Requiring default-features=false on reqwest prevents native-tls/openssl-sys
from being pulled in as transitive dependencies, which broke static linking
on Alpine musl target. Also reverts invalid openssl-static package from CI.
- Cargo.toml: add default-features = false to reqwest dependency
- ci.yml: revert non-existent openssl-static package
The Alpine build job links against musl which requires static OpenSSL
libraries. Adding openssl-static package to resolve -lssl and -lcrypto
linker errors.
- Remove needless borrows on format!() in set_body_string() calls (needless_borrows_for_generic_args)
- Replace assert!(false, ...) with collected assertion (assertions_on_constants + never_loop)
- Use direct Method::POST comparison instead of to_string() (cmp_owned)
- Simplify negated equality to != operator (nonminimal_bool)
CI pipeline now passes with -D warnings enabled
- Add ServiceStatus struct with name, display_name, active_state, sub_state,
load_state, enabled_state, main_pid, healthy fields
- Add get_service_status() to PackageManagerBackend trait
- Implement get_service_status() in AptBackend with systemd and OpenRC support
- Add get_service_status HTTP handler in system.rs
- Add /system/services/{name} route
- Add E2E test for service status endpoint
- Bump version to 0.3.6
- Remove CapabilityBoundingSet and AmbientCapabilities (apt needs full root capabilities)
- Remove ReadWritePaths (unnecessary without ProtectSystem=strict)
- Fix E2E test: properly FAIL on status=failed package operations
- Fix E2E test: require status=completed for install/update/remove lifecycle
- Update dpkg packaging service file to match configs/
- Bump version to 0.3.5
- Change tag trigger from v* to v*.*.* to prevent recursive CI runs
- Upload u2204 deb to same release tag (not creating -u2204 suffix)
- Rename u2204 deb filename to include u2204 for differentiation
- Remove user/group creation from preinst (service runs as root)
- Change directory ownership to root:root in preinst and postinst
- Remove user/group deletion from postrm
- Service runs as root, no dedicated user needed
- Remove sudo from apt command execution (service runs as root)
- Remove RestrictSUIDSGID from systemd service (blocks setuid for apt/dpkg)
- Remove NoNewPrivileges from systemd service (blocks sudo PERM_SUDOERS)
- Bump version to 0.3.2
- Fix reboot_system() to use shutdown -r +N for delayed reboots
- Fix patches handler to call reboot_system() instead of just logging
- Add CAP_SYS_BOOT capability to systemd service for LXC reboot support
- Remove unused warn import from packages/mod.rs
- Bump version to 0.3.1
- Fix ServerConfig::builder() to builder_with_provider() for TLS 1.3 enforcement
- Add aws_lc_rs feature to rustls in Cargo.toml
- Fix clippy unnecessary_map_or -> is_some_and in packages/mod.rs
Runners may have broken apt state from partial upgrades (e.g., openssh-client
version mismatch). Adding apt-get -f install before build deps ensures CI
works regardless of runner package state.
CRITICAL: Previous commit 0984684 did not include these fixes.
Debian (debian/rules):
- Use && to keep cargo build in same shell as . "$HOME/.cargo/env"
- Make runs each recipe line in a separate shell
Arch (build-arch.sh):
- Use << "EOF" heredoc with hardcoded path to prevent $pkgdir expansion
- $pkgdir must be literal for makepkg to expand at runtime
Alpine (build-alpine.sh):
- Copy signing public key to /etc/apk/keys/ BEFORE abuild
- Use || true on abuild because index update may fail but APK is still created
debian/rules: Escape $HOME for make (use $$HOME)
- Make interprets $H as variable, $$ escapes it
build-alpine.sh: Install signing public key
- Copy .abuild/*.rsa.pub to /etc/apk/keys/
- Fixes UNTRUSTED signature error on index update
build-arch.sh: Use /home/builduser/repo for all paths
- PKGDIR=/home/builduser/repo/arch-package
- WORKSPACE_DIR=/home/builduser/repo
- Fixes permission denied on act cache path
debian/rules: Source cargo env before calling cargo
- Add `. "$HOME/.cargo/env"` to override_dh_auto_build
build-alpine.sh: Use /home/builduser for all paths
- PKGDIR=/home/builduser/apk-package (accessible by builduser)
- WORKSPACE_DIR=/home/builduser (for APKBUILD package function)
- Removed duplicate else line
build-arch.sh: Copy repo to accessible directory
- Copy repo contents to /home/builduser/repo before makepkg
- Run makepkg in /home/builduser/repo (not act cache path)
CI workflow (ci.yml):
- Proper YAML structure for all steps
- curl+tar checkout (act runners lack git)
- GITEATOKEN authentication for private repo access
- build-essential/gcc added to all jobs
- dpkg-buildpackage -d flag (skip apt dep check)
Build scripts:
- build-alpine.sh: Copy APKBUILD to /home/builduser before abuild
- build-arch.sh: Use REPO_DIR variable instead of $(pwd) in su commands
Debian: Add -d flag to dpkg-buildpackage (skip dep check,
rustup installed Rust not apt)
RPM/Arch: Fix missing run: | YAML syntax in dependency steps
Alpine: Fix abuild working directory - use /home/builduser
explicitly instead of $(pwd) which referenced act cache path
Rust compilation requires a C compiler (cc) for linking.
Act runner containers do not have gcc installed by default.
Added build-essential (Ubuntu), gcc (Fedora/Alpine/Arch)
to dependency installation steps before Rust compilation.
Act runner containers do not have git installed.
Using curl+tar to download repo archive instead.
GITEATOKEN secret already verified working independently.
Gitea secrets are case-sensitive. The encrypted secret in DB is
named GITEATOKEN (uppercase). Workflow was using giteatoken (lowercase)
which caused decryption failures in Gitea runner.
Also unblocked stuck action_run #166 in database (status=1 queued).
