#20271
This fix requires an accompanying front end fix to pass the
`display_name` from the activity feed to the modal when displaying the
install results.
Closes: #20736
Changes:
- Updated the category switcher on the (buying situation agnostic)
homepage to be MDM, IT engineering and Security engineering.
- Updated the personalization of the product category sections of the
homepage
- Updated the tagline for the endpoint ops page.
Unreleased bug for iOS/iPadOS VPP #19447
# Checklist for submitter
- [x] Added/updated tests
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Manual QA for all new/changed functionality
- Google Chrome and a gnome extension have to
be installed to use Fleet Desktop + Firefox on Fedora.
- You don't have to set Google Chrome as the default browser.
Changes:
- Updated the /start questionnaire to not prefill the "What will you use
Fleet for?" question if the user has a primaryBuyingSituation set to
`vm`
The list of installed software was missing packages put ['on
hold'](https://askubuntu.com/questions/18654/how-to-prevent-updating-of-a-specific-package)
The reason for this is that the old query looks for the status
install ok installed
but there are other valid status which are also installed, like `hold ok
installed`. The syntax is `<desired> <error> <status>` so we only need
to look at the last or two last parts and ignore the first one.
See https://man7.org/linux/man-pages/man1/dpkg-query.1.html for a list
of status.
# Checklist for submitter
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
#20370
Part 2 to #20699. Apparently `systemd` now automatically deletes
`/etc/nologin` on startup. In the previous PR, rebooting the machine
would remove the nologin file and allow users to login. This PR masks
the service that performs the deletion, preventing it from running.
The message displayed to the user will be what is specified in [this
file](7767896d12/tmpfiles.d/systemd-nologin.conf (L10)).
It's not the best, but I suspect messing with too many systemd files
could come back to bite us in the future if things change, so I'll leave
it as-is.
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from
1.64.0 to 1.64.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/grpc/grpc-go/releases">google.golang.org/grpc's
releases</a>.</em></p>
<blockquote>
<h2>Release 1.64.1</h2>
<h1>Dependencies</h1>
<ul>
<li>Update x/net/http2 to address <a
href="https://nvd.nist.gov/vuln/detail/CVE-2023-45288">CVE-2023-45288</a>
(<a
href="https://redirect.github.com/grpc/grpc-go/issues/7352">#7352</a>)</li>
<li>metadata: remove String method from MD to make printing consistent
(<a
href="https://redirect.github.com/grpc/grpc-go/issues/7374">#7374</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4d833de0e0"><code>4d833de</code></a>
Change version to 1.64.1 (<a
href="https://redirect.github.com/grpc/grpc-go/issues/7381">#7381</a>)</li>
<li><a
href="e9193a4298"><code>e9193a4</code></a>
*: update deps (<a
href="https://redirect.github.com/grpc/grpc-go/issues/7375">#7375</a>)</li>
<li><a
href="ab292411dd"><code>ab29241</code></a>
metadata: remove String method (<a
href="https://redirect.github.com/grpc/grpc-go/issues/7374">#7374</a>)</li>
<li><a
href="355b9a557b"><code>355b9a5</code></a>
Change version to 1.64.1-dev (<a
href="https://redirect.github.com/grpc/grpc-go/issues/7219">#7219</a>)</li>
<li>See full diff in <a
href="https://github.com/grpc/grpc-go/compare/v1.64.0...v1.64.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/fleetdm/fleet/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Related to: https://github.com/fleetdm/confidential/issues/7227
Changes:
- Added a banner to the /better page that is visible to users who visit
it with a `?utm_content=secureframe` query param.
- Updated the `<animated-arrow-button>` component to support customizing
text and arrow color.
back-end and agent part of #13157
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [x] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [x] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [x] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
UI portion for #13157
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Orbit runs on macOS, Linux and Windows. Check if the orbit
feature/bugfix should only apply to one platform (`runtime.GOOS`).
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
Missing part of #19447
Added `available_for_install` query parameter to `GET
/api/v1/fleet/hosta/:id/software`
# Checklist for submitter
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
#19447
iOS and iPadOS apps can be installed using Apple's VPP (Volume Purchase
Program)
VPP apps are now using a composite primary key (Adam ID and platform)
because we want to keep iOS/iPadOS/macOS separate. It is possible for
one app to be installable on all Apple platforms.
# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Manual QA for all new/changed functionality
relates to #20784
this fixes an issue where the app-wide warning banners were not loading
on the first-page load.
> NOTE: I changed the fetch method for the data needed for the app-wide
banners (e.g. abm, apns, vpp token data) to use react-query `useQuery`
method as it follows our usual pattern for `GET` requests in components.
To enable this, I moved up the react-query query client wrapper in the
`AppWrapper component in `/frontend/router/index.tsx` file. This also
gives us better control of when/how often this request is initiated.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [ ] Added/updated tests
- [x] Manual QA for all new/changed functionality
