disinto-admin/disinto
1
0
Fork 0
Code Issues 24 Pull requests 1 Projects Releases Packages Wiki Activity Actions
disinto/tools
History
dev-qwen2 0243f546da
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/push/nomad-validate Pipeline was successful
Details
fix: edge-control: deregister has no ownership check — any authorized SSH key can take over any project (#1091) 
Require the caller to prove ownership on deregister by providing the
pubkey that was used during registration. The stored pubkey is loaded
from registry.json and compared byte-for-byte against the supplied key.

Changes:
- Add get_pubkey() helper to lib/ports.sh
- Update do_deregister() to verify caller pubkey before removing project
- Update SSH protocol to "deregister <project> <pubkey>"
- Update bin/disinto CLI to read tunnel keypair and pass pubkey
- Return {"error":"pubkey mismatch"} on failure (no pubkey leakage)
- Add unit tests for both success and failure paths

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-20 19:12:31 +00:00
..
edge-control fix: edge-control: deregister has no ownership check — any authorized SSH key can take over any project (#1091) 2026-04-20 19:12:31 +00:00
vault-apply-policies.sh fix: [nomad-step-2] S2-fix — 4 bugs block Step 2 verification: kv/ mount missing, VAULT_ADDR, --sops required, template fallback (#912) 2026-04-16 21:10:59 +00:00
vault-apply-roles.sh fix: [nomad-step-2] S2-fix — 4 bugs block Step 2 verification: kv/ mount missing, VAULT_ADDR, --sops required, template fallback (#912) 2026-04-16 21:10:59 +00:00
vault-import.sh fix: [nomad-step-3] S3-fix-4 — KV key-name mismatch: wp_forgejo_client vs forgejo_client (#954) 2026-04-17 09:53:23 +00:00
vault-seed-agents.sh fix: [nomad-step-4] S4-fix-1 — vault-seed-agents.sh must seed kv/disinto/bots/dev (missing from .env import) (#963) 2026-04-17 14:43:06 +00:00
vault-seed-chat.sh fix: handle _hvault_seed_key rc=2 API error explicitly in vault-seed-chat.sh (#992) 2026-04-18 09:26:20 +00:00
vault-seed-forgejo.sh fix: extract KV mount check into hvault_ensure_kv_v2 to deduplicate seed scripts 2026-04-17 05:21:47 +00:00
vault-seed-ops-repo.sh fix: [nomad-step-5] edge dispatcher task: Missing vault.read(kv/data/disinto/bots/vault) on fresh init (#1035) 2026-04-19 09:35:27 +00:00
vault-seed-woodpecker.sh fix: resolve CI blockers for wp-oauth-register.sh 2026-04-17 05:54:30 +00:00