- Insert 'Clean previous build artifacts' step (cargo clean + rm old .deb)
before Build Debian package in both build-deb and build-deb-u2204 jobs.
- Bump version to 1.1.7 to ensure a clean build from scratch.
- Update debian/changelog with 1.1.7-1 entry.
- Replaced password-protected RSA CA with unencrypted ECDSA P-256 CA
to prevent manager startup failures from encrypted keys.
- Regenerated server and client certificates (client001) with new CA.
- Updated CA_SETUP.md to use openssl genpkey (unencrypted) instead of
openssl genrsa -aes256, with warning against encrypted keys.
- Add rustls::crypto::aws_lc_rs::default_provider().install_default()
in main() before any TLS operations to prevent startup panic
- Bump version from 1.1.5 to 1.1.6
- Update debian/changelog with 1.1.6-1 entry
Requiring default-features=false on reqwest prevents native-tls/openssl-sys
from being pulled in as transitive dependencies, which broke static linking
on Alpine musl target. Also reverts invalid openssl-static package from CI.
- Cargo.toml: add default-features = false to reqwest dependency
- ci.yml: revert non-existent openssl-static package
The Alpine build job links against musl which requires static OpenSSL
libraries. Adding openssl-static package to resolve -lssl and -lcrypto
linker errors.
- Remove needless borrows on format!() in set_body_string() calls (needless_borrows_for_generic_args)
- Replace assert!(false, ...) with collected assertion (assertions_on_constants + never_loop)
- Use direct Method::POST comparison instead of to_string() (cmp_owned)
- Simplify negated equality to != operator (nonminimal_bool)
CI pipeline now passes with -D warnings enabled
- Add ServiceStatus struct with name, display_name, active_state, sub_state,
load_state, enabled_state, main_pid, healthy fields
- Add get_service_status() to PackageManagerBackend trait
- Implement get_service_status() in AptBackend with systemd and OpenRC support
- Add get_service_status HTTP handler in system.rs
- Add /system/services/{name} route
- Add E2E test for service status endpoint
- Bump version to 0.3.6
- Remove CapabilityBoundingSet and AmbientCapabilities (apt needs full root capabilities)
- Remove ReadWritePaths (unnecessary without ProtectSystem=strict)
- Fix E2E test: properly FAIL on status=failed package operations
- Fix E2E test: require status=completed for install/update/remove lifecycle
- Update dpkg packaging service file to match configs/
- Bump version to 0.3.5
- Change tag trigger from v* to v*.*.* to prevent recursive CI runs
- Upload u2204 deb to same release tag (not creating -u2204 suffix)
- Rename u2204 deb filename to include u2204 for differentiation
- Remove user/group creation from preinst (service runs as root)
- Change directory ownership to root:root in preinst and postinst
- Remove user/group deletion from postrm
- Service runs as root, no dedicated user needed
- Remove sudo from apt command execution (service runs as root)
- Remove RestrictSUIDSGID from systemd service (blocks setuid for apt/dpkg)
- Remove NoNewPrivileges from systemd service (blocks sudo PERM_SUDOERS)
- Bump version to 0.3.2
- Fix reboot_system() to use shutdown -r +N for delayed reboots
- Fix patches handler to call reboot_system() instead of just logging
- Add CAP_SYS_BOOT capability to systemd service for LXC reboot support
- Remove unused warn import from packages/mod.rs
- Bump version to 0.3.1
- Fix ServerConfig::builder() to builder_with_provider() for TLS 1.3 enforcement
- Add aws_lc_rs feature to rustls in Cargo.toml
- Fix clippy unnecessary_map_or -> is_some_and in packages/mod.rs
Runners may have broken apt state from partial upgrades (e.g., openssh-client
version mismatch). Adding apt-get -f install before build deps ensures CI
works regardless of runner package state.
CRITICAL: Previous commit 0984684 did not include these fixes.
Debian (debian/rules):
- Use && to keep cargo build in same shell as . "$HOME/.cargo/env"
- Make runs each recipe line in a separate shell
Arch (build-arch.sh):
- Use << "EOF" heredoc with hardcoded path to prevent $pkgdir expansion
- $pkgdir must be literal for makepkg to expand at runtime
Alpine (build-alpine.sh):
- Copy signing public key to /etc/apk/keys/ BEFORE abuild
- Use || true on abuild because index update may fail but APK is still created
