Handle missing macOS bundle executable in executable_hashes table

[dantecatalfamo]

Related issue: Resolves #45327

• Changes file added for user-visible changes in changes/, orbit/changes/ or ee/fleetd-chrome/changes.
  See Changes files for more information.

Testing

• Added/updated automated tests
• QA'd all new/changed functionality manually

fleetd/orbit/Fleet Desktop

• Verified compatibility with the latest released version of Fleet (see Must rule)
• If the change applies to only one platform, confirmed that runtime.GOOS is used as needed to isolate changes
• Verified that fleetd runs on macOS, Linux and Windows
• Verified auto-update works from the released version of component to the new version (see tools/tuf/test)

[Copilot]

Pull request overview

This PR prevents Orbit’s macOS executable_hashes osquery table from failing (and aborting the host detail query) when a bundle’s Info.plist declares a CFBundleExecutable that doesn’t actually exist on disk (e.g. some Apple system bundles like XProtect.bundle).

Changes:

• Treat os.Open failures during SHA256 computation as non-fatal by returning an empty hash (and logging) instead of returning an error.
• Add unit tests covering missing bundle executables for exact-path and wildcard queries.
• Add a changelog entry describing the macOS detail query fix.

Reviewed changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated 2 comments.

File	Description
orbit/pkg/table/executable_hashes/executable_hashes.go	Changes SHA256 computation to avoid failing the table when the bundle executable can’t be opened.
orbit/pkg/table/executable_hashes/executable_hashes_test.go	Adds regression tests for missing executables (exact path + wildcard batch).
changes/45327-detail-query-error	Adds a release-note entry for the detail query fix.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[lucasmrod]

Thanks! I was about to file an issue for this. We have these XProtect error logs all over the place in dogfood.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 67.20%. Comparing base (d66f404) to head (ad385e9).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #47532      +/-   ##
==========================================
+ Coverage   67.15%   67.20%   +0.04%     
==========================================
  Files        3616     3186     -430     
  Lines      229030   228043     -987     
  Branches    11933    11845      -88     
==========================================
- Hits       153805   153249     -556     
+ Misses      61369    60957     -412     
+ Partials    13856    13837      -19     

Flag	Coverage Δ
backend	68.83% <ø> (+0.03%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[qodo-free-for-open-source-projects]

CI Feedback 🧐

A test triggered by this PR failed. Here is an AI-generated analysis of the failure:

Action: aggregate-result

Failed stage: Check for failures [❌]

Failed test name: integration-enterprise-mysql8.0.44

Failure summary: The action failed because one of the aggregated test job status artifacts reported a failure: - integration-enterprise-mysql8.0.44 had status content fail (from ./integration-enterprise-mysql8.0.44-status/status). The workflow’s status-checking script detected this (grep -q "fail") and exited with code 1, causing the job to fail.

Relevant error logs: 1: ##[group]Runner Image Provisioner 2: Hosted Compute Agent ... 124: Starting download of artifact to: /home/runner/work/fleet/fleet/fast-status 125: Extracting artifact entry: /home/runner/work/fleet/fleet/integration-mdm-mysql8.0.44-status/status 126: Artifact download completed successfully. 127: Redirecting to blob download url: https://productionresultssa17.blob.core.windows.net/actions-results/196fd5af-27ca-4ffe-ab5a-23dc5d91e587/workflow-job-run-32061534-dffc-5987-b906-6e4c14f3c22b/artifacts/fed5155fe6ce5989ed70324853deb6963d3567e7ad9bd3292199a01f0d701668.zip 128: Starting download of artifact to: /home/runner/work/fleet/fleet/mysql-mysql8.0.44-status 129: Extracting artifact entry: /home/runner/work/fleet/fleet/scripts-status/status 130: Artifact download completed successfully. 131: Extracting artifact entry: /home/runner/work/fleet/fleet/fast-status/status 132: Artifact download completed successfully. 133: Extracting artifact entry: /home/runner/work/fleet/fleet/service-mysql8.0.44-status/status 134: Artifact download completed successfully. 135: Extracting artifact entry: /home/runner/work/fleet/fleet/mysql-mysql8.0.44-status/status 136: Artifact download completed successfully. 137: Total of 10 artifact(s) downloaded 138: Download artifact has finished successfully 139: ##[group]Run failed_tests="" 140: �[36;1mfailed_tests=""�[0m 141: �[36;1mstatus_count=0�[0m 142: �[36;1m# Find all status files (they are in directories like 'fleetctl-mysql8.0.44-status/status')�[0m 143: �[36;1mfor status_file in $(find ./ -type f -name 'status'); do�[0m 144: �[36;1m status_count=$((status_count + 1))�[0m 145: �[36;1m # Extract test name from parent directory (e.g., 'fleetctl-mysql8.0.44-status')�[0m 146: �[36;1m test_dir=$(basename $(dirname "$status_file"))�[0m 147: �[36;1m # Remove '-status' suffix to get the test name�[0m 148: �[36;1m test_name="${test_dir%-status}"�[0m 149: �[36;1m status_content=$(cat "$status_file")�[0m 150: �[36;1m echo "Processing: $status_file (Test: $test_name) with status content: $status_content"�[0m 151: �[36;1m if grep -q "fail" "$status_file"; then�[0m 152: �[36;1m echo " ❌ Test failed: $test_name"�[0m 153: �[36;1m failed_tests="${failed_tests}${test_name}, "�[0m 154: �[36;1m else�[0m 155: �[36;1m echo " ✅ Test passed: $test_name"�[0m 156: �[36;1m fi�[0m 157: �[36;1mdone�[0m 158: �[36;1mif [[ $status_count -eq 0 ]]; then�[0m 159: �[36;1m echo "❌ ERROR: No status files found! This indicates a workflow issue."�[0m 160: �[36;1m exit 1�[0m 161: �[36;1mfi�[0m 162: �[36;1mif [[ -n "$failed_tests" ]]; then�[0m 163: �[36;1m echo "❌ One or more test jobs failed: ${failed_tests%, }"�[0m 164: �[36;1m exit 1�[0m 165: �[36;1mfi�[0m 166: �[36;1mecho "✅ All test jobs succeeded."�[0m 167: shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0} 168: ##[endgroup] 169: Processing: ./fleetctl-mysql8.0.44-status/status (Test: fleetctl-mysql8.0.44) with status content: success 170: ✅ Test passed: fleetctl-mysql8.0.44 171: Processing: ./vuln-mysql8.0.44-status/status (Test: vuln-mysql8.0.44) with status content: success 172: ✅ Test passed: vuln-mysql8.0.44 173: Processing: ./service-mysql8.0.44-status/status (Test: service-mysql8.0.44) with status content: success 174: ✅ Test passed: service-mysql8.0.44 175: Processing: ./integration-core-mysql8.0.44-status/status (Test: integration-core-mysql8.0.44) with status content: success 176: ✅ Test passed: integration-core-mysql8.0.44 177: Processing: ./mysql-mysql8.0.44-status/status (Test: mysql-mysql8.0.44) with status content: success 178: ✅ Test passed: mysql-mysql8.0.44 179: Processing: ./integration-enterprise-mysql8.0.44-status/status (Test: integration-enterprise-mysql8.0.44) with status content: fail 180: ❌ Test failed: integration-enterprise-mysql8.0.44 181: Processing: ./integration-mdm-mysql8.0.44-status/status (Test: integration-mdm-mysql8.0.44) with status content: success 182: ✅ Test passed: integration-mdm-mysql8.0.44 183: Processing: ./scripts-status/status (Test: scripts) with status content: success 184: ✅ Test passed: scripts 185: Processing: ./fast-status/status (Test: fast) with status content: success 186: ✅ Test passed: fast 187: Processing: ./main-mysql8.0.44-status/status (Test: main-mysql8.0.44) with status content: success 188: ✅ Test passed: main-mysql8.0.44 189: ❌ One or more test jobs failed: integration-enterprise-mysql8.0.44 190: ##[error]Process completed with exit code 1. 191: Post job cleanup.