- Revert build-alpine.sh to original (no cleanup lines)
- Remove CI Alpine cleanup step entirely
- Keep version verification and exact version upload in CI
- The original build worked fine without cleanup; stale packages
are caught by version verification
- Remove mkdir -p /home/builduser/packages/home/x86_64/ that was creating
root-owned directories that abuild (running as builduser) couldnt write to
- Keep targeted rm -f of stale .apk files only
- abuild creates its own output directories with correct ownership
- Alpine: clean entire /home/builduser/packages/ before abuild (not just releases/)
- Alpine: add version verification step to CI (like RPM already has)
- Alpine: upload uses exact version match instead of head -1
- Debian: add u2404 suffix to build-deb output filename
- Remove duplicate 1.1.12 entry from debian/changelog
- Add /releases/ to .gitignore to prevent tracking build artifacts
- Remove old 1.0.0 .deb files from git tracking
- Add stale .apk cleanup to build-alpine.sh (matching build-arch.sh)
- Add cleanup step to CI Alpine workflow to remove stale packages
Fixes Alpine package version mismatch caused by old artifacts in releases/
- New src/packages/cache.rs module with PackageCacheState, stale detection,
state persistence, 404 retry logic
- Add refresh_package_cache() and last_cache_update() to PackageManagerBackend
trait, implemented on all 5 backends (APT, DNF, YUM, APK, Pacman)
- Health check now reports last_cache_update and cache_status fields,
triggers cache refresh if stale (>4h), returns degraded on failure
- Patch apply jobs now force cache refresh before applying patches,
with 404/fetch error retry (1 retry after cache refresh)
- Cache state persists to /var/lib/linux_patch_api/state/cache.json
- Version bump to 1.1.17
- Update ARCHITECTURE.md and REQUIREMENTS.md (FR-007)
Closes: #2
The system user was removed from all install scripts but the OpenRC init script
still referenced linux-patch-api:linux-patch-api in checkpath. This would cause
the service to fail on Alpine because the user does not exist.
Root cause: .apk-install is not a valid abuild suffix (lines 247-257 of abuild).
abuild expects SEPARATE files: pkgname.pre-install, .post-install, .pre-deinstall, .post-deinstall.
The old single .apk-install file caused abuild to die with "unknown install script suffix",
but CI used || true which masked the failure, so APK was built WITHOUT install scripts.
Verified on actual Alpine runner: install script suffixes now pass abuild validation.
- configs/linux-patch-api.pre-install: create dirs, set permissions (matches Debian preinst)
- configs/linux-patch-api.post-install: copy example configs, enable service (matches Debian postinst)
- configs/linux-patch-api.pre-deinstall: stop and disable service (matches Debian prerm)
- configs/linux-patch-api.post-deinstall: clean up empty dirs (matches Debian postrm)
- Removed configs/linux-patch-api.apk-install (invalid format)
- Updated build-alpine.sh: copy 4 install scripts to workspace, updated install= line in APKBUILD
- Arch: remove system user creation, root:root ownership, fix $startdir path in PKGBUILD
- RPM: uncomment BuildRequires, add runtime deps (openssl-libs, ca-certificates), remove system user, root:root ownership
- Alpine: remove system user creation, root:root ownership, co-locate install script with APKBUILD
- All platforms now match Debian: no system user, root:root, create dirs, copy example configs, enable service
Bug fixes:
- get_fqdn() now prioritizes 'hostname -f' (returns full FQDN) over /etc/hostname (returns short hostname)
- Added get_hostname() for short hostname extraction
- Added hostname field to EnrollmentRequest for manager display_name population
- Updated SPEC.md and API_DOCUMENTATION.md
Package fixes:
- Arch: Added linux-patch-api.install with post_install/upgrade/remove hooks, user creation, directory creation, config handling
- Alpine: Added linux-patch-api.apk-install with pre/post install/deinstall hooks, user creation, directory creation, config handling, missing config.yaml.example
- RPM: Dynamic version from Cargo.toml, %ghost %config(noreplace) for live configs, tarball exclusions, /var/log in %files
- Insert 'Clean previous build artifacts' step (cargo clean + rm old .deb)
before Build Debian package in both build-deb and build-deb-u2204 jobs.
- Bump version to 1.1.7 to ensure a clean build from scratch.
- Update debian/changelog with 1.1.7-1 entry.
- Replaced password-protected RSA CA with unencrypted ECDSA P-256 CA
to prevent manager startup failures from encrypted keys.
- Regenerated server and client certificates (client001) with new CA.
- Updated CA_SETUP.md to use openssl genpkey (unencrypted) instead of
openssl genrsa -aes256, with warning against encrypted keys.
- Add rustls::crypto::aws_lc_rs::default_provider().install_default()
in main() before any TLS operations to prevent startup panic
- Bump version from 1.1.5 to 1.1.6
- Update debian/changelog with 1.1.6-1 entry
Requiring default-features=false on reqwest prevents native-tls/openssl-sys
from being pulled in as transitive dependencies, which broke static linking
on Alpine musl target. Also reverts invalid openssl-static package from CI.
- Cargo.toml: add default-features = false to reqwest dependency
- ci.yml: revert non-existent openssl-static package
The Alpine build job links against musl which requires static OpenSSL
libraries. Adding openssl-static package to resolve -lssl and -lcrypto
linker errors.
- Remove needless borrows on format!() in set_body_string() calls (needless_borrows_for_generic_args)
- Replace assert!(false, ...) with collected assertion (assertions_on_constants + never_loop)
- Use direct Method::POST comparison instead of to_string() (cmp_owned)
- Simplify negated equality to != operator (nonminimal_bool)
CI pipeline now passes with -D warnings enabled
