vrr/Pulse
2
0
Fork 0
mirror of https://github.com/rcourtman/Pulse.git synced 2026-05-18 06:10:23 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
Pulse/scripts
History
rcourtman ce7d7c1956 Fix stale README signature key and guard against future drift 
The README's secure-install snippet has pinned the wrong ed25519 key
since commit a60fa03d7 (April 22, 2026), so v6 rc.2 through rc.5 all
shipped with a documented verification step that does not work.

I downloaded the published rc.5 install.sh + install.sh.sshsig and
ran ssh-keygen -Y verify with both candidate keys:
  Ds21c5... (README's pinned key) -> Could not verify signature
  MZd/DaH... (key embedded in install.sh and pulse-auto-update.sh) -> OK

Customers who actually followed the README's secure-install path saw
"Could not verify signature" and aborted. Most users curl-pipe the
script unverified so the drift went unreported.

Replace the stale key in README.md and docs/INSTALL.md with the actual
pipeline signing key (MZd/...).

Add a validate-release.sh smoke that extracts the README's pinned key
and runs the exact ssh-keygen -Y verify command against the signed
install.sh.sshsig. Any future drift between documented key and actual
signing key fails the release before publish.

Lock both the correct-key presence and the stale-key absence in
build_release_assets_test.go for README and docs/INSTALL.md so a manual
edit cannot regress the docs back to the broken state.
2026-05-12 10:30:42 +01:00
..
dev Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
eval chore: add evaluation scripts, CI workflow and dev tooling 2026-01-30 19:00:48 +00:00
installtests Fix stale README signature key and guard against future drift 2026-05-12 10:30:42 +01:00
lib Normalize hot-dev auth defaults 2026-04-22 16:28:52 +01:00
lint-fixer feat: Pulse v6 release 2026-03-18 16:06:30 +00:00
release_control Fix expired agent_preflight test fixture by using now-relative claim window 2026-05-11 22:57:57 +01:00
systemd feat: Pulse v6 release 2026-03-18 16:06:30 +00:00
tests Skip runtime-defaults raw-node TS imports when integration node_modules absent 2026-05-12 01:14:41 +01:00
.go-version Update pinned Go toolchain to 1.25.9 2026-04-18 10:04:34 +01:00
audit-private-boundary.sh feat: Pulse v6 release 2026-03-18 16:06:30 +00:00
backfill-release-assets.sh Add historical release asset backfill workflow 2026-04-22 17:25:58 +01:00
build-release.sh Ship the Pulse server install.sh as the GitHub Release asset 2026-05-12 10:24:28 +01:00
bundle.manifest feat: Pulse v6 release 2026-03-18 16:06:30 +00:00
bundle.sh feat: add shared script library system and refactor docker-agent installer 2025-10-20 15:13:38 +00:00
check-bench-regression.sh feat: Pulse v6 release 2026-03-18 16:06:30 +00:00
check-workflow-dispatch-inputs.py fix(release): restore release helper executable bits 2026-03-26 12:26:55 +00:00
clean-mock-alerts.sh Route mock alert cleanup through managed runtime 2026-03-24 15:49:29 +00:00
cleanup.sh feat: Pulse v6 release 2026-03-18 16:06:30 +00:00
cloud-backup.sh feat: Pulse v6 release 2026-03-18 16:06:30 +00:00
com.pulse.hot-dev.plist.template feat: Pulse v6 release 2026-03-18 16:06:30 +00:00
conformance-smoke.sh feat: Pulse v6 release 2026-03-18 16:06:30 +00:00
demo_public_browser_smoke.cjs Harden demo public browser smoke readiness 2026-04-12 17:07:50 +01:00
dev-check.sh Switch script-reference integrity test from rg to git grep for portable CI 2026-05-12 00:30:43 +01:00
dev-deploy-agent.sh Harden dev agent deploy SSH host verification 2026-04-22 11:41:50 +01:00
dev-launchd-setup.sh Prefer managed runtime controls in launchd helper 2026-03-24 16:01:14 +00:00
dev-launchd-wrapper.sh Supervise launchd dev runtime through hot-dev-bg 2026-03-24 15:39:55 +00:00
docker-build.sh security: complete Phase 1 sensor proxy hardening 2025-10-20 15:13:37 +00:00
ensure_test_assets.sh feat: Pulse v6 release 2026-03-18 16:06:30 +00:00
exclusive-lock.mjs feat: Pulse v6 release 2026-03-18 16:06:30 +00:00
generate-release-notes.sh Clarify paid Pulse Pro runtime install path 2026-05-06 21:52:50 +01:00
generate-self-hosted-feature-catalog.go Fix RC3 backend release blockers 2026-05-01 21:36:28 +01:00
generate-types.go Fix RC3 backend release blockers 2026-05-01 21:36:28 +01:00
hot-dev-bg.sh Normalize hot-dev auth defaults 2026-04-22 16:28:52 +01:00
hot-dev.sh Normalize hot-dev auth defaults 2026-04-22 16:28:52 +01:00
install-container-agent.sh feat: Pulse v6 release 2026-03-18 16:06:30 +00:00
install-docker.sh Bump install pins to rc.5 and refresh test fixtures for Patrol readiness + Unraid host profile tokens 2026-05-11 18:02:52 +01:00
install-go-toolchain.sh Update pinned Go toolchain to 1.25.9 2026-04-18 10:04:34 +01:00
install-mcp.ps1 Stop install-mcp scripts from linking to GitHub blob/main docs 2026-05-11 23:58:45 +01:00
install-mcp.sh Stop install-mcp scripts from linking to GitHub blob/main docs 2026-05-11 23:58:45 +01:00
install.ps1 Harden unified agent runtime and installer 2026-04-23 23:04:18 +01:00
install.sh Harden root agent service defaults 2026-05-05 13:03:13 +01:00
package-helm-chart.sh release: prepare v4.25.0 2025-10-22 10:46:18 +00:00
patrol_e2e_matrix.sh feat(patrol): implement patrol findings, evaluation, and investigation logic 2026-01-31 16:23:08 +00:00
pulse-auto-update.sh Fix v6 demo release signing key deployment 2026-05-05 21:40:14 +01:00
release_asset_common.sh Fix release key helper module path 2026-05-04 09:44:41 +01:00
release_ldflags.sh Require signed unified agent release assets 2026-04-22 02:00:29 +01:00
release_update_key.go Fix v6 demo release signing key deployment 2026-05-05 21:40:14 +01:00
remerge-parallel.sh Align v6 release branch governance 2026-03-19 10:18:45 +00:00
render_installers.go Fix RC3 backend release blockers 2026-05-01 21:36:28 +01:00
repo-boundary-paid-surface.allowlist feat: Pulse v6 release 2026-03-18 16:06:30 +00:00
run_cloud_public_signup_smoke.sh Add Pulse Cloud public signup smoke 2026-04-23 23:09:10 +01:00
run_demo_public_browser_smoke.sh Add public browser smoke proof to demo workflows 2026-04-11 13:50:00 +01:00
run_hosted_staging_smoke.sh Auto-select hosted staging tenant 2026-04-15 12:23:57 +01:00
session-handoff.sh feat: Pulse v6 release 2026-03-18 16:06:30 +00:00
standalone.manifest feat: Pulse v6 release 2026-03-18 16:06:30 +00:00
sync-production-config.sh chore: update dev scripts and mock configuration 2026-01-22 22:32:45 +00:00
sync_chart_release_metadata.py fix(deploy): pin docs links to release refs 2026-03-28 21:32:11 +00:00
telemetry_adoption_report.py Harden telemetry privacy reporting contract 2026-04-14 15:06:37 +01:00
test-vm-disk.sh Update Proxmox guest agent permissions docs and tooling (refs #548) 2025-10-14 10:21:52 +00:00
toggle-mock.sh Fix mock mode legacy sidecar drift 2026-05-05 15:12:31 +01:00
trigger-release-dry-run.sh fix(release): restore release helper executable bits 2026-03-26 12:26:55 +00:00
trigger-release.sh fix(release): restore release helper executable bits 2026-03-26 12:26:55 +00:00
validate-published-release.sh Publish signed release-packet SBOM assets 2026-04-22 16:49:29 +01:00
validate-release.sh Fix stale README signature key and guard against future drift 2026-05-12 10:30:42 +01:00