Resolves#42714.
Zed + Opus 4.6; initial prompts (see additional ones in follow-on
commits):
---
Audit our existing Fleet Maintained App catalog. Look for:
1. Software that has the wrong identifiers associated (e.g. Abstract),
e.g. in `exists` queries
2. Software that has the version number in the name that leaks into the
`exists` query, e.g. 7-zip or 010 Editor or Airtame. These should be
fuzzy-matched.
For each affected app, revise input manifests to fix the issues. For
(1), revise apps.json if needed as well. Don't modify apps.json for (2)
cases.
---
Are there any discrepancies between bundle identifiers in input
manifests for Darwin apps and apps.json? If so, fix them.
---
Outputs will get overwritten by the ingester if neither the ingester nor
the input JSON files are changed. Make whatever changes need to be made
so that these edits survive an FMA ingestion cycle.
---
Revise `fuzzy` to allow specifying a custom value e.g. `Mozilal Firefox
% (ESR)` in addition to the existing true/false, then use that new
functionality to build unique queries for Firefox ESR.
---
Commit these changes, across multiple commits (there will be cases where
a changes to a single file will be spread across multiple commits, most
notably apps.json). Split commits out as follows:
1. All darwin-related changes
2. Windows switches to fuzzy matching + associated unique_identifier
changes
3. Revised handling for Firefox ESR
Prefix commit messages with "🤖 ".
---
The ingester and test changes should've gone in commit 3. Move them
there from commit 2.
---
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Updated application identifiers for Abstract, Amazon Chime, Beyond
Compare, and Teleport Suite to use correct bundle and package
identifiers.
* Enhanced Windows and macOS installation detection queries to match
multiple application versions using pattern matching instead of exact
version strings.
* **New Features**
* Added support for configurable fuzzy matching patterns to improve
application name matching flexibility.
* **Tests**
* Added tests validating fuzzy matching configuration unmarshaling and
behavior.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#42492
Includes changes from running ingestions on all FMAs
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements), JS
inline code is prevented especially for url redirects, and untrusted
data interpolated into shell scripts/commands is validated against shell
metacharacters.
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
## Testing
- [x] Added/updated automated tests
- [ ] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [x] QA'd all new/changed functionality manually
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#41815
### Changes
- Extracted patch policy creation to `pkg/patch_policy`
- Added a `patch_query` column to the `software_installers` table
- By default that column is empty, and patch policies will generate with
the default query if so
- On app manifest ingestion, the appropriate entry in
`software_installers` will save the override "patch" query from the
manifest in patch_query
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements), JS
inline code is prevented especially for url redirects, and untrusted
data interpolated into shell scripts/commands is validated against shell
metacharacters.
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
## Testing
- [x] Added/updated automated tests
- [ ] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [ ] QA'd all new/changed functionality manually
- Relied on integration test for FMA version pinning
## Database migrations
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
