Skip to content

WolfStack v24.38.6

Choose a tag to compare

View all tags
@github-actions github-actions released this 12 Jun 07:16
· 34 commits to master since this release
v24.38.6
2c1d035

v24.38.6: stop spamming the journal — log state changes, not heartbeats

Three background loops wrote ~36 steady-state lines/hour to the journal
(operator: 'i think we are really spamming the logs'):

  • threat_intel logged every successful ipset sync at WARN — a success
    is never a warning, and the numbers were identical tick after tick.
    Now INFO when the entry counts change (or first sync after start),
    DEBUG when unchanged.
  • The predictive orchestrator logged 'upserted N proposal(s)' every
    tick — but a standing condition re-emits the same proposals every
    tick, so this was the same N forever. ProposalStore::contains_key
    now distinguishes genuinely-new from refresh; INFO only when
    something appears or clears ('N new, M refreshed, K cleared'),
    refresh-only ticks at DEBUG. Persistence and first-appearance alert
    dispatch unchanged.
  • WolfRouter validation logged 'all N items healthy' at INFO every 5
    minutes. Healthy steady state is DEBUG now; INFO on first validation
    after start and on the unhealthy->healthy recovery transition;
    problems keep logging at WARN/ERROR every tick as before.

Verifying this release

Each binary is signed via cosign keyless OIDC (no key distribution — signing identity is the GitHub Actions workflow itself, anchored to the Sigstore Fulcio CA and the Rekor transparency log) and ships with a SLSA build provenance attestation.

Verify the cosign signature:

cosign verify-blob \
  --bundle wolfstack-x86_64.cosign.bundle \
  --certificate-identity-regexp 'https://github.com/wolfsoftwaresystemsltd/WolfStack/\.github/workflows/release\.yml@.*' \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  wolfstack-x86_64

Verify the build provenance:

gh attestation verify wolfstack-x86_64 --repo wolfsoftwaresystemsltd/WolfStack

Verify the SHA-256 checksum:

sha256sum -c SHA256SUMS

Artifacts

  • wolfstack-x86_64 / wolfstack-aarch64 — static musl binaries (Linux x86_64 and ARM64 / Raspberry Pi 4+).
  • wolfstack-<arch>.cosign.bundle — cosign signature bundle (cert + signature + Rekor entry).
  • SHA256SUMS — checksums for both binaries.

For per-version history see CHANGELOG.md.

Assets 7
Loading