git-echo/linux_patch_api
Private
Public Access
1
0
Fork 0
Code Releases 32 Wiki Activity
188 Commits 5 Branches 36 Tags
b6809dc935c3a97a2686c6892ec68f70d14d582b
Commit Graph

11 Commits

Author SHA1 Message Date
Echo
b6809dc935 fix: FQDN resolution and display_name blank bug; fix: Arch/Alpine/RPM packages 
Bug fixes:
- get_fqdn() now prioritizes 'hostname -f' (returns full FQDN) over /etc/hostname (returns short hostname)
- Added get_hostname() for short hostname extraction
- Added hostname field to EnrollmentRequest for manager display_name population
- Updated SPEC.md and API_DOCUMENTATION.md

Package fixes:
- Arch: Added linux-patch-api.install with post_install/upgrade/remove hooks, user creation, directory creation, config handling
- Alpine: Added linux-patch-api.apk-install with pre/post install/deinstall hooks, user creation, directory creation, config handling, missing config.yaml.example
- RPM: Dynamic version from Cargo.toml, %ghost %config(noreplace) for live configs, tarball exclusions, /var/log in %files
 2026-05-18 23:51:00 +00:00
Echo
20b214eb9f style: fix cargo fmt in enroll_identity tests 2026-05-18 12:29:22 +00:00
Echo
48fb8752c9 feat(enrollment): add route-based IP selection and fix package versioning for v1.1.5 2026-05-18 03:35:46 +00:00
Echo
d4f9f1bf7f fix(clippy): remove needless return in Docker-compatible test 2026-05-18 02:11:45 +00:00
Echo
0de47b966b style: apply cargo fmt formatting 2026-05-18 02:06:25 +00:00
Echo
64187b03bd fix(enrollment): filter Docker bridge IPs and add report_interface/report_ip config 
- identity.rs: filter 172.16.0.0/12 (Docker bridge) and 169.254.0.0/16 (link-local)
  from get_ip_addresses() auto-detection
- identity.rs: add is_container_bridge(), is_link_local(),
  get_ip_for_interface(), get_primary_ip() functions
- client.rs: add report_interface/report_ip fields to EnrollmentClient,
  new with_ip_overrides() constructor, register() uses get_primary_ip()
- loader.rs: add report_interface/report_ip to EnrollmentConfig
- mod.rs: wire config overrides through to EnrollmentClient
- config.yaml.example: document new report_interface/report_ip options
- Tests: add 18 new bridge filtering/IP override tests, fix Docker
  container compatibility in existing tests
 2026-05-18 02:02:54 +00:00
Echo
8bfa5f2273 fix(tests): resolve all clippy warnings for CI compliance 
- Remove needless borrows on format!() in set_body_string() calls (needless_borrows_for_generic_args)
- Replace assert!(false, ...) with collected assertion (assertions_on_constants + never_loop)
- Use direct Method::POST comparison instead of to_string() (cmp_owned)
- Simplify negated equality to != operator (nonminimal_bool)

CI pipeline now passes with -D warnings enabled
 2026-05-17 16:02:57 +00:00
Echo
5c670cbd0c fix: apply cargo fmt to resolve CI formatting failures 
Format all enrollment module source files and tests per rustfmt standards.
Resolves Gitea CI workflow cargo fmt check failures.
 2026-05-17 05:49:26 +00:00
Echo
75ec2b8e3c feat: add self-enrollment workflow for automated PKI provisioning 
- Phase 1: CLI args (--enroll flag), enroll module skeleton, config support
- Phase 2: Registration request, polling loop (24h timeout), main.rs integration
- Phase 3: PKI extraction, atomic cert writing, whitelist auto-append, mTLS transition
- Phase 4: E2E test suite, README/DEPLOYMENT docs, CI pipeline
- Phase 5: SPEC.md, API_DOCUMENTATION.md, CHANGELOG.md, ROADMAP.md sync

Security review: APPROVED (0 critical, 0 high findings)
Cross-distro compatible: Debian/Ubuntu, RHEL/CentOS/Fedora, Alpine, Arch Linux
 2026-05-17 05:30:42 +00:00
Echo
b615a5639e v1.0.0 Release - All Phases Complete 
Phase 2: Core API Development
- 15 REST API endpoints (packages, patches, system, jobs, websocket)
- mTLS authentication layer (src/auth/mtls.rs)
- IP whitelist enforcement (src/auth/whitelist.rs)
- Job manager with async operation support
- WebSocket streaming for job status

Phase 3: Security Hardening
- Security testing: 16/16 tests passing
- Fuzz testing: 21 tests, all findings resolved
- Threat model validation (STRIDE matrix)
- TLS binding fix (critical vulnerability resolved)
- Security documentation complete

Phase 4: Production Readiness
- Performance benchmarking (all targets met)
- Package creation (.deb/.rpm structures)
- Documentation (README, API docs, deployment guide)
- Security hardening (6 vulnerabilities fixed)

Deliverables:
- API_DOCUMENTATION.md (889 lines)
- DEPLOYMENT_GUIDE.md (733 lines)
- SECURITY.md (346 lines)
- README.md (525 lines)
- debian/ package structure
- linux-patch-api.spec (RPM)
- install.sh installer script
- benches/api_benchmarks.rs
- Multiple security/performance reports

Security Status: 0 vulnerabilities remaining
Test Coverage: 31 unit tests, 21 integration tests
Build Status: Release optimized
 2026-04-10 01:41:19 +00:00
Echo
a5b3f9b05a Phase 1: Foundation - CI/CD, systemd service, test framework 
Completed Phase 1 foundation tasks:
- CI/CD pipeline (.github/workflows/ci.yml)
  - Format check (rustfmt)
  - Clippy lints
  - Unit tests with codecov
  - Security audit (cargo-audit)
  - Build release artifacts
  - Ubuntu package build
- Systemd service file (configs/linux-patch-api.service)
  - Security hardening (ProtectSystem, SystemCallFilter)
  - Journal logging integration
  - Resource limits
- Test framework structure (tests/unit/, tests/integration/)
  - Initial unit test template
  - Test framework verified with cargo test

Rust toolchain 1.94.1 installed and verified.
 2026-04-09 19:12:45 +00:00