Conversation
…to utils Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Secure temp file creation with randomized name and 0600 perms (config.go) - Fix cache file permissions from 0644 to 0600 (registry.go) - Return error on ErrPullingImage instead of silent fallthrough (registry.go) - Fix Docker cmd format: split "sleep 60" into ["sleep", "60"] (registry.go) - Wrap sentinel errors with underlying cause for better diagnostics (registry.go) - Prevent double-call panic in OperationTracker done() with sync.Once (tracker.go) - Fix forceQuitCount threshold from >= 1 to >= 2 (manager.go) - Protect SetTimeout/Shutdown timeout field with mutex (manager.go)
- Scope contents:write and packages:write to release job only (ci.yml) - Increase TTL/sleep margins in cache expiration tests (cache_test.go) - Increase timing margins in shutdown tests (shutdown_test.go)
…ed DI Introduce FileOpener and ContainerLister interfaces with a ConfigManager struct that holds dependencies. Move package-level functions to methods on ConfigManager and add backward-compatible wrapper functions so external callers remain unchanged. Tests now use mock implementations per test instead of mutating shared global function pointers, making them safe for t.Parallel().
Adds IsNixOS, NixosRebuild, BuildISO, and Infect (stub) functions for managing NixOS-based deployments.
Add stamusctl nix subcommands (init, switch, iso, infect) with corresponding handlers. Mirrors the compose command structure for NixOS-based appliance deployments.
Add init and switch handler tests validating input validation and NixOS detection. Add nix-test-syntax and nix-test-vm Makefile targets.
…and shutdown - Fix CLI double-SIGINT force-quit firing on first rapid press instead of second (count >= 1 → count >= 2) - Replace logger.Fatal with logger.Error + return in nix init handler to preserve graceful shutdown and error propagation - Add action allowlist to NixosRebuild (switch/boot/test/build/build-vm) to prevent arbitrary argument injection - Sanitize output path in NixISOHandler via validation.SanitizePath - Remove misleading destructive-operation warning from unimplemented nix infect handler - Reorder SetupRouter parameters to place context.Context first per Go convention - Guard against duplicate operation IDs in shutdown OperationTracker to prevent silent WaitGroup hangs
Deduplicate nearly identical code between compose and nix init handlers into a new internal/handlers/common package (PullLatestTemplate, InstanciateConfig, SetParameters, ResolveTemplatePath). Split tightly-coupled functions to enable unit testing without external dependencies: - Extract filterContainers pure function from handleLogs (compose/info) - Extract shouldCreateBackup predicate (docker-compose/wrapper) - Add execCommand var injection in internal/nix for mock substitution - Add execCommandFunc var in compose/update for script execution mocking - Add outputWriter var in handlers/template/keys for output capture
Add ~40 new test files and extend ~20 existing ones across all major packages. Key coverage improvements: - handlers/config: 0% → 81% (get, set, clear, list) - handlers/compose: 7% → 64% (init, update, info, restart, readPcap) - handlers/nix: 5% → 72% (init embed mode, iso, infect) - models: 62% → 75% (config utils, registry, embed, parameters) - nix: 11% → 93% (mock execCommand for rebuild/iso) - completion: 22% → 98% (fresh data paths, cache) - stamus: 59% → 85% (registries, config list) - cmd/ctl: 0% → 45% (command structure, handlers, formatSize) - cmd/daemon: 21% → 74% (HTTP handlers, router setup, health) Testing patterns: afero MemMapFs for filesystem, app.Mode="test" with mocker for Docker operations, function variable injection for external dependencies, table-driven tests with t.Run().
Alpine replaces packages in-place within a release, so pinning exact -rN revisions causes builds to break when repos update. Matches the unpinned approach already used in Dockerfile.daemon.
Tests calling rootCmd() race on viper/pflag globals, and tests calling setupLogging/InitTracer race on gin mode and the tracer global. Remove t.Parallel where needed and cancel the context from setupLogging to stop leaked prometheus goroutines before the next test runs.
Add a NixOS VM test that exercises the full stamusctl nix init → switch
pipeline inside a real NixOS VM using the NixOS testing framework.
The test verifies:
- Template rendering with Go templating ({{ .Values.hostname }})
- Rendered configuration.nix is valid NixOS (nixos-rebuild build)
- Switch handler passes correct args to nixos-rebuild
Restructure flake.nix to add checks.x86_64-linux.nixos-test output,
and add Docker-based make targets for non-NixOS contributors.
Run with: make nix-test-vm (native) or make nix-test-vm-docker (Docker)
Add `stamusctl nix test` that discovers and runs .sh and .nix test files from the config's tests/ directory. Templates can ship validation tests that users run before switch/iso, and users can override them. - Shell scripts run with bash, receive STAMUSCTL_CONFIG_PATH env var - Nix files evaluated with nix-instantiate --eval, receive --arg configPath - Reports PASS/FAIL per test with summary, exits non-zero on failure - Supports --filter glob to run specific tests Also adds make nix-test-cmd-docker target that builds stamusctl and runs init + test with the fixture template in a NixOS Docker container.
Add nix/iso.nix defining a NixOS live ISO that ships stamusctl in PATH with LXQt desktop environment and auto-login. Wire it into the flake as packages.x86_64-linux.iso and add Makefile targets: - make nix-iso: build the ISO - make nix-iso-run: launch it in QEMU with graphics Also improve the Nix package build to inject version from VERSION file and actual git commit instead of hardcoded placeholders, and add fallback version resolution in the Makefile.
Add reusable nix.yml workflow with 4 jobs: template syntax validation, VM template rendering test, ISO graphical test (LXQt + stamusctl), and ISO build gated on all tests passing. Wire it into the CI pipeline alongside existing build and docker jobs. Also add iso-test.nix that boots a full LXQt desktop VM and verifies stamusctl is in PATH and runs correctly, and fix nix eval calls in Makefile to use --impure --expr for builtins.currentSystem.
The Nix flake reads ./VERSION for build metadata. Without it tracked in git, nix build fails because flake source copies only include git-tracked files.
…ry map When `config set` disables an optional parameter (e.g. arkime=false), ProcessOptionnalParams removes its children from parameters but the arbitrary map — populated by LoadConfigFrom from the prior values.yaml — retains them. This creates conflicting flat keys (e.g. Values.arkime=false AND Values.arkime.version=master) that cause nestMap errors and non-deterministic template rendering depending on Go map iteration order. Filter stale children in GetData() and saveParamsTo(). Also make nestMap deterministic: sub-keys always win over scalar values at the same path.
…path Version files written by shell commands or CI tooling typically end with a trailing newline. The raw content was embedded into the stamus.config path in values.yaml, causing SanitizePath to reject it with "path contains forbidden control characters" on subsequent config get/load. Apply strings.TrimSpace when reading the version file in saveParamsTo and PullConfigAndUnwrap.
Add the ISO artifact to the release pipeline so it's downloadable from the GitHub release page alongside the CLI and daemon binaries.
After dropping a service from the configuration (e.g. `config set arkime=false`), the rendered compose file no longer references that container, so a subsequent up left it running as an untracked orphan. Enable `--remove-orphans` for `up` by default, treating the rendered compose file as the source of truth. The behavior is opt-out: pass `--remove-orphans=false` to `compose up`, or `--keep-orphans` to `config set --apply`, to retain orphaned containers.
values.yaml files written by older binaries (before the trailing-newline write fix) embedded a "\n" into the stored stamus.config path, which SanitizePath rejects as a forbidden control character. Trim the path in GetStamusFile so those existing on-disk configs remain loadable instead of failing to load.
The host running `nix init` is typically not the host that will run the stack, so probing local network interfaces offers irrelevant choices. Add a DisableInterfaceDetection switch that `nix init` enables, causing the "interfaces" choice to be provided as free text rather than picked from this host.
Expand the `nix` command family with deployment-lifecycle operations: - diff: build the pending configuration and show package-level changes against the current system via `nix store diff-closures` - update: pull a newer template version and smart-merge it over the existing config, with an automatic backup beforehand - build-vm: build a throwaway QEMU VM from the configuration, optionally launching it - status: report NixOS detection, config presence, template version, and system generations - iso-run: boot a previously built ISO in QEMU Add the supporting internal/nix wrappers (DiffClosures, ListGenerations, RunISO, FindAndRunVM) and switch RunNixTest from `nix-instantiate --eval` to `nix-build` so it can drive NixOS integration tests.
Add a NixOS Support section to the root README covering the flake outputs, live ISO, and integration tests, plus reference docs for the new nix subcommands. Add package-level READMEs for cmd/ctl/nix, internal/handlers/nix, internal/nix, nix, and tests/nixos.
Reject request-supplied config/project names that could escape the configs directory at every daemon entry point (compose up/down/restart/update/init, config set/get) and confine upload destinations with SanitizePath. SanitizePath with an empty baseDir previously only checked for post-Clean ".." sequences, letting "~" and "$" expansions through; it now rejects all traversal sequences against the raw path. CORS no longer advertises Access-Control-Allow-Credentials together with the "*" wildcard origin, a combination the Fetch spec forbids and browsers block.
The pre-run script output was written to values.yaml and then immediately overwritten by SaveConfigTo, which used the config loaded before the script ran, so pre-run migrations were silently discarded. Reload the config from the migrated values.yaml before the smart merge. Only persist and reload when the script produced output, so a missing pre-run script no longer truncates values.yaml and wipes existing values.
NixInitHandler set the process-global DisableInterfaceDetection and never restored it, so a later handler in the same daemon process (e.g. compose init) would silently skip host interface detection. Save and defer-restore the previous value.
# [1.2.0-trunk.1](1.1.0...1.2.0-trunk.1) (2026-06-22) ### Bug Fixes * **ci:** docker permissions ([8a7116d](8a7116d)) * **ci:** least-privilege permissions and flaky test timing ([b18ac45](b18ac45)) * **compose:** remove orphan containers on up by default ([43580e8](43580e8)) * **config:** filter stale children of disabled optionals from arbitrary map ([3c960e0](3c960e0)) * **config:** trim trailing newline from stored stamus.config path ([3450f83](3450f83)) * **config:** trim trailing newline from version file before using as path ([8697539](8697539)) * correctness and security bugs in nix handlers, signal handling, and shutdown ([3ef7b69](3ef7b69)) * **docker:** remove fragile Alpine package version pins ([057457f](057457f)) * **handlers:** update readPcap import after GetComposeFilePath moved to utils ([d9590cd](d9590cd)) * **internal:** config list ([2cdcb23](2cdcb23)) * **lint:** add version field to golangci-lint v2 config ([a627c26](a627c26)) * **nix:** restore interface-detection flag after init ([d3a74a6](d3a74a6)) * security and correctness bugs in models and shutdown ([0c31355](0c31355)) * **security:** validate daemon config paths and fix CORS credentials ([f63617a](f63617a)) * **test:** remove t.Parallel from tests that mutate global state ([4f5e48a](4f5e48a)) * **update:** apply pre-run script output to the updated config ([7dfd08c](7dfd08c)) ### Features * **ci:** daemon integration tests ([8594abf](8594abf)) * completion Makefile ([18420eb](18420eb)) * **ctl:** completion ([f5b096d](f5b096d)) * **daemon:** unit tests ([b4fc2c0](b4fc2c0)) * gracefull shutdown integration ([5189bd2](5189bd2)) * **internal:** completion infrastructure ([16156e2](16156e2)) * **internal:** gracefull shutdown implementation ([3912b4f](3912b4f)) * **internal:** usable config list ([f04de64](f04de64)) * **models:** remote includes ([370a77f](370a77f)) * **nix:** add diff, update, build-vm, status, and iso-run subcommands ([a64b6e9](a64b6e9)) * **nix:** add internal/nix package for NixOS command execution ([05476e0](05476e0)) * **nix:** add nix command family and handlers ([8e92111](8e92111)) * **nix:** add NixOS live ISO build with LXQt desktop ([a349fc1](a349fc1)) * **nix:** add shell completions to flake build ([76785e3](76785e3)) * **nix:** add test subcommand to run template test suites ([fed5a9c](fed5a9c)) * **nix:** skip host interface detection during nix init ([9bed06e](9bed06e)) * updated go mod ([5f3a055](5f3a055))
Member
Author
|
🎉 This PR is included in version 1.2.0-trunk.1 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.