Bugfix/ssl proxy to ssl (#2956)

* fix registry rm command

* fix bind with addSsl on ssl proto

* fix bind with addSsl on ssl proto

* Add pre-release version migrations

* fix os build

* add mime to package deps

* update lockfile

* more ssl fixes

* add waitFor

* improve restart lockup

* beta.26

* fix dependency health check logic

* handle missing health check

* fix port forwards

---------

Co-authored-by: Aiden McClelland <me@drbonez.dev>

core/startos/src/disk/mount/backup.rs

@@ -29,12 +29,11 @@ pub struct BackupMountGuard<G: GenericMountGuard> {
 }
 impl<G: GenericMountGuard> BackupMountGuard<G> {
     #[instrument(skip_all)]
-    pub async fn mount(
-        backup_disk_mount_guard: G,
+    pub async fn load_metadata(
+        backup_disk_path: &Path,
         server_id: &str,
         password: &str,
-    ) -> Result<Self, Error> {
-        let backup_disk_path = backup_disk_mount_guard.path();
+    ) -> Result<(StartOsRecoveryInfo, String), Error> {
         let backup_dir = backup_disk_path.join("StartOSBackups").join(server_id);
         let unencrypted_metadata_path = backup_dir.join("unencrypted-metadata.json");
         let crypt_path = backup_dir.join("crypt");
@@ -79,7 +78,6 @@ impl<G: GenericMountGuard> BackupMountGuard<G> {
                 &rand::random::<[u8; 32]>()[..],
             )
         };
-
         if unencrypted_metadata.password_hash.is_none() {
             unencrypted_metadata.password_hash = Some(
                 argon2::hash_encoded(
@@ -96,6 +94,20 @@ impl<G: GenericMountGuard> BackupMountGuard<G> {
                 &encrypt_slice(&enc_key, password),
             ));
         }
+        Ok((unencrypted_metadata, enc_key))
+    }
+    #[instrument(skip_all)]
+    pub async fn mount(
+        backup_disk_mount_guard: G,
+        server_id: &str,
+        password: &str,
+    ) -> Result<Self, Error> {
+        let backup_disk_path = backup_disk_mount_guard.path();
+        let (unencrypted_metadata, enc_key) =
+            Self::load_metadata(backup_disk_path, server_id, password).await?;
+        let backup_dir = backup_disk_path.join("StartOSBackups").join(server_id);
+        let unencrypted_metadata_path = backup_dir.join("unencrypted-metadata.json");
+        let crypt_path = backup_dir.join("crypt");
 
         if tokio::fs::metadata(&crypt_path).await.is_err() {
             tokio::fs::create_dir_all(&crypt_path).await.with_ctx(|_| {

core/startos/src/disk/mount/filesystem/idmapped.rs

@@ -1,5 +1,6 @@
 use std::ffi::OsStr;
 use std::fmt::Display;
+use std::os::unix::fs::MetadataExt;
 use std::path::Path;
 
 use digest::generic_array::GenericArray;
@@ -54,7 +55,30 @@ impl<Fs: FileSystem> FileSystem for IdMapped<Fs> {
         self.filesystem.source().await
     }
     async fn pre_mount(&self, mountpoint: &Path) -> Result<(), Error> {
-        self.filesystem.pre_mount(mountpoint).await
+        self.filesystem.pre_mount(mountpoint).await?;
+        let info = tokio::fs::metadata(mountpoint).await?;
+        let uid_in_range = self.from_id <= info.uid() && self.from_id + self.range > info.uid();
+        let gid_in_range = self.from_id <= info.gid() && self.from_id + self.range > info.gid();
+        if uid_in_range || gid_in_range {
+            Command::new("chown")
+                .arg(format!(
+                    "{uid}:{gid}",
+                    uid = if uid_in_range {
+                        self.to_id + info.uid() - self.from_id
+                    } else {
+                        info.uid()
+                    },
+                    gid = if gid_in_range {
+                        self.to_id + info.gid() - self.from_id
+                    } else {
+                        info.gid()
+                    },
+                ))
+                .arg(&mountpoint)
+                .invoke(crate::ErrorKind::Filesystem)
+                .await?;
+        }
+        Ok(())
     }
     async fn mount<P: AsRef<Path> + Send>(
         &self,