0222b1677d
Some checks failed
CI Pipeline / Rust Format Check (push) Successful in 10s
CI Pipeline / Clippy Lints (push) Successful in 51s
CI Pipeline / Rust Unit Tests (push) Failing after 1m32s
CI Pipeline / Security Audit (push) Successful in 5s
CI Pipeline / Frontend Lint & Type Check (push) Successful in 15s
CI Pipeline / Build .deb & Release (push) Has been skipped
Root cause: postinst ran sqlx migrate as postgres (superuser), creating ALL database objects owned by postgres. When pm-web connects as patch_manager, it cannot ALTER TABLE during migrations because it does not own them. The reassign_ownership() function never worked because REASSIGN OWNED BY postgres TO patch_manager fails for superuser-owned objects. Fix: Create the database owned by patch_manager (already done) and run all migrations as patch_manager via PGPASSWORD auth. When all objects are owned by patch_manager from the start, pm-web can ALTER them during upgrades. Changes: - Add psql_run_as_pm() helper that authenticates as patch_manager via PGPASSWORD - Replace all psql_run_db calls in apply_migrations() with psql_run_as_pm - Remove reassign_ownership() function entirely (it never worked) - Remove reassign_ownership call from main() - Add ALTER DEFAULT PRIVILEGES FOR ROLE postgres in setup_database() as safety net for any future migration that might run as postgres - Upgrade GRANT USAGE/CREATE to GRANT ALL PRIVILEGES on schema public - Keep pgcrypto extension creation as postgres (requires superuser) - Renumber sections after removing reassign_ownership Proven on live LPM system: service active, port 443 listening, all tables owned by patch_manager.