<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#43484
# Details
Apple Silicon Macs were being forced down the Wine+local-wix-dir path
because the fleetdm/wix:latest image was deemed unreliable on arm64 in
Jan 2024. Docker Desktop's amd64 emulation has matured since -- the
image builds both amd64 and arm64 MSIs on arm64 macOS successfully. This
PR:
- Drops the arm64-forces-Wine guard in BuildMSI so the Docker path is
the default on every macOS arch when --local-wix-dir isn't provided.
- Drops the macOS "Install wine and wix" + "Build MSI on macOS (using
local Wix)" CI steps. The ubuntu-latest matrix entry already exercises
the Docker path, and the install-wine.sh flow is brittle against Gcenx
release churn and homebrew-cask deprecation.
- Updates the install-wine.sh script to fail and output a message
indicating that Docker should be used, or else Wine installed manually.
```
============================================================
This script no longer installs Wine.
============================================================
Wine is no longer required to build Windows (.msi) packages on macOS.
fleetctl package now uses Docker by default on all macOS architectures.
RECOMMENDED: install Docker Desktop
https://docs.docker.com/get-docker
If you cannot use Docker and still need to build MSIs with Wine on macOS
see the upstream WineHQ wiki for installation instructions:
https://gitlab.winehq.org/wine/wine/-/wikis/MacOS
Automatic Wine installation via Homebrew is no longer attempted here
because the wine-stable cask is deprecated and upstream Wine releases
have caused repeated breakage.
```
- Retains the wix auto-download helper (downloadAndExtractZip,
extractZipFile, wixDownload) for backwards-compatibility when Docker
isn't detected, with a deprecation warning.
The Wine + --local-wix-dir path remains available for macOS users who
opt into it, but is no longer documented. See #43484.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## Testing
- [X] Added/updated automated tests
- Dropped MacOS packaging tests. The Ubuntu test already exercises the
Docker path that MacOS now uses.
- [X] QA'd all new/changed functionality manually
- Built and installed both amd64 and arm64 .msi packages successfully
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* MSI packages on macOS now build using Docker by default, removing the
Wine dependency.
* **Documentation**
* Updated macOS setup guidance: Docker Desktop is now required for MSI
packaging instead of Wine.
* **Chores**
* Simplified Wine-related helper scripts and removed outdated
installation logic.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#43476
# Details
Bumps the cask commit we're pinned to, as the upstream has removed the
previous version (10) in favor of the latest (11). This is gonna
probably happen every year. We could consider hosting our own mirror but
not sure it's worth it for something that happens once a year.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
n/a
## Testing
- [X] QA'd all new/changed functionality manually
Ran the job successfully on this branch:
https://github.com/fleetdm/fleet/actions/runs/24358586742/job/71132009934
But it's a ticking clock; brew is gonna stop letting us install apps
that don't pass gatekeeper in September:
<img width="1025" height="245" alt="image"
src="https://github.com/user-attachments/assets/5a35b31e-649c-46a0-bdad-3abef41a3e0c"
/>
Will open separate issue for this.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Updated Wine installation tooling to reference the latest Homebrew
configuration definition, improving installation reliability.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#42573
Fixes failing test by replacing no-longer-supported `--no-quarantine`
option with manually turning off quarantine for Wine.
Successful run here:
https://github.com/fleetdm/fleet/actions/runs/23661332211
---------
Co-authored-by: Allen Houchins <allenhouchins@mac.com>
- @noahtalerman: I think we can merge in this PR before we dogfood the
scripts ourselves. Dogfood request is here:
https://github.com/fleetdm/fleet/issues/33170
---
- @noahtalerman: `customer-montague` was frustrated that they had to
re-deploy fleetd to enable scripts. At organizations that have a
third-party tool that can run scripts (other than Fleet), this is
avoidable! We want to document how to enable scripts remotely w/o
re-deploying fleetd.
More context:
https://github.com/fleetdm/fleet/issues/29193#issuecomment-3137337041
After talking with eng team and @nonpunctual, the /assets folder is
reserved for things inside the fleet app, so creating a new folder in
`/docs/solutions`
@AdamBaali - I updated your article paths and moved the assets to the
new folder, do you mind taking a peek and making sure it looks good?
Note: brock, we should also update handbook for new ritual to add
articles with assets like this.
---------
Co-authored-by: Brock Walters <153771548+nonpunctual@users.noreply.github.com>
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
## Testing
- [ ] Added/updated automated tests
- [ ] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [ ] QA'd all new/changed functionality manually
For unreleased bug fixes in a release candidate, one of:
- [ ] Confirmed that the fix is not expected to adversely impact load
test results
- [ ] Alerted the release DRI if additional load testing is needed
## Database migrations
- [ ] Checked table schema to confirm autoupdate
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
## New Fleet configuration settings
- [ ] Setting(s) is/are explicitly excluded from GitOps
If you didn't check the box above, follow this checklist for
GitOps-enabled settings:
- [ ] Verified that the setting is exported via `fleetctl
generate-gitops`
- [ ] Verified the setting is documented in a separate PR to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
- [ ] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [ ] Verified that any relevant UI is disabled when GitOps mode is
enabled
## fleetd/orbit/Fleet Desktop
- [ ] Verified compatibility with the latest released version of Fleet
(see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md))
- [ ] If the change applies to only one platform, confirmed that
`runtime.GOOS` is used as needed to isolate changes
- [ ] Verified that fleetd runs on macOS, Linux and Windows
- [ ] Verified auto-update works from the released version of component
to the new version (see [tools/tuf/test](../tools/tuf/test/README.md))
