git-echo/linux_patch_api
Private
Public Access
1
0
Fork 0
Code Releases 32 Wiki Activity
219 Commits 5 Branches 36 Tags
8a9e9190e6f7af175c111013608729cbf43fc693
Commit Graph

13 Commits

Author SHA1 Message Date
git-echo
8a9e9190e6 style: fix cargo fmt formatting issues 2026-05-29 11:11:07 -05:00
git-echo
1322598581 feat: add auto-enrollment, cert validation, and crash loop fixes 
- Auto-enrollment on startup when certs are missing/invalid and enrollment.manager_url configured
- Certificate validation (existence, parse, expiry, key match, CA trust)
- --enroll exits after completion (no port conflict with systemd service)
- --renew-certs flag for manual cert renewal
- SO_REUSEADDR on TcpListener::bind (prevents Address already in use)
- Polling token persistence for enrollment resume after restart
- Exit code strategy (0=clean, 1=error, 2=enrollment in progress)
- HTTP 409 (host already exists) handling during enrollment
- Move 'Listening on' log after actual bind
- Increase RestartSec to 10s and add StartLimitBurst=5
- Postinst checks for certs and enrollment URL, prints guidance
- EnrollmentConfig.manager_url changed to Option<String>
- cert_renewal_threshold_days and polling_token config fields
- Updated SPEC.md and DEPLOYMENT_GUIDE.md with new workflow
- RCA document for crash loop root cause analysis
- Version bumped to 1.2.0
 2026-05-29 10:44:42 -05:00
git-echo
cc67edab12 fix: resolve CI failures (fmt, clippy, tests) 
- Fix rustfmt formatting in cache.rs, patches.rs, system.rs, routes.rs, main.rs
- Add Default impl for PackageCacheState (clippy new_without_default)
- Change apply_with_cache_retry generic bound from Fn to FnMut
- Add mut to refresh_fn parameter for FnMut compatibility
- Replace bool comparison with ! operator (clippy bool_comparison)
- Update todo.md with completed status
 2026-05-27 15:04:25 -05:00
git-echo
135c91d256 fix: add package cache refresh before apply and on health check 
- New src/packages/cache.rs module with PackageCacheState, stale detection,
  state persistence, 404 retry logic
- Add refresh_package_cache() and last_cache_update() to PackageManagerBackend
  trait, implemented on all 5 backends (APT, DNF, YUM, APK, Pacman)
- Health check now reports last_cache_update and cache_status fields,
  triggers cache refresh if stale (>4h), returns degraded on failure
- Patch apply jobs now force cache refresh before applying patches,
  with 404/fetch error retry (1 retry after cache refresh)
- Cache state persists to /var/lib/linux_patch_api/state/cache.json
- Version bump to 1.1.17
- Update ARCHITECTURE.md and REQUIREMENTS.md (FR-007)

Closes: #2
 2026-05-27 14:33:12 -05:00
Echo
6a41eba9d8 fix(server): add explicit rustls CryptoProvider initialization for v1.1.6 
- Add rustls::crypto::aws_lc_rs::default_provider().install_default()
  in main() before any TLS operations to prevent startup panic
- Bump version from 1.1.5 to 1.1.6
- Update debian/changelog with 1.1.6-1 entry
 2026-05-18 13:43:34 +00:00
Echo
f57d92406f fix(enroll): skip TLS validation during enrollment bootstrap to allow certificate acquisition 2026-05-17 22:20:48 +00:00
Echo
5c670cbd0c fix: apply cargo fmt to resolve CI formatting failures 
Format all enrollment module source files and tests per rustfmt standards.
Resolves Gitea CI workflow cargo fmt check failures.
 2026-05-17 05:49:26 +00:00
Echo
75ec2b8e3c feat: add self-enrollment workflow for automated PKI provisioning 
- Phase 1: CLI args (--enroll flag), enroll module skeleton, config support
- Phase 2: Registration request, polling loop (24h timeout), main.rs integration
- Phase 3: PKI extraction, atomic cert writing, whitelist auto-append, mTLS transition
- Phase 4: E2E test suite, README/DEPLOYMENT docs, CI pipeline
- Phase 5: SPEC.md, API_DOCUMENTATION.md, CHANGELOG.md, ROADMAP.md sync

Security review: APPROVED (0 critical, 0 high findings)
Cross-distro compatible: Debian/Ubuntu, RHEL/CentOS/Fedora, Alpine, Arch Linux
 2026-05-17 05:30:42 +00:00
Echo
b2ace87ee9 v0.2.0: Fix List Jobs bug, TLS 1.3 enforcement, client_disconnect_timeout, RwLock contention 
Bug fixes:
- Fix List Jobs connection reset: Add client_disconnect_timeout (5s) to prevent TLS write truncation
- Enforce TLS 1.3 only: Add with_protocol_versions(&[&TLS13]) to rustls ServerConfig
- Fix RwLock contention: Release read lock before sorting in list_jobs()
- Fix systemd service: Remove ProtectSystem=strict (blocks package management)
- Fix systemd service: Change Type=notify to Type=simple (fixes restart hangs)
- Fix systemd service: Add DEBIAN_FRONTEND=noninteractive
- Fix systemd service: Add ReadWritePaths for apt/dpkg paths

CI/CD:
- Add Ubuntu 22.04 build job to CI workflow

E2E Testing:
- Add comprehensive E2E test suite (test_e2e.py)
- Tests cover health, packages, patches, jobs, security, and reboot endpoints

Other:
- Bump version to 0.2.0
- Add lessons learned documentation
 2026-05-02 20:59:02 +00:00
Echo
17254e5217 Apply cargo fmt formatting to fix CI/CD fmt job 2026-04-12 14:13:36 +00:00
Echo
b615a5639e v1.0.0 Release - All Phases Complete 
Phase 2: Core API Development
- 15 REST API endpoints (packages, patches, system, jobs, websocket)
- mTLS authentication layer (src/auth/mtls.rs)
- IP whitelist enforcement (src/auth/whitelist.rs)
- Job manager with async operation support
- WebSocket streaming for job status

Phase 3: Security Hardening
- Security testing: 16/16 tests passing
- Fuzz testing: 21 tests, all findings resolved
- Threat model validation (STRIDE matrix)
- TLS binding fix (critical vulnerability resolved)
- Security documentation complete

Phase 4: Production Readiness
- Performance benchmarking (all targets met)
- Package creation (.deb/.rpm structures)
- Documentation (README, API docs, deployment guide)
- Security hardening (6 vulnerabilities fixed)

Deliverables:
- API_DOCUMENTATION.md (889 lines)
- DEPLOYMENT_GUIDE.md (733 lines)
- SECURITY.md (346 lines)
- README.md (525 lines)
- debian/ package structure
- linux-patch-api.spec (RPM)
- install.sh installer script
- benches/api_benchmarks.rs
- Multiple security/performance reports

Security Status: 0 vulnerabilities remaining
Test Coverage: 31 unit tests, 21 integration tests
Build Status: Release optimized
 2026-04-10 01:41:19 +00:00
Echo
adb5a1bea6 Fix Phase 0 compilation errors - validation fixes 
Resolved 22 compilation errors:
- Fixed lib.rs re-exports to use correct submodule paths
- Added missing submodule declarations to module files
- Created stub files for referenced submodules
- Fixed main.rs imports to use lib.rs re-exports

Project now compiles successfully with only 2 expected warnings:
- dead_code warning for jobs field in JobManager
- unused_variable warning for job_manager in main

Both warnings are expected for scaffolding phase.
 2026-04-09 18:23:33 +00:00
Echo
46dbbbbfce Phase 0: Rust project scaffolding (M0 complete) 
Completed Rust project initialization:
- Cargo.toml with all dependencies (actix-web, tokio, rustls, etc.)
- Project structure (src/, tests/, configs/)
- Module declarations (api, auth, config, jobs, logging, packages, systemd)
- Clippy and rustfmt configured
- Initial lib.rs and main.rs with logging setup
- Config examples (config.yaml.example, whitelist.yaml.example)

Dependencies resolved and project compiles successfully.
Rust toolchain 1.94.1 installed.
 2026-04-09 18:15:35 +00:00