release: v0.3.3 (#35)

Cohort release covering the dependency-bump and community-contribution
work that landed after v0.3.2.

Added:
- Lenovo ThinkPad X1 Carbon Gen 9 20XW00FPUS IR camera quirk (174f:2454)
  contributed by @themariusus in #29. Verified on hardware.

Packaging:
- AUR PKGBUILD: options=(!lto !debug). LTO breaks ring's hand-written
  asm and libsqlite3-sys's bundled sqlite3.c native objects on Arch's
  stock makepkg.conf, producing undefined-symbol link failures. Fixed
  by @SomeCodecat in #25.

Developer experience:
- nix develop shell now ships rustfmt, clippy, llvmPackages.libclang
  (with LIBCLANG_PATH set) so cargo fmt/clippy/build match CI gates
  inside the devshell. (#32)

Dependencies (already in main from earlier this session, surfaced here
for the CHANGELOG):
- tokio 1.49.0 -> 1.50.0
- nix 0.31.1 -> 0.31.2
- uuid 1.21.0 -> 1.23.0
- image 0.25.9 -> 0.25.10
- actions/checkout v4 -> v6
- actions/upload-artifact v4 -> v7
- actions/download-artifact v4 -> v8

Documentation:
- README Status line updated 0.3.0 -> 0.3.3 with brief summary of the
  intervening fixes and hardware additions.
- docs/STATUS.md last-updated bumped to 2026-05-28; build-state
  rewritten to reflect post-v0.3.0 bug fix wave and the quirks DB now
  covering both ASUS Zenbook 14 and Lenovo X1 Carbon Gen 9.

Workspace version bumped 0.3.2 -> 0.3.3 across Cargo.toml, Cargo.lock
(6 crates), packaging/aur/PKGBUILD, and packaging/nix/default.nix.
CHANGELOG section renamed from [Unreleased] and dated.

Known follow-up (tracked separately): packaging/aur/PKGBUILD still ships
sha256sums=('SKIP'); after this release lands, the tarball hash should
be computed and committed in a follow-up PR (lands in v0.3.4).

Author: ccross2

CHANGELOG.md

@@ -2,6 +2,42 @@
 
 ## Unreleased
 
+## v0.3.3 — 2026-05-28
+
+### Added
+
+- **Hardware support: Lenovo ThinkPad X1 Carbon Gen 9 20XW00FPUS IR camera** (`174f:2454`).
+  Verified on hardware. Quirk file at `contrib/hw/174f-2454.toml`. Contributed by
+  @themariusus in #29.
+
+### Packaging
+
+- **AUR `PKGBUILD` disables LTO and debug** (`options=(!lto !debug)`). LTO operates on
+  LLVM IR, but `ring` ships hand-written assembly via `cc` and `libsqlite3-sys`
+  compiles `sqlite3.c` via `cc` — those `.o` files have no LTO-compatible IR, so the
+  final link drops or fails to resolve their symbols. Without this, `makepkg -si`
+  on a stock Arch system fails at link time with `undefined symbol:
+  ring_core_0_17_14__LIMBS_window5_split_window` (and many more from both `ring`
+  and `libsqlite3-sys`). Reported and fixed by @SomeCodecat in #25.
+
+### Developer experience
+
+- **`nix develop` shell now ships `rustfmt`, `clippy`, and `libclang`.**
+  `inputsFrom = [ visage ]` brought the compiler but not these auxiliaries, so
+  contributors hit `error: no such command: fmt` and bindgen failed to find
+  `libclang.so`. Devshell now sets `LIBCLANG_PATH` and exposes both cargo
+  subcommands matching CI's `dtolnay/rust-toolchain@stable` gates. (#32)
+
+### Dependencies
+
+- `tokio` 1.49.0 → 1.50.0
+- `nix` 0.31.1 → 0.31.2
+- `uuid` 1.21.0 → 1.23.0
+- `image` 0.25.9 → 0.25.10
+- `actions/checkout` v4 → v6 (CI)
+- `actions/upload-artifact` v4 → v7 (CI)
+- `actions/download-artifact` v4 → v8 (CI)
+
 ## v0.3.2 — 2026-05-28
 
 ### Fixed

Cargo.lock

@@ -10,7 +10,7 @@ members = [
 ]
 
 [workspace.package]
-version = "0.3.2"
+version = "0.3.3"
 edition = "2021"
 license = "MIT"
 repository = "https://github.com/sovren-software/visage"

Cargo.toml

@@ -19,10 +19,13 @@ Linux-PAM — no kernel patches, no modified sudo.
 
 ## Status
 
-**v0.3.0 — feature-complete, end-to-end tested on Ubuntu 24.04.4 LTS.**
+**v0.3.3 — feature-complete, end-to-end tested on Ubuntu 24.04.4 LTS.**
 
 All 6 implementation steps complete. Verified: enroll, verify, PAM/sudo integration,
 systemd hardening, D-Bus access control, install/remove/purge lifecycle, suspend/resume.
+v0.3.3 expands IR emitter coverage to Lenovo ThinkPad X1 Carbon Gen 9 and ships bug
+fixes for the post-hibernate `systemctl restart` path and the PAM `success=` control
+keyword. See [CHANGELOG](CHANGELOG.md) for the full v0.3.1–v0.3.3 history.
 
 | Step | Component | Status |
 |------|-----------|--------|

README.md

@@ -1,7 +1,7 @@
 # Visage v0.3 Release Status
 
-**Last updated:** 2026-02-25
-**Build state:** v0.3.0 shipped and validated locally. All 6 implementation steps complete + model integrity enforcement + OSS governance + passive liveness detection. End-to-end tested on Ubuntu 24.04.4 LTS (v0.1.0 → v0.3.0 upgrade path verified 2026-02-24). Passive liveness awaits cargo build/test validation and manual spoof testing on hardware.
+**Last updated:** 2026-05-28
+**Build state:** v0.3.3 shipped. All 6 implementation steps complete + model integrity enforcement + OSS governance + passive liveness detection + post-v0.3.0 bug fix wave (PAM `success=` keyword corrected, `visaged` SIGTERM handler, `visaged.service` `TimeoutStopSec=10s`). End-to-end tested on Ubuntu 24.04.4 LTS. IR emitter quirks DB now covers ASUS Zenbook 14 UM3406HA and Lenovo ThinkPad X1 Carbon Gen 9 20XW00FPUS. Passive liveness still awaits manual spoof testing on hardware.
 
 ---
 
@@ -13,7 +13,7 @@
 | 2 | ONNX inference (`visage-core`) | ✅ Complete — SCRFD detection, ArcFace recognition, face alignment |
 | 3 | Daemon + D-Bus + SQLite (`visaged`) | ✅ Complete — persistent daemon, 5-method API, WAL store |
 | 4 | PAM module (`pam-visage`) | ✅ Complete — PAM_IGNORE fallback, system bus, FFI safe |
-| 5 | IR emitter (`visage-hw`) | ✅ Complete — UVC extension unit, quirks DB, ASUS Zenbook |
+| 5 | IR emitter (`visage-hw`) | ✅ Complete — UVC extension unit, quirks DB (ASUS Zenbook 14, Lenovo X1 Carbon Gen 9) |
 | 6 | Packaging | ✅ Complete — .deb, systemd, pam-auth-update, `visage setup` |
 | 7 | Model integrity (`visage-models`) | ✅ Complete — pinned SHA-256, fail-closed daemon startup, shared manifest |
 | 8 | Passive liveness (`visage-core`, `visaged`) | ⚠️ Code complete — landmark stability check; awaits `cargo check`/test + hardware spoof validation |

docs/STATUS.md

@@ -2,7 +2,7 @@
 # https://github.com/sovren-software/visage
 
 pkgname=visage
-pkgver=0.3.2
+pkgver=0.3.3
 pkgrel=1
 pkgdesc="Linux face authentication via PAM — persistent daemon, IR camera support, ONNX inference"
 arch=('x86_64')
@@ -18,7 +18,7 @@ install="$pkgname.install"
 # Preserve user data and face database across upgrades
 backup=('var/lib/visage/faces.db')
 source=("$pkgname-$pkgver.tar.gz::https://github.com/sovren-software/visage/archive/refs/tags/v$pkgver.tar.gz")
-# TODO: compute real sha256sum at release time: sha256sum visage-0.3.2.tar.gz
+# TODO: compute real sha256sum at release time: sha256sum visage-0.3.3.tar.gz
 sha256sums=('SKIP')
 
 build() {

packaging/aur/PKGBUILD

@@ -19,7 +19,7 @@
 
 rustPlatform.buildRustPackage {
   pname = "visage";
-  version = "0.3.2";
+  version = "0.3.3";
 
   src = lib.cleanSource ../..;