misc fixes (#2892)

* use docker for build steps that require linux when not on linux * use fuse for overlay * quiet mountpoint * node 22 * misc fixes * make shasum more compliant * optimize download-base-image.sh with cleaner url handling and checksum verification * fix script * fixes #2900 * bump node and npm versions in web readme * Minor pl.ts fixes * fixes in response to synapse issues * beta.8 * update ts-matches * beta.11 * pl.ts finetuning --------- Co-authored-by: Mariusz Kogen <k0gen@pm.me> Co-authored-by: Matt Hill <mattnine@protonmail.com>
2026-03-26 02:11:53 +00:00 · 2025-04-28 17:33:41 -06:00
parent 05dd760388
commit 2adf34fbaf
41 changed files with 366 additions and 4136 deletions
--- a/DEVELOPMENT.md
+++ b/DEVELOPMENT.md
@@ -25,9 +25,9 @@ docker buildx create --use
 curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh # proceed with default installation
 curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/master/install.sh | bash
 source ~/.bashrc
-nvm install 20
-nvm use 20
-nvm alias default 20 # this prevents your machine from reverting back to another version
+nvm install 22
+nvm use 22
+nvm alias default 22 # this prevents your machine from reverting back to another version
 ```

 ## Cloning the repository
--- a/15
+++ b/15
@@ -49,7 +49,7 @@ endif

 .DELETE_ON_ERROR:

-.PHONY: all metadata install clean format cli uis ui reflash deb $(IMAGE_TYPE) squashfs sudo wormhole wormhole-deb test test-core test-sdk test-container-runtime registry
+.PHONY: all metadata install clean format cli uis ui reflash deb $(IMAGE_TYPE) squashfs wormhole wormhole-deb test test-core test-sdk test-container-runtime registry

 all: $(ALL_TARGETS)

@@ -58,9 +58,6 @@ touch:

 metadata: $(VERSION_FILE) $(PLATFORM_FILE) $(ENVIRONMENT_FILE) $(GIT_HASH_FILE)

-sudo:
-	sudo true
-
 clean:
 	rm -f system-images/**/*.tar
 	rm -rf system-images/compat/target
@@ -116,14 +113,14 @@ debian/control: build/lib/depends build/lib/conflicts
 	./debuild/control.sh

 results/$(BASENAME).deb: dpkg-build.sh $(DEBIAN_SRC) $(ALL_TARGETS)
-	PLATFORM=$(PLATFORM) ./dpkg-build.sh
+	PLATFORM=$(PLATFORM) REQUIRES=debian ./build/os-compat/run-compat.sh ./dpkg-build.sh

 $(IMAGE_TYPE): results/$(BASENAME).$(IMAGE_TYPE)

 squashfs: results/$(BASENAME).squashfs

 results/$(BASENAME).$(IMAGE_TYPE) results/$(BASENAME).squashfs: $(IMAGE_RECIPE_SRC) results/$(BASENAME).deb
-	./image-recipe/run-local-build.sh "results/$(BASENAME).deb"
+	REQUIRES=debian ./build/os-compat/run-compat.sh ./image-recipe/run-local-build.sh "results/$(BASENAME).deb"

 # For creating os images. DO NOT USE
 install: $(ALL_TARGETS) 
@@ -222,7 +219,7 @@ emulate-reflash: $(ALL_TARGETS)
 upload-ota: results/$(BASENAME).squashfs
 	TARGET=$(TARGET) KEY=$(KEY) ./upload-ota.sh

-container-runtime/debian.$(ARCH).squashfs:
+container-runtime/debian.$(ARCH).squashfs: ./container-runtime/download-base-image.sh
 	ARCH=$(ARCH) ./container-runtime/download-base-image.sh

 container-runtime/node_modules/.package-lock.json: container-runtime/package.json container-runtime/package-lock.json sdk/dist/package.json
@@ -254,8 +251,8 @@ container-runtime/dist/node_modules/.package-lock.json container-runtime/dist/pa
 	./container-runtime/install-dist-deps.sh
 	touch container-runtime/dist/node_modules/.package-lock.json

-container-runtime/rootfs.$(ARCH).squashfs: container-runtime/debian.$(ARCH).squashfs container-runtime/container-runtime.service container-runtime/update-image.sh container-runtime/deb-install.sh container-runtime/dist/index.js container-runtime/dist/node_modules/.package-lock.json core/target/$(ARCH)-unknown-linux-musl/release/containerbox | sudo
-	ARCH=$(ARCH) ./container-runtime/update-image.sh
+container-runtime/rootfs.$(ARCH).squashfs: container-runtime/debian.$(ARCH).squashfs container-runtime/container-runtime.service container-runtime/update-image.sh container-runtime/deb-install.sh container-runtime/dist/index.js container-runtime/dist/node_modules/.package-lock.json core/target/$(ARCH)-unknown-linux-musl/release/containerbox
+	ARCH=$(ARCH) REQUIRES=linux ./build/os-compat/run-compat.sh ./container-runtime/update-image.sh

 build/lib/depends build/lib/conflicts: build/dpkg-deps/*
 	build/dpkg-deps/generate.sh
--- a/build/os-compat/buildenv.Dockerfile
+++ b/build/os-compat/buildenv.Dockerfile
@@ -0,0 +1,56 @@
+FROM debian:bookworm
+
+RUN apt-get update && \
+    apt-get install -y \
+    ca-certificates \
+    curl \
+    gpg \
+    build-essential \
+    sed \
+    grep \
+    gawk \
+    jq \
+    gzip \
+    brotli \
+    qemu-user-static \
+    binfmt-support \
+    squashfs-tools \
+    git \
+    debspawn \
+    rsync \
+    b3sum \
+    fuse-overlayfs \
+    sudo \
+    systemd \
+    systemd-container \
+    systemd-sysv \
+    dbus \
+    dbus-user-session
+
+RUN systemctl mask \
+    systemd-firstboot.service \
+    systemd-udevd.service \
+    getty@tty1.service \
+    console-getty.service
+
+RUN git config --global --add safe.directory /root/start-os
+
+RUN mkdir -p /etc/debspawn && \
+    echo "AllowUnsafePermissions=true" > /etc/debspawn/global.toml
+
+ENV NVM_DIR=~/.nvm
+ENV NODE_VERSION=22
+RUN mkdir -p $NVM_DIR && \
+    curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/master/install.sh | bash && \
+    . $NVM_DIR/nvm.sh \
+    nvm install $NODE_VERSION && \
+    nvm use $NODE_VERSION && \
+    nvm alias default $NODE_VERSION && \
+    ln -s $(which node) /usr/bin/node && \
+    ln -s $(which npm) /usr/bin/npm
+
+RUN mkdir -p /root/start-os
+WORKDIR /root/start-os
+
+COPY docker-entrypoint.sh /docker-entrypoint.sh
+ENTRYPOINT [ "/docker-entrypoint.sh" ]
--- a/build/os-compat/docker-entrypoint.sh
+++ b/build/os-compat/docker-entrypoint.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+exec /lib/systemd/systemd --unit=multi-user.target --show-status=false --log-target=journal
--- a/build/os-compat/run-compat.sh
+++ b/build/os-compat/run-compat.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+if [ "$FORCE_COMPAT" = 1 ] || ( [ "$REQUIRES" = "linux" ] && [ "$(uname -s)" != "Linux" ] ) || ( [ "$REQUIRES" = "debian" ] && ! which dpkg > /dev/null ); then
+    project_pwd="$(cd "$(dirname "${BASH_SOURCE[0]}")"/../.. && pwd)/"
+    pwd="$(pwd)/"
+    if ! [[ "$pwd" = "$project_pwd"* ]]; then
+        >&2 echo "Must be run from start-os project dir"
+        exit 1
+    fi
+    rel_pwd="${pwd#"$project_pwd"}"
+
+    SYSTEMD_TTY="-P"
+    USE_TTY=
+    if tty -s; then
+        USE_TTY="-it"
+        SYSTEMD_TTY="-t"
+    fi
+
+    docker run -d --rm --name os-compat --privileged --security-opt apparmor=unconfined -v "${project_pwd}:/root/start-os" -v /lib/modules:/lib/modules:ro start9/build-env
+    while ! docker exec os-compat systemctl is-active --quiet multi-user.target 2> /dev/null; do sleep .5; done
+    docker exec -eARCH -eENVIRONMENT -ePLATFORM -eGIT_BRANCH_AS_HASH $USE_TTY -w "/root/start-os${rel_pwd}" os-compat $@
+    code=$?
+    docker stop os-compat
+    exit $code
+else 
+    exec $@
+fi
--- a/check-git-hash.sh
+++ b/check-git-hash.sh
@@ -7,6 +7,7 @@ else
 fi

 if ! [ -f ./GIT_HASH.txt ] || [ "$(cat ./GIT_HASH.txt)" != "$GIT_HASH" ]; then
+    >&2 echo Git hash changed from "$([ -f ./GIT_HASH.txt ] && cat ./GIT_HASH.txt)" to "$GIT_HASH"
    echo -n "$GIT_HASH" > ./GIT_HASH.txt
 fi

--- a/container-runtime/container-runtime-failure.service
+++ b/container-runtime/container-runtime-failure.service
@@ -0,0 +1,6 @@
+[Unit]
+Description=StartOS Container Runtime Failure Handler
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/start-cli rebuild
--- a/container-runtime/container-runtime.service
+++ b/container-runtime/container-runtime.service
@@ -1,11 +1,11 @@
 [Unit]
 Description=StartOS Container Runtime
+OnFailure=container-runtime-failure.service

 [Service]
 Type=simple
-ExecStart=/usr/bin/node --experimental-detect-module --unhandled-rejections=warn /usr/lib/startos/init/index.js
-Restart=always
-RestartSec=3
+ExecStart=/usr/bin/node --experimental-detect-module --trace-warnings --unhandled-rejections=warn /usr/lib/startos/init/index.js
+Restart=no

 [Install]
 WantedBy=multi-user.target
--- a/container-runtime/deb-install.sh
+++ b/container-runtime/deb-install.sh
@@ -10,7 +10,7 @@ apt-get install -y curl rsync qemu-user-static

 curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash
 source ~/.bashrc
-nvm install 20
+nvm install 22
 ln -s $(which node) /usr/bin/node

 sed -i '/\(^\|#\)Storage=/c\Storage=persistent' /etc/systemd/journald.conf
--- a/container-runtime/download-base-image.sh
+++ b/container-runtime/download-base-image.sh
@@ -1,7 +1,5 @@
 #!/bin/bash
-
 cd "$(dirname "${BASH_SOURCE[0]}")"
-
 set -e

 DISTRO=debian
@@ -16,8 +14,9 @@ elif [ "$_ARCH" = "aarch64" ]; then
    _ARCH=arm64
 fi

-URL="https://images.linuxcontainers.org/$(curl -fsSL https://images.linuxcontainers.org/meta/1.0/index-system | grep "^$DISTRO;$VERSION;$_ARCH;$FLAVOR;" | head -n1 | sed 's/^.*;//g')/rootfs.squashfs"
+BASE_URL="https://images.linuxcontainers.org$(curl -fsSL https://images.linuxcontainers.org/meta/1.0/index-system | grep "^$DISTRO;$VERSION;$_ARCH;$FLAVOR;" | head -n1 | sed 's/^.*;//g')"
+OUTPUT_FILE="debian.${ARCH}.squashfs"

-echo "Downloading $URL to debian.${ARCH}.squashfs"
-
-curl -fsSL "$URL" > debian.${ARCH}.squashfs
+echo "Downloading ${BASE_URL}/rootfs.squashfs to $OUTPUT_FILE"
+curl -fsSL "${BASE_URL}/rootfs.squashfs" > "$OUTPUT_FILE"
+curl -fsSL "$BASE_URL/SHA256SUMS" | grep 'rootfs\.squashfs' | awk '{print $1"  '"$OUTPUT_FILE"'"}' | shasum -a 256 -c
--- a/container-runtime/package-lock.json
+++ b/container-runtime/package-lock.json
--- a/container-runtime/src/Adapters/EffectCreator.ts
+++ b/container-runtime/src/Adapters/EffectCreator.ts
@@ -324,6 +324,7 @@ export function makeEffects(context: EffectContext): Effects {
      >
    },
  }
+  if (context.callbacks?.onLeaveContext)
    self.onLeaveContext(() => {
      self.isInContext = false
      self.onLeaveContext = () => {
--- a/container-runtime/src/Adapters/RpcListener.ts
+++ b/container-runtime/src/Adapters/RpcListener.ts
@@ -171,6 +171,8 @@ export class RpcListener {
    if (!fs.existsSync(SOCKET_PARENT)) {
      fs.mkdirSync(SOCKET_PARENT, { recursive: true })
    }
+    if (fs.existsSync(SOCKET_PATH)) fs.rmSync(SOCKET_PATH, { force: true })
+
    this.unixSocketServer.listen(SOCKET_PATH)

    this.unixSocketServer.on("connection", (s) => {
--- a/container-runtime/src/Adapters/Systems/SystemForEmbassy/index.ts
+++ b/container-runtime/src/Adapters/Systems/SystemForEmbassy/index.ts
@@ -368,8 +368,14 @@ export class SystemForEmbassy implements System {
        reason: "This service must be configured before it can be run",
      })
    }
+    const version = ExtendedVersion.parseEmver(this.manifest.version)
+    if (
+      this.manifest.id === "bitcoind" &&
+      this.manifest.title.toLowerCase().includes("knots")
+    )
+      version.flavor = "knots"
    await effects.setDataVersion({
-      version: ExtendedVersion.parseEmver(this.manifest.version).toString(),
+      version: version.toString(),
    })
  }
  async exportNetwork(effects: Effects) {
--- a/container-runtime/update-image.sh
+++ b/container-runtime/update-image.sh
@@ -4,8 +4,8 @@ cd "$(dirname "${BASH_SOURCE[0]}")"

 set -e

-if mountpoint tmp/combined; then sudo umount -R tmp/combined; fi
-if mountpoint tmp/lower; then sudo umount tmp/lower; fi
+if mountpoint -q tmp/combined; then sudo umount -R tmp/combined; fi
+if mountpoint -q tmp/lower; then sudo umount tmp/lower; fi
 sudo rm -rf tmp
 mkdir -p tmp/lower tmp/upper tmp/work tmp/combined
 if which squashfuse > /dev/null; then
@@ -13,7 +13,11 @@ if which squashfuse > /dev/null; then
 else
    sudo mount debian.${ARCH}.squashfs tmp/lower
 fi
-sudo mount -t overlay -olowerdir=tmp/lower,upperdir=tmp/upper,workdir=tmp/work overlay tmp/combined
+if which fuse-overlayfs > /dev/null; then
+    sudo fuse-overlayfs -olowerdir=tmp/lower,upperdir=tmp/upper,workdir=tmp/work overlay tmp/combined
+else
+    sudo mount -t overlay -olowerdir=tmp/lower,upperdir=tmp/upper,workdir=tmp/work overlay tmp/combined
+fi

 QEMU=
 if [ "$ARCH" != "$(uname -m)" ]; then
@@ -33,6 +37,8 @@ sudo rsync -a --copy-unsafe-links dist/ tmp/combined/usr/lib/startos/init/
 sudo chown -R 0:0 tmp/combined/usr/lib/startos/
 sudo cp container-runtime.service tmp/combined/lib/systemd/system/container-runtime.service
 sudo chown 0:0 tmp/combined/lib/systemd/system/container-runtime.service
+sudo cp container-runtime-failure.service tmp/combined/lib/systemd/system/container-runtime-failure.service
+sudo chown 0:0 tmp/combined/lib/systemd/system/container-runtime-failure.service
 sudo cp ../core/target/$ARCH-unknown-linux-musl/release/containerbox tmp/combined/usr/bin/start-cli
 sudo chown 0:0 tmp/combined/usr/bin/start-cli
 echo container-runtime | sha256sum | head -c 32 | cat - <(echo) | sudo tee tmp/combined/etc/machine-id
--- a/core/models/src/errors.rs
+++ b/core/models/src/errors.rs
@@ -91,6 +91,8 @@ pub enum ErrorKind {
    Cancelled = 73,
    Git = 74,
    DBus = 75,
+    InstallFailed = 76,
+    UpdateFailed = 77,
 }
 impl ErrorKind {
    pub fn as_str(&self) -> &'static str {
@@ -171,6 +173,8 @@ impl ErrorKind {
            Cancelled => "Cancelled",
            Git => "Git Error",
            DBus => "DBus Error",
+            InstallFailed => "Install Failed",
+            UpdateFailed => "Update Failed",
        }
    }
 }
--- a/core/startos/src/s9pk/v2/compat.rs
+++ b/core/startos/src/s9pk/v2/compat.rs
@@ -190,7 +190,7 @@ impl TryFrom<ManifestV1> for Manifest {
        let default_url = value.upstream_repo.clone();
        Ok(Self {
            id: value.id,
-            title: value.title.into(),
+            title: format!("{} (Compatibility Mode)", value.title).into(),
            version: ExtendedVersion::from(
                exver::emver::Version::from_str(&value.version)
                    .with_kind(ErrorKind::Deserialization)?,
--- a/core/startos/src/service/cli.rs
+++ b/core/startos/src/service/cli.rs
@@ -41,7 +41,7 @@ impl Context for ContainerCliContext {
                .runtime
                .get_or_init(|| {
                    Arc::new(
-                        tokio::runtime::Builder::new_current_thread()
+                        tokio::runtime::Builder::new_multi_thread()
                            .enable_all()
                            .build()
                            .unwrap(),
--- a/core/startos/src/service/effects/control.rs
+++ b/core/startos/src/service/effects/control.rs
@@ -5,8 +5,22 @@ use models::{FromStrParser, PackageId};

 use crate::service::effects::prelude::*;
 use crate::service::rpc::CallbackId;
+use crate::service::RebuildParams;
 use crate::status::MainStatus;

+pub async fn rebuild(context: EffectContext) -> Result<(), Error> {
+    let seed = context.deref()?.seed.clone();
+    let ctx = seed.ctx.clone();
+    let id = seed.id.clone();
+    drop(seed);
+    tokio::spawn(async move {
+        super::super::rebuild(ctx, RebuildParams { id })
+            .await
+            .log_err()
+    });
+    Ok(())
+}
+
 pub async fn restart(
    context: EffectContext,
    ProcedureId { procedure_id }: ProcedureId,
--- a/core/startos/src/service/effects/mod.rs
+++ b/core/startos/src/service/effects/mod.rs
@@ -34,6 +34,12 @@ pub fn handler<C: Context>() -> ParentHandler<C> {
            from_fn(callbacks::clear_callbacks).no_cli(),
        )
        // control
+        .subcommand(
+            "rebuild",
+            from_fn_async(control::rebuild)
+                .no_display()
+                .with_call_remote::<ContainerCliContext>(),
+        )
        .subcommand(
            "restart",
            from_fn_async(control::restart)
--- a/core/startos/src/service/mod.rs
+++ b/core/startos/src/service/mod.rs
@@ -209,7 +209,10 @@ impl ServiceRef {
                .request(rpc::Exit, Empty {})
                .await?;
            shutdown.shutdown();
-            hdl.await.with_kind(ErrorKind::Cancelled)?;
+            tokio::time::timeout(Duration::from_secs(30), hdl)
+                .await
+                .with_kind(ErrorKind::Timeout)?
+                .with_kind(ErrorKind::Cancelled)?;
        }
        let service = Arc::try_unwrap(self.0).map_err(|_| {
            Error::new(
@@ -482,7 +485,11 @@ impl Service {
                None,
            ) // TODO timeout
            .await
-            .with_kind(ErrorKind::MigrationFailed)?; // TODO: handle cancellation
+            .with_kind(if src_version.is_some() {
+                ErrorKind::UpdateFailed
+            } else {
+                ErrorKind::InstallFailed
+            })?; // TODO: handle cancellation

        if let Some(mut progress) = progress {
            progress.finalization_progress.complete();
--- a/core/startos/src/shutdown.rs
+++ b/core/startos/src/shutdown.rs
@@ -65,7 +65,6 @@ impl Shutdown {
            Command::new("reboot").spawn().unwrap().wait().unwrap();
        } else {
            Command::new("shutdown")
-                .arg("-h")
                .arg("now")
                .spawn()
                .unwrap()
--- a/dpkg-build.sh
+++ b/dpkg-build.sh
@@ -17,7 +17,6 @@ fi
 rm -rf dpkg-workdir/$BASENAME
 mkdir -p dpkg-workdir/$BASENAME

-make
 make install DESTDIR=dpkg-workdir/$BASENAME

 DEPENDS=$(cat dpkg-workdir/$BASENAME/usr/lib/startos/depends | tr $'\n' ',' | sed 's/,,\+/,/g' | sed 's/,$//')
--- a/sdk/base/lib/osBindings/index.ts
+++ b/sdk/base/lib/osBindings/index.ts
@@ -4,13 +4,13 @@ export { AcmeSettings } from "./AcmeSettings"
 export { ActionId } from "./ActionId"
 export { ActionInput } from "./ActionInput"
 export { ActionMetadata } from "./ActionMetadata"
+export { ActionRequest } from "./ActionRequest"
 export { ActionRequestCondition } from "./ActionRequestCondition"
 export { ActionRequestEntry } from "./ActionRequestEntry"
 export { ActionRequestInput } from "./ActionRequestInput"
 export { ActionRequestTrigger } from "./ActionRequestTrigger"
-export { ActionRequest } from "./ActionRequest"
-export { ActionResultMember } from "./ActionResultMember"
 export { ActionResult } from "./ActionResult"
+export { ActionResultMember } from "./ActionResultMember"
 export { ActionResultV0 } from "./ActionResultV0"
 export { ActionResultV1 } from "./ActionResultV1"
 export { ActionResultValue } from "./ActionResultValue"
@@ -20,13 +20,13 @@ export { AddAdminParams } from "./AddAdminParams"
 export { AddAssetParams } from "./AddAssetParams"
 export { AddCategoryParams } from "./AddCategoryParams"
 export { AddPackageParams } from "./AddPackageParams"
-export { AddressInfo } from "./AddressInfo"
 export { AddSslOptions } from "./AddSslOptions"
 export { AddVersionParams } from "./AddVersionParams"
+export { AddressInfo } from "./AddressInfo"
 export { Alerts } from "./Alerts"
 export { Algorithm } from "./Algorithm"
-export { AllowedStatuses } from "./AllowedStatuses"
 export { AllPackageData } from "./AllPackageData"
+export { AllowedStatuses } from "./AllowedStatuses"
 export { AlpnInfo } from "./AlpnInfo"
 export { AnySignature } from "./AnySignature"
 export { AnySigningKey } from "./AnySigningKey"
@@ -38,9 +38,9 @@ export { BackupTargetFS } from "./BackupTargetFS"
 export { Base64 } from "./Base64"
 export { BindId } from "./BindId"
 export { BindInfo } from "./BindInfo"
-export { BindingSetPublicParams } from "./BindingSetPublicParams"
 export { BindOptions } from "./BindOptions"
 export { BindParams } from "./BindParams"
+export { BindingSetPublicParams } from "./BindingSetPublicParams"
 export { Blake3Commitment } from "./Blake3Commitment"
 export { BlockDev } from "./BlockDev"
 export { BuildArg } from "./BuildArg"
@@ -61,11 +61,11 @@ export { CreateSubcontainerFsParams } from "./CreateSubcontainerFsParams"
 export { CurrentDependencies } from "./CurrentDependencies"
 export { CurrentDependencyInfo } from "./CurrentDependencyInfo"
 export { DataUrl } from "./DataUrl"
+export { DepInfo } from "./DepInfo"
 export { Dependencies } from "./Dependencies"
 export { DependencyKind } from "./DependencyKind"
 export { DependencyMetadata } from "./DependencyMetadata"
 export { DependencyRequirement } from "./DependencyRequirement"
-export { DepInfo } from "./DepInfo"
 export { Description } from "./Description"
 export { DestroySubcontainerFsParams } from "./DestroySubcontainerFsParams"
 export { DeviceFilter } from "./DeviceFilter"
@@ -86,8 +86,8 @@ export { GetHostInfoParams } from "./GetHostInfoParams"
 export { GetOsAssetParams } from "./GetOsAssetParams"
 export { GetOsVersionParams } from "./GetOsVersionParams"
 export { GetPackageParams } from "./GetPackageParams"
-export { GetPackageResponseFull } from "./GetPackageResponseFull"
 export { GetPackageResponse } from "./GetPackageResponse"
+export { GetPackageResponseFull } from "./GetPackageResponseFull"
 export { GetServiceInterfaceParams } from "./GetServiceInterfaceParams"
 export { GetServicePortForwardParams } from "./GetServicePortForwardParams"
 export { GetSslCertificateParams } from "./GetSslCertificateParams"
@@ -101,21 +101,21 @@ export { Governor } from "./Governor"
 export { Guid } from "./Guid"
 export { HardwareRequirements } from "./HardwareRequirements"
 export { HealthCheckId } from "./HealthCheckId"
+export { Host } from "./Host"
 export { HostAddress } from "./HostAddress"
 export { HostId } from "./HostId"
 export { HostnameInfo } from "./HostnameInfo"
 export { Hosts } from "./Hosts"
-export { Host } from "./Host"
 export { ImageConfig } from "./ImageConfig"
 export { ImageId } from "./ImageId"
 export { ImageMetadata } from "./ImageMetadata"
 export { ImageSource } from "./ImageSource"
 export { InitProgressRes } from "./InitProgressRes"
+export { InstallParams } from "./InstallParams"
 export { InstalledState } from "./InstalledState"
 export { InstalledVersionParams } from "./InstalledVersionParams"
 export { InstallingInfo } from "./InstallingInfo"
 export { InstallingState } from "./InstallingState"
-export { InstallParams } from "./InstallParams"
 export { IpHostname } from "./IpHostname"
 export { IpInfo } from "./IpInfo"
 export { ListPackageSignersParams } from "./ListPackageSignersParams"
@@ -130,11 +130,11 @@ export { Manifest } from "./Manifest"
 export { MaybeUtf8String } from "./MaybeUtf8String"
 export { MebiBytes } from "./MebiBytes"
 export { MerkleArchiveCommitment } from "./MerkleArchiveCommitment"
+export { Metrics } from "./Metrics"
 export { MetricsCpu } from "./MetricsCpu"
 export { MetricsDisk } from "./MetricsDisk"
 export { MetricsGeneral } from "./MetricsGeneral"
 export { MetricsMemory } from "./MetricsMemory"
-export { Metrics } from "./Metrics"
 export { MountParams } from "./MountParams"
 export { MountTarget } from "./MountTarget"
 export { NamedHealthCheckResult } from "./NamedHealthCheckResult"
@@ -146,14 +146,14 @@ export { NetworkInterfaceSetInboundParams } from "./NetworkInterfaceSetInboundPa
 export { NetworkInterfaceType } from "./NetworkInterfaceType"
 export { OnionHostname } from "./OnionHostname"
 export { OsIndex } from "./OsIndex"
-export { OsVersionInfoMap } from "./OsVersionInfoMap"
 export { OsVersionInfo } from "./OsVersionInfo"
+export { OsVersionInfoMap } from "./OsVersionInfoMap"
 export { PackageDataEntry } from "./PackageDataEntry"
 export { PackageDetailLevel } from "./PackageDetailLevel"
 export { PackageId } from "./PackageId"
 export { PackageIndex } from "./PackageIndex"
-export { PackageInfoShort } from "./PackageInfoShort"
 export { PackageInfo } from "./PackageInfo"
+export { PackageInfoShort } from "./PackageInfoShort"
 export { PackageSignerParams } from "./PackageSignerParams"
 export { PackageState } from "./PackageState"
 export { PackageVersionInfo } from "./PackageVersionInfo"
@@ -176,18 +176,18 @@ export { Security } from "./Security"
 export { ServerInfo } from "./ServerInfo"
 export { ServerSpecs } from "./ServerSpecs"
 export { ServerStatus } from "./ServerStatus"
-export { ServiceInterfaceId } from "./ServiceInterfaceId"
 export { ServiceInterface } from "./ServiceInterface"
+export { ServiceInterfaceId } from "./ServiceInterfaceId"
 export { ServiceInterfaceType } from "./ServiceInterfaceType"
+export { Session } from "./Session"
 export { SessionList } from "./SessionList"
 export { Sessions } from "./Sessions"
-export { Session } from "./Session"
 export { SetDataVersionParams } from "./SetDataVersionParams"
 export { SetDependenciesParams } from "./SetDependenciesParams"
 export { SetHealth } from "./SetHealth"
 export { SetIconParams } from "./SetIconParams"
-export { SetMainStatusStatus } from "./SetMainStatusStatus"
 export { SetMainStatus } from "./SetMainStatus"
+export { SetMainStatusStatus } from "./SetMainStatusStatus"
 export { SetNameParams } from "./SetNameParams"
 export { SetStoreParams } from "./SetStoreParams"
 export { SetupExecuteParams } from "./SetupExecuteParams"
@@ -202,7 +202,7 @@ export { TestSmtpParams } from "./TestSmtpParams"
 export { UnsetInboundParams } from "./UnsetInboundParams"
 export { UpdatingState } from "./UpdatingState"
 export { VerifyCifsParams } from "./VerifyCifsParams"
-export { VersionSignerParams } from "./VersionSignerParams"
 export { Version } from "./Version"
+export { VersionSignerParams } from "./VersionSignerParams"
 export { VolumeId } from "./VolumeId"
 export { WifiInfo } from "./WifiInfo"
--- a/sdk/base/lib/types.ts
+++ b/sdk/base/lib/types.ts
@@ -207,3 +207,25 @@ export type DeepPartial<T> = T extends unknown[]
  : T extends {}
    ? { [P in keyof T]?: DeepPartial<T[P]> }
    : T
+
+export type DeepWritable<T> = {
+  -readonly [K in keyof T]: T[K]
+}
+
+export function writable<T>(value: T): DeepWritable<T> {
+  return value
+}
+
+export type DeepReadonly<T> = {
+  readonly [P in keyof T]: DeepReadonly<T[P]>
+}
+
+export function readonly<T>(value: T): DeepReadonly<T> {
+  return value
+}
+
+export type AllowReadonly<T> =
+  | T
+  | {
+      readonly [P in keyof T]: AllowReadonly<T[P]>
+    }
--- a/sdk/base/package-lock.json
+++ b/sdk/base/package-lock.json
@@ -13,7 +13,7 @@
        "deep-equality-data-structures": "^1.5.0",
        "isomorphic-fetch": "^3.0.0",
        "mime-types": "^3.0.1",
-        "ts-matches": "^6.2.1",
+        "ts-matches": "^6.3.2",
        "yaml": "^2.7.1"
      },
      "devDependencies": {
@@ -4636,9 +4636,9 @@
      }
    },
    "node_modules/ts-matches": {
-      "version": "6.2.1",
-      "resolved": "https://registry.npmjs.org/ts-matches/-/ts-matches-6.2.1.tgz",
-      "integrity": "sha512-qdnMgTHsGCEGGK6QiaNMY2vD9eQtRp2Q+pAxcOAzxHJKDKTBYsc1ISTg1zp8H2+EmtCB0eko/1TwYUA5/mUGug==",
+      "version": "6.3.2",
+      "resolved": "https://registry.npmjs.org/ts-matches/-/ts-matches-6.3.2.tgz",
+      "integrity": "sha512-UhSgJymF8cLd4y0vV29qlKVCkQpUtekAaujXbQVc729FezS8HwqzepqvtjzQ3HboatIqN/Idor85O2RMwT7lIQ==",
      "license": "MIT"
    },
    "node_modules/ts-morph": {
--- a/sdk/base/package.json
+++ b/sdk/base/package.json
@@ -26,7 +26,7 @@
    "@noble/hashes": "^1.7.2",
    "isomorphic-fetch": "^3.0.0",
    "mime-types": "^3.0.1",
-    "ts-matches": "^6.2.1",
+    "ts-matches": "^6.3.2",
    "yaml": "^2.7.1",
    "deep-equality-data-structures": "^1.5.0"
  },
--- a/sdk/package/lib/StartSdk.ts
+++ b/sdk/package/lib/StartSdk.ts
@@ -1170,7 +1170,7 @@ export async function runCommand<Manifest extends T.SDKManifest>(
      .catch(() => "{}")
      .then(JSON.parse)
    commands = imageMeta.entrypoint ?? []
-    commands.concat(...(command.overridCmd ?? imageMeta.cmd ?? []))
+    commands = commands.concat(...(command.overridCmd ?? imageMeta.cmd ?? []))
  } else commands = splitCommand(command)
  return SubContainer.withTemp(
    effects,
--- a/sdk/package/lib/health/checkFns/runHealthScript.ts
+++ b/sdk/package/lib/health/checkFns/runHealthScript.ts
@@ -21,7 +21,7 @@ export const runHealthScript = async <Manifest extends SDKManifest>(
  } = {},
 ): Promise<HealthCheckResult> => {
  const res = await Promise.race([
-    subcontainer.exec(runCommand),
+    subcontainer.execFail(runCommand),
    timeoutPromise(timeout),
  ]).catch((e) => {
    console.warn(errorMessage)
--- a/sdk/package/lib/mainFn/CommandController.ts
+++ b/sdk/package/lib/mainFn/CommandController.ts
@@ -42,6 +42,7 @@ export class CommandController<Manifest extends T.SDKManifest> extends Drop {
        onStderr?: (chunk: Buffer | string | any) => void
      },
    ) => {
+      try {
        let commands: string[]
        if (command instanceof T.UseEntrypoint) {
          const imageMeta: T.ImageMetadata = await fs
@@ -51,10 +52,11 @@ export class CommandController<Manifest extends T.SDKManifest> extends Drop {
            .catch(() => "{}")
            .then(JSON.parse)
          commands = imageMeta.entrypoint ?? []
-        commands.concat(...(command.overridCmd ?? imageMeta.cmd ?? []))
+          commands = commands.concat(
+            ...(command.overridCmd ?? imageMeta.cmd ?? []),
+          )
        } else commands = splitCommand(command)

-      try {
        let childProcess: cp.ChildProcess
        if (options.runAsInit) {
          childProcess = await subcontainer.launch(commands, {
@@ -111,10 +113,10 @@ export class CommandController<Manifest extends T.SDKManifest> extends Drop {
  get subContainerHandle() {
    return new SubContainerHandle(this.subcontainer)
  }
-  async wait({ timeout = NO_TIMEOUT } = {}) {
+  async wait({ timeout = NO_TIMEOUT, keepSubcontainer = false } = {}) {
    if (timeout > 0)
      setTimeout(() => {
-        this.term()
+        this.term({ keepSubcontainer })
      }, timeout)
    try {
      return await this.runningAnswer
@@ -122,10 +124,14 @@ export class CommandController<Manifest extends T.SDKManifest> extends Drop {
      if (!this.state.exited) {
        this.process.kill("SIGKILL")
      }
-      await this.subcontainer.destroy().catch((_) => {})
+      if (!keepSubcontainer) await this.subcontainer.destroy()
    }
  }
-  async term({ signal = SIGTERM, timeout = this.sigtermTimeout } = {}) {
+  async term({
+    signal = SIGTERM,
+    timeout = this.sigtermTimeout,
+    keepSubcontainer = false,
+  } = {}) {
    try {
      if (!this.state.exited) {
        if (signal !== "SIGKILL") {
@@ -142,10 +148,10 @@ export class CommandController<Manifest extends T.SDKManifest> extends Drop {

      await this.runningAnswer
    } finally {
-      await this.subcontainer.destroy()
+      if (!keepSubcontainer) await this.subcontainer.destroy()
    }
  }
  onDrop(): void {
-    this.term().catch(console.error)
+    this.term({ keepSubcontainer: true }).catch(console.error)
  }
 }
--- a/sdk/package/lib/mainFn/Daemon.ts
+++ b/sdk/package/lib/mainFn/Daemon.ts
@@ -21,7 +21,7 @@ export class Daemon<Manifest extends T.SDKManifest> {
    return this.commandController?.subContainerHandle
  }
  static of<Manifest extends T.SDKManifest>() {
-    return async <A extends string>(
+    return async (
      effects: T.Effects,
      subcontainer: SubContainer<Manifest>,
      command: T.CommandType,
@@ -54,17 +54,21 @@ export class Daemon<Manifest extends T.SDKManifest> {
    }
    this.shouldBeRunning = true
    let timeoutCounter = 0
-    new Promise(async () => {
+    ;(async () => {
      while (this.shouldBeRunning) {
        if (this.commandController)
-          await this.commandController.term().catch((err) => console.error(err))
+          await this.commandController
+            .term({ keepSubcontainer: true })
+            .catch((err) => console.error(err))
        this.commandController = await this.startCommand()
-        await this.commandController.wait().catch((err) => console.error(err))
+        await this.commandController
+          .wait({ keepSubcontainer: true })
+          .catch((err) => console.error(err))
        await new Promise((resolve) => setTimeout(resolve, timeoutCounter))
        timeoutCounter += TIMEOUT_INCREMENT_MS
-        timeoutCounter = Math.max(MAX_TIMEOUT_MS, timeoutCounter)
+        timeoutCounter = Math.min(MAX_TIMEOUT_MS, timeoutCounter)
      }
-    }).catch((err) => {
+    })().catch((err) => {
      console.error(asError(err))
    })
  }
--- a/sdk/package/lib/mainFn/Daemons.ts
+++ b/sdk/package/lib/mainFn/Daemons.ts
@@ -197,7 +197,7 @@ export class Daemons<Manifest extends T.SDKManifest, Ids extends string>

  async build() {
    for (const daemon of this.healthDaemons) {
-      await daemon.updateStatus()
+      await daemon.init()
    }
    for (const health of this.healthChecks) {
      health.start()
--- a/sdk/package/lib/mainFn/HealthDaemon.ts
+++ b/sdk/package/lib/mainFn/HealthDaemon.ts
@@ -169,4 +169,16 @@ export class HealthDaemon<Manifest extends SDKManifest> {
    const healths = this.dependencies.map((d) => d.running && d._health)
    this.changeRunning(healths.every((x) => x && x.result === "success"))
  }
+
+  async init() {
+    if (this.ready.display) {
+      this.effects.setHealth({
+        id: this.id,
+        message: null,
+        name: this.ready.display,
+        result: "starting",
+      })
+    }
+    await this.updateStatus()
+  }
 }
--- a/sdk/package/lib/util/Drop.ts
+++ b/sdk/package/lib/util/Drop.ts
@@ -10,9 +10,20 @@ export abstract class Drop {
  protected constructor() {
    this.id = Drop.idCtr++
    this.ref = { id: this.id }
-    Drop.weak[this.id] = this.weak()
-    Drop.registry.register(this, this.id, this)
+    const weak = this.weak()
+    Drop.weak[this.id] = weak
+    Drop.registry.register(this.ref, this.id, this.ref)
+
+    return new Proxy(this, {
+      set(target: any, prop, value) {
+        if (prop === "ref") return false
+        target[prop] = value
+        ;(weak as any)[prop] = value
+        return true
+      },
+    })
  }
+  protected register() {}
  protected weak(): this {
    const weak = Object.assign(Object.create(Object.getPrototypeOf(this)), this)
    weak.ref = new WeakRef(this.ref)
@@ -21,7 +32,7 @@ export abstract class Drop {
  abstract onDrop(): void
  drop(): void {
    this.onDrop()
-    Drop.registry.unregister(this)
+    Drop.registry.unregister(this.ref)
    delete Drop.weak[this.id]
  }
 }
--- a/sdk/package/lib/util/SubContainer.ts
+++ b/sdk/package/lib/util/SubContainer.ts
@@ -37,6 +37,11 @@ export interface ExecSpawnable {
    options?: CommandOptions & ExecOptions,
    timeoutMs?: number | null,
  ): Promise<ExecResults>
+  execFail(
+    command: string[],
+    options?: CommandOptions & ExecOptions,
+    timeoutMs?: number | null,
+  ): Promise<{ stdout: string | Buffer; stderr: string | Buffer }>
  spawn(
    command: string[],
    options?: CommandOptions & StdioOptions,
@@ -88,7 +93,9 @@ export class SubContainer<
                imageId: this.imageId,
                rootfs: this.rootfs,
              })
-              reject(new Error(`Failed to start subcontainer ${this.imageId}`))
+              return reject(
+                new Error(`Failed to start subcontainer ${this.imageId}`),
+              )
            }
            await wait(1)
          }
@@ -144,8 +151,9 @@ export class SubContainer<
      }

      return res
-    } finally {
+    } catch (e) {
      await res.destroy()
+      throw e
    }
  }

@@ -272,11 +280,13 @@ export class SubContainer<
  }

  onDrop(): void {
+    console.log(`Cleaning up dangling subcontainer ${this.guid}`)
    this.destroy()
  }

  /**
   * @description run a command inside this subcontainer
+   * DOES NOT THROW ON NONZERO EXIT CODE (see execFail)
   * @param commands an array representing the command and args to execute
   * @param options
   * @param timeoutMs how long to wait before killing the command in ms
@@ -287,6 +297,7 @@ export class SubContainer<
    options?: CommandOptions & ExecOptions,
    timeoutMs: number | null = 30000,
  ): Promise<{
+    throw: () => { stdout: string | Buffer; stderr: string | Buffer }
    exitCode: number | null
    exitSignal: NodeJS.Signals | null
    stdout: string | Buffer
@@ -367,16 +378,43 @@ export class SubContainer<
      child.stderr.on("data", appendData(stderr))
      child.on("exit", (code, signal) => {
        clearTimeout(killTimeout)
-        resolve({
+        const result = {
          exitCode: code,
          exitSignal: signal,
          stdout: stdout.data,
          stderr: stderr.data,
+        }
+        resolve({
+          throw: () =>
+            !code && !signal
+              ? { stdout: stdout.data, stderr: stderr.data }
+              : (() => {
+                  throw new ExitError(command[0], result)
+                })(),
+          ...result,
        })
      })
    })
  }

+  /**
+   * @description run a command inside this subcontainer, throwing on non-zero exit status
+   * @param commands an array representing the command and args to execute
+   * @param options
+   * @param timeoutMs how long to wait before killing the command in ms
+   * @returns
+   */
+  async execFail(
+    command: string[],
+    options?: CommandOptions & ExecOptions,
+    timeoutMs: number | null = 30000,
+  ): Promise<{
+    stdout: string | Buffer
+    stderr: string | Buffer
+  }> {
+    return this.exec(command, options, timeoutMs).then((res) => res.throw())
+  }
+
  async launch(
    command: string[],
    options?: CommandOptions,
@@ -478,6 +516,15 @@ export class SubContainerHandle implements ExecSpawnable {
  ): Promise<ExecResults> {
    return this.subContainer.exec(command, options, timeoutMs)
  }
+
+  execFail(
+    command: string[],
+    options?: CommandOptions & ExecOptions,
+    timeoutMs?: number | null,
+  ): Promise<{ stdout: string | Buffer; stderr: string | Buffer }> {
+    return this.subContainer.execFail(command, options, timeoutMs)
+  }
+
  spawn(
    command: string[],
    options: CommandOptions & StdioOptions = { stdio: "inherit" },
--- a/sdk/package/lib/util/fileHelper.ts
+++ b/sdk/package/lib/util/fileHelper.ts
@@ -234,7 +234,7 @@ export class FileHelper<A> {
  /**
   * Accepts full structured data and overwrites the existing file on disk if it exists.
   */
-  async write(effects: T.Effects, data: A) {
+  async write(effects: T.Effects, data: T.AllowReadonly<A> | A) {
    await this.writeFile(this.validate(data))
    if (effects.constRetry && this.consts.includes(effects.constRetry))
      throw new Error(`Canceled: write after const: ${this.path}`)
@@ -244,7 +244,7 @@ export class FileHelper<A> {
  /**
   * Accepts partial structured data and performs a merge with the existing file on disk.
   */
-  async merge(effects: T.Effects, data: T.DeepPartial<A>) {
+  async merge(effects: T.Effects, data: T.AllowReadonly<T.DeepPartial<A>>) {
    const fileDataRaw = await this.readFileRaw()
    let fileData: any = fileDataRaw === null ? null : this.readData(fileDataRaw)
    try {
--- a/sdk/package/package-lock.json
+++ b/sdk/package/package-lock.json
@@ -1,12 +1,12 @@
 {
  "name": "@start9labs/start-sdk",
-  "version": "0.4.0-beta.6",
+  "version": "0.4.0-beta.11",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "@start9labs/start-sdk",
-      "version": "0.4.0-beta.6",
+      "version": "0.4.0-beta.11",
      "license": "MIT",
      "dependencies": {
        "@iarna/toml": "^3.0.0",
@@ -16,7 +16,7 @@
        "ini": "^5.0.0",
        "isomorphic-fetch": "^3.0.0",
        "mime-types": "^3.0.1",
-        "ts-matches": "^6.2.1",
+        "ts-matches": "^6.3.2",
        "yaml": "^2.7.1"
      },
      "devDependencies": {
@@ -4820,9 +4820,9 @@
      }
    },
    "node_modules/ts-matches": {
-      "version": "6.2.1",
-      "resolved": "https://registry.npmjs.org/ts-matches/-/ts-matches-6.2.1.tgz",
-      "integrity": "sha512-qdnMgTHsGCEGGK6QiaNMY2vD9eQtRp2Q+pAxcOAzxHJKDKTBYsc1ISTg1zp8H2+EmtCB0eko/1TwYUA5/mUGug==",
+      "version": "6.3.2",
+      "resolved": "https://registry.npmjs.org/ts-matches/-/ts-matches-6.3.2.tgz",
+      "integrity": "sha512-UhSgJymF8cLd4y0vV29qlKVCkQpUtekAaujXbQVc729FezS8HwqzepqvtjzQ3HboatIqN/Idor85O2RMwT7lIQ==",
      "license": "MIT"
    },
    "node_modules/ts-morph": {
--- a/sdk/package/package.json
+++ b/sdk/package/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@start9labs/start-sdk",
-  "version": "0.4.0-beta.6",
+  "version": "0.4.0-beta.11",
  "description": "Software development kit to facilitate packaging services for StartOS",
  "main": "./package/lib/index.js",
  "types": "./package/lib/index.d.ts",
@@ -33,7 +33,7 @@
  "dependencies": {
    "isomorphic-fetch": "^3.0.0",
    "mime-types": "^3.0.1",
-    "ts-matches": "^6.2.1",
+    "ts-matches": "^6.3.2",
    "yaml": "^2.7.1",
    "deep-equality-data-structures": "^2.0.0",
    "ini": "^5.0.0",
--- a/web/README.md
+++ b/web/README.md
@@ -24,10 +24,10 @@ Additionally, there are two libraries for shared code:

 ```sh
 node --version
-v20.17.0
+v22.15.0

 npm --version
-v11.1.0
+v11.3.0
 ```

 #### Install and enable the Prettier extension for your text editor
--- a/web/package-lock.json
+++ b/web/package-lock.json
@@ -129,7 +129,7 @@
        "deep-equality-data-structures": "^1.5.0",
        "isomorphic-fetch": "^3.0.0",
        "mime-types": "^3.0.1",
-        "ts-matches": "^6.2.1",
+        "ts-matches": "^6.3.2",
        "yaml": "^2.7.1"
      },
      "devDependencies": {
--- a/web/projects/shared/src/i18n/dictionaries/pl.ts
+++ b/web/projects/shared/src/i18n/dictionaries/pl.ts
@@ -81,7 +81,7 @@ export default {
  78: 'Serwisy',
  79: 'Rejestr serwisów',
  80: 'Instalacja ręczna',
-  81: 'Aktualizacje',
+  81: 'Uaktualnienia',
  82: 'Metryki',
  83: 'Logi',
  84: 'Powiadomienia',
@@ -106,7 +106,7 @@ export default {
  103: 'Czy jesteś pewien?',
  104: 'Wybierz domenę',
  105: 'Lokalne',
-  106: 'Adresy lokalne są dostępne tylko dla urządzeń podłączonych do tej samej sieci LAN co Twój serwer, bezpośrednio lub przez VPN.',
+  106: 'Adresy lokalne są dostępne tylko dla urządzeń podłączonych do tej samej sieci LAN co twój serwer, bezpośrednio lub przez VPN.',
  107: 'Dowiedz się więcej',
  108: 'Publiczny',
  109: 'Prywatny',
@@ -152,7 +152,7 @@ export default {
  149: 'Serwisy z tego rejestru są tworzone i utrzymywane przez członków społeczności Start9. Instalujesz je na własne ryzyko. W przypadku problemów lub pytań skontaktuj się z twórcą pakietu.',
  150: 'Serwisy z tego rejestru są w fazie testów beta i mogą zawierać błędy. Instalujesz je na własne ryzyko.',
  151: 'Serwisy z tego rejestru są w fazie testów alfa. Mogą zawierać błędy i potencjalnie uszkodzić system. Instalujesz je na własne ryzyko.',
-  152: 'To jest rejestr niestandardowy. Start9 nie może zweryfikować integralności ani funkcjonalności serwisów z tego rejestru, a mogą one uszkodzić Twój system. Instalujesz je na własne ryzyko.',
+  152: 'To jest rejestr niestandardowy. Start9 nie może zweryfikować integralności ani funkcjonalności serwisów z tego rejestru, a mogą one uszkodzić twój system. Instalujesz je na własne ryzyko.',
  153: 'Rejestry domyślne',
  154: 'Rejestry niestandardowe',
  155: 'Dodaj niestandardowy rejestr',
@@ -238,7 +238,7 @@ export default {
  235: 'Oczekiwanie na wynik',
  236: 'Uruchamianie',
  237: 'Sukces',
-  238: 'Kontrole stanu',
+  238: 'Kontrola stanu',
  239: 'Brak kontroli stanu',
  240: 'Nazwa',
  241: 'Status',
@@ -249,8 +249,8 @@ export default {
  246: 'Zobacz poniżej',
  247: 'Sterowanie',
  248: 'Brak zainstalowanych serwisów',
-  249: 'Uruchomiona',
-  250: 'Zatrzymana',
+  249: 'Uruchomiony',
+  250: 'Zatrzymany',
  251: 'Wymagane zadanie',
  252: 'Aktualizowanie',
  253: 'Zatrzymywanie',
@@ -323,7 +323,7 @@ export default {
  320: 'Utwórz kopię zapasową StartOS i danych serwisów, łącząc się z urządzeniem w sieci lokalnej lub z fizycznym dyskiem podłączonym do Twojego serwera.',
  321: 'Przywróć StartOS i dane serwisów z urządzenia w sieci lokalnej lub z fizycznego dysku podłączonego do Twojego serwera, który zawiera istniejącą kopię zapasową.',
  322: 'Ostatnia kopia zapasowa',
-  323: 'Folder na innym komputerze, który jest podłączony do tej samej sieci co Twój serwer Start9.',
+  323: 'Folder na innym komputerze, który jest podłączony do tej samej sieci co twój serwer Start9.',
  324: 'Fizyczny dysk, który jest podłączony bezpośrednio do Twojego serwera Start9.',
  325: 'Wybierz serwisy do kopii zapasowej',
  326: 'Wybierz kopię zapasową serwera',
@@ -344,9 +344,9 @@ export default {
  341: 'Hash pakietu',
  342: 'Opublikowano',
  343: 'Nowy folder sieciowy',
-  344: 'Aktualizuj folder sieciowy',
+  344: 'Uaktualnij folder sieciowy',
  345: 'Testowanie połączenia z folderem współdzielonym',
-  346: 'Upewnij się, że (1) komputer docelowy jest podłączony do tej samej sieci LAN co Twój serwer Start9, (2) folder docelowy jest udostępniany i (3) nazwa hosta, ścieżka i dane logowania są poprawne.',
+  346: 'Upewnij się, że (1) komputer docelowy jest podłączony do tej samej sieci LAN co twój serwer Start9, (2) folder docelowy jest udostępniany i (3) nazwa hosta, ścieżka i dane logowania są poprawne.',
  347: 'Nie można połączyć',
  348: 'Folder sieciowy nie zawiera prawidłowej kopii zapasowej',
  349: 'Połącz',
@@ -450,7 +450,7 @@ export default {
  447: 'Nie podjęto próby',
  448: 'Niepowodzenie',
  449: 'Powodzenie',
-  450: 'Uruchom ponownie serwer, aby te aktualizacje zostały zastosowane. Może to potrwać kilka minut, zanim będzie ponownie dostępny.',
+  450: 'Uruchom ponownie serwer, aby zastosować aktualizacje. Ponowne uruchomienie może potrwać kilka minut, zanim serwer będzie ponownie dostępny',
  451: 'Pobieranie StartOS zakończone',
  452: 'Wykryto nieznany dysk magazynujący',
  453: 'Aby użyć innego dysku magazynującego, wymień obecny i kliknij URUCHOM PONOWNIE SERWER poniżej. Aby użyć obecnego dysku, kliknij UŻYJ OBECNEGO DYSKU poniżej, a następnie postępuj zgodnie z instrukcjami. Żadne dane nie zostaną usunięte podczas tego procesu.',