Major refactor of Docker Compose configurations and tooling enhancements.
- ✨ Add `gen-auth` script for generating Tor Control Port credentials
- 🐳 Refactor Docker Compose templates:
- Add native healthcheck configurations to all relay/bridge files
- Standardize security capabilities (drop ALL, add SETUID/SETGID)
- Remove verbose comments to streamline template usage
- Update volume definitions for better data persistence
- 🔧 Update base dependencies:
- Alpine Linux -> 3.23.0
- Golang -> 1.25.5-alpine
- 🧹 Standardize ENV variable names across all configurations
Recent Alpine base images introduce a 'klogd' user at UID 100, which forced
the 'tor' package to install as UID 101. This caused "Permission denied"
errors for existing data volumes owned by UID 100.
This fix:
- Removes the conflicting 'klogd' user
- Manually creates the 'tor' user with fixed UID 100 / GID 101
- Ensures compatibility with existing persistent volumes
This commit addresses high-severity vulnerabilities detected by Docker Scout in both the Lyrebird binary and the Alpine base image.
Changes:
- Lyrebird: Implemented a multi-stage build using golang:1.24-alpine. This compiles Lyrebird from source to resolve "baked-in" Go runtime and dependency vulnerabilities (stdlib, crypto, pion) found in the upstream Alpine package.
- Base OS: Added apk upgrade --no-cache to force the installation of the latest system libraries, patching active CVEs in musl and openssl.
Resolves: CVE-2025-9230 (openssl), CVE-2025-26519 (musl), and multiple Go runtime CVEs.
This commit addresses high-severity vulnerabilities detected by Docker Scout in both the Lyrebird binary and the Alpine base image.
Changes:
- Lyrebird: Implemented a multi-stage build using golang:1.24-alpine. This compiles Lyrebird from source to resolve "baked-in" Go runtime and dependency vulnerabilities (stdlib, crypto, pion) found in the upstream Alpine package.
- Base OS: Added apk upgrade --no-cache to force the installation of the latest system libraries, patching active CVEs in musl and openssl.
Resolves: CVE-2025-9230 (openssl), CVE-2025-26519 (musl), and multiple Go runtime CVEs.
- Implements multi-stage build in `Dockerfile` and `Dockerfile.edge` using `golang:1.24-alpine` to compile `lyrebird` from official source.
- Resolves high-severity vulnerabilities in `stdlib`, `crypto`, and `pion` by enforcing latest Go runtime and dependency updates (`go get -u`).
- Maintains minimal image footprint by discarding the build toolchain and copying only the stripped binary to the final Alpine image.
- 🖼️ Added Gallery section with four screenshots
- 📁 Added images to src/screenshots/
- 🔧 Updated README to show the 2x2 grid
- 🗂️ Synced documentation references
- 🖼️ Replaced onion.png with logo.png in README
- 📁 Added logo.png to src/ directory
- 📝 Updated quick start and configuration example references
- 🔢 Corrected image size details from ~20MB to ~17.1MB in FAQ and security-validation-tests.sh
- 🖼️ Replaced onion.png with logo.png in README
- 📁 Added logo.png to src/ directory
- 📝 Updated quick start and configuration example references
- 🔢 Corrected image size details from ~20MB to ~17.1MB in FAQ and security-validation-tests.sh
- 🧹 Removed verbose and redundant comments from Dependabot config, pull request template, and workflow YAML files
- 📦 Improved readability and maintainability without altering functionality
- 🔧 No behavioral changes introduced, documentation and comment cleanup only
- 🧩 Added two JSON templates for Cosmos deployments:
- Tor Guard Relay config template
- obfs4 Bridge Relay config template
- 📘 Updated README.md to include configuration examples, network-mode guidance, and improved formatting
- 🔒 Revised SECURITY.md to clarify security considerations and correct inaccuracies
- ✨ Fixed minor typos and improved example consistency
- 🖼️ Added a detailed Mermaid flowchart to README.md to illustrate:
- Container initialization
- Relay mode selection
- Operations
- Shutdown
- 📉 Updated ARCHITECTURE.md to reduce image size from ~20 MB to ~17.1 MB
- ✏️ Made minor formatting improvements in README.md for clarity
- 🎨 Enhanced Mermaid diagrams with emoji and improved formatting
- 📦 Updated SECURITY.md and ARCHITECTURE.md for ~17.1 MB image size and bumped docs to v1.0.1
- 📘 Added comprehensive docs including FAQ, architecture, and migration guides
- 🧩 Introduced new and updated example configs and templates
- 🧾 Added a pull request template for contributor workflow
- 🧪 Enhanced CI/CD with SBOM generation and improved release notes
- 🛡️ Expanded Trivy security scanning coverage in pipelines
- 🔗 Updated README to reference new docs and the quick start script
- 📘 Added comprehensive docs including FAQ, architecture, and migration guides
- 🧩 Introduced new and updated example configs and templates
- 🧾 Added a pull request template for contributor workflow
- 🧪 Enhanced CI/CD with SBOM generation and improved release notes
- 🛡️ Expanded Trivy security scanning coverage in pipelines
- 🔗 Updated README to reference new docs and the quick start script
- 📘 Added comprehensive docs including FAQ, architecture, and migration guides
- 🧩 Introduced new and updated example configs and templates
- 🧾 Added a pull request template for contributor workflow
- 🧪 Enhanced CI/CD with SBOM generation and improved release notes
- 🛡️ Expanded Trivy security scanning coverage in pipelines
- 🔗 Updated README to reference new docs and the quick start script
- 📘 Added comprehensive docs including FAQ, architecture, and migration guides
- 🧩 Introduced new and updated example configs and templates
- 🧾 Added a pull request template for contributor workflow
- 🧪 Enhanced CI/CD with SBOM generation and improved release notes
- 🛡️ Expanded Trivy security scanning coverage in pipelines
- 🔗 Updated README to reference new docs and the quick start script
- 📘 Added comprehensive docs including FAQ, architecture, and migration guides
- 🧩 Introduced new and updated example configs and templates
- 🧾 Added a pull request template for contributor workflow
- 🧪 Enhanced CI/CD with SBOM generation and improved release notes
- 🛡️ Expanded Trivy security scanning coverage in pipelines
- 🔗 Updated README to reference new docs and the quick start script
- 📏 Corrected documented image size to 17.1 MB
- 🖼️ Updated all image references to r3bo0tbx1/onion-relay
- 🗂️ Standardized image naming across templates
- 🔐 Added security and privacy notes to the Code of Conduct
- 📚 Synced configuration notes for the v1.1.1 release
