Adding upstream version 1.34.4.

Signed-off-by: Daniel Baumann <daniel@debian.org>

scripts/check-deps.sh

@@ -0,0 +1,94 @@
+#!/bin/bash
+
+tmpdir="$(mktemp -d)"
+
+cleanup() {
+	rm -rf "$tmpdir"
+}
+trap cleanup EXIT
+
+declare -a targets=(
+  "darwin/amd64"
+  "darwin/arm64"
+  "freebsd/amd64"
+  "freebsd/arm/7"
+  "freebsd/386"
+  "linux/amd64"
+  "linux/arm64/7"
+  "linux/arm/5"
+  "linux/arm/6"
+  "linux/386"
+  "linux/mips"
+  "linux/mipsle"
+  "linux/ppc64le"
+  "linux/riscv64"
+  "linux/s390x"
+  "windows/amd64"
+  "windows/arm64"
+  "windows/386"
+)
+
+for target in "${targets[@]}"; do
+  os="${target%%/*}"
+  rest="${target#*/}"
+
+  if [[ "$rest" == */* ]]; then
+    arch="${rest%%/*}"
+    arm="${rest#*/}"
+
+    echo "GOOS=${os} GOARCH=${arch} GOARM=${arm}"
+    CGO_ENABLED=0 GOOS=${os} GOARCH=${arch} GOARM=${arm} \
+      go list -f '{{with .Module}}{{.Path}}{{end}}' -deps ./cmd/telegraf >> "${tmpdir}/golist"
+  else
+    echo "GOOS=${os} GOARCH=${rest}"
+    CGO_ENABLED=0 GOOS=${os} GOARCH=${rest} \
+      go list -f '{{with .Module}}{{.Path}}{{end}}' -deps ./cmd/telegraf >> "${tmpdir}/golist"
+  fi
+done
+
+LC_ALL=C sort -u < "${tmpdir}/golist" | while IFS= read -r dep; do
+	case "${dep}" in
+		# ignore ourselves
+		github.com/influxdata/telegraf) continue;;
+
+		# go-autorest has a single license for all sub modules
+		github.com/Azure/go-autorest/autorest)
+			dep=github.com/Azure/go-autorest;;
+		github.com/Azure/go-autorest/*)
+			continue;;
+
+		# single license for all sub modules
+		cloud.google.com/go/*)
+			continue;;
+	esac
+
+	# Remove single and double digit version from path; these are generally not
+	# actual parts of the path and instead indicate a branch or tag.
+	#   example: github.com/influxdata/go-syslog/v2 -> github.com/influxdata/go-syslog
+	dep="${dep%%/v[0-9]}"
+	dep="${dep%%/v[0-9][0-9]}"
+
+	echo "${dep}" >> "${tmpdir}/HEAD"
+done
+
+# If there are two versions of a library that have the same base (like
+# github.com/foo/bar github.com/foo/bar/v3) there will be a duplicate
+# in the list.  Remove duplicates again.
+mv "${tmpdir}/HEAD" "${tmpdir}/HEAD-dup"
+uniq "${tmpdir}/HEAD-dup" > "${tmpdir}/HEAD"
+
+grep '^-' docs/LICENSE_OF_DEPENDENCIES.md | grep -v github.com/DataDog/datadog-agent | cut -f 2 -d' ' > "${tmpdir}/LICENSE_OF_DEPENDENCIES.md"
+
+diff -U0 "${tmpdir}/LICENSE_OF_DEPENDENCIES.md" "${tmpdir}/HEAD" || {
+cat - <<EOF
+
+
+The docs/LICENSE_OF_DEPENDENCIES.md file does not contain the expected entries.
+
+Lines prefixed with '+' should be added to LICENSE_OF_DEPENDENCIES.md and '-'
+lines should be removed.
+
+Include a link to the appropriate licenses for any additions.
+EOF
+exit 1
+}

scripts/check-file-changes.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+# CIRCLE-CI SCRIPT: This file is used exclusively for CI
+# To prevent the tests/builds to run for only a doc change, this script checks what files have changed in a pull request.
+
+BRANCH="$(git rev-parse --abbrev-ref HEAD)"
+echo $BRANCH
+if [[ ${CIRCLE_PULL_REQUEST##*/} != "" ]]; then # Only skip if their is an associated pull request with this job
+    # Ask git for all the differences between this branch and master
+    # Then use grep to look for changes in the .circleci/ directory, anything named *.go or *.mod or *.sum or *.sh or Makefile
+    # If no match is found, then circleci step halt will stop the CI job but mark it successful
+    git diff master --name-only --no-color | egrep -e "^(\.circleci\/.*)$|^(.*\.(go|mod|sum|sh))$|^Makefile$" || circleci step halt;
+fi

scripts/check-plugin-doc-embedding.sh

@@ -0,0 +1,71 @@
+#!/bin/bash
+
+plugin="${1}"
+
+if [ ! -d "${plugin}" ]; then
+    echo "ERR: ${plugin} is not a directory"
+    exit 1
+fi
+
+pluginname=$(basename "${plugin}")
+if [[ ":all:" =~ .*:${pluginname}:.* ]]; then
+    echo "INF: ${plugin} ignored"
+    exit 0
+fi
+
+# Check for the sample.conf file
+if [ ! -f "${plugin}/sample.conf" ] && [ "${pluginname}" != "modbus" ]; then
+    echo "ERR: ${plugin} does not contain a sample.conf file"
+    exit 1
+fi
+
+# Check for the sample.conf embedding into the README.md
+readme="^\`\`\`toml @sample.*\.conf\b"
+if  ! grep -q "${readme}" "${plugin}/README.md" ; then
+    echo "ERR: ${plugin} is missing embedding in README"
+    exit 1
+fi
+
+# Check for the generator
+generator="//go:generate ../../../tools/readme_config_includer/generator"
+found=false
+for filename in "${plugin}/"*.go; do
+    if [[ "${filename}" == *_test.go ]]; then
+        continue
+    fi
+    if ! grep -q "SampleConfig(" "${filename}"; then
+        continue
+    fi
+
+    if grep -q "^${generator}\$" "${filename}"; then
+        found=true
+        break
+    fi
+done
+
+if ! ${found}; then
+    echo "ERR: ${plugin} is missing generator statement!"
+    exit 1
+fi
+
+# Check for the embedding
+embedding="//go:embed sample.*\.conf"
+found=false
+for filename in "${plugin}/"*.go; do
+    if [[ "${filename}" == *_test.go ]]; then
+        continue
+    fi
+    if ! grep -q "SampleConfig(" "${filename}"; then
+        continue
+    fi
+
+    if grep -q "^${embedding}\$" "${filename}"; then
+        found=true
+        break
+    fi
+done
+
+if ! ${found}; then
+    echo "ERR: ${plugin} is missing embedding statement!"
+    exit 1
+fi

scripts/ci.docker

@@ -0,0 +1,23 @@
+FROM golang:1.24.3
+
+RUN chmod -R 755 "$GOPATH"
+
+RUN DEBIAN_FRONTEND=noninteractive \
+	apt update && apt install -y --no-install-recommends \
+	autoconf \
+	git \
+	libtool \
+	locales \
+	make \
+	awscli \
+	rpm \
+	ruby \
+	ruby-dev \
+	zip && \
+	rm -rf /var/lib/apt/lists/*
+
+RUN ln -sf /usr/share/zoneinfo/Etc/UTC /etc/localtime
+RUN locale-gen C.UTF-8 || true
+ENV LANG=C.UTF-8
+
+RUN gem install fpm

scripts/deb/post-install.sh

@@ -0,0 +1,79 @@
+#!/bin/bash
+
+SCRIPT_DIR=/usr/lib/telegraf/scripts
+
+function install_init {
+    cp -f $SCRIPT_DIR/init.sh /etc/init.d/telegraf
+    chmod +x /etc/init.d/telegraf
+}
+
+function install_systemd {
+    #shellcheck disable=SC2086
+    cp -f $SCRIPT_DIR/telegraf.service $1
+    systemctl enable telegraf || true
+    systemctl daemon-reload || true
+}
+
+function install_update_rcd {
+    update-rc.d telegraf defaults
+}
+
+function install_chkconfig {
+    chkconfig --add telegraf
+}
+
+# Remove legacy symlink, if it exists
+if [[ -L /etc/init.d/telegraf ]]; then
+    rm -f /etc/init.d/telegraf
+fi
+
+# Add defaults file, if it doesn't exist
+if [[ ! -f /etc/default/telegraf ]]; then
+    touch /etc/default/telegraf
+fi
+
+# Add .d configuration directory
+if [[ ! -d /etc/telegraf/telegraf.d ]]; then
+    mkdir -p /etc/telegraf/telegraf.d
+fi
+
+# If 'telegraf.conf' is not present use package's sample (fresh install)
+if [[ ! -f /etc/telegraf/telegraf.conf ]] && [[ -f /etc/telegraf/telegraf.conf.sample ]]; then
+   cp /etc/telegraf/telegraf.conf.sample /etc/telegraf/telegraf.conf
+fi
+
+LOG_DIR=/var/log/telegraf
+test -d $LOG_DIR || mkdir -p $LOG_DIR
+chown -R -L telegraf:telegraf $LOG_DIR
+chmod 755 $LOG_DIR
+
+STATE_DIR=/var/lib/telegraf
+test -d "$STATE_DIR" || {
+    mkdir -p "$STATE_DIR"
+    chmod 770 "$STATE_DIR"
+    chown root:telegraf "$STATE_DIR"
+}
+
+STATE_FILE="$STATE_DIR/statefile"
+test -f "$STATE_FILE" || {
+    touch "$STATE_FILE"
+    echo {} > "$STATE_FILE"
+    chown root:telegraf "$STATE_FILE"
+    chmod 660 "$STATE_FILE"
+}
+
+if [ -d /run/systemd/system ]; then
+    install_systemd /lib/systemd/system/telegraf.service
+    # if and only if the service was already running then restart
+    deb-systemd-invoke try-restart telegraf.service >/dev/null || true
+else
+	# Assuming SysVinit
+	install_init
+	# Run update-rc.d or fallback to chkconfig if not available
+	if which update-rc.d &>/dev/null; then
+		install_update_rcd
+	else
+		install_chkconfig
+	fi
+	invoke-rc.d telegraf restart
+fi

scripts/deb/post-remove.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+
+function disable_systemd {
+    systemctl disable telegraf
+    rm -f $1
+}
+
+function disable_update_rcd {
+    update-rc.d -f telegraf remove
+    rm -f /etc/init.d/telegraf
+}
+
+function disable_chkconfig {
+    chkconfig --del telegraf
+    rm -f /etc/init.d/telegraf
+}
+
+if [ "$1" == "remove" -o "$1" == "purge" ]; then
+	# Remove/purge
+	rm -f /etc/default/telegraf
+
+	if [[ "$(readlink /proc/1/exe)" == */systemd ]]; then
+		disable_systemd /lib/systemd/system/telegraf.service
+	else
+		# Assuming sysv
+		# Run update-rc.d or fallback to chkconfig if not available
+		if which update-rc.d &>/dev/null; then
+			disable_update_rcd
+		else
+			disable_chkconfig
+		fi
+	fi
+fi

scripts/deb/pre-install.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+
+if ! grep "^telegraf:" /etc/group &>/dev/null; then
+    groupadd -r telegraf
+fi
+
+if ! id telegraf &>/dev/null; then
+    useradd -r -M telegraf -s /bin/false -d /etc/telegraf -g telegraf
+fi
+
+if [[ -d /etc/opt/telegraf ]]; then
+    # Legacy configuration found
+    if [[ ! -d /etc/telegraf ]]; then
+        # New configuration does not exist, move legacy configuration to new location
+        echo -e "Please note, Telegraf's configuration is now located at '/etc/telegraf' (previously '/etc/opt/telegraf')."
+        mv -vn /etc/opt/telegraf /etc/telegraf
+
+        if [[ -f /etc/telegraf/telegraf.conf ]]; then
+            backup_name="telegraf.conf.$(date +%s).backup"
+            echo "A backup of your current configuration can be found at: /etc/telegraf/${backup_name}"
+            cp -a "/etc/telegraf/telegraf.conf" "/etc/telegraf/${backup_name}"
+        fi
+    fi
+fi

scripts/deb/pre-remove.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+if [ -d /run/systemd/system ]; then
+	if [ "$1" = remove ]; then
+		deb-systemd-invoke stop telegraf.service
+	fi
+else
+	# Assuming sysv
+	invoke-rc.d telegraf stop
+fi

scripts/init.sh

@@ -0,0 +1,220 @@
+#! /usr/bin/env bash
+
+# chkconfig: 2345 99 01
+# description: Telegraf daemon
+
+### BEGIN INIT INFO
+# Provides:          telegraf
+# Required-Start:    $all
+# Required-Stop:     $remote_fs $syslog
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Start telegraf at boot time
+### END INIT INFO
+
+# this init script supports three different variations:
+#  1. New lsb that define start-stop-daemon
+#  2. Old lsb that don't have start-stop-daemon but define, log, pidofproc and killproc
+#  3. Centos installations without lsb-core installed
+#
+# In the third case we have to define our own functions which are very dumb
+# and expect the args to be positioned correctly.
+
+# Command-line options that can be set in /etc/default/telegraf.  These will override
+# any config file values.
+TELEGRAF_OPTS=
+
+USER=telegraf
+GROUP=telegraf
+
+if [ -r /lib/lsb/init-functions ]; then
+    source /lib/lsb/init-functions
+fi
+
+DEFAULT=/etc/default/telegraf
+
+if [ -r $DEFAULT ]; then
+    set -o allexport
+    source $DEFAULT
+    set +o allexport
+fi
+
+if [ -z "$STDOUT" ]; then
+    STDOUT=/dev/null
+fi
+if [ ! -f "$STDOUT" ]; then
+    mkdir -p `dirname $STDOUT`
+fi
+
+if [ -z "$STDERR" ]; then
+    STDERR=/var/log/telegraf/telegraf.log
+fi
+if [ ! -f "$STDERR" ]; then
+    mkdir -p `dirname $STDERR`
+fi
+
+OPEN_FILE_LIMIT=65536
+
+function pidofproc() {
+    if [ $# -ne 3 ]; then
+        echo "Expected three arguments, e.g. $0 -p pidfile daemon-name"
+    fi
+
+    if [ ! -f "$2" ]; then
+        return 1
+    fi
+
+    local pidfile=`cat $2`
+
+    if [ "x$pidfile" == "x" ]; then
+        return 1
+    fi
+
+    if ps --pid "$pidfile" | grep -q $(basename $3); then
+        return 0
+    fi
+
+    return 1
+}
+
+function killproc() {
+    if [ $# -ne 3 ]; then
+        echo "Expected three arguments, e.g. $0 -p pidfile signal"
+    fi
+
+    pid=`cat $2`
+
+    kill -s $3 $pid
+}
+
+function log_failure_msg() {
+    echo "$@" "[ FAILED ]"
+}
+
+function log_success_msg() {
+    echo "$@" "[ OK ]"
+}
+
+# Process name ( For display )
+name=telegraf
+
+# Daemon name, where is the actual executable
+daemon=/usr/bin/telegraf
+
+# pid file for the daemon
+pidfile=/var/run/telegraf/telegraf.pid
+piddir=`dirname $pidfile`
+
+if [ ! -d "$piddir" ]; then
+    mkdir -p $piddir
+    chown $USER:$GROUP $piddir
+fi
+
+# Configuration file
+config=/etc/telegraf/telegraf.conf
+confdir=/etc/telegraf/telegraf.d
+
+# If the daemon is not there, then exit.
+[ -x $daemon ] || exit 5
+
+case $1 in
+    start)
+        # Checked the PID file exists and check the actual status of process
+        if [ -e "$pidfile" ]; then
+            if pidofproc -p $pidfile $daemon > /dev/null; then
+                log_failure_msg "$name process is running"
+	    else
+                log_failure_msg "$name pidfile has no corresponding process; ensure $name is stopped and remove $pidfile"
+            fi
+            exit 0
+        fi
+
+        # Bump the file limits, before launching the daemon. These will carry over to
+        # launched processes.
+        ulimit -n $OPEN_FILE_LIMIT
+        if [ $? -ne 0 ]; then
+            log_failure_msg "set open file limit to $OPEN_FILE_LIMIT"
+        fi
+
+        # Set DBUS_SESSION_BUS_ADDRESS if unset to prevent the daemon from
+        # spawning a stray dbus-session process
+        export DBUS_SESSION_BUS_ADDRESS="${DBUS_SESSION_BUS_ADDRESS:-/dev/null}"
+
+        log_success_msg "Starting the process" "$name"
+        if command -v startproc >/dev/null; then
+            startproc -u "$USER" -g "$GROUP" -p "$pidfile" -q -- "$daemon" -pidfile "$pidfile" -config "$config" -config-directory "$confdir" $TELEGRAF_OPTS
+        elif which start-stop-daemon > /dev/null 2>&1; then
+            start-stop-daemon --chuid $USER:$GROUP --start --quiet --pidfile $pidfile --exec $daemon -- -pidfile $pidfile -config $config -config-directory $confdir $TELEGRAF_OPTS >>$STDOUT 2>>$STDERR &
+        else
+            su -s /bin/sh -c "nohup $daemon -pidfile $pidfile -config $config -config-directory $confdir $TELEGRAF_OPTS >>$STDOUT 2>>$STDERR &" $USER
+        fi
+        log_success_msg "$name process was started"
+        ;;
+
+    stop)
+        # Stop the daemon.
+        if [ -e $pidfile ]; then
+            if pidofproc -p $pidfile $daemon > /dev/null; then
+                # periodically signal until process exists
+                while true; do
+                        if ! pidofproc -p $pidfile $daemon > /dev/null; then
+                                break
+                        fi
+                        killproc -p $pidfile SIGTERM 2>&1 >/dev/null
+                        sleep 2
+                done
+
+                log_success_msg "$name process was stopped"
+                rm -f $pidfile
+            fi
+        else
+            log_failure_msg "$name process is not running"
+        fi
+        ;;
+
+    reload)
+        # Reload the daemon.
+        if [ -e $pidfile ]; then
+            if pidofproc -p $pidfile $daemon > /dev/null; then
+                if killproc -p $pidfile SIGHUP; then
+                    log_success_msg "$name process was reloaded"
+                else
+                    log_failure_msg "$name failed to reload service"
+                fi
+            fi
+        else
+            log_failure_msg "$name process is not running"
+        fi
+        ;;
+
+    restart)
+        # Restart the daemon.
+        $0 stop && sleep 2 && $0 start
+        ;;
+
+    status)
+        # Check the status of the process.
+        if [ -e $pidfile ]; then
+            if pidofproc -p $pidfile $daemon > /dev/null; then
+                log_success_msg "$name Process is running"
+                exit 0
+            else
+                log_failure_msg "$name Process is not running"
+                exit 1
+            fi
+        else
+            log_failure_msg "$name Process is not running"
+            exit 3
+        fi
+        ;;
+
+    version)
+        $daemon version
+        ;;
+
+    *)
+        # For invalid arguments, print the usage message.
+        echo "Usage: $0 {start|stop|restart|status|version}"
+        exit 2
+        ;;
+esac

scripts/install_gotestsum.sh

@@ -0,0 +1,53 @@
+#!/bin/sh
+
+set -eux
+
+OS=$1
+EXE=$2
+VERSION="1.10.1"
+ARCH=$(uname -m)
+
+WINDOWS_SHA="3a409d05e6d0b89b7860b3a1d66bd855831a276ac25a05d33700f330f554d315"
+DARWIN_ARM64_SHA="01be1b28f7c2558af6191050671a97e783eab5ceb813ea8bfac739d5759de596"
+LINUX_SHA="44be2c02d4cf99cdd61edcb27851ef98ef8724a2ae3355b438bd108e9abb9056"
+
+if [ "$ARCH" = 'arm64' ]; then
+    GO_ARCH="arm64"
+elif [ "$ARCH" = 'x86_64' ]; then
+    GO_ARCH="amd64"
+fi
+
+setup_gotestsum () {
+    echo "installing gotestsum"
+    curl -L "https://github.com/gotestyourself/gotestsum/releases/download/v${VERSION}/gotestsum_${VERSION}_${OS}_${GO_ARCH}.tar.gz" --output gotestsum.tar.gz
+
+    if [ "$OS" = "windows" ]; then
+        SHA=$WINDOWS_SHA
+        SHATOOL="sha256sum"
+    elif [ "$OS" = "darwin" ]; then
+        SHA=$DARWIN_ARM64_SHA
+        SHATOOL="shasum --algorithm 256"
+    elif [ "$OS" = "linux" ]; then
+        SHA=$LINUX_SHA
+        SHATOOL="sha256sum"
+    fi
+
+    if ! echo "${SHA}  gotestsum.tar.gz" | ${SHATOOL} --check -; then
+        echo "Checksum failed" >&2
+        exit 1
+    fi
+
+    tar --extract --file=gotestsum.tar.gz "${EXE}"
+}
+
+if test -f "${EXE}"; then
+    echo "gotestsum is already installed"
+    v=$(./"${EXE}" --version)
+    echo "$v is installed, required version is ${VERSION}"
+    if [ "$v" != "gotestsum version ${VERSION}" ]; then
+        setup_gotestsum
+        ./"${EXE}" --version
+    fi
+else
+    setup_gotestsum
+fi

scripts/install_incus.sh

@@ -0,0 +1,47 @@
+#!/bin/bash
+set -eux
+
+sudo mkdir -p /etc/apt/keyrings
+sudo curl -fsSL https://pkgs.zabbly.com/key.asc -o /etc/apt/keyrings/zabbly.asc
+sudo sh -c 'cat <<EOF > /etc/apt/sources.list.d/zabbly-incus-stable.sources
+Enabled: yes
+Types: deb
+URIs: https://pkgs.zabbly.com/incus/stable
+Suites: $(. /etc/os-release && echo ${VERSION_CODENAME})
+Components: main
+Architectures: $(dpkg --print-architecture)
+Signed-By: /etc/apt/keyrings/zabbly.asc
+
+EOF'
+
+sudo apt-get update && sudo apt-get install --yes incus
+
+# On CircleCI instances do not have IPv6 enabled, force IPv4 usage only.
+cat <<EOF | sudo incus admin init --preseed
+networks:
+- name: incusbr0
+  type: bridge
+  config:
+    ipv4.address: 192.168.100.1/24
+    ipv4.nat: true
+    ipv6.address: none
+storage_pools:
+- name: default
+  driver: dir
+profiles:
+- name: default
+  devices:
+    eth0:
+      name: eth0
+      network: incusbr0
+      type: nic
+    root:
+      path: /
+      pool: default
+      type: disk
+EOF
+
+# Disable the firewall to prevent issues with the default configuration.
+sudo ufw disable
+
+sudo usermod -a -G incus-admin "$(whoami)"

scripts/installgo_linux.sh

@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -eux
+
+GO_VERSION="1.24.3"
+GO_ARCH="linux-amd64"
+# from https://go.dev/dl
+GO_VERSION_SHA="3333f6ea53afa971e9078895eaa4ac7204a8c6b5c68c10e6bc9a33e8e391bdd8"
+
+# Download Go and verify Go tarball
+setup_go () {
+    echo "installing go"
+    curl -L https://go.dev/dl/go${GO_VERSION}.${GO_ARCH}.tar.gz --output go${GO_VERSION}.${GO_ARCH}.tar.gz
+    if ! echo "${GO_VERSION_SHA}  go${GO_VERSION}.${GO_ARCH}.tar.gz" | shasum --algorithm 256 --check -; then
+        echo "Checksum failed" >&2
+        exit 1
+    fi
+
+    sudo rm -rfv /usr/local/go
+    sudo tar -C /usr/local -xzf go${GO_VERSION}.${GO_ARCH}.tar.gz
+}
+
+if command -v go >/dev/null 2>&1; then
+    echo "Go is already installed"
+    cd
+    v=$(go version | { read -r _ _ v _; echo "${v#go}"; })
+    echo "$v is installed, required version is ${GO_VERSION}"
+    if [ "$v" != ${GO_VERSION} ]; then
+        setup_go
+    fi
+else
+    setup_go
+fi
+
+echo "$PATH"
+command -v go
+go version

scripts/installgo_mac.sh

@@ -0,0 +1,53 @@
+#!/bin/sh
+
+set -eux
+
+ARCH=$(uname -m)
+GO_VERSION="1.24.3"
+GO_VERSION_SHA_arm64="64a3fa22142f627e78fac3018ce3d4aeace68b743eff0afda8aae0411df5e4fb" # from https://go.dev/dl
+GO_VERSION_SHA_amd64="13e6fe3fcf65689d77d40e633de1e31c6febbdbcb846eb05fc2434ed2213e92b" # from https://go.dev/dl
+
+if [ "$ARCH" = 'arm64' ]; then
+    GO_ARCH="darwin-arm64"
+    GO_VERSION_SHA=${GO_VERSION_SHA_arm64}
+elif [ "$ARCH" = 'x86_64' ]; then
+    GO_ARCH="darwin-amd64"
+    GO_VERSION_SHA=${GO_VERSION_SHA_amd64}
+fi
+
+# This path is cacheable. (Saving in /usr/local/ would cause issues restoring the cache.)
+path="/usr/local/Cellar"
+sudo mkdir -p ${path}
+
+# Download Go and verify Go tarball. (Note: we aren't using brew because
+# it is slow to update and we can't pull specific minor versions.)
+setup_go () {
+    echo "installing go"
+    curl -L "https://go.dev/dl/go${GO_VERSION}.${GO_ARCH}.tar.gz" --output "go${GO_VERSION}.${GO_ARCH}.tar.gz"
+    if ! echo "${GO_VERSION_SHA}  go${GO_VERSION}.${GO_ARCH}.tar.gz" | shasum --algorithm 256 --check -; then
+        echo "Checksum failed" >&2
+        exit 1
+    fi
+
+    sudo rm -rf "${path}/go"
+    sudo tar -C "$path" -xzf "go${GO_VERSION}.${GO_ARCH}.tar.gz"
+    sudo mkdir -p /usr/local/bin
+    sudo ln -sf "${path}/go/bin/go" /usr/local/bin/go
+    sudo ln -sf "${path}/go/bin/gofmt" /usr/local/bin/gofmt
+}
+
+if command -v go >/dev/null 2>&1; then
+    echo "Go is already installed"
+    cd
+    v=$(go version | { read -r _ _ v _; echo "${v#go}"; })
+    echo "$v is installed, required version is ${GO_VERSION}"
+    if [ "$v" != ${GO_VERSION} ]; then
+        setup_go
+    fi
+else
+    setup_go
+fi
+
+echo "$PATH"
+command -v go
+go version

scripts/installgo_windows.sh

@@ -0,0 +1,25 @@
+#!/bin/sh
+
+set -eux
+
+GO_VERSION="1.24.3"
+
+setup_go () {
+    choco upgrade golang --allow-downgrade --version=${GO_VERSION}
+}
+
+if command -v go >/dev/null 2>&1; then
+    echo "Go is already installed"
+    cd
+    v=$(go version | { read -r _ _ v _; echo "${v#go}"; })
+    echo "$v is installed, required version is ${GO_VERSION}"
+    if [ "$v" != ${GO_VERSION} ]; then
+        setup_go
+    fi
+else
+    setup_go
+fi
+
+echo "$PATH"
+command -v go
+go version

scripts/local_circleci.sh

@@ -0,0 +1,6 @@
+#!/bin/sh
+
+jobName=$1
+
+circleci config process .circleci/config.yml > process.yml
+circleci local execute -c process.yml --job $jobName

scripts/mac-signing.sh

@@ -0,0 +1,139 @@
+#!/bin/bash
+
+function cleanup () {
+  echo "Cleaning up any existing Telegraf or Telegraf.app"
+  printf "\n"
+  rm -rf Telegraf
+  rm -rf Telegraf.app
+}
+
+function archive_notarize()
+{
+  target="${1}"
+
+  # submit archive for notarization, extract uuid
+  uuid="$(
+    # This extracts the value from `notarytool's` output. Unfortunately,
+    # the 'id' is written to multiple times in the output. This requires
+    # `awk` to `exit` after the first instance. However, doing so closes
+    # `stdout` for `notarytool` which results with error code 141. This
+    # takes the *complete* output from `notarytool` then
+    # parses it with `awk`.
+    awk '{ if ( $1 == "id:" ) { $1 = ""; print $0; exit 0; } }' \
+      <<< "$(
+        # shellcheck disable=SC2154
+        xcrun notarytool submit \
+          --apple-id "${AppleUsername}" \
+          --password "${ApplePassword}" \
+          --team-id 'M7DN9H35QT' \
+          "${target}"
+      )"
+  )"
+  shopt -s extglob
+  uuid="${uuid%%+([[:space:]])}"  # strips leading whitespace
+  uuid="${uuid##+([[:space:]])}"  # strips trailing whitespace
+
+  if [[ -z "${uuid}" ]]; then
+    exit 1
+  fi
+
+  # loop until notarization is complete
+  while true ; do
+    sleep 10
+
+    response="$(
+      # This extracts the value from `notarytool's` output. Unfortunately,
+      # the 'id' is written to multiple times in the output. This requires
+      # `awk` to `exit` after the first instance. However, doing so closes
+      # `stdout` for `notarytool` which results with error code 141. This
+      # takes the *complete* output from `notarytool` then
+      # parses it with `awk`.
+      awk '{ if ( $1 == "status:" ) { $1 = ""; print $0; exit 0; } }' \
+        <<< "$(
+          # shellcheck disable=SC2154
+          xcrun notarytool info \
+            --apple-id "${AppleUsername}" \
+            --password "${ApplePassword}" \
+            --team-id 'M7DN9H35QT' \
+            "${uuid}"
+        )"
+    )"
+    shopt -s extglob
+    response="${response%%+([[:space:]])}"  # strips leading whitespace
+    response="${response##+([[:space:]])}"  # strips trailing whitespace
+
+    if [[ "${response}" != 'In Progress' ]] ; then
+      break
+    fi
+  done
+
+  if [[ "${response}" != 'Accepted' ]]; then
+    exit 1
+  fi
+}
+
+# Acquire the necessary certificates.
+# MacCertificate, MacCertificatePassword, AppleSigningAuthorityCertificate are environment variables, to follow convention they should have been all caps.
+# shellcheck disable=SC2154
+base64 -D -o MacCertificate.p12 <<< "$MacCertificate"
+# shellcheck disable=SC2154
+sudo security import MacCertificate.p12 -k /Library/Keychains/System.keychain -P "$MacCertificatePassword" -A
+# shellcheck disable=SC2154
+base64 -D -o AppleSigningAuthorityCertificate.cer <<< "$AppleSigningAuthorityCertificate"
+sudo security import AppleSigningAuthorityCertificate.cer -k '/Library/Keychains/System.keychain' -A
+
+amdFile=$(find "$HOME/project/dist" -name "*darwin_amd64.tar*")
+armFile=$(find "$HOME/project/dist" -name "*darwin_arm64.tar*")
+macFiles=("${amdFile}" "${armFile}")
+
+version=$(make version)
+plutil -insert CFBundleShortVersionString -string "$version" ~/project/Info.plist
+plutil -insert CFBundleVersion -string "$version" ~/project/Info.plist
+
+for tarFile in "${macFiles[@]}";
+do
+  cleanup
+
+  # Create the .app bundle directory structure
+  RootAppDir="Telegraf.app/Contents"
+  mkdir -p "$RootAppDir"
+  mkdir -p "$RootAppDir/MacOS"
+  mkdir -p "$RootAppDir/Resources"
+
+  DeveloperID="Developer ID Application: InfluxData Inc. (M7DN9H35QT)"
+
+  # Sign telegraf binary
+  echo "Extract $tarFile to $RootAppDir/Resources"
+  tar -xzvf "$tarFile" --strip-components=2 -C "$RootAppDir/Resources"
+  printf "\n"
+  TelegrafBinPath="$RootAppDir/Resources/usr/bin/telegraf"
+  codesign --force -s "$DeveloperID" --timestamp --options=runtime "$TelegrafBinPath"
+  echo "Verify if $TelegrafBinPath was signed"
+  codesign -dvv "$TelegrafBinPath"
+
+  printf "\n"
+
+  cp ~/project/scripts/telegraf_entry_mac "$RootAppDir"/MacOS
+  cp ~/project/Info.plist "$RootAppDir"
+  cp  ~/project/assets/windows/icon.icns "$RootAppDir/Resources"
+
+  chmod +x "$RootAppDir/MacOS/telegraf_entry_mac"
+
+  # Sign the entire .app bundle, and wrap it in a DMG.
+  codesign -s "$DeveloperID" --timestamp --options=runtime --deep --force Telegraf.app
+  baseName=$(basename "$tarFile" .tar.gz)
+  echo "$baseName"
+  hdiutil create -size 500m -volname Telegraf -srcfolder Telegraf.app "$baseName".dmg
+  codesign -s "$DeveloperID" --timestamp --options=runtime "$baseName".dmg
+
+  archive_notarize "${baseName}.dmg"
+
+  # Attach the notarization to the DMG.
+  xcrun stapler staple "$baseName".dmg
+  cleanup
+
+  mkdir -p ~/project/build/dist
+  mv "$baseName".dmg ~/project/build/dist
+
+  echo "$baseName.dmg signed and notarized!"
+done

scripts/make_docs.sh

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+make docs
+
+if [ "$(git status --porcelain | wc -l)" -eq "0" ]; then
+  echo "🟢 Git repo is clean."
+else
+  echo "🔴 Git repo dirty. Please run \"make docs\" and push the updated README. Failing CI."
+  exit 1
+fi

scripts/rpm/post-install.sh

@@ -0,0 +1,50 @@
+#!/bin/bash
+
+# Remove legacy symlink, if it exists
+if [[ -L /etc/init.d/telegraf ]]; then
+    rm -f /etc/init.d/telegraf
+fi
+
+# Add defaults file, if it doesn't exist
+if [[ ! -f /etc/default/telegraf ]]; then
+    touch /etc/default/telegraf
+fi
+
+# Add .d configuration directory
+if [[ ! -d /etc/telegraf/telegraf.d ]]; then
+    mkdir -p /etc/telegraf/telegraf.d
+fi
+
+# If 'telegraf.conf' is not present use package's sample (fresh install)
+if [[ ! -f /etc/telegraf/telegraf.conf ]] && [[ -f /etc/telegraf/telegraf.conf.sample ]]; then
+   cp /etc/telegraf/telegraf.conf.sample /etc/telegraf/telegraf.conf
+fi
+
+# Set up log directories
+LOG_DIR=/var/log/telegraf
+mkdir -p $LOG_DIR
+chown -R -L telegraf:telegraf $LOG_DIR
+chmod 755 $LOG_DIR
+
+STATE_DIR=/var/lib/telegraf
+test -d "$STATE_DIR" || {
+    mkdir -p "$STATE_DIR"
+    chmod 770 "$STATE_DIR"
+    chown root:telegraf "$STATE_DIR"
+}
+
+STATE_FILE="$STATE_DIR/statefile"
+test -f "$STATE_FILE" || {
+    touch "$STATE_FILE"
+    echo {} > "$STATE_FILE"
+    chown root:telegraf "$STATE_FILE"
+    chmod 660 "$STATE_FILE"
+}
+
+# Set up systemd service - check if the systemd directory exists per:
+# https://www.freedesktop.org/software/systemd/man/sd_booted.html
+if [[ -d /run/systemd/system ]]; then
+    cp -f /usr/lib/telegraf/scripts/telegraf.service /usr/lib/systemd/system/telegraf.service
+    systemctl enable telegraf
+    systemctl daemon-reload
+fi

scripts/rpm/post-remove.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+
+# Telegraf is no longer installed, remove from systemd
+if [[ "$1" = "0" ]]; then
+    rm -f /etc/default/telegraf
+
+    if [[ -d /run/systemd/system ]]; then
+        systemctl disable telegraf
+        rm -f /usr/lib/systemd/system/telegraf.service
+        systemctl daemon-reload
+    fi
+fi
+
+# Telegraf upgrade, restart service
+if [[ $1 -ge 1 ]]; then
+    if [[ -d /run/systemd/system ]]; then
+        systemctl try-restart telegraf.service >/dev/null 2>&1 || :
+    fi
+fi

scripts/rpm/pre-install.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+
+if ! grep "^telegraf:" /etc/group &>/dev/null; then
+    groupadd -r telegraf
+fi
+
+if ! id telegraf &>/dev/null; then
+    useradd -r -M telegraf -s /bin/false -d /etc/telegraf -g telegraf
+fi
+
+if [[ -d /etc/opt/telegraf ]]; then
+    # Legacy configuration found
+    if [[ ! -d /etc/telegraf ]]; then
+        # New configuration does not exist, move legacy configuration to new location
+        echo -e "Please note, Telegraf's configuration is now located at '/etc/telegraf' (previously '/etc/opt/telegraf')."
+        mv -vn /etc/opt/telegraf /etc/telegraf
+
+        if [[ -f /etc/telegraf/telegraf.conf ]]; then
+            backup_name="telegraf.conf.$(date +%s).backup"
+            echo "A backup of your current configuration can be found at: /etc/telegraf/${backup_name}"
+            cp -a "/etc/telegraf/telegraf.conf" "/etc/telegraf/${backup_name}"
+        fi
+    fi
+fi

scripts/sign-windows.sh

@@ -0,0 +1,44 @@
+#!/bin/bash
+set -eux
+
+# Install dependencies
+sudo apt update && sudo apt install --yes 7zip default-jre-headless osslsigncode wget
+wget https://github.com/ebourg/jsign/releases/download/5.0/jsign_5.0_all.deb
+sha256sum="9877a0949a9c9ac4485155bbb8679ac863d3ec3d67e0a380b880eed650d06854"
+if ! echo "${sha256sum}  jsign_5.0_all.deb" | sha256sum --check -; then
+    echo "Checksum for jsign deb failed" >&2
+    exit 1
+fi
+sudo dpkg -i jsign_5.0_all.deb
+
+# Load certificates
+touch "$SM_CLIENT_CERT_FILE"
+set +x
+echo "$SM_CLIENT_CERT_FILE_B64" > "$SM_CLIENT_CERT_FILE.b64"
+set -x
+base64 -d "$SM_CLIENT_CERT_FILE.b64" > "$SM_CLIENT_CERT_FILE"
+
+# Loop through and sign + verify the binaries
+artifactDirectory="./dist"
+extractDirectory="$artifactDirectory/extracted"
+for file in "$artifactDirectory"/*windows*; do
+    7zz x "$file" -o$extractDirectory
+    subDirectoryPath=$(find $extractDirectory -mindepth 1 -maxdepth 1 -type d)
+    telegrafExePath="$subDirectoryPath/telegraf.exe"
+
+    jsign \
+        -storetype DIGICERTONE \
+        -alias "$SM_CERT_ALIAS" \
+        -storepass "$SM_API_KEY|$SM_CLIENT_CERT_FILE|$SM_CLIENT_CERT_PASSWORD" \
+        -alg SHA-256 \
+        -tsaurl http://timestamp.digicert.com \
+        "$telegrafExePath"
+
+    osslsigncode verify \
+        -CAfile /usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt \
+        -TSA-CAfile /usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt \
+        -in "$telegrafExePath"
+
+    7zz a -r "$file" "$subDirectoryPath"
+    rm -rf "$extractDirectory"
+done

scripts/telegraf.service

@@ -0,0 +1,22 @@
+[Unit]
+Description=Telegraf
+Documentation=https://github.com/influxdata/telegraf
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=notify
+NotifyAccess=all
+EnvironmentFile=-/etc/default/telegraf
+User=telegraf
+ImportCredential=telegraf.*
+ExecStart=/usr/bin/telegraf -config /etc/telegraf/telegraf.conf -config-directory /etc/telegraf/telegraf.d $TELEGRAF_OPTS
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=on-failure
+RestartForceExitStatus=SIGPIPE
+KillMode=mixed
+LimitMEMLOCK=8M:8M
+PrivateMounts=true
+
+[Install]
+WantedBy=multi-user.target

scripts/telegraf_entry_mac

@@ -0,0 +1,13 @@
+#!/bin/bash
+currentDir="$( cd "$(dirname "$0")" ; pwd -P )"
+
+if [[ $currentDir == *"AppTranslocation"* || $currentDir == *"Volumes"* ]]; then
+  osascript -e "display alert \"Please copy Telegraf to somewhere on your machine. It can't be run from the image.\" as critical"
+else
+  cd $currentDir
+  osascript<<EOF
+  tell application "Terminal"
+      do script " $currentDir/../Resources/usr/bin/telegraf $@"
+  end tell
+EOF
+fi

scripts/windows-gen-syso.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+# Run goversioninfo to generate the resource.syso to embed version info.
+set -eux
+
+NAME="Telegraf"
+VERSION=$(cd ../../ && make version)
+FLAGS=()
+
+# If building for arm64, then include the extra flags required.
+if [ -n "${1+x}" ] && [ "$1" = "arm64" ]; then
+    FLAGS=(-arm -64)
+fi
+
+goversioninfo "${FLAGS[@]}" \
+    -product-name "$NAME" \
+    -product-version "$VERSION" \
+    -skip-versioninfo \
+    -icon=../../assets/windows/tiger.ico \
+    -o resource.syso