fleet
fleet copied to clipboard
fleetdm
Expose UpgradeCode for Windows apps in osquery via upgrade_code column in programs table
Goal
| User story |
|---|
| As an IT admin, |
| I want to be able to pull UpgradeCode from Windows apps |
| so that I can properly group different versions of the same (primarily MSI-based) app regardless of app name, and build uninstall scripts and auto-install/patching queries that correctly account for all versions of software on the machine, rather than just one defined by product code (or looser matching based on name). |
Key result
Get to 100 Fleet-maintained apps for macOS & Windows (50 each)
Original requests
- #22369
Context
- Designer: @eugkuo
- Engineer: @ksykulev
Changes
Product
- [ ] UI changes: No changes.
- [ ] CLI (fleetctl) usage changes: No changes.
- [ ] YAML changes: No changes.
- [ ] REST API changes: No changes.
- [ ] Fleet's agent (fleetd) changes: No changes (changes are in osquery as this is a column on an existing built-in table).
- [ ] GitOps mode changes: No changes.
- [ ] Activity changes: No changes.
- [ ] Permissions changes: No changes.
- [ ] Changes to paid features or tiers: osquery change, so available everywhere.
- [ ] Transparency changes: No changes.
- [ ] First draft of test plan added
- [ ] Other reference documentation changes: Ensure osquery schema is synced.
- [ ] Once shipped, requester has been notified
- [ ] Once shipped, dogfooding issue has been filed
Engineering
- [ ] Test plan is finalized
- [ ] Contributor API changes: No changes.
- [ ] Feature guide changes: No changes.
ℹ️ Please read this issue carefully and understand it. Pay special attention to UI wireframes, especially "dev notes".
QA
Risk assessment
- Risk level: Low
Test plan
Confirm the column exists in programs and contains the expected upgrade code information (WinGet MSIs are probably easiest to verify here since they tend to include UpgradeCode in manifests).
Testing notes
Confirmation
- [ ] Engineer: Added comment to user story confirming successful completion of test plan.
- [ ] QA: Added comment to user story confirming successful completion of test plan.
@ksykulev lmk if anything is amiss here. Probably worthwhile to go ahead and start dev on this so this makes it into osquery 5.17.0 (@zwass any gut feeling on when that would land?).
That will be cut in the next 5 business days. If it's quick to develop I can make a quick turnaround on a review and merge so we could get it into the release.
On Tue, Apr 1, 2025, 10:08 PM Ian Littman @.***> wrote:
@ksykulev https://github.com/ksykulev lmk if anything is amiss here. Probably worthwhile to go ahead and start dev on this so this makes it into osquery 5.17.0 @.*** https://github.com/zwass any gut feeling on when that would land?).
— Reply to this email directly, view it on GitHub https://github.com/fleetdm/fleet/issues/27759#issuecomment-2771353887, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAEMQ4QPGHHL2XGZRXKGCF32XNWGTAVCNFSM6AAAAAB2IRRDACVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDONZRGM2TGOBYG4 . You are receiving this because you were mentioned.Message ID: @.***> [image: iansltx]iansltx left a comment (fleetdm/fleet#27759) https://github.com/fleetdm/fleet/issues/27759#issuecomment-2771353887
@ksykulev https://github.com/ksykulev lmk if anything is amiss here. Probably worthwhile to go ahead and start dev on this so this makes it into osquery 5.17.0 @.*** https://github.com/zwass any gut feeling on when that would land?).
— Reply to this email directly, view it on GitHub https://github.com/fleetdm/fleet/issues/27759#issuecomment-2771353887, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAEMQ4QPGHHL2XGZRXKGCF32XNWGTAVCNFSM6AAAAAB2IRRDACVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDONZRGM2TGOBYG4 . You are receiving this because you were mentioned.Message ID: @.***>
Goal
| User story |
|---|
| As an IT admin, |
| I want to be able to pull UpgradeCode from Windows apps |
| so that I can properly group different versions of the same (primarily MSI-based) app regardless of app name, and build uninstall scripts and auto-install/patching queries that correctly account for all versions of software on the machine, rather than just one defined by product code (or looser matching based on name). |
@iansltx thanks for tracking this!
@ksykulev can you please work with Eugene to help get the TODOs filled out in the product section so that we can bring this story through user story review? That way, Product Design, Engineering, and QA all know what we're going to build.
If it's something we think we need to start now, in the current sprint, please add the P1 label and assign Luke per the priority label process here: https://fleetdm.com/handbook/company/communications#high-priority-user-stories-and-bugs
cc @mostlikelee
@noahtalerman Looks like you overwrote the specs I had gotten a start on for this last night. Restoring those now, as I believe there were no TODOs on my version.
Spec restored from a previous rev. Didn't revert anything above "Changes" since those were the relevant edits.
@iansltx Awesome, thanks so much. I'll put this also in the design review agenda for tomorrow.
@iansltx I'm not clear why this was assigned P1. Would you please let me know? Looks like it needs expedited drafting?
@lukeheath tl;dr: there's an imminent osquery release and we want to get this into that release (5.17) rather than waiting for 5.18. This is a column on an existing table so we can't build this into fleetd-tables.
We want this now because with it we can more reliably confirm whether an application is installed for auto-install queries; right now the queries we generate won't detect existing installs unless they're the exact same version (tracked in #27447) and we don't get enough info from osquery right now to fix that issue properly.
Fixing #27447 sooner rather than later also allows us to fix #27758 more reliably/with less effort, as at that point we'll be using UpgradeCode for our internal MSI operations exclusively rather than ProductCode, and as patching workflows get more important having version-pinned is-this-installed queries/uninstall scripts will become more of a liability.
@ksykulev similar to the other osquery change, I'm not certain what more I can test other than running:
select * from programs;
This is the output:
osquery> select * from programs;
+-----------------------------------------------------+---------------+----------------------------------------------------------+---------------------------------------------------------------------------------+----------+-------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------+----------------------------------------+----------------------------------------+
| name | version | install_location | install_source | language | publisher | uninstall_string | install_date | identifying_number | upgrade_code |
+-----------------------------------------------------+---------------+----------------------------------------------------------+---------------------------------------------------------------------------------+----------+-------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------+----------------------------------------+----------------------------------------+
| Git | 2.49.0 | C:\Program Files\Git\ | | | The Git Development Community | "C:\Program Files\Git\unins000.exe" | 20250409 | | |
| | | C:\Windows\System32\ | | | Microsoft Corporation | "C:\Windows\System32\mstsc.exe" /uninstall | | | |
| TeamViewer | 15.64.3 | C:\Program Files\TeamViewer | | | TeamViewer | "C:\Program Files\TeamViewer\uninstall.exe" | | | |
| Go Programming Language arm64 go1.24.2 | 1.24.2 | | \\Mac\Home\Downloads\ | 1033 | https://go.dev | MsiExec.exe /X{0D4A18EC-20F7-469D-AA92-C1B5A8CA7AE0} | 20250409 | {0D4A18EC-20F7-469D-AA92-C1B5A8CA7AE0} | {21ADE9A3-3FDD-4BA6-BEA6-C85ABADC9488} |
| Google Chrome | 135.0.7049.85 | | C:\Users\janis\AppData\Local\Temp\3213677148\ | 1033 | Google LLC | MsiExec.exe /X{138D2D03-6550-3989-85BA-178F9BBA2D6F} | 20250409 | {138D2D03-6550-3989-85BA-178F9BBA2D6F} | {C1DFDF69-5945-32F2-A35E-EE94C99C7CF4} |
| Box | 2.44.209 | C:\Program Files\Box\Box\ | C:\Users\janis\AppData\Local\Temp\859580228\ | 1033 | Box, Inc. | MsiExec.exe /X{4C462062-5BE1-4757-9796-73C3A2D942E1} | 20250409 | {4C462062-5BE1-4757-9796-73C3A2D942E1} | {46AF5B38-D258-487A-92BD-792911248CCD} |
| Cloudflare WARP | 25.2.600.0 | | C:\Users\janis\AppData\Local\Temp\833730925\ | 1033 | Cloudflare, Inc. | MsiExec.exe /X{8123B6B1-C603-4DC7-A5C5-2A1E710B5307} | 20250409 | {8123B6B1-C603-4DC7-A5C5-2A1E710B5307} | {1BF42825-7B65-4CA9-AFFF-B7B5E1CE27B4} |
| Parallels Tools | 20.2.2.55879 | | C:\Program Files\Common Files\Parallels\{C869392E-9771-4B87-A8F6-63E387E20855}\ | 1033 | Parallels International GmbH | MsiExec.exe /I{91059C67-7066-4DE0-BBFF-9D7939E57F41} | 20250321 | {91059C67-7066-4DE0-BBFF-9D7939E57F41} | {8D3E189B-5BC5-4EB0-9CCF-694072290979} |
| Microsoft Teams Meeting Add-in for Microsoft Office | 1.25.04401 | | C:\Program Files\WindowsApps\MSTeams_25060.205.3499.6849_arm64__8wekyb3d8bbwe\ | 1033 | Microsoft | MsiExec.exe /I{A7AB73A3-CB10-4AA5-9D38-6AEFFBDE4C91} | 20250409 | {A7AB73A3-CB10-4AA5-9D38-6AEFFBDE4C91} | |
| Microsoft Visual Studio Code | 1.99.1 | C:\Program Files\Microsoft VS Code\ | | | Microsoft Corporation | "C:\Program Files\Microsoft VS Code\unins000.exe" | 20250409 | | |
| Brave | 135.1.77.95 | C:\Program Files\BraveSoftware\Brave-Browser\Application | | | Brave Software Inc | "C:\Program Files\BraveSoftware\Brave-Browser\Application\135.1.77.95\Installer\setup.exe" --uninstall --system-level | 20250409 | | |
| Microsoft Edge | 135.0.3179.54 | C:\Program Files (x86)\Microsoft\Edge\Application | | | Microsoft Corporation | "C:\Program Files (x86)\Microsoft\Edge\Application\135.0.3179.54\Installer\setup.exe" --uninstall --msedge --channel=stable --system-level --verbose-logging | 20250409 | | |
| | 1.3.195.49 | | | | | | | | |
| Microsoft Edge WebView2 Runtime | 134.0.3124.93 | C:\Program Files (x86)\Microsoft\EdgeWebView\Application | | | Microsoft Corporation | "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\134.0.3124.93\Installer\setup.exe" --uninstall --msedgewebview --system-level --verbose-logging | 20250409 | | |
| Microsoft Visual Studio Code (User) | 1.99.1 | C:\Users\janis\AppData\Local\Programs\Microsoft VS Code\ | | | Microsoft Corporation | "C:\Users\janis\AppData\Local\Programs\Microsoft VS Code\unins000.exe" | 20250409 | | |
+-----------------------------------------------------+---------------+----------------------------------------------------------+---------------------------------------------------------------------------------+----------+-------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------+----------------------------------------+----------------------------------------+
and upgrade_code is a field there with some of the apps having a value returned... thoughts on further testing needed?
cloudflare WARP -> https://github.com/microsoft/winget-pkgs/blob/master/manifests/c/Cloudflare/Warp/25.2.600.0/Cloudflare.Warp.installer.yaml UpgradeCode: '{1BF42825-7B65-4CA9-AFFF-B7B5E1CE27B4}' matches results✅
box -> https://github.com/microsoft/winget-pkgs/blob/master/manifests/b/Box/Box/2.44.209/Box.Box.installer.yaml UpgradeCode: '{46AF5B38-D258-487A-92BD-792911248CCD}' matches results ✅
chrome -> https://github.com/microsoft/winget-pkgs/blob/master/manifests/g/Google/Chrome/135.0.7049.85/Google.Chrome.installer.yaml UpgradeCode: '{C1DFDF69-5945-32F2-A35E-EE94C99C7CF4}' matches results ✅
golang -> https://github.com/microsoft/winget-pkgs/blob/master/manifests/g/GoLang/Go/1.24.2/GoLang.Go.installer.yaml UpgradeCode: '{1C3114EA-08C3-11E1-9095-7FCA4824019B}' matches results ❌
Could not find parallels tools in winget, the closest I found parallels, which doesn't seem to be the same https://github.com/microsoft/winget-pkgs/tree/master/manifests/p/Parallels/Parallels
@noahtalerman Created dogfood ticket: https://github.com/fleetdm/fleet/issues/29415
FYI @eugkuo keeping these user stories assigned to you so that you own remembering to notify the requester. We'll do the notification together during confirm and celebrate this week.
@noahtalerman Ok. I'm a little unsure of the process then. Happy to tag requesters in these tickets but does that happen after the dogfood ticket is closed? Or can I notify people as soon as a ticket hits C&C? In which case I'm happy to tag the requesters in the ticket along with the dogfood ticket or with closing after testing. LMK.
@eugkuo we can tag requesters as soon as we ship the story. At this time, the story hits C&C.
More importantly though, we want to tag requesters in the request issue (linked to in "Original request" in the description), not in individual user stories (this issue).
Why? Requesters live at the customer request level. User stories reflect incremental progress.
Sometimes we decide to not tag requesters at all—like in this case—because there's very little user value until the full request is delivered. For example, users asking for more Fleet-maintained Windows apps won’t get much value just from us adding an upgrade_code column (this story). That change helps us internally to add apps we previously couldn’t match.
Let’s chat more about this during confirm and celebrate.
UpgradeCode exposed, Windows apps, more composed, Admins deposed of woes.
