**Related issue:** Resolves #
https://github.com/fleetdm/fleet/issues/31303
- Include "ltsr" in the `sw_edition` field when generating CPEs for
Citrix Workstation with versions that are in the discreet set of LTSR
releases
- Modify NVD CVE feed entry for CVE-2024-6286 to specify the correct
resolved-in version for LTSR releases of the software
- Ensure correct resolved-in is chosen when sw_edition is "ltsr"
- Doc updates
- Test updates
- Failing CI test is expected, these updates are confirmed with local
build of the relevant vuln repo resources
QAed locally by [generating vulnerability repo
artifiacts](https://github.com/fleetdm/vulnerabilities/blob/main/.github/workflows/generate-cve.yml)
and confirming:
- resolved-in versions are correct:
<img width="683" height="202"
alt="generated-cves-successfully-swapped-resolved-in"
src="https://github.com/user-attachments/assets/a3730373-7a17-4e65-9a38-d0ccd602820a"
/>
- validation passes:
<img width="882" height="59" alt="cve-translation-validation-ok"
src="https://github.com/user-attachments/assets/c52a3969-2eec-4d24-b77c-d6f161b41aac"
/>
- Broken tests now pass for both CR and LTSR versions of Citrix
Workspace:
<img width="1277" height="80"
alt="test-passes-with-freshly-built-cve-data"
src="https://github.com/user-attachments/assets/26a8f108-99d9-40a0-ac59-dc7f5d0a6bbe"
/>
- [x] Changes file added for user-visible changes in `changes/`
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
This pull request adds support for generating app icons from a PNG file
in addition to the existing `.app` bundle method. The changes update
both the documentation and the `generate-icons.sh` script to allow users
to specify either an app bundle or a PNG file, improving flexibility for
icon generation.
**Documentation and usage improvements:**
* Updated `README.md` to document the new `-i` option for PNG input,
clarified required arguments, and added usage examples for both `.app`
bundles and PNG files.
**Script enhancements for PNG support:**
* Modified argument parsing in `generate-icons.sh` to accept a new `-i`
option for PNG files, and added validation to ensure either `-a` or `-i`
is provided (but not both).
[[1]](diffhunk://#diff-3efaab61495d01f6ff77a1e75195bd8b009e71c9ea53e3278274cb5edf929c44R295-R302)
[[2]](diffhunk://#diff-3efaab61495d01f6ff77a1e75195bd8b009e71c9ea53e3278274cb5edf929c44L312-R381)
* Added logic to handle PNG input: verifies the PNG file, derives
component and display names from the slug, and integrates PNG processing
alongside the existing `.app` bundle workflow.
[[1]](diffhunk://#diff-3efaab61495d01f6ff77a1e75195bd8b009e71c9ea53e3278274cb5edf929c44L312-R381)
[[2]](diffhunk://#diff-3efaab61495d01f6ff77a1e75195bd8b009e71c9ea53e3278274cb5edf929c44L412)
[[3]](diffhunk://#diff-3efaab61495d01f6ff77a1e75195bd8b009e71c9ea53e3278274cb5edf929c44R508-R519)
* Adjusted SVG and component name generation to work appropriately for
both input methods, ensuring correct naming and file output.
[[1]](diffhunk://#diff-3efaab61495d01f6ff77a1e75195bd8b009e71c9ea53e3278274cb5edf929c44L465-R548)
[[2]](diffhunk://#diff-3efaab61495d01f6ff77a1e75195bd8b009e71c9ea53e3278274cb5edf929c44L481-L483)
[[3]](diffhunk://#diff-3efaab61495d01f6ff77a1e75195bd8b009e71c9ea53e3278274cb5edf929c44L501-L507)
- Getting all current FMA's icons added to index.ts
- Updating the generate-icons.sh script to automatically add icons to
the index.ts file
---------
Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com>
I ran into an app that only had a single 512 x 512 png icon resulting in
the `generate-icons.sh` script failing.
```
% bash tools/software/icons/generate-icons.sh -a /Applications/logioptionsplus.app -s "logi-options+/darwin"
Error: 128x128 icon not found.
```
This should add some additional flexibility.
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves #
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
## Testing
- [ ] Added/updated automated tests
- [ ] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [ ] QA'd all new/changed functionality manually
For unreleased bug fixes in a release candidate, one of:
- [ ] Confirmed that the fix is not expected to adversely impact load
test results
- [ ] Alerted the release DRI if additional load testing is needed
## Database migrations
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
## New Fleet configuration settings
- [ ] Setting(s) is/are explicitly excluded from GitOps
If you didn't check the box above, follow this checklist for
GitOps-enabled settings:
- [ ] Verified that the setting is exported via `fleetctl
generate-gitops`
- [ ] Verified the setting is documented in a separate PR to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
- [ ] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [ ] Verified that any relevant UI is disabled when GitOps mode is
enabled
## fleetd/orbit/Fleet Desktop
- [ ] Verified compatibility with the latest released version of Fleet
(see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md))
- [ ] If the change applies to only one platform, confirmed that
`runtime.GOOS` is used as needed to isolate changes
- [ ] Verified that fleetd runs on macOS, Linux and Windows
- [ ] Verified auto-update works from the released version of component
to the new version (see [tools/tuf/test](../tools/tuf/test/README.md))
Currently the `generate-icons.sh` script picks out the first icns file
by name alphabetically. This is problematic for apps that contain
multiple icns files in their Resources folder (ex: Microsoft Outlook).
This update reads the actual filename used by the app in Info.plist
(CFBundleIconFile) and finds that file by name in the Resources folder.
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves #
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
## Testing
- [ ] Added/updated automated tests
- [ ] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [ ] QA'd all new/changed functionality manually
For unreleased bug fixes in a release candidate, one of:
- [ ] Confirmed that the fix is not expected to adversely impact load
test results
- [ ] Alerted the release DRI if additional load testing is needed
## Database migrations
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
## New Fleet configuration settings
- [ ] Setting(s) is/are explicitly excluded from GitOps
If you didn't check the box above, follow this checklist for
GitOps-enabled settings:
- [ ] Verified that the setting is exported via `fleetctl
generate-gitops`
- [ ] Verified the setting is documented in a separate PR to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
- [ ] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [ ] Verified that any relevant UI is disabled when GitOps mode is
enabled
## fleetd/orbit/Fleet Desktop
- [ ] Verified compatibility with the latest released version of Fleet
(see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md))
- [ ] If the change applies to only one platform, confirmed that
`runtime.GOOS` is used as needed to isolate changes
- [ ] Verified that fleetd runs on macOS, Linux and Windows
- [ ] Verified auto-update works from the released version of component
to the new version (see [tools/tuf/test](../tools/tuf/test/README.md))
**_QA on-branch before merge_**
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
## Resolves#33235
<img width="2556" height="1419" alt="Screenshot 2025-10-03 at 5 55
40 PM"
src="https://github.com/user-attachments/assets/49078de7-699a-4a64-86ab-f435065f91ed"
/>
- [x] Changes file added for user-visible changes in `changes/`
