Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 26 additions & 0 deletions .github/workflows/audit.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
name: Security Audit

on:
schedule:
# Weekly (Mondays 06:00 UTC). Advisories appear independently of code changes,
# so this runs on a schedule rather than gating every pull request.
- cron: '0 6 * * 1'
workflow_dispatch:

permissions:
contents: read

jobs:
audit:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v7

- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable

- name: Install cargo-audit
run: cargo install cargo-audit --locked

- name: Run cargo audit
run: cargo audit
15 changes: 15 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@

## Unreleased

## v0.3.4 — 2026-07-07

### Fixed

- **NixOS / Nix flake build: add `openssl` to `buildInputs`** (issue #38). The
Expand All @@ -24,6 +26,19 @@
camera in-process after repeated capture failures instead of requiring a
restart. The per-capture stream is retained, so the camera is still released
between verifies and remains usable by other applications.
- **AUR install hook: corrected PAM keyword `success=end` → `success=done`.**
`packaging/aur/visage.install` still printed the setup guidance with the
invalid `[success=end …]` action — the same bug fixed everywhere else in
v0.3.2. libpam treats the unknown `end` as `ignore`, so a user following the
printed line verbatim would get a silent face-auth no-op. Now prints
`[success=done default=ignore]`.

### Security

- **CI: added a scheduled `cargo audit` workflow** (`.github/workflows/audit.yml`).
It scans `Cargo.lock` against the RustSec advisory database weekly and on
demand, surfacing dependency advisories without waiting for a manual check.

## v0.3.3 — 2026-05-28

### Added
Expand Down
12 changes: 6 additions & 6 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ members = [
]

[workspace.package]
version = "0.3.3"
version = "0.3.4"
edition = "2021"
license = "MIT"
repository = "https://github.com/sovren-software/visage"
Expand Down
2 changes: 1 addition & 1 deletion packaging/aur/visage.install
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ post_install() {
echo " Add this line BEFORE 'auth required pam_unix.so' in"
echo " /etc/pam.d/system-auth:"
echo ""
echo " auth [success=end default=ignore] pam_visage.so"
echo " auth [success=done default=ignore] pam_visage.so"
echo ""
echo " Or for sudo only, add the same line to /etc/pam.d/sudo."
echo " On failure or daemon unavailability, password is used as fallback."
Expand Down