Fixing an accidental remove in
https://github.com/fleetdm/fleet/pull/36409
I just meant to remove the `create_fleetd_release_pr` part, but ended up
removing important commands :)
Resolves#33762 & #38094
Added a new `alternative-browser-host` global config property for Fleet Desktop, if set, Fleet Desktop will use it over the `--fleet-desktop-alternative-browser-host` env variable to open any Fleet Desktop related links (i.e. My Device, etc).
Resolves#37464.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
## Testing
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
## New Fleet configuration settings
- [x] Setting(s) is/are explicitly excluded from GitOps
Bumps [tar](https://github.com/isaacs/node-tar) from 7.5.2 to 7.5.3.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="03138441b2"><code>0313844</code></a>
7.5.3</li>
<li><a
href="340eb285b6"><code>340eb28</code></a>
fix: sanitize absolute linkpaths properly</li>
<li><a
href="8bb83f7e51"><code>8bb83f7</code></a>
update deps</li>
<li><a
href="1c4aedd28a"><code>1c4aedd</code></a>
Fix typo in onWriteEntry documentation</li>
<li>See full diff in <a
href="https://github.com/isaacs/node-tar/compare/v7.5.2...v7.5.3">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/fleetdm/fleet/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#37244
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## Testing
- [x] QA'd all new/changed functionality manually
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Internal MySQL utility package reorganized and all internal imports
updated to the new platform location; no changes to end-user
functionality or behavior.
* **Documentation**
* Added platform package documentation describing infrastructure
responsibilities and architectural boundaries to guide maintainers.
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#37244
Goal: Make common_mysql package independent of domain packages so it can
be reused by future bounded contexts.
Changes made:
1. List options decoupling
The AppendListOptionsToSQL functions previously required
fleet.ListOptions directly. Now common_mysql defines its own interface
that describes what a list options type must provide (page number,
per-page limit, sort order, etc.). The fleet.ListOptions type implements
this interface through new getter methods. This lets any bounded context
use the SQL helpers without importing the fleet package.
2. Error types moved
Database-specific error types like IsDuplicate and
IsChildForeignKeyError were moved from fleet package to common_mysql
where they belong. A new http/errors.go file was created for the
HTTP-specific error helpers that remain in the platform layer.
3. Configuration restructuring
MySQL configuration types and functions were moved to
common_mysql/config.go, reducing coupling between packages.
4. Architecture tests added
A new arch_test.go file enforces that common_mysql doesn't import domain
packages like fleet, preventing future regressions.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## Testing
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added cursor-based pagination support for list queries with improved
sorting capabilities including secondary order keys.
* **Bug Fixes**
* Improved database connection initialization with separate connection
management and error handling.
* **Refactor**
* Consolidated error handling interfaces and decoupled configuration
structures for better modularity.
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Resolves#35006.
See
https://github.com/fleetdm/fleet/issues/35006#issuecomment-3693239452.
Output when running the dirty check on `main`:
```
make desktop-app-tar-gz
go run ./tools/desktop macos
{"level":"info","command":"/Users/lucas/go/bin/go build -o Fleet Desktop.app/Contents/MacOS/fleet-desktop_amd64 -ldflags -X=main.version= ./orbit/cmd/desktop","time":"2025-12-30T08:38:20-03:00","message":"Build fleet-desktop executable amd64"}
{"level":"info","command":"/Users/lucas/go/bin/go build -o Fleet Desktop.app/Contents/MacOS/fleet-desktop_arm64 -ldflags -X=main.version= ./orbit/cmd/desktop","time":"2025-12-30T08:38:23-03:00","message":"Build fleet-desktop executable arm64"}
{"level":"info","output":"On branch test-branch-dirty\nUntracked files:\n (use \"git add <file>...\" to include in what will be committed)\n\tFleet Desktop.app/\n\nnothing added to commit but untracked files present (use \"git add\" to track)\n","time":"2025-12-30T08:38:26-03:00","message":"git status"}
Error: detected dirty executable: {Path:github.com/fleetdm/fleet/v4 Version:v4.43.5-0.20251230113816-9bae7b475999+dirty Sum: Replace:<nil>}
exit status 1
make: *** [desktop-app-tar-gz] Error 1
```
Output on this branch:
```
make desktop-app-tar-gz
go run ./tools/desktop macos
{"level":"info","command":"/Users/lucas/go/bin/go build -o Fleet Desktop.app/Contents/MacOS/fleet-desktop_amd64 -ldflags -X=main.version= ./orbit/cmd/desktop","time":"2025-12-30T08:39:43-03:00","message":"Build fleet-desktop executable amd64"}
{"level":"info","command":"/Users/lucas/go/bin/go build -o Fleet Desktop.app/Contents/MacOS/fleet-desktop_arm64 -ldflags -X=main.version= ./orbit/cmd/desktop","time":"2025-12-30T08:39:47-03:00","message":"Build fleet-desktop executable arm64"}
Generated desktop.app.tar.gz successfully.
```
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## fleetd/orbit/Fleet Desktop
- [X] Verified that fleetd runs on macOS
- [X] Verified auto-update works from the released version of component
to the new version (see [tools/tuf/test](../tools/tuf/test/README.md))
- Updates alpine from
`alpine:3.22.2@sha256:4b7ce07002c69e8f3d704a9c5d6fd3053be500b7f1c69fc0d80990c2ad8dd412`
->
`alpine:3.23.0@sha256:51183f2cfa6320055da30872f211093f9ff1d3cf06f39a0bdb212314c5dc7375`
in `fleet/tools/fleet-docker/Dockerfile`
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#35495
- Updates `generate-gitops` to export android app configurations in
relative files
- Updates backend to set the android app configurations state to what
yaml files specify
- If an existing configuration was not included, it will be set to `{}`
# Checklist for submitter
## Testing
- [x] Added/updated automated tests
- [ ] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [x] QA'd all new/changed functionality manually
**Related issue:** Resolves #
## Description
Bumps RustFS image version from `1.0.0-alpha.72` to `1.0.0-alpha.73` in
docker-compose configurations.
**Files updated:**
- `docker-compose.yml` - root development environment
- `tools/osquery/in-a-box/docker-compose.yml` - Fleet preview
environment
RustFS provides S3-compatible object storage for file carving and
software installer features in development/testing environments.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
## Testing
- [ ] Added/updated automated tests
- [ ] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [ ] QA'd all new/changed functionality manually
For unreleased bug fixes in a release candidate, one of:
- [ ] Confirmed that the fix is not expected to adversely impact load
test results
- [ ] Alerted the release DRI if additional load testing is needed
## Database migrations
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
## New Fleet configuration settings
- [ ] Setting(s) is/are explicitly excluded from GitOps
If you didn't check the box above, follow this checklist for
GitOps-enabled settings:
- [ ] Verified that the setting is exported via `fleetctl
generate-gitops`
- [ ] Verified the setting is documented in a separate PR to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
- [ ] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [ ] Verified that any relevant UI is disabled when GitOps mode is
enabled
## fleetd/orbit/Fleet Desktop
- [ ] Verified compatibility with the latest released version of Fleet
(see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md))
- [ ] If the change applies to only one platform, confirmed that
`runtime.GOOS` is used as needed to isolate changes
- [ ] Verified that fleetd runs on macOS, Linux and Windows
- [ ] Verified auto-update works from the released version of component
to the new version (see [tools/tuf/test](../tools/tuf/test/README.md))
<!-- START COPILOT ORIGINAL PROMPT -->
<details>
<summary>Original prompt</summary>
> ## Summary
> Update RustFS Docker image references from version `1.0.0-alpha.72` to
the latest version `1.0.0-alpha.73` in all docker-compose configuration
files.
>
> ## Files to Update
> Based on the code search, the following files need to be updated:
>
> 1. `docker-compose.yml` (root level)
> 2. `docs/solutions/docker-compose/docker-compose.yml`
> 3. `tools/osquery/in-a-box/docker-compose.yml`
>
> ## Changes Required
> For each file, update the RustFS image reference:
> - **FROM:** `rustfs/rustfs:1.0.0-alpha.72`
> - **TO:** `rustfs/rustfs:1.0.0-alpha.73`
>
> ## Context
> RustFS is used as an S3-compatible object storage backend in Fleet's
development and testing environments. Keeping the version up-to-date
ensures we have the latest bug fixes and improvements from the RustFS
project.
>
> ## Verification
> After making these changes, verify that:
> 1. All docker-compose files can start successfully
> 2. The S3-compatible storage functionality works as expected
> 3. File carving and software installer storage features continue to
work properly
</details>
<!-- START COPILOT CODING AGENT SUFFIX -->
*This pull request was created as a result of the following prompt from
Copilot chat.*
> ## Summary
> Update RustFS Docker image references from version `1.0.0-alpha.72` to
the latest version `1.0.0-alpha.73` in all docker-compose configuration
files.
>
> ## Files to Update
> Based on the code search, the following files need to be updated:
>
> 1. `docker-compose.yml` (root level)
> 2. `docs/solutions/docker-compose/docker-compose.yml`
> 3. `tools/osquery/in-a-box/docker-compose.yml`
>
> ## Changes Required
> For each file, update the RustFS image reference:
> - **FROM:** `rustfs/rustfs:1.0.0-alpha.72`
> - **TO:** `rustfs/rustfs:1.0.0-alpha.73`
>
> ## Context
> RustFS is used as an S3-compatible object storage backend in Fleet's
development and testing environments. Keeping the version up-to-date
ensures we have the latest bug fixes and improvements from the RustFS
project.
>
> ## Verification
> After making these changes, verify that:
> 1. All docker-compose files can start successfully
> 2. The S3-compatible storage functionality works as expected
> 3. File carving and software installer storage features continue to
work properly
<!-- START COPILOT CODING AGENT TIPS -->
---
💬 We'd love your input! Share your thoughts on Copilot coding agent in
our [2 minute survey](https://gh.io/copilot-coding-agent-survey).
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: iansltx <472804+iansltx@users.noreply.github.com>
Co-authored-by: Ian Littman <iansltx@gmail.com>
I wrote this small utility tool to quickly help switch migrations off or
on, when switching between versions.
It fits this workflow:
- You build fleet
- Start and see missing or unknown migrations: `Missing migrations:
tables=[20251207050413 20251208215800].`
- Copy all values inside the `[]` and run the tool:
- `./tools/dbutils/update-migration-status 1 20251207050413
20251208215800` if you already have the migrations.
- Or when going to older versions:
- `./tools/dbutils/update-migration-status 0 20251207050413
20251208215800` to disable them.
Feel free to reject if deemed unnecessary, I've found it be helpful for
me, so wanted to put it up for potential merge if others could see the
benefit.
Resolves#36909.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## Testing
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
This pull request adds support for generating app icons from a PNG file
in addition to the existing `.app` bundle method. The changes update
both the documentation and the `generate-icons.sh` script to allow users
to specify either an app bundle or a PNG file, improving flexibility for
icon generation.
**Documentation and usage improvements:**
* Updated `README.md` to document the new `-i` option for PNG input,
clarified required arguments, and added usage examples for both `.app`
bundles and PNG files.
**Script enhancements for PNG support:**
* Modified argument parsing in `generate-icons.sh` to accept a new `-i`
option for PNG files, and added validation to ensure either `-a` or `-i`
is provided (but not both).
[[1]](diffhunk://#diff-3efaab61495d01f6ff77a1e75195bd8b009e71c9ea53e3278274cb5edf929c44R295-R302)
[[2]](diffhunk://#diff-3efaab61495d01f6ff77a1e75195bd8b009e71c9ea53e3278274cb5edf929c44L312-R381)
* Added logic to handle PNG input: verifies the PNG file, derives
component and display names from the slug, and integrates PNG processing
alongside the existing `.app` bundle workflow.
[[1]](diffhunk://#diff-3efaab61495d01f6ff77a1e75195bd8b009e71c9ea53e3278274cb5edf929c44L312-R381)
[[2]](diffhunk://#diff-3efaab61495d01f6ff77a1e75195bd8b009e71c9ea53e3278274cb5edf929c44L412)
[[3]](diffhunk://#diff-3efaab61495d01f6ff77a1e75195bd8b009e71c9ea53e3278274cb5edf929c44R508-R519)
* Adjusted SVG and component name generation to work appropriately for
both input methods, ensuring correct naming and file output.
[[1]](diffhunk://#diff-3efaab61495d01f6ff77a1e75195bd8b009e71c9ea53e3278274cb5edf929c44L465-R548)
[[2]](diffhunk://#diff-3efaab61495d01f6ff77a1e75195bd8b009e71c9ea53e3278274cb5edf929c44L481-L483)
[[3]](diffhunk://#diff-3efaab61495d01f6ff77a1e75195bd8b009e71c9ea53e3278274cb5edf929c44L501-L507)
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#34376
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
## Testing
- [x] Added/updated automated tests
- [x] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [x] QA'd all new/changed functionality manually
## New Fleet configuration settings
If you didn't check the box above, follow this checklist for
GitOps-enabled settings:
- [x] Verified that the setting is exported via `fleetctl
generate-gitops`
- [x] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- Getting all current FMA's icons added to index.ts
- Updating the generate-icons.sh script to automatically add icons to
the index.ts file
---------
Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com>
