diff --git a/.github/workflows/startos-iso.yaml b/.github/workflows/startos-iso.yaml index 3732ac863..d862fc109 100644 --- a/.github/workflows/startos-iso.yaml +++ b/.github/workflows/startos-iso.yaml @@ -28,6 +28,7 @@ on: - aarch64 - aarch64-nonfree - raspberrypi + - riscv64 deploy: type: choice description: Deploy @@ -45,7 +46,7 @@ on: - next/* env: - NODEJS_VERSION: "22.17.1" + NODEJS_VERSION: "24.11.0" ENVIRONMENT: '${{ fromJson(format(''["{0}", ""]'', github.event.inputs.environment || ''dev''))[github.event.inputs.environment == ''NONE''] }}' jobs: @@ -62,6 +63,7 @@ jobs: "aarch64": ["aarch64"], "aarch64-nonfree": ["aarch64"], "raspberrypi": ["aarch64"], + "riscv64": ["riscv64"], "ALL": ["x86_64", "aarch64"] }')[github.event.inputs.platform || 'ALL'] }} @@ -139,6 +141,7 @@ jobs: "aarch64": "buildjet-8vcpu-ubuntu-2204-arm", "aarch64-nonfree": "buildjet-8vcpu-ubuntu-2204-arm", "raspberrypi": "buildjet-8vcpu-ubuntu-2204-arm", + "riscv64": "buildjet-8vcpu-ubuntu-2204", }')[matrix.platform] ) )[github.event.inputs.runner == 'fast'] @@ -152,6 +155,7 @@ jobs: "aarch64": "aarch64", "aarch64-nonfree": "aarch64", "raspberrypi": "aarch64", + "riscv64": "riscv64", }')[matrix.platform] }} steps: diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 7781a60ba..81b75975c 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -11,7 +11,7 @@ on: - next/* env: - NODEJS_VERSION: "22.17.1" + NODEJS_VERSION: "24.11.0" ENVIRONMENT: dev-unstable jobs: diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md index 3e0029a0f..b56d1756a 100644 --- a/DEVELOPMENT.md +++ b/DEVELOPMENT.md @@ -25,9 +25,9 @@ docker buildx create --use curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh # proceed with default installation curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/master/install.sh | bash source ~/.bashrc -nvm install 22 -nvm use 22 -nvm alias default 22 # this prevents your machine from reverting back to another version +nvm install 24 +nvm use 24 +nvm alias default 24 # this prevents your machine from reverting back to another version ``` ## Cloning the repository diff --git a/Makefile b/Makefile index a7a421112..b437810a9 100644 --- a/Makefile +++ b/Makefile @@ -8,6 +8,7 @@ VERSION_FILE := $(shell ./check-version.sh) BASENAME := $(shell PROJECT=startos ./basename.sh) PLATFORM := $(shell if [ -f ./PLATFORM.txt ]; then cat ./PLATFORM.txt; else echo unknown; fi) ARCH := $(shell if [ "$(PLATFORM)" = "raspberrypi" ]; then echo aarch64; else echo $(PLATFORM) | sed 's/-nonfree$$//g'; fi) +RUST_ARCH := $(shell if [ "$(ARCH)" = "riscv64" ]; then echo riscv64gc; else echo $(ARCH); fi) REGISTRY_BASENAME := $(shell PROJECT=start-registry PLATFORM=$(ARCH) ./basename.sh) TUNNEL_BASENAME := $(shell PROJECT=start-tunnel PLATFORM=$(ARCH) ./basename.sh) IMAGE_TYPE=$(shell if [ "$(PLATFORM)" = raspberrypi ]; then echo img; else echo iso; fi) @@ -26,19 +27,19 @@ WEB_START_TUNNEL_SRC := $(call ls-files, web/projects/start-tunnel) PATCH_DB_CLIENT_SRC := $(shell git ls-files --recurse-submodules patch-db/client) GZIP_BIN := $(shell which pigz || which gzip) TAR_BIN := $(shell which gtar || which tar) -COMPILED_TARGETS := core/target/$(ARCH)-unknown-linux-musl/$(PROFILE)/startbox core/target/$(ARCH)-unknown-linux-musl/release/containerbox container-runtime/rootfs.$(ARCH).squashfs -STARTOS_TARGETS := $(STARTD_SRC) $(ENVIRONMENT_FILE) $(GIT_HASH_FILE) $(VERSION_FILE) $(COMPILED_TARGETS) cargo-deps/$(ARCH)-unknown-linux-musl/release/startos-backup-fs $(PLATFORM_FILE) \ +COMPILED_TARGETS := core/target/$(RUST_ARCH)-unknown-linux-musl/$(PROFILE)/startbox core/target/$(RUST_ARCH)-unknown-linux-musl/release/containerbox container-runtime/rootfs.$(ARCH).squashfs +STARTOS_TARGETS := $(STARTD_SRC) $(ENVIRONMENT_FILE) $(GIT_HASH_FILE) $(VERSION_FILE) $(COMPILED_TARGETS) cargo-deps/$(RUST_ARCH)-unknown-linux-musl/release/startos-backup-fs $(PLATFORM_FILE) \ $(shell if [ "$(PLATFORM)" = "raspberrypi" ]; then \ echo cargo-deps/aarch64-unknown-linux-musl/release/pi-beep; \ fi) \ $(shell /bin/bash -c 'if [[ "${ENVIRONMENT}" =~ (^|-)unstable($$|-) ]]; then \ - echo cargo-deps/$(ARCH)-unknown-linux-musl/release/flamegraph; \ + echo cargo-deps/$(RUST_ARCH)-unknown-linux-musl/release/flamegraph; \ fi') \ $(shell /bin/bash -c 'if [[ "${ENVIRONMENT}" =~ (^|-)console($$|-) ]]; then \ - echo cargo-deps/$(ARCH)-unknown-linux-musl/release/tokio-console; \ + echo cargo-deps/$(RUST_ARCH)-unknown-linux-musl/release/tokio-console; \ fi') -REGISTRY_TARGETS := core/target/$(ARCH)-unknown-linux-musl/$(PROFILE)/registrybox core/startos/start-registryd.service -TUNNEL_TARGETS := core/target/$(ARCH)-unknown-linux-musl/$(PROFILE)/tunnelbox core/startos/start-tunneld.service +REGISTRY_TARGETS := core/target/$(RUST_ARCH)-unknown-linux-musl/$(PROFILE)/registrybox core/startos/start-registryd.service +TUNNEL_TARGETS := core/target/$(RUST_ARCH)-unknown-linux-musl/$(PROFILE)/tunnelbox core/startos/start-tunneld.service REBUILD_TYPES = 1 ifeq ($(REMOTE),) @@ -115,25 +116,25 @@ test-container-runtime: container-runtime/node_modules/.package-lock.json $(call cli: ./core/install-cli.sh -registry: core/target/$(ARCH)-unknown-linux-musl/$(PROFILE)/registrybox +registry: core/target/$(RUST_ARCH)-unknown-linux-musl/$(PROFILE)/registrybox install-registry: $(REGISTRY_TARGETS) $(call mkdir,$(DESTDIR)/usr/bin) - $(call cp,core/target/$(ARCH)-unknown-linux-musl/$(PROFILE)/registrybox,$(DESTDIR)/usr/bin/start-registrybox) + $(call cp,core/target/$(RUST_ARCH)-unknown-linux-musl/$(PROFILE)/registrybox,$(DESTDIR)/usr/bin/start-registrybox) $(call ln,/usr/bin/start-registrybox,$(DESTDIR)/usr/bin/start-registryd) $(call ln,/usr/bin/start-registrybox,$(DESTDIR)/usr/bin/start-registry) $(call mkdir,$(DESTDIR)/lib/systemd/system) $(call cp,core/startos/start-registryd.service,$(DESTDIR)/lib/systemd/system/start-registryd.service) -core/target/$(ARCH)-unknown-linux-musl/$(PROFILE)/registrybox: $(CORE_SRC) $(ENVIRONMENT_FILE) +core/target/$(RUST_ARCH)-unknown-linux-musl/$(PROFILE)/registrybox: $(CORE_SRC) $(ENVIRONMENT_FILE) ARCH=$(ARCH) PROFILE=$(PROFILE) ./core/build-registrybox.sh -tunnel: core/target/$(ARCH)-unknown-linux-musl/$(PROFILE)/tunnelbox +tunnel: core/target/$(RUST_ARCH)-unknown-linux-musl/$(PROFILE)/tunnelbox -install-tunnel: core/target/$(ARCH)-unknown-linux-musl/$(PROFILE)/tunnelbox core/startos/start-tunneld.service +install-tunnel: core/target/$(RUST_ARCH)-unknown-linux-musl/$(PROFILE)/tunnelbox core/startos/start-tunneld.service $(call mkdir,$(DESTDIR)/usr/bin) - $(call cp,core/target/$(ARCH)-unknown-linux-musl/$(PROFILE)/tunnelbox,$(DESTDIR)/usr/bin/start-tunnelbox) + $(call cp,core/target/$(RUST_ARCH)-unknown-linux-musl/$(PROFILE)/tunnelbox,$(DESTDIR)/usr/bin/start-tunnelbox) $(call ln,/usr/bin/start-tunnelbox,$(DESTDIR)/usr/bin/start-tunneld) $(call ln,/usr/bin/start-tunnelbox,$(DESTDIR)/usr/bin/start-tunnel) @@ -143,7 +144,7 @@ install-tunnel: core/target/$(ARCH)-unknown-linux-musl/$(PROFILE)/tunnelbox core $(call mkdir,$(DESTDIR)/usr/lib/startos/scripts) $(call cp,build/lib/scripts/forward-port,$(DESTDIR)/usr/lib/startos/scripts/forward-port) -core/target/$(ARCH)-unknown-linux-musl/$(PROFILE)/tunnelbox: $(CORE_SRC) $(ENVIRONMENT_FILE) web/dist/static/start-tunnel/index.html +core/target/$(RUST_ARCH)-unknown-linux-musl/$(PROFILE)/tunnelbox: $(CORE_SRC) $(ENVIRONMENT_FILE) $(GIT_HASH_FILE) web/dist/static/start-tunnel/index.html ARCH=$(ARCH) PROFILE=$(PROFILE) ./core/build-tunnelbox.sh deb: results/$(BASENAME).deb @@ -169,20 +170,20 @@ results/$(BASENAME).$(IMAGE_TYPE) results/$(BASENAME).squashfs: $(IMAGE_RECIPE_S ./image-recipe/run-local-build.sh "results/$(BASENAME).deb" # For creating os images. DO NOT USE -install: $(STARTOS_TARGETS) +install: $(STARTOS_TARGETS) $(call mkdir,$(DESTDIR)/usr/bin) $(call mkdir,$(DESTDIR)/usr/sbin) - $(call cp,core/target/$(ARCH)-unknown-linux-musl/$(PROFILE)/startbox,$(DESTDIR)/usr/bin/startbox) + $(call cp,core/target/$(RUST_ARCH)-unknown-linux-musl/$(PROFILE)/startbox,$(DESTDIR)/usr/bin/startbox) $(call ln,/usr/bin/startbox,$(DESTDIR)/usr/bin/startd) $(call ln,/usr/bin/startbox,$(DESTDIR)/usr/bin/start-cli) if [ "$(PLATFORM)" = "raspberrypi" ]; then $(call cp,cargo-deps/aarch64-unknown-linux-musl/release/pi-beep,$(DESTDIR)/usr/bin/pi-beep); fi if /bin/bash -c '[[ "${ENVIRONMENT}" =~ (^|-)unstable($$|-) ]]'; then \ - $(call cp,cargo-deps/$(ARCH)-unknown-linux-musl/release/flamegraph,$(DESTDIR)/usr/bin/flamegraph); \ + $(call cp,cargo-deps/$(RUST_ARCH)-unknown-linux-musl/release/flamegraph,$(DESTDIR)/usr/bin/flamegraph); \ fi if /bin/bash -c '[[ "${ENVIRONMENT}" =~ (^|-)console($$|-) ]]'; then \ - $(call cp,cargo-deps/$(ARCH)-unknown-linux-musl/release/tokio-console,$(DESTDIR)/usr/bin/tokio-console); \ + $(call cp,cargo-deps/$(RUST_ARCH)-unknown-linux-musl/release/tokio-console,$(DESTDIR)/usr/bin/tokio-console); \ fi - $(call cp,cargo-deps/$(ARCH)-unknown-linux-musl/release/startos-backup-fs,$(DESTDIR)/usr/bin/startos-backup-fs) + $(call cp,cargo-deps/$(RUST_ARCH)-unknown-linux-musl/release/startos-backup-fs,$(DESTDIR)/usr/bin/startos-backup-fs) $(call ln,/usr/bin/startos-backup-fs,$(DESTDIR)/usr/sbin/mount.backup-fs) $(call mkdir,$(DESTDIR)/lib/systemd/system) @@ -210,10 +211,10 @@ update-overlay: $(STARTOS_TARGETS) $(MAKE) install REMOTE=$(REMOTE) SSHPASS=$(SSHPASS) PLATFORM=$(PLATFORM) $(call ssh,"sudo systemctl start startd") -wormhole: core/target/$(ARCH)-unknown-linux-musl/$(PROFILE)/startbox +wormhole: core/target/$(RUST_ARCH)-unknown-linux-musl/$(PROFILE)/startbox @echo "Paste the following command into the shell of your StartOS server:" @echo - @wormhole send core/target/$(ARCH)-unknown-linux-musl/$(PROFILE)/startbox 2>&1 | awk -Winteractive '/wormhole receive/ { printf "sudo /usr/lib/startos/scripts/chroot-and-upgrade \"cd /usr/bin && rm startbox && wormhole receive --accept-file %s && chmod +x startbox\"\n", $$3 }' + @wormhole send core/target/$(RUST_ARCH)-unknown-linux-musl/$(PROFILE)/startbox 2>&1 | awk -Winteractive '/wormhole receive/ { printf "sudo /usr/lib/startos/scripts/chroot-and-upgrade \"cd /usr/bin && rm startbox && wormhole receive --accept-file %s && chmod +x startbox\"\n", $$3 }' wormhole-deb: results/$(BASENAME).deb @echo "Paste the following command into the shell of your StartOS server:" @@ -233,10 +234,10 @@ update: $(STARTOS_TARGETS) $(MAKE) install REMOTE=$(REMOTE) SSHPASS=$(SSHPASS) DESTDIR=/media/startos/next PLATFORM=$(PLATFORM) $(call ssh,'sudo /media/startos/next/usr/lib/startos/scripts/chroot-and-upgrade --no-sync "apt-get install -y $(shell cat ./build/lib/depends)"') -update-startbox: core/target/$(ARCH)-unknown-linux-musl/$(PROFILE)/startbox # only update binary (faster than full update) +update-startbox: core/target/$(RUST_ARCH)-unknown-linux-musl/$(PROFILE)/startbox # only update binary (faster than full update) @if [ -z "$(REMOTE)" ]; then >&2 echo "Must specify REMOTE" && false; fi $(call ssh,'sudo /usr/lib/startos/scripts/chroot-and-upgrade --create') - $(call cp,core/target/$(ARCH)-unknown-linux-musl/$(PROFILE)/startbox,/media/startos/next/usr/bin/startbox) + $(call cp,core/target/$(RUST_ARCH)-unknown-linux-musl/$(PROFILE)/startbox,/media/startos/next/usr/bin/startbox) $(call ssh,'sudo /media/startos/next/usr/lib/startos/scripts/chroot-and-upgrade --no-sync true') update-deb: results/$(BASENAME).deb # better than update, but only available from debian @@ -301,7 +302,7 @@ container-runtime/dist/node_modules/.package-lock.json container-runtime/dist/pa ./container-runtime/install-dist-deps.sh touch container-runtime/dist/node_modules/.package-lock.json -container-runtime/rootfs.$(ARCH).squashfs: container-runtime/debian.$(ARCH).squashfs container-runtime/container-runtime.service container-runtime/update-image.sh container-runtime/deb-install.sh container-runtime/dist/index.js container-runtime/dist/node_modules/.package-lock.json core/target/$(ARCH)-unknown-linux-musl/release/containerbox +container-runtime/rootfs.$(ARCH).squashfs: container-runtime/debian.$(ARCH).squashfs container-runtime/container-runtime.service container-runtime/update-image.sh container-runtime/deb-install.sh container-runtime/dist/index.js container-runtime/dist/node_modules/.package-lock.json core/target/$(RUST_ARCH)-unknown-linux-musl/release/containerbox ARCH=$(ARCH) REQUIRES=linux ./build/os-compat/run-compat.sh ./container-runtime/update-image.sh build/lib/depends build/lib/conflicts: $(ENVIRONMENT_FILE) $(PLATFORM_FILE) $(shell ls build/dpkg-deps/*) @@ -310,13 +311,13 @@ build/lib/depends build/lib/conflicts: $(ENVIRONMENT_FILE) $(PLATFORM_FILE) $(sh $(FIRMWARE_ROMS): build/lib/firmware.json download-firmware.sh $(PLATFORM_FILE) ./download-firmware.sh $(PLATFORM) -core/target/$(ARCH)-unknown-linux-musl/$(PROFILE)/startbox: $(CORE_SRC) $(COMPRESSED_WEB_UIS) web/patchdb-ui-seed.json $(ENVIRONMENT_FILE) +core/target/$(RUST_ARCH)-unknown-linux-musl/$(PROFILE)/startbox: $(CORE_SRC) $(COMPRESSED_WEB_UIS) web/patchdb-ui-seed.json $(ENVIRONMENT_FILE) ARCH=$(ARCH) PROFILE=$(PROFILE) ./core/build-startbox.sh - touch core/target/$(ARCH)-unknown-linux-musl/$(PROFILE)/startbox + touch core/target/$(RUST_ARCH)-unknown-linux-musl/$(PROFILE)/startbox -core/target/$(ARCH)-unknown-linux-musl/release/containerbox: $(CORE_SRC) $(ENVIRONMENT_FILE) +core/target/$(RUST_ARCH)-unknown-linux-musl/release/containerbox: $(CORE_SRC) $(ENVIRONMENT_FILE) ARCH=$(ARCH) ./core/build-containerbox.sh - touch core/target/$(ARCH)-unknown-linux-musl/release/containerbox + touch core/target/$(RUST_ARCH)-unknown-linux-musl/release/containerbox web/package-lock.json: web/package.json sdk/baseDist/package.json npm --prefix web i @@ -375,11 +376,11 @@ ui: web/dist/raw/ui cargo-deps/aarch64-unknown-linux-musl/release/pi-beep: ARCH=aarch64 ./build-cargo-dep.sh pi-beep -cargo-deps/$(ARCH)-unknown-linux-musl/release/tokio-console: +cargo-deps/$(RUST_ARCH)-unknown-linux-musl/release/tokio-console: ARCH=$(ARCH) PREINSTALL="apk add musl-dev pkgconfig" ./build-cargo-dep.sh tokio-console -cargo-deps/$(ARCH)-unknown-linux-musl/release/startos-backup-fs: +cargo-deps/$(RUST_ARCH)-unknown-linux-musl/release/startos-backup-fs: ARCH=$(ARCH) PREINSTALL="apk add fuse3 fuse3-dev fuse3-static musl-dev pkgconfig" ./build-cargo-dep.sh --git https://github.com/Start9Labs/start-fs.git startos-backup-fs -cargo-deps/$(ARCH)-unknown-linux-musl/release/flamegraph: +cargo-deps/$(RUST_ARCH)-unknown-linux-musl/release/flamegraph: ARCH=$(ARCH) PREINSTALL="apk add musl-dev pkgconfig" ./build-cargo-dep.sh flamegraph \ No newline at end of file diff --git a/container-runtime/deb-install.sh b/container-runtime/deb-install.sh index 688bd1003..0668b0c22 100644 --- a/container-runtime/deb-install.sh +++ b/container-runtime/deb-install.sh @@ -2,17 +2,11 @@ set -e - mkdir -p /run/systemd/resolve echo "nameserver 8.8.8.8" > /run/systemd/resolve/stub-resolv.conf apt-get update -apt-get install -y curl rsync qemu-user-static - -curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash -source ~/.bashrc -nvm install 22 -ln -s $(which node) /usr/bin/node +apt-get install -y curl rsync qemu-user-static nodejs sed -i '/\(^\|#\)DNSStubListener=/c\DNSStubListener=no' /etc/systemd/resolved.conf sed -i '/\(^\|#\)Storage=/c\Storage=persistent' /etc/systemd/journald.conf @@ -24,5 +18,5 @@ systemctl enable container-runtime.service rm -rf /run/systemd -rm /etc/resolv.conf +rm -f /etc/resolv.conf echo "nameserver 10.0.3.1" > /etc/resolv.conf \ No newline at end of file diff --git a/container-runtime/download-base-image.sh b/container-runtime/download-base-image.sh index c3ed51b64..dc02fac12 100755 --- a/container-runtime/download-base-image.sh +++ b/container-runtime/download-base-image.sh @@ -3,7 +3,7 @@ cd "$(dirname "${BASH_SOURCE[0]}")" set -e DISTRO=debian -VERSION=bookworm +VERSION=trixie ARCH=${ARCH:-$(uname -m)} FLAVOR=default diff --git a/container-runtime/package-lock.json b/container-runtime/package-lock.json index 9da622448..8f2bc713f 100644 --- a/container-runtime/package-lock.json +++ b/container-runtime/package-lock.json @@ -110,6 +110,7 @@ "integrity": "sha512-l+lkXCHS6tQEc5oUpK28xBOZ6+HwaH7YwoYQbLFiYb4nS2/l1tKnZEtEWkD0GuiYdvArf9qBS0XlQGXzPMsNqQ==", "dev": true, "license": "MIT", + "peer": true, "dependencies": { "@ampproject/remapping": "^2.2.0", "@babel/code-frame": "^7.26.2", @@ -1200,6 +1201,7 @@ "dev": true, "hasInstallScript": true, "license": "Apache-2.0", + "peer": true, "dependencies": { "@swc/counter": "^0.1.3", "@swc/types": "^0.1.17" @@ -2143,6 +2145,7 @@ } ], "license": "MIT", + "peer": true, "dependencies": { "caniuse-lite": "^1.0.30001688", "electron-to-chromium": "^1.5.73", @@ -3990,6 +3993,7 @@ "integrity": "sha512-NIy3oAFp9shda19hy4HK0HRTWKtPJmGdnvywu01nOqNC2vZg+Z+fvJDxpMQA88eb2I9EcafcdjYgsDthnYTvGw==", "dev": true, "license": "MIT", + "peer": true, "dependencies": { "@jest/core": "^29.7.0", "@jest/types": "^29.6.3", @@ -6556,6 +6560,7 @@ "integrity": "sha512-84MVSjMEHP+FQRPy3pX9sTVV/INIex71s9TL2Gm5FG/WG1SqXeKyZ0k7/blY/4FdOzI12CBy1vGc4og/eus0fw==", "dev": true, "license": "Apache-2.0", + "peer": true, "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" diff --git a/container-runtime/update-image.sh b/container-runtime/update-image.sh index 0a8ca4ec9..287117f46 100755 --- a/container-runtime/update-image.sh +++ b/container-runtime/update-image.sh @@ -4,6 +4,11 @@ cd "$(dirname "${BASH_SOURCE[0]}")" set -e +RUST_ARCH="$ARCH" +if [ "$ARCH" = "riscv64" ]; then + RUST_ARCH="riscv64gc" +fi + if mountpoint -q tmp/combined; then sudo umount -R tmp/combined; fi if mountpoint -q tmp/lower; then sudo umount tmp/lower; fi sudo rm -rf tmp @@ -39,7 +44,7 @@ sudo cp container-runtime.service tmp/combined/lib/systemd/system/container-runt sudo chown 0:0 tmp/combined/lib/systemd/system/container-runtime.service sudo cp container-runtime-failure.service tmp/combined/lib/systemd/system/container-runtime-failure.service sudo chown 0:0 tmp/combined/lib/systemd/system/container-runtime-failure.service -sudo cp ../core/target/$ARCH-unknown-linux-musl/release/containerbox tmp/combined/usr/bin/start-container +sudo cp ../core/target/${RUST_ARCH}-unknown-linux-musl/release/containerbox tmp/combined/usr/bin/start-container echo -e '#!/bin/bash\nexec start-container "$@"' | sudo tee tmp/combined/usr/bin/start-cli # TODO: remove sudo chmod +x tmp/combined/usr/bin/start-cli sudo chown 0:0 tmp/combined/usr/bin/start-container diff --git a/core/Cargo.lock b/core/Cargo.lock index 9bc7d3cb3..6475294c7 100644 --- a/core/Cargo.lock +++ b/core/Cargo.lock @@ -7888,6 +7888,7 @@ dependencies = [ "async-compression", "async-stream", "async-trait", + "aws-lc-sys", "axum 0.8.6", "backtrace-on-stack-overflow", "barrage", diff --git a/core/Cross.toml b/core/Cross.toml new file mode 100644 index 000000000..baab9aecd --- /dev/null +++ b/core/Cross.toml @@ -0,0 +1,16 @@ +# Cross configuration for building the workflow runner for VM targets +# Reference: https://github.com/cross-rs/cross +# [build.env] +# passthrough = [ +# "BINDGEN_EXTRA_CLANG_ARGS", +# "BINDGEN_EXTRA_CLANG_ARGS=-I/usr/lib/llvm-13/lib/clang/13.0.0/include", +# ] + +# [build] +# pre-build = [ +# "apt-get update && apt-get install --assume-yes protobuf-compiler libclang-dev clang build-essential", +# "cargo install --force --locked bindgen-cli", +# "dpkg --add-architecture $CROSS_DEB_ARCH", +# "update-alternatives --install /usr/bin/c++ c++ /usr/bin/clang++ 100", +# "update-alternatives --install /usr/bin/cc cc /usr/bin/clang 100", +# ] diff --git a/core/build-cli.sh b/core/build-cli.sh index bc70c2983..2314298d9 100755 --- a/core/build-cli.sh +++ b/core/build-cli.sh @@ -27,11 +27,6 @@ if [ -z "${TARGET:-}" ]; then fi fi -USE_TTY= -if tty -s; then - USE_TTY="-it" -fi - cd .. # Ensure GIT_HASH.txt exists if not created by higher-level build steps @@ -50,15 +45,6 @@ if [[ "${ENVIRONMENT:-}" =~ (^|-)console($|-) ]]; then RUSTFLAGS="--cfg tokio_unstable" fi -if command -v zig >/dev/null 2>&1 && [ "${ENFORCE_USE_DOCKER:-0}" != "1" ]; then - echo "FEATURES=\"$FEATURES\"" - echo "RUSTFLAGS=\"$RUSTFLAGS\"" - RUSTFLAGS=$RUSTFLAGS sh -c "cd core && cargo zigbuild --release --no-default-features --features $FEATURE_ARGS --locked --bin start-cli --target=$TARGET" -else - alias 'rust-zig-builder'='docker run '"$USE_TTY"' --rm -e "RUSTFLAGS=$RUSTFLAGS" -v "$HOME/.cargo/registry":/root/.cargo/registry -v "$HOME/.cargo/git":/root/.cargo/git -v "$(pwd)":/home/rust/src -w /home/rust/src -P messense/cargo-zigbuild' - RUSTFLAGS=$RUSTFLAGS rust-zig-builder sh -c "cd core && cargo zigbuild --release --no-default-features --features $FEATURE_ARGS --locked --bin start-cli --target=$TARGET" - - if [ "$(ls -nd "core/target/$TARGET/release/start-cli" | awk '{ print $3 }')" != "$UID" ]; then - rust-zig-builder sh -c "cd core && chown -R $UID:$UID target && chown -R $UID:$UID /root/.cargo" - fi -fi \ No newline at end of file +echo "FEATURES=\"$FEATURES\"" +echo "RUSTFLAGS=\"$RUSTFLAGS\"" +cross build --manifest-path=./core/Cargo.toml --release --no-default-features --features $FEATURE_ARGS --locked --bin start-cli --target=$TARGET \ No newline at end of file diff --git a/core/build-containerbox.sh b/core/build-containerbox.sh index b3899097f..f2003940e 100755 --- a/core/build-containerbox.sh +++ b/core/build-containerbox.sh @@ -13,9 +13,9 @@ if [ "$ARCH" = "arm64" ]; then ARCH="aarch64" fi -USE_TTY= -if tty -s; then - USE_TTY="-it" +RUST_ARCH="$ARCH" +if [ "$ARCH" = "riscv64" ]; then + RUST_ARCH="riscv64gc" fi cd .. @@ -26,11 +26,6 @@ if [[ "${ENVIRONMENT}" =~ (^|-)console($|-) ]]; then RUSTFLAGS="--cfg tokio_unstable" fi -source ./core/builder-alias.sh - echo "FEATURES=\"$FEATURES\"" echo "RUSTFLAGS=\"$RUSTFLAGS\"" -rust-musl-builder sh -c "cd core && cargo build --release --no-default-features --features cli-container,$FEATURES --locked --bin containerbox --target=$ARCH-unknown-linux-musl" -if [ "$(ls -nd core/target/$ARCH-unknown-linux-musl/release/containerbox | awk '{ print $3 }')" != "$UID" ]; then - rust-musl-builder sh -c "cd core && chown -R $UID:$UID target && chown -R $UID:$UID /root/.cargo" -fi \ No newline at end of file +cross build --manifest-path=./core/Cargo.toml --release --no-default-features --features cli-container,$FEATURES --locked --bin containerbox --target=$RUST_ARCH-unknown-linux-musl \ No newline at end of file diff --git a/core/build-registrybox.sh b/core/build-registrybox.sh index 4550a5043..f95bb8ceb 100755 --- a/core/build-registrybox.sh +++ b/core/build-registrybox.sh @@ -13,9 +13,9 @@ if [ "$ARCH" = "arm64" ]; then ARCH="aarch64" fi -USE_TTY= -if tty -s; then - USE_TTY="-it" +RUST_ARCH="$ARCH" +if [ "$ARCH" = "riscv64" ]; then + RUST_ARCH="riscv64gc" fi cd .. @@ -26,11 +26,6 @@ if [[ "${ENVIRONMENT}" =~ (^|-)console($|-) ]]; then RUSTFLAGS="--cfg tokio_unstable" fi -source ./core/builder-alias.sh - echo "FEATURES=\"$FEATURES\"" echo "RUSTFLAGS=\"$RUSTFLAGS\"" -rust-musl-builder sh -c "cd core && cargo build --release --no-default-features --features cli-registry,registry,$FEATURES --locked --bin registrybox --target=$ARCH-unknown-linux-musl" -if [ "$(ls -nd core/target/$ARCH-unknown-linux-musl/release/registrybox | awk '{ print $3 }')" != "$UID" ]; then - rust-musl-builder sh -c "cd core && chown -R $UID:$UID target && chown -R $UID:$UID /root/.cargo" -fi +cross build --manifest-path=./core/Cargo.toml --release --no-default-features --features cli-registry,registry,$FEATURES --locked --bin registrybox --target=$RUST_ARCH-unknown-linux-musl diff --git a/core/build-startbox.sh b/core/build-startbox.sh index 2782d2c80..72f0f5ac0 100755 --- a/core/build-startbox.sh +++ b/core/build-startbox.sh @@ -18,9 +18,9 @@ if [ "$ARCH" = "arm64" ]; then ARCH="aarch64" fi -USE_TTY= -if tty -s; then - USE_TTY="-it" +RUST_ARCH="$ARCH" +if [ "$ARCH" = "riscv64" ]; then + RUST_ARCH="riscv64gc" fi cd .. @@ -31,11 +31,6 @@ if [[ "${ENVIRONMENT}" =~ (^|-)console($|-) ]]; then RUSTFLAGS="--cfg tokio_unstable" fi -source ./core/builder-alias.sh - echo "FEATURES=\"$FEATURES\"" echo "RUSTFLAGS=\"$RUSTFLAGS\"" -rust-musl-builder sh -c "cd core && cargo build $BUILD_FLAGS --no-default-features --features cli,startd,$FEATURES --locked --bin startbox --target=$ARCH-unknown-linux-musl" -if [ "$(ls -nd core/target/$ARCH-unknown-linux-musl/${PROFILE}/startbox | awk '{ print $3 }')" != "$UID" ]; then - rust-musl-builder sh -c "cd core && chown -R $UID:$UID target && chown -R $UID:$UID /root/.cargo" -fi \ No newline at end of file +cross build --manifest-path=./core/Cargo.toml $BUILD_FLAGS --no-default-features --features cli,startd,$FEATURES --locked --bin startbox --target=$RUST_ARCH-unknown-linux-musl \ No newline at end of file diff --git a/core/build-tunnelbox.sh b/core/build-tunnelbox.sh index b5a00304d..7e8445466 100755 --- a/core/build-tunnelbox.sh +++ b/core/build-tunnelbox.sh @@ -13,9 +13,9 @@ if [ "$ARCH" = "arm64" ]; then ARCH="aarch64" fi -USE_TTY= -if tty -s; then - USE_TTY="-it" +RUST_ARCH="$ARCH" +if [ "$ARCH" = "riscv64" ]; then + RUST_ARCH="riscv64gc" fi cd .. @@ -26,11 +26,6 @@ if [[ "${ENVIRONMENT}" =~ (^|-)console($|-) ]]; then RUSTFLAGS="--cfg tokio_unstable" fi -source ./core/builder-alias.sh - echo "FEATURES=\"$FEATURES\"" echo "RUSTFLAGS=\"$RUSTFLAGS\"" -rust-musl-builder sh -c "cd core && cargo build --release --no-default-features --features cli-tunnel,tunnel,$FEATURES --locked --bin tunnelbox --target=$ARCH-unknown-linux-musl" -if [ "$(ls -nd core/target/$ARCH-unknown-linux-musl/release/tunnelbox | awk '{ print $3 }')" != "$UID" ]; then - rust-musl-builder sh -c "cd core && chown -R $UID:$UID target && chown -R $UID:$UID /root/.cargo" -fi +cross build --manifest-path=./core/Cargo.toml --release --no-default-features --features cli-tunnel,tunnel,$FEATURES --locked --bin tunnelbox --target=$RUST_ARCH-unknown-linux-musl diff --git a/core/startos/Cargo.toml b/core/startos/Cargo.toml index f8308c97d..c3ccdbb9d 100644 --- a/core/startos/Cargo.toml +++ b/core/startos/Cargo.toml @@ -93,6 +93,7 @@ async-compression = { version = "0.4.32", features = [ ] } async-stream = "0.3.5" async-trait = "0.1.74" +aws-lc-sys = { version = "0.32", features = ["bindgen"] } axum = { version = "0.8.4", features = ["ws"] } backtrace-on-stack-overflow = { version = "0.3.0", optional = true } barrage = "0.2.3" diff --git a/core/startos/src/db/model/public.rs b/core/startos/src/db/model/public.rs index ea3abc7ec..f16125ae9 100644 --- a/core/startos/src/db/model/public.rs +++ b/core/startos/src/db/model/public.rs @@ -123,11 +123,20 @@ impl Public { kiosk, }, package_data: AllPackageData::default(), - ui: serde_json::from_str(include_str!(concat!( - env!("CARGO_MANIFEST_DIR"), - "/../../web/patchdb-ui-seed.json" - ))) - .with_kind(ErrorKind::Deserialization)?, + ui: { + #[cfg(feature = "startd")] + { + serde_json::from_str(include_str!(concat!( + env!("CARGO_MANIFEST_DIR"), + "/../../web/patchdb-ui-seed.json" + ))) + .with_kind(ErrorKind::Deserialization)? + } + #[cfg(not(feature = "startd"))] + { + Value::Null + } + }, }) } } diff --git a/core/startos/src/os_install/mod.rs b/core/startos/src/os_install/mod.rs index 651838cfb..7b5609b6a 100644 --- a/core/startos/src/os_install/mod.rs +++ b/core/startos/src/os_install/mod.rs @@ -361,6 +361,7 @@ pub async fn execute( match ARCH { "x86_64" => install.arg("--target=x86_64-efi"), "aarch64" => install.arg("--target=arm64-efi"), + "riscv64" => install.arg("--target=riscv64-efi"), _ => &mut install, }; } diff --git a/core/startos/src/s9pk/v2/pack.rs b/core/startos/src/s9pk/v2/pack.rs index a8fbe6f98..058ee32a8 100644 --- a/core/startos/src/s9pk/v2/pack.rs +++ b/core/startos/src/s9pk/v2/pack.rs @@ -416,6 +416,8 @@ impl ImageSource { "--platform=linux/amd64".to_owned() } else if arch == "aarch64" { "--platform=linux/arm64".to_owned() + } else if arch == "riscv64" { + "--platform=linux/riscv64".to_owned() } else { format!("--platform=linux/{arch}") }; @@ -478,6 +480,8 @@ impl ImageSource { "--platform=linux/amd64".to_owned() } else if arch == "aarch64" { "--platform=linux/arm64".to_owned() + } else if arch == "riscv64" { + "--platform=linux/riscv64".to_owned() } else { format!("--platform=linux/{arch}") }; diff --git a/image-recipe/Dockerfile b/image-recipe/Dockerfile index c5c905b78..c53627214 100644 --- a/image-recipe/Dockerfile +++ b/image-recipe/Dockerfile @@ -24,6 +24,11 @@ RUN apt-get update && \ rsync \ b3sum \ dpkg-dev + + +COPY binary_grub-efi.patch /root/binary_grub-efi.patch +RUN patch /usr/lib/live/build/binary_grub-efi < /root/binary_grub-efi.patch && rm /root/binary_grub-efi.patch + RUN echo 'retry_connrefused = on' > /etc/wgetrc && \ echo 'tries = 100' >> /etc/wgetrc diff --git a/image-recipe/binary_grub-efi.patch b/image-recipe/binary_grub-efi.patch new file mode 100644 index 000000000..e0c5af2eb --- /dev/null +++ b/image-recipe/binary_grub-efi.patch @@ -0,0 +1,47 @@ +--- /usr/lib/live/build/binary_grub-efi 2024-05-25 05:22:52.000000000 -0600 ++++ binary_grub-efi 2025-10-16 13:04:32.338740922 -0600 +@@ -54,6 +54,8 @@ + armhf) + Check_package chroot /usr/lib/grub/arm-efi/configfile.mod grub-efi-arm-bin + ;; ++ riscv64) ++ Check_package chroot /usr/lib/grub/riscv64-efi/configfile.mod grub-efi-riscv64-bin + esac + Check_package chroot /usr/bin/grub-mkimage grub-common + Check_package chroot /usr/bin/mcopy mtools +@@ -136,7 +138,7 @@ + esac + + # Cleanup files that we generate +-rm -rf binary/boot/efi.img binary/boot/grub/i386-efi/ binary/boot/grub/x86_64-efi binary/boot/grub/arm64-efi binary/boot/grub/arm-efi ++rm -rf binary/boot/efi.img binary/boot/grub/i386-efi/ binary/boot/grub/x86_64-efi binary/boot/grub/arm64-efi binary/boot/grub/arm-efi binary/boot/grub/riscv64-efi + + # This is workaround till both efi-image and grub-cpmodules are put into a binary package + case "${LB_BUILD_WITH_CHROOT}" in +@@ -243,6 +245,10 @@ + gen_efi_boot_img "arm-efi" "arm" "debian-live/arm" + PATH="\${PRE_EFI_IMAGE_PATH}" + ;; ++ riscv64) ++ gen_efi_boot_img "riscv64-efi" "riscv64" "debian-live/riscv64" ++ PATH="\${PRE_EFI_IMAGE_PATH}" ++ ;; + esac + + +@@ -324,6 +330,7 @@ + rm -f chroot/grub-efi-temp/bootnetx64.efi + rm -f chroot/grub-efi-temp/bootnetaa64.efi + rm -f chroot/grub-efi-temp/bootnetarm.efi ++rm -f chroot/grub-efi-temp/bootnetriscv64.efi + + mkdir -p binary + cp -a chroot/grub-efi-temp/* binary/ +@@ -331,6 +338,7 @@ + rm -rf chroot/grub-efi-temp-i386-efi + rm -rf chroot/grub-efi-temp-arm64-efi + rm -rf chroot/grub-efi-temp-arm-efi ++rm -rf chroot/grub-efi-temp-riscv64-efi + rm -rf chroot/grub-efi-temp-cfg + rm -rf chroot/grub-efi-temp + diff --git a/image-recipe/build.sh b/image-recipe/build.sh index e6be3a717..4b7c129c7 100755 --- a/image-recipe/build.sh +++ b/image-recipe/build.sh @@ -41,6 +41,9 @@ if [ "$IB_TARGET_PLATFORM" = "x86_64" ] || [ "$IB_TARGET_PLATFORM" = "x86_64-non elif [ "$IB_TARGET_PLATFORM" = "aarch64" ] || [ "$IB_TARGET_PLATFORM" = "aarch64-nonfree" ] || [ "$IB_TARGET_PLATFORM" = "raspberrypi" ] || [ "$IB_TARGET_PLATFORM" = "rockchip64" ]; then IB_TARGET_ARCH=arm64 QEMU_ARCH=aarch64 +elif [ "$IB_TARGET_PLATFORM" = "riscv64" ]; then + IB_TARGET_ARCH=riscv64 + QEMU_ARCH=riscv64 else IB_TARGET_ARCH="$IB_TARGET_PLATFORM" QEMU_ARCH="$IB_TARGET_PLATFORM" @@ -182,7 +185,7 @@ set -e cp /etc/resolv.conf /etc/resolv.conf.bak -if [ "${IB_SUITE}" = trixie ]; then +if [ "${IB_SUITE}" = trixie ] && [ "${IB_PLATFORM}" != riscv64 ]; then echo 'deb https://deb.debian.org/debian/ bookworm main' > /etc/apt/sources.list.d/bookworm.list apt-get update apt-get install -y postgresql-15 @@ -257,49 +260,41 @@ if [ "${IMAGE_TYPE}" = iso ]; then elif [ "${IMAGE_TYPE}" = img ]; then - function partition_for () { - if [[ "$1" =~ [0-9]+$ ]]; then - echo "$1p$2" - else - echo "$1$2" - fi - } - + BOOT_START=2048 + BOOT_END=526335 + ROOT_START=526336 ROOT_PART_END=$MAX_IMG_SECTORS + TARGET_NAME=$prep_results_dir/${IMAGE_BASENAME}.img TARGET_SIZE=$[($ROOT_PART_END+1)*512] truncate -s $TARGET_SIZE $TARGET_NAME - ( - echo o - echo x - echo i - echo "0xcb15ae4d" - echo r - echo n - echo p - echo 1 - echo 2048 - echo 526335 - echo t - echo c - echo n - echo p - echo 2 - echo 526336 - echo $ROOT_PART_END - echo a - echo 1 - echo w - ) | fdisk $TARGET_NAME - OUTPUT_DEVICE=$(losetup --show -fP $TARGET_NAME) - mkfs.ext4 `partition_for ${OUTPUT_DEVICE} 2` - mkfs.vfat `partition_for ${OUTPUT_DEVICE} 1` + + sfdisk $TARGET_NAME <<-EOF + label: dos + label-id: 0xcb15ae4d + unit: sectors + sector-size: 512 + + ${TARGET_NAME}1 : start=$BOOT_START, size=$((BOOT_END-BOOT_START+1)), type=c, bootable + ${TARGET_NAME}2 : start=$ROOT_START, size=$((ROOT_PART_END-ROOT_START+1)), type=83 + EOF + + BOOT_OFFSET=$((BOOT_START * 512)) + BOOT_SIZE=$(((BOOT_END - BOOT_START + 1) * 512)) + ROOT_OFFSET=$((ROOT_START * 512)) + ROOT_SIZE=$(((ROOT_PART_END - ROOT_START + 1) * 512)) + + BOOT_DEV=$(losetup --show -f --offset $BOOT_OFFSET --sizelimit $BOOT_SIZE $TARGET_NAME) + ROOT_DEV=$(losetup --show -f --offset $ROOT_OFFSET --sizelimit $ROOT_SIZE $TARGET_NAME) + + mkfs.vfat -F32 $BOOT_DEV + mkfs.ext4 $ROOT_DEV TMPDIR=$(mktemp -d) - mkdir -p $TMPDIR/boot $TMPDIR/root - mount `partition_for ${OUTPUT_DEVICE} 2` $TMPDIR/root - mount `partition_for ${OUTPUT_DEVICE} 1` $TMPDIR/boot + mkdir -p $TMPDIR/boot $TMPDIR/root + mount $ROOT_DEV $TMPDIR/root + mount $BOOT_DEV $TMPDIR/boot unsquashfs -n -f -d $TMPDIR $prep_results_dir/binary/live/filesystem.squashfs boot mkdir $TMPDIR/root/images $TMPDIR/root/config @@ -323,27 +318,29 @@ elif [ "${IMAGE_TYPE}" = img ]; then umount $TMPDIR/boot umount $TMPDIR/root - e2fsck -fy `partition_for ${OUTPUT_DEVICE} 2` - resize2fs -M `partition_for ${OUTPUT_DEVICE} 2` - BLOCK_COUNT=$(dumpe2fs -h `partition_for ${OUTPUT_DEVICE} 2` | awk '/^Block count:/ { print $3 }') - BLOCK_SIZE=$(dumpe2fs -h `partition_for ${OUTPUT_DEVICE} 2` | awk '/^Block size:/ { print $3 }') + e2fsck -fy $ROOT_DEV + resize2fs -M $ROOT_DEV + + BLOCK_COUNT=$(dumpe2fs -h $ROOT_DEV | awk '/^Block count:/ { print $3 }') + BLOCK_SIZE=$(dumpe2fs -h $ROOT_DEV | awk '/^Block size:/ { print $3 }') SECTOR_LEN=$[$BLOCK_COUNT*$BLOCK_SIZE/512] - losetup -d $OUTPUT_DEVICE + losetup -d $ROOT_DEV + losetup -d $BOOT_DEV - ( - echo d - echo 2 - echo n - echo p - echo 2 - echo 526336 - echo +$SECTOR_LEN - echo w - ) | fdisk $TARGET_NAME + # Recreate partition 2 with the new size using sfdisk + sfdisk $TARGET_NAME <<-EOF + label: dos + label-id: 0xcb15ae4d + unit: sectors + sector-size: 512 - ROOT_PART_END=$[526336+$SECTOR_LEN] + ${TARGET_NAME}1 : start=$BOOT_START, size=$((BOOT_END-BOOT_START+1)), type=c, bootable + ${TARGET_NAME}2 : start=$ROOT_START, size=$SECTOR_LEN, type=83 + EOF + + ROOT_PART_END=$[$ROOT_START+$SECTOR_LEN] TARGET_SIZE=$[($ROOT_PART_END+1)*512] truncate -s $TARGET_SIZE $TARGET_NAME diff --git a/sdk/base/lib/osBindings/SignerInfo.ts b/sdk/base/lib/osBindings/SignerInfo.ts index 7e7aa2588..76cbdafce 100644 --- a/sdk/base/lib/osBindings/SignerInfo.ts +++ b/sdk/base/lib/osBindings/SignerInfo.ts @@ -1,9 +1,3 @@ // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually. -import type { AnyVerifyingKey } from "./AnyVerifyingKey" -import type { ContactInfo } from "./ContactInfo" -export type SignerInfo = { - name: string - contact: Array - keys: Array -} +export type SignerInfo = { name: string } diff --git a/web/package-lock.json b/web/package-lock.json index 2a973bd6c..e5198c0cb 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -386,6 +386,7 @@ "resolved": "https://registry.npmjs.org/@angular-devkit/core/-/core-20.3.7.tgz", "integrity": "sha512-psmcjwYcXve4sLrcdnARc15/Wfd3RpydbtLo9+mViNzk5HQ6L2eEztKl/2QVYMgzZVIa1GfhjwUllVCyLAv3sg==", "license": "MIT", + "peer": true, "dependencies": { "ajv": "8.17.1", "ajv-formats": "3.0.1", @@ -413,6 +414,7 @@ "resolved": "https://registry.npmjs.org/@angular-devkit/schematics/-/schematics-20.3.7.tgz", "integrity": "sha512-DUxcQBPKO69p56ZgIdVfxWyLiSjdcUoD6BH9/nWHp0QiqRAR6GcXP4SFax76JPl2WsiCp4hHZ233Hf69AP1xew==", "license": "MIT", + "peer": true, "dependencies": { "@angular-devkit/core": "20.3.7", "jsonc-parser": "3.3.1", @@ -449,6 +451,7 @@ "resolved": "https://registry.npmjs.org/@angular/animations/-/animations-20.3.7.tgz", "integrity": "sha512-i655RaL0zmLE3OESUlDnRNBDRIMW/67nTQvMqP6V1cQ42l2+SMJtREsxmX6cWt55/qvvgeytAA6aBN4aerBl5A==", "license": "MIT", + "peer": true, "dependencies": { "tslib": "^2.3.0" }, @@ -563,6 +566,7 @@ "resolved": "https://registry.npmjs.org/@angular/cdk/-/cdk-20.2.10.tgz", "integrity": "sha512-d95C2r3JP11KCahouWmPaxswz/EE7Zn1k8ocoGt70jl33x42Sg96vAHeOpnQ4yfrdA4W7Q+eWB/NqqvAGCzOPQ==", "license": "MIT", + "peer": true, "dependencies": { "parse5": "^8.0.0", "tslib": "^2.3.0" @@ -579,6 +583,7 @@ "integrity": "sha512-hNurF7g/e9cDHFBRCKLPSmQJs0n28jZsC3sTl/XuWE8PYtv5egh2EuqrxdruYB5GdANpIqSQNgDGQJrKrk/XnQ==", "devOptional": true, "license": "MIT", + "peer": true, "dependencies": { "@angular-devkit/architect": "0.2003.7", "@angular-devkit/core": "20.3.7", @@ -613,6 +618,7 @@ "resolved": "https://registry.npmjs.org/@angular/common/-/common-20.3.7.tgz", "integrity": "sha512-uf8dXYTJbedk/wudkt2MfbtvN/T97aEZBtOTq8/IFQQZ3722rag6D+Cg76e5hBccROOn+ueGJX2gpxz02phTwA==", "license": "MIT", + "peer": true, "dependencies": { "tslib": "^2.3.0" }, @@ -629,6 +635,7 @@ "resolved": "https://registry.npmjs.org/@angular/compiler/-/compiler-20.3.7.tgz", "integrity": "sha512-EouHO15dUsgnFArj0M25R8cOPVoUfiFYSt6iXnMO8+S4dY1fDEmbFqkW5smlP66HL5Gys59Nwb5inejfIWHrLw==", "license": "MIT", + "peer": true, "dependencies": { "tslib": "^2.3.0" }, @@ -642,6 +649,7 @@ "integrity": "sha512-viZwWlwc1BAqryRJE0Wq2WgAxDaW9fuwtYHYrOWnIn9sy9KemKmR6RmU9VRydrwUROOlqK49R9+RC1wQ6sYwqA==", "dev": true, "license": "MIT", + "peer": true, "dependencies": { "@babel/core": "7.28.3", "@jridgewell/sourcemap-codec": "^1.4.14", @@ -674,6 +682,7 @@ "resolved": "https://registry.npmjs.org/@angular/core/-/core-20.3.7.tgz", "integrity": "sha512-2UuYzC2A5SUtu33tYTN411Wk0WilA+2Uld/GP3O6mragw1O7v/M8pMFmbe9TR5Ah/abRJIocWGlNqeztZmQmrw==", "license": "MIT", + "peer": true, "dependencies": { "tslib": "^2.3.0" }, @@ -699,6 +708,7 @@ "resolved": "https://registry.npmjs.org/@angular/forms/-/forms-20.3.7.tgz", "integrity": "sha512-uOCGCoqXeAWIlQMWiIeed/W8g8h2tk91YemMI+Ce1VQ/36Xfft40Bouz4eKcvJV6kLXGygdpWjzFGz32CE+3Og==", "license": "MIT", + "peer": true, "dependencies": { "tslib": "^2.3.0" }, @@ -727,6 +737,7 @@ "resolved": "https://registry.npmjs.org/@angular/platform-browser/-/platform-browser-20.3.7.tgz", "integrity": "sha512-AbLtyR7fVEGDYyrz95dP2pc69J5XIjLLsFNAuNQPzNX02WPoAxtrWrNY6UnTzGoSrCc5F52hiL2Uo6yPZTiJcg==", "license": "MIT", + "peer": true, "dependencies": { "tslib": "^2.3.0" }, @@ -791,6 +802,7 @@ "resolved": "https://registry.npmjs.org/@angular/router/-/router-20.3.7.tgz", "integrity": "sha512-Lq7mCNcLP1npmNh2JlNEe02YS2jNnaLnCy/t//o+Qq0c6DGV78JRl7pHubiB2R6XXlgvOcZWg88v94Li+y85Iw==", "license": "MIT", + "peer": true, "dependencies": { "tslib": "^2.3.0" }, @@ -809,6 +821,7 @@ "resolved": "https://registry.npmjs.org/@angular/service-worker/-/service-worker-20.3.7.tgz", "integrity": "sha512-q9Q77wBBqScRJJQ7T+F0RepMY543Hm0HCZGvOujT+vQNFK3aRlWLlYenOUIhq2vlLXOhszCt8e5dY7/R+1eRWw==", "license": "MIT", + "peer": true, "dependencies": { "tslib": "^2.3.0" }, @@ -854,6 +867,7 @@ "integrity": "sha512-yDBHV9kQNcr2/sUr9jghVyz9C3Y5G2zUM2H2lo+9mKv4sFgbA8s8Z9t8D1jiTkGoO/NoIfKMyKWr4s6CN23ZwQ==", "dev": true, "license": "MIT", + "peer": true, "dependencies": { "@ampproject/remapping": "^2.2.0", "@babel/code-frame": "^7.27.1", @@ -1818,6 +1832,7 @@ "integrity": "sha512-nqhDw2ZcAUrKNPwhjinJny903bRhI0rQhiDz1LksjeRxqa36i3l75+4iXbOy0rlDpLJGxqtgoPavQjmmyS5UJw==", "devOptional": true, "license": "MIT", + "peer": true, "dependencies": { "@inquirer/checkbox": "^4.2.1", "@inquirer/confirm": "^5.1.14", @@ -3956,6 +3971,7 @@ "resolved": "https://registry.npmjs.org/@taiga-ui/addon-commerce/-/addon-commerce-4.55.0.tgz", "integrity": "sha512-eOOBkIJSsagtRkpRZ04xlL8ePIP01d4Xo264zSTg2SRxD6vwR/7/QJlf9108BvIJv/jfTpmFukLwSB9LazqmCw==", "license": "Apache-2.0", + "peer": true, "dependencies": { "tslib": ">=2.8.1" }, @@ -4021,6 +4037,7 @@ "resolved": "https://registry.npmjs.org/@taiga-ui/cdk/-/cdk-4.55.0.tgz", "integrity": "sha512-vA5nGyx+YIHR1xZeq5D9gSqTRQg74qhe1AOt5FlqFOC0P4LvmLkNg3De7AeahXALNSeRz/DYcqI7WuGo6xpcLQ==", "license": "Apache-2.0", + "peer": true, "dependencies": { "tslib": "2.8.1" }, @@ -4052,6 +4069,7 @@ "resolved": "https://registry.npmjs.org/@taiga-ui/core/-/core-4.55.0.tgz", "integrity": "sha512-Z2ATVNmEAlHEk2cgs/tnS6qZML87IchkPDeRl6HQfBT2fjYVjh1oCzXL07t86Lv6tpvkllyUVqoBCTSvDXs9kA==", "license": "Apache-2.0", + "peer": true, "dependencies": { "tslib": ">=2.8.1" }, @@ -4091,6 +4109,7 @@ "resolved": "https://registry.npmjs.org/@taiga-ui/event-plugins/-/event-plugins-4.7.0.tgz", "integrity": "sha512-j3HPRPR7XxKxgMeytb+r/CNUoLBMVrfdfL8KJr1XiFO9jyEvoC4chFXDXWlkGyUHJIC6wy5VIXlIlI/kpqOiGg==", "license": "Apache-2.0", + "peer": true, "dependencies": { "tslib": "^2.3.0" }, @@ -4149,6 +4168,7 @@ "resolved": "https://registry.npmjs.org/@taiga-ui/kit/-/kit-4.55.0.tgz", "integrity": "sha512-xTvi7viI+wI2ifPv2bsf8prhYWWS4g1lbx059jXV3f5Cttc0Xg6DEb6xpaQOf4loBkcrP2FzkA4njACUuiouzw==", "license": "Apache-2.0", + "peer": true, "dependencies": { "tslib": ">=2.8.1" }, @@ -4177,6 +4197,7 @@ "resolved": "https://registry.npmjs.org/@taiga-ui/layout/-/layout-4.55.0.tgz", "integrity": "sha512-C+e4gudZwjIc46VITil5vySas1FPpfe+D4uwLRggJOTuUosZlZHBuc51v91wCCc0pL0Xfu+TD0s8W9kRd1sQHA==", "license": "Apache-2.0", + "peer": true, "dependencies": { "tslib": ">=2.8.1" }, @@ -4195,6 +4216,7 @@ "resolved": "https://registry.npmjs.org/@taiga-ui/polymorpheus/-/polymorpheus-4.9.0.tgz", "integrity": "sha512-TbIIwslbEnxunKuL9OyPZdmefrvJEK6HYiADEKQHUMUs4Pk2UbhMckUieURo83yPDamk/Mww+Nu/g60J/4uh2w==", "license": "Apache-2.0", + "peer": true, "dependencies": { "tslib": "^2.8.1" }, @@ -4321,6 +4343,7 @@ "resolved": "https://registry.npmjs.org/@types/dompurify/-/dompurify-3.0.5.tgz", "integrity": "sha512-1Wg0g3BtQF7sSb27fJQAKck1HECM6zV1EB66j8JH9i3LCjYabJa0FSdiSgsD5K/RbrsR0SiraKacLB+T8ZVYAg==", "license": "MIT", + "peer": true, "dependencies": { "@types/trusted-types": "*" } @@ -4372,6 +4395,7 @@ "integrity": "sha512-BICHQ67iqxQGFSzfCFTT7MRQ5XcBjG5aeKh5Ok38UBbPe5fxTyE+aHFxwVrGyr8GNlqFMLKD1D3P2K/1ks8tog==", "dev": true, "license": "MIT", + "peer": true, "dependencies": { "undici-types": "~6.21.0" } @@ -4856,6 +4880,7 @@ } ], "license": "MIT", + "peer": true, "dependencies": { "baseline-browser-mapping": "^2.8.19", "caniuse-lite": "^1.0.30001751", @@ -5133,6 +5158,7 @@ "integrity": "sha512-Qgzu8kfBvo+cA4962jnP1KkS6Dop5NS6g7R5LFYJr4b8Ub94PPQXUksCw9PvXoeXPRRddRNC5C1JQUR2SMGtnA==", "devOptional": true, "license": "MIT", + "peer": true, "dependencies": { "readdirp": "^4.0.1" }, @@ -5757,7 +5783,8 @@ "version": "3.1.7", "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.1.7.tgz", "integrity": "sha512-VaTstWtsneJY8xzy7DekmYWEOZcmzIe3Qb3zPd4STve1OBTa+e+WmS1ITQec1fZYXI3HCsOZZiSMpG6oxoWMWQ==", - "license": "(MPL-2.0 OR Apache-2.0)" + "license": "(MPL-2.0 OR Apache-2.0)", + "peer": true }, "node_modules/domutils": { "version": "3.2.2", @@ -6123,6 +6150,7 @@ "integrity": "sha512-DT9ck5YIRU+8GYzzU5kT3eHGA5iL+1Zd0EutOmTE9Dtk+Tvuzd23VBU+ec7HPNSTxXYO55gPV/hq4pSBJDjFpA==", "devOptional": true, "license": "MIT", + "peer": true, "dependencies": { "accepts": "^2.0.0", "body-parser": "^2.2.0", @@ -7653,6 +7681,7 @@ "integrity": "sha512-j1n1IuTX1VQjIy3tT7cyGbX7nvQOsFLoIqobZv4ttI5axP923gA44zUj6miiA6R5Aoms4sEGVIIcucXUbRI14g==", "dev": true, "license": "Apache-2.0", + "peer": true, "dependencies": { "copy-anything": "^2.0.1", "parse-node-version": "^1.0.1", @@ -8010,6 +8039,7 @@ "integrity": "sha512-SL0JY3DaxylDuo/MecFeiC+7pedM0zia33zl0vcjgwcq1q1FWWF1To9EIauPbl8GbMCU0R2e0uJ8bZunhYKD2g==", "devOptional": true, "license": "MIT", + "peer": true, "dependencies": { "cli-truncate": "^4.0.0", "colorette": "^2.0.20", @@ -8845,6 +8875,7 @@ "integrity": "sha512-hwPZNeV/6C3pWojK70AHxe6uk1rz2bzoe+WdH+GIWouUcyXrjYQjOFyLfOGD0ia9D+yWVzjsi4CKVK/dQFDQ6Q==", "dev": true, "license": "MIT", + "peer": true, "dependencies": { "@ampproject/remapping": "^2.3.0", "@rollup/plugin-json": "^6.1.0", @@ -10659,6 +10690,7 @@ "integrity": "sha512-RIDh866U8agLgiIcdpB+COKnlCreHJLfIhWC3LVflku5YHfpnsIKigRZeFfMfCc4dVcqNVfQQ5gO/afOck064A==", "dev": true, "license": "MIT", + "peer": true, "dependencies": { "@types/estree": "1.0.8" }, @@ -10794,6 +10826,7 @@ "resolved": "https://registry.npmjs.org/rxjs/-/rxjs-7.8.2.tgz", "integrity": "sha512-dhKf903U/PQZY6boNNtAGdWbG85WAbjT/1xYoZIC7FAY0yWapOBQVsVrDl58W86//e1VpMNBtRV4MaXfdMySFA==", "license": "Apache-2.0", + "peer": true, "dependencies": { "tslib": "^2.1.0" } @@ -10831,6 +10864,7 @@ "integrity": "sha512-9GUyuksjw70uNpb1MTYWsH9MQHOHY6kwfnkafC24+7aOMZn9+rVMBxRbLvw756mrBFbIsFg6Xw9IkR2Fnn3k+Q==", "dev": true, "license": "MIT", + "peer": true, "dependencies": { "chokidar": "^4.0.0", "immutable": "^5.0.2", @@ -11705,7 +11739,8 @@ "version": "2.8.1", "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.8.1.tgz", "integrity": "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w==", - "license": "0BSD" + "license": "0BSD", + "peer": true }, "node_modules/tslint": { "version": "6.1.3", @@ -11997,6 +12032,7 @@ "integrity": "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==", "dev": true, "license": "Apache-2.0", + "peer": true, "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" @@ -12167,6 +12203,7 @@ "integrity": "sha512-uzcxnSDVjAopEUjljkWh8EIrg6tlzrjFUfMcR1EVsRDGwf/ccef0qQPRyOrROwhrTDaApueq+ja+KLPlzR/zdg==", "dev": true, "license": "MIT", + "peer": true, "dependencies": { "esbuild": "^0.25.0", "fdir": "^6.5.0", @@ -12563,21 +12600,6 @@ "dev": true, "license": "ISC" }, - "node_modules/yaml": { - "version": "2.8.1", - "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.1.tgz", - "integrity": "sha512-lcYcMxX2PO9XMGvAJkJ3OsNMw+/7FKes7/hgerGUYWIoWu5j/+YQqcZr5JnPZWzOsEBgMbSbiSTn/dv/69Mkpw==", - "dev": true, - "license": "ISC", - "optional": true, - "peer": true, - "bin": { - "yaml": "bin.mjs" - }, - "engines": { - "node": ">= 14.6" - } - }, "node_modules/yargs": { "version": "18.0.0", "resolved": "https://registry.npmjs.org/yargs/-/yargs-18.0.0.tgz", @@ -12648,6 +12670,7 @@ "integrity": "sha512-gzUt/qt81nXsFGKIFcC3YnfEAx5NkunCfnDlvuBSSFS02bcXu4Lmea0AFIUwbLWxWPx3d9p8S5QoaujKcNQxcQ==", "devOptional": true, "license": "MIT", + "peer": true, "funding": { "url": "https://github.com/sponsors/colinhacks" } @@ -12666,7 +12689,8 @@ "version": "0.15.1", "resolved": "https://registry.npmjs.org/zone.js/-/zone.js-0.15.1.tgz", "integrity": "sha512-XE96n56IQpJM7NAoXswY3XRLcWFW83xe0BiAOeMD7K5k5xecOeul3Qcpx6GqEeeHNkW5DWL5zOyTbEfB4eti8w==", - "license": "MIT" + "license": "MIT", + "peer": true } } } diff --git a/web/projects/start-tunnel/src/app/routes/home/routes/devices/utils.ts b/web/projects/start-tunnel/src/app/routes/home/routes/devices/utils.ts index 52234ae6f..4567941ab 100644 --- a/web/projects/start-tunnel/src/app/routes/home/routes/devices/utils.ts +++ b/web/projects/start-tunnel/src/app/routes/home/routes/devices/utils.ts @@ -40,9 +40,15 @@ export const ipInSubnetValidator = (subnet: string | null = null) => { return { invalidIp: 'Not a valid IP Address' } } if (!ipnet) return null - return ipnet.zero().cmp(ip) === -1 && ipnet.broadcast().cmp(ip) === 1 + const zero = ipnet.zero().cmp(ip) + const broadcast = ipnet.broadcast().cmp(ip) + return zero + broadcast === 0 ? null - : { notInSubnet: `Address is not part of ${subnet}` } + : zero === 0 + ? { isZeroAddr: `Address cannot be the zero address` } + : broadcast === 0 + ? { isBroadcastAddress: `Address cannot be the broadcast address` } + : { notInSubnet: `Address is not part of ${subnet}` } } } diff --git a/web/projects/ui/src/app/services/api/embassy-live-api.service.ts b/web/projects/ui/src/app/services/api/embassy-live-api.service.ts index c6c614ed0..24117297f 100644 --- a/web/projects/ui/src/app/services/api/embassy-live-api.service.ts +++ b/web/projects/ui/src/app/services/api/embassy-live-api.service.ts @@ -794,10 +794,18 @@ export class LiveApiService extends ApiService { ) return res.body } - const computedDigest = Buffer.from(blake3(data)).toString('base64') - if (`blake3=:${computedDigest}:` === digest) return res.body - console.debug(computedDigest, digest) - throw new Error('File digest mismatch.') + const [alg, hash] = digest.split('=', 2) + if (alg === 'blake3') { + if ( + Buffer.from(blake3(data)).compare( + Buffer.from(hash?.replace(/:/g, '') || '', 'base64'), + ) !== 0 + ) { + throw new Error('File digest mismatch.') + } + } else { + console.warn(`Unknown Repr-Digest algorithm ${alg}`) + } } return res.body }