From fabec23b378e6c63a58e80e33e03aaf8c72ff0d3 Mon Sep 17 00:00:00 2001
From: Josh Brower <Josh@Defensivedepth.com>
Date: Tue, 14 Apr 2020 16:42:25 -0400
Subject: [PATCH] osquery package versioning bugfix

---
 salt/fleet/event_gen-packages.sls |  7 +++++--
 salt/reactor/fleet.sls            | 10 ++++++----
 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/salt/fleet/event_gen-packages.sls b/salt/fleet/event_gen-packages.sls
index a5375675f..3119ada51 100644
--- a/salt/fleet/event_gen-packages.sls
+++ b/salt/fleet/event_gen-packages.sls
@@ -1,5 +1,6 @@
+{% set MASTER = salt['grains.get']('master') %}
 {% set ENROLLSECRET = salt['pillar.get']('secrets:fleet_enroll-secret') %}
-{% set CURRENTPACKAGEVERSION = salt['pillar.get']('static:fleet_package-version') %}
+{% set CURRENTPACKAGEVERSION = salt['pillar.get']('static:fleet_packages-version') %}
 
 so/fleet:
   event.send:
@@ -9,4 +10,6 @@ so/fleet:
         role: {{ grains.role }}
         mainip: {{ grains.host }}
         enroll-secret: {{ ENROLLSECRET }}
-        current-package-version: {{ CURRENTPACKAGEVERSION }}
\ No newline at end of file
+        current-package-version: {{ CURRENTPACKAGEVERSION }}
+        master: {{ MASTER }}
+        
\ No newline at end of file
diff --git a/salt/reactor/fleet.sls b/salt/reactor/fleet.sls
index ae9366251..fb2a71dec 100644
--- a/salt/reactor/fleet.sls
+++ b/salt/reactor/fleet.sls
@@ -13,7 +13,6 @@ def run():
   ROLE = data['data']['role']
   ESECRET = data['data']['enroll-secret']
   MAINIP = data['data']['mainip']
-  PACKAGEVERSION = data['data']['current-package-version']
 
   STATICFILE = '/opt/so/saltstack/pillar/static.sls'
   SECRETSFILE = '/opt/so/saltstack/pillar/secrets.sls'
@@ -21,7 +20,7 @@ def run():
   if MINIONID.split('_')[-1] in ['master','eval','fleet','mastersearch']:
     if ACTION == 'enablefleet':
       logging.info('so/fleet enablefleet reactor')
-      
+
       # Enable Fleet
       for line in fileinput.input(STATICFILE, inplace=True):
         if ROLE == 'so-fleet':
@@ -48,12 +47,15 @@ def run():
     if ACTION == 'genpackages':
       logging.info('so/fleet genpackages reactor')
 
+      PACKAGEVERSION = data['data']['current-package-version']
+      MASTER = data['data']['master']
+      
       # Increment the package version by 1
       PACKAGEVERSION += 1
 
       # Run Docker container that will build the packages
       gen_packages = subprocess.run(["docker", "run","--rm", "--mount", "type=bind,source=/opt/so/saltstack/salt/fleet/packages,target=/output", \
-         "--mount", "type=bind,source=/etc/ssl/certs/intca.crt,target=/var/launcher/launcher.crt", "docker.io/soshybridhunter/so-fleet-launcher:HH1.1.0", \
+         "--mount", "type=bind,source=/etc/ssl/certs/intca.crt,target=/var/launcher/launcher.crt", f"{ MASTER }:5000/soshybridhunter/so-fleet-launcher:HH1.2.1", \
          f"{ESECRET}", f"{HOSTNAME}:8090", f"{PACKAGEVERSION}.1.1"], stdout=subprocess.PIPE, encoding='ascii')  
       
       # Update the 'packages-built' timestamp on the webpage (stored in the static pillar)
@@ -63,7 +65,7 @@ def run():
 
         # Update the Fleet Osquery package version in the static pillar
       for line in fileinput.input(STATICFILE, inplace=True):
-        line = re.sub(r'fleet_package-version: \S*', f"fleet_package-version: {PACKAGEVERSION}", line.rstrip())
+        line = re.sub(r'fleet_packages-version: \S*', f"fleet_packages-version: {PACKAGEVERSION}", line.rstrip())
         print(line)
 
       # Copy over newly-built packages