Skip to content

Prevent silent corruption of software title icons#44540

Open
cdcme wants to merge 2 commits intomainfrom
fix-43161-icon-noop-repro
Open

Prevent silent corruption of software title icons#44540
cdcme wants to merge 2 commits intomainfrom
fix-43161-icon-noop-repro

Conversation

@cdcme
Copy link
Copy Markdown
Member

@cdcme cdcme commented Apr 30, 2026
edited by coderabbitai Bot
Loading

Fixes #43161

Summary

Three preventive changes against divergence between software_title_icons rows and bytes in the icon store:

  • CleanupUnusedSoftwareTitleIcons reads the writer, not a replica.
  • Filesystem Put is atomic (temp > fsync > rename).
  • Filesystem Exists rejects 0-byte and hash-mismatched files.

Testing

  • Unit tests cover Exists rejection and Put atomicity
  • Updated integration test runs through upload > corrupt > recover

Summary by CodeRabbit

  • Bug Fixes
    • Software icon file storage is now more resilient to system crashes through atomic write operations.
    • Icon integrity is verified to detect corrupted or incomplete files.
    • Improved recovery mechanism for icons after data integrity issues.
    • Enhanced cleanup process to prevent accidental deletion of in-use icons.

@qodo-free-for-open-source-projects
Copy link
Copy Markdown

qodo-free-for-open-source-projects Bot commented Apr 30, 2026

CI Feedback 🧐

A test triggered by this PR failed. Here is an AI-generated analysis of the failure:

Action: test-go (fleetctl, mysql:9.5.0) / test

Failed stage: Run Go Tests [❌]

Failed test name: TestIntegrationsVulnerabilityDataStream

Failure summary:

The action failed because a Go integration test failed during make test-go (Makefile targets
.run-go-tests at Makefile:278 and test-go at Makefile:393), causing the job to exit with a non-zero
status (Process completed with exit code 2).
- Failed test: cmd/fleetctl/integrationtest/vuln
TestIntegrationsVulnerabilityDataStream (vulnerability_data_stream_test.go:44).
- Root cause: the
test attempts to download Canonical OVAL definitions from
https://security-metadata.canonical.com/oval/com.ubuntu.plucky.usn.oval.xml.bz2, but the network
request repeatedly fails with TLS handshake timeout, connection reset by peer, and ultimately dial
tcp ...:443: i/o timeout, leading to Error downloading Oval definitions.

Relevant error logs: 
1:  ##[group]Runner Image Provisioner
2:  Hosted Compute Agent
...

1890:  �[36;1mattempt=1�[0m
1891:  �[36;1m�[0m
1892:  �[36;1mwhile [ $attempt -le $max_attempts ]; do�[0m
1893:  �[36;1m  echo "Attempt $attempt of $max_attempts"�[0m
1894:  �[36;1m�[0m
1895:  �[36;1m  # Try to connect to MySQL�[0m
1896:  �[36;1m  if wait_for_mysql "mysql_test"; then�[0m
1897:  �[36;1m    # If MySQL is ready, try to connect to MySQL replica�[0m
1898:  �[36;1m    if wait_for_mysql "mysql_replica_test"; then�[0m
1899:  �[36;1m      # Both are ready, we're done�[0m
1900:  �[36;1m      echo "All MySQL connections successful"�[0m
1901:  �[36;1m      exit 0�[0m
1902:  �[36;1m    fi�[0m
1903:  �[36;1m  fi�[0m
1904:  �[36;1m�[0m
1905:  �[36;1m  # If we get here, at least one connection failed�[0m
1906:  �[36;1m  echo "Failed to connect to MySQL on attempt $attempt"�[0m
1907:  �[36;1m�[0m
1908:  �[36;1m  if [ $attempt -lt $max_attempts ]; then�[0m
1909:  �[36;1m    echo "Restarting containers and trying again..."�[0m
1910:  �[36;1m    restart_containers�[0m
1911:  �[36;1m  else�[0m
1912:  �[36;1m    echo "Maximum attempts reached. Failing the job."�[0m
1913:  �[36;1m    exit 1�[0m
...

1987:  gotestsum --format=testdox --jsonfile=/tmp/test-output.json -- -tags full,fts5,netgo -run=  -v -race=false -timeout=20m  -parallel 8 -coverprofile=coverage.txt -covermode=atomic -coverpkg=github.com/fleetdm/fleet/v4/... ././cmd/fleetctl/... 
1988:  go: downloading github.com/stretchr/testify v1.11.1
1989:  go: downloading github.com/AbGuthrie/goquery/v2 v2.0.1
1990:  go: downloading github.com/urfave/cli/v2 v2.27.7
1991:  go: downloading github.com/go-git/go-git/v5 v5.18.0
1992:  go: downloading github.com/beevik/etree v1.6.0
1993:  go: downloading github.com/briandowns/spinner v1.23.1
1994:  go: downloading github.com/google/go-github/v37 v37.0.0
1995:  go: downloading github.com/gosuri/uilive v0.0.4
1996:  go: downloading github.com/manifoldco/promptui v0.9.0
1997:  go: downloading github.com/mitchellh/go-ps v1.0.0
1998:  go: downloading github.com/olekukonko/tablewriter v0.0.5
1999:  go: downloading github.com/sethvargo/go-password v0.3.0
2000:  go: downloading github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966
2001:  go: downloading github.com/patrickmn/go-cache v2.1.0+incompatible
2002:  go: downloading github.com/hashicorp/go-multierror v1.1.1
2003:  go: downloading github.com/VividCortex/mysqlerr v0.0.0-20170204212430-6c6b55f8796f
...

2131:  go: downloading github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0
2132:  go: downloading github.com/tchap/go-patricia/v2 v2.3.2
2133:  go: downloading github.com/yashtewari/glob-intersection v0.2.0
2134:  go: downloading sigs.k8s.io/yaml v1.4.0
2135:  go: downloading go.opentelemetry.io/otel/sdk v1.43.0
2136:  go: downloading github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415
2137:  go: downloading github.com/sirupsen/logrus v1.9.3
2138:  go: downloading github.com/go-ini/ini v1.67.0
2139:  go: downloading github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb
2140:  github.com/fleetdm/fleet/v4/cmd/fleetctl:
2141:  github.com/fleetdm/fleet/v4/cmd/fleetctl/fleetctl/testing_utils:
2142:  github.com/fleetdm/fleet/v4/cmd/fleetctl/integrationtest:
2143:  github.com/fleetdm/fleet/v4/cmd/fleetctl/fleetctl/goquerycmd:
2144:  github.com/fleetdm/fleet/v4/cmd/fleetctl/integrationtest/preview:
2145:  �[32m✓�[0m Integrations preview (77.55s)
2146:  �[32m✓�[0m Preview fails on invalid license key (0.00s)
2147:  github.com/fleetdm/fleet/v4/cmd/fleetctl/fleetctl:
...

2251:  �[32m✓�[0m Apply specs deprecated keys app config windows updates.grace period days not a number (0.64s)
2252:  �[32m✓�[0m Apply specs deprecated keys app config windows updates.grace period days out of range (0.63s)
2253:  �[32m✓�[0m Apply specs deprecated keys config with FIM values for agent options (#869 9) (0.49s)
2254:  �[32m✓�[0m Apply specs deprecated keys config with blank required org name (0.51s)
2255:  �[32m✓�[0m Apply specs deprecated keys config with blank required server url (0.68s)
2256:  �[32m✓�[0m Apply specs deprecated keys config with invalid agent options command-line flags (0.55s)
2257:  �[32m✓�[0m Apply specs deprecated keys config with invalid agent options data type in dry-run (0.48s)
2258:  �[32m✓�[0m Apply specs deprecated keys config with invalid agent options data type with force (0.91s)
2259:  �[32m✓�[0m Apply specs deprecated keys config with invalid agent options in dry-run (0.54s)
2260:  �[32m✓�[0m Apply specs deprecated keys config with invalid key type (0.62s)
2261:  �[32m✓�[0m Apply specs deprecated keys config with invalid value for agent options command-line flags (0.61s)
2262:  �[32m✓�[0m Apply specs deprecated keys config with unknown key (0.50s)
2263:  �[32m✓�[0m Apply specs deprecated keys config with valid agent options command-line flags (0.46s)
2264:  �[32m✓�[0m Apply specs deprecated keys dry-run set with unsupported spec (0.69s)
2265:  �[32m✓�[0m Apply specs deprecated keys dry-run set with various specs, appconfig warning for legacy (0.39s)
2266:  �[32m✓�[0m Apply specs deprecated keys dry-run set with various specs, no errors (0.51s)
2267:  �[32m✓�[0m Apply specs deprecated keys empty config (0.52s)
...

2270:  �[32m✓�[0m Apply specs deprecated keys invalid agent options dry-run (0.76s)
2271:  �[32m✓�[0m Apply specs deprecated keys invalid agent options field type (0.53s)
2272:  �[32m✓�[0m Apply specs deprecated keys invalid agent options field type in overrides (0.57s)
2273:  �[32m✓�[0m Apply specs deprecated keys invalid agent options for existing team (0.46s)
2274:  �[32m✓�[0m Apply specs deprecated keys invalid agent options for new team (0.52s)
2275:  �[32m✓�[0m Apply specs deprecated keys invalid agent options force (0.56s)
2276:  �[32m✓�[0m Apply specs deprecated keys invalid known key's value type for team cannot be forced (0.62s)
2277:  �[32m✓�[0m Apply specs deprecated keys invalid team agent options command-line flag (0.50s)
2278:  �[32m✓�[0m Apply specs deprecated keys invalid top-level key for team (0.52s)
2279:  �[32m✓�[0m Apply specs deprecated keys macos updates deadline set but minimum version empty (0.74s)
2280:  �[32m✓�[0m Apply specs deprecated keys macos updates minimum version set but deadline empty (0.52s)
2281:  �[32m✓�[0m Apply specs deprecated keys macos updates.deadline with incomplete date (0.60s)
2282:  �[32m✓�[0m Apply specs deprecated keys macos updates.deadline with invalid date (0.52s)
2283:  �[32m✓�[0m Apply specs deprecated keys macos updates.deadline with timestamp (0.61s)
2284:  �[32m✓�[0m Apply specs deprecated keys macos updates.minimum version with build version (0.44s)
2285:  �[32m✓�[0m Apply specs deprecated keys missing required failing policies destination url (0.63s)
2286:  �[32m✓�[0m Apply specs deprecated keys missing required host status days count (0.51s)
...

2294:  �[32m✓�[0m Apply specs deprecated keys team config macos settings.enable disk encryption true (0.54s)
2295:  �[32m✓�[0m Apply specs deprecated keys team config macos settings.enable disk encryption with invalid value type (0.53s)
2296:  �[32m✓�[0m Apply specs deprecated keys team config macos settings.enable disk encryption without a value (0.44s)
2297:  �[32m✓�[0m Apply specs deprecated keys unknown key for team can be forced (0.43s)
2298:  �[32m✓�[0m Apply specs deprecated keys valid team agent options command-line flag (0.52s)
2299:  �[32m✓�[0m Apply specs deprecated keys windows updates unset valid (0.58s)
2300:  �[32m✓�[0m Apply specs deprecated keys windows updates valid (0.65s)
2301:  �[32m✓�[0m Apply specs deprecated keys windows updates.deadline days but grace period empty (0.47s)
2302:  �[32m✓�[0m Apply specs deprecated keys windows updates.deadline days not a number (0.44s)
2303:  �[32m✓�[0m Apply specs deprecated keys windows updates.deadline days out of range (0.60s)
2304:  �[32m✓�[0m Apply specs deprecated keys windows updates.grace period days but deadline empty (0.41s)
2305:  �[32m✓�[0m Apply specs deprecated keys windows updates.grace period days not a number (0.41s)
2306:  �[32m✓�[0m Apply specs deprecated keys windows updates.grace period days out of range (0.72s)
2307:  �[32m✓�[0m Apply specs dry-run set with unsupported spec (0.69s)
2308:  �[32m✓�[0m Apply specs dry-run set with various specs, appconfig warning for legacy (0.46s)
2309:  �[32m✓�[0m Apply specs dry-run set with various specs, no errors (0.51s)
2310:  �[32m✓�[0m Apply specs empty config (0.78s)
...

2313:  �[32m✓�[0m Apply specs invalid agent options dry-run (0.83s)
2314:  �[32m✓�[0m Apply specs invalid agent options field type (0.92s)
2315:  �[32m✓�[0m Apply specs invalid agent options field type in overrides (0.42s)
2316:  �[32m✓�[0m Apply specs invalid agent options for existing team (0.62s)
2317:  �[32m✓�[0m Apply specs invalid agent options for new team (0.70s)
2318:  �[32m✓�[0m Apply specs invalid agent options force (0.89s)
2319:  �[32m✓�[0m Apply specs invalid known key's value type for team cannot be forced (0.75s)
2320:  �[32m✓�[0m Apply specs invalid team agent options command-line flag (1.09s)
2321:  �[32m✓�[0m Apply specs invalid top-level key for team (0.65s)
2322:  �[32m✓�[0m Apply specs macos updates deadline set but minimum version empty (0.38s)
2323:  �[32m✓�[0m Apply specs macos updates minimum version set but deadline empty (0.40s)
2324:  �[32m✓�[0m Apply specs macos updates.deadline with incomplete date (0.42s)
2325:  �[32m✓�[0m Apply specs macos updates.deadline with invalid date (0.40s)
2326:  �[32m✓�[0m Apply specs macos updates.deadline with timestamp (0.42s)
2327:  �[32m✓�[0m Apply specs macos updates.minimum version with build version (0.52s)
2328:  �[32m✓�[0m Apply specs missing required failing policies destination url (0.44s)
2329:  �[32m✓�[0m Apply specs missing required host status days count (0.63s)
...

2415:  �[32m✓�[0m Filename functions (0.00s)
2416:  �[32m✓�[0m Filename functions outfile name builds a file name using the name provided + current time (0.00s)
2417:  �[32m✓�[0m Filename functions outfile name with ext builds a file name using the name and extension provided + current time (0.00s)
2418:  �[32m✓�[0m FleetctlUpgradePacks empty packs (0.65s)
2419:  �[32m✓�[0m FleetctlUpgradePacks no pack (0.42s)
2420:  �[32m✓�[0m FleetctlUpgradePacks non empty (0.49s)
2421:  �[32m✓�[0m FleetctlUpgradePacks not admin (0.44s)
2422:  �[32m✓�[0m Format XML (0.00s)
2423:  �[32m✓�[0m Format XML XML with attributes (0.00s)
2424:  �[32m✓�[0m Format XML basic XML (0.00s)
2425:  �[32m✓�[0m Format XML empty XML (0.00s)
2426:  �[32m✓�[0m Format XML invalid XML (0.00s)
2427:  �[32m✓�[0m Format XML nested XML (0.00s)
2428:  �[32m✓�[0m Generate MDM apple (0.71s)
2429:  �[32m✓�[0m Generate MDM apple BM (0.36s)
2430:  �[32m✓�[0m Generate MDM apple CSR API call fails (0.35s)
2431:  �[32m✓�[0m Generate MDM apple successful run (0.36s)
2432:  �[32m✓�[0m Generate MDMVPP tokens (0.00s)
2433:  �[32m✓�[0m Generate MDMVPP tokens get VPP tokens error (0.00s)
2434:  �[32m✓�[0m Generate MDMVPP tokens multiple tokens with different teams (0.00s)
...

2446:  �[32m✓�[0m Generate org settings insecure (0.00s)
2447:  �[32m✓�[0m Generate org settings masked google calendar api key (0.00s)
2448:  �[32m✓�[0m Generate policies (0.00s)
2449:  �[32m✓�[0m Generate queries (0.00s)
2450:  �[32m✓�[0m Generate software (0.00s)
2451:  �[32m✓�[0m Generate software auto update schedule (0.00s)
2452:  �[32m✓�[0m Generate software script packages (0.00s)
2453:  �[32m✓�[0m Generate team settings (0.00s)
2454:  �[32m✓�[0m Generate team settings insecure (0.00s)
2455:  �[32m✓�[0m Generated org settings no SSO (0.00s)
2456:  �[32m✓�[0m Generated org settings okta conditional access not included (0.00s)
2457:  �[32m✓�[0m Get MDM command results (0.48s)
2458:  �[32m✓�[0m Get MDM command results command flag required (0.00s)
2459:  �[32m✓�[0m Get MDM command results command not found (0.01s)
2460:  �[32m✓�[0m Get MDM command results command results empty (0.01s)
2461:  �[32m✓�[0m Get MDM command results command results error (0.01s)
2462:  �[32m✓�[0m Get MDM command results darwin command results (0.00s)
2463:  �[32m✓�[0m Get MDM command results host specific results (0.00s)
2464:  �[32m✓�[0m Get MDM command results windows command results (0.00s)
2465:  �[32m✓�[0m Get MDM commands (0.39s)
2466:  �[32m✓�[0m Get apple BM (1.55s)
2467:  �[32m✓�[0m Get apple BM free license (0.38s)
2468:  �[32m✓�[0m Get apple BM premium license, multiple tokens (0.37s)
2469:  �[32m✓�[0m Get apple BM premium license, no token (0.41s)
2470:  �[32m✓�[0m Get apple BM premium license, single token (0.39s)
2471:  �[32m✓�[0m Get apple MDM (0.30s)
2472:  �[32m✓�[0m Get carve (0.33s)
2473:  �[32m✓�[0m Get carve with error (0.34s)
2474:  �[32m✓�[0m Get carves (0.50s)
...

2500:  �[32m✓�[0m Get queries as observer (0.42s)
2501:  �[32m✓�[0m Get queries as observer global observer (0.01s)
2502:  �[32m✓�[0m Get queries as observer observer of multiple teams (0.01s)
2503:  �[32m✓�[0m Get queries as observer team observer (0.01s)
2504:  �[32m✓�[0m Get query (0.43s)
2505:  �[32m✓�[0m Get software titles (0.42s)
2506:  �[32m✓�[0m Get software versions (0.39s)
2507:  �[32m✓�[0m Get teams (0.85s)
2508:  �[32m✓�[0m Get teams YAML and apply (0.40s)
2509:  �[32m✓�[0m Get teams by name (0.37s)
2510:  �[32m✓�[0m Get teams expired license (0.49s)
2511:  �[32m✓�[0m Get teams not expired license (0.36s)
2512:  �[32m✓�[0m Get user roles (0.34s)
2513:  �[32m✓�[0m Git ops ABM (5.82s)
2514:  �[32m✓�[0m Git ops ABM backwards compat (0.64s)
2515:  �[32m✓�[0m Git ops ABM both keys errors (0.60s)
2516:  �[32m✓�[0m Git ops ABM deprecated config with two tokens in the db fails (0.59s)
2517:  �[32m✓�[0m Git ops ABM new key all valid (0.67s)
2518:  �[32m✓�[0m Git ops ABM new key multiple elements (0.70s)
2519:  �[32m✓�[0m Git ops ABM no team is supported (0.53s)
2520:  �[32m✓�[0m Git ops ABM non existent org name fails (0.49s)
2521:  �[32m✓�[0m Git ops ABM not provided teams defaults to no team (0.51s)
2522:  �[32m✓�[0m Git ops ABM renamed new key all valid (0.62s)
2523:  �[32m✓�[0m Git ops ABM using an undefined team errors (0.49s)
2524:  �[32m✓�[0m Git ops EULA setting (4.78s)
...

2527:  �[32m✓�[0m Git ops EULA setting not a PDF file (0.63s)
2528:  �[32m✓�[0m Git ops EULA setting relative path to working dir to pdf file (no existing EULA uploaded) (0.49s)
2529:  �[32m✓�[0m Git ops EULA setting relative path to yaml file to pdf file (no existing EULA uploaded) (0.66s)
2530:  �[32m✓�[0m Git ops EULA setting uploading the same EULA again (0.64s)
2531:  �[32m✓�[0m Git ops EULA setting valid new pdf file (different EULA already uploaded) (0.58s)
2532:  �[32m✓�[0m Git ops EULA setting valid pdf file (no existing EULA uploaded) (0.70s)
2533:  �[32m✓�[0m Git ops MDM auth settings (0.67s)
2534:  �[32m✓�[0m Git ops SMTP settings (0.66s)
2535:  �[32m✓�[0m Git ops SSO server URL (0.45s)
2536:  �[32m✓�[0m Git ops SSO settings (0.41s)
2537:  �[32m✓�[0m Git ops android certificates add (0.70s)
2538:  �[32m✓�[0m Git ops android certificates change (0.52s)
2539:  �[32m✓�[0m Git ops android certificates delete all (0.49s)
2540:  �[32m✓�[0m Git ops android certificates delete one (0.56s)
2541:  �[32m✓�[0m Git ops app store app auto update (0.47s)
2542:  �[32m✓�[0m Git ops app store app auto update invalid auto-update window triggers error and does not call update software title auto update config (0.02s)
2543:  �[32m✓�[0m Git ops app store app auto update no auto update settings and no existing schedule does not call update software title auto update config (0.02s)
...

2546:  �[32m✓�[0m Git ops apple OS updates (0.83s)
2547:  �[32m✓�[0m Git ops apple OS updates ios updates (0.08s)
2548:  �[32m✓�[0m Git ops apple OS updates ios updates changed deadline triggers bulk set pending MDM host profiles (0.02s)
2549:  �[32m✓�[0m Git ops apple OS updates ios updates changed minimum version triggers bulk set pending MDM host profiles (0.03s)
2550:  �[32m✓�[0m Git ops apple OS updates ios updates same values do not trigger bulk set pending MDM host profiles (0.03s)
2551:  �[32m✓�[0m Git ops apple OS updates ipados updates (0.07s)
2552:  �[32m✓�[0m Git ops apple OS updates ipados updates changed deadline triggers bulk set pending MDM host profiles (0.02s)
2553:  �[32m✓�[0m Git ops apple OS updates ipados updates changed minimum version triggers bulk set pending MDM host profiles (0.02s)
2554:  �[32m✓�[0m Git ops apple OS updates ipados updates same values do not trigger bulk set pending MDM host profiles (0.03s)
2555:  �[32m✓�[0m Git ops apple OS updates macos updates (0.08s)
2556:  �[32m✓�[0m Git ops apple OS updates macos updates changed deadline triggers bulk set pending MDM host profiles (0.03s)
2557:  �[32m✓�[0m Git ops apple OS updates macos updates changed minimum version triggers bulk set pending MDM host profiles (0.02s)
2558:  �[32m✓�[0m Git ops apple OS updates macos updates same values do not trigger bulk set pending MDM host profiles (0.04s)
2559:  �[32m✓�[0m Git ops basic global and no team (0.62s)
2560:  �[32m✓�[0m Git ops basic global and no team basic global and no-team.yml (0.05s)
2561:  �[32m✓�[0m Git ops basic global and no team both global and no-team.yml define controls -- should fail (0.01s)
2562:  �[32m✓�[0m Git ops basic global and no team controls only defined in no-team.yml (0.05s)
2563:  �[32m✓�[0m Git ops basic global and no team global DOES NOT define controls -- should fail (0.01s)
2564:  �[32m✓�[0m Git ops basic global and no team global and no-team.yml DO NOT define controls -- should fail (0.01s)
2565:  �[32m✓�[0m Git ops basic global and no team global defines software -- should fail (0.01s)
2566:  �[32m✓�[0m Git ops basic global and no team no-team provided without global -- should fail (0.01s)
2567:  �[32m✓�[0m Git ops basic global and no team no-team.yml defines policy with calendar events enabled -- should fail (0.01s)
2568:  �[32m✓�[0m Git ops basic global and no team unassigned provided without global -- should fail (0.01s)
2569:  �[32m✓�[0m Git ops basic global and team (0.60s)
...

2574:  �[32m✓�[0m Git ops custom settings global macos custom settings valid deprecated.yml (0.56s)
2575:  �[32m✓�[0m Git ops custom settings global macos windows custom settings valid.yml (0.52s)
2576:  �[32m✓�[0m Git ops custom settings global windows custom settings invalid label mix 2 .yml (0.42s)
2577:  �[32m✓�[0m Git ops custom settings global windows custom settings invalid label mix.yml (0.42s)
2578:  �[32m✓�[0m Git ops custom settings global windows custom settings unknown label.yml (0.55s)
2579:  �[32m✓�[0m Git ops custom settings team macos custom settings valid deprecated.yml (0.75s)
2580:  �[32m✓�[0m Git ops custom settings team macos windows custom settings invalid labels mix 2 .yml (0.75s)
2581:  �[32m✓�[0m Git ops custom settings team macos windows custom settings invalid labels mix.yml (0.47s)
2582:  �[32m✓�[0m Git ops custom settings team macos windows custom settings unknown label.yml (0.55s)
2583:  �[32m✓�[0m Git ops custom settings team macos windows custom settings valid.yml (0.54s)
2584:  �[32m✓�[0m Git ops exception enforcement (0.44s)
2585:  �[32m✓�[0m Git ops exception enforcement free tier (0.42s)
2586:  �[32m✓�[0m Git ops exceptions preserve omitted keys (0.44s)
2587:  �[32m✓�[0m Git ops features (0.45s)
2588:  �[32m✓�[0m Git ops filename validation (0.00s)
2589:  �[32m✓�[0m Git ops fleet failing policies webhook policy IDs (0.54s)
2590:  �[32m✓�[0m Git ops fleet webhooks and tickets enabled (0.61s)
...

2745:  �[32m✓�[0m Run api command get scripts full path missing (0.00s)
2746:  �[32m✓�[0m Run api command get scripts team (0.00s)
2747:  �[32m✓�[0m Run api command get scripts team no cache (0.00s)
2748:  �[32m✓�[0m Run api command get typo (0.00s)
2749:  �[32m✓�[0m Run api command upload script (0.00s)
2750:  �[32m✓�[0m Run script command (0.78s)
2751:  �[32m✓�[0m Run script command disabled scripts globally (0.00s)
2752:  �[32m✓�[0m Run script command host not found (0.00s)
2753:  �[32m✓�[0m Run script command invalid file type (0.00s)
2754:  �[32m✓�[0m Run script command invalid hashbang (0.00s)
2755:  �[32m✓�[0m Run script command invalid utf 8 (0.00s)
2756:  �[32m✓�[0m Run script command missing one of script-path and script-nqme (0.00s)
2757:  �[32m✓�[0m Run script command output truncated (0.01s)
2758:  �[32m✓�[0m Run script command posix shell hashbang (0.01s)
2759:  �[32m✓�[0m Run script command script empty (0.00s)
2760:  �[32m✓�[0m Run script command script failed (0.01s)
2761:  �[32m✓�[0m Run script command script killed (0.01s)
...

2805:  �[32m✓�[0m User is observer team observer and maintainer (0.00s)
2806:  �[32m✓�[0m User is observer team observer+ (0.00s)
2807:  �[32m✓�[0m User is observer user without roles (0.00s)
2808:  github.com/fleetdm/fleet/v4/cmd/fleetctl/integrationtest/vuln:
2809:  �[31m✖�[0m Integrations vulnerability data stream (310.51s)
2810:  github.com/fleetdm/fleet/v4/cmd/fleetctl/integrationtest/package:
2811:  �[32m✓�[0m Package (394.27s)
2812:  �[32m✓�[0m Package - -use-sytem-configuration can't be used on installers that aren't pkg (0.00s)
2813:  �[32m✓�[0m Package deb (2.13s)
2814:  github.com/fleetdm/fleet/v4/cmd/fleetctl/integrationtest/gitops:
2815:  �[32m✓�[0m Git ops VPP (4.28s)
2816:  �[32m✓�[0m Git ops VPP all teams is supported (0.55s)
2817:  �[32m✓�[0m Git ops VPP new key all valid (0.63s)
2818:  �[32m✓�[0m Git ops VPP new key multiple elements (0.57s)
2819:  �[32m✓�[0m Git ops VPP no team is supported (0.62s)
2820:  �[32m✓�[0m Git ops VPP non existent location fails (0.77s)
2821:  �[32m✓�[0m Git ops VPP not provided teams defaults to no team (0.57s)
2822:  �[32m✓�[0m Git ops VPP using an undefined team errors (0.57s)
2823:  �[32m✓�[0m Git ops existing team VPP apps with missing team (0.53s)
...

2903:  �[32m✓�[0m Git ops team software installers team software installer with display name.yml (1.49s)
2904:  �[32m✓�[0m Integrations enterprise gitops (309.39s)
2905:  �[32m✓�[0m Integrations enterprise gitops test CA integrations (6.18s)
2906:  �[32m✓�[0m Integrations enterprise gitops test FMA labels include all (7.41s)
2907:  �[32m✓�[0m Integrations enterprise gitops test IPA software installers (12.50s)
2908:  �[32m✓�[0m Integrations enterprise gitops test JSON configuration profile escaping (1.50s)
2909:  �[32m✓�[0m Integrations enterprise gitops test add manual labels (2.17s)
2910:  �[32m✓�[0m Integrations enterprise gitops test configuration profile escaping (1.71s)
2911:  �[32m✓�[0m Integrations enterprise gitops test delete CA with certificate templates (7.65s)
2912:  �[32m✓�[0m Integrations enterprise gitops test delete mac OS setup (6.83s)
2913:  �[32m✓�[0m Integrations enterprise gitops test deleting no team YAML (3.56s)
2914:  �[32m✓�[0m Integrations enterprise gitops test disallow software setup experience (125.33s)
2915:  �[32m✓�[0m Integrations enterprise gitops test disallow software setup experience all VPP with setup experience (1.68s)
2916:  �[32m✓�[0m Integrations enterprise gitops test disallow software setup experience no team VPP (1.40s)
2917:  �[32m✓�[0m Integrations enterprise gitops test disallow software setup experience no team installers (61.09s)
2918:  �[32m✓�[0m Integrations enterprise gitops test disallow software setup experience packages fail (60.93s)
2919:  �[32m✓�[0m Integrations enterprise gitops test env substitution in profiles (1.67s)
...

2941:  �[32m✓�[0m Integrations enterprise gitops test omitted top level keys global (2.92s)
2942:  �[32m✓�[0m Integrations enterprise gitops test remove custom settings from default YAML (3.19s)
2943:  �[32m✓�[0m Integrations enterprise gitops test special case teams VPP apps (4.64s)
2944:  �[32m✓�[0m Integrations enterprise gitops test special case teams VPP apps all teams (2.90s)
2945:  �[32m✓�[0m Integrations enterprise gitops test special case teams VPP apps no team (1.56s)
2946:  �[32m✓�[0m Integrations enterprise gitops test unset configuration profile labels (6.01s)
2947:  �[32m✓�[0m Integrations enterprise gitops test unset software installer labels (11.15s)
2948:  �[32m✓�[0m Integrations enterprise starter library (5.20s)
2949:  �[32m✓�[0m Integrations enterprise starter library test apply starter library premium (3.90s)
2950:  �[32m✓�[0m Integrations gitops (2.68s)
2951:  �[32m✓�[0m Integrations gitops test fleet gitops (0.69s)
2952:  �[32m✓�[0m Integrations gitops test fleet gitops DDM fleet vars requires premium (0.18s)
2953:  �[32m✓�[0m Integrations gitops test fleet gitops with fleet secrets (0.48s)
2954:  �[32m✓�[0m Integrations starter library (1.55s)
2955:  �[32m✓�[0m Integrations starter library test apply starter library free (0.31s)
2956:  === �[31mFailed�[0m
2957:  === �[31mFAIL�[0m: cmd/fleetctl/integrationtest/vuln TestIntegrationsVulnerabilityDataStream (310.51s)
2958:  nettest.go:33: network test start: TestIntegrationsVulnerabilityDataStream
2959:  Download failed on https://security-metadata.canonical.com/oval/com.ubuntu.plucky.usn.oval.xml.bz2: do request: Get "https://security-metadata.canonical.com/oval/com.ubuntu.plucky.usn.oval.xml.bz2": net/http: TLS handshake timeout. Retrying in 732.243405ms
2960:  Download failed on https://security-metadata.canonical.com/oval/com.ubuntu.plucky.usn.oval.xml.bz2: do request: Get "https://security-metadata.canonical.com/oval/com.ubuntu.plucky.usn.oval.xml.bz2": net/http: TLS handshake timeout. Retrying in 427.947448ms
2961:  Download failed on https://security-metadata.canonical.com/oval/com.ubuntu.plucky.usn.oval.xml.bz2: do request: Get "https://security-metadata.canonical.com/oval/com.ubuntu.plucky.usn.oval.xml.bz2": net/http: TLS handshake timeout. Retrying in 1.287357141s
2962:  Download failed on https://security-metadata.canonical.com/oval/com.ubuntu.plucky.usn.oval.xml.bz2: do request: Get "https://security-metadata.canonical.com/oval/com.ubuntu.plucky.usn.oval.xml.bz2": read tcp 10.1.0.48:44010->91.189.91.45:443: read: connection reset by peer. Retrying in 1.243705271s
2963:  Download failed on https://security-metadata.canonical.com/oval/com.ubuntu.plucky.usn.oval.xml.bz2: do request: Get "https://security-metadata.canonical.com/oval/com.ubuntu.plucky.usn.oval.xml.bz2": read tcp 10.1.0.48:44012->91.189.91.45:443: read: connection reset by peer. Retrying in 2.693348532s
2964:  Download failed on https://security-metadata.canonical.com/oval/com.ubuntu.plucky.usn.oval.xml.bz2: do request: Get "https://security-metadata.canonical.com/oval/com.ubuntu.plucky.usn.oval.xml.bz2": read tcp 10.1.0.48:41426->91.189.91.45:443: read: connection reset by peer. Retrying in 5.539840693s
2965:  Download failed on https://security-metadata.canonical.com/oval/com.ubuntu.plucky.usn.oval.xml.bz2: do request: Get "https://security-metadata.canonical.com/oval/com.ubuntu.plucky.usn.oval.xml.bz2": dial tcp 91.189.91.45:443: i/o timeout. Retrying in 4.830872935s
2966:  Download failed on https://security-metadata.canonical.com/oval/com.ubuntu.plucky.usn.oval.xml.bz2: do request: Get "https://security-metadata.canonical.com/oval/com.ubuntu.plucky.usn.oval.xml.bz2": read tcp 10.1.0.48:57206->91.189.91.45:443: read: connection reset by peer. Retrying in 12.244331942s
2967:  Download failed on https://security-metadata.canonical.com/oval/com.ubuntu.plucky.usn.oval.xml.bz2: do request: Get "https://security-metadata.canonical.com/oval/com.ubuntu.plucky.usn.oval.xml.bz2": dial tcp 91.189.91.44:443: i/o timeout. Retrying in 10.121084272s
2968:  Download failed on https://security-metadata.canonical.com/oval/com.ubuntu.plucky.usn.oval.xml.bz2: do request: Get "https://security-metadata.canonical.com/oval/com.ubuntu.plucky.usn.oval.xml.bz2": dial tcp 91.189.91.44:443: i/o timeout. Retrying in 25.785067018s
2969:  Download failed on https://security-metadata.canonical.com/oval/com.ubuntu.plucky.usn.oval.xml.bz2: do request: Get "https://security-metadata.canonical.com/oval/com.ubuntu.plucky.usn.oval.xml.bz2": read tcp 10.1.0.48:34658->91.189.91.45:443: read: connection reset by peer. Retrying in 28.009743719s
2970:  vulnerability_data_stream_test.go:44: 
2971:  Error Trace:	/home/runner/work/fleet/fleet/cmd/fleetctl/integrationtest/vuln/vulnerability_data_stream_test.go:44
2972:  Error:      	Received unexpected error:
2973:  Error downloading Oval definitions: downloadDefinitions: download and extract url https://security-metadata.canonical.com/oval/com.ubuntu.plucky.usn.oval.xml.bz2: download and write file: do request: Get "https://security-metadata.canonical.com/oval/com.ubuntu.plucky.usn.oval.xml.bz2": dial tcp 185.125.190.47:443: i/o timeout
2974:  Test:       	TestIntegrationsVulnerabilityDataStream
2975:  nettest.go:36: network test done: TestIntegrationsVulnerabilityDataStream
2976:  DONE 807 tests, 1 failure in 634.087s
2977:  make[1]: *** [Makefile:278: .run-go-tests] Error 1
2978:  make[1]: Leaving directory '/home/runner/work/fleet/fleet'
2979:  make: *** [Makefile:393: test-go] Error 2
2980:  ##[error]Process completed with exit code 2.
2981:  ##[group]Run actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a
2982:  with:
2983:  name: fleetctl-mysql9.5.0-coverage
2984:  path: ./coverage.txt
2985:  if-no-files-found: error
2986:  compression-level: 6
...

2998:  With the provided path, there will be 1 file uploaded
2999:  Artifact name is valid!
3000:  Root directory input is valid!
3001:  Beginning upload of artifact content to blob storage
3002:  Uploaded bytes 2830182
3003:  Finished uploading artifact content to blob storage!
3004:  SHA256 hash of uploaded artifact zip is a509f11dbfb40dc08585ffea7b1932dd2e3a168a435329dbcd004eee6b1c17ea
3005:  Finalizing artifact upload
3006:  Artifact fleetctl-mysql9.5.0-coverage.zip successfully finalized. Artifact ID 6739571741
3007:  Artifact fleetctl-mysql9.5.0-coverage has been successfully uploaded! Final size is 2830182 bytes. Artifact ID is 6739571741
3008:  Artifact download URL: https://github.com/fleetdm/fleet/actions/runs/25187165680/artifacts/6739571741
3009:  ##[group]Run c1grep() { grep "$@" || test $? = 1; }
3010:  �[36;1mc1grep() { grep "$@" || test $? = 1; }�[0m
3011:  �[36;1mc1grep -oP 'FAIL: .*$' /tmp/gotest.log > /tmp/summary.txt�[0m
3012:  �[36;1mc1grep 'test timed out after' /tmp/gotest.log >> /tmp/summary.txt�[0m
3013:  �[36;1mc1grep 'fatal error:' /tmp/gotest.log >> /tmp/summary.txt�[0m
3014:  �[36;1mc1grep -A 10 'panic: runtime error: ' /tmp/gotest.log >> /tmp/summary.txt�[0m
3015:  �[36;1mc1grep ' FAIL\t' /tmp/gotest.log >> /tmp/summary.txt�[0m
3016:  �[36;1mGO_FAIL_SUMMARY=$(head -n 5 /tmp/summary.txt | sed ':a;N;$!ba;s/\n/\\n/g')�[0m
3017:  �[36;1mecho "GO_FAIL_SUMMARY=$GO_FAIL_SUMMARY"�[0m
3018:  �[36;1mif [[ -z "$GO_FAIL_SUMMARY" ]]; then�[0m
3019:  �[36;1m  GO_FAIL_SUMMARY="unknown, please check the build URL"�[0m
3020:  �[36;1mfi�[0m
3021:  �[36;1mGO_FAIL_SUMMARY=$GO_FAIL_SUMMARY envsubst < .github/workflows/config/slack_payload_template.json > ./payload.json�[0m
3022:  shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
3023:  env:
3024:  RACE_ENABLED: false
3025:  GO_TEST_TIMEOUT: 20m
3026:  DOCKER_COMMAND: docker compose -f docker-compose.yml -f docker-compose-redis-cluster.yml up -d mysql_test mysql_replica_test redis redis-cluster-1 redis-cluster-2 redis-cluster-3 redis-cluster-4 redis-cluster-5 redis-cluster-6 redis-cluster-setup s3 saml_idp mailhog mailpit smtp4dev_test
3027:  RUN_TESTS_ARG: 
3028:  CI_TEST_PKG: fleetctl
3029:  NEED_DOCKER: 1
3030:  ARTIFACT_PREFIX: fleetctl-mysql9.5.0
3031:  GOTOOLCHAIN: local
3032:  ##[endgroup]
3033:  GO_FAIL_SUMMARY=
3034:  ##[group]Run actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a
3035:  with:
3036:  name: fleetctl-mysql9.5.0-test-log
3037:  path: /tmp/gotest.log
3038:  if-no-files-found: error
3039:  compression-level: 6

@cdcme cdcme marked this pull request as ready for review April 30, 2026 20:41
@cdcme cdcme requested a review from a team as a code owner April 30, 2026 20:41
Copilot AI review requested due to automatic review settings April 30, 2026 20:41
claude[bot]
claude Bot reviewed Apr 30, 2026
View reviewed changes
Copy link
Copy Markdown

@claude claude Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

Tip: disable this comment in your organization's Code Review settings.

Copilot AI reviewed Apr 30, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR hardens the software title icon storage path to prevent the DB (software_title_icons.storage_id) and the icon bytes store from silently diverging, which can lead to missing/incorrect icons during GitOps runs.

Changes:

  • Read in-use storage_ids from the MySQL writer in CleanupUnusedSoftwareTitleIcons to avoid replica lag causing deletion of newly-referenced icon bytes.
  • Make filesystem icon Put atomic via temp-file + fsync + rename, avoiding truncated final files on mid-write failure.
  • Make filesystem icon Exists validate integrity (reject 0-byte and SHA-256 mismatches), and add unit + integration test coverage for corruption/recovery paths.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

File Description
server/datastore/mysql/software_title_icons.go Uses writer connection for storage-id enumeration to avoid replica-lag deletion.
server/datastore/filesystem/software_title_icons.go Implements atomic writes and integrity-checking Exists for filesystem-backed icon store.
server/datastore/filesystem/software_title_icons_test.go Adds unit tests for corruption detection and atomic write behavior.
cmd/fleetctl/integrationtest/gitops/gitops_enterprise_integration_test.go Adds GitOps integration coverage for “bytes missing but DB hash unchanged” recovery workflow.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread server/datastore/filesystem/software_title_icons.go
Comment on lines +86 to +92
}
if err := tmp.Close(); err != nil {
return ctxerr.Wrap(ctx, err, "closing software title icon file in filesystem store")
}
if err := os.Rename(tmpPath, finalPath); err != nil {
return ctxerr.Wrap(ctx, err, "renaming software title icon file in filesystem store")
}
@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented Apr 30, 2026

Walkthrough

This pull request modifies software title icon storage and retrieval to improve reliability. The filesystem-based icon store's Put operation now writes to a temporary file before atomically renaming it to the final path, preventing truncated files after crashes. The Exists method now validates file integrity by computing SHA-256 hashes and matching against the stored iconID, treating zero-length and hash-mismatched files as missing. The MySQL cleanup operation switches to the writer connection to avoid stale replicas incorrectly deleting in-use icons. An integration test validates icon recovery when on-disk bytes are missing or truncated.

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title 'Prevent silent corruption of software title icons' clearly and directly describes the main objective of the changeset—preventing corruption of software title icons through atomic writes, hash validation, and replica consistency.
Description check ✅ Passed The PR description addresses the template's key sections: it references the related issue (#43161), provides a clear summary of changes, and documents the testing approach with unit and integration tests.
Linked Issues check ✅ Passed The PR implementation directly addresses issue #43161 by implementing three preventive changes: atomic filesystem writes to prevent truncation, hash validation in Exists() to reject corrupted files, and reader consistency in CleanupUnusedSoftwareTitleIcons to prevent stale replicas from deleting in-use icons.
Out of Scope Changes check ✅ Passed All changes are in-scope: filesystem icon storage atomicity and integrity checks, MySQL query replica consistency, and integration tests validating the recover behavior—all directly supporting the goal of preventing icon corruption divergence.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix-43161-icon-noop-repro

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
Review rate limit: 7/8 reviews remaining, refill in 7 minutes and 30 seconds.

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai Bot reviewed Apr 30, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (1)
cmd/fleetctl/integrationtest/gitops/gitops_enterprise_integration_test.go (1)

3050-3052: ⚡ Quick win

Strengthen the recovery assertion to compare bytes, not just size.

A wrong file with the same byte length would still pass currently. Comparing content (or hash) makes the regression guard precise.

Suggested enhancement 
 	info, err = os.Stat(iconPath)
 	require.NoError(t, err)
 	require.Equal(t, originalSize, info.Size())
+
+	expectedIconBytes, err := os.ReadFile(filepath.Join(dirPath, "testdata", "gitops", "lib", "icon.png"))
+	require.NoError(t, err)
+	gotIconBytes, err := os.ReadFile(iconPath)
+	require.NoError(t, err)
+	require.Equal(t, expectedIconBytes, gotIconBytes)
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@cmd/fleetctl/integrationtest/gitops/gitops_enterprise_integration_test.go`
around lines 3050 - 3052, The test currently only compares file size (variables
info, iconPath, originalSize) after recovery; instead, read the recovered file
bytes and compare them to the original bytes (or compute and compare a hash) to
ensure content equality. Replace the require.Equal(t, originalSize, info.Size())
check with code that opens iconPath, reads its contents, and asserts equality
against the previously saved original byte slice (or compares their SHA256
hashes) using require.Equal or require.EqualValues to guarantee the recovered
file content matches exactly.
🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@server/datastore/filesystem/software_title_icons.go`:
- Around line 112-115: In the Exists function, treat a post-Stat ENOENT from
os.Open as "not present" instead of an error: when os.Open(path) returns an
error, check os.IsNotExist(err) (or errors.Is(err, os.ErrNotExist)) and return
(false, nil) in that case; otherwise wrap and return the error as currently
done. Also ensure any opened file (f) is closed on the success path to avoid
leaks. Use the function name Exists and the variables path, f, err, os.Open, and
ctxerr.Wrap to locate and update the logic.

---

Nitpick comments:
In `@cmd/fleetctl/integrationtest/gitops/gitops_enterprise_integration_test.go`:
- Around line 3050-3052: The test currently only compares file size (variables
info, iconPath, originalSize) after recovery; instead, read the recovered file
bytes and compare them to the original bytes (or compute and compare a hash) to
ensure content equality. Replace the require.Equal(t, originalSize, info.Size())
check with code that opens iconPath, reads its contents, and asserts equality
against the previously saved original byte slice (or compares their SHA256
hashes) using require.Equal or require.EqualValues to guarantee the recovered
file content matches exactly.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: a6bc3a1c-5cf3-48c4-b03e-94e55099f6fb

📥 Commits

Reviewing files that changed from the base of the PR and between 698aa58 and 4854e46.

📒 Files selected for processing (4)
  • cmd/fleetctl/integrationtest/gitops/gitops_enterprise_integration_test.go
  • server/datastore/filesystem/software_title_icons.go
  • server/datastore/filesystem/software_title_icons_test.go
  • server/datastore/mysql/software_title_icons.go

Comment thread server/datastore/filesystem/software_title_icons.go
Comment on lines +112 to +115
f, err := os.Open(path)
if err != nil {
return false, ctxerr.Wrap(ctx, err, "opening software title icon for hash verification")
}
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot Apr 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Handle post-Stat ENOENT in Exists as not-present, not error.

If cleanup/remove happens after Line 102 but before Line 112, Exists returns an error instead of false, which can surface transient failures in callers that expect corruption/missing bytes to fall through to re-upload.

Suggested fix 
 	f, err := os.Open(path)
 	if err != nil {
+		if os.IsNotExist(err) {
+			return false, nil
+		}
 		return false, ctxerr.Wrap(ctx, err, "opening software title icon for hash verification")
 	}
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@server/datastore/filesystem/software_title_icons.go` around lines 112 - 115,
In the Exists function, treat a post-Stat ENOENT from os.Open as "not present"
instead of an error: when os.Open(path) returns an error, check
os.IsNotExist(err) (or errors.Is(err, os.ErrNotExist)) and return (false, nil)
in that case; otherwise wrap and return the error as currently done. Also ensure
any opened file (f) is closed on the success path to avoid leaks. Use the
function name Exists and the variables path, f, err, os.Open, and ctxerr.Wrap to
locate and update the logic.

Copy link
Copy Markdown
Member Author

@cdcme cdcme Apr 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure this "callers that expect corruption/missing bytes to fall through to re-upload" is a thing, but will check.

@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 30, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 55.55556% with 12 lines in your changes missing coverage. Please review.
✅ Project coverage is 66.78%. Comparing base (214c00a) to head (4854e46).
⚠️ Report is 23 commits behind head on main.

Files with missing lines Patch % Lines
...erver/datastore/filesystem/software_title_icons.go 57.69% 6 Missing and 5 partials ⚠️
server/datastore/mysql/software_title_icons.go 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #44540      +/-   ##
==========================================
+ Coverage   66.76%   66.78%   +0.01%     
==========================================
  Files        2636     2637       +1     
  Lines      211834   212130     +296     
  Branches     9388     9388              
==========================================
+ Hits       141437   141672     +235     
- Misses      57552    57590      +38     
- Partials    12845    12868      +23
Flag Coverage Δ
backend 68.56% <55.55%> (+0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@cdcme
Copy link
Copy Markdown
Member Author

cdcme commented Apr 30, 2026

@claude review once

claude[bot]
claude Bot reviewed Apr 30, 2026
View reviewed changes
Copy link
Copy Markdown

@claude claude Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM — atomic temp+rename, hash-checked Exists, and writer-side cleanup read are the right fixes for the corruption/divergence paths and are well-covered by the new unit + integration tests.

Extended reasoning...

Overview

The PR makes three small, focused changes to prevent silent divergence between software_title_icons rows and on-disk bytes:

  • server/datastore/filesystem/software_title_icons.go: Put now writes to a temp file in the same directory, fsyncs, closes, and atomically renames into place; Exists rejects zero-byte files and verifies the file's SHA-256 matches iconID.
  • server/datastore/mysql/software_title_icons.go: CleanupUnusedSoftwareTitleIcons now selects from the writer rather than a replica, so a stale replica missing a freshly-inserted storage_id won't cause its in-use file to be deleted.
  • server/datastore/filesystem/software_title_icons_test.go + cmd/fleetctl/integrationtest/gitops/...: new unit tests cover Exists rejection (zero-byte, hash mismatch, intact) and Put atomicity (mid-write failure leaves no final file); a new integration test pins down the upload → corrupt → recover flow.

Security risks

None of concern. The hash verification in Exists actually strengthens integrity guarantees by ensuring on-disk bytes match the content-addressed ID before the store reports them as present. The temp filename prefix (.tmp-icon-*) is created via os.CreateTemp in the icons directory, so there's no path-traversal or symlink-attack surface beyond what the existing store already had.

Level of scrutiny

Moderate — this touches a data-integrity boundary (file storage + DB cleanup), but the changes are individually small, follow well-established patterns (write-temp-then-rename is textbook), and the tests are appropriately targeted. The MySQL change is a one-line writer/reader swap with a clear correctness argument.

Other factors

The reviewer concerns from Copilot and CodeRabbit are minor edge cases:

  • The Windows os.Rename concern is largely moot — modern Go uses MoveFileExW with MOVEFILE_REPLACE_EXISTING for files, so overwriting works on Windows.
  • The post-Stat ENOENT race in Exists is a narrow window (only Cleanup removes files) and the caller in ee/server/service/software_title_icons.go would just propagate an error that the user would retry; not load-bearing for this PR's correctness.

The CI failure (TestIntegrationsVulnerabilityDataStream) is unrelated — it's a network test that timed out fetching Canonical OVAL definitions, with no connection to the icon-store changes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Copilot code review Copilot Copilot left review comments

@claude claude[bot] claude[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cdcme