Echo
65cfb40abb
Some checks failed
CI/CD Pipeline / Code Format (push) Has been cancelled
CI/CD Pipeline / Clippy Lints (push) Has been cancelled
CI/CD Pipeline / Unit Tests (push) Has been cancelled
CI/CD Pipeline / Security Audit (push) Has been cancelled
CI/CD Pipeline / Build Release (x86_64-unknown-linux-gnu) (push) Has been cancelled
CI/CD Pipeline / Build Ubuntu Package (push) Has been cancelled
Phase 2: Core API Development - 15 REST API endpoints (packages, patches, system, jobs, websocket) - mTLS authentication layer (src/auth/mtls.rs) - IP whitelist enforcement (src/auth/whitelist.rs) - Job manager with async operation support - WebSocket streaming for job status Phase 3: Security Hardening - Security testing: 16/16 tests passing - Fuzz testing: 21 tests, all findings resolved - Threat model validation (STRIDE matrix) - TLS binding fix (critical vulnerability resolved) - Security documentation complete Phase 4: Production Readiness - Performance benchmarking (all targets met) - Package creation (.deb/.rpm structures) - Documentation (README, API docs, deployment guide) - Security hardening (6 vulnerabilities fixed) Deliverables: - API_DOCUMENTATION.md (889 lines) - DEPLOYMENT_GUIDE.md (733 lines) - SECURITY.md (346 lines) - README.md (525 lines) - debian/ package structure - linux-patch-api.spec (RPM) - install.sh installer script - benches/api_benchmarks.rs - Multiple security/performance reports Security Status: 0 vulnerabilities remaining Test Coverage: 31 unit tests, 21 integration tests Build Status: Release optimized
50 lines
1.8 KiB
Bash
Executable File
50 lines
1.8 KiB
Bash
Executable File
#!/bin/bash
|
|
# postinst script for linux-patch-api
|
|
# Created by package build system
|
|
|
|
set -e
|
|
|
|
# Configure with debhelper
|
|
if [ "$1" = "configure" ]; then
|
|
echo "Configuring linux-patch-api..."
|
|
|
|
# Copy example configs if they don't exist
|
|
if [ ! -f "/etc/linux_patch_api/config.yaml" ]; then
|
|
echo "Creating default config.yaml..."
|
|
cp /etc/linux_patch_api/config.yaml.example /etc/linux_patch_api/config.yaml
|
|
chmod 640 /etc/linux_patch_api/config.yaml
|
|
chown linux-patch-api:linux-patch-api /etc/linux_patch_api/config.yaml
|
|
fi
|
|
|
|
if [ ! -f "/etc/linux_patch_api/whitelist.yaml" ]; then
|
|
echo "Creating default whitelist.yaml..."
|
|
cp /etc/linux_patch_api/whitelist.yaml.example /etc/linux_patch_api/whitelist.yaml
|
|
chmod 640 /etc/linux_patch_api/whitelist.yaml
|
|
chown linux-patch-api:linux-patch-api /etc/linux_patch_api/whitelist.yaml
|
|
fi
|
|
|
|
# Reload systemd daemon to pick up new service file
|
|
systemctl daemon-reload
|
|
|
|
# Enable the service (but don't start automatically - admin should configure first)
|
|
systemctl enable linux-patch-api.service
|
|
|
|
echo ""
|
|
echo "linux-patch-api installed successfully!"
|
|
echo ""
|
|
echo "Next steps:"
|
|
echo " 1. Configure /etc/linux_patch_api/config.yaml with your settings"
|
|
echo " 2. Place TLS certificates in /etc/linux_patch_api/certs/"
|
|
echo " 3. Configure IP whitelist in /etc/linux_patch_api/whitelist.yaml"
|
|
echo " 4. Start the service: systemctl start linux-patch-api"
|
|
echo " 5. Check status: systemctl status linux-patch-api"
|
|
echo ""
|
|
fi
|
|
|
|
# Handle upgrade
|
|
if [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-remove" ] || [ "$1" = "abort-deconfigure" ]; then
|
|
echo "Installation aborted - service remains in previous state"
|
|
fi
|
|
|
|
exit 0
|