I'm working on a library called convox_installer, which I use to help customers install DocSpring enterprise on their own servers. This library provides a Ruby DSL that wraps the Convox CLI, so I use this to provide customers with a simple script that sets up Convox and get the DocSpring application running (including databases, S3 buckets, etc.)
DocSpringThis script was originally written for an older version of Convox (v2.) Convox v2 only supported AWS, and it used AWS ECS to manage Docker containers. Convox v3 was rewritten to use Kubernetes, and it supports multiple cloud providers (AWS, Google Cloud, Azure, etc.)
When I was working with the Convox v2 CLI, I noticed that it wrote and read configuration files in my user directory, such as ~/.convox/host and ~/.convox/auth. When I started working with the Convox v3 CLI, I saw that these files were no longer used, so I wondered what had happened. Where was the Convox CLI now storing the authentication details for each rack?
To figure this out, I used the dtruss command. There are a number of tracing tools for UNIX systems (including Linux and MacOS). These tools include strace, ptrace, dtrace, dtruss. I won't get into all the differences here (and I don't really know much about these myself), but dtruss does the job for MacOS Big Sur 11.6.4 (at the time of writing.)
I chose to trace the convox login command, since this command checks saved authentication details and tries to authenticate with the Convox console servers.
When you run a program using dtruss, it prints out all of the system calls that were made while executing the program. When a program opens a file, the output will look something like this:
open("/dev/dtracehelper\0", 0x2, 0x0) = 3 0So we just need to look for any lines starting with open(. We can do this by using grep. The dtruss logs are printed to stderr (not stdout), so we need to redirect stderr to stdout using 2>&1 before we filter the logs using grep.
Here is the command I ran to trace convox login using dtruss, and see a list of files that were opened while convox login was running:
sudo dtruss convox login 2>&1 | grep "open("Here's the output:
$ sudo dtruss convox login 2>&1 | grep "open("
open("/dev/dtracehelper\0", 0x2, 0x0) = 3 0
shm_open(0x7FFF204F1F66, 0x0, 0x204F0CBB) = 3 0
open("/usr/local/bin/convox\0", 0x0, 0x0) = 3 0
open("/dev/urandom\0", 0x0, 0x0) = 3 0
open("/dev/urandom\0", 0x0, 0x0) = 3 0
open(".env\0", 0x1000000, 0x0) = -1 2
open("/dev/null\0", 0x1000000, 0x0) = 3 0
open("/dev/urandom\0", 0x1000000, 0x0) = 7 0
open("/Users/ndbroadbent/Library/Preferences/convox/auth\0", 0x1000000, 0x0) = 8 0
shm_open(0x7FFF22E8E088, 0x0, 0x0) = 8 0
open("/Library/Preferences/com.apple.networkd.plist\0", 0x0, 0x0) = -1 2
open("/Library/Preferences/com.apple.networkd.plist\0", 0x0, 0x0) = -1 2
open("/usr/local/bin\0", 0x0, 0x0) = 8 0
open("/usr/local/bin/Info.plist\0", 0x0, 0x0) = -1 2
necp_open(0x0, 0x0, 0x0) = 8 0And there's the answer: /Users/ndbroadbent/Library/Preferences/convox/auth
The Convox v3 CLI was using some similar configuration files, but they had moved from /Users/ndbroadbent/.convox/* to /Users/ndbroadbent/Library/Preferences/convox/*
If you're reading this post then you might be trying to do something similar. If that's the case, then I hope you find what you're looking for!