Update download constraints

Handle versions better
Merge pull request #24 from Xboarder56/master
2025-09-22 21:11:14 +00:00 · 2024-05-08 22:54:06 -04:00 · 2024-05-08 22:48:51 -04:00 · 2024-04-24 21:00:54 -04:00 · 2024-04-24 14:57:27 -07:00 · 2024-04-24 14:56:10 -07:00
2 changed files with 15 additions and 5 deletions
--- a/10
+++ b/10
@@ -10,16 +10,16 @@ RUN chmod +x entrypoint && \
    mkdir -p /opt/velociraptor && \
    for i in linux mac windows; do mkdir -p /opt/velociraptor/$i; done && \
    # Get Velox binaries
-    WINDOWS_EXE=$(curl -s https://api.github.com/repos/velocidex/velociraptor/releases/latest | jq -r 'limit(1 ; ( .assets[].browser_download_url | select ( contains("windows-amd64.exe") )))')  && \
-    WINDOWS_MSI=$(curl -s https://api.github.com/repos/velocidex/velociraptor/releases/latest | jq -r 'limit(1 ; ( .assets[].browser_download_url | select ( contains("windows-amd64.msi") )))') && \
-    LINUX_BIN=$(curl -s https://api.github.com/repos/velocidex/velociraptor/releases/latest | jq -r 'limit(1 ; ( .assets[].browser_download_url | select ( contains("linux-amd64") )))') && \
-    MAC_BIN=$(curl -s https://api.github.com/repos/velocidex/velociraptor/releases/latest | jq -r 'limit(1 ; ( .assets[].browser_download_url | select ( contains("darwin-amd64") )))') && \
+    WINDOWS_EXE=$(curl -s https://api.github.com/repos/velocidex/velociraptor/releases/latest | jq -r 'limit(6 ; ( .assets[].browser_download_url | select ( contains("windows-amd64.exe") )))' | grep -vE '.sig' | tail -1) && \
+    WINDOWS_MSI=$(curl -s https://api.github.com/repos/velocidex/velociraptor/releases/latest | jq -r 'limit(6 ; ( .assets[].browser_download_url | select ( contains("windows-amd64.msi") )))' | grep -vE '.sig' | tail -1) && \
+    LINUX_BIN=$(curl -s  https://api.github.com/repos/velocidex/velociraptor/releases/latest | jq -r 'limit(6 ; ( .assets[].browser_download_url | select ( contains("linux-amd64") )))' | grep -vE "musl|sig" | sort | tail -1) && \
+    MAC_BIN=$(curl -s https://api.github.com/repos/velocidex/velociraptor/releases/latest | jq -r 'limit(1 ; ( .assets[].browser_download_url | select ( contains("darwin-amd64") )))' | grep -vE '.sig' | tail -1) && \
    wget -O /opt/velociraptor/linux/velociraptor "$LINUX_BIN" && \
    wget -O /opt/velociraptor/mac/velociraptor_client "$MAC_BIN" && \
    wget -O /opt/velociraptor/windows/velociraptor_client.exe "$WINDOWS_EXE" && \
    wget -O /opt/velociraptor/windows/velociraptor_client.msi "$WINDOWS_MSI" && \
    # Clean up 
-    apt-get remove -y --purge curl wget jq && \
+    apt-get remove -y --purge wget && \
    apt-get clean
 WORKDIR /velociraptor 
 CMD ["/entrypoint"]
--- a/10
+++ b/10
@@ -21,6 +21,16 @@ if [ ! -f server.config.yaml ]; then
 	./velociraptor --config server.config.yaml user add $VELOX_USER $VELOX_PASSWORD --role $VELOX_ROLE
 fi

+# Check Server Certificate Status, Re-generate if it's expiring in 24-hours or less
+if true | ./velociraptor --config server.config.yaml config show --json | jq -r .Frontend.certificate | openssl x509 -text -enddate -noout -checkend 86400 >/dev/null; then
+  echo "Skipping renewal, certificate is not expired"
+else
+  echo "Certificate is expired, rotating certificate."
+  ./velociraptor --config ./server.config.yaml config rotate_key > /tmp/server.config.yaml
+  cp ./server.config.yaml ./server.config.yaml.bak
+  mv /tmp/server.config.yaml /velociraptor/.
+fi
+
 # Re-generate client config in case server config changed
 ./velociraptor --config server.config.yaml config client > client.config.yaml
Author	SHA1	Message	Date
weslambert	355c73deb9	Update download constraints	2024-05-08 22:54:06 -04:00
weslambert	cd5e5ceb1b	Handle versions better	2024-05-08 22:48:51 -04:00
weslambert	150fdc5c91	Merge pull request #24 from Xboarder56/master add: certificate renewal support	2024-04-24 21:00:54 -04:00
Garrett Beasley	a1d60ecda3	add: jq/curl back for certificate renewal checks	2024-04-24 14:57:27 -07:00
Garrett Beasley	79319b614a	add: certificate renewal support	2024-04-24 14:56:10 -07:00