The auto-update flow stops the Pulse service before applying updates.
If the update fails, the rollback path restored files but never
restarted the service. Since the main unit was explicitly stopped
(not crashed), systemd's Restart=always didn't rescue it.
Add restart-on-failure guards to both pulse-auto-update.sh and
install.sh so Pulse is always restarted after a failed update attempt.
Add singleton watchdog with lock dir, pidfile tracking, and signal
traps to prevent multiple pulse-agent instances spawning on QNAP.
Tighten procfs matching to avoid killing unrelated processes.
Add stop_qnap_agents() helper that kills wrapper scripts before binaries
to prevent watchdog respawn, and uses path-based pkill patterns that work
with BusyBox and match agents at both old and new install paths.
- Split configuration table into "Installer flags" and "Agent-only flags"
so users know which flags work with `curl | bash` vs the binary directly
- Add missing --cacert and --env flags to installer docs
- Fix --disable-auto-update example (install script doesn't accept it;
use --env PULSE_DISABLE_AUTO_UPDATE=true instead)
- Add --disable-docker/kubernetes/proxmox and --proxmox-type to
install.sh show_help()
- Fix --enable-docker=false in CENTRALIZED_MANAGEMENT.md
On QNAP, /usr/local/bin is a tiny RAM disk. The installer was downloading
the binary then mv'ing it there, which failed when the RAM disk was full.
The QNAP-specific logic that copies to the persistent data volume only
ran after that mv.
Move QNAP detection before the download step so INSTALL_DIR points to the
persistent data volume (e.g. /share/CACHEDEV1_DATA/.pulse-agent) directly.
The wrapper script still attempts to copy to /usr/local/bin at boot but
falls back to running from persistent storage if that fails.
Also fixes:
- pkill -f pattern in wrapper could match and kill the wrapper itself
(path contains "pulse-agent"); switched to pkill -x for exact match
- Upgrade detection now checks /usr/local/bin for legacy QNAP installs
- Uninstall cleans up /usr/local/bin runtime copy
QNAP wipes /etc/init.d on every reboot, so the agent needs persistent
storage on a data volume and autorun.sh boot persistence via the flash
config partition. Adds detection, install (with watchdog wrapper), and
clean uninstall paths. Flash config mount/umount is fail-safe via
subshell isolation to prevent leaving the partition mounted on write
errors.
Users can now pass --env KEY=VALUE (repeatable) to the install script to
inject custom environment variables into the agent's service file. Useful
for KUBECONFIG and similar paths not auto-detected by the installer.
The Settings UI adds a textarea for entering env vars that get appended
to the generated install command. Both frontend and script validate key
format and reject unsafe value characters.
Two changes to prevent duplicates in Settings > Virtual Environment:
1. Install script: only clear Proxmox state files on fresh installs,
not upgrades. Previously every install forced re-registration.
2. Auto-register dedup: match agent re-registrations by server name
when both the existing entry and new request have Pulse-created
tokens (pulse-monitor@pam!pulse-*). This catches the case where
the agent creates a new token after state files are cleared.
The --cacert flag was only used for curl during installation. On systems
with custom CA certificates (e.g. TrueNAS CORE with certs in
/etc/certificates/CA), the agent process had no way to trust the custom
CA and users had to fall back to --insecure.
Set SSL_CERT_FILE in the agent's runtime environment when --cacert is
provided. Go's crypto/x509 reads this natively, so the agent trusts the
custom CA without any binary changes. All service types are covered:
systemd, upstart, launchd, FreeBSD rc.d, OpenRC, SysV init, and Unraid.
Also validates the --cacert path at install time: directories and missing
paths now fail early with a clear message instead of silently proceeding.
Extends the TrueNAS SCALE installer to also support TrueNAS CORE
(FreeBSD-based). The installer auto-detects the platform and configures
the appropriate service manager: systemd for SCALE, rc.d for CORE.
- Rename is_truenas_scale() to is_truenas() with FreeBSD detection
- Add FreeBSD rc.d service script generation with placeholder substitution
- Add FreeBSD bootstrap script for Init/Shutdown task persistence
- Split install/uninstall paths by OS throughout the TrueNAS block
- Add --cacert <path> flag for custom CA bundles (wired to curl only,
not passed to the agent binary)
- Fix --cacert incorrectly mapping to --insecure in exec args
- Fix missing closing quote on RCSCRIPT_LINK in FreeBSD bootstrap
- Fix unreachable echo after exit 0 in FreeBSD bootstrap
Co-authored-by: wilddev65 <wilddev65@users.noreply.github.com>
(cherry picked from commit affdbaeebaf2b1135431b232593122f464c6bb53)
The previous commit added FreeBSD binaries to the Docker build and
release directory but didn't update the manifest generator or validation
script. Without this, FreeBSD binaries would be built but not tracked
or validated, and release validation would fail on the new entries.
Related to #1051
Two fixes for FreeBSD agent support:
1. The Docker image never built or included FreeBSD agent binaries, causing
404 errors when FreeBSD clients requested the download. Added FreeBSD
amd64/arm64 cross-compilation for both host-agent and unified-agent,
plus COPY statements to include them in the image. Also added bare
FreeBSD binaries to GitHub release assets for the redirect fallback.
2. pfSense does not use the standard FreeBSD rc.d boot system — scripts
in /usr/local/etc/rc.d/ must end in .sh to run at boot. The installer
now detects pfSense and creates a .sh boot wrapper alongside the
standard rc.d script. Also added -r flag to daemon for auto-restart.
Related to #1051
Restored original license signing key from backup - key was never
compromised (private repo). Removes unnecessary dual-key complexity:
- Remove legacyPublicKey and SetLegacyPublicKey from license.go
- Simplify signature verification to single key
- Remove EmbeddedLegacyPublicKey from pubkey.go
- Remove PULSE_LICENSE_LEGACY_PUBLIC_KEY from Dockerfile and workflows
- Remove dual-key test
- Simplify mock.env
The UI only showed a bash uninstall command which doesn't work on Windows.
Added PULSE_UNINSTALL env var support to install.ps1 and updated the UI
to display platform-specific uninstall commands for both Linux/macOS and
Windows.
Related to #1176
Replace bash associative arrays with parallel indexed arrays to ensure
the build script works on systems with older bash versions or when run
under /bin/sh.
Changes:
- Replace host_agent_builds associative array with host_agent_envs indexed array
- Replace builds associative array with build_envs indexed array
- Add array length validation to catch config mismatches early
- Use index-based iteration instead of key-based lookup
- Fixed --disable-docker not being passed to systemd service file. Related to #1151
- Added init: true requirement to HTTPS/TLS docs for Docker. Related to #1166
- Added --kube-include-all-pods and --kube-include-all-deployments flags
- Added --help support to install.sh
- Moved root check in install.sh to allow viewing help as non-root
When scripts/watch-backup.sh exists (gitignored, local only), hot-dev
automatically starts a file watcher that backs up source files on every
save to ~/.pulse-backups/. Protects against accidental data loss from
git checkout or other mishaps, regardless of what tool makes the change.
- hot-dev.sh: Fix hostname -I for macOS, use ifconfig instead
- hot-dev.sh: Fix PULSE_AUDIT_DIR for mock mode
- hot-dev.sh: Use PULSE_REPOS_DIR for Pro module detection
- dev-check.sh: Fix pgrep -c (not supported on macOS)
- dev-check.sh: Use /tmp/pulse-debug.log on macOS instead of journalctl
- Update internal/api docs to use env var paths
The sensor proxy approach for temperature monitoring has been superseded
by the unified agent architecture where host agents report temperature
data directly. This removes:
- cmd/pulse-sensor-proxy/ - standalone proxy daemon
- internal/tempproxy/ - client library
- internal/api/*temperature_proxy* - API handlers and tests
- internal/api/sensor_proxy_gate* - feature gate
- internal/monitoring/*proxy_test* - proxy-specific tests
- scripts/*sensor-proxy* - installation and management scripts
- security/apparmor/, security/seccomp/ - proxy security profiles
Temperature monitoring remains available via the unified agent approach.
Finds commits referencing GitHub issues (#xxx) and verifies the
fix is still present in the final diff before including it.
This prevents mentioning features/fixes that were later reverted.
The previous approach used commit messages which could include changes
that were later reverted. Now the script analyzes actual git diffs
between versions to identify user-facing changes.
Extracts diffs from:
- API handlers (new endpoints)
- Frontend components (new features)
- Config options (new settings)
- Alerts/notifications (webhook changes)
- Agent code (host/docker features)
- Install scripts
Passes structured diffs to LLM with instructions to write plain,
factual release notes without marketing language.
- Make URL validation case-insensitive to accept Http://, HTTP://, etc.
- Replace nohup with shell backgrounding for QNAP platform compatibility
- Add disown for SIGHUP protection where available
fix: AI chat mobile responsiveness. Related to #1131
- Use responsive width (full on mobile, 480px on larger screens)
- Add flex-wrap to header for better mobile layout
Implements exponential backoff restart loop in the wrapper script
for Unraid/Slackware installations. When the agent exits unexpectedly,
it will automatically restart with increasing delays (5s -> 60s max).
This improves reliability for users who don't have systemd for
automatic service restarts.
