v1.0.0
2026-07-01
latest
● stable
What changed
Added
- **`gtcnsl backup` / `backup list` / `restore`.** Snapshot Gitea's binary, `app.ini`, `secrets.ini`, and the `custom/` tree into a manifest-tagged directory under `/var/lib/gtcnsl/backups/`, list them, and restore one with a safe snapshot → stop → swap → restart → health-check flow that undoes itself if Gitea won't come back. `backup --keep N` prunes older snapshots.
- **`dind-rootless` runner executor.** Run the Gitea Actions Runner in a rootless Docker-in-Docker container managed by systemd, with no runner binary on the host (ADR 0022). Selectable at `runner install --executor=dind-rootless`.
- **Opportunistic Gitea signing-key refresh.** When the embedded release key nears expiry, gtcnsl fetches a fresh copy — pinned to the same fingerprint — from keys.openpgp.org and otherwise falls back to the embedded key, so download verification keeps working across the key's yearly renewal without a new gtcnsl release. Zero network in the common case (ADR 0024).
- **`gtcnsl doctor` now reports boot-enablement** of the `gitea` and `gitea-runner` units, so a missing `systemctl enable` surfaces before a reboot does.
- **Compatibility policy.** [`COMPATIBILITY.md`](COMPATIBILITY.md) codifies the public surface, the SemVer promise, and a deprecate-then-remove policy.
Fixed
- **In-place Gitea upgrade now actually restarts onto the new binary.** `gtcnsl gitea install --to <newer>` over a running install (the documented upgrade path) swapped the binary but issued a plain `systemctl start`, which is a no-op on an already-running unit — the old Gitea kept serving and the install failed its health check reporting the old version. It now restarts the unit, so an upgrade replaces the running instance. Surfaced by the new container upgrade acceptance scenario (the fake systemd manager's start always "succeeded", hiding the gap from unit tests).
- **Units are enabled for boot persistence.** `gitea` and `gitea-runner` are now `systemctl enable`d, so they come back after a reboot instead of staying down.
- **Version listing uses the `dl.gitea.com` mirror**, not the retired `gitea.com` API endpoint that had begun returning 500s and broke the TUI/CLI version picker.
- **Refreshed the embedded Gitea (Teabot) signing key** whose signing subkey had expired (2026-06-23), which had stopped GPG verification of downloaded Gitea binaries. Renewed to expire 2027-06-26; same pinned fingerprint.
Download
Pick your architecture. Direct links point at the release assets.
$ curl -fsSL https://dl.gtcnsl.com/v1.0.0/gtcnsl-v1.0.0-linux-amd64 -o /usr/local/bin/gtcnsl && chmod +x /usr/local/bin/gtcnsl
i
Verify
Compare against the signed checksum manifest before you run anything.
checksums.txt