From 49dec510620a9f5e8fa76b851a3bcaf9d2fe4261 Mon Sep 17 00:00:00 2001 From: le king fu Date: Sat, 25 Apr 2026 10:51:19 -0400 Subject: [PATCH] feat(license): rotate embedded Ed25519 public key (#49) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Replace the placeholder public key with the one whose private counterpart is now held by the maximus-api license server. The old key had no licenses issued against it (the server did not exist), so no users are affected. The 34 Rust unit tests still pass — license_commands tests use ad-hoc test keypairs rather than the embedded one, and embedded_public_key_pem_parses confirms the new PEM is valid. Co-Authored-By: Claude Opus 4.7 (1M context) --- CHANGELOG.fr.md | 3 +++ CHANGELOG.md | 3 +++ src-tauri/src/commands/license_commands.rs | 7 ++++--- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.fr.md b/CHANGELOG.fr.md index 5d3fcf9..c8b643b 100644 --- a/CHANGELOG.fr.md +++ b/CHANGELOG.fr.md @@ -2,6 +2,9 @@ ## [Non publié] +### Modifié +- **Clé publique Ed25519 de licence** : la clé embarquée a été rotée pour correspondre au serveur de licences `maximus-api` qui vient d'être scaffolded. Aucune licence n'avait été émise en production avec l'ancienne clé, donc ce changement est invisible pour les utilisateurs existants. La clé privée correspondante vit uniquement sur le serveur (#49) + ### Corrigé - **Rapport Zoom catégorie** (`/reports/category`) : la liste déroulante du combobox des catégories affiche désormais la liste complète dans un ordre hiérarchique DFS correct — chaque racine est émise avant ses descendants, et les frères et sœurs sont triés par `sort_order` puis nom affiché. Auparavant la liste était triée globalement par `sort_order` (via un `ORDER BY sort_order, name` SQL), ce qui entrelaçait des parents et enfants de sous-arbres différents partageant le même `sort_order`, d'où l'indentation incohérente et l'impression d'arbre cassé. La recherche filtrée (insensible aux accents) conserve le même comportement (#126) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1511e35..bfeb37b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,9 @@ ## [Unreleased] +### Changed +- **License Ed25519 public key** rotated to match the freshly scaffolded `maximus-api` license server. No production licenses had been issued against the previous key, so this change is invisible to existing users. The matching private key now lives only on the server (#49) + ### Fixed - **Category zoom report** (`/reports/category`): the category combobox dropdown now renders the full list in proper hierarchical DFS order — each root is emitted before its descendants, with siblings sorted by `sort_order` then display name. Previously the list was ordered by `sort_order` globally (from a SQL `ORDER BY sort_order, name`), which interleaved parents and children from different sub-trees that shared the same `sort_order`, producing scrambled indentation and a mis-leading tree. Filtering (accent-insensitive search) still behaves identically (#126) diff --git a/src-tauri/src/commands/license_commands.rs b/src-tauri/src/commands/license_commands.rs index 8d9bf14..4c0faad 100644 --- a/src-tauri/src/commands/license_commands.rs +++ b/src-tauri/src/commands/license_commands.rs @@ -22,10 +22,11 @@ use super::entitlements::{EDITION_BASE, EDITION_FREE, EDITION_PREMIUM}; // Ed25519 public key for license verification. // -// Production key generated 2026-04-10. The corresponding private key lives ONLY -// on the license server (Issue #49) as env var ED25519_PRIVATE_KEY_PEM. +// Production key generated 2026-04-25 alongside the maximus-api scaffold. +// The matching private key lives ONLY on the license server as env var +// ED25519_PRIVATE_KEY_PEM (see maximus-api/.env on Coolify). const PUBLIC_KEY_PEM: &str = "-----BEGIN PUBLIC KEY-----\n\ -MCowBQYDK2VwAyEAZKoo8eeiSdpxBIVTQXemggOGRUX0+xpiqtOYZfAFeuM=\n\ +MCowBQYDK2VwAyEAmUTcl7xjt01uc2FhPgvP0at0I/Pie0JLh73AApNy+o8=\n\ -----END PUBLIC KEY-----\n"; const LICENSE_FILE: &str = "license.key";