Skip to content

Bugfixes for alpha.20#3133

Open
dr-bonez wants to merge 21 commits intonext/majorfrom
bugfix/alpha.20
Open

Bugfixes for alpha.20#3133
dr-bonez wants to merge 21 commits intonext/majorfrom
bugfix/alpha.20

Conversation

@dr-bonez
Copy link
Member

@dr-bonez dr-bonez commented Mar 9, 2026

Summary

  • Add delete_dir utility (ignores NotFound) and replace repeated metadata-check-then-remove patterns across the codebase
  • Improve service version migration: use actual data version for migration targets, skip unsatisfiable ranges, detect install vs update from data version file
  • Mark private domain hostnames as non-public
  • Add bridge filter kind to service interface to exclude LXC bridge hostnames
  • Add s9pk inspect commitment subcommand
  • Update patch-db submodule (audit fixes branch)
  • Remove --unhandled-rejections=warn from container-runtime service
  • Move release GPG signatures into a signatures/ subdirectory
  • Add ca-certificates dependency to registry-deb
  • Improve NVIDIA driver build: add pkg-config dep, clean up .run installer, blacklist nouveau, rebuild initramfs, move kiosk enable earlier

dr-bonez added 21 commits March 8, 2026 21:43
@dr-bonez
refactor: add delete_dir utility and use across codebase
efd90d3 
Adds a delete_dir helper that ignores NotFound errors (matching
the existing delete_file pattern) and replaces the repeated
metadata-check-then-remove_dir_all pattern throughout the codebase.
@dr-bonez
feat: improve service version migration and data version handling
95a519c 
Extract get_data_version into a shared function used by both effects
and service_map. Use the actual data version (instead of the previous
package version) when computing migration targets, and skip migrations
when the target range is unsatisfiable. Also detect install vs update
based on the presence of a data version file rather than load
disposition alone.
@dr-bonez
fix: mark private domain hostnames as non-public
ba71f20
@dr-bonez
feat: add bridge filter kind to service interface
68ae365 
Adds 'bridge' as a FilterKind to exclude LXC bridge interface
hostnames from non-local service interfaces.
@dr-bonez
feat: add s9pk inspect commitment subcommand
ea8a7c0
@dr-bonez
chore: update patch-db submodule
5316d6e 
Updates patch-db submodule and adjusts Cargo.toml path from
patch-db/patch-db to patch-db/core. Switches from serde_cbor
to ciborium.
@dr-bonez
chore: remove --unhandled-rejections=warn from container-runtime
f56262b
@dr-bonez
chore: restructure release signatures into subdirectory
36bf55c 
Moves GPG signatures and keys into a signatures/ subdirectory
before packing into signatures.tar.gz, preventing glob collisions.
@dr-bonez
fix: add ca-certificates dependency to registry-deb
8ef4ef4
@dr-bonez
fix: improve NVIDIA driver build in image recipe
43e514f 
Move enable-kiosk earlier (before NVIDIA hook), add pkg-config to
NVIDIA build deps, clean up .run installer after use, blacklist
nouveau, and rebuild initramfs after NVIDIA driver installation.
@dr-bonez
feat: add DbWatchedCallbacks abstraction, TypedDbWatch-based callback…
c52fcf5 
…s, and SDK watchable wrappers

- Extract DbWatchedCallbacks<K> abstraction in callbacks.rs using SyncMutex
  for the repeated patchdb subscribe-wait-fire-remove callback pattern
- Move get_host_info and get_status callbacks to use TypedDbWatch instead of
  raw db.subscribe, eliminating race conditions between reading and watching
- Make getStatus return Option<StatusInfo> to handle uninstalled packages
- Add getStatus .const/.once/.watch/.onChange wrapper in container-runtime
  for legacy SystemForEmbassy adapter
- Add SDK watchable wrapper classes for all callback-enabled effects:
  GetStatus, GetServiceManifest, GetHostInfo, GetContainerIp, GetSslCertificate
@dr-bonez
refactor: extract Watchable<T> base class for SDK effect wrappers
76de6be 
Eliminates boilerplate across 7 wrapper classes (GetContainerIp,
GetHostInfo, GetOutboundGateway, GetServiceManifest, GetSslCertificate,
GetStatus, GetSystemSmtp) by moving shared const/once/watch/onChange/
waitFor logic into an abstract Watchable<T> base class.
@dr-bonez
fix: add network dependency to start-tunneld and rename web reset to …
7b05a7c 
…uninit

Add After/Wants network-online.target to prevent race where
start-tunneld starts before the network interface is up, causing
missing MASQUERADE rules. Rename `web reset` to `web uninit` for
clarity.
@dr-bonez
fix: update patch-db (ciborium revert) and create /media/startos as 750
3441d4d 
- Update patch-db submodule: fixes DB null-nuke caused by ciborium's
  broken deserialize_str, and stack overflow from recursive apply_patches
- Create /media/startos with mode 750 in initramfs before subdirectories
@dr-bonez
fix: make GRUB serial console conditional on hardware availability
9546fc9 
Unconditionally enabling serial terminal broke gfxterm on EFI systems
without a serial port. Now installs a /etc/grub.d/01_serial script
that probes for the serial port before enabling it. Also copies
unicode.pf2 font to boot partition for GRUB graphical mode.
@dr-bonez
fix: set correct binary name and version on all CLI commands
ccf6fa3
@dr-bonez
fix: make unmount idempotent by ignoring "not mounted" errors
2586f84
@dr-bonez
refactor: simplify AddPackageSignerParams merge field from Option<boo…
73c6696 
…l> to bool
@dr-bonez
fix: move unpack progress completion after rename and reformat
8dd50eb
@dr-bonez
fix: run apt-get update before installing registry deb in Docker image
d2f12a7
@dr-bonez
fix: gracefully handle mount failure in legacy dependenciesAutoconfig
36b8fda 
Non-legacy dependencies don't have an "embassy" volume, so the mount
fails. Catch the error and skip autoconfig instead of crashing.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dr-bonez