git-echo/linux_patch_manager
Private
Public Access
1
0
Fork 0
Code Releases 8 Wiki Activity

Compare commits

base: git-echo:release/v1.1.13
Branches Tags
git-echo:master git-echo:fix/pkcs8-ca-key-v1.1.14 git-echo:release/v1.1.13 git-echo:fix/postinst-tls-checksum-v1.1.13 git-echo:release/v1.1.12 git-echo:release/v1.1.11 git-echo:fix/migrations-as-patch-manager git-echo:release/v1.1.10 git-echo:fix/db-ownership git-echo:release/v1.1.9 git-echo:fix/lpm-service-startup git-echo:ci/node24-actions git-echo:release/v1.1.8 git-echo:fix/postinst-surgical-upgrade git-echo:release/v1.1.7 git-echo:fix/postinst-thorough-audit git-echo:release/v1.1.6 git-echo:fix/argon2-m-param git-echo:release/v1.1.5 git-echo:fix/docker-amd64-only git-echo:release/v1.1.4-fix git-echo:release/v1.1.4 git-echo:release/v1.1.3 git-echo:fix/docker-build-complete git-echo:release/v1.1.2 git-echo:fix/docker-ubuntu-24-04 git-echo:fix/docker-rust-version-bump git-echo:release/v1.1.1 git-echo:fix/docker-build-dependencies git-echo:release/v1.1.0 git-echo:feature/automated-install git-echo:release/v1.0.0 git-echo:test/15-authz-gate-integration git-echo:fix/maintenance-windows-race-condition
git-echo:v1.1.14 git-echo:v1.1.13 git-echo:v1.1.12 git-echo:v1.1.11 git-echo:v1.1.10 git-echo:v1.1.9 git-echo:v1.1.8 git-echo:v1.1.7 git-echo:v1.1.6 git-echo:v1.1.5 git-echo:v1.1.4 git-echo:v1.1.2 git-echo:v1.1.1 git-echo:v1.1.0 git-echo:v1.0.0 git-echo:v0.2.4 git-echo:v0.2.3 git-echo:v0.2.2 git-echo:v0.2.1 git-echo:v0.2.0 git-echo:v0.1.9 git-echo:v0.1.10 git-echo:v0.1.7
...
compare: git-echo:v1.1.14
Branches Tags
git-echo:master git-echo:fix/pkcs8-ca-key-v1.1.14 git-echo:release/v1.1.13 git-echo:fix/postinst-tls-checksum-v1.1.13 git-echo:release/v1.1.12 git-echo:release/v1.1.11 git-echo:fix/migrations-as-patch-manager git-echo:release/v1.1.10 git-echo:fix/db-ownership git-echo:release/v1.1.9 git-echo:fix/lpm-service-startup git-echo:ci/node24-actions git-echo:release/v1.1.8 git-echo:fix/postinst-surgical-upgrade git-echo:release/v1.1.7 git-echo:fix/postinst-thorough-audit git-echo:release/v1.1.6 git-echo:fix/argon2-m-param git-echo:release/v1.1.5 git-echo:fix/docker-amd64-only git-echo:release/v1.1.4-fix git-echo:release/v1.1.4 git-echo:release/v1.1.3 git-echo:fix/docker-build-complete git-echo:release/v1.1.2 git-echo:fix/docker-ubuntu-24-04 git-echo:fix/docker-rust-version-bump git-echo:release/v1.1.1 git-echo:fix/docker-build-dependencies git-echo:release/v1.1.0 git-echo:feature/automated-install git-echo:release/v1.0.0 git-echo:test/15-authz-gate-integration git-echo:fix/maintenance-windows-race-condition
git-echo:v1.1.14 git-echo:v1.1.13 git-echo:v1.1.12 git-echo:v1.1.11 git-echo:v1.1.10 git-echo:v1.1.9 git-echo:v1.1.8 git-echo:v1.1.7 git-echo:v1.1.6 git-echo:v1.1.5 git-echo:v1.1.4 git-echo:v1.1.2 git-echo:v1.1.1 git-echo:v1.1.0 git-echo:v1.0.0 git-echo:v0.2.4 git-echo:v0.2.3 git-echo:v0.2.2 git-echo:v0.2.1 git-echo:v0.2.0 git-echo:v0.1.9 git-echo:v0.1.10 git-echo:v0.1.7

1 Commits
release/v1 ... v1.1.14

Author SHA1 Message Date
Draco-Lunaris-Echo
27716af5d7 fix(packaging): convert CA key from SEC1 to PKCS#8 for Rust pm-ca parser (#71)
Some checks failed
CI Pipeline / Rust Format Check (push) Successful in 3s
CI Pipeline / Clippy Lints (push) Successful in 52s
CI Pipeline / Rust Unit Tests (push) Failing after 1m21s
CI Pipeline / Security Audit (push) Successful in 5s
CI Pipeline / Frontend Lint & Type Check (push) Successful in 16s
CI Pipeline / Build .deb & Release (push) Has been skipped
The Rust pm-ca crate (crates/pm-ca/src/ca.rs) only parses PKCS#8
format private keys. openssl ecparam -genkey produces SEC1 format
(BEGIN EC PRIVATE KEY), which the Rust ring/RSA parser rejects
with "parse CA private-key PEM", causing the service to crash-loop
on startup.

Proven on LPM: converting ca.key with openssl pkcs8 -topk8 -nocrypt
and restarting patch-manager-web results in:
  Root CA loaded successfully
  Listening (HTTPS) on 0.0.0.0:443
 2026-06-10 10:20:46 -05:00
6 changed files with 12 additions and 4 deletions
Expand all files Collapse all files

2
Cargo.toml
View File

@ -12,7 +12,7 @@ members = [
] ]
[workspace.package] [workspace.package]
version = "1.1.13" version = "1.1.14"
edition = "2021" edition = "2021"
authors = ["Echo <echo@moon-dragon.us>"] authors = ["Echo <echo@moon-dragon.us>"]
license = "MIT" license = "MIT"

6
debian/changelog vendored
View File

@ -1,3 +1,9 @@
linux-patch-manager (1.1.14-1) unstable; urgency=low
* Release v1.1.14
-- git-echo <git-echo@moon-dragon.us> Wed, 10 Jun 2026 10:02:44 -0500
linux-patch-manager (1.1.13-1) unstable; urgency=low linux-patch-manager (1.1.13-1) unstable; urgency=low
* Release v1.1.13 * Release v1.1.13

2
debian/control vendored
View File

@ -1,5 +1,5 @@
Package: linux-patch-manager Package: linux-patch-manager
Version: 1.1.13-1 Version: 1.1.14-1
Architecture: amd64 Architecture: amd64
Maintainer: Moon Dragon <echo@moon-dragon.us> Maintainer: Moon Dragon <echo@moon-dragon.us>
Installed-Size: 45000 Installed-Size: 45000

2
debian/postinst vendored
View File

@ -277,6 +277,8 @@ generate_tls_certs() {
if [[ ! -f "${ca_cert}" ]]; then if [[ ! -f "${ca_cert}" ]]; then
info "Generating internal Certificate Authority (ECDSA P-256, 10-year validity)..." info "Generating internal Certificate Authority (ECDSA P-256, 10-year validity)..."
openssl ecparam -genkey -name prime256v1 -noout -out "${ca_key}" openssl ecparam -genkey -name prime256v1 -noout -out "${ca_key}"
# Convert SEC1 → PKCS#8 (the Rust pm-ca crate only parses PKCS#8).
openssl pkcs8 -topk8 -nocrypt -in "${ca_key}" -out "${ca_key}.tmp" && mv "${ca_key}.tmp" "${ca_key}"
openssl req -new -x509 -key "${ca_key}" -out "${ca_cert}" \ openssl req -new -x509 -key "${ca_key}" -out "${ca_cert}" \
-days 3650 \ -days 3650 \
-subj "/CN=Patch Manager Root CA/O=Patch Manager" \ -subj "/CN=Patch Manager Root CA/O=Patch Manager" \

2
frontend/package.json
View File

@ -1,7 +1,7 @@
{ {
"name": "patch-manager-ui", "name": "patch-manager-ui",
"private": true, "private": true,
"version": "1.1.13", "version": "1.1.14",
"type": "module", "type": "module",
"scripts": { "scripts": {
"dev": "vite", "dev": "vite",

2
scripts/build-package.sh
View File

@ -22,7 +22,7 @@ warn() { echo -e "${YELLOW}[WARN]${NC} $*"; }
error() { echo -e "${RED}[ERROR]${NC} $*" >&2; exit 1; } error() { echo -e "${RED}[ERROR]${NC} $*" >&2; exit 1; }
PROJECT_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" PROJECT_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
VERSION="1.1.13" VERSION="1.1.14"
RELEASE="1" RELEASE="1"
PKG_NAME="linux-patch-manager" PKG_NAME="linux-patch-manager"
DEB_NAME="${PKG_NAME}_${VERSION}-${RELEASE}_amd64.deb" DEB_NAME="${PKG_NAME}_${VERSION}-${RELEASE}_amd64.deb"