Commit graph

50 commits

Author SHA1 Message Date
Allen Houchins
ea6345f483
Add WhatsApp installer URL transformer (#38823)
Introduces WhatsAppInstallerURL to override the installer URL and set
SHA256 to 'no_check' for WhatsApp on Darwin. Updates the function map to
apply both WhatsAppVersionShortener and WhatsAppInstallerURL for
WhatsApp manifests.

<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #38816
2026-01-29 17:33:43 -06:00
Allen Houchins
76990c86ca
Update cisco_jabber_version_transformer.go (#38762)
This pull request makes a minor update to the Cisco Jabber version
transformer. The version reported by the transformer is incremented from
"15.2.0" to "15.2.1" to match the latest app version.

- Updated the `CiscoJabberVersionTransformer` in
`cisco_jabber_version_transformer.go` to set `app.Version` to "15.2.1"
instead of "15.2.0".
2026-01-26 09:12:05 -06:00
Allen Houchins
7d527ca23c
Add quit and relaunch logic to macOS FMAs (#37670)
This pull request enhances the macOS app installation process by
improving how running applications are handled during install and
update, and also updates the metadata and scripts for Docker Desktop.
The main improvements are the introduction of quit/relaunch logic for
pkg-based FMAs, and the renaming and updating of Docker Desktop’s
identifiers and scripts.

**App install/relaunch improvements:**

* Added new shell functions `quit_and_track_application` and
`relaunch_application` to the generated install scripts. These functions
ensure that if an app (or pkg) is running before installation, it is
quit and then automatically relaunched after installation, preserving
user state. The logic tracks whether the app was running via an
environment variable.
[[1]](diffhunk://#diff-a9df2db484fcbb560d62c43f94c4bcc2d26dcf68066c9e7cc2bffad6f124ce97L22-R41)
[[2]](diffhunk://#diff-a9df2db484fcbb560d62c43f94c4bcc2d26dcf68066c9e7cc2bffad6f124ce97R53-R59)
[[3]](diffhunk://#diff-a9df2db484fcbb560d62c43f94c4bcc2d26dcf68066c9e7cc2bffad6f124ce97R72-R73)
[[4]](diffhunk://#diff-a9df2db484fcbb560d62c43f94c4bcc2d26dcf68066c9e7cc2bffad6f124ce97R571-R648)
* Removed the previous simpler `quit_application` logic from the install
script generation, as the new functions supersede it.

**Docker Desktop metadata and script updates:**

* Renamed the Docker Desktop input and updated its `slug` and
`unique_identifier` to match the new bundle identifier
(`com.electron.dockerdesktop`), reflecting the current packaging.
* Updated the output app metadata in `apps.json` to use the new slug and
unique identifier for Docker Desktop.
* Added a new output file for Docker Desktop
(`docker-desktop/darwin.json`) with the updated install and uninstall
scripts, including the new quit/relaunch logic and references.
2026-01-05 22:31:55 -06:00
Allen Houchins
a5b2e911d6
Add support for zip files as Windows FMAs (#36841)
### Summary
This PR adds support for `.zip` files as Windows Fleet Managed Apps
(FMAs). Zip files on Windows are treated similarly to `.exe` files and
require custom install/uninstall scripts, typically used for AppX/MSIX
packages that are distributed as zip archives.

### Changes

**Backend:**
- Added `.zip` as a supported Windows package type in
`SoftwareInstallerPlatformFromExtension`
- Updated validation to require install/uninstall scripts for zip files
(similar to `.exe` files)
- Added `addZipPackageMetadata` function to handle zip file metadata
extraction
- Updated error messages to include `.zip` in the list of supported file
types
- Enhanced `appExists` validation to detect provisioned AppX packages
(packages that are provisioned for all users but don't show up in the
programs table until a user logs in)
- Added version normalization logic to handle version string differences
(e.g., "11.2.1495.0" vs "11.2.1495")
- Updated winget ingester to recognize zip files and default to user
scope for MSIX/zip installers

**Frontend:**
- Added `.zip` to `windowsPackageTypes` in `package_type.ts`
- Updated `PackageAdvancedOptions` component to require
install/uninstall scripts for zip files
- Added validation rules for zip files in `PackageForm/helpers.tsx`
- Updated help text and tooltips to indicate script requirements for zip
packages
- Updated `software_install_scripts.ts` to include zip in default script
handling

**Maintained Apps:**
- Added Microsoft Company Portal as a maintained app example using zip
files
- Created install/uninstall PowerShell scripts that:
  - Extract zip files containing AppX packages
- Provision packages for all future users (works in headless
environments)
  - Install packages for the current user
  - Handle both provisioned and installed package detection

**Tests:**
- Updated integration tests to include `.zip` in supported file type
error messages
- Updated unit tests for `SoftwareInstallerPlatformFromExtension` and
`SofwareInstallerSourceFromExtensionAndName`

### Use Case
This enables distribution of Windows AppX/MSIX packages that are
packaged as zip files (common for Microsoft Store apps like Company
Portal). The implementation handles both provisioned packages (for all
users) and user-installed packages, ensuring detection works in both
headless and interactive environments.

### Testing
- Updated existing tests to include zip file support
- Added Microsoft Company Portal as a maintained app example with full
install/uninstall scripts

---

**Note:** This PR follows the same pattern as `.exe` file support,
requiring custom install/uninstall scripts since zip files can contain
various content types that need custom handling.
2025-12-15 11:03:43 -06:00
Allen Houchins
674bab4c56
Ignore .DS_Store files in FMA ingesters (#37223)
This pull request improves the robustness of the app ingestion process
by ensuring that only JSON files are processed, preventing potential
errors from non-JSON files (such as `.DS_Store` on macOS) being read.

File filtering improvements:

* Added a check in `ingester.go` for both the Homebrew and Winget
ingesters to skip any files that do not have a `.json` extension,
ensuring that only valid JSON files are ingested.
[[1]](diffhunk://#diff-abd7db4bef16a062c1bd81f54a7c846f1e91b913a9fe9f87976c8075f39b8cd2R45-R49)
[[2]](diffhunk://#diff-eb6c4ae7be41e61a2292c4240de750809d40c0686fb01f80f52df056ebc9c2a8R53-R57)
2025-12-13 18:31:30 -06:00
Allen Houchins
8aa90e3f73
Switched 1Password, Slack, and Zoom for macOS to universal installers (#36660)
- Switching 1Password, Slack, and Zoom to use universal installers
instead of ARM specific installers
- Added code to ensure sha256: no_check was added to Google Chrome since
we aren't using a homebrew source for its installer url
- Added logic to Zoom install script to relaunch after successful update
if app was previously running
2025-12-04 17:15:48 -06:00
Allen Houchins
8df0867707
Update how Cisco Jabber for macOS is versioned (#36461) 2025-12-03 17:08:59 -06:00
Allen Houchins
68a446d347
Update how OneDrive for macOS is versioned (#36460)
- Changing how OneDrive is versioned to use the version provided by
Homebrew.
2025-12-03 13:48:49 -06:00
Allen Houchins
f929b772a2
Update how we version Google Chrome for macOS (#36458)
- Updating how we version Google Chrome for macOS. The current process
of using "latest" as the version number means we are never validating
the pkg we are installing. It also doesn't display a good pkg version
for admins to track. This change may introduce a small window where the
pkg that gets installed is newer than the version we represent on our
website or in our library. This is an accepted risk since we can say we
have validated up to that version.
2025-12-02 11:32:01 -06:00
Allen Houchins
a2d4aecc8c
Add Camtasia as a macOS & Windows FMA (#36449) 2025-12-02 09:53:46 -06:00
Allen Houchins
13921dcc28
Add Tailscale as a Windows FMA (#36445) 2025-12-01 10:47:33 -06:00
Allen Houchins
9e5496a73f
Improve darwin version validation to handle shorter osquery versions (#36391)
Add reverse prefix check in validation logic to accept cases where the
expected version (from Homebrew) is longer than what osquery reports.
This allows removing version shorteners for Twingate and Citrix
Workspace that were only shortening dot-separated version strings. This
also allows for our FMA library on fleetdm.com to represent more
accurate version strings.

- Add HasPrefix check for expected version starting with found version
- Remove TwingateVersionShortener
- Remove CitrixWorkspaceVersionShortener
- Remove citrix_workspace_version_shortener_test.go
2025-12-01 10:03:24 -06:00
jacobshandling
3ca1ff4754
Detect UpgradeCodes when adding Windows FMA software, and persist them when the user adds that software; Fix recently introduced issue with list host software (#35876)
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #35724 

- Fixes issues 1 and 2 of the referenced bug ticket
- Also fixes [this
issue](https://github.com/fleetdm/fleet/pull/35739/files#r2548349172)

## Testing

- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually

For unreleased bug fixes in a release candidate, one of:
- [x] Alerted the release DRI if additional load testing is needed

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
* Added upgrade code support to Windows maintained applications for
improved MSI installer tracking and management.

* **Documentation**
* Updated Windows onboarding instructions with more precise manifest
path guidance and concrete command examples for the maintained-apps
generator.

* **Tests**
* Added comprehensive test coverage for upgrade code association with
maintained applications.

<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-11-26 17:00:03 -08:00
Harrison Ravazzolo
5e2439b632
macOS FMA: OneDrive (#36245)
Co-authored-by: Allen Houchins <32207388+allenhouchins@users.noreply.github.com>
2025-11-25 20:25:23 -06:00
Allen Houchins
d23fb2428c
Add Twingate as a macOS FMA (#36260) 2025-11-25 13:00:00 -06:00
Mitch Francese
f0045baa4b
Add Citrix Workspace for macOS to Fleet-maintained apps (#36137)
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #

---------

Co-authored-by: Allen Houchins <32207388+allenhouchins@users.noreply.github.com>
2025-11-25 10:27:04 -06:00
Allen Houchins
626d2c000b
Add 8x8 Work as a macOS FMA (#35664)
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes

## Testing

- [ ] Added/updated automated tests
- [ ] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)

- [ ] QA'd all new/changed functionality manually

For unreleased bug fixes in a release candidate, one of:

- [ ] Confirmed that the fix is not expected to adversely impact load
test results
- [ ] Alerted the release DRI if additional load testing is needed

## Database migrations

- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).

## New Fleet configuration settings

- [ ] Setting(s) is/are explicitly excluded from GitOps

If you didn't check the box above, follow this checklist for
GitOps-enabled settings:

- [ ] Verified that the setting is exported via `fleetctl
generate-gitops`
- [ ] Verified the setting is documented in a separate PR to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
- [ ] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [ ] Verified that any relevant UI is disabled when GitOps mode is
enabled

## fleetd/orbit/Fleet Desktop

- [ ] Verified compatibility with the latest released version of Fleet
(see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md))
- [ ] If the change applies to only one platform, confirmed that
`runtime.GOOS` is used as needed to isolate changes
- [ ] Verified that fleetd runs on macOS, Linux and Windows
- [ ] Verified auto-update works from the released version of component
to the new version (see [tools/tuf/test](../tools/tuf/test/README.md))
2025-11-20 17:31:15 -06:00
Allen Houchins
e494df7846
Add GitHub Desktop to macOS FMA library (#36066)
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes

## Testing

- [ ] Added/updated automated tests
- [ ] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)

- [ ] QA'd all new/changed functionality manually

For unreleased bug fixes in a release candidate, one of:

- [ ] Confirmed that the fix is not expected to adversely impact load
test results
- [ ] Alerted the release DRI if additional load testing is needed

## Database migrations

- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).

## New Fleet configuration settings

- [ ] Setting(s) is/are explicitly excluded from GitOps

If you didn't check the box above, follow this checklist for
GitOps-enabled settings:

- [ ] Verified that the setting is exported via `fleetctl
generate-gitops`
- [ ] Verified the setting is documented in a separate PR to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
- [ ] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [ ] Verified that any relevant UI is disabled when GitOps mode is
enabled

## fleetd/orbit/Fleet Desktop

- [ ] Verified compatibility with the latest released version of Fleet
(see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md))
- [ ] If the change applies to only one platform, confirmed that
`runtime.GOOS` is used as needed to isolate changes
- [ ] Verified that fleetd runs on macOS, Linux and Windows
- [ ] Verified auto-update works from the released version of component
to the new version (see [tools/tuf/test](../tools/tuf/test/README.md))
2025-11-20 17:30:50 -06:00
Allen Houchins
30b40c37c8
Add Cisco Jabber as macOS FMA (#35397)
Introduces Cisco Jabber to the maintained apps list, including input and
output JSON definitions, install/uninstall scripts, a React icon
component, and the app icon image. This enables Cisco Jabber to be
managed and displayed in the software catalog.

<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes

## Testing

- [ ] Added/updated automated tests
- [ ] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)

- [ ] QA'd all new/changed functionality manually

For unreleased bug fixes in a release candidate, one of:

- [ ] Confirmed that the fix is not expected to adversely impact load
test results
- [ ] Alerted the release DRI if additional load testing is needed

## Database migrations

- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).

## New Fleet configuration settings

- [ ] Setting(s) is/are explicitly excluded from GitOps

If you didn't check the box above, follow this checklist for
GitOps-enabled settings:

- [ ] Verified that the setting is exported via `fleetctl
generate-gitops`
- [ ] Verified the setting is documented in a separate PR to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
- [ ] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [ ] Verified that any relevant UI is disabled when GitOps mode is
enabled

## fleetd/orbit/Fleet Desktop

- [ ] Verified compatibility with the latest released version of Fleet
(see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md))
- [ ] If the change applies to only one platform, confirmed that
`runtime.GOOS` is used as needed to isolate changes
- [ ] Verified that fleetd runs on macOS, Linux and Windows
- [ ] Verified auto-update works from the released version of component
to the new version (see [tools/tuf/test](../tools/tuf/test/README.md))
2025-11-20 14:02:16 -06:00
Allen Houchins
256d29a2e3
Add Parallels Desktop as a macOS FMA (#35808)
The Parallels uninstall script included an args array. The update to
`scripts.go` implements support for it.

<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes

## Testing

- [ ] Added/updated automated tests
- [ ] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)

- [ ] QA'd all new/changed functionality manually

For unreleased bug fixes in a release candidate, one of:

- [ ] Confirmed that the fix is not expected to adversely impact load
test results
- [ ] Alerted the release DRI if additional load testing is needed

## Database migrations

- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).

## New Fleet configuration settings

- [ ] Setting(s) is/are explicitly excluded from GitOps

If you didn't check the box above, follow this checklist for
GitOps-enabled settings:

- [ ] Verified that the setting is exported via `fleetctl
generate-gitops`
- [ ] Verified the setting is documented in a separate PR to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
- [ ] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [ ] Verified that any relevant UI is disabled when GitOps mode is
enabled

## fleetd/orbit/Fleet Desktop

- [ ] Verified compatibility with the latest released version of Fleet
(see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md))
- [ ] If the change applies to only one platform, confirmed that
`runtime.GOOS` is used as needed to isolate changes
- [ ] Verified that fleetd runs on macOS, Linux and Windows
- [ ] Verified auto-update works from the released version of component
to the new version (see [tools/tuf/test](../tools/tuf/test/README.md))
2025-11-20 10:41:19 -06:00
Allen Houchins
6abe779cb5
Add Grammarly Desktop as a macOS FMA (#35743)
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes

## Testing

- [ ] Added/updated automated tests
- [ ] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)

- [ ] QA'd all new/changed functionality manually

For unreleased bug fixes in a release candidate, one of:

- [ ] Confirmed that the fix is not expected to adversely impact load
test results
- [ ] Alerted the release DRI if additional load testing is needed

## Database migrations

- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).

## New Fleet configuration settings

- [ ] Setting(s) is/are explicitly excluded from GitOps

If you didn't check the box above, follow this checklist for
GitOps-enabled settings:

- [ ] Verified that the setting is exported via `fleetctl
generate-gitops`
- [ ] Verified the setting is documented in a separate PR to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
- [ ] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [ ] Verified that any relevant UI is disabled when GitOps mode is
enabled

## fleetd/orbit/Fleet Desktop

- [ ] Verified compatibility with the latest released version of Fleet
(see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md))
- [ ] If the change applies to only one platform, confirmed that
`runtime.GOOS` is used as needed to isolate changes
- [ ] Verified that fleetd runs on macOS, Linux and Windows
- [ ] Verified auto-update works from the released version of component
to the new version (see [tools/tuf/test](../tools/tuf/test/README.md))
2025-11-20 10:37:14 -06:00
Mitch Francese
9a6455eacd
Adding 1Password for Windows as an FMA (#35835)
Adding the Windows version of 1Password to our Fleet Maintained App
Catalog.

---------

Co-authored-by: Allen Houchins <32207388+allenhouchins@users.noreply.github.com>
2025-11-20 11:36:46 -05:00
Jonathan Katz
d7fa824e97
Omnissa version fix (#32594)
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

## Testing

- [x] Added/updated automated tests

- [x] QA'd all new/changed functionality manually

---------

Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-09-04 13:03:59 -04:00
Konstantin Sykulev
b5627b6a0e
Modifying darwin brave version output (#31208)
drop lagging .0
add 58 to second version number and prepend

fixes #31122

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-07-31 13:26:43 -05:00
Konstantin Sykulev
ba18664446
Fixing whatsapp FMA app version (#31119)
Fixes #31185

whatsapp prefixes their version with '2.'. Either this ia a platform
code or some less relevant bit we can drop. It is fairly consistent when
looking through version history.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-07-31 12:16:44 -05:00
Ian Littman
71d54e1847
Populate version for macOS Chrome FMA on import, use Chrome Enterprise PKG instead of DMG, add tooltip on "latest" version when adding FMA (#30926)
Fixes #27919.

Here's how the `latest` version shows up in the UI:

<img width="513" height="288" alt="image"
src="https://github.com/user-attachments/assets/76842d1c-36f6-400c-8621-8d067ee410c6"
/>

<img width="785" height="318" alt="image"
src="https://github.com/user-attachments/assets/7077644e-7a0e-4fa4-87ce-56f54db41eb2"
/>

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Konstantin Sykulev <konst@sykulev.com>
2025-07-24 16:14:01 -05:00
Konstantin Sykulev
7a1e469ac0
Microsoft office FMA version from release notes (#30686)
Fixes #30082

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Microsoft Office applications for Mac now display a simplified short
version identifier, improving consistency with inventory systems.
* Added support for version transformation during ingestion of Homebrew
apps using external reference functions.

* **Bug Fixes**
* Enhanced uninstall process for Microsoft Word on Mac to remove a
broader set of user data and configuration files.

* **Tests**
* Added tests to ensure correct extraction of build numbers and short
version formats from Microsoft Office release notes.

* **Documentation**
* Updated changelog to reflect the addition of short version identifiers
for Microsoft Office Fleet maintained apps.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-07-23 12:07:18 -05:00
Ian Littman
b3e7ae66ce
Update MSI uninstall script for FMAs, unify with custom package version (#31111)
Including WARP/Box Drive but not Chrome here because it's swapping to an
EXE in #27756, which is currently WIP.

For #31077.

- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Allen Houchins <allenhouchins@mac.com>
2025-07-23 09:29:59 -05:00
Ian Littman
f4a9eabfd9
Uninstall FMA MSIs by UpgradeCode when available (#30581)
Fixes #27757.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Manual QA for all new/changed functionality

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
* Improved uninstallation process for MSI-based applications by
dynamically detecting and uninstalling all related product codes using
the upgrade code, enhancing reliability for machine-wide installs.

* **Bug Fixes**
* Updated uninstall scripts for BoxDrive, Cloudflare WARP, and Google
Chrome to ensure complete removal of all associated components.

* **Chores**
* Updated installer versions for Cloudflare WARP and Google Chrome to
the latest releases.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-15 11:38:17 -05:00
Jahziel Villasana-Espinoza
aedb8bf78f
allow manually specified install and uninstall scripts for homebrew (#30805)
> Closes #30780

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-07-15 09:07:29 -04:00
Ian Littman
dbcf31d9fd
Panic rather than silently continuing when ingestion for FMA manifest updates fails on an app (#30346)
Fixes #30338.

- [x] Manual QA for all new/changed functionality
2025-06-26 17:22:44 -05:00
Konstantin Sykulev
d9b373e0c2
FMA uninstall (#29977)
Modified the FMA uninstall global script to better handle deleting files
as specified from pkgutil

[#29220](https://github.com/fleetdm/fleet/issues/29220)
[#29221](https://github.com/fleetdm/fleet/issues/29221)

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
2025-06-19 16:14:06 -05:00
Ian Littman
06a4c16907
Don't overwrite FMA outputs with latest manifest if input has "frozen" set to true (#30044)
Resolves #29218. No changes file as this is internal/FMA-related.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Manual QA for all new/changed functionality
2025-06-17 13:10:58 -05:00
Ian Littman
81a121c71d
Fix parsing of Homebrew uninstall scripts when provided as objects rather than strings (#30073)
Fixed #28912. Script diff is removal of the `-u` on sudo (uninstall
should be run as an admin) and removal of the bool true line. No changes
file as this is an internal/out-of-cycle fix.

# Checklist for submitter

- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Manual QA for all new/changed functionality
2025-06-17 12:48:52 -05:00
Jahziel Villasana-Espinoza
15bdf03512
use a check for dir existence that doesn't set exit code 1 if the dir doesn't exist (#29952)
> Closes #27577

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-06-13 10:26:54 -04:00
Jahziel Villasana-Espinoza
db5444d6cd
software categories: backend (#28479)
> For #28138 

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-05-02 11:41:26 -04:00
Ian Littman
2811b2b4c6
Don't include hash for Chrome for Windows due to non-pinned installer URL (#27755)
- [x] Manual QA for all new/changed functionality
2025-04-03 15:24:14 -05:00
Jahziel Villasana-Espinoza
25f81d3882
Drop descoped-from-4.66 Windows FMAs (#27714)
> No ticket, decided in a call with Noah, Tim, and the rest of
g-software

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Manual QA for all new/changed functionality
2025-03-31 22:16:06 -04:00
Jahziel Villasana-Espinoza
909b0e8381
add quotes to uninstall script output (#27666)
> For issues found during QA

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-03-28 18:35:53 -04:00
Tim Lee
fdf92541f8
Add windows firefox FMA (#27645) 2025-03-28 14:44:28 -06:00
Jahziel Villasana-Espinoza
01a5db696d
add a field for fuzzy matching name in existence query (#27648)
> For #27633

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-03-28 15:56:29 -04:00
Jahziel Villasana-Espinoza
edb0587061
add adobe acrobat reader for windows (#27642)
> for https://github.com/fleetdm/fleet/issues/26658

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-03-28 15:17:07 -04:00
Jahziel Villasana-Espinoza
ac1d5c07ee
fix: policy issues with Windows FMA (#27635)
> For #27633

This also has a fix for the issue where uninstall script refs were not
being generated correctly (the processed script wasn't being passed to
the ref generation function"

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-03-28 14:12:05 -04:00
Jahziel Villasana-Espinoza
658a298d5a
more fixes for FMA windows ingestion (#27487)
> For #26662

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-03-27 17:43:40 -04:00
Jahziel Villasana-Espinoza
31362f74a3
use better columns in the exists queries for windows fma (#27452)
> follow up on windows FMA, #23118 

This improves the existence queries for FMA by using columns that do not
change in between versions.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-03-24 15:37:55 -04:00
Ian Littman
768bdf21b3
Tweak FMA WinGet ingestion to ensure Box Drive installer URL is ingested properly (#27443)
Also updates other FMA manifests.

For the overall Windows FMA task. Treating as unreleased, hence no
issue.
2025-03-24 09:08:32 -05:00
Jahziel Villasana-Espinoza
3212ef442d
add initial winget ingestion logic (#27371)
> For #26655

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [ ] Added/updated automated tests
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-03-21 09:00:12 -04:00
Victor Lyuboslavsky
6b7d232522
Additional CA validation (#27169)
For #26623

- Updated `github.com/groob/plist` to `github.com/micromdm/plist` -- it
was renamed
- Added validation that restricts DigiCert Fleet variables to
`com.apple.security.pkcs12` payloads plus additional restrictions
- Added validation that restricts Custom SCEP Fleet variables to
`com.apple.security.scep` payloads plus additional restrictions
- Enabled multiple CAs (Fleet variables) to be present in an Apple MDM
profile. But each CA can only be used once. For example, we can have
DigiCert CA and Custom SCEP CA in one Apple profile.

# Checklist for submitter
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Added/updated automated tests
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
2025-03-19 08:27:55 -05:00
Jahziel Villasana-Espinoza
62044bdb3f
add pre and post install script fields to FMAv2 input schema (#27214)
> No issue, follow up work for FMAv2 ingestion

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-03-17 19:28:50 -04:00
Jahziel Villasana-Espinoza
4e325bb131
FMAv2 ingestion functionality (#27018)
> For #26083

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-03-12 17:51:14 -04:00