Remove UseTufAutoupdater flag; always use new autoupdater

cmd/launcher/launcher.go

@@ -3,7 +3,6 @@ package main
 import (
 	"bytes"
 	"context"
-	"crypto/tls"
 	"crypto/x509"
 	"errors"
 	"fmt"
@@ -20,11 +19,9 @@ import (
 	"github.com/apache/thrift/lib/go/thrift"
 	"github.com/go-kit/kit/log"
 	"github.com/kolide/kit/fsutil"
-	"github.com/kolide/kit/logutil"
 	"github.com/kolide/kit/ulid"
 	"github.com/kolide/kit/version"
 	"github.com/kolide/launcher/cmd/launcher/internal"
-	"github.com/kolide/launcher/cmd/launcher/internal/updater"
 	"github.com/kolide/launcher/ee/agent"
 	"github.com/kolide/launcher/ee/agent/flags"
 	"github.com/kolide/launcher/ee/agent/knapsack"
@@ -45,7 +42,6 @@ import (
 	"github.com/kolide/launcher/ee/powereventwatcher"
 	"github.com/kolide/launcher/ee/tuf"
 	"github.com/kolide/launcher/pkg/augeas"
-	"github.com/kolide/launcher/pkg/autoupdate"
 	"github.com/kolide/launcher/pkg/backoff"
 	"github.com/kolide/launcher/pkg/contexts/ctxlog"
 	"github.com/kolide/launcher/pkg/debug"
@@ -251,18 +247,6 @@ func runLauncher(ctx context.Context, cancel func(), multiSlogger, systemMultiSl
 	}
 	defer s.Close()
 
-	// construct the appropriate http client based on security settings
-	httpClient := http.DefaultClient
-	if k.InsecureTLS() {
-		httpClient = &http.Client{
-			Transport: &http.Transport{
-				TLSClientConfig: &tls.Config{
-					InsecureSkipVerify: true,
-				},
-			},
-		}
-	}
-
 	// If we have successfully opened the DB, and written a pid,
 	// we expect we're live. Record the version for osquery to
 	// pickup
@@ -528,65 +512,6 @@ func runLauncher(ctx context.Context, cancel func(), multiSlogger, systemMultiSl
 		}
 	}
 
-	// Run the legacy autoupdater only if autoupdating is enabled and the new autoupdater
-	// is not yet in use.
-	if k.Autoupdate() && !k.UseTUFAutoupdater() {
-		osqueryUpdaterconfig := &updater.UpdaterConfig{
-			Logger:             logger,
-			RootDirectory:      rootDirectory,
-			AutoupdateInterval: k.AutoupdateInterval(),
-			UpdateChannel:      autoupdate.UpdateChannel(k.UpdateChannel()),
-			NotaryURL:          k.NotaryServerURL(),
-			MirrorURL:          k.MirrorServerURL(),
-			NotaryPrefix:       k.NotaryPrefix(),
-			HTTPClient:         httpClient,
-			InitialDelay:       k.AutoupdateInitialDelay() + k.AutoupdateInterval()/2,
-			SigChannel:         sigChannel,
-		}
-
-		// create an updater for osquery
-		osqueryLegacyUpdater, err := updater.NewUpdater(ctx, opts.OsquerydPath, osqueryRunner.Restart, osqueryUpdaterconfig)
-		if err != nil {
-			return fmt.Errorf("create osquery updater: %w", err)
-		}
-		runGroup.Add("osqueryLegacyAutoupdater", osqueryLegacyUpdater.Execute, osqueryLegacyUpdater.Interrupt)
-
-		launcherUpdaterconfig := &updater.UpdaterConfig{
-			Logger:             logger,
-			RootDirectory:      rootDirectory,
-			AutoupdateInterval: k.AutoupdateInterval(),
-			UpdateChannel:      autoupdate.UpdateChannel(k.UpdateChannel()),
-			NotaryURL:          k.NotaryServerURL(),
-			MirrorURL:          k.MirrorServerURL(),
-			NotaryPrefix:       k.NotaryPrefix(),
-			HTTPClient:         httpClient,
-			InitialDelay:       k.AutoupdateInitialDelay(),
-			SigChannel:         sigChannel,
-		}
-
-		// create an updater for launcher
-		launcherPath, err := os.Executable()
-		if err != nil {
-			logutil.Fatal(logger, "err", err)
-		}
-		launcherLegacyUpdater, err := updater.NewUpdater(
-			ctx,
-			launcherPath,
-			updater.UpdateFinalizer(logger, func() error {
-				// stop desktop on auto updates
-				if runner != nil {
-					runner.Interrupt(nil)
-				}
-				return osqueryRunner.Shutdown()
-			}),
-			launcherUpdaterconfig,
-		)
-		if err != nil {
-			return fmt.Errorf("create launcher updater: %w", err)
-		}
-		runGroup.Add("launcherLegacyAutoupdater", launcherLegacyUpdater.Execute, launcherLegacyUpdater.Interrupt)
-	}
-
 	startupSpan.End()
 
 	if err := runGroup.Run(); err != nil {

cmd/launcher/main.go

@@ -58,28 +58,7 @@ func main() {
 	// fork-bombing itself. This is an ENV, because there's no
 	// good way to pass it through the flags.
 	if !env.Bool("LAUNCHER_SKIP_UPDATES", false) {
-		if tuf.ShouldUseNewAutoupdater(ctx) {
-			runNewerLauncherIfAvailable(ctx, logger)
-		} else {
-			newerBinary, err := autoupdate.FindNewestSelf(ctx)
-			if err != nil {
-				logutil.Fatal(logger, err, "checking for updated version")
-			}
-
-			if newerBinary != "" {
-				level.Debug(logger).Log(
-					"msg", "preparing to exec new binary",
-					"oldVersion", version.Version().Version,
-					"newBinary", newerBinary,
-				)
-				if err := execwrapper.Exec(ctx, newerBinary, os.Args, os.Environ()); err != nil {
-					logutil.Fatal(logger, err, "exec")
-				}
-				panic("how")
-			}
-
-			level.Debug(logger).Log("msg", "Nothing new")
-		}
+		runNewerLauncherIfAvailable(ctx, logger)
 	}
 
 	// if the launcher is being ran with a positional argument,

ee/agent/flags/flag_controller.go

@@ -500,15 +500,6 @@ func (fc *FlagController) UpdateDirectory() string {
 	).get(fc.getControlServerValue(keys.UpdateDirectory))
 }
 
-func (fc *FlagController) SetUseTUFAutoupdater(enabled bool) error {
-	return fc.setControlServerValue(keys.UseTUFAutoupdater, boolToBytes(enabled))
-}
-func (fc *FlagController) UseTUFAutoupdater() bool {
-	return NewBoolFlagValue(
-		WithDefaultBool(false),
-	).get(fc.getControlServerValue(keys.UseTUFAutoupdater))
-}
-
 func (fc *FlagController) SetExportTraces(enabled bool) error {
 	return fc.setControlServerValue(keys.ExportTraces, boolToBytes(enabled))
 }

ee/agent/flags/keys/keys.go

@@ -43,7 +43,6 @@ const (
 	MirrorServerURL                 FlagKey = "mirror_url"
 	AutoupdateInterval              FlagKey = "autoupdate_interval"
 	UpdateChannel                   FlagKey = "update_channel"
-	UseTUFAutoupdater               FlagKey = "use_tuf_autoupdater"
 	NotaryPrefix                    FlagKey = "notary_prefix"
 	AutoupdateInitialDelay          FlagKey = "autoupdater_initial_delay"
 	UpdateDirectory                 FlagKey = "update_directory"

ee/agent/startupsettings/writer.go

@@ -8,7 +8,6 @@ import (
 	"fmt"
 	"log/slog"
 
-	"github.com/kolide/launcher/ee/agent/flags"
 	"github.com/kolide/launcher/ee/agent/flags/keys"
 	agentsqlite "github.com/kolide/launcher/ee/agent/storage/sqlite"
 	"github.com/kolide/launcher/ee/agent/types"
@@ -38,8 +37,7 @@ func OpenWriter(ctx context.Context, knapsack types.Knapsack) (*startupSettingsW
 		kvStore:  store,
 		knapsack: knapsack,
 		storedFlags: map[keys.FlagKey]func() string{
-			keys.UpdateChannel:     func() string { return knapsack.UpdateChannel() },
-			keys.UseTUFAutoupdater: func() string { return flags.BoolToString(knapsack.UseTUFAutoupdater()) },
+			keys.UpdateChannel: func() string { return knapsack.UpdateChannel() },
 		},
 	}
 

ee/agent/startupsettings/writer_test.go

@@ -5,7 +5,6 @@ import (
 	"testing"
 
 	_ "github.com/golang-migrate/migrate/v4/database/sqlite"
-	"github.com/kolide/launcher/ee/agent/flags"
 	"github.com/kolide/launcher/ee/agent/flags/keys"
 	agentsqlite "github.com/kolide/launcher/ee/agent/storage/sqlite"
 	typesmocks "github.com/kolide/launcher/ee/agent/types/mocks"
@@ -22,10 +21,8 @@ func TestOpenWriter_NewDatabase(t *testing.T) {
 	k := typesmocks.NewKnapsack(t)
 	k.On("RootDirectory").Return(testRootDir)
 	k.On("RegisterChangeObserver", mock.Anything, keys.UpdateChannel)
-	k.On("RegisterChangeObserver", mock.Anything, keys.UseTUFAutoupdater)
 	updateChannelVal := "stable"
 	k.On("UpdateChannel").Return(updateChannelVal)
-	k.On("UseTUFAutoupdater").Return(false)
 
 	// Set up storage db, which should create the database and set all flags
 	s, err := OpenWriter(context.TODO(), k)
@@ -35,9 +32,6 @@ func TestOpenWriter_NewDatabase(t *testing.T) {
 	v1, err := s.kvStore.Get([]byte(keys.UpdateChannel.String()))
 	require.NoError(t, err, "getting startup value")
 	require.Equal(t, updateChannelVal, string(v1), "incorrect flag value")
-	v2, err := s.kvStore.Get([]byte(keys.UseTUFAutoupdater.String()))
-	require.NoError(t, err, "getting startup value")
-	require.False(t, flags.StringToBool(string(v2)), "incorrect flag value")
 
 	require.NoError(t, s.Close(), "closing startup db")
 }
@@ -50,28 +44,22 @@ func TestOpenWriter_DatabaseAlreadyExists(t *testing.T) {
 	store, err := agentsqlite.OpenRW(context.TODO(), testRootDir, agentsqlite.StartupSettingsStore)
 	require.NoError(t, err, "getting connection to test db")
 	require.NoError(t, store.Set([]byte(keys.UpdateChannel.String()), []byte("some_old_value")), "setting key")
-	require.NoError(t, store.Set([]byte(keys.UseTUFAutoupdater.String()), []byte(flags.BoolToString(false))), "setting key")
 
 	// Confirm flags were set
 	v1, err := store.Get([]byte(keys.UpdateChannel.String()))
 	require.NoError(t, err, "getting startup value")
 	require.Equal(t, "some_old_value", string(v1), "incorrect flag value")
-	v2, err := store.Get([]byte(keys.UseTUFAutoupdater.String()))
-	require.NoError(t, err, "getting startup value")
-	require.False(t, flags.StringToBool(string(v2)), "incorrect flag value")
 
 	require.NoError(t, store.Close(), "closing setup connection")
 
 	// Set up dependencies
 	k := typesmocks.NewKnapsack(t)
 	k.On("RootDirectory").Return(testRootDir)
 	k.On("RegisterChangeObserver", mock.Anything, keys.UpdateChannel)
-	k.On("RegisterChangeObserver", mock.Anything, keys.UseTUFAutoupdater)
 
 	// Set up flag
 	updateChannelVal := "alpha"
 	k.On("UpdateChannel").Return(updateChannelVal)
-	k.On("UseTUFAutoupdater").Return(true)
 
 	// Set up storage db, which should create the database and set all flags
 	s, err := OpenWriter(context.TODO(), k)
@@ -81,9 +69,6 @@ func TestOpenWriter_DatabaseAlreadyExists(t *testing.T) {
 	v1, err = s.kvStore.Get([]byte(keys.UpdateChannel.String()))
 	require.NoError(t, err, "getting startup value")
 	require.Equal(t, updateChannelVal, string(v1), "incorrect flag value")
-	v2, err = s.kvStore.Get([]byte(keys.UseTUFAutoupdater.String()))
-	require.NoError(t, err, "getting startup value")
-	require.True(t, flags.StringToBool(string(v2)), "incorrect flag value")
 
 	require.NoError(t, s.Close(), "closing startup db")
 }
@@ -96,11 +81,8 @@ func TestFlagsChanged(t *testing.T) {
 	k := typesmocks.NewKnapsack(t)
 	k.On("RootDirectory").Return(testRootDir)
 	k.On("RegisterChangeObserver", mock.Anything, keys.UpdateChannel)
-	k.On("RegisterChangeObserver", mock.Anything, keys.UseTUFAutoupdater)
 	updateChannelVal := "beta"
 	k.On("UpdateChannel").Return(updateChannelVal).Once()
-	useTufAutoupdaterVal := true
-	k.On("UseTUFAutoupdater").Return(useTufAutoupdaterVal).Once()
 
 	// Set up storage db, which should create the database and set all flags
 	s, err := OpenWriter(context.TODO(), k)
@@ -110,24 +92,16 @@ func TestFlagsChanged(t *testing.T) {
 	v1, err := s.kvStore.Get([]byte(keys.UpdateChannel.String()))
 	require.NoError(t, err, "getting startup value")
 	require.Equal(t, updateChannelVal, string(v1), "incorrect flag value")
-	v2, err := s.kvStore.Get([]byte(keys.UseTUFAutoupdater.String()))
-	require.NoError(t, err, "getting startup value")
-	require.Equal(t, useTufAutoupdaterVal, flags.StringToBool(string(v2)), "incorrect flag value")
 
 	// Now, prepare for flag changes
 	newFlagValue := "alpha"
 	k.On("UpdateChannel").Return(newFlagValue).Once()
-	newUseTufAutoupdaterVal := false
-	k.On("UseTUFAutoupdater").Return(newUseTufAutoupdaterVal).Once()
 
 	// Call FlagsChanged and expect that all flag values are updated
 	s.FlagsChanged(keys.UpdateChannel)
 	v1, err = s.kvStore.Get([]byte(keys.UpdateChannel.String()))
 	require.NoError(t, err, "getting startup value")
 	require.Equal(t, newFlagValue, string(v1), "incorrect flag value")
-	v2, err = s.kvStore.Get([]byte(keys.UseTUFAutoupdater.String()))
-	require.NoError(t, err, "getting startup value")
-	require.Equal(t, newUseTufAutoupdaterVal, flags.StringToBool(string(v2)), "incorrect flag value")
 
 	require.NoError(t, s.Close(), "closing startup db")
 }

ee/agent/types/flags.go

@@ -185,10 +185,6 @@ type Flags interface {
 	SetUpdateDirectory(directory string) error
 	UpdateDirectory() string
 
-	// UseTUFAutoupdater controls whether launcher uses the new TUF autoupdater instead of the legacy autoupdater
-	SetUseTUFAutoupdater(enabled bool) error
-	UseTUFAutoupdater() bool
-
 	// ExportTraces enables exporting our traces
 	SetExportTraces(enabled bool) error
 	SetExportTracesOverride(value bool, duration time.Duration)

ee/tuf/autoupdate.go

@@ -418,12 +418,6 @@ func (ta *TufAutoupdater) checkForUpdate(binariesToCheck []autoupdatableBinary)
 		return fmt.Errorf("could not download updates: %+v", updateErrors)
 	}
 
-	// Only perform restarts if we're configured to use this new autoupdate library,
-	// to prevent performing unnecessary restarts.
-	if !ta.knapsack.UseTUFAutoupdater() {
-		return nil
-	}
-
 	// If launcher was updated, we want to exit and reload
 	if updatedVersion, ok := updatesDownloaded[binaryLauncher]; ok {
 		// Only reload if we're not using a localdev path