From c728f1a69447fc095aaf2e3c3a5e7b5b6bc4e0f8 Mon Sep 17 00:00:00 2001
From: Aiden McClelland <3732071+dr-bonez@users.noreply.github.com>
Date: Thu, 22 Sep 2022 11:40:36 -0600
Subject: [PATCH] restructure initialization (#1816)

* reorder enabling of systemd-resolved

* set dns at end

* don't disable interfaces

* let networkmanager manage ifupdown

* restructure initialization

* use pigz when available

* cleanup

* fetch key before adding registry

* fix build

* update patch-db

* fix build

* fix build

* wait for network reinit

* add dynamic wait for up to 60s for network to reinit
---
 .github/workflows/product.yaml  |  28 ++-
 Makefile                        |  20 +-
 backend/src/init.rs             |  62 +++++-
 backend/src/net/dns.rs          |  40 ++--
 backend/src/version/v0_3_2.rs   |  26 +++
 build/initialization.sh         |  69 +++---
 build/write-image.sh            |   4 -
 patch-db                        |   2 +-
 system-images/binfmt/.gitignore |   1 +
 system-images/binfmt/Dockerfile |   1 +
 system-images/binfmt/Makefile   |   6 +
 system-images/compat/Cargo.lock | 384 +++++++++++++++++++++-----------
 system-images/compat/Makefile   |   4 +-
 13 files changed, 449 insertions(+), 198 deletions(-)
 create mode 100644 system-images/binfmt/.gitignore
 create mode 100644 system-images/binfmt/Dockerfile
 create mode 100644 system-images/binfmt/Makefile

diff --git a/.github/workflows/product.yaml b/.github/workflows/product.yaml
index 993de28b0..98ef64fd7 100644
--- a/.github/workflows/product.yaml
+++ b/.github/workflows/product.yaml
@@ -67,6 +67,26 @@ jobs:
         name: utils.tar
         path: system-images/utils/utils.tar
 
+  binfmt:
+    name: Build binfmt.tar
+    runs-on: ubuntu-latest
+    timeout-minutes: 60
+    steps:
+    - uses: actions/checkout@v3
+      with:
+        submodules: recursive
+
+    - name: Set up Docker Buildx        
+      uses: docker/setup-buildx-action@v1
+
+    - name: Build image
+      run: make system-images/binfmt/binfmt.tar
+
+    - uses: actions/upload-artifact@v3
+      with:
+        name: binfmt.tar
+        path: system-images/binfmt/binfmt.tar
+
   backend:
     uses: ./.github/workflows/backend.yaml
   
@@ -77,7 +97,7 @@ jobs:
     name: Build image
     runs-on: ubuntu-latest
     timeout-minutes: 60
-    needs: [compat,utils,backend,frontend]
+    needs: [compat,utils,binfmt,backend,frontend]
     steps:
     - uses: actions/checkout@v3
       with:
@@ -95,6 +115,12 @@ jobs:
         name: utils.tar
         path: system-images/utils
 
+    - name: Download binfmt.tar artifact
+      uses: actions/download-artifact@v3
+      with:
+        name: binfmt.tar
+        path: system-images/binfmt
+
     - name: Download js_snapshot artifact
       uses: actions/download-artifact@v3
       with:
diff --git a/Makefile b/Makefile
index 549e7a623..96d2e4a5f 100644
--- a/Makefile
+++ b/Makefile
@@ -3,14 +3,16 @@ GIT_HASH_FILE := $(shell ./check-git-hash.sh)
 EMBASSY_BINS := backend/target/aarch64-unknown-linux-gnu/release/embassyd backend/target/aarch64-unknown-linux-gnu/release/embassy-init backend/target/aarch64-unknown-linux-gnu/release/embassy-cli backend/target/aarch64-unknown-linux-gnu/release/embassy-sdk backend/target/aarch64-unknown-linux-gnu/release/avahi-alias
 EMBASSY_UIS := frontend/dist/ui frontend/dist/setup-wizard frontend/dist/diagnostic-ui
 EMBASSY_SRC := raspios.img product_key.txt $(EMBASSY_BINS) backend/embassyd.service backend/embassy-init.service $(EMBASSY_UIS) $(shell find build)
-COMPAT_SRC := $(shell find system-images/compat/src)
-UTILS_SRC := $(shell find system-images/utils/Dockerfile)
+COMPAT_SRC := $(shell find system-images/compat/ -not -path 'system-images/compat/target/*' -and -not -name compat.tar -and -not -name target)
+UTILS_SRC := $(shell find system-images/utils/ -not -name utils.tar)
+BINFMT_SRC := $(shell find system-images/binfmt/ -not -name binfmt.tar)
 BACKEND_SRC := $(shell find backend/src) $(shell find backend/migrations) $(shell find patch-db/*/src) backend/Cargo.toml backend/Cargo.lock
 FRONTEND_SHARED_SRC := $(shell find frontend/projects/shared) $(shell find frontend/assets) $(shell ls -p frontend/ | grep -v / | sed 's/^/frontend\//g') frontend/node_modules frontend/config.json patch-db/client/dist
 FRONTEND_UI_SRC := $(shell find frontend/projects/ui)
 FRONTEND_SETUP_WIZARD_SRC := $(shell find frontend/projects/setup-wizard)
 FRONTEND_DIAGNOSTIC_UI_SRC := $(shell find frontend/projects/diagnostic-ui)
 PATCH_DB_CLIENT_SRC := $(shell find patch-db/client -not -path patch-db/client/dist)
+GZIP_BIN := $(shell which pigz || which gzip)
 $(shell sudo true)
 
 .DELETE_ON_ERROR:
@@ -20,7 +22,7 @@ all: eos.img
 gzip: eos.tar.gz
 
 eos.tar.gz: eos.img
-	tar --format=posix -cS -f- eos.img | gzip > eos.tar.gz
+	tar --format=posix -cS -f- eos.img | $(GZIP_BIN) > eos.tar.gz
 
 clean:
 	rm -f eos.img
@@ -42,16 +44,18 @@ format:
 sdk: 
 	cd backend/ && ./install-sdk.sh
 
-eos.img: $(EMBASSY_SRC) system-images/compat/compat.tar system-images/utils/utils.tar cargo-deps/aarch64-unknown-linux-gnu/release/nc-broadcast $(ENVIRONMENT_FILE) $(GIT_HASH_FILE)
+eos.img: $(EMBASSY_SRC) system-images/compat/compat.tar system-images/utils/utils.tar system-images/binfmt/binfmt.tar cargo-deps/aarch64-unknown-linux-gnu/release/nc-broadcast $(ENVIRONMENT_FILE) $(GIT_HASH_FILE)
 	! test -f eos.img || rm eos.img
 	if [ "$(NO_KEY)" = "1" ]; then NO_KEY=1 ./build/make-image.sh; else ./build/make-image.sh; fi
 
 system-images/compat/compat.tar: $(COMPAT_SRC)
-	cd system-images/compat && ./build.sh
-	cd system-images/compat && DOCKER_CLI_EXPERIMENTAL=enabled docker buildx build --tag start9/x_system/compat --platform=linux/arm64 -o type=docker,dest=compat.tar .
+	cd system-images/compat && make
 
 system-images/utils/utils.tar: $(UTILS_SRC)
-	cd system-images/utils && DOCKER_CLI_EXPERIMENTAL=enabled docker buildx build --tag start9/x_system/utils --platform=linux/arm64 -o type=docker,dest=utils.tar .
+	cd system-images/utils && make
+
+system-images/binfmt/binfmt.tar: $(BINFMT_SRC)
+	cd system-images/binfmt && make
 
 raspios.img:
 	wget --continue https://downloads.raspberrypi.org/raspios_lite_arm64/images/raspios_lite_arm64-2022-01-28/2022-01-28-raspios-bullseye-arm64-lite.zip
@@ -105,4 +109,4 @@ ui: frontend/dist/ui
 backend: $(EMBASSY_BINS)
 
 cargo-deps/aarch64-unknown-linux-gnu/release/nc-broadcast:
-	./build-cargo-dep.sh nc-broadcast
\ No newline at end of file
+	./build-cargo-dep.sh nc-broadcast
diff --git a/backend/src/init.rs b/backend/src/init.rs
index e8de39455..994a47c0a 100644
--- a/backend/src/init.rs
+++ b/backend/src/init.rs
@@ -1,3 +1,4 @@
+use std::collections::HashMap;
 use std::path::Path;
 use std::process::Stdio;
 use std::time::Duration;
@@ -132,7 +133,8 @@ pub async fn init_postgres(datadir: impl AsRef<Path>) -> Result<(), Error> {
                 .success(),
         )
     };
-    if tokio::fs::metadata(&db_dir).await.is_err() {
+    let exists = tokio::fs::metadata(&db_dir).await.is_ok();
+    if !exists {
         Command::new("cp")
             .arg("-ra")
             .arg("/var/lib/postgresql")
@@ -143,11 +145,35 @@ pub async fn init_postgres(datadir: impl AsRef<Path>) -> Result<(), Error> {
     if !is_mountpoint().await? {
         crate::disk::mount::util::bind(&db_dir, "/var/lib/postgresql", false).await?;
     }
+    Command::new("chown")
+        .arg("-R")
+        .arg("postgres")
+        .arg("/var/lib/postgresql")
+        .invoke(crate::ErrorKind::Database)
+        .await?;
     Command::new("systemctl")
         .arg("start")
         .arg("postgresql")
         .invoke(crate::ErrorKind::Database)
         .await?;
+    if !exists {
+        Command::new("sudo")
+            .arg("-u")
+            .arg("postgres")
+            .arg("createuser")
+            .arg("root")
+            .invoke(crate::ErrorKind::Database)
+            .await?;
+        Command::new("sudo")
+            .arg("-u")
+            .arg("postgres")
+            .arg("createdb")
+            .arg("secrets")
+            .arg("-O")
+            .arg("root")
+            .invoke(crate::ErrorKind::Database)
+            .await?;
+    }
     Ok(())
 }
 
@@ -205,6 +231,28 @@ pub async fn init(cfg: &RpcContextConfig) -> Result<InitResult, Error> {
     tracing::info!("Mounted Docker Data");
 
     if should_rebuild || !tmp_docker_exists {
+        tracing::info!("Creating Docker Network");
+        bollard::Docker::connect_with_unix_defaults()?
+            .create_network(bollard::network::CreateNetworkOptions {
+                name: "start9",
+                driver: "bridge",
+                ipam: bollard::models::Ipam {
+                    config: Some(vec![bollard::models::IpamConfig {
+                        subnet: Some("172.18.0.1/24".into()),
+                        ..Default::default()
+                    }]),
+                    ..Default::default()
+                },
+                options: {
+                    let mut m = HashMap::new();
+                    m.insert("com.docker.network.bridge.name", "br-start9");
+                    m
+                },
+                ..Default::default()
+            })
+            .await?;
+        tracing::info!("Created Docker Network");
+
         tracing::info!("Loading System Docker Images");
         crate::install::load_images("/var/lib/embassy/system-images").await?;
         tracing::info!("Loaded System Docker Images");
@@ -214,6 +262,18 @@ pub async fn init(cfg: &RpcContextConfig) -> Result<InitResult, Error> {
         tracing::info!("Loaded Package Docker Images");
     }
 
+    tracing::info!("Enabling Docker QEMU Emulation");
+    Command::new("docker")
+        .arg("run")
+        .arg("--privileged")
+        .arg("--rm")
+        .arg("start9/x_system/binfmt")
+        .arg("--install")
+        .arg("all")
+        .invoke(crate::ErrorKind::Docker)
+        .await?;
+    tracing::info!("Enabled Docker QEMU Emulation");
+
     crate::ssh::sync_keys_from_db(&secret_store, "/home/start9/.ssh/authorized_keys").await?;
     tracing::info!("Synced SSH Keys");
     let db = cfg.db(&secret_store).await?;
diff --git a/backend/src/net/dns.rs b/backend/src/net/dns.rs
index 9dd66afde..d73c781eb 100644
--- a/backend/src/net/dns.rs
+++ b/backend/src/net/dns.rs
@@ -8,6 +8,7 @@ use futures::TryFutureExt;
 use helpers::NonDetachingJoinHandle;
 use models::PackageId;
 use tokio::net::{TcpListener, UdpSocket};
+use tokio::process::Command;
 use tokio::sync::RwLock;
 use trust_dns_server::authority::MessageResponseBuilder;
 use trust_dns_server::client::op::{Header, ResponseCode};
@@ -15,9 +16,8 @@ use trust_dns_server::client::rr::{Name, Record, RecordType};
 use trust_dns_server::server::{Request, RequestHandler, ResponseHandler, ResponseInfo};
 use trust_dns_server::ServerFuture;
 
-#[cfg(feature = "avahi")]
-use crate::net::mdns::resolve_mdns;
-use crate::{Error, ErrorKind, ResultExt};
+use crate::util::Invoke;
+use crate::{Error, ErrorKind, ResultExt, HOST_IP};
 
 pub struct DnsController {
     services: Arc<RwLock<BTreeMap<PackageId, BTreeSet<Ipv4Addr>>>>,
@@ -31,25 +31,6 @@ struct Resolver {
 impl Resolver {
     async fn resolve(&self, name: &Name) -> Option<Vec<Ipv4Addr>> {
         match name.iter().next_back() {
-            #[cfg(feature = "avahi")]
-            Some(b"local") => match resolve_mdns(&format!(
-                "{}.local",
-                name.iter()
-                    .rev()
-                    .skip(1)
-                    .next()
-                    .and_then(|v| std::str::from_utf8(v).ok())
-                    .unwrap_or_default()
-            ))
-            .await
-            {
-                Ok(ip) => Some(vec![ip]),
-                Err(e) => {
-                    tracing::error!("{}", e);
-                    tracing::debug!("{:?}", e);
-                    None
-                }
-            },
             Some(b"embassy") => {
                 if let Some(pkg) = name.iter().rev().skip(1).next() {
                     if let Some(ip) = self
@@ -63,7 +44,7 @@ impl Resolver {
                         None
                     }
                 } else {
-                    None
+                    Some(vec![HOST_IP.into()])
                 }
             }
             _ => None,
@@ -81,7 +62,11 @@ impl RequestHandler for Resolver {
         let query = request.request_info().query;
         if let Some(ip) = self.resolve(query.name().borrow()).await {
             if query.query_type() != RecordType::A {
-                tracing::warn!("Non A-Record requested for {}", query.name());
+                tracing::warn!(
+                    "Non A-Record requested for {}: {:?}",
+                    query.name(),
+                    query.query_type()
+                );
             }
             response_handle
                 .send_response(
@@ -142,6 +127,13 @@ impl DnsController {
         );
         server.register_socket(UdpSocket::bind(bind).await.with_kind(ErrorKind::Network)?);
 
+        Command::new("systemd-resolve")
+            .arg("--set-dns=127.0.0.1")
+            .arg("--interface=br-start9")
+            .arg("--set-domain=embassy")
+            .invoke(ErrorKind::Network)
+            .await?;
+
         let dns_server = tokio::spawn(
             server
                 .block_until_done()
diff --git a/backend/src/version/v0_3_2.rs b/backend/src/version/v0_3_2.rs
index cc2b227c4..172413943 100644
--- a/backend/src/version/v0_3_2.rs
+++ b/backend/src/version/v0_3_2.rs
@@ -1,3 +1,5 @@
+use std::collections::HashMap;
+
 use emver::VersionRange;
 
 use crate::hostname::{generate_id, get_hostname, sync_hostname};
@@ -44,6 +46,30 @@ impl VersionT for Version {
             ui.insert("ack-instructions".to_string(), serde_json::json!({}));
         }
         crate::db::DatabaseModel::new().ui().put(db, &ui).await?;
+
+        let docker = bollard::Docker::connect_with_unix_defaults()?;
+        docker.remove_network("start9").await?;
+        docker
+            .create_network(bollard::network::CreateNetworkOptions {
+                name: "start9",
+                driver: "bridge",
+                ipam: bollard::models::Ipam {
+                    config: Some(vec![bollard::models::IpamConfig {
+                        subnet: Some("172.18.0.1/24".into()),
+                        ..Default::default()
+                    }]),
+                    ..Default::default()
+                },
+                options: {
+                    let mut m = HashMap::new();
+                    m.insert("com.docker.network.bridge.name", "br-start9");
+                    m
+                },
+                ..Default::default()
+            })
+            .await?;
+        crate::install::load_images("/var/lib/embassy/system-images").await?;
+
         Ok(())
     }
     async fn down<Db: DbHandle>(&self, db: &mut Db) -> Result<(), Error> {
diff --git a/build/initialization.sh b/build/initialization.sh
index 873c1dcfc..57df1a99c 100755
--- a/build/initialization.sh
+++ b/build/initialization.sh
@@ -11,9 +11,14 @@ fi
 
 passwd -l start9
 
+START=$(date +%s)
 while ! ping -q -w 1 -c 1 `ip r | grep default | cut -d ' ' -f 3` > /dev/null; do
 	>&2 echo "Waiting for internet connection..."
 	sleep 1
+	if [ "$[$START + 60]" -lt $(date +%s) ]; then
+		>&2 echo "Timed out waiting for internet connection..."
+		exit 1
+	fi
 done
 echo "Connected to network"
 
@@ -41,39 +46,56 @@ apt-get install -y \
 	cryptsetup \
 	exfat-utils \
 	sqlite3 \
+	network-manager \
 	wireless-tools \
 	net-tools \
 	ecryptfs-utils \
 	cifs-utils \
 	samba-common-bin \
-	network-manager \
 	vim \
 	jq \
 	ncdu \
 	postgresql \
-	pgloader
+	pgloader \
+	dnsutils
+
+# switch to systemd-resolved & network-manager
+systemctl enable systemd-resolved
+systemctl start systemd-resolved
+apt-get remove --purge openresolv dhcpcd5 -y
+echo "#" > /etc/network/interfaces
+systemctl disable wpa_supplicant.service
+ln -rsf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
+cat << EOF > /etc/NetworkManager/NetworkManager.conf
+[main]
+plugins=ifupdown,keyfile
+dns=systemd-resolved
+
+[ifupdown]
+managed=true
+EOF
+sudo systemctl restart NetworkManager
+nmcli device modify eth0 ipv4.ignore-auto-dns no
+
+START=$(date +%s)
+while ! ping -q -w 1 -c 1 start9.com > /dev/null; do
+	>&2 echo "Waiting for network to reinitialize..."
+	sleep 1
+	if [ "$[$START + 60]" -lt $(date +%s) ]; then
+		>&2 echo "Timed out waiting for network to reinitialize..."
+		exit 1
+	fi
+done
+echo "Network reinitialized"
 
 # Setup repository from The Guardian Project and install latest stable Tor daemon
-echo "deb     [arch=arm64 signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org bullseye main" > /etc/apt/sources.list.d/tor.list
 wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null
-apt update && apt install -y tor deb.torproject.org-keyring
+echo "deb     [arch=arm64 signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org bullseye main" > /etc/apt/sources.list.d/tor.list
+apt-get update && apt-get install -y tor deb.torproject.org-keyring
 
 curl -fsSL https://get.docker.com | sh # TODO: commit this script into git instead of live fetching it
 
-# enable embassyd dns server
-systemctl enable systemd-resolved
-sed -i '/\(^\|#\)DNS=/c\DNS=127.0.0.1' /etc/systemd/resolved.conf
-systemctl start systemd-resolved
-
-apt-get remove --purge openresolv dhcpcd5 -y
-systemctl disable wpa_supplicant.service
-
-sudo -u postgres createuser root
-sudo -u postgres createdb secrets -O root
 systemctl disable postgresql.service
-
-ln -rsf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
-
 systemctl disable bluetooth.service
 systemctl disable hciuart.service
 systemctl disable triggerhappy.service
@@ -86,7 +108,6 @@ sed -i 's/ExecStart=\/usr\/bin\/dockerd/ExecStart=\/usr\/bin\/dockerd --exec-opt
 sed -i '/}/i \ \ \ \ application\/wasm \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ wasm;' /etc/nginx/mime.types
 sed -i 's/# server_names_hash_bucket_size 64;/server_names_hash_bucket_size 128;/g' /etc/nginx/nginx.conf
 sed -i 's/#allow-interfaces=eth0/allow-interfaces=eth0,wlan0/g' /etc/avahi/avahi-daemon.conf
-echo "#" > /etc/network/interfaces
 echo '{ "cgroup-parent": "docker-engine.slice" }' > /etc/docker/daemon.json
 mkdir -p /etc/nginx/ssl
 
@@ -94,8 +115,6 @@ mkdir -p /etc/nginx/ssl
 mkdir -p /root/.docker
 touch /root/.docker/config.json
 
-docker run --privileged --rm tonistiigi/binfmt --install all
-docker network create -d bridge --subnet 172.18.0.1/16 start9 || true
 mkdir -p /etc/embassy
 systemctl enable embassyd.service embassy-init.service
 cat << EOF > /etc/tor/torrc
@@ -107,14 +126,6 @@ ControlPort 9051
 CookieAuthentication 1
 EOF
 
-cat << EOF > /etc/NetworkManager/NetworkManager.conf
-[main]
-plugins=ifupdown,keyfile
-dns=systemd-resolved
-
-[ifupdown]
-managed=false
-EOF
 
 
 if [ -f /embassy-os/product_key.txt ]
@@ -139,10 +150,10 @@ sed -i 's/rootwait quiet.*/rootwait cgroup_enable=cpuset cgroup_memory=1 cgroup_
 
 systemctl disable nc-broadcast.service
 systemctl disable initialization.service
-sudo systemctl restart NetworkManager
 
 echo "fs.inotify.max_user_watches=1048576" > /etc/sysctl.d/97-embassy.conf
 
+
 sync
 
 reboot
diff --git a/build/write-image.sh b/build/write-image.sh
index ce27f5a42..1e7eaeddf 100755
--- a/build/write-image.sh
+++ b/build/write-image.sh
@@ -38,10 +38,6 @@ echo "gpu_mem=16" | sudo tee -a /tmp/eos-mnt/config.txt.tmp > /dev/null
 sudo mv /tmp/eos-mnt/config.txt.tmp /tmp/eos-mnt/config.txt
 sudo touch /tmp/eos-mnt/ssh
 
-# Unmount the boot partition and mount embassy partition
-sudo umount /tmp/eos-mnt
-sudo mount `partition_for ${OUTPUT_DEVICE} 2` /tmp/eos-mnt
-if [ "$NO_KEY" != "1" ]; then sudo cp product_key.txt /tmp/eos-mnt; else echo "This image is being written with no product key"; fi
 sudo umount /tmp/eos-mnt
 
 sudo mount `partition_for ${OUTPUT_DEVICE} 3` /tmp/eos-mnt
diff --git a/patch-db b/patch-db
index 4d987b192..e74f36f07 160000
--- a/patch-db
+++ b/patch-db
@@ -1 +1 @@
-Subproject commit 4d987b19219050dd08278196323d847f81a807bb
+Subproject commit e74f36f07350c5d2d2934f7b2d9526b9d15bec99
diff --git a/system-images/binfmt/.gitignore b/system-images/binfmt/.gitignore
new file mode 100644
index 000000000..e0480321e
--- /dev/null
+++ b/system-images/binfmt/.gitignore
@@ -0,0 +1 @@
+binfmt.tar
\ No newline at end of file
diff --git a/system-images/binfmt/Dockerfile b/system-images/binfmt/Dockerfile
new file mode 100644
index 000000000..e1dd5d65b
--- /dev/null
+++ b/system-images/binfmt/Dockerfile
@@ -0,0 +1 @@
+FROM tonistiigi/binfmt
diff --git a/system-images/binfmt/Makefile b/system-images/binfmt/Makefile
new file mode 100644
index 000000000..543906079
--- /dev/null
+++ b/system-images/binfmt/Makefile
@@ -0,0 +1,6 @@
+.DELETE_ON_ERROR:
+
+all: binfmt.tar
+
+binfmt.tar: Dockerfile
+	DOCKER_CLI_EXPERIMENTAL=enabled docker buildx build --tag start9/x_system/binfmt --platform=linux/arm64 -o type=docker,dest=binfmt.tar .
diff --git a/system-images/compat/Cargo.lock b/system-images/compat/Cargo.lock
index cecfcbf7c..84f6787b9 100644
--- a/system-images/compat/Cargo.lock
+++ b/system-images/compat/Cargo.lock
@@ -50,6 +50,15 @@ dependencies = [
  "memchr",
 ]
 
+[[package]]
+name = "android_system_properties"
+version = "0.1.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311"
+dependencies = [
+ "libc",
+]
+
 [[package]]
 name = "ansi_term"
 version = "0.12.1"
@@ -92,7 +101,7 @@ version = "3.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8824ecca2e851cec16968d54a01dd372ef8f95b244fb84b84e70128be347c3c6"
 dependencies = [
- "term 0.7.0",
+ "term",
 ]
 
 [[package]]
@@ -168,6 +177,17 @@ dependencies = [
  "rustc-demangle",
 ]
 
+[[package]]
+name = "barrage"
+version = "0.2.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "be5951c75bdabb58753d140dd5802f12ff3a483cb2e16fb5276e111b94b19e87"
+dependencies = [
+ "concurrent-queue",
+ "event-listener",
+ "spin 0.9.3",
+]
+
 [[package]]
 name = "base32"
 version = "0.4.0"
@@ -255,17 +275,6 @@ dependencies = [
  "wyz",
 ]
 
-[[package]]
-name = "blake2b_simd"
-version = "0.5.11"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "afa748e348ad3be8263be728124b24a24f268266f6f5d58af9d75f6a40b5c587"
-dependencies = [
- "arrayref",
- "arrayvec 0.5.2",
- "constant_time_eq",
-]
-
 [[package]]
 name = "blake2b_simd"
 version = "1.0.0"
@@ -358,7 +367,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ed59b5c00048f48d7af971b71f800fdf23e858844a6f9e4d32ca72e9399e7864"
 dependencies = [
  "serde",
- "serde_with",
+ "serde_with 1.14.0",
 ]
 
 [[package]]
@@ -397,6 +406,12 @@ version = "1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c4872d67bab6358e59559027aa3b9157c53d9358c51423c17554809a8858e0f8"
 
+[[package]]
+name = "cache-padded"
+version = "1.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c1db59621ec70f09c5e9b597b220c7a2b43611f4710dc03ceb8748637775692c"
+
 [[package]]
 name = "cc"
 version = "1.0.73"
@@ -411,15 +426,17 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
 
 [[package]]
 name = "chrono"
-version = "0.4.19"
+version = "0.4.22"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "670ad68c9088c2a963aaa298cb369688cf3f9465ce5e2d4ca10e6e0098a1ce73"
+checksum = "bfd4d1b31faaa3a89d7934dbded3111da0d2ef28e3ebccdb4f0179f5929d1ef1"
 dependencies = [
- "libc",
+ "iana-time-zone",
+ "js-sys",
  "num-integer",
  "num-traits",
  "serde",
  "time 0.1.44",
+ "wasm-bindgen",
  "winapi",
 ]
 
@@ -541,15 +558,24 @@ dependencies = [
  "lazy_static",
  "linear-map",
  "log",
- "nix 0.24.2",
+ "nix 0.25.0",
  "pest",
  "pest_derive",
  "rand 0.8.5",
  "regex",
- "rust-argon2 1.0.0",
+ "rust-argon2",
  "serde",
  "serde_json",
- "serde_yaml",
+ "serde_yaml 0.8.25",
+]
+
+[[package]]
+name = "concurrent-queue"
+version = "1.2.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "af4780a44ab5696ea9e28294517f1fffb421a83a25af521333c838635509db9c"
+dependencies = [
+ "cache-padded",
 ]
 
 [[package]]
@@ -748,8 +774,18 @@ version = "0.13.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a01d95850c592940db9b8194bc39f4bc0e89dee5c4265e4b1807c34a9aba453c"
 dependencies = [
- "darling_core",
- "darling_macro",
+ "darling_core 0.13.4",
+ "darling_macro 0.13.4",
+]
+
+[[package]]
+name = "darling"
+version = "0.14.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4529658bdda7fd6769b8614be250cdcfc3aeb0ee72fe66f9e41e5e5eb73eac02"
+dependencies = [
+ "darling_core 0.14.1",
+ "darling_macro 0.14.1",
 ]
 
 [[package]]
@@ -766,13 +802,38 @@ dependencies = [
  "syn 1.0.98",
 ]
 
+[[package]]
+name = "darling_core"
+version = "0.14.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "649c91bc01e8b1eac09fb91e8dbc7d517684ca6be8ebc75bb9cafc894f9fdb6f"
+dependencies = [
+ "fnv",
+ "ident_case",
+ "proc-macro2 1.0.39",
+ "quote 1.0.18",
+ "strsim 0.10.0",
+ "syn 1.0.98",
+]
+
 [[package]]
 name = "darling_macro"
 version = "0.13.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9c972679f83bdf9c42bd905396b6c3588a843a17f0f16dfcfa3e2c5d57441835"
 dependencies = [
- "darling_core",
+ "darling_core 0.13.4",
+ "quote 1.0.18",
+ "syn 1.0.98",
+]
+
+[[package]]
+name = "darling_macro"
+version = "0.14.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ddfc69c5bfcbd2fc09a0f38451d2daf0e372e367986a83906d1b0dbc88134fb5"
+dependencies = [
+ "darling_core 0.14.1",
  "quote 1.0.18",
  "syn 1.0.98",
 ]
@@ -855,13 +916,11 @@ dependencies = [
 
 [[package]]
 name = "dirs"
-version = "1.0.5"
+version = "4.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3fd78930633bd1c6e35c4b42b1df7b0cbc6bc191146e512bb3bedf243fcc3901"
+checksum = "ca3aa72a6f96ea37bbc5aa912f6788242832f75369bdfdadcb0e38423f100059"
 dependencies = [
- "libc",
- "redox_users 0.3.5",
- "winapi",
+ "dirs-sys",
 ]
 
 [[package]]
@@ -874,6 +933,17 @@ dependencies = [
  "dirs-sys-next",
 ]
 
+[[package]]
+name = "dirs-sys"
+version = "0.3.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1b1d1d91c932ef41c0f2663aa8b0ca0342d444d842c06914aa0a7e352d0bada6"
+dependencies = [
+ "libc",
+ "redox_users",
+ "winapi",
+]
+
 [[package]]
 name = "dirs-sys-next"
 version = "0.1.2"
@@ -881,7 +951,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4ebda144c4fe02d1f7ea1a7d9641b6fc6b580adcfa024ae48797ecdeb6825b4d"
 dependencies = [
  "libc",
- "redox_users 0.4.3",
+ "redox_users",
  "winapi",
 ]
 
@@ -934,7 +1004,7 @@ dependencies = [
 
 [[package]]
 name = "embassy-os"
-version = "0.3.1-rev.1"
+version = "0.3.2"
 dependencies = [
  "aes",
  "async-stream",
@@ -975,7 +1045,7 @@ dependencies = [
  "libc",
  "log",
  "models",
- "nix 0.24.2",
+ "nix 0.25.0",
  "nom 7.1.1",
  "num",
  "num_enum",
@@ -995,12 +1065,12 @@ dependencies = [
  "reqwest_cookie_store",
  "rpassword",
  "rpc-toolkit",
- "rust-argon2 1.0.0",
+ "rust-argon2",
  "scopeguard",
  "serde",
  "serde_json",
- "serde_with",
- "serde_yaml",
+ "serde_with 2.0.1",
+ "serde_yaml 0.9.13",
  "sha2 0.10.2",
  "sha2 0.9.9",
  "simple-logging",
@@ -1022,6 +1092,7 @@ dependencies = [
  "trust-dns-server",
  "typed-builder",
  "url",
+ "uuid",
 ]
 
 [[package]]
@@ -1047,9 +1118,9 @@ dependencies = [
 
 [[package]]
 name = "encode_unicode"
-version = "0.3.6"
+version = "1.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a357d28ed41a50f9c765dbfe56cbc04a64e53e5fc58ba79fbc34c10ef3df831f"
+checksum = "34aa73646ffb006b8f5147f3dc182bd4bcb190227ce861fc4a4844bf8e3cb2c0"
 
 [[package]]
 name = "encoding_rs"
@@ -1068,9 +1139,9 @@ checksum = "c34f04666d835ff5d62e058c3995147c06f42fe86ff053337632bca83e42702d"
 
 [[package]]
 name = "enum-as-inner"
-version = "0.4.0"
+version = "0.5.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "21cdad81446a7f7dc43f6a77409efeb9733d2fa65553efef6018ef257c959b73"
+checksum = "c9720bba047d567ffc8a3cba48bf19126600e249ab7f128e9233e6376976a116"
 dependencies = [
  "heck 0.4.0",
  "proc-macro2 1.0.39",
@@ -1181,18 +1252,6 @@ dependencies = [
  "miniz_oxide",
 ]
 
-[[package]]
-name = "flume"
-version = "0.10.12"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "843c03199d0c0ca54bc1ea90ac0d507274c28abcc4f691ae8b4eaa375087c76a"
-dependencies = [
- "futures-core",
- "futures-sink",
- "pin-project",
- "spin 0.9.3",
-]
-
 [[package]]
 name = "fnv"
 version = "1.0.7"
@@ -1501,6 +1560,15 @@ version = "0.4.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70"
 
+[[package]]
+name = "hkdf"
+version = "0.12.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "791a029f6b9fc27657f6f188ec6e5e43f6911f6f878e0dc5501396e09809d437"
+dependencies = [
+ "hmac 0.12.1",
+]
+
 [[package]]
 name = "hmac"
 version = "0.11.0"
@@ -1627,6 +1695,20 @@ dependencies = [
  "tokio",
 ]
 
+[[package]]
+name = "iana-time-zone"
+version = "0.1.48"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "237a0714f28b1ee39ccec0770ccb544eb02c9ef2c82bb096230eefcffa6468b0"
+dependencies = [
+ "android_system_properties",
+ "core-foundation-sys",
+ "js-sys",
+ "once_cell",
+ "wasm-bindgen",
+ "winapi",
+]
+
 [[package]]
 name = "ident_case"
 version = "1.0.1"
@@ -1842,7 +1924,7 @@ dependencies = [
  "regex",
  "regex-syntax",
  "string_cache",
- "term 0.7.0",
+ "term",
  "tiny-keccak",
  "unicode-xid 0.2.3",
 ]
@@ -1877,20 +1959,9 @@ dependencies = [
 
 [[package]]
 name = "libc"
-version = "0.2.126"
+version = "0.2.133"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "349d5a591cd28b49e1d1037471617a32ddcda5731b99419008085f72d5a53836"
-
-[[package]]
-name = "libsqlite3-sys"
-version = "0.24.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "898745e570c7d0453cc1fbc4a701eb6c662ed54e8fec8b7d14be137ebeeb9d14"
-dependencies = [
- "cc",
- "pkg-config",
- "vcpkg",
-]
+checksum = "c0f80d65747a3e43d1596c7c5492d95d5edddaabd45a7fcdb02b95f644164966"
 
 [[package]]
 name = "linear-map"
@@ -1959,6 +2030,15 @@ dependencies = [
  "opaque-debug 0.3.0",
 ]
 
+[[package]]
+name = "md-5"
+version = "0.10.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "66b48670c893079d3c2ed79114e3644b7004df1c361a4e0ad52e2e6940d07c3d"
+dependencies = [
+ "digest 0.10.3",
+]
+
 [[package]]
 name = "memchr"
 version = "2.5.0"
@@ -2076,6 +2156,20 @@ dependencies = [
  "memoffset",
 ]
 
+[[package]]
+name = "nix"
+version = "0.25.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e322c04a9e3440c327fca7b6c8a63e6890a32fa2ad689db972425f07e0d22abb"
+dependencies = [
+ "autocfg",
+ "bitflags",
+ "cfg-if",
+ "libc",
+ "memoffset",
+ "pin-utils",
+]
+
 [[package]]
 name = "nom"
 version = "6.1.2"
@@ -2226,9 +2320,9 @@ dependencies = [
 
 [[package]]
 name = "once_cell"
-version = "1.12.0"
+version = "1.15.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7709cef83f0c1f58f666e746a08b21e0085f7440fa6a29cc194d68aac97a4225"
+checksum = "e82dad04139b71a90c080c8463fe0dc7902db5192d939bd0950f074d014339e1"
 
 [[package]]
 name = "opaque-debug"
@@ -2250,7 +2344,7 @@ checksum = "e7249a699cdeea261ac73f1bf9350777cb867324f44373aafb5a287365bf1771"
 dependencies = [
  "base64",
  "byteorder",
- "md-5",
+ "md-5 0.9.1",
  "sha2 0.9.9",
  "thiserror",
 ]
@@ -2392,6 +2486,7 @@ name = "patch-db"
 version = "0.1.0"
 dependencies = [
  "async-trait",
+ "barrage",
  "fd-lock-rs",
  "futures",
  "imbl 1.0.1",
@@ -2585,15 +2680,15 @@ checksum = "925383efa346730478fb4838dbe9137d2a47675ad789c546d150a6e1dd4ab31c"
 
 [[package]]
 name = "prettytable-rs"
-version = "0.8.0"
+version = "0.9.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0fd04b170004fa2daccf418a7f8253aaf033c27760b5f225889024cf66d7ac2e"
+checksum = "5f375cb74c23b51d23937ffdeb48b1fbf5b6409d4b9979c1418c1de58bc8f801"
 dependencies = [
  "atty",
  "csv",
  "encode_unicode",
  "lazy_static",
- "term 0.5.2",
+ "term",
  "unicode-width",
 ]
 
@@ -2830,17 +2925,6 @@ dependencies = [
  "bitflags",
 ]
 
-[[package]]
-name = "redox_users"
-version = "0.3.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "de0737333e7a9502c789a36d7c7fa6092a49895d4faa31ca5df163857ded2e9d"
-dependencies = [
- "getrandom 0.1.16",
- "redox_syscall 0.1.57",
- "rust-argon2 0.8.3",
-]
-
 [[package]]
 name = "redox_users"
 version = "0.4.3"
@@ -2931,9 +3015,9 @@ dependencies = [
 
 [[package]]
 name = "reqwest_cookie_store"
-version = "0.3.0"
+version = "0.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5fc7d9a4063adcdfbb061aa3011b813cce95d3a8990f9ccb5ea85017916a1b0b"
+checksum = "0568e27f107b933735a07b3f8cb985ecfe3d3ce2f2225f82f10b3750f5981263"
 dependencies = [
  "bytes",
  "cookie",
@@ -2959,13 +3043,11 @@ dependencies = [
 
 [[package]]
 name = "rpassword"
-version = "6.0.1"
+version = "7.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2bf099a1888612545b683d2661a1940089f6c2e5a8e38979b2159da876bfd956"
+checksum = "26b763cb66df1c928432cc35053f8bd4cec3335d8559fc16010017d16b3c1680"
 dependencies = [
  "libc",
- "serde",
- "serde_json",
  "winapi",
 ]
 
@@ -3013,18 +3095,6 @@ dependencies = [
  "syn 1.0.98",
 ]
 
-[[package]]
-name = "rust-argon2"
-version = "0.8.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4b18820d944b33caa75a71378964ac46f58517c92b6ae5f762636247c09e78fb"
-dependencies = [
- "base64",
- "blake2b_simd 0.5.11",
- "constant_time_eq",
- "crossbeam-utils",
-]
-
 [[package]]
 name = "rust-argon2"
 version = "1.0.0"
@@ -3032,7 +3102,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b50162d19404029c1ceca6f6980fe40d45c8b369f6f44446fa14bb39573b5bb9"
 dependencies = [
  "base64",
- "blake2b_simd 1.0.0",
+ "blake2b_simd",
  "constant_time_eq",
  "crossbeam-utils",
 ]
@@ -3238,9 +3308,24 @@ version = "1.14.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "678b5a069e50bf00ecd22d0cd8ddf7c236f68581b03db652061ed5eb13a312ff"
 dependencies = [
+ "serde",
+ "serde_with_macros 1.5.2",
+]
+
+[[package]]
+name = "serde_with"
+version = "2.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "368f2d60d049ea019a84dcd6687b0d1e0030fe663ae105039bdf967ed5e6a9a7"
+dependencies = [
+ "base64",
+ "chrono",
+ "hex",
+ "indexmap",
  "serde",
  "serde_json",
- "serde_with_macros",
+ "serde_with_macros 2.0.1",
+ "time 0.3.11",
 ]
 
 [[package]]
@@ -3249,7 +3334,19 @@ version = "1.5.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e182d6ec6f05393cc0e5ed1bf81ad6db3a8feedf8ee515ecdd369809bcce8082"
 dependencies = [
- "darling",
+ "darling 0.13.4",
+ "proc-macro2 1.0.39",
+ "quote 1.0.18",
+ "syn 1.0.98",
+]
+
+[[package]]
+name = "serde_with_macros"
+version = "2.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1ccadfacf6cf10faad22bbadf55986bdd0856edfb5d9210aa1dcf1f516e84e93"
+dependencies = [
+ "darling 0.14.1",
  "proc-macro2 1.0.39",
  "quote 1.0.18",
  "syn 1.0.98",
@@ -3267,6 +3364,19 @@ dependencies = [
  "yaml-rust",
 ]
 
+[[package]]
+name = "serde_yaml"
+version = "0.9.13"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8613d593412a0deb7bbd8de9d908efff5a0cb9ccd8f62c641e7b2ed2f57291d1"
+dependencies = [
+ "indexmap",
+ "itoa 1.0.2",
+ "ryu",
+ "serde",
+ "unsafe-libyaml",
+]
+
 [[package]]
 name = "sha-1"
 version = "0.8.2"
@@ -3410,9 +3520,6 @@ name = "spin"
 version = "0.9.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c530c2b0d0bf8b69304b39fe2001993e267461948b890cd037d8ad4293fa1a0d"
-dependencies = [
- "lock_api",
-]
 
 [[package]]
 name = "spki"
@@ -3453,34 +3560,39 @@ checksum = "6b69bf218860335ddda60d6ce85ee39f6cf6e5630e300e19757d1de15886a093"
 dependencies = [
  "ahash",
  "atoi",
+ "base64",
  "bitflags",
  "byteorder",
  "bytes",
  "chrono",
  "crc",
  "crossbeam-queue",
+ "dirs",
  "either",
  "event-listener",
- "flume",
  "futures-channel",
  "futures-core",
- "futures-executor",
  "futures-intrusive",
  "futures-util",
  "hashlink",
  "hex",
+ "hkdf",
+ "hmac 0.12.1",
  "indexmap",
  "itoa 1.0.2",
  "libc",
- "libsqlite3-sys",
  "log",
+ "md-5 0.10.4",
  "memchr",
  "once_cell",
  "paste",
  "percent-encoding",
+ "rand 0.8.5",
  "rustls",
  "rustls-pemfile",
  "serde",
+ "serde_json",
+ "sha-1 0.10.0",
  "sha2 0.10.2",
  "smallvec",
  "sqlformat",
@@ -3490,6 +3602,7 @@ dependencies = [
  "tokio-stream",
  "url",
  "webpki-roots",
+ "whoami",
 ]
 
 [[package]]
@@ -3650,17 +3763,6 @@ dependencies = [
  "winapi",
 ]
 
-[[package]]
-name = "term"
-version = "0.5.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "edd106a334b7657c10b7c540a0106114feadeb4dc314513e97df481d5d966f42"
-dependencies = [
- "byteorder",
- "dirs",
- "winapi",
-]
-
 [[package]]
 name = "term"
 version = "0.7.0"
@@ -3756,6 +3858,7 @@ dependencies = [
  "itoa 1.0.2",
  "libc",
  "num_threads",
+ "serde",
  "time-macros",
 ]
 
@@ -4056,29 +4159,29 @@ dependencies = [
 
 [[package]]
 name = "trust-dns-client"
-version = "0.21.2"
+version = "0.22.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a6d9ba1c6079f6f9b4664e482db1700bd53d2ee77b1c9752c1d7a66c0c8bda99"
+checksum = "6c408c32e6a9dbb38037cece35740f2cf23c875d8ca134d33631cec83f74d3fe"
 dependencies = [
  "cfg-if",
  "data-encoding",
  "futures-channel",
  "futures-util",
  "lazy_static",
- "log",
  "radix_trie",
  "rand 0.8.5",
  "thiserror",
  "time 0.3.11",
  "tokio",
+ "tracing",
  "trust-dns-proto",
 ]
 
 [[package]]
 name = "trust-dns-proto"
-version = "0.21.2"
+version = "0.22.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9c31f240f59877c3d4bb3b3ea0ec5a6a0cff07323580ff8c7a605cd7d08b255d"
+checksum = "4f7f83d1e4a0e4358ac54c5c3681e5d7da5efc5a7a632c90bb6d6669ddd9bc26"
 dependencies = [
  "async-trait",
  "cfg-if",
@@ -4090,34 +4193,33 @@ dependencies = [
  "idna",
  "ipnet",
  "lazy_static",
- "log",
  "rand 0.8.5",
  "smallvec",
  "thiserror",
  "tinyvec",
  "tokio",
+ "tracing",
  "url",
 ]
 
 [[package]]
 name = "trust-dns-server"
-version = "0.21.2"
+version = "0.22.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a395a2e0fd8aac9b4613767a5b4ba4b2040de1b767fa03ace8c9d6f351d60b2d"
+checksum = "1583cf9f8a359c9f16fdf760b79cb2be3f261b98db8027f81959c7a4f6645e2c"
 dependencies = [
  "async-trait",
  "bytes",
  "cfg-if",
  "enum-as-inner",
- "env_logger",
  "futures-executor",
  "futures-util",
- "log",
  "serde",
  "thiserror",
  "time 0.3.11",
  "tokio",
  "toml",
+ "tracing",
  "trust-dns-client",
  "trust-dns-proto",
 ]
@@ -4222,6 +4324,12 @@ version = "0.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "39ec24b3121d976906ece63c9daad25b85969647682eee313cb5779fdd69e14e"
 
+[[package]]
+name = "unsafe-libyaml"
+version = "0.2.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c1e5fa573d8ac5f1a856f8d7be41d390ee973daf97c806b2c1a465e4e1406e68"
+
 [[package]]
 name = "untrusted"
 version = "0.7.1"
@@ -4247,6 +4355,15 @@ version = "0.7.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "09cc8ee72d2a9becf2f2febe0205bbed8fc6615b7cb429ad062dc7b7ddd036a9"
 
+[[package]]
+name = "uuid"
+version = "1.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dd6469f4314d5f1ffec476e05f17cc9a78bc7a27a6a857842170bdf8d6f98d2f"
+dependencies = [
+ "getrandom 0.2.6",
+]
+
 [[package]]
 name = "valuable"
 version = "0.1.0"
@@ -4403,6 +4520,17 @@ dependencies = [
  "webpki",
 ]
 
+[[package]]
+name = "whoami"
+version = "1.2.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d6631b6a2fd59b1841b622e8f1a7ad241ef0a46f2d580464ce8140ac94cbd571"
+dependencies = [
+ "bumpalo",
+ "wasm-bindgen",
+ "web-sys",
+]
+
 [[package]]
 name = "winapi"
 version = "0.3.9"
diff --git a/system-images/compat/Makefile b/system-images/compat/Makefile
index 0d3744755..065bbf0ef 100644
--- a/system-images/compat/Makefile
+++ b/system-images/compat/Makefile
@@ -4,8 +4,8 @@
 
 all: compat.tar
 
-compat.tar: Dockerfile build
+compat.tar: Dockerfile target/aarch64-unknown-linux-musl/release/compat
 	DOCKER_CLI_EXPERIMENTAL=enabled docker buildx build --tag start9/x_system/compat --platform=linux/arm64 -o type=docker,dest=compat.tar .
 
-build: $(COMPAT_SRC)
+target/aarch64-unknown-linux-musl/release/compat: $(COMPAT_SRC)
 	./build.sh