[v18] Connect: dual installer mode on Windows, updates config in system registry, privileged updater service, no downgrade policy#65173
Open
gzdunek wants to merge 11 commits intobranch/v18from
Conversation
* Extract reusable function for service installation * Move `install_service_windows.go` to `lib/windowsservice` * Reintroduce `vnet/install_service_windows.go` * Make service runner reusable * Add missing service description and returns on error * Log service name when installing/uninstalling * Rename files * Put `err` first (cherry picked from commit 845caf9)
* Switch installer to dual-mode * Customize NSIS updater to disallow attempts to update per-machine installations if update is triggered from per-user instance * Make `assertTshInProgramFiles` more strict Reading Program Files path should be done using Windows API instead of env var that can be overridden. * Add RPC to check if VNet service is installed * Show warning and disable auto-start if there is no VNet service * `GetWindowsSystemService` -> `CheckPreRunRequirements` * `CheckPreRunRequirements` -> `CheckInstallTimeRequirements` * Customize `forAll` option with VNet message * Check for per-machine installation in system registry * Fix vars with PreRun in the name * Link to source file from the electron-builder repo, add commit hash * Read per-machine location from Go instead of via PowerShell * `IsPerMachineInstallResponse` -> `GetInstallationMetadataResponse` * Define `GetInstallationMetadata` handler in separate file * Fix tests failing on "updates not wrapped into act" (cherry picked from commit 336379e)
…63281) * Replace `GetDownloadBaseUrl` RPC with `GetConfig` * Implement reading ToolsVersion and CdnBaseUrl from system registry * Read values from `getConfig()` instead of `getDownloadBaseUrl` and `process.env` * Use UAC updater when app is configured with env vars * Fix typos * Handle tools version being 'off' * Safely read values from `GetConfigResponse` * Fix ordering in proto * Non-official -> Unofficial * Add TODO about docs * Use switch-case instead of if-else * Bring back if-else (cherry picked from commit 34c0795)
* Disallow downgrades * Improve "update-not-available" state * Fix title casing * Add test for downgrades * Ensure app version is greater than update version in test * Bring back `UpdateInfo` interface to avoid unnecessary conflicts with other PRs (cherry picked from commit 6b70cbf)
* Add privileged updater service * Add integration tests for updater * Review fixes * Move privileged updater to its own module * Fix comments * Interpolate registry pathnames, switch errors to AccessDenied * Improve error handling in `waitForSingleClient` * Use stricter DACL for named pipe * Close `conn` on context cancellation * Move reading update meta to separate function * `trace.LimitExceeded` -> `trace.Errorf` * Fix test * Ensure updater only allows HTTPS * Use TLS server in tests * Fix tests (cherry picked from commit ad36d4e)
…cation (#63573) * Add service commands to tsh * Install updater service and run updates through it * Add signature verification * Disable CTMU for `tsh.exe connect-updater-install-update` * Force install mode when migrating from one-click to assisted multi-user * Spawn `tsh.exe connect-updater-install-update` synchronously and catch errors * Use single parent command, remove args from `service.Start` * Do not ignore error from closing handle * Grammar fixes * Use single command in installer.nsh too * Use `svc.IsWindowsService()` instead of `isWindowsService` * Switch from `CertCompareCertificateName` to comparing subject properties * Log certs if they don't match * Improve comment (cherry picked from commit b3adaff)
) * Add `VERSION_MISMATCH` status to `WindowsServiceStatus` * Show error in UI * Verify service compatibility with client * Fix outdated comment * Remove unnecessary stories * Move `VerifyServiceInstalledAndMatchesClient` to separate file (cherry picked from commit 030e483)
* Fix failing fresh silent NSIS installs * Ensure DACL is non-empty (cherry picked from commit 3c7d18d)
github-actions
Bot
added
backport
size/xl
tsh
* Connect: Improve docs about dual-mode installations * Fix path * Clarify app uninstalling (cherry picked from commit 328db2c)
ravicious
approved these changes
Apr 2, 2026
nklaassen
approved these changes
Apr 14, 2026
|
@gzdunek - this PR will require admin approval to merge due to its size. Consider breaking it up into a series smaller changes. |
1 similar comment
|
@gzdunek - this PR will require admin approval to merge due to its size. Consider breaking it up into a series smaller changes. |
zmb3
approved these changes
Apr 22, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backport #63132, #62910, #63281, #63187, #63572, #63573, #64438, #64754, #64905 (partially), #65170, #65267 (partially) to branch/v18
(separate changelog entries since multiline changelogs are not allowed)
changelog: Added support for both per-machine and per-user installations in Teleport Connect on Windows (Note: VNet is unavailable in per-user mode)
changelog: Enabled silent automatic updates for Teleport Connect per-machine installations on Windows; elevated privileges are now only required during the initial setup
changelog: Deprecated the
TELEPORT_CDN_BASE_URLandTELEPORT_TOOLS_VERSIONenvironment variables for configuring Teleport Connect Windows updates. These must now be managed via system policy registry keys underHKEY_LOCAL_MACHINEorHKEY_CURRENT_USER\SOFTWARE\Policies\Teleport\TeleportConnect. The environment variables are still read for compatibility, but per-machine updates may require UAC prompts until configuration is migrated to registry policy keyschangelog: Automatic updates in Teleport Connect no longer allow app version downgrades (applies to all platforms)
I was initially planning to merge it to v17 too but it would require backporting other PRs, like the one that switches VNet Service logs to Windows Event Viewer. It's probably not worth the effort, also because v17 goes EoL in ~ 4 months.
Manual Test Plan
Test Environment
A Windows computer, a dev build from this branch (18.7.0-dev.gzdunek.1).
Test Cases
TELEPORT_CDN_BASE_URLto the dev CDN. The app requests UAC and successfully updates to the new per-machine version.