Gonçalo Garcia

This commit performs essential **release preparation** by updating the **project documentation** with the official release notes for **version 2026.3.0**. It specifically modifies the `RELEASE_NOTES` file to comprehensively detail all new features, bug fixes, and general maintenance chores included in this major version. This **maintenance** task ensures that users and stakeholders have a clear and accessible overview of the changes and improvements introduced in the latest release.

This commit introduces a **new `management token` command** to `cloudflared`, enabling the generation of resource-specific management access JWTs for `logs`, `admin`, and `host_details`. This **enhancement** expands the `ManagementResource` enum in `cfapi/tunnel.go` and **fixes failing component tests** by providing the necessary admin-level tokens for management endpoints. The work also includes **refactoring** the `tail` command to utilize new shared utilities in `cliutil/management.go` for token acquisition and logging, ensuring consistent and secure access across `cloudflared`'s management features. The **component tests** have been extensively updated to validate this new functionality and resource-specific token usage.

This commit **refactors** the `cloudflared` **API client** and the **`tail` command** to migrate from a deprecated `/management` endpoint to the new `/management/logs` endpoint. It introduces a `ManagementResource` type and updates the `GetManagementToken` interface and implementation within the `cfapi` package to support resource-specific management endpoints. This **API migration** ensures the `cloudflared tail` command continues to function correctly for **log retrieval** by adapting its token acquisition and URL building logic to the evolving Cloudflare API, preventing future breakage due to endpoint deprecation. Unit tests for the new API logic are also included.

This commit performs a **documentation update** by adding the official release notes for version `2025.11.0`. It specifically modifies the **`RELEASE_NOTES`** file to detail **new features, bug fixes, and other significant changes** included in this release. This essential **release management** task provides users and developers with a comprehensive overview of the latest advancements and improvements in the project.

This commit **introduces code signing** for **Windows builds**, specifically targeting both **`cloudflared.exe` binaries** and **Windows MSI packages**. It integrates `azuresigntool` with a certificate from **Azure Key Vault** into the **CI/CD pipeline** to automatically sign these artifacts. A **new CI job** (`.ci/windows.gitlab-ci.yml`) is added for MSI signing, and the **release pipeline** (`.ci/release.gitlab-ci.yml`) is updated to depend on this new signing step, thereby **enhancing the security and trustworthiness** of Windows releases by ensuring their authenticity and integrity.

This commit performs a **maintenance chore** by updating the `cloudflared` GPG key name within the `release/index.html` file. Specifically, it changes the reference from `cloudflare-public-v2.gpg` to `cloudflare-main.gpg` in the **installation instructions**. This ensures that users following the documentation will use the updated key name. The change is designed to **preserve backward compatibility** by maintaining the old key name alongside the new one, thereby **preventing disruption** for existing installations and avoiding immediate updates to developer documentation.

This commit **integrates the `index.html` file for `pkg.cloudflared.com`** into the Git repository, specifically under `release/index.html`. This **maintenance** change centralizes the **installation instructions for Cloudflare packages**, making it easier to track content changes for this critical **documentation**. By bringing this public-facing content into version control, it streamlines future updates and enables potential automation through CI/CD pipelines for the `pkg.cloudflared.com` website. This significantly improves the **release infrastructure** by ensuring the package installation guide is managed alongside the codebase.

This commit provides a **bug fix** for the **package release process**, specifically addressing an issue with **RPM signature generation**. It updates the `release_pkgs.py` script to correctly identify and use the **secondary GPG key name** instead of the primary one when signing RPM packages. This ensures that all **RPM artifacts** are signed with the intended and valid key, preventing potential verification failures for users. The change is a critical **maintenance fix** for the release pipeline's integrity.

This commit **fixes a critical typo** within the **release packaging script** (`release_pkgs.py`) that was causing deployment failures. It specifically corrects the access of the `gpg_private_key_2` argument, which was previously misreferenced. This **bug fix** ensures the proper functioning of the **R2 release deployment process**, resolving an issue that prevented the `r2-release-next` deployment from succeeding. The change is essential for maintaining the stability and reliability of the release pipeline.

This commit performs a **maintenance update** to the **RPM build process** by integrating support for a new GPG key. It modifies the `release_pkgs.py` script to enhance the **key import logic**, allowing for the conditional use of a secondary GPG public key for signing RPM packages. This ensures that all future **RPM releases** are signed with the correct and updated GPG key, maintaining the integrity and authenticity of the distributed software.

This commit **resolves a long-standing issue** within the **RPM postinstall scriptlet** for `cloudflared` by making the symbolic link creation idempotent. Previously, during package upgrades, users would encounter `ln: failed to create symbolic link '/usr/local/bin/cloudflared': File exists` errors in their logs because the symlink already existed. By adding the `-f` (force) flag to the `ln -s` command in `postinst.sh`, this **maintenance fix** prevents these benign but noisy errors, **improving the user experience** during RPM package updates without affecting core functionality.

This commit **fixes a critical bug** within the **RPM package release process**, specifically addressing issues encountered during double signing. The `create_repo_file` function in `release_pkgs.py` is corrected to properly return the file path instead of a file handle, which was causing failures during the upload of the RPM repository file. Additionally, newlines are added to the generated repo file content, and the `_sign_repomd` function now includes the `--yes` flag for the `gpg` command to ensure smoother signing. This **maintenance fix** significantly improves the reliability and correctness of the **RPM package release pipeline**.

This commit addresses a **parameter order issue** within the **release packaging script** `release_pkgs.py`. It specifically corrects the arguments passed to the `upload_pkg_to_r2` function when handling the **RPM `.repo` file upload to R2**. This **maintenance fix** ensures the repository configuration file is correctly stored in the cloud storage, preventing potential issues for users attempting to configure RPM package sources.

This commit **fixes a bug** in the **GPG key import logic** within the `release_pkgs.py` script. Previously, the system would incorrectly select only the first GPG key from the `gpg.list` output, causing issues when multiple keys were present or the `import_gpg_keys` function was invoked multiple times. The `import_gpg_keys` function is now updated to correctly identify and return the fingerprint of the newly imported private key. This **maintenance fix** ensures the **correct GPG key is always selected**, improving the reliability of **package signing and release processes** by preventing key selection errors.

This commit is a **chore** to standardize the Go toolchain used in the project's continuous integration. It **forces the usage of `go-boring 1.24`** across all relevant **Linux CI jobs**, including standard builds, FIPS-compliant builds, unit tests, FIPS tests, and vulnerability scanning. This **maintenance** update, primarily affecting `.ci/linux.gitlab-ci.yml`, ensures a consistent and controlled Go environment for critical development and security pipelines, impacting the reliability and reproducibility of CI results.

This commit **introduces support for dual GPG key signing for Debian packages**, a **new capability** designed to facilitate a smooth key rollover and ensure compatibility with Debian Trixie, which deprecates SHA-1 GPG keys. It modifies the **packaging and release process** by leveraging `reprepro`'s ability to include two signatures, implemented primarily within the `release_pkgs.py` script and orchestrated via new `Makefile` targets and `cfsetup.yaml` CI jobs. This allows users with existing keys to continue receiving updates while providing a new key for Trixie, though it notes that **RPM packages do not support this dual-signing approach**.

This commit introduces **FedRAMP support** within the **`originRequest` Access configuration**, enabling the system to operate in regulated environments. It adds an `Environment` field to the `AccessConfig` structure, which is then passed to the **JWT validator** during ingress validation via the `validateIngress` function. The `NewJWTValidator` function now uses this `environment` parameter to dynamically select the appropriate certificate URL, ensuring correct and secure authentication for **FedRAMP or standard access configurations**. This is a **new capability** that expands the platform's compliance and deployment options by correctly handling environment-specific certificate requirements.

This commit introduces a **new capability** to the **`cloudflared` tunnel creation process**, specifically for **locally managed tunnels generated with Federated tokens**. It ensures that the `Endpoint` field is correctly populated within the tunnel credentials, enhancing the robustness of tunnel setup. This involves modifying the `cmd/cloudflared/tunnel/subcommand_context.go` to set the endpoint during creation and adding an `Endpoint` method to the `User` struct in `credentials/credentials.go` to expose this information. The change guarantees that **tunnels created with Federated tokens** can properly utilize their associated endpoint details for improved connectivity and management.

This commit **updates the project documentation** by adding the **release notes for version 2025.8.0** to the `RELEASE_NOTES` file. This **maintenance task** provides a comprehensive overview of the new release, detailing key changes, improvements, and fixes. Specifically, it highlights important **vulnerability fixes** and updates related to **Cloudflared**, ensuring users are informed about critical security patches and new capabilities. This update is crucial for users to understand the scope and impact of the new version.

This commit performs a **maintenance** update to the project's **documentation**, specifically the `RELEASE_NOTES` file. It advances the version to **2025.4.2** and incorporates new entries that detail the changes, features, and bug fixes included in this release. This essential **release preparation** step ensures that users and developers have access to comprehensive and up-to-date information regarding the latest software iteration.