- Remove CapabilityBoundingSet and AmbientCapabilities (apt needs full root capabilities)
- Remove ReadWritePaths (unnecessary without ProtectSystem=strict)
- Fix E2E test: properly FAIL on status=failed package operations
- Fix E2E test: require status=completed for install/update/remove lifecycle
- Update dpkg packaging service file to match configs/
- Bump version to 0.3.5
- Remove user/group creation from preinst (service runs as root)
- Change directory ownership to root:root in preinst and postinst
- Remove user/group deletion from postrm
- Service runs as root, no dedicated user needed
- Remove sudo from apt command execution (service runs as root)
- Remove RestrictSUIDSGID from systemd service (blocks setuid for apt/dpkg)
- Remove NoNewPrivileges from systemd service (blocks sudo PERM_SUDOERS)
- Bump version to 0.3.2
- Fix reboot_system() to use shutdown -r +N for delayed reboots
- Fix patches handler to call reboot_system() instead of just logging
- Add CAP_SYS_BOOT capability to systemd service for LXC reboot support
- Remove unused warn import from packages/mod.rs
- Bump version to 0.3.1
CRITICAL: Previous commit 0984684 did not include these fixes.
Debian (debian/rules):
- Use && to keep cargo build in same shell as . "$HOME/.cargo/env"
- Make runs each recipe line in a separate shell
Arch (build-arch.sh):
- Use << "EOF" heredoc with hardcoded path to prevent $pkgdir expansion
- $pkgdir must be literal for makepkg to expand at runtime
Alpine (build-alpine.sh):
- Copy signing public key to /etc/apk/keys/ BEFORE abuild
- Use || true on abuild because index update may fail but APK is still created
debian/rules: Escape $HOME for make (use $$HOME)
- Make interprets $H as variable, $$ escapes it
build-alpine.sh: Install signing public key
- Copy .abuild/*.rsa.pub to /etc/apk/keys/
- Fixes UNTRUSTED signature error on index update
build-arch.sh: Use /home/builduser/repo for all paths
- PKGDIR=/home/builduser/repo/arch-package
- WORKSPACE_DIR=/home/builduser/repo
- Fixes permission denied on act cache path
debian/rules: Source cargo env before calling cargo
- Add `. "$HOME/.cargo/env"` to override_dh_auto_build
build-alpine.sh: Use /home/builduser for all paths
- PKGDIR=/home/builduser/apk-package (accessible by builduser)
- WORKSPACE_DIR=/home/builduser (for APKBUILD package function)
- Removed duplicate else line
build-arch.sh: Copy repo to accessible directory
- Copy repo contents to /home/builduser/repo before makepkg
- Run makepkg in /home/builduser/repo (not act cache path)
