I'm working on a library called convox_installer
, which I use to help customers install DocSpring enterprise on their own servers. This library provides a Ruby DSL that wraps the Convox CLI, so I use this to provide customers with a simple script that sets up Convox and get the DocSpring application running (including databases, S3 buckets, etc.)
This script was originally written for an older version of Convox (v2.) Convox v2 only supported AWS, and it used AWS ECS to manage Docker containers. Convox v3 was rewritten to use Kubernetes, and it supports multiple cloud providers (AWS, Google Cloud, Azure, etc.)
When I was working with the Convox v2 CLI, I noticed that it wrote and read configuration files in my user directory, such as ~/.convox/host
and ~/.convox/auth
. When I started working with the Convox v3 CLI, I saw that these files were no longer used, so I wondered what had happened. Where was the Convox CLI now storing the authentication details for each rack?
To figure this out, I used the dtruss
command. There are a number of tracing tools for UNIX systems (including Linux and MacOS). These tools include strace
, ptrace
, dtrace
, dtruss
. I won't get into all the differences here (and I don't really know much about these myself), but dtruss
does the job for MacOS Big Sur 11.6.4 (at the time of writing.)
I chose to trace the convox login
command, since this command checks saved authentication details and tries to authenticate with the Convox console servers.
When you run a program using dtruss
, it prints out all of the system calls that were made while executing the program. When a program opens a file, the output will look something like this:
open("/dev/dtracehelper\0", 0x2, 0x0) = 3 0
So we just need to look for any lines starting with open(
. We can do this by using grep
. The dtruss
logs are printed to stderr (not stdout), so we need to redirect stderr to stdout using 2>&1
before we filter the logs using grep
.
Here is the command I ran to trace convox login
using dtruss
, and see a list of files that were opened while convox login
was running:
sudo dtruss convox login 2>&1 | grep "open("
Here's the output:
$ sudo dtruss convox login 2>&1 | grep "open("
open("/dev/dtracehelper\0", 0x2, 0x0) = 3 0
shm_open(0x7FFF204F1F66, 0x0, 0x204F0CBB) = 3 0
open("/usr/local/bin/convox\0", 0x0, 0x0) = 3 0
open("/dev/urandom\0", 0x0, 0x0) = 3 0
open("/dev/urandom\0", 0x0, 0x0) = 3 0
open(".env\0", 0x1000000, 0x0) = -1 2
open("/dev/null\0", 0x1000000, 0x0) = 3 0
open("/dev/urandom\0", 0x1000000, 0x0) = 7 0
open("/Users/ndbroadbent/Library/Preferences/convox/auth\0", 0x1000000, 0x0) = 8 0
shm_open(0x7FFF22E8E088, 0x0, 0x0) = 8 0
open("/Library/Preferences/com.apple.networkd.plist\0", 0x0, 0x0) = -1 2
open("/Library/Preferences/com.apple.networkd.plist\0", 0x0, 0x0) = -1 2
open("/usr/local/bin\0", 0x0, 0x0) = 8 0
open("/usr/local/bin/Info.plist\0", 0x0, 0x0) = -1 2
necp_open(0x0, 0x0, 0x0) = 8 0
And there's the answer: /Users/ndbroadbent/Library/Preferences/convox/auth
The Convox v3 CLI was using some similar configuration files, but they had moved from /Users/ndbroadbent/.convox/*
to /Users/ndbroadbent/Library/Preferences/convox/*
If you're reading this post then you might be trying to do something similar. If that's the case, then I hope you find what you're looking for!