headscale-0.26.1-1.1 RPM for aarch64

From OpenSuSE Ports Tumbleweed for aarch64

Headscale aims to implement a self-hosted, open source alternative to the
Tailscale control server. Headscale's goal is to provide self-hosters and
hobbyists with an open-source server they can use for their projects and labs.
It implements a narrow scope, a single Tailnet, suitable for a personal use, or
a small open-source organisation.

Provides

• headscale
• group(headscale)
• headscale(aarch-64)
• user(headscale)

Requires

• /bin/sh
• /bin/sh
• /bin/sh
• /bin/sh
• libc.so.6()(64bit)
• libc.so.6(GLIBC_2.17)(64bit)
• libc.so.6(GLIBC_2.32)(64bit)
• libc.so.6(GLIBC_2.34)(64bit)
• rpmlib(CompressedFileNames) <= 3.0.4-1
• rpmlib(FileDigests) <= 4.6.0-1
• rpmlib(PayloadFilesHavePrefix) <= 4.0-1
• rpmlib(PayloadIsZstd) <= 5.4.18-1
• sysuser-shadow >= 3.2

License

BSD-3-Clause

Changelog

* Fri Jun 06 2025 Richard Rahl <rrahl0@opensuse.org>
  - update to 0.26.1:
    * Ensure nodes are matching both node key and machine key when connecting
    * Fix /machine/map endpoint vulnerability
* Sun Jun 01 2025 Marcus Rueckert <mrueckert@suse.de>
  - Sync default configurations
* Sun Jun 01 2025 Marcus Rueckert <mrueckert@suse.de>
  - Fix the ldflags to set version and commit hash again
* Tue May 20 2025 Richard Rahl <rrahl0@opensuse.org>
  - update to 0.26.0:
    * make version info in bug template more explicit
    * add git hash to binary, print on startup
    * remove oidc migration
    * use helper function for constructing state updates
    * use tsweb debugger
    * set 0.25.0 changelog date
    * activate json logs
    * use tailscale version in all unsupported errs
    * handle register auth errors
    * fix routes not being saved when new nodes registers
    * fix double login URL with OIDC
    * Redo route code
    * Experimental implementation of Policy v2
    * Drop routes table
    * Add usage example to routes flag
    * Remove leftover printf
    * remove policy handling for old capver
    * Container images are also available on GHCR
    * add faq section on scaling/performance
    * Add a FAQ entry about two nodes seeing each other
    * update bug template with debug
    * Set content-type to JSON for some debug endpoints
    * Remove coderabbit
    * add third-party tool headscale-pf
    * Explicitly handle /headscale/{config,lib,run} in container docs
    * Mention that private keys generated if needed
    * Multi network integration tests
    * OIDC: Fetch UserInfo to get EmailVerified if necessary
    * populate serving from primary routes
    * allow users to be defined with @ in v1
    * fix auto approver on register and new policy
    * Add unraid-headscale-admin web UI to docs
    * Only read relevant nodes from database in PeerChangedResponse
    * ensure final dot on node name
    * Restore support for "Override local DNS"
    * some clarifications for tags
    * Update oidc.md
    * flake: add golang-lint lsp
    * policy/v2: fix host validation, consistent pattern
    * integration: clean up unreferenced hs- networks
    * Mention "Network flow logs" as a missing feature
    * Fix goroutine leak in EphemeralGC on node cancel
    * Fix panic on fast reconnection of node
    * add casbin user test
    * config: disallow same server url and base_domain
    * policy/v2: make default
    * integration: remove failing resolvconf tests
    * fix webauth + autoapprove routes
    * types/authkey: include user object in response
    * oidc: try to get username from userinfo
    * notify nodes after owner change
    * auth: ensure that routes are autoapproved when the node is stored
    * Make matchers part of the Policy interface
    * cli/nodes: filter nodes without any routes
    * error on undefined host in policy
    * Update source.md
    * policy/v2: validate autogroup:interet only in dst
    * cmd: add policy check command
    * policy/matcher: fix bug using contains instead of overlap
    * update capmap and deps for release
    * Add documentation for routes
    * Fix deprecation warnings
    * feat: Create headscale user and group as system user/groups
    * Update container.md
    * go.mod: update rest of deps
    * Make more granular SSH tests for both Policies
    * policy: reduce routes sent to peers based on packetfilter
    * Misc doc fixes
    * app: throw away not found body
    * Remove subnet router visibility workaround from docs
    * policy/v2: validate that no undefined group or tag is used
    * cli: policy check, dont require config or log
    * policy/v2: separate exit node and 0.0.0.0/0 routes
    * Add migration steps when policy is stored in the database
    * Simplify policy migration
    * bring back last_seen in database
    * Remove map_legacy_users from example configuration
    * fix: change FormatUint base from 64 to 10 in preauthkeys list command
    * users: harden, test, and add cleaner of identifier
  - remove patches fix-CVE-2025-30204.patch and fix-CVEs.patch, as upstream
    updated their dependencies
* Thu Apr 24 2025 Richard Rahl <rrahl0@opensuse.org>
  - update fix-CVEs.patch for fixing bsc#1241801
* Wed Apr 16 2025 Richard Rahl <rrahl0@opensuse.org>
  - add patch fix-CVEs.patch to fix bsc#1241235, bsc#1237674
* Tue Apr 01 2025 Richard Rahl <rrahl0@opensuse.org>
  - add patch fix-CVE-2025-30204.patch, for fixing bsc#1240506
* Tue Feb 25 2025 Richard Rahl <rrahl0@opensuse.org>
  - update to 0.25.1:
    * Fix issue where registration errors are sent correctly
    * Fix issue where routes are passed on registration were not saved
    * Fix issue where registration page was displayed twice
    * fix double login URL with OIDC
    * fix routes not being saved when new nodes registers
    * hand register auth rerrors
* Thu Feb 13 2025 Richard Rahl <rrahl0@opensuse.org>
  - update to 0.25.0:
    BREAKING:
    * Authentication flow has been rewritten
    * Remove support for Tailscale clients older than 1.62 (Capability version 87)
    CHANGES:
    * oidc.map_legacy_users is now false by default
    * Print Tailscale version instead of capability versions for outdated nodes
    * Do not allow renaming of users from OIDC
    * Change minimum hostname length to 2
    * Fix migration error caused by nodes having invalid auth keys
    * Pre auth keys belonging to a user are no longer deleted with the user
    * Pre auth keys that are used by a node can no longer be deleted
    * Rehaul HTTP errors, return better status code and errors to users
* Fri Feb 07 2025 Richard Rahl <rrahl0@opensuse.org>
  - update 0.24.3:
    * Fix migration error caused by nodes having invalid auth keys
    * Pre auth keys belonging to a user are no longer deleted with the user
    * Pre auth keys that are used by a node can no longer be deleted
  - update to 0.24.2:
    * Fix issue where email and username being equal fails to match in Policy
    * Delete invalid routes before adding a NOT NULL constraint on node_id
  - update to 0.24.1:
    * Fix migration issue with user table for PostgreSQL
    * Relax username validation to allow emails
    * Remove invalid routes and add stronger constraints for routes to avoid API panic
    * Fix panic when derp.update_frequency is 0
  - update to 0.24.0:
    BREAKING:
    * Remove dns.use_username_in_magic_dns configuration option
    * Having usernames in magic DNS is no longer possible.
    * Remove versions older than 1.56
    * Clean up old code required by old versions
    * If you depend on a Headscale Web UI, you should wait with this update until
      the UI have been updated to match the new API.
    * GET /api/v1/user/{name} and GetUser have been removed in favour of
      ListUsers with an ID parameter
    * RenameUser and DeleteUser now require an ID instead of a name.
    CHANGES:
    * Improved compatibility of built-in DERP server with clients connecting over WebSocket
    * Allow nodes to use SSH agent forwarding
    * Fixed processing of fields in post request in MoveNode rpc
    * Added conversion of 'Hostname' to 'givenName' in a node with FQDN rules applied
    * Fixed updating of hostname and givenName when it is updated in HostInfo
    * Fixed missing stable-debug container tag
    * Loosened up server_url and base_domain check. It was overly strict in some cases
    * CLI for managing users now accepts --identifier in addition to --name,
      usage of --identifier is recommended
    * Add dns.extra_records_path configuration option
    * Support client verify for DERP
    * Add PKCE Verifier for OIDC
* Thu Jan 02 2025 Marcus Rueckert <mrueckert@suse.de>
  - Fix the system integration
    - actually build and use the sysuser pre snippet so that the user
      is created before tmpfiles.d tries to create files
  - no longer break debugsymbols for the binary (remove -s -w)
  - use systemd macros for paths
  - ensure proper requires/ordering for sysuser/systemd
* Wed Sep 18 2024 Richard Rahl <rrahl0@opensuse.org>
  - update to 0.23.0:
    * Code reorganisation, a lot of code has moved
    * Change the structure of database configuration, see config-example.yaml
    - Old structure has been remove and the configuration must be converted
    - Adds additional configuration for PostgreSQL for setting max open,
      idle connection and idle connection lifetime
    * API: Machine is now Node
    * Remove support for older Tailscale clients (supported >=1.42)
    * Headscale checks that at least one DERP is defined at start
    * Embedded DERP server requires a private key
    * Prefixes are now defined per v4 and v6 range
    * MagicDNS domains no longer contain usernames
    * YAML files are no longer supported for headscale policy (use HuJSON)
    * DNS configuration has been restructured
    * Use versioned migrations
    * Make the OIDC callback page better
    * SSH support
    * State management has been improved
    * Use error group handling to ensure tests actually pass
    * Fix hang on SIGTERM
    * Send logs to stderr by default
    * Fix TS-2023-006 security UPnP issue
    * Turn off gRPC logging
    * Added the possibility to manually create a DERP-map entry
    * Add support for deleting api keys
    * Add command to backfill IP addresses for nodes missing IPs from configured prefixes
    * Log available update as warning
    * Add autogroup:internet to Policy
    * Restore foreign keys and add constraints
    * Make registration page easier to use on mobile devices
    * Make write-ahead-log default on and configurable for SQLite
    * Add APIs for managing headscale policy
    * Fix for registering nodes using preauthkeys when running
      on a postgres database in a non-UTC timezone
    * Make sure integration tests cover postgres for all scenarios
    * CLI commands (all except serve) only requires minimal configuration
    * CLI results are now concistently sent to stdout and errors to stderr
    * Fix issue where shutting down headscale would hang
    * add shutdown that asserts if headscale had panics
* Thu Apr 18 2024 Richard Rahl <rrahl0@disroot.org>
  - remove CAP_CHOWN from systemd unit file, as it's unneeded
* Wed Dec 20 2023 Richard Rahl <rrahl0@proton.me>
  - initial packaging

Files

/etc/headscale
/usr/bin/headscale
/usr/etc/headscale
/usr/etc/headscale/config-example.yaml
/usr/etc/headscale/derp-example.yaml
/usr/lib/systemd/system/headscale.service
/usr/lib/sysusers.d/headscale.conf
/usr/lib/tmpfiles.d/headscale.conf
/usr/share/doc/packages/headscale
/usr/share/doc/packages/headscale/CHANGELOG.md
/usr/share/doc/packages/headscale/README.md
/usr/share/licenses/headscale
/usr/share/licenses/headscale/LICENSE
/var/lib/headscale

Generated by rpm2html 1.8.1

Fabrice Bellet, Thu Oct 9 23:24:20 2025