From the root of the repository, run the following:
make deps
make package-builder
./build/package-builder --help
Assuming you have built the package-builder tool and the launcher binaries via make package-builder, you can create a set of launcher packages by using the package-builder make command. The only required parameter is --hostname. If you don't define an enrollment secret via --enroll_secret, then a blank enrollment secret will be used when connecting to the gRPC server defined by the supplied hostname.
./build/package-builder make --hostname=grpc.launcher.acme.biz:443 --enroll_secret=foobar123
If you'd like to customize the keys that are used to sign the enrollment secret and macOS package, consider the following usage:
./build/package-builder make \
--hostname=localhost:8082 \
--enroll_secret=foobar123 \
--osquery_version=stable \
--mac_package_signing_key="Developer ID Installer: Acme Inc (ABCDEF123456)"
The macOS package will install a LaunchDaemon that will connect the launcher to the server specified by the --hostname flag, using an enrollment secret specified by the --enroll_secret flag. The Linux packages will currently lay down the launcher and osquery binaries as well as the enrollment secret specified by the --enroll_secret flag.
If you would like the resultant launcher binary to be invoked with any of the following flags, include them with the invocation of package-builder:
--insecure--insecure_grpc--autoupdate--update_channel
For example, consider the following usage:
./build/package-builder make \
--hostname=localhost:8082 \
--enroll_secret=foobar123 \
--insecure \
--insecure_grpc \
--autoupdate \
--update_channel=nightly
By default, binaries will be installed to /usr/local/launcher/bin, configuration will be installed to /etc/launcher, logs will be outputted to /var/log/launcher, etc. If you'd like the launcher string to be something else (for example, your company name), you can use the --identifier flag to specify this value.