CI/CD Pipeline / Verify Enrollment CLI Flag (push) Successful in 57s
CI/CD Pipeline / Build Debian Package (push) Failing after 4s
CI/CD Pipeline / Build RPM Package (push) Successful in 2m12s
CI/CD Pipeline / Build Arch Package (push) Successful in 2m18s
CI/CD Pipeline / Build Alpine Package (push) Failing after 3m7s
- Remove all private key files from git tracking (git rm --cached)
- configs/certs/ca.key.pem, server.key.pem, client001.key.pem
- tests/e2e/certs/client.key
- Also remove public certs from configs/certs/ (generated at runtime)
- Add .gitignore patterns for *.key, *.key.pem, configs/certs/*.pem, *.srl
- Add scripts/generate-dev-certs.sh for runtime test cert generation
- Update Python e2e test to generate certs on demand (ensure_certs())
- Update test_wrong_cert_connection to generate wrong-CA certs at runtime
- Add gitleaks secret scanning job to CI workflow
- Update SECURITY_FINDINGS_REPORT.md with critical finding for Issue #12
- Update SECURITY_CONTROLS_MATRIX.md evidence references
- Add README.md to configs/certs/ and tests/e2e/certs/
Private keys were dev/test only - no production key rotation needed.
Git history purge with filter-repo will follow after PR merge.
Co-authored-by: git-echo <git-echo@moon-dragon.us>
CI/CD Pipeline / Verify Enrollment CLI Flag (push) Successful in 1m5s
CI/CD Pipeline / Build Debian Package (push) Failing after 4s
CI/CD Pipeline / Build Arch Package (push) Successful in 2m22s
CI/CD Pipeline / Build RPM Package (push) Successful in 2m17s
CI/CD Pipeline / Build Alpine Package (push) Successful in 3m7s
* fix: switch to build-package.sh for .deb builds
Replace dpkg-buildpackage with scripts/build-package.sh using
dpkg-deb --build approach. This bypasses the dpkg-buildpackage
subprocess chain (dh → make → debian/rules → cargo) which
does not inherit the rustup environment (RUSTUP_HOME, CARGO_HOME,
default toolchain) from GitHub Actions.
Same approach as Linux-Patch-Manager which passes CI.
- Add scripts/build-package.sh (modeled after Manager)
- Add Version and Installed-Size to debian/control
- Update CI workflow to use build-package.sh
- Fix release files path (project root, not ../)
* fix: extract only binary package paragraph from debian/control
dpkg-deb --build expects a single control paragraph starting
with Package: field. The debian/control file has two paragraphs
(source + binary). The awk command extracts only the binary
package paragraph to avoid dpkg-deb parse errors.
* fix: generate DEBIAN/control from scratch in build-package.sh
dpkg-deb --build is fundamentally incompatible with debian/control
which uses dpkg-buildpackage substitution variables like
${shlibs:Depends} and ${misc:Depends}. Generate a clean control
file from scratch in the script to eliminate all incompatibilities.
- No substitution variables
- No source paragraph
- No Build-Depends
- Homepage points to GitHub
- Installed-Size calculated before control file generation
---------
Co-authored-by: git-echo <git-echo@moon-dragon.us>
Automates version bumps across all version source files:
- Cargo.toml (PRIMARY)
- debian/changelog (prepend new entry)
- install.sh (update VERSION variable)
- Stale references check after bump
Usage: ./scripts/bump-version.sh <new_version> <old_version>
