- fix: image name triton-manage-server → triton-manageserver (matches CI)
- feat: --license-pubkey flag on install.sh
- fix: uninstall/upgrade use detected runtime (podman/docker) not hardcoded
- fix: upgrade pg_dump reads POSTGRES_USER/DB from .env
- feat: force pull image from registry on install and upgrade
- feat: SCRIPT_VERSION printed as first line on every run
- fix: --yes flag on uninstall --purge-data for non-interactive (curl|bash) use
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
install.sh / uninstall.sh (Linux + macOS):
- Detect OS with uname -s; root check is Linux-only (Docker/Podman Desktop
on macOS runs rootless, no sudo needed).
- Arch detection adds arm64 case for Apple Silicon (uname -m returns "arm64"
on macOS, "aarch64" on Linux).
- sed_inplace() wrapper handles BSD sed on macOS (requires empty -i suffix).
- Fix --image flag to append TRITON_MANAGE_IMAGE rather than sed-replace a
line that is commented out in env.template.
- uninstall: re-apply --purge-data fixes (rm installer dir, drop interactive
prompt, use $RUNTIME for raw cleanup instead of hardcoded podman).
install.ps1 / uninstall.ps1 (Windows):
- Equivalent logic for Docker Desktop / Podman Desktop on Windows.
- Arch via RuntimeInformation.OSArchitecture (X64 → amd64, Arm64 → arm64).
- Secrets via RandomNumberGenerator (no openssl dependency).
- Parameters: -GatewayHostname, -ManageHostIP, -Image, -NoTls / -PurgeData.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Uses uname -m to detect x86_64/aarch64 and maps to the OCI arch name.
Printed at startup so users can confirm the correct image variant will
be pulled. Fails early on unsupported architectures.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
--purge-data now removes /opt/triton-manage-server entirely (volumes,
.env, and installer files). Without --purge-data the directory is kept
so secrets in .env survive a reinstall.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Remove TRITON_MANAGE_IMAGE from env.template so the name only lives
in one place (compose.yaml default). The --image flag still works by
appending to .env, which overrides the compose default. This prevents
the hyphen/no-hyphen typo from recurring.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The published ghcr.io image is triton-manageserver (no hyphen).
The hyphenated name in env.template caused the installer to pull the
wrong image, overriding the correct fallback in compose.yaml.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
--purge-data is already an explicit opt-in; the read prompt causes
'error: aborted' when stdin has no TTY (curl | sudo bash).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The License Server URL (https://license.tritonscans.com) is compiled
into the manage-server binary at release time. No need to pass it
during installation.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
install.sh now computes and displays the SHA-3-256 hash of /etc/machine-id
at the end of every run so the customer can share it with the vendor when
requesting an offline .lic bound to this host. The hash is stable — it
never changes after OS installation, so re-running install.sh or restarting
the container will always show the same value.
compose.yaml now mounts /etc/machine-id:ro into the manage-server container
so ReadMachineID() can verify the offline .lic binding at startup.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- compose.yaml: mount /etc/machine-id read-only into the manage-server container
- install.sh: print SHA-3-256 of /etc/machine-id after install so customers
can share it with their vendor when requesting a host-bound .lic file
- README.md: document "Host-bound licences" flow
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Pubkey is now baked into the image at build time. Bundle is just license.lic.
TRITON_MANAGE_LICENSE_SERVER_PUBKEY in .env is optional (compiled-in default
used when empty).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Remove auto-fetching pubkey from license server. Instead the vendor ships
a bundle (license.lic + pubkey) and the installer reads both files from
the same directory. Works for both online and air-gapped deployments.
--license-server-url is now optional (heartbeats only, not required to start).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Remove --license-server-pubkey flag. When --license-server-url is given,
the installer fetches the pubkey from GET /api/v1/license/pubkey on the
license server and writes it to .env — the key is never visible to the
operator on the command line.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
These were documented but never implemented. Without TRITON_MANAGE_LICENSE_SERVER_PUBKEY
the server refuses to start. Also add both vars to env.template so users
know they exist and what they're for.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The read prompt reads EOF when invoked via curl pipe, causing an
immediate abort. The --purge-data flag is explicit enough to serve
as confirmation — no secondary prompt needed.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Without image removal, reinstalling reuses the old cached image even if
a newer one is available. Read TRITON_MANAGE_IMAGE from .env (falling back
to :latest) and rmi it after stopping containers.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Without an explicit pull, compose up reuses the locally cached image even
when a newer one is available on the registry. This caused the old image
(without --chmod=755) to be used on re-runs. Pull first to guarantee the
current released image is always used.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Passes --port PORT through to TRITON_MANAGE_HOST_PORT in .env so users
can change the default 8082 at install time via the one-liner:
curl ... | sudo bash -s -- --port 9090
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
BASH_SOURCE[0] is unset when a script runs via `curl | bash` (no source
file on disk). With `set -u` this triggers "unbound variable" and exits.
Fall back to $0 with ${BASH_SOURCE[0]:-$0} so piped execution works.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
