ProxSave v0.12.7
🧱 Restore safety hardening, network transactional apply, and massive coverage expansion
This release delivers a major step forward in restore safety and reliability, with transactional network apply and rollback, smarter filesystem handling, stricter cluster protections, and a very large expansion of test coverage across orchestrator, storage, security, and restore paths.
- Transactional network apply with rollback: Introduced safe network configuration apply with rollback timer, health checks, diagnostics capture, NIC repair, and automatic rollback on failure, including detailed reporting and restore guide updates.
- Advanced network diagnostics: Added pre/post-apply diagnostics capture, baseline health reports, network plan reports, rollback snapshots, and non-blocking validation helpers to improve failure analysis.
- Filesystem-aware restore workflow: Added a dedicated filesystem restore category with smart
/etc/fstabmerge logic, staged extraction, skip hooks, and user prompts to prevent blind overwrites during live restores. - Smart fstab merge logic: Implemented deferred and interactive
/etc/fstabmerging with category interception, skip filters, and explicit handling during full restores to root (/). - Cluster and network safety guards: Added cluster shadowing protection for
/etc/pve, NIC persistent naming override detection (udev/systemd), node mismatch handling, and improved safe cluster restore workflows. - Restore privilege correctness: Root privileges are now required only when restoring to the real system root filesystem, not for virtual or test filesystems.
- Improved restore staging: Added staged network and filesystem installation workflows with rollback timers, deferred application, and documented
/tmp/proxsave/restore-stage-*mechanics. - Storage and filesystem robustness: Expanded storage tests, improved filesystem detection via injectable hooks, enhanced mount and permission validation, and fixed octal unescaping using unsigned parsing.
- Directory and security hardening: Expanded directory recreation and security tests covering ownership, permissions, ZFS detection, config-driven logic, and error propagation.
- Extensive test coverage expansion: Added comprehensive tests for orchestrator, restore/decrypt workflows, identity and MAC handling, prompts, abort contexts, TUI flows, and encryption utilities.
- Notifier reliability: Greatly expanded email and webhook notifier tests, improved authentication and payload coverage, and refactored components for hermetic testing.
- Command execution robustness: Added a default wait delay to the command runner to safely handle
exec.ErrWaitDelaywithout failing executions. - Dependency updates: Bumped
tcellto 2.13.7 andgolang.org/x/cryptoto 0.47.0. - Bug fix: Fixed octal unescaping to correctly handle unsigned values by switching to
ParseUint.
Overall: significantly safer restores, transactional network handling, smarter filesystem merges, hardened cluster protections, richer diagnostics, and one of the largest test coverage increases to date.