Release 0.0.6: token-gated updates (M13) with encrypted storage
release / release (push) Successful in 13s
release / release (push) Successful in 13s
- updates gated to Gitea account holders via a Personal Access Token (D18 revised: anonymous HTTP -> authenticated HTTP, since the instance requires sign-in for all anonymous access) - token stored encrypted in the OS keyring (secret-tool) when available, with a 0600-file fallback; $RIGDOCTOR_TOKEN override; auto-migrate file->keyring once libsecret-tools is installed - core/updates: token-aware fetch_latest + update_state (no-token/auth/network/ up-to-date/available) - CLI: rigdoctor login / logout / update [--check] - GUI: Setup "Update access" panel (token field, get-a-token, backend status); sidebar update states; libsecret-tools added to the installer catalog - token storage tests (file fallback + env override, keyring mocked) - version 0.0.6, CHANGELOG, docs Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
+15
-2
@@ -152,9 +152,22 @@ reachable from it. This **supersedes the earlier "CLI-first / terminal-first" fr
|
||||
- *No change to layering (D2):* the core, CLI, and daemon stay **stdlib-only** and must run
|
||||
without Qt. "GUI-first" is about emphasis and front-end parity, not dropping headless support.
|
||||
|
||||
### D18 — Auto-update (M13) — *PLANNED 2026-05-21*
|
||||
### D18 — Auto-update (M13) — *PLANNED 2026-05-21; mechanism revised 2026-05-21*
|
||||
RigDoctor should **check for a newer version on launch and self-update** (new module **M13**).
|
||||
**Mechanism (chosen): user-local, no-root self-update from the public repo.**
|
||||
**Mechanism (revised): user-local, no-root self-update over authenticated HTTP (token).**
|
||||
*Why revised:* the Gitea instance requires sign-in for **all** anonymous access (repo page,
|
||||
releases feed, raw, API all 303/403 anonymously), so the original "public HTTP" plan can't
|
||||
work. Updates are therefore **gated to people with an account on the Gitea server**, which is
|
||||
desirable — access control is delegated to Gitea.
|
||||
- *Auth:* each user creates a **Personal Access Token** (scope `read:repository`); RigDoctor
|
||||
stores it at `~/.config/rigdoctor/token` (mode 0600) or reads `RIGDOCTOR_TOKEN`. Requests
|
||||
send `Authorization: token <PAT>`. Finer access = repo visibility/collaborators on Gitea.
|
||||
- *Check:* `GET /api/v1/repos/jessey/rigdoctor/releases/latest` with the token; compare tags.
|
||||
- *Apply:* `pip install --upgrade "git+https://oauth2:<token>@…/rigdoctor.git@<tag>"` into the
|
||||
user-local venv, then restart (incl. the daemon). No root.
|
||||
- *States surfaced:* no-token → "connect to update server"; auth error → "access denied";
|
||||
newer → "Update to v…"; else "up-to-date".
|
||||
- *Original (now-superseded) plan was anonymous public HTTP:*
|
||||
- *Install model (D8 revised):* primary install is **user-local** (`~/.local`), so the running
|
||||
app can replace its own files and update with **no apt, no root, no password prompt**.
|
||||
- *Check:* on launch, query the **public Gitea releases API**
|
||||
|
||||
+6
-4
@@ -64,10 +64,12 @@ Status: ⬜ not started · 🟦 designing · 🟨 in progress · ✅ done
|
||||
no hosted relay), (3) **gated interactive terminal** wrapping tmate/sshx (read-only by
|
||||
default; read-write only on explicit consent — a deliberate exception to D9). Per-session
|
||||
consent, ephemeral revocable tokens, audit log.
|
||||
- **M13 Auto-update** (D18) — *check half implemented:* on GUI launch, `core/updates` queries
|
||||
the Gitea releases API and the sidebar shows up-to-date / an "Update to v…" button / "update
|
||||
check unavailable" (the instance currently requires sign-in for anonymous API calls). The
|
||||
no-root **self-update** (download → verify → atomic swap → restart) is still pending.
|
||||
- **M13 Auto-update** (D18) — *check + auth implemented:* updates are **gated to Gitea account
|
||||
holders** via a Personal Access Token, stored **encrypted in the OS keyring** (`secret-tool`)
|
||||
with a 0600-file fallback (`config.load_token`/`save_token`/`token_backend`). `core/updates`
|
||||
queries the releases API with the token; CLI `login`/`logout`/`update`; GUI Setup "Update
|
||||
access" panel + sidebar states. The no-root **self-update apply** (download → verify → swap →
|
||||
restart) and the user-local install script are still pending.
|
||||
*Original plan:* On launch, check the public Gitea releases API and
|
||||
**self-update a user-local install with no root** (download → verify checksum/signature →
|
||||
atomic symlink swap → restart, incl. the daemon). HTTPS-only, version-check-only (no
|
||||
|
||||
Reference in New Issue
Block a user