AUTH-2712 added MSI build for a windows agent

Author: Dalton Cherry

.gitignore

@@ -11,6 +11,7 @@ cscope.*
 cloudflared
 cloudflared.pkg
 cloudflared.exe
+cloudflared.msi
 !cmd/cloudflared/
 .DS_Store
 *-session.log

.teamcity/build-macos.sh

@@ -13,9 +13,97 @@ export GO111MODULE=on
 # build 'cloudflared-darwin-amd64.tgz'
 mkdir -p artifacts
 FILENAME="$(pwd)/artifacts/cloudflared-darwin-amd64.tgz"
+PKGNAME="$(pwd)/artifacts/cloudflared-amd64.pkg"
+TARGET_DIRECTORY=".build"
+BINARY_NAME="cloudflared"
+VERSION=$(git describe --tags --always --dirty="-dev")
+PRODUCT="cloudflared"
+CODE_SIGN_PRIV="code_sign.pk12"
+CODE_SIGN_CERT="code_sign.cer"
+INSTALLER_PRIV="installer.pk12"
+INSTALLER_CERT="installer.cer"
 export PATH="$PATH:/usr/local/bin"
 mkdir -p ../src/github.com/cloudflare/    
 cp -r . ../src/github.com/cloudflare/cloudflared
 cd ../src/github.com/cloudflare/cloudflared 
 GOCACHE="$PWD/../../../../" GOPATH="$PWD/../../../../" CGO_ENABLED=1 make cloudflared
-tar czf "$FILENAME" cloudflared
+
+# Add code signing private key to the key chain
+if [[ -z "${CFD_CODE_SIGN_KEY}" ]]; then
+  # write private key to disk and then import it keychain
+  echo -n -e ${CFD_CODE_SIGN_KEY} | base64 -D > ${CODE_SIGN_PRIV}
+  security import ${CODE_SIGN_PRIV} -A -P "${CFD_CODE_SIGN_PASS}"
+  rm ${CODE_SIGN_PRIV}
+else
+  exit 1
+fi
+
+# Add code signing certificate to the key chain
+if [[ -z "${CFD_CODE_SIGN_CERT}" ]]; then
+  # write certificate to disk and then import it keychain
+  echo -n -e ${CFD_CODE_SIGN_CERT} | base64 -D > ${CODE_SIGN_CERT}
+  security import ${CODE_SIGN_CERT}
+  rm ${CODE_SIGN_CERT}
+else
+  exit 1
+fi
+
+# Add package signing private key to the key chain
+if [[ -z "${CFD_INSTALLER_KEY}" ]]; then
+  # write private key to disk and then import it into the keychain
+  echo -n -e ${CFD_INSTALLER_KEY} | base64 -D > ${INSTALLER_PRIV}
+  security import ${INSTALLER_PRIV} -A -P "${CFD_INSTALLER_PASS}"
+  rm ${INSTALLER_PRIV}
+else
+  exit 1
+fi
+
+# Add package signing certificate to the key chain
+if [[ -z "${CFD_INSTALLER_CERT}" ]]; then
+  # write certificate to disk and then import it keychain
+  echo -n -e ${CFD_INSTALLER_CERT} | base64 -D > ${INSTALLER_CERT}
+  security import ${INSTALLER_CERT}
+  rm ${INSTALLER_CERT}
+else
+  exit 1
+fi
+
+# get the code signing certificate name
+if [[ -z "${CFD_CODE_SIGN_NAME}" ]]; then
+  CODE_SIGN_NAME=$(security find-identity -v | cut -d'"' -f 2 -s | grep "Developer ID Application:")
+else
+  CODE_SIGN_NAME="${CFD_CODE_SIGN_NAME}"
+fi
+
+# get the package signing certificate name
+if [[ -z "${CFD_INSTALLER_NAME}" ]]; then
+  PKG_SIGN_NAME=$(security find-identity -v | cut -d'"' -f 2 -s | grep "Developer ID Installer:")
+else
+  PKG_SIGN_NAME="${CFD_INSTALLER_NAME}"
+fi
+
+# sign the cloudflared binary
+codesign -s "${CODE_SIGN_NAME}" -f -v --timestamp --options runtime ${BINARY_NAME}
+
+# creating build directory
+mkdir ${TARGET_DIRECTORY}
+mkdir ${TARGET_DIRECTORY}/contents
+cp -r .mac_resources/scripts ${TARGET_DIRECTORY}/scripts
+
+# copy cloudflared into the build directory
+cp ${BINARY_NAME} {$TARGET_DIRECTORY}/contents/${PRODUCT}
+
+# compress cloudflared into a tar and gzipped file
+tar czf "$FILENAME" ${BINARY_NAME}
+
+# build the installer package
+pkgbuild --identifier com.cloudflare.${PRODUCT} \
+    --version ${VERSION} \
+    --scripts ${TARGET_DIRECTORY}/scripts \
+    --root ${TARGET_DIRECTORY}/contents \
+    --install-location /usr/local/bin \
+    --sign "${PKG_SIGN_NAME}" \
+    ${PKGNAME}
+
+# cleaning up the build directory
+rm -rf $TARGET_DIRECTORY

Makefile

@@ -1,6 +1,9 @@
-VERSION       := $(shell git describe --tags --always --dirty="-dev")
+VERSION       := $(shell git describe --tags --always --dirty="-dev" --exclude "w*")
 DATE          := $(shell date -u '+%Y-%m-%d-%H%M UTC')
 VERSION_FLAGS := -ldflags='-X "main.Version=$(VERSION)" -X "main.BuildTime=$(DATE)"'
+MSI_VERSION   := $(shell git tag -l --sort=v:refname | grep "w" | tail -1 | cut -c2-)
+#MSI_VERSION expects the format of the tag to be: (wX.X.X). Starts with the w character to not break cfsetup. 
+#e.g. w3.0.1 or w4.2.10. It trims off the w character when creating the MSI.
 
 IMPORT_PATH   := github.com/cloudflare/cloudflared
 PACKAGE_DIR   := $(CURDIR)/packaging
@@ -22,6 +25,8 @@ ifneq ($(GOARCH),)
     TARGET_ARCH ?= $(GOARCH)
 else ifeq ($(LOCAL_ARCH),x86_64)
     TARGET_ARCH ?= amd64
+else ifeq ($(LOCAL_ARCH),i686)
+    TARGET_ARCH ?= amd64
 else ifeq ($(shell echo $(LOCAL_ARCH) | head -c 5),armv8)
     TARGET_ARCH ?= arm64
 else ifeq ($(LOCAL_ARCH),aarch64)
@@ -158,3 +163,7 @@ vet:
 	go vet -mod=vendor ./...
 	which go-sumtype  # go get github.com/BurntSushi/go-sumtype
 	go-sumtype $$(go list -mod=vendor ./...)
+
+.PHONY: msi
+msi: cloudflared
+	go-msi make --msi cloudflared.msi --version $(MSI_VERSION)

cmd/cloudflared/windows_service.go

@@ -150,12 +150,11 @@ func (s *windowsService) Execute(serviceArgs []string, r <-chan svc.ChangeReques
 			switch c.Cmd {
 			case svc.Interrogate:
 				statusChan <- c.CurrentStatus
-			case svc.Stop:
+			case svc.Stop, svc.Shutdown:
 				close(s.graceShutdownC)
+				statusChan <- svc.Status{State: svc.Stopped, Accepts: cmdsAccepted}
 				statusChan <- svc.Status{State: svc.StopPending}
-			case svc.Shutdown:
-				close(s.shutdownC)
-				statusChan <- svc.Status{State: svc.StopPending}
+				return
 			default:
 				elog.Error(1, fmt.Sprintf("unexpected control request #%d", c))
 			}