install.sh now computes and displays the SHA-3-256 hash of /etc/machine-id
at the end of every run so the customer can share it with the vendor when
requesting an offline .lic bound to this host. The hash is stable — it
never changes after OS installation, so re-running install.sh or restarting
the container will always show the same value.
compose.yaml now mounts /etc/machine-id:ro into the manage-server container
so ReadMachineID() can verify the offline .lic binding at startup.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- compose.yaml: mount /etc/machine-id read-only into the manage-server container
- install.sh: print SHA-3-256 of /etc/machine-id after install so customers
can share it with their vendor when requesting a host-bound .lic file
- README.md: document "Host-bound licences" flow
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Pubkey is now baked into the image at build time. Bundle is just license.lic.
TRITON_MANAGE_LICENSE_SERVER_PUBKEY in .env is optional (compiled-in default
used when empty).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Remove auto-fetching pubkey from license server. Instead the vendor ships
a bundle (license.lic + pubkey) and the installer reads both files from
the same directory. Works for both online and air-gapped deployments.
--license-server-url is now optional (heartbeats only, not required to start).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Remove --license-server-pubkey flag. When --license-server-url is given,
the installer fetches the pubkey from GET /api/v1/license/pubkey on the
license server and writes it to .env — the key is never visible to the
operator on the command line.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
These were documented but never implemented. Without TRITON_MANAGE_LICENSE_SERVER_PUBKEY
the server refuses to start. Also add both vars to env.template so users
know they exist and what they're for.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Without an explicit pull, compose up reuses the locally cached image even
when a newer one is available on the registry. This caused the old image
(without --chmod=755) to be used on re-runs. Pull first to guarantee the
current released image is always used.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Passes --port PORT through to TRITON_MANAGE_HOST_PORT in .env so users
can change the default 8082 at install time via the one-liner:
curl ... | sudo bash -s -- --port 9090
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
BASH_SOURCE[0] is unset when a script runs via `curl | bash` (no source
file on disk). With `set -u` this triggers "unbound variable" and exits.
Fall back to $0 with ${BASH_SOURCE[0]:-$0} so piped execution works.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
