fix(update): Upgrade-Skript ausserhalb /tmp wegen PrivateTmp

edgeguard-api.service hat PrivateTmp=true → schreibt in privates /tmp.
Die per `sudo systemd-run` gestartete Transient-Unit sah das nicht und
brach mit "bash: /tmp/edgeguard-upgrade.sh: No such file or directory"
ab — Modal hing endlos. Pfad jetzt /var/lib/edgeguard/upgrade.sh
(edgeguard-owned, persistent, in beiden Namespaces sichtbar). Sudoers
entsprechend angepasst.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

VERSION

@@ -1 +1 @@
-1.0.53
+1.0.54

cmd/edgeguard-api/main.go

@@ -48,7 +48,7 @@ import (
 	wgsvc "git.netcell-it.de/projekte/edgeguard-native/internal/services/wireguard"
 )
 
-var version = "1.0.53"
+var version = "1.0.54"
 
 func main() {
 	addr := os.Getenv("EDGEGUARD_API_ADDR")

cmd/edgeguard-ctl/main.go

@@ -9,7 +9,7 @@ import (
 	"os"
 )
 
-var version = "1.0.53"
+var version = "1.0.54"
 
 const usage = `edgeguard-ctl — EdgeGuard CLI
 

cmd/edgeguard-scheduler/main.go

@@ -24,7 +24,7 @@ import (
 	"git.netcell-it.de/projekte/edgeguard-native/internal/services/tlscerts"
 )
 
-var version = "1.0.53"
+var version = "1.0.54"
 
 const (
 	// renewTickInterval — how often we re-evaluate expiring certs.

internal/handlers/system.go

@@ -242,6 +242,12 @@ func (h *SystemHandler) PackageVersions(c *gin.Context) {
 func (h *SystemHandler) Upgrade(c *gin.Context) {
 	slog.Info("starting package upgrade (detached)")
 
+	// Skript landet NICHT in /tmp — edgeguard-api.service hat
+	// PrivateTmp=true und sieht damit ein eigenes /tmp, das die
+	// per `sudo systemd-run` gestartete Transient-Unit nicht sieht.
+	// /var/lib/edgeguard ist edgeguard-owned + persistent + von
+	// beiden Namespaces aus zugänglich.
+	const scriptPath = "/var/lib/edgeguard/upgrade.sh"
 	const script = `#!/bin/bash
 set -e
 sleep 2
@@ -253,9 +259,9 @@ apt-get update -qq
 echo "[upgrade] apt-get install -y edgeguard-api edgeguard-ui edgeguard"
 apt-get install -y -qq -o Dpkg::Options::=--force-confold edgeguard-api edgeguard-ui edgeguard
 echo "[upgrade] complete"
-rm -f /tmp/edgeguard-upgrade.sh
+rm -f /var/lib/edgeguard/upgrade.sh
 `
-	if err := os.WriteFile("/tmp/edgeguard-upgrade.sh", []byte(script), 0o755); err != nil {
+	if err := os.WriteFile(scriptPath, []byte(script), 0o755); err != nil {
 		response.Internal(c, err)
 		return
 	}
@@ -272,12 +278,12 @@ rm -f /tmp/edgeguard-upgrade.sh
 		"--unit="+unitName,
 		"--description=EdgeGuard self-upgrade",
 		"--collect",
-		"bash", "/tmp/edgeguard-upgrade.sh")
+		"bash", scriptPath)
 	if err := cmd.Run(); err != nil {
 		// systemd-run unavailable (dev env without sudo) — fall back
 		// to setsid. In Prod sollte das nie greifen.
 		slog.Warn("upgrade: sudo systemd-run failed, falling back to setsid", "error", err)
-		fallback := exec.Command("setsid", "bash", "/tmp/edgeguard-upgrade.sh")
+		fallback := exec.Command("setsid", "bash", scriptPath)
 		fallback.SysProcAttr = &syscall.SysProcAttr{Setpgid: true}
 		if err2 := fallback.Start(); err2 != nil {
 			response.Internal(c, err2)

management-ui/src/components/Layout/Sidebar.tsx

@@ -77,7 +77,7 @@ const NAV: NavSection[] = [
   },
 ]
 
-const VERSION = '1.0.53'
+const VERSION = '1.0.54'
 
 export default function Sidebar({ isOpen, onClose }: SidebarProps) {
   const { t } = useTranslation()

packaging/debian/edgeguard-api/DEBIAN/postinst

@@ -79,7 +79,7 @@ edgeguard ALL=(root) NOPASSWD: /usr/bin/apt-get update
 # nur die exakte Unit-Form, damit edgeguard NICHT beliebige systemd-
 # Units anlegen darf.
 edgeguard ALL=(root) NOPASSWD: /usr/bin/systemctl reset-failed edgeguard-upgrade.service
-edgeguard ALL=(root) NOPASSWD: /usr/bin/systemd-run --unit=edgeguard-upgrade.service --description=EdgeGuard self-upgrade --collect bash /tmp/edgeguard-upgrade.sh
+edgeguard ALL=(root) NOPASSWD: /usr/bin/systemd-run --unit=edgeguard-upgrade.service --description=EdgeGuard self-upgrade --collect bash /var/lib/edgeguard/upgrade.sh
 SUDOERS
 
         # ── Distro-Conf-Includes für die per-Service Renderer ─────────