Merge branch 'master' into fix/fix-utf8-validation

.github/ISSUE_TEMPLATE/planned__specific_support_new_oss.md

@@ -4,10 +4,10 @@ about: Test compatibility with new OS.
 title: Support new OSs - <OS name & version> - <Specific test name>
 labels: level/task, request/operational, type/maintenance
 assignees: ''
-
 ---
 
 # Description
+
 | Related issue | Epic issue |
 |---|---|
 | Issue number | Issue number|
@@ -20,9 +20,29 @@ assignees: ''
 
 <!-- Uncomment for QA issue
 **QA**
-- [ ] Add new tests according to the OS's tier.
-- [ ] Add proper documentation.
-- [ ] Do basic E2E test functionality for all stateful modules according to the OS's tier.
+
+## Considerations
+
+- Testing environment: Deploy the new OS taking into account the following notes:
+  - If the Wazuh central components are supported: 1 VM
+  - If the Wazuh agent is supported: 1 VM for each architecture supported.
+  - If the Wazuh central components or the Wazuh agent is not supported, deploy a Debian 12 VM for the non-supported component.
+- All testing tasks must be completed for each OS architecture supported.
+- The following tasks should be completed in order.
+
+## Tasks
+
+- [ ] Test the Wazuh dashboard one-liner deployment.
+  - [ ] Deploy a Wazuh agent using the Wazuh dashboard one-liner feature provided in the Wazuh user interface with the following cases.
+    - [ ] Only IP address.
+    - [ ] Only FQDN.
+    - [ ] IP address, agent name, and group.
+- [ ] Add/Update/Check CI
+  - [ ] Test the JobFlow testing tool for that specific system.
+  - [ ] Add the OS and each architecture to the JobFlow testing tool.
+  - [ ] Add the OS and each architecture to the GitHub Deployability and Upgrade release templates.
+- [ ] Add the OS and its supported architectures to the E2E UX Tests spreadsheet (OS sheet).
+- [ ] Add the OS as supported in the compatibility system spreadsheet.
 -->
 
 <!-- Uncomment for CPPSERVER issue
@@ -59,20 +79,20 @@ assignees: ''
 **Dashboard**
 - [ ] **Central components**: Add support for the new OS to the GitHub Actions package builder.
 - [ ] **Central components**: Smoke test that the package works, including installation and upgrade.
-- [ ] Make sure that the agent-related information in the agent list is correct.
-- [ ] Test the deployment one-liner for the new OS.
 -->
 
 <!-- Uncomment for THREATINTEL issue
 **ThreatIntel**
-- [ ] Define a plan to support the new OS, particularly with regard to SCA policies.
+- [ ] Define a plan to support the new OS, particularly with regard to SCA policies. If there's no official CIS policy for that OS version, we either use an existing draft or we adapt a previous version.
 -->
 
 <!-- Uncomment for AGENT issue
+**Agent**
+
 - [ ] Smoke test that the package works, including installation, upgrade, and its related tier functionality.
+- [ ] Check the default settings of previous versions, and adapt them to the new OS version if necessary.
 - [ ] Add support for the new OS to the GitHub Actions package builder.
 
-**Agent**
 Requested testing code:
 :white_circle: Requested.
 :black_circle: Not requested.
@@ -83,6 +103,7 @@ Result code:
 :yellow_circle: Completed with known issues.
 
 - **Requested checks by tier:**
+
 || Tier 1 | Tier 2 | Tier 3 | Result |
 |-|-|-|-|-|
 | **Log collection - System events** | :white_circle: | :white_circle: | :white_circle: | |
@@ -97,4 +118,4 @@ Result code:
 | **Remote upgrade** | :white_circle: | :black_circle: | :black_circle: | |
 | **Command monitoring** | :white_circle: | :white_circle: | :black_circle: | |
 | **Wodles** | :white_circle: | :black_circle: | :black_circle: | |
--->
+-->

.github/actions/clang_format/action.yml

@@ -33,6 +33,9 @@ runs:
         shell: bash
         run: |
 
+          # Print clanformat version used.
+          echo "Clang-format version: $(clang-format --version)"
+
           # Don't apply changes, just check
           arguments="--dry-run "
 

.github/actions/compile/action.yml

@@ -37,5 +37,5 @@ runs:
         run: |
           set +e
           cd build
-          ctest -C RelWithDebInfo -j $(nproc)
+          ctest -C RelWithDebInfo --output-on-failure
         shell: bash

.github/actions/ghcr_pull_and_push/build_and_push_image_to_ghcr.sh

@@ -10,13 +10,19 @@ else
 fi
 GITHUB_REPOSITORY="wazuh/wazuh"
 GITHUB_OWNER="wazuh"
+IMAGE_ID_CACHE=ghcr.io/${GITHUB_OWNER}/${DOCKER_IMAGE_NAME}:latest-5.0
+IMAGE_ID_CACHE=$(echo ${IMAGE_ID_CACHE} | tr '[A-Z]' '[a-z]')
 IMAGE_ID=ghcr.io/${GITHUB_OWNER}/${DOCKER_IMAGE_NAME}:${DOCKER_IMAGE_TAG}
 IMAGE_ID=$(echo ${IMAGE_ID} | tr '[A-Z]' '[a-z]')
 
 # Login to GHCR
 echo ${GITHUB_PUSH_SECRET} | docker login https://ghcr.io -u $GITHUB_USER --password-stdin
 
+# Pull latest image id from cache
+echo pull ${IMAGE_ID_CACHE}
+docker pull ${IMAGE_ID_CACHE}
+
 # Build image
-echo build -t ${IMAGE_ID} -f ${DOCKERFILE_PATH} ${BUILD_CONTEXT}
-docker build -t ${IMAGE_ID} -f ${DOCKERFILE_PATH} ${BUILD_CONTEXT}
+echo build --build-arg BUILDKIT_INLINE_CACHE=1 --cache-from ${IMAGE_ID_CACHE} -t ${IMAGE_ID} -f ${DOCKERFILE_PATH} ${BUILD_CONTEXT}
+docker build --build-arg BUILDKIT_INLINE_CACHE=1 --cache-from ${IMAGE_ID_CACHE} -t ${IMAGE_ID} -f ${DOCKERFILE_PATH} ${BUILD_CONTEXT}
 docker push ${IMAGE_ID}

.github/actions/ghcr_pull_and_push/retag_image.sh

@@ -1,4 +1,4 @@
-set -x
+set -ex
 GITHUB_PUSH_SECRET=$1
 GITHUB_USER=$2
 OLD_TAG=$3
@@ -14,11 +14,13 @@ IMAGES_LIST=(
     "pkg_deb_agent_builder_amd64"
     "pkg_deb_agent_builder_arm64"
     "pkg_deb_agent_builder_armhf"
+    "pkg_deb_agent_builder_ppc64le"
     "pkg_deb_manager_builder_amd64"
     "pkg_rpm_agent_builder_i386"
     "pkg_rpm_agent_builder_amd64"
     "pkg_rpm_agent_builder_arm64"
     "pkg_rpm_agent_builder_armhf"
+    "pkg_rpm_agent_builder_ppc64le"
     "pkg_rpm_manager_builder_amd64"
     "pkg_rpm_legacy_builder_i386"
     "pkg_rpm_legacy_builder_amd64"

.github/actions/test-install-components/install_component.sh

@@ -0,0 +1,38 @@
+#!/bin/bash
+package_name=$1
+target=$2
+
+# Check parameters
+if [ -z "$package_name" ] || [ -z "$target" ]; then
+    echo "Error: Both package_name and target must be provided."
+    echo "Usage: $0 <package_name> <target>"
+    exit 1
+fi
+
+echo "Installing Wazuh $target."
+
+if [ -n "$(command -v yum)" ]; then
+    install="yum install -y --nogpgcheck"
+    installed_log="/var/log/yum.log"
+elif [ -n "$(command -v dpkg)" ]; then
+    install="dpkg --install"
+    installed_log="/var/log/dpkg.log"
+else
+    common_logger -e "Couldn't find type of system"
+    exit 1
+fi
+
+if [ "${ARCH}" = "i386" ] || [ "${ARCH}" = "armhf" ]; then
+    linux="linux32"
+    if [ "${ARCH}" = "armhf" ] && [ "${SYSTEM}" = "rpm" ]; then
+        install="rpm -ivh --force --ignorearch"
+        WAZUH_MANAGER="10.0.0.2" $linux $install "/packages/$package_name"| tee /packages/status.log
+        if [ "$(rpm -qa | grep wazuh-agent)" ]; then
+            echo " installed wazuh-agent" >> /packages/status.log
+            exit 0
+        fi
+    fi
+fi
+
+WAZUH_MANAGER="10.0.0.2" $linux $install "/packages/$package_name"| tee /packages/status.log
+grep -i " installed.*wazuh-$target" $installed_log| tee -a /packages/status.log

.github/workflows/build_and_test_component.yml

@@ -22,7 +22,7 @@ jobs:
       - name: Set up dependencies
         run: |
           sudo apt-get update
-          sudo apt-get install -y wget gnupg lsb-release software-properties-common libsystemd-dev
+          sudo apt-get install -y wget gnupg lsb-release software-properties-common
           wget https://apt.llvm.org/llvm.sh
           chmod +x llvm.sh
           sudo ./llvm.sh 18

.github/workflows/compile_and_run_tests.yml

@@ -30,7 +30,7 @@ jobs:
       if: matrix.os == 'ubuntu-latest'
       run: |
         sudo apt-get update
-        sudo apt-get install -y wget gnupg lsb-release software-properties-common libsystemd-dev
+        sudo apt-get install -y wget gnupg lsb-release software-properties-common
         wget https://apt.llvm.org/llvm.sh
         chmod +x llvm.sh
         sudo ./llvm.sh 18

.github/workflows/coverage_check.yml

@@ -7,9 +7,12 @@ on:
       - synchronize
       - reopened
 
+env:
+  VCPKG_BINARY_SOURCES: 'clear;nuget,GitHub,readwrite'
+
 jobs:
   coverage:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
 
     steps:
     - name: Checkout code
@@ -18,47 +21,35 @@ jobs:
         submodules: true
         fetch-depth: 0
 
-    - name: Install Clang 16 and LLVM 16
-      run: |
-        sudo apt-get update
-        wget https://apt.llvm.org/llvm.sh
-        chmod +x llvm.sh
-        sudo ./llvm.sh 16
-
     - name: Set up dependencies
       run: |
         sudo apt-get update
-        sudo apt-get install -y cmake gcovr libsystemd-dev
-        sudo apt-get install -y autopoint libtool zlib1g-dev \
-          libgcrypt20-dev libmagic-dev libpopt-dev libmagic-dev \
-          libsqlite3-dev liblua5.4-dev gettext libarchive-dev
-      shell: bash
-
-    - name: Update PATH for LLVM
-      run: echo "/usr/lib/llvm-16/bin" >> $GITHUB_PATH
+        sudo apt-get install -y cmake llvm gcovr autopoint \
+          libtool zlib1g-dev libgcrypt20-dev libmagic-dev libpopt-dev \
+          libmagic-dev libsqlite3-dev liblua5.4-dev gettext libarchive-dev
       shell: bash
 
-    - name: Set up Binary caching 
+    - name: Set up Binary caching
       uses: ./.github/actions/vcpkg_related/cover_vcpkg_dependencies
       with:
         gh_token: ${{ secrets.GITHUB_TOKEN }}
 
     - name: Generate CMake project
       run: |
         mkdir -p build && cd build
-        cmake -DCMAKE_CXX_COMPILER=clang++-16 ../src -DCMAKE_BUILD_TYPE=Debug -DBUILD_TESTS=1 -DCOVERAGE=1 -G "Unix Makefiles"
+        cmake -DCMAKE_CXX_COMPILER=clang++-16 -DCMAKE_C_COMPILER=clang-16 ../src -DCMAKE_BUILD_TYPE=Debug -DBUILD_TESTS=1 -DCOVERAGE=1 -DENABLE_CLANG_TIDY=OFF -G "Unix Makefiles"
       shell: bash
 
     - name: Compile
       run: |
         cd build
-        cmake --build . --config Debug
+        cmake --build . --config Debug -j $(nproc)
       shell: bash
 
     - name: Generate and Check Coverage
       run: |
         cd build
-        cmake --build . --target coverage
+        cmake --build . --target coverage -j $(nproc)
       shell: bash
 
     - name: Zip Coverage Files

.github/workflows/integration_tests_fim_tier_0_1_win.yml

@@ -90,5 +90,6 @@ jobs:
       # Run fim integration tests.
       - name: Run fim integration tests
         run: |
+          NET START wazuh
           cd C:\wazuh\tests\integration
           python -m pytest --tier 0 --tier 1 test_fim\

.github/workflows/integration_tests_fim_tier_2_win.yml.yml

@@ -1,4 +1,4 @@
-name: Integration tests for FIM on Windows - Tier 0 and 1
+name: Integration tests for FIM on Windows - Tier 2
 
 on:
   workflow_dispatch:
@@ -90,5 +90,6 @@ jobs:
       # Run fim integration tests.
       - name: Run fim integration tests
         run: |
+          NET START wazuh
           cd C:\wazuh\tests\integration
           python -m pytest --tier 2 test_fim\

.github/workflows/packages_retag_images.yml

@@ -64,8 +64,8 @@ jobs:
       - name: Run retag script
         run: |
           if [ "${{ inputs.old_version }}" != "none" ] && [ "${{ inputs.new_version }}" != "none" ]; then
-            new_version=${{ inputs.new_version }}
-            old_version=${{ inputs.old_version }}
+            new_version=$(sed 's|[/\]|--|g' <<< ${{ inputs.new_version }})
+            old_version=$(sed 's|[/\]|--|g' <<< ${{ inputs.old_version }})
           else
             new_version=${{ env.NEW_VERSION }}
             old_version=${{ env.OLD_VERSION }}

.github/workflows/packages_upload_images.yml

@@ -49,6 +49,11 @@ jobs:
               - 'packages/generate_package.sh'
               - 'packages/debs/i386/agent/**'
               - 'packages/debs/utils/**'
+            pkg_deb_agent_builder_ppc64le:
+              - 'packages/build.sh'
+              - 'packages/generate_package.sh'
+              - 'packages/debs/ppc64le/agent/**'
+              - 'packages/debs/utils/**'
             pkg_rpm_agent_builder_amd64:
               - 'packages/build.sh'
               - 'packages/generate_package.sh'
@@ -59,6 +64,11 @@ jobs:
               - 'packages/generate_package.sh'
               - 'packages/rpms/i386/agent/**'
               - 'packages/rpms/utils/**'
+            pkg_rpm_agent_builder_ppc64le:
+              - 'packages/build.sh'
+              - 'packages/generate_package.sh'
+              - 'packages/rpms/ppc64le/agent/**'
+              - 'packages/rpms/utils/**'
             pkg_rpm_legacy_builder_amd64:
               - 'packages/build.sh'
               - 'packages/generate_package.sh'
@@ -130,6 +140,13 @@ jobs:
         env:
           GH_TOKEN: ${{ secrets.CI_WAZUH_AGENT_PACKAGES }}
 
+      - name: Request pkg_deb_agent_builder_ppc64le update
+        if: steps.changes.outputs.pkg_deb_agent_builder_ppc64le == 'true'
+        run: |
+          gh workflow run packages-upload-agent-images-ppc.yml --repo wazuh/wazuh-agent-packages -r ${{ github.ref_name }} -f docker_image_tag=${{ env.TAG }} -f system=deb -f source_reference=${{ github.ref_name }}
+        env:
+          GH_TOKEN: ${{ secrets.CI_WAZUH_AGENT_PACKAGES }}
+
       - name: Request pkg_rpm_agent_builder_amd64 update
         if: steps.changes.outputs.pkg_rpm_agent_builder_amd64 == 'true'
         run: |
@@ -144,6 +161,13 @@ jobs:
         env:
           GH_TOKEN: ${{ secrets.CI_WAZUH_AGENT_PACKAGES }}
 
+      - name: Request pkg_rpm_agent_builder_ppc64le update
+        if: steps.changes.outputs.pkg_rpm_agent_builder_ppc64le == 'true'
+        run: |
+          gh workflow run packages-upload-agent-images-ppc.yml --repo wazuh/wazuh-agent-packages -r ${{ github.ref_name }} -f docker_image_tag=${{ env.TAG }} -f system=rpm -f source_reference=${{ github.ref_name }}
+        env:
+          GH_TOKEN: ${{ secrets.CI_WAZUH_AGENT_PACKAGES }}
+
       - name: Request pkg_rpm_legacy_builder_amd64 update
         if: steps.changes.outputs.pkg_rpm_legacy_builder_amd64 == 'true'
         run: |