    • cd tpkg/server && rake db:migrate
  • Start the server:
    • cd tpkg/server && ruby script/server

At this point you should be able to connect to http://localhost:3000/ and see the tpkg dashboard. Check the dashboard after you've run tpkg on a client and see the results that the client reported.

The reporting server also provides an interface for accepting package file uploads. The interface is accessible at http://localhost:3000/uploads/new. You can either upload there via a web-browser, or via a CLI that we provide tpkg_uploader. By default, uploaded files are saved in /tmp/repo. Once the files are uploaded to your desired location, you can set up a package server to serve out those files.

Configuring the Reporting Server

To configure the reporting server, edit the content of config/configuration_manager.yml. This configuration file is written using the format of the wonsys's configuration_manager rails plugin. See http://github.com/wonsys/configuration_manager for more details on how to set up such config file.

Here's the explanation for the important configuration settings:

  • authentication_method: restful-authentication
    • By default, we use the restful-authentication plugin for handling user authentication. If you implemented your own authentication system, use this flag to indicate which system you want to use.
  • upload_path: /tmp/repo/
    • Where uploaded files are saved.
  • verify_upload: true
    • Whether or not to verify the uploaded file is a valid package created by tpkg. If set to true, you also need to install tpkg client/lib.
View on GitHub