Skip to content

~Update shoenig dependency~ cherry-pick dependency updates into 4.83.0 rc#42345

Merged
jacobshandling merged 3 commits intorc-minor-fleet-v4.83.0from
fix-build-issue
Mar 26, 2026
Merged

~Update shoenig dependency~ cherry-pick dependency updates into 4.83.0 rc#42345
jacobshandling merged 3 commits intorc-minor-fleet-v4.83.0from
fix-build-issue

Conversation

@jacobshandling
Copy link
Copy Markdown
Contributor

@jacobshandling jacobshandling commented Mar 24, 2026

Related issue:
I noticed the below build failure when building the rc on apple silicon. It doesn't happen on main - opened this PR in case it's useful

EDIT: this PR now serves as a cherry-pick to the 4.83 rc for this commit - see #42345 (review)

@jacobshandling jacobshandling marked this pull request as ready for review March 24, 2026 22:15
@jacobshandling jacobshandling requested a review from a team as a code owner March 24, 2026 22:15
Copy link
Copy Markdown

@claude claude Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review.

Tip: disable this comment in your organization's Code Review settings.

@jacobshandling
Copy link
Copy Markdown
Contributor Author

@claude review

@codecov
Copy link
Copy Markdown

codecov Bot commented Mar 24, 2026

Codecov Report

❌ Patch coverage is 0% with 1 line in your changes missing coverage. Please review.
⚠️ Please upload report for BASE (rc-minor-fleet-v4.83.0@1e0abc4). Learn more about missing BASE report.

Files with missing lines Patch % Lines
pkg/open/open_linux.go 0.00% 1 Missing ⚠️
Additional details and impacted files
@@                    Coverage Diff                    @@
##             rc-minor-fleet-v4.83.0   #42345   +/-   ##
=========================================================
  Coverage                          ?   66.40%           
=========================================================
  Files                             ?     2505           
  Lines                             ?   201114           
  Branches                          ?     8870           
=========================================================
  Hits                              ?   133559           
  Misses                            ?    55465           
  Partials                          ?    12090           
Flag Coverage Δ
backend 68.17% <0.00%> (?)
backend-activity 86.35% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Copy link
Copy Markdown

@claude claude Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM — straightforward dependency bump to fix the SIGSEGV crash on Apple Silicon.

Extended reasoning...

Overview

This PR updates a single indirect dependency, github.com/shoenig/go-m1cpu, from v0.1.7 to v0.2.1. Only go.mod and go.sum are modified.

Security risks

None. This is an indirect, platform-specific CPU info library used on Apple M1/M2 hardware. The version bump is a minor patch addressing a startup crash, not a behavioral or API change that could introduce security exposure.

Level of scrutiny

Low. The change is purely mechanical — a version bump with updated checksums. The motivation is clearly documented: v0.1.7 causes a SIGSEGV in CGo initialization (_Cfunc_initialize()) at startup on Apple Silicon, crashing the fleet binary before it can serve any requests. Bumping to v0.2.1 is the appropriate fix.

Other factors

No fleet application code is changed. The go.sum hashes are consistent with a legitimate upstream bump. No CODEOWNERS apply to go.mod/go.sum dependency-only changes. No bugs were reported by the automated analysis.

Copy link
Copy Markdown
Member

@lucasmrod lucasmrod left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was actually fixed for fleetd 1.53.1 (here)

If it's causing issues in 4.83.0 for M5 folks please cherry-pick that commit into 4.83.0 RCs.

@jacobshandling
Copy link
Copy Markdown
Contributor Author

@lucasmrod will do

jacobshandling and others added 2 commits March 25, 2026 13:26
Resolves #41863

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.

## Testing

- [x] QA'd all new/changed functionality manually

Tests performed on the following OSs:
- Windows (arm64)
- macOS (Apple silicon)
- Linux (arm64)
- Linux (amd64)

Features tested on the OSs above:
- "My device".
- Restart fleetd.
- Kill fleet desktop, should re-start.
- Killing stale osqueryd processes on orbit startup.
- Checking if osquery is up and running, exit and start.
- Checking if Fleet Desktop is already running before launching it.
- orbit auto update
- Gracefully shutting down Fleet Desktop before restarting it

---

## fleetd/orbit/Fleet Desktop

- [X] Verified compatibility with the latest released version of Fleet
(see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md))
- [x] If the change applies to only one platform, confirmed that
`runtime.GOOS` is used as needed to isolate changes
- [x] Verified that fleetd runs on macOS, Linux and Windows
- [x] Verified auto-update works from the released version of component
to the new version (see [tools/tuf/test](../tools/tuf/test/README.md))
Copy link
Copy Markdown

@claude claude Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM — straightforward dependency upgrade to fix the Apple M5 crash, matching the equivalent fix already merged to main.

Extended reasoning...

Overview

This PR upgrades github.com/shirou/gopsutil from v3 to v4 across 4 Go files (platform.go, platform_notwindows.go, platform_windows.go, open_linux.go, nvdvuln.go), removes the now-unnecessary github.com/shoenig/go-m1cpu indirect dependency (the source of the SIGSEGV crash in the PR description), and bumps a handful of transitive deps (power-devops/perfstat, tklauser/go-sysconf, tklauser/numcpus, golang.org/x/sys). A new indirect dep github.com/ebitengine/purego is introduced as gopsutil v4 uses pure-Go syscall bindings instead of CGo on Apple Silicon.

Security risks

No security-sensitive code paths are touched. The one non-mechanical code change — changing myUid from int32 to uint32 in open_linux.go — is required by the v4 API (Uids() now returns []uint32) and is the correct type for Unix UIDs. No auth, crypto, or permission logic is affected.

Level of scrutiny

Low. This is a targeted crash fix backport: the equivalent change was already merged to main as commit 1833508. The changes are mechanical import-path rewrites (/v3//v4/) plus the single type correction, with no logic changes beyond what the new library API demands.

Other factors

No bugs were reported by the automated bug-hunting system. Codecov shows no coverage regression. The changelog entry is present. The PR author confirmed manual QA.

@jacobshandling jacobshandling changed the title Update shoenig dependency ~Update shoenig dependency~ cherry-pick dependency updates into 4.83.0 rc Mar 25, 2026
@jacobshandling jacobshandling merged commit c1dbdb7 into rc-minor-fleet-v4.83.0 Mar 26, 2026
64 of 65 checks passed
@jacobshandling jacobshandling deleted the fix-build-issue branch March 26, 2026 17:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants