Merge branch 'main' into noahtalerman-patch-20

.github/scripts/dogfood-policy-updater-latest-macos.sh

@@ -103,6 +103,33 @@ if [ "$policy_version_number" != "$latest_macos_version" ]; then
     fi
 
     echo "Pull request created successfully."
+
+    # Extract the pull request number from the response
+    pr_number=$(echo "$pr_response" | jq -r '.number')
+    if [ -z "$pr_number" ] || [ "$pr_number" == "null" ]; then
+        echo "Error: Failed to retrieve pull request number."
+        exit 1
+    fi
+
+    echo "Adding reviewers to PR #$pr_number..."
+
+    # Prepare the reviewers data payload
+    reviewers_data=$(jq -n --arg r1 "harrisonravazzolo" '{reviewers: [$r1]}')
+
+    # Request reviewers for the pull request
+    review_response=$(curl -s -X POST \
+        -H "Authorization: token $DOGFOOD_AUTOMATION_TOKEN" \
+        -H "Accept: application/vnd.github.v3+json" \
+        -d "$reviewers_data" \
+        "https://api.github.com/repos/$REPO_OWNER/$REPO_NAME/pulls/$pr_number/requested_reviewers")
+
+
+    if echo "$review_response" | grep -q "errors"; then
+        echo "Error: Failed to add reviewers. Response: $review_response"
+        exit 1
+    fi
+
+    echo "Reviewers added successfully."
 else
     echo "No updates needed; the version is the same."
 fi

.github/workflows/generate-desktop-targets.yml

@@ -19,7 +19,7 @@ defaults:
     shell: bash
 
 env:
-  FLEET_DESKTOP_VERSION: 1.39.0
+  FLEET_DESKTOP_VERSION: 1.39.1
 
 permissions:
   contents: write

articles/fleet-software-attestation.md

@@ -1,14 +1,34 @@
 # Fleet software attestation
 
-As of version 4.63.0 Fleet added [SLSA attestations](https://slsa.dev/) to our released binaries and container images.  This includes the `fleet` and `fleetctl` server software, the fleetd (Orbit, osquery, and Fleet Desktop) agent for hosts.
+As of version 4.63.0 Fleet added [SLSA attestations](https://slsa.dev/) to our released binaries and container images.  This includes the Fleet server, [fleetctl](https://fleetdm.com/docs/get-started/anatomy#fleetctl) command-line tool (CLI), and Fleet's agent (specifically the [Orbit](https://fleetdm.com/docs/get-started/anatomy#fleetd) component).
 
 ## What is software attestation?
 
 A software attestation is a cryptographically-signed statement provided by a software creator that certifies the build process and provenance of one or more software _artifacts_ (which might be files, container images, or other outputs). In other words, it's a promise to our users that the software we're providing was built by us, using a process that they can trust and verify. We utilize the SLSA framework for attestations which you can read more about [here](https://slsa.dev/).  After each release, attestations are added to https://github.com/fleetdm/fleet/attestations.
 
-## Verifying our release artifacts
+## Verifying a release
 
-Any product of a Fleet release can be _verified_ to prove that it was indeed created by Fleet, using the `gh` command line tool from Github.  See the [`gh attestation verify`](https://cli.github.com/manual/gh_attestation_verify) docs for more info.
+Any Fleet release can be _verified_ to prove that it was indeed created by Fleet, using the `gh` command line tool from Github.  See the [`gh attestation verify`](https://cli.github.com/manual/gh_attestation_verify) docs for more info.
+
+After downloading the [Fleet binary](https://github.com/fleetdm/fleet/releases), here's how to verify:
+
+```
+gh attestation verify --owner fleetdm /path/to/fleet
+```
+
+Verify the [fleetctl binary](https://github.com/fleetdm/fleet/releases) (CLI):
+
+```
+gh attestation verify --owner fleetdm fleetdm /path/to/fleetctl
+```
+
+After, installing Fleet's agent (fleetd) on a macOS host, run this command on the host to verify:
+
+```
+gh attestation verify --owner fleetdm /usr/local/bin/orbit
+```
+
+TODO: Filepath for Windows and Linux
 
 <meta name="authorGitHubUsername" value="sgress454">
 <meta name="authorFullName" value="Scott Gress">

articles/how-to-configure-logging-destinations.md

@@ -78,13 +78,7 @@ Sumo Logic supports data ingestion via HTTP, making it a reliable choice for log
 
 #### For Splunk
 
-Splunk is a powerful platform for searching, monitoring, and analyzing machine-generated big data. Here’s how to integrate it with Firehose:
-
-
-
-1. **Set up Firehose**: Use the AWS guide to configure your Firehose delivery stream for Splunk as a destination. The process involves specifying the Splunk endpoint and authentication details. Detailed instructions are available in the [AWS Firehose documentation](https://docs.aws.amazon.com/firehose/latest/dev/create-destination.html?icmpid=docs_console_unmapped#create-destination-splunk).
-2. **Configure Splunk**: Follow the [Splunk documentation](https://docs.splunk.com/Documentation/AddOns/released/Firehose/RequestFirehose) to ensure Splunk is set to receive data from Firehose. This step involves setting up the necessary inputs and configuring Splunk to handle incoming data.
-3. **Firehose to Splunk configuration**: Finalize the setup by configuring Firehose to send data to Splunk, following the guidelines in the [Splunk documentation](https://docs.splunk.com/Documentation/AddOns/released/Firehose/ConfigureFirehose).
+Splunk is a powerful platform for searching, monitoring, and analyzing machine-generated big data. Learn how to connect Fleet to Splunk [here](https://fleetdm.com/guides/log-destinations#splunk).
 
 
 ### Conclusion

articles/install-fleet-maintained-apps-on-macos-hosts.md

@@ -22,7 +22,7 @@ Fleet maintains these [celebrity apps](https://github.com/fleetdm/fleet/blob/mai
    - Post-install script
    - Uninstall scripts
 
-These scripts are auto-generated based on the app's Homebrew Cask formula, but you can modify them. Modifying these scripts allows you to tailor the app installation process to your organization's needs, such as automating additional setup tasks or custom configurations post-installation.
+If you find that a script doesn't work as expected, please file a [bug](https://github.com/fleetdm/fleet/issues/new?template=bug-report.md). When scripts are fixed, after upgrading Fleet, they are automatically updated for you unless you edited any of the scripts.
 
 ## Install the app
 

articles/log-destinations.md

@@ -53,13 +53,38 @@ Snowflake provides instructions on setting up the destination tables and IAM rol
 
 ## Splunk
 
-To send logs to Splunk, you must first configure Fleet to send logs to [Amazon Kinesis Data Firehose (Firehose)](#amazon-kinesis-data-firehose). This is because you'll enable Firehose to forward logs directly to Splunk.
-
-With Fleet configured to send logs to Firehose, you then want to load the data from Firehose into Splunk. AWS provides instructions on how to enable Firehose to forward directly to Splunk [here in the AWS documentation](https://docs.aws.amazon.com/firehose/latest/dev/create-destination.html#create-destination-splunk).
-
-If you're using Fleet's [terraform reference architecture](https://github.com/fleetdm/fleet/blob/main/infrastructure/dogfood/terraform/aws), you want to replace the S3 destination with a Splunk destination. Hashicorp provides instructions on how to send Firehose data to Splunk [here in the Terraform documentation](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kinesis_firehose_delivery_stream#splunk-destination).
-
-Splunk provides instructions on how to prepare the Splunk platform for Firehose data [here in the Splunk documentation](https://docs.splunk.com/Documentation/AddOns/latest/Firehose/ConfigureFirehose).
+How to send logs to Splunk:
+
+1. Follow [Splunk's instructions](https://docs.splunk.com/Documentation/AddOns/latest/Firehose/ConfigureFirehose) to prepare the Splunk for Firehose data.
+
+2. Follow these [AWS instructions](https://docs.aws.amazon.com/firehose/latest/dev/create-destination.html#create-destination-splunk) on how to enable Firehose to forward directly to Splunk.
+
+3. In your [`main.tf` file](https://github.com/fleetdm/fleet-terraform/blob/main/addons/logging-destination-firehose/main.tf), replace your S3 destination (`aws_kinesis_firehose_delivery_stream`) with a Splunk destination:
+
+```hcl
+resource "aws_kinesis_firehose_delivery_stream" "test_stream" {
+  name        = "terraform-kinesis-firehose-test-stream"
+  destination = "splunk"
+
+  splunk_configuration {
+    hec_endpoint               = "https://http-inputs-mydomain.splunkcloud.com:443"
+    hec_token                  = "51D4DA16-C61B-4F5F-8EC7-ED4301342A4A"
+    hec_acknowledgment_timeout = 600
+    hec_endpoint_type          = "Event"
+    s3_backup_mode             = "FailedEventsOnly"
+
+    s3_configuration {
+      role_arn           = aws_iam_role.firehose.arn
+      bucket_arn         = aws_s3_bucket.bucket.arn
+      buffering_size     = 10
+      buffering_interval = 400
+      compression_format = "GZIP"
+    }
+  }
+}
+```
+
+For the latest configuration go to HashiCorp's Terraform docs [here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kinesis_firehose_delivery_stream#splunk-destination).
 
 ## Amazon Kinesis Data Streams
 

changes/26178-fix-2

@@ -0,0 +1,2 @@
+- Fixed an issue with increased resource usage during vulnerabilities processing by adding a
+  database index.

cmd/fleet/prepare.go

@@ -60,27 +60,11 @@ To setup Fleet infrastructure, use one of the available commands.
 				return
 			case fleet.SomeMigrationsCompleted:
 				if !noPrompt {
-					fmt.Printf("################################################################################\n"+
-						"# WARNING:\n"+
-						"#   This will perform Fleet database migrations. Please back up your data before\n"+
-						"#   continuing.\n"+
-						"#\n"+
-						"#   Missing migrations: tables=%v, data=%v.\n"+
-						"#\n"+
-						"#   Press Enter to continue, or Control-c to exit.\n"+
-						"################################################################################\n",
-						status.MissingTable, status.MissingData)
+					printMissingMigrationsPrompt(status.MissingTable, status.MissingData)
 					bufio.NewScanner(os.Stdin).Scan()
 				}
 			case fleet.UnknownMigrations:
-				fmt.Printf("################################################################################\n"+
-					"# WARNING:\n"+
-					"#   Your Fleet database has unrecognized migrations. This could happen when\n"+
-					"#   running an older version of Fleet on a newer migrated database.\n"+
-					"#\n"+
-					"#   Unknown migrations: tables=%v, data=%v.\n"+
-					"################################################################################\n",
-					status.UnknownTable, status.UnknownData)
+				printUnknownMigrationsMessage(status.UnknownTable, status.UnknownData)
 				if dev {
 					os.Exit(1)
 				}
@@ -104,3 +88,41 @@ To setup Fleet infrastructure, use one of the available commands.
 	prepareCmd.AddCommand(dbCmd)
 	return prepareCmd
 }
+
+func printUnknownMigrationsMessage(tables []int64, data []int64) {
+	fmt.Printf("################################################################################\n"+
+		"# WARNING:\n"+
+		"#   Your Fleet database has unrecognized migrations. This could happen when\n"+
+		"#   running an older version of Fleet on a newer migrated database.\n"+
+		"#\n"+
+		"#   Unknown migrations: %s.\n"+
+		"################################################################################\n",
+		tablesAndDataToString(tables, data))
+}
+
+func printMissingMigrationsPrompt(tables []int64, data []int64) {
+	fmt.Printf("################################################################################\n"+
+		"# WARNING:\n"+
+		"#   This will perform Fleet database migrations. Please back up your data before\n"+
+		"#   continuing.\n"+
+		"#\n"+
+		"#   Missing migrations: %s.\n"+
+		"#\n"+
+		"#   Press Enter to continue, or Control-c to exit.\n"+
+		"################################################################################\n",
+		tablesAndDataToString(tables, data))
+}
+
+func tablesAndDataToString(tables, data []int64) string {
+	switch {
+	case len(tables) > 0 && len(data) == 0:
+		// Most common case
+		return fmt.Sprintf("tables=%v", tables)
+	case len(tables) == 0 && len(data) == 0:
+		return "unknown"
+	case len(tables) == 0 && len(data) > 0:
+		return fmt.Sprintf("data=%v", data)
+	default:
+		return fmt.Sprintf("tables=%v, data=%v", tables, data)
+	}
+}