🎉 What's New
New verify Command
This release introduces the txlog verify command, a powerful new tool for validating data integrity between local DNF transaction history and the Txlog server.
Features:
- Detects transactions that exist locally but haven't been synchronized to the server
- Verifies package-level integrity for all synced transactions
- Reports missing or extra transaction items (packages)
- Exits with non-zero status code when issues are detected, making it suitable for CI/CD pipelines
Usage:
txlog verifyIf the verify command detects issues, run txlog build to synchronize the missing data.
Enhanced User Interface
All commands now feature improved visual output with colors and emoji icons for better readability:
txlog build: Enhanced progress indicators with icons (🔍, 📥, ⚙️) and color-coded success/error messagestxlog version: Redesigned output with better formatting, update notifications, and visual indicators- Clear visual distinction between different types of messages (success ✓, error ✗, info ℹ, warning ⚠)
NO_COLOR Support:
All commands respect the NO_COLOR environment variable (no-color.org). Set NO_COLOR=1 to disable colors and emojis for logging, CI/CD pipelines, or terminals without color support.
🔒 Security Improvements
This release includes important security hardening:
- Fixed command injection vulnerability in the
binaryInstalledfunction by replacingexec.Command("which", ...)with the saferexec.LookPath - New vulnerability scanning workflow using
govulncheckthat automatically scans for dependency vulnerabilities on every push and pull request - Documentation updates with security best practices, including recommendations to set
/etc/txlog.yamlpermissions to600
🛠️ Maintenance & Dependencies
- Updated Go version to 1.23.4 in build workflow
- Updated GitHub Actions to use latest
checkoutandsetup-goversions - Updated dependencies for
go-colorableandaferopackages - Various code quality improvements and formatting fixes
Full Changelog: v1.8.0...v1.9.0