6ba708abb1
fix: remove all systemd capability restrictions blocking package management
...
CI/CD Pipeline / Code Format (push) Successful in 1s
CI/CD Pipeline / Clippy Lints (push) Successful in 43s
CI/CD Pipeline / Unit Tests (push) Successful in 57s
CI/CD Pipeline / Security Audit (push) Successful in 5s
CI/CD Pipeline / Build Arch Package (push) Successful in 2m10s
CI/CD Pipeline / Build Alpine Package (push) Successful in 3m19s
CI/CD Pipeline / Build RPM Package (push) Successful in 3m2s
CI/CD Pipeline / Build Debian Package (push) Has started running
CI/CD Pipeline / Build Debian Package (Ubuntu 22.04) (push) Failing after 15m44s
- Remove CapabilityBoundingSet and AmbientCapabilities (apt needs full root capabilities)
- Remove ReadWritePaths (unnecessary without ProtectSystem=strict)
- Fix E2E test: properly FAIL on status=failed package operations
- Fix E2E test: require status=completed for install/update/remove lifecycle
- Update dpkg packaging service file to match configs/
- Bump version to 0.3.5
2026-05-03 04:13:50 +00:00
9e42f32270
fix: remove sudo from apt commands and RestrictSUIDSGID from service
...
CI/CD Pipeline / Code Format (push) Successful in 2s
CI/CD Pipeline / Clippy Lints (push) Successful in 1m17s
CI/CD Pipeline / Unit Tests (push) Successful in 56s
CI/CD Pipeline / Security Audit (push) Successful in 15s
CI/CD Pipeline / Build Debian Package (Ubuntu 22.04) (push) Successful in 1m57s
CI/CD Pipeline / Build Arch Package (push) Successful in 1m53s
CI/CD Pipeline / Build Alpine Package (push) Successful in 3m17s
CI/CD Pipeline / Build RPM Package (push) Successful in 3m36s
CI/CD Pipeline / Build Debian Package (push) Successful in 2m11s
- Remove sudo from apt command execution (service runs as root)
- Remove RestrictSUIDSGID from systemd service (blocks setuid for apt/dpkg)
- Remove NoNewPrivileges from systemd service (blocks sudo PERM_SUDOERS)
- Bump version to 0.3.2
2026-05-03 02:24:52 +00:00
2b35a143da
fix: implement actual system reboot via shutdown/systemctl commands
...
CI/CD Pipeline / Code Format (push) Successful in 2s
CI/CD Pipeline / Clippy Lints (push) Successful in 40s
CI/CD Pipeline / Unit Tests (push) Successful in 1m27s
CI/CD Pipeline / Security Audit (push) Successful in 4s
CI/CD Pipeline / Build Arch Package (push) Successful in 1m56s
CI/CD Pipeline / Build Debian Package (Ubuntu 22.04) (push) Successful in 2m32s
CI/CD Pipeline / Build Alpine Package (push) Successful in 3m25s
CI/CD Pipeline / Build RPM Package (push) Successful in 3m44s
CI/CD Pipeline / Build Debian Package (push) Successful in 3m0s
- Fix reboot_system() to use shutdown -r +N for delayed reboots
- Fix patches handler to call reboot_system() instead of just logging
- Add CAP_SYS_BOOT capability to systemd service for LXC reboot support
- Remove unused warn import from packages/mod.rs
- Bump version to 0.3.1
2026-05-03 01:37:22 +00:00
03786d1798
v0.2.0: Fix List Jobs bug, TLS 1.3 enforcement, client_disconnect_timeout, RwLock contention
...
CI/CD Pipeline / Code Format (push) Failing after 1s
CI/CD Pipeline / Clippy Lints (push) Failing after 2s
CI/CD Pipeline / Unit Tests (push) Failing after 7s
CI/CD Pipeline / Build Debian Package (push) Has been skipped
CI/CD Pipeline / Build Debian Package (Ubuntu 22.04) (push) Has been skipped
CI/CD Pipeline / Build RPM Package (push) Has been skipped
CI/CD Pipeline / Build Alpine Package (push) Has been skipped
CI/CD Pipeline / Build Arch Package (push) Has been skipped
CI/CD Pipeline / Security Audit (push) Failing after 3s
Bug fixes:
- Fix List Jobs connection reset: Add client_disconnect_timeout (5s) to prevent TLS write truncation
- Enforce TLS 1.3 only: Add with_protocol_versions(&[&TLS13]) to rustls ServerConfig
- Fix RwLock contention: Release read lock before sorting in list_jobs()
- Fix systemd service: Remove ProtectSystem=strict (blocks package management)
- Fix systemd service: Change Type=notify to Type=simple (fixes restart hangs)
- Fix systemd service: Add DEBIAN_FRONTEND=noninteractive
- Fix systemd service: Add ReadWritePaths for apt/dpkg paths
CI/CD:
- Add Ubuntu 22.04 build job to CI workflow
E2E Testing:
- Add comprehensive E2E test suite (test_e2e.py)
- Tests cover health, packages, patches, jobs, security, and reboot endpoints
Other:
- Bump version to 0.2.0
- Add lessons learned documentation
2026-05-02 20:59:02 +00:00
145df1b3c8
Phase 1: Foundation - CI/CD, systemd service, test framework
...
CI/CD Pipeline / Code Format (push) Has been cancelled
CI/CD Pipeline / Clippy Lints (push) Has been cancelled
CI/CD Pipeline / Unit Tests (push) Has been cancelled
CI/CD Pipeline / Security Audit (push) Has been cancelled
CI/CD Pipeline / Build Release (x86_64-unknown-linux-gnu) (push) Has been cancelled
CI/CD Pipeline / Build Ubuntu Package (push) Has been cancelled
Completed Phase 1 foundation tasks:
- CI/CD pipeline (.github/workflows/ci.yml)
- Format check (rustfmt)
- Clippy lints
- Unit tests with codecov
- Security audit (cargo-audit)
- Build release artifacts
- Ubuntu package build
- Systemd service file (configs/linux-patch-api.service)
- Security hardening (ProtectSystem, SystemCallFilter)
- Journal logging integration
- Resource limits
- Test framework structure (tests/unit/, tests/integration/)
- Initial unit test template
- Test framework verified with cargo test
Rust toolchain 1.94.1 installed and verified.
2026-04-09 19:12:45 +00:00
