Releases: wolfsoftwaresystemsltd/WolfStack
WolfStack v24.57.27
v24.57.27: wrap backup_schedule_toggle file I/O in web::block (actix canon)
Verifying this release
Each binary is signed via cosign keyless OIDC (no key distribution — signing identity is the GitHub Actions workflow itself, anchored to the Sigstore Fulcio CA and the Rekor transparency log) and ships with a SLSA build provenance attestation.
Verify the cosign signature:
cosign verify-blob \
--bundle wolfstack-x86_64.cosign.bundle \
--certificate-identity-regexp 'https://github.com/wolfsoftwaresystemsltd/WolfStack/\.github/workflows/release\.yml@.*' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
wolfstack-x86_64
Verify the build provenance:
gh attestation verify wolfstack-x86_64 --repo wolfsoftwaresystemsltd/WolfStack
Verify the SHA-256 checksum:
sha256sum -c SHA256SUMS
Artifacts
wolfstack-x86_64/wolfstack-aarch64— static musl binaries (Linux x86_64 and ARM64 / Raspberry Pi 4+).wolfstack-<arch>.cosign.bundle— cosign signature bundle (cert + signature + Rekor entry).SHA256SUMS— checksums for both binaries.
For per-version history see CHANGELOG.md.
WolfStack v24.57.26
v24.57.26: stop WolfNet IP-mapping iptables rules accumulating (PapaSchlumpf throughput collapse)
PapaSchlumpf: node throughput drops over time, a reboot restores full
200 Mbps, then it degrades again. Definitive diagnostic (not a guess):
%soft was ~0 (not the softirq/RPS ceiling), conntrack was 680/262144
(not table exhaustion), but the FORWARD chain had 3,979 rules — 3,983 of
them -j ACCEPT and exactly ONE -j DROP (the O(1) ipset match-set, which
is working perfectly). The router walks that whole chain per packet, so
the duplicate ACCEPTs throttle forwarding; a reboot clears the in-kernel
rules and they grow back.
Root cause: apply_ip_mappings() re-runs on the reconciliation loop and
apply_mapping_rules() added its DNAT/SNAT/FORWARD rules with bare -A/-I
and no existence check — so every tick appended another full copy of every
mapping's rules, unbounded.
Fix (modify-in-place, no purge churn): run_iptables now builds the -C
check form of the exact rule (extracted into iptables_check_base, unit
tested for the -A/-I/-t-nat/position cases) and only adds what's missing.
A steady reconcile is now a no-op; rules can never duplicate. Existing
duplicates clear on the next reboot and don't return.
Verifying this release
Each binary is signed via cosign keyless OIDC (no key distribution — signing identity is the GitHub Actions workflow itself, anchored to the Sigstore Fulcio CA and the Rekor transparency log) and ships with a SLSA build provenance attestation.
Verify the cosign signature:
cosign verify-blob \
--bundle wolfstack-x86_64.cosign.bundle \
--certificate-identity-regexp 'https://github.com/wolfsoftwaresystemsltd/WolfStack/\.github/workflows/release\.yml@.*' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
wolfstack-x86_64
Verify the build provenance:
gh attestation verify wolfstack-x86_64 --repo wolfsoftwaresystemsltd/WolfStack
Verify the SHA-256 checksum:
sha256sum -c SHA256SUMS
Artifacts
wolfstack-x86_64/wolfstack-aarch64— static musl binaries (Linux x86_64 and ARM64 / Raspberry Pi 4+).wolfstack-<arch>.cosign.bundle— cosign signature bundle (cert + signature + Rekor entry).SHA256SUMS— checksums for both binaries.
For per-version history see CHANGELOG.md.
WolfStack v24.57.22
v24.57.22: WolfDisk cluster sync healthcheck (klasSponsor)
klasSponsor: "a healthcheck that lets you know how in-sync the different
nodes are, or if they are out of sync."
WolfDisk already rewrites <data_dir>/cluster_status.json every second for
wolfdiskctl, carrying node role/state, index_version (the replication
sync marker — nodes sharing a version are in sync), file_count/total_size
and each peer's last_seen. New storage::wolfdisk_cluster_status() reads
it (resolving data_dir from config, default /var/lib/wolfdisk) and stamps
status_age_secs so a stopped daemon is distinguishable from a healthy
one. Exposed read-only at GET /api/storage/wolfdisk/status (auth-gated).
WolfDisk tab gets a "Cluster Health" card (loadWolfDiskSyncHealth): fans
the endpoint across the cluster's online nodes via the node proxy and
compares index_version — all-equal = In sync; differing = Syncing (shows
how many versions a node is behind); a stale status file = node not
reporting (daemon stopped). Per-node row shows role, index version,
file count, size and peers-up. Card hides itself when WolfDisk isn't
running anywhere. Read-only/display only.
Also fixes (klasSponsor): WolfDisk cluster tab not showing all nodes on
first load — loadWolfDiskCluster now awaits a fresh fetchNodes() before
filtering getClusterNodes(), so the scan + health card see the complete
fleet instead of a stale/partial allNodes snapshot (no more 'click
refresh to see them all').
Verifying this release
Each binary is signed via cosign keyless OIDC (no key distribution — signing identity is the GitHub Actions workflow itself, anchored to the Sigstore Fulcio CA and the Rekor transparency log) and ships with a SLSA build provenance attestation.
Verify the cosign signature:
cosign verify-blob \
--bundle wolfstack-x86_64.cosign.bundle \
--certificate-identity-regexp 'https://github.com/wolfsoftwaresystemsltd/WolfStack/\.github/workflows/release\.yml@.*' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
wolfstack-x86_64
Verify the build provenance:
gh attestation verify wolfstack-x86_64 --repo wolfsoftwaresystemsltd/WolfStack
Verify the SHA-256 checksum:
sha256sum -c SHA256SUMS
Artifacts
wolfstack-x86_64/wolfstack-aarch64— static musl binaries (Linux x86_64 and ARM64 / Raspberry Pi 4+).wolfstack-<arch>.cosign.bundle— cosign signature bundle (cert + signature + Rekor entry).SHA256SUMS— checksums for both binaries.
For per-version history see CHANGELOG.md.
WolfStack v24.57.20
v24.57.20: collapsing a sidebar cluster sticks across reload (wabil)
wabil: after upgrading, sidebar cluster/node collapse state wasn't
remembered.
Cause: shouldExpandCluster auto-expanded a cluster whenever ANY node
inside it was in the saved expanded set
(clusterNodes.some(n => expandedNodes.has(n.id))). toggleServerNode only
clears the 'expanded' class on the cluster container itself, so a child
node you'd previously expanded keeps its class (just hidden) and stays in
the saved set. So: expand a node, then collapse its cluster -> saved set
is [node] without the cluster -> on reload shouldExpandCluster sees the
expanded child and forces the whole cluster back open. The collapse never
stuck. (currentNodeId is null on a fresh load, so that term didn't mask
it; a plain top-level cluster collapse with no expanded children already
worked, which is why it looked intermittent.)
That term was also redundant for the normal case: when a child node is
expanded AND visible, the cluster was expanded too, so it's already in
the saved set under its own id. The term only ever fired when the cluster
was collapsed but a child stayed expanded -- exactly the case it broke.
Fix: drop the child-based auto-expand. A cluster now expands iff its own
id is saved-expanded or it holds the currently-viewed node. The child's
expanded state is still preserved -- it reappears expanded when you
reopen the cluster -- it just no longer overrides an explicit collapse.
JS/CSS-class only; no change to the normal expanded case.
Verifying this release
Each binary is signed via cosign keyless OIDC (no key distribution — signing identity is the GitHub Actions workflow itself, anchored to the Sigstore Fulcio CA and the Rekor transparency log) and ships with a SLSA build provenance attestation.
Verify the cosign signature:
cosign verify-blob \
--bundle wolfstack-x86_64.cosign.bundle \
--certificate-identity-regexp 'https://github.com/wolfsoftwaresystemsltd/WolfStack/\.github/workflows/release\.yml@.*' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
wolfstack-x86_64
Verify the build provenance:
gh attestation verify wolfstack-x86_64 --repo wolfsoftwaresystemsltd/WolfStack
Verify the SHA-256 checksum:
sha256sum -c SHA256SUMS
Artifacts
wolfstack-x86_64/wolfstack-aarch64— static musl binaries (Linux x86_64 and ARM64 / Raspberry Pi 4+).wolfstack-<arch>.cosign.bundle— cosign signature bundle (cert + signature + Rekor entry).SHA256SUMS— checksums for both binaries.
For per-version history see CHANGELOG.md.
WolfStack v24.57.19
v24.57.19: terminal tabs route to the right node (2nd tab no longer hijacks the 1st's host)
THE actual cause of "open one container terminal, then a different-type
one in the same window runs the wrong runtime" (pct enter on a native
LXC -> "vmid type check failed - got gateway"; lxc-attach on a Proxmox
LXC -> "Failed to get init pid"). Closing the window and reopening fresh
worked, which was the tell.
The pop-out terminal (console.html) passes its node list as a STATIC
snapshot taken at mount. console.html synthesizes a node for the INITIAL
tab's node_id when it isn't in that snapshot (so tab 1 always routes
right -- hence "fresh window is fine"), but addTab() for every later tab
did nodeById(o.nodeId) || selfNode() -- and selfNode() falls back to
nodes[0]. So a 2nd tab whose node wasn't in the frozen snapshot silently
routed to the 1st tab's / self node and ran that host's runtime against
the wrong container.
Fix: resolveNode() in terminal-console.js -- an explicit nodeId is never
downgraded to selfNode()/nodes[0]; if it isn't resolvable it's honoured
as a remote node by id (routes to /ws/remote-console/), the same
synthetic-node treatment console.html already gave tab 1. Used by
addTab, the initial-tab build, and descriptorKey (so dedup stays
consistent). The inline terminal (function-based, always-current node
list) resolves normally -- no behaviour change there.
Completes the v24.57.17 pct-enter backend fix: routing now lands a
Proxmox container on its PVE host (is_proxmox -> pct enter) and a native
LXC on its host (lxc-attach), instead of both inheriting tab 1's host.
Verifying this release
Each binary is signed via cosign keyless OIDC (no key distribution — signing identity is the GitHub Actions workflow itself, anchored to the Sigstore Fulcio CA and the Rekor transparency log) and ships with a SLSA build provenance attestation.
Verify the cosign signature:
cosign verify-blob \
--bundle wolfstack-x86_64.cosign.bundle \
--certificate-identity-regexp 'https://github.com/wolfsoftwaresystemsltd/WolfStack/\.github/workflows/release\.yml@.*' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
wolfstack-x86_64
Verify the build provenance:
gh attestation verify wolfstack-x86_64 --repo wolfsoftwaresystemsltd/WolfStack
Verify the SHA-256 checksum:
sha256sum -c SHA256SUMS
Artifacts
wolfstack-x86_64/wolfstack-aarch64— static musl binaries (Linux x86_64 and ARM64 / Raspberry Pi 4+).wolfstack-<arch>.cosign.bundle— cosign signature bundle (cert + signature + Rekor entry).SHA256SUMS— checksums for both binaries.
For per-version history see CHANGELOG.md.
WolfStack v24.57.18
v24.57.18: sidebar can no longer get stuck on 'Loading…' on load
Intermittent: on some loads the sidebar stays on 'Loading…' with 0
servers/components and the version frozen at the stale hardcoded
placeholder (looked like 'v11.24.0'). Root trigger isn't reproducible
(no WolfStack error in console — the pasted errors are a browser
extension), but the failure mode is structural: once allNodes is set,
fetchNodes takes the in-place-update branch (structureChanged=false)
which only touches dots/badges and NEVER repaints the '#server-tree'
placeholder — so a single missed/no-op first render (hung first fetch,
or buildServerTree's silent early-return) leaves it stuck forever.
Make recovery bulletproof:
- _serverTreeRendered flag, set true ONLY inside buildServerTree at the
actual render points (full tree + empty state), never on its silent
no-op return. - fetchNodes forces a full rebuild while !_serverTreeRendered, even when
the node set is unchanged. - An independent 5s load-watchdog interval registered before the rest of
init (so it survives a later init line throwing and skipping the main
poll wiring) re-fetches until the tree actually paints, then clears
itself. - index.html version span no longer hardcodes a stale 'v11.24.0' — blank
until /api/nodes returns the real version, so a slow load never shows a
fake old version.
Purely additive recovery; healthy loads paint once and the watchdog
clears immediately. Mitigation, not a pinned root cause — flagged for
follow-up if it recurs.
Verifying this release
Each binary is signed via cosign keyless OIDC (no key distribution — signing identity is the GitHub Actions workflow itself, anchored to the Sigstore Fulcio CA and the Rekor transparency log) and ships with a SLSA build provenance attestation.
Verify the cosign signature:
cosign verify-blob \
--bundle wolfstack-x86_64.cosign.bundle \
--certificate-identity-regexp 'https://github.com/wolfsoftwaresystemsltd/WolfStack/\.github/workflows/release\.yml@.*' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
wolfstack-x86_64
Verify the build provenance:
gh attestation verify wolfstack-x86_64 --repo wolfsoftwaresystemsltd/WolfStack
Verify the SHA-256 checksum:
sha256sum -c SHA256SUMS
Artifacts
wolfstack-x86_64/wolfstack-aarch64— static musl binaries (Linux x86_64 and ARM64 / Raspberry Pi 4+).wolfstack-<arch>.cosign.bundle— cosign signature bundle (cert + signature + Rekor entry).SHA256SUMS— checksums for both binaries.
For per-version history see CHANGELOG.md.
WolfStack v24.57.17
v24.57.17: Proxmox LXC terminal uses pct enter; help drawer clears the menubar
Two fixes:
-
Terminal into an LXC on a Proxmox node failed with 'lxc-attach: get_attach_context: Connection refused - Failed to get init pid'. The
console's lxc branch always ran raw lxc-attach, which can't reach a
Proxmox-managed container's monitor. On a PVE node (is_proxmox()) it now
uses 'pct enter ', which uses Proxmox's own lxcpath/monitor. No
lxc-attach fallback on PVE (it's exactly what's broken, and chaining it
with || would spawn a second shell on a non-zero exit). Plain LXC hosts
keep lxc-attach unchanged. -
The Getting Started / help drawer used top:0, so its header and close
button slid under the fixed full-width app menubar (z-index 300 > the
drawer's 160): the help system appeared on top of the menu and couldn't
be closed. Now starts at top:var(--app-menubar-h) like every other fixed
element, so it docks below the menubar with the close button reachable.
(0 on mobile, where it bottom-docks anyway.)
Verifying this release
Each binary is signed via cosign keyless OIDC (no key distribution — signing identity is the GitHub Actions workflow itself, anchored to the Sigstore Fulcio CA and the Rekor transparency log) and ships with a SLSA build provenance attestation.
Verify the cosign signature:
cosign verify-blob \
--bundle wolfstack-x86_64.cosign.bundle \
--certificate-identity-regexp 'https://github.com/wolfsoftwaresystemsltd/WolfStack/\.github/workflows/release\.yml@.*' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
wolfstack-x86_64
Verify the build provenance:
gh attestation verify wolfstack-x86_64 --repo wolfsoftwaresystemsltd/WolfStack
Verify the SHA-256 checksum:
sha256sum -c SHA256SUMS
Artifacts
wolfstack-x86_64/wolfstack-aarch64— static musl binaries (Linux x86_64 and ARM64 / Raspberry Pi 4+).wolfstack-<arch>.cosign.bundle— cosign signature bundle (cert + signature + Rekor entry).SHA256SUMS— checksums for both binaries.
For per-version history see CHANGELOG.md.
WolfStack v24.57.16
v24.57.16: all Wolf component installers use setup.sh (prebuilt binary)
Every Wolf component is installed via setup.sh, which downloads the
prebuilt binary built by GitHub CI — no compiling on the user's box.
klasSponsor hit 'could not find Cargo.toml in /root' because the
wolfproxy/wolfserve install URLs pointed at a from-source install.sh on a
wrong repo/branch (the monorepo path 404'd; where reachable it ran cargo
build).
Fixed every component-install reference to the correct standalone-repo
setup.sh:
- wolfproxy: WolfScale/master/wolfproxy/{install,setup}.sh
→ wolfproxy/main/setup.sh (console, containers, appstore x2) - wolfserve: WolfScale/master/wolfserve/install.sh
→ wolfserve/main/setup.sh (console, containers, appstore x2)
installer/mod.rs already used the standalone setup.sh URLs.
wolfnet/wolfdisk stay on their monorepo setup.sh; wolfscale keeps its
setup_lb.sh LB installer. Companion commits make wolfproxy's and
wolfserve's own install.sh hand off to setup.sh too, so legacy links
stop compiling from source. String-only change; build green.
Verifying this release
Each binary is signed via cosign keyless OIDC (no key distribution — signing identity is the GitHub Actions workflow itself, anchored to the Sigstore Fulcio CA and the Rekor transparency log) and ships with a SLSA build provenance attestation.
Verify the cosign signature:
cosign verify-blob \
--bundle wolfstack-x86_64.cosign.bundle \
--certificate-identity-regexp 'https://github.com/wolfsoftwaresystemsltd/WolfStack/\.github/workflows/release\.yml@.*' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
wolfstack-x86_64
Verify the build provenance:
gh attestation verify wolfstack-x86_64 --repo wolfsoftwaresystemsltd/WolfStack
Verify the SHA-256 checksum:
sha256sum -c SHA256SUMS
Artifacts
wolfstack-x86_64/wolfstack-aarch64— static musl binaries (Linux x86_64 and ARM64 / Raspberry Pi 4+).wolfstack-<arch>.cosign.bundle— cosign signature bundle (cert + signature + Rekor entry).SHA256SUMS— checksums for both binaries.
For per-version history see CHANGELOG.md.
WolfStack v24.57.15
v24.57.15: configurator UI for wolfdisk bucket→folder mappings
wolfdisk v2.9.0 added [s3.buckets] (map an S3 bucket to an arbitrary
folder, e.g. photos = "/data/photos"). This adds the WolfStack side so
operators edit it from the UI instead of hand-editing TOML.
Frontend (app.js):
- New 'map' field type: a key→value row editor (add/remove rows) wired
into the wolfdisk s3 schema as the 'buckets' field. - Shared helpers tomlMapRowHtml / tomlMapFieldHtml / collectMapRows /
tomlAddMapRow so BOTH config UIs use it: the standalone configurator
(renderTomlField / tomlSaveStructured) AND the inline WolfDisk
install/config modal (wdOpenConfig / wdSaveConfig / wdSaveAndInstall).
Without the inline-modal branches the field would have rendered as
[object Object] and saved a corrupt string (caught in review).
Backend (configurator/toml_editor.rs):
- save_config deep-merges form posts to protect other fields, but merge
never deletes keys — so a bucket removed in the form would resurrect.
Added authoritative-replace for wolfdisk's [s3.buckets]: the merged
table is overwritten wholesale with what the form submitted, but ONLY
when the form actually sent the key, so an older frontend that omits
it keeps existing buckets (Golden Rule). Helpers value_at_path /
set_at_path + 3 unit tests (delete takes effect, omit preserves,
parent creation).
Two code-review passes; first caught the inline-modal path, both fixed
and re-verified. Build green, 10 configurator tests pass.
Verifying this release
Each binary is signed via cosign keyless OIDC (no key distribution — signing identity is the GitHub Actions workflow itself, anchored to the Sigstore Fulcio CA and the Rekor transparency log) and ships with a SLSA build provenance attestation.
Verify the cosign signature:
cosign verify-blob \
--bundle wolfstack-x86_64.cosign.bundle \
--certificate-identity-regexp 'https://github.com/wolfsoftwaresystemsltd/WolfStack/\.github/workflows/release\.yml@.*' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
wolfstack-x86_64
Verify the build provenance:
gh attestation verify wolfstack-x86_64 --repo wolfsoftwaresystemsltd/WolfStack
Verify the SHA-256 checksum:
sha256sum -c SHA256SUMS
Artifacts
wolfstack-x86_64/wolfstack-aarch64— static musl binaries (Linux x86_64 and ARM64 / Raspberry Pi 4+).wolfstack-<arch>.cosign.bundle— cosign signature bundle (cert + signature + Rekor entry).SHA256SUMS— checksums for both binaries.
For per-version history see CHANGELOG.md.
WolfStack v24.57.14
v24.57.14: component-install target picker scrolls on mobile
klasSponsor: on a node with many Docker containers and VMs, the 'Install
component' modal grew taller than the viewport with no internal scroll,
so the lower targets and the Install button were unreachable on mobile.
The modal card is now a flex column capped at max-height:90vh; the target
list scrolls internally (overflow-y:auto, touch momentum) while the
header and Cancel/Install footer stay pinned. JS/markup only.
Verifying this release
Each binary is signed via cosign keyless OIDC (no key distribution — signing identity is the GitHub Actions workflow itself, anchored to the Sigstore Fulcio CA and the Rekor transparency log) and ships with a SLSA build provenance attestation.
Verify the cosign signature:
cosign verify-blob \
--bundle wolfstack-x86_64.cosign.bundle \
--certificate-identity-regexp 'https://github.com/wolfsoftwaresystemsltd/WolfStack/\.github/workflows/release\.yml@.*' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
wolfstack-x86_64
Verify the build provenance:
gh attestation verify wolfstack-x86_64 --repo wolfsoftwaresystemsltd/WolfStack
Verify the SHA-256 checksum:
sha256sum -c SHA256SUMS
Artifacts
wolfstack-x86_64/wolfstack-aarch64— static musl binaries (Linux x86_64 and ARM64 / Raspberry Pi 4+).wolfstack-<arch>.cosign.bundle— cosign signature bundle (cert + signature + Rekor entry).SHA256SUMS— checksums for both binaries.
For per-version history see CHANGELOG.md.