From 280bdc430bb2213923e4a04602a36bf9317e28b2 Mon Sep 17 00:00:00 2001
From: Victor Moene <victor.moene@northern.tech>
Date: Tue, 2 Sep 2025 11:50:24 +0200
Subject: [PATCH 1/3] Added sys.policy_release_id

Ticket: ENT-4664
Signed-off-by: Victor Moene <victor.moene@northern.tech>
---
 cf-agent/cf-agent.c         |  2 ++
 libenv/sysinfo.c            | 23 +++++++++++++++++++++++
 libenv/sysinfo.h            |  1 +
 libpromises/generic_agent.c |  5 +++++
 libpromises/generic_agent.h |  2 ++
 5 files changed, 33 insertions(+)

diff --git a/cf-agent/cf-agent.c b/cf-agent/cf-agent.c
index 313db056d6..861ee18881 100644
--- a/cf-agent/cf-agent.c
+++ b/cf-agent/cf-agent.c
@@ -313,6 +313,8 @@ int main(int argc, char *argv[])
         /* not a fatal issue, let's continue the bootstrap process */
     }
 
+    GenericAgentDetectEnvironmentFromPolicy(ctx, policy);
+
     int ret = 0;
 
     GenericAgentPostLoadInit(ctx);
diff --git a/libenv/sysinfo.c b/libenv/sysinfo.c
index 8df12a6691..49b45b5a6d 100644
--- a/libenv/sysinfo.c
+++ b/libenv/sysinfo.c
@@ -3888,3 +3888,26 @@ void DetectEnvironment(EvalContext *ctx)
     SysOsVersionMajor(ctx);
     SysOsVersionMinor(ctx);
 }
+
+static void SysPolicyReleaseId(EvalContext *ctx, Policy *policy)
+{
+    DataType type;
+    const char *entry_dirname = EvalContextVariableGetSpecial(ctx, SPECIAL_SCOPE_SYS, "policy_entry_dirname", &type);
+    if (entry_dirname == NULL || policy == NULL)
+    {
+        return;
+    }
+    char *release_id;
+    xasprintf(&release_id, "%s/%s", entry_dirname, policy->release_id);
+
+    EvalContextVariablePutSpecial(ctx, SPECIAL_SCOPE_SYS,
+                              "policy_release_id",
+                              release_id,
+                              CF_DATA_TYPE_STRING, "source=agent,attribute_name=Policy Release Id");
+    free(release_id);
+}
+
+void DetectEnvironmentFromPolicy(EvalContext *ctx, Policy *policy)
+{
+    SysPolicyReleaseId(ctx, policy);
+}
diff --git a/libenv/sysinfo.h b/libenv/sysinfo.h
index 8938358ade..825a661bcb 100644
--- a/libenv/sysinfo.h
+++ b/libenv/sysinfo.h
@@ -29,6 +29,7 @@
 #include <eval_context.h>
 
 void DetectEnvironment(EvalContext *ctx);
+void DetectEnvironmentFromPolicy(EvalContext *ctx, Policy *policy);
 
 void CreateHardClassesFromCanonification(EvalContext *ctx, const char *canonified, char *tags);
 int GetUptimeMinutes(time_t now);
diff --git a/libpromises/generic_agent.c b/libpromises/generic_agent.c
index 6b91428347..14a5a3d8bd 100644
--- a/libpromises/generic_agent.c
+++ b/libpromises/generic_agent.c
@@ -2944,3 +2944,8 @@ void GenericAgentShowVariablesFormatted(EvalContext *ctx, const char *regexp)
     SeqDestroy(seq);
     VariableTableIteratorDestroy(iter);
 }
+
+void GenericAgentDetectEnvironmentFromPolicy(EvalContext *ctx, Policy *policy)
+{
+    DetectEnvironmentFromPolicy(ctx, policy);
+}
diff --git a/libpromises/generic_agent.h b/libpromises/generic_agent.h
index 29476d35fc..327cf2804f 100644
--- a/libpromises/generic_agent.h
+++ b/libpromises/generic_agent.h
@@ -156,4 +156,6 @@ void LoadAugments(EvalContext *ctx, GenericAgentConfig *config);
 void GenericAgentShowContextsFormatted(EvalContext *ctx, const char *regexp);
 void GenericAgentShowVariablesFormatted(EvalContext *ctx, const char *regexp);
 
+void GenericAgentDetectEnvironmentFromPolicy(EvalContext *ctx, Policy *policy);
+
 #endif

From 935f401d7842fc7507e809f4b3bd105bab9f0d58 Mon Sep 17 00:00:00 2001
From: Victor Moene <victor.moene@northern.tech>
Date: Tue, 2 Sep 2025 11:48:58 +0200
Subject: [PATCH 2/3] Added test for sys.policy_release_id

Signed-off-by: Victor Moene <victor.moene@northern.tech>
---
 .../01_vars/01_basic/policy_release_id.cf     | 30 +++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 tests/acceptance/01_vars/01_basic/policy_release_id.cf

diff --git a/tests/acceptance/01_vars/01_basic/policy_release_id.cf b/tests/acceptance/01_vars/01_basic/policy_release_id.cf
new file mode 100644
index 0000000000..bc08783893
--- /dev/null
+++ b/tests/acceptance/01_vars/01_basic/policy_release_id.cf
@@ -0,0 +1,30 @@
+body common control
+{
+  bundlesequence => { "test" };
+}
+
+
+bundle agent test
+{
+  vars:
+    "release_id_list" slist => variablesmatching("default:sys.policy_release_id");
+    "escaped" string => escape("$(sys.policy_entry_dirname)");
+    "release_id_regex" string => "^$(escaped)\/([A-Fa-f0-9]+|bootstrap|failsafe|\(null\))+$";
+
+  classes:
+    "var_ok" expression => strcmp("$(release_id_list)", "default:sys.policy_release_id");
+    "reg_ok" expression => regcmp("$(release_id_regex)", "$(sys.policy_release_id)");
+    "ok" expression => and("var_ok", "reg_ok");
+
+  reports:
+    DEBUG::
+      "Found: $(release_id_list), Correct: $(sys.policy_release_id)";
+    DEBUG.var_ok::
+      "var ok";
+    DEBUG.reg_ok::
+      "reg_ok";
+    ok::
+      "$(this.promise_filename) Pass";
+    !ok::
+      "$(this.promise_filename) FAIL";
+}

From f1c9a913893bf7e5b72c1223ccaa94e2b928e7fc Mon Sep 17 00:00:00 2001
From: Victor Moene <victor.moene@northern.tech>
Date: Tue, 2 Sep 2025 12:19:31 +0200
Subject: [PATCH 3/3] macos_unit_tests.yml: specified the deployment target to
 be macOS 15.4

The function 'strchrnul' has been marked as being introduced in macOS
15.4, although it seems to have been working for as long as we have been
testing on macOS. Since warnings are treated as errors, the build will
fail. Hence, the simplest way to silence the warning is, it to specify
the deployment target to be a minimum of macOS 15.4.

```
logging.c:651:28: error: 'strchrnul' is only available on macOS 15.4 or newer [-Werror,-Wunguarded-availability-new]
  651 |         char *next_token = strchrnul(token, ',');
  CC       queue.lo
      |                            ^~~~~~~~~
/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/_string.h:198:9: note: 'strchrnul' has been marked as being introduced in macOS 15.4 here, but the deployment target is macOS 15.0.0
  198 |         strchrnul(const char *__s, int __c);
  CC       rb-tree.lo
      |         ^
logging.c:651:28: note: enclose 'strchrnul' in a __builtin_available check to silence this warning
  651 |         char *next_token = strchrnul(token, ',');
      |                            ^~~~~~~~~
1 error generated.
```

It has been done similarly here: https://github.com/NorthernTechHQ/libntech/pull/255

Signed-off-by: Victor Moene <victor.moene@northern.tech>
---
 .github/workflows/macos_unit_tests.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/macos_unit_tests.yml b/.github/workflows/macos_unit_tests.yml
index d978f53398..e781b39b0b 100644
--- a/.github/workflows/macos_unit_tests.yml
+++ b/.github/workflows/macos_unit_tests.yml
@@ -20,6 +20,6 @@ jobs:
       run: >
         ./autogen.sh --enable-debug
     - name: Compile and link
-      run: make -j8 CFLAGS="-Werror -Wall"
+      run: MACOSX_DEPLOYMENT_TARGET=15.4 make -j8 CFLAGS="-Werror -Wall"
     - name: Run unit tests
       run: make -C tests/unit check