You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
fix(packaging): preserve operator TLS cert across the cert-shipping -> rc.10 upgrade (#598)
The #596 generate-if-absent fix protects rc.10->onward upgrades, but the
one-time transition FROM a release that shipped the cert in its payload
(<= rc.9) removed the operator's cert entirely: rc.9 owned
/etc/openwatch/tls/cert.pem, rc.10 does not, so the package manager
reclaimed the orphaned file AFTER rc.10's provisioning had already run and
skipped it. RPM left it missing (service can't start TLS); DEB regenerated
a demo (operator cert lost). Found via the Stage-3 gap-closure RPM/DEB
install-transition tests.
Fix:
- RPM: declare the cert/key paths %ghost so rpm tracks them with no payload
content and does not reclaim the operator's file on the transition.
- DEB: preinst stashes an existing cert/key to .dpkg-bak on upgrade (before
dpkg removes the orphan); postinst restores it before provisioning.
- AC-22 updated: assert %ghost (flag 'g', no content) on RPM and the
preinst/postinst preserve dance on DEB; upgrade-container-test.sh now
asserts an operator cert survives the rpm -U upgrade.
- release-package-build spec v1.3.0 (C-05 + AC-22 extended).
Verified in containers: genuine published rc.9 -> rc.10 preserves the
operator cert+key on both RPM (%ghost) and DEB (preinst/postinst); fresh
install still generates a demo; steady-state reinstall preserves.
|| { echo"FAIL: operator TLS cert was NOT preserved across the upgrade (cert.pem=$(head -1 /etc/openwatch/tls/cert.pem 2>/dev/null ||echo MISSING))"; fail=1; }
0 commit comments