Fixes#31686.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
## Testing
- [ ] Added/updated automated tests
- [ ] QA'd all new/changed functionality manually
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#37244
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## Testing
- [x] QA'd all new/changed functionality manually
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Internal MySQL utility package reorganized and all internal imports
updated to the new platform location; no changes to end-user
functionality or behavior.
* **Documentation**
* Added platform package documentation describing infrastructure
responsibilities and architectural boundaries to guide maintainers.
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Resolves#32481 for Fleet server-side work.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
## Testing
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** For #33391
# Details
This PR adds a shared method for validating a software auto-update
configuration, and updates the datastore and API handler methods to use
it.
# Checklist for submitter
## Testing
- [X] Added/updated automated tests
- [X] QA'd all new/changed functionality manually
Tested in the UI (to ensure valid calls still work) and via API calls
(to test validation)
## Summary
Fixes the publisher name in the 1Password Windows Fleet-maintained app
query to match the actual Windows registry value.
## Issue
The generated query was using `AgileBits Inc.` (capital 'B') from the
winget manifest, but Windows registry shows the publisher as `Agilebits
Inc.` (lowercase 'b'). This caused a mismatch preventing Fleet from
properly matching the installed software with the Fleet-maintained app.
## Changes
- Added `program_publisher` override to `inputs/winget/1password.json`
with the correct publisher name
- Regenerated output manifest with corrected query
## Test plan
- [x] Verify the query matches actual Windows registry value on a test
host
- [x] Confirm Fleet can now properly match installed 1Password software
## Summary
Fixes the app name in the Slack Windows Fleet-maintained app query to
match the actual Windows registry value.
## Issue
The generated query was using `Slack` as the app name, but Windows
registry shows the app name as `Slack (Machine - MSI)`. This caused a
mismatch preventing Fleet from properly matching the installed software
with the Fleet-maintained app.
## Changes
- Updated `unique_identifier` in `inputs/winget/slack.json` from
`"Slack"` to `"Slack (Machine - MSI)"`
- Regenerated output manifest with corrected query
- Version updated to 4.47.69 (latest available)
## Test plan
- [x] Verify the query matches actual Windows registry value on a test
host
- [x] Confirm Fleet can now properly match installed Slack software
This pull request updates the installation scripts for several macOS
applications to improve the user experience during installation. The new
scripts now track whether the application was running before
installation and automatically relaunch it afterwards if necessary.
This pull request updates the installation scripts for several
maintained macOS applications to improve user experience by ensuring
that if the app was running before installation, it will be relaunched
automatically after the update.
This pull request updates the installer scripts for the macOS FMAs to
improve the user experience during installation. The main enhancement is
that the installer scripts now detect if the application was running
before installation, quit it if necessary, and automatically relaunch it
after the installation completes.
This pull request updates the installation scripts for maintained macOS
applications. The main improvement is the addition of logic to
gracefully quit the application before installation and relaunch it
afterward if it was previously running. This helps prevent issues with
files in use during upgrades and provides a smoother user experience.
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#35458
# Details
This PR adds new metadata to the `ActivityEditedAppStoreApp` activity
relating to the app's auto-update schedule. The data will be included
with every `ActivityEditedAppStoreApp` activity regardless of whether
the values changed. I have an open question about this on the [activity
docs
PR](https://github.com/fleetdm/fleet/pull/36534/changes#r2648884183).
One functional change to note here is that the act of recording the
activity has been moved up a level into the endpoint code, because the
activity now contains metadata from two different service methods (one
that updates the VPP app, and one that creates the auto-update
schedule).
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## Testing
- [X] Added/updated automated tests
- [X] QA'd all new/changed functionality manually
Updated NDES SCEP proxy to auto-detect response encoding, enabling
compatibility with Okta CA and other UTF-8-based CAs.
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#36652
Video demo: https://www.youtube.com/watch?v=M7yLXEofdCE
# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
## Testing
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Improved response encoding handling in the NDES SCEP proxy with
automatic detection, enabling seamless compatibility with Okta CA and
other certificate authorities using UTF-8 encoding.
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
This pull request updates the macOS install scripts for several
maintained applications to improve the user experience during upgrades.
The main enhancement is that the installer now tracks whether the
application was running before installation, attempts to quit it, and
then relaunches it after the installation if it was previously running.
This pull request updates the installation scripts for Fleet-maintained
macOS applications to improve user experience during upgrades. The new
scripts now detect if the app is running before installation, quit it if
needed, and automatically relaunch it afterwards.
This pull request updates the installation scripts for several
maintained Mac applications (BalenaEtcher, BBEdit, Beyond Compare, and
Bitwarden) to improve their handling of running applications during
installation. The new scripts now detect if the target application is
running before installation, attempt to quit it, and then relaunch it
after installation if it was previously running.
This pull request updates the installation scripts for several macOS
maintained apps to improve user experience during installation. The main
enhancement is that the installer now tracks whether the application was
running before installation and automatically relaunches it afterward if
needed. This change helps ensure a smoother update process for end
users.
This pull request enhances the macOS app installation process by
improving how running applications are handled during install and
update, and also updates the metadata and scripts for Docker Desktop.
The main improvements are the introduction of quit/relaunch logic for
pkg-based FMAs, and the renaming and updating of Docker Desktop’s
identifiers and scripts.
**App install/relaunch improvements:**
* Added new shell functions `quit_and_track_application` and
`relaunch_application` to the generated install scripts. These functions
ensure that if an app (or pkg) is running before installation, it is
quit and then automatically relaunched after installation, preserving
user state. The logic tracks whether the app was running via an
environment variable.
[[1]](diffhunk://#diff-a9df2db484fcbb560d62c43f94c4bcc2d26dcf68066c9e7cc2bffad6f124ce97L22-R41)
[[2]](diffhunk://#diff-a9df2db484fcbb560d62c43f94c4bcc2d26dcf68066c9e7cc2bffad6f124ce97R53-R59)
[[3]](diffhunk://#diff-a9df2db484fcbb560d62c43f94c4bcc2d26dcf68066c9e7cc2bffad6f124ce97R72-R73)
[[4]](diffhunk://#diff-a9df2db484fcbb560d62c43f94c4bcc2d26dcf68066c9e7cc2bffad6f124ce97R571-R648)
* Removed the previous simpler `quit_application` logic from the install
script generation, as the new functions supersede it.
**Docker Desktop metadata and script updates:**
* Renamed the Docker Desktop input and updated its `slug` and
`unique_identifier` to match the new bundle identifier
(`com.electron.dockerdesktop`), reflecting the current packaging.
* Updated the output app metadata in `apps.json` to use the new slug and
unique identifier for Docker Desktop.
* Added a new output file for Docker Desktop
(`docker-desktop/darwin.json`) with the updated install and uninstall
scripts, including the new quit/relaunch logic and references.
This pull request improves the robustness and reliability of the script
and workflows that detect changed or new maintained apps in pull
requests. The main focus is on making the detection script pass
validation when the test is triggered but no new FMAs are detected.
**Script robustness and error handling:**
* The `.github/scripts/detect-new-fmas-in-pr.sh` script is updated to
always exit successfully (status 0) when no changes are detected, and
only exit with error (status 1) for critical failures like missing `jq`.
A new `safe_exit` function is introduced to standardize output and
ensure graceful exits.
[[1]](diffhunk://#diff-f9bbb0340f504713c99d610f3c64bf281fc13ed3cb8a1c06a5366272c9828a8dR7-R11)
[[2]](diffhunk://#diff-f9bbb0340f504713c99d610f3c64bf281fc13ed3cb8a1c06a5366272c9828a8dL21-R39)
* Improved error handling for missing files, empty variables, and failed
commands throughout the script, including handling cases where
`merge-base`, `git show`, or `jq` fail, and ensuring empty or missing
data does not cause the script to error out.
[[1]](diffhunk://#diff-f9bbb0340f504713c99d610f3c64bf281fc13ed3cb8a1c06a5366272c9828a8dL32-R66)
[[2]](diffhunk://#diff-f9bbb0340f504713c99d610f3c64bf281fc13ed3cb8a1c06a5366272c9828a8dR87-R108)
[[3]](diffhunk://#diff-f9bbb0340f504713c99d610f3c64bf281fc13ed3cb8a1c06a5366272c9828a8dL75-R155)
**Workflow improvements:**
* The `test-fma-darwin-pr-only.yml` and `test-fma-windows-pr-only.yml`
workflows are updated to default to "no changes" if the detection step
fails or does not set the expected output, preventing false positives or
workflow failures.
[[1]](diffhunk://#diff-28b30c8601cb7662d59efbfbbcf800cae91455fd3d875627659dced8c1257a24L70-R72)
[[2]](diffhunk://#diff-51641fd1d2cc19348b81fd8310b62ad270ca5082ceddff2d49064e78f126a1eaL76-R78)
Relates to #37771.
No changes file as the #37772 changes file covers this.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
## Testing
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
This pull request adds support for Notepad++ as a maintained application
in the system. It includes metadata, installation and uninstallation
scripts, version tracking, and a custom icon for the frontend. The main
changes are grouped into backend app definition and scripting,
versioning/output updates, and frontend UI enhancements.
**Backend: Notepad++ App Definition and Scripting**
- Added a new app definition for Notepad++ in `winget` format, including
metadata and references to install/uninstall scripts (`notepad++.json`).
- Implemented PowerShell scripts for silent installation and
uninstallation of Notepad++ using NSIS-compatible flags
(`notepad++_install.ps1`, `notepad++_uninstall.ps1`).
[[1]](diffhunk://#diff-dbe7f508350f3d388cd03eba8739d31334cd4e8a20545dec83d40612cbb51190R1-R29)
[[2]](diffhunk://#diff-cda39039b54d874cec215f12e62ca7183f790fefe54d79affcb6f4965a305dbbR1-R99)
**Versioning and Outputs**
- Added Notepad++ entry to the main output apps registry (`apps.json`),
enabling it to be recognized as a supported app.
- Created a Notepad++ versioned output file for Windows, including
detection query, installer URL, SHA256, and script references.
**Frontend: UI Enhancements**
- Added a custom Notepad++ SVG icon component for use in the software
page UI (`Notepad++.tsx`).
- Registered the Notepad++ icon in the icon index and mapped it for
display with the app name.
[[1]](diffhunk://#diff-628095892e1d16090be1db6cc1a5c9cebc65248c32a8b1312385394818f2907bR8)
[[2]](diffhunk://#diff-628095892e1d16090be1db6cc1a5c9cebc65248c32a8b1312385394818f2907bR376)
Deleted Microsoft Teams Windows app definition and output files, and
removed its entry from the main apps.json. This cleans up legacy support
for the old Teams Windows package.
