From a41fb636bccd65ab7314f584fe627f358189857d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Georg=20Sch=C3=B6lly?= <git@gsch.ch>
Date: Thu, 1 Aug 2024 16:39:01 +0200
Subject: [PATCH] Detect software from deb_packages which is 'on hold' (#20751)

The list of installed software was missing packages put ['on
hold'](https://askubuntu.com/questions/18654/how-to-prevent-updating-of-a-specific-package)

The reason for this is that the old query looks for the status

    install ok installed

but there are other valid status which are also installed, like `hold ok
installed`. The syntax is `<desired> <error> <status>` so we only need
to look at the last or two last parts and ignore the first one.

See https://man7.org/linux/man-pages/man1/dpkg-query.1.html for a list
of status.

# Checklist for submitter

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
---
 changes/20751-detect-held-linux-packages-as-installed | 1 +
 docs/Using Fleet/Understanding-host-vitals.md         | 2 +-
 server/service/osquery_utils/queries.go               | 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)
 create mode 100644 changes/20751-detect-held-linux-packages-as-installed

diff --git a/changes/20751-detect-held-linux-packages-as-installed b/changes/20751-detect-held-linux-packages-as-installed
new file mode 100644
index 0000000000..6aa524ce80
--- /dev/null
+++ b/changes/20751-detect-held-linux-packages-as-installed
@@ -0,0 +1 @@
+Linux .deb packages 'on hold' are now included in the installed software list.
diff --git a/docs/Using Fleet/Understanding-host-vitals.md b/docs/Using Fleet/Understanding-host-vitals.md
index 77b9e68ca9..3cdabf2fde 100644
--- a/docs/Using Fleet/Understanding-host-vitals.md	
+++ b/docs/Using Fleet/Understanding-host-vitals.md	
@@ -504,7 +504,7 @@ SELECT
   '' AS arch,
   '' AS installed_path
 FROM deb_packages
-WHERE status = 'install ok installed'
+WHERE status LIKE '% ok installed'
 UNION
 SELECT
   package AS name,
diff --git a/server/service/osquery_utils/queries.go b/server/service/osquery_utils/queries.go
index b811fc0026..1baa63a9f1 100644
--- a/server/service/osquery_utils/queries.go
+++ b/server/service/osquery_utils/queries.go
@@ -944,7 +944,7 @@ SELECT
   '' AS arch,
   '' AS installed_path
 FROM deb_packages
-WHERE status = 'install ok installed'
+WHERE status LIKE '% ok installed'
 UNION
 SELECT
   package AS name,