Skip to content

WolfStack v24.39.2

Choose a tag to compare

View all tags
@github-actions github-actions released this 12 Jun 12:01
· 50 commits to master since this release
v24.39.2
7a2e2ab

v24.39.2: WolfRouter wildcard local domains — *.ai.home → one IP

Home-lab request: map a domain AND every subdomain to a single IP, e.g.
*.ai.home → the reverse proxy, with no per-host record. Rendered as
dnsmasq address=/<domain>/<ip> per LAN. Pairs with the existing
self-signed wildcard cert + proxy editor to run an internal domain that
can't (and shouldn't) use public DNS/ACME.

  • New WildcardDomain {domain, ip} + dns.wildcard_domains on the LAN config
    (#[serde(default)] — existing LANs unchanged, no deny_unknown_fields so
    downgrade-safe).
  • Pure render_wildcard_lines() helper, self-protecting: strips a leading
    *. / . , trims, and SKIPS any entry with a / # whitespace or non-IP
    value so a hand-edited/imported config can never emit a directive that
    makes dnsmasq reject the whole file and take the LAN's DNS+DHCP down.
  • validate_segment rejects bad entries on the API path with clear errors.
  • LAN DNS editor gains a "Wildcard local domains" textarea (one
    "domain ip" per line).

Golden Rule: a LAN with no wildcard_domains renders a byte-identical
config (unit-tested). Verified: full suite green (4 new tests);
dnsmasq --test syntax-OK; live dnsmasq resolves ai.home + nested
subdomains to the IP alongside existing host-record= entries (6/6);
0 warnings; independent review (no criticals). Browser-untested.

Verifying this release

Each binary is signed via cosign keyless OIDC (no key distribution — signing identity is the GitHub Actions workflow itself, anchored to the Sigstore Fulcio CA and the Rekor transparency log) and ships with a SLSA build provenance attestation.

Verify the cosign signature:

cosign verify-blob \
  --bundle wolfstack-x86_64.cosign.bundle \
  --certificate-identity-regexp 'https://github.com/wolfsoftwaresystemsltd/WolfStack/\.github/workflows/release\.yml@.*' \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  wolfstack-x86_64

Verify the build provenance:

gh attestation verify wolfstack-x86_64 --repo wolfsoftwaresystemsltd/WolfStack

Verify the SHA-256 checksum:

sha256sum -c SHA256SUMS

Artifacts

  • wolfstack-x86_64 / wolfstack-aarch64 — static musl binaries (Linux x86_64 and ARM64 / Raspberry Pi 4+).
  • wolfstack-<arch>.cosign.bundle — cosign signature bundle (cert + signature + Rekor entry).
  • SHA256SUMS — checksums for both binaries.

For per-version history see CHANGELOG.md.

Assets 7
Loading