refactor project structure

.github/workflows/startos-iso.yaml

@@ -125,9 +125,6 @@ jobs:
       - name: Set up docker QEMU
         uses: docker/setup-qemu-action@v3
 
-      - name: Set up system dependencies
-        run: sudo apt-get update && sudo apt-get install -y qemu-user-static systemd-container squashfuse
-
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
@@ -228,28 +225,6 @@ jobs:
         with:
           submodules: recursive
 
-      - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: "3.x"
-
-      - name: Install dependencies
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y qemu-user-static
-          wget https://deb.debian.org/debian/pool/main/d/debspawn/debspawn_0.6.2-1_all.deb
-          sha256sum ./debspawn_0.6.2-1_all.deb | grep 37ef27458cb1e35e8bce4d4f639b06b4b3866fc0b9191ec6b9bd157afd06a817
-          sudo apt-get install -y ./debspawn_0.6.2-1_all.deb
-
-      - name: Configure debspawn
-        run: |
-          sudo mkdir -p /etc/debspawn/
-          echo "AllowUnsafePermissions=true" | sudo tee /etc/debspawn/global.toml
-          sudo mkdir -p /var/tmp/debspawn
-
-      - run: sudo mount -t tmpfs tmpfs /var/tmp/debspawn
-        if: ${{ github.event.inputs.runner == 'fast' && (matrix.platform == 'x86_64' || matrix.platform == 'x86_64-nonfree') }}
-
       - name: Download compiled artifacts
         uses: actions/download-artifact@v4
         with:
@@ -262,12 +237,11 @@ jobs:
         run: |
           mkdir -p web/node_modules
           mkdir -p web/dist/raw
-          mkdir -p core/startos/bindings
+          mkdir -p core/bindings
           mkdir -p sdk/base/lib/osBindings
           mkdir -p container-runtime/node_modules
           mkdir -p container-runtime/dist
           mkdir -p container-runtime/dist/node_modules
-          mkdir -p core/startos/bindings
           mkdir -p sdk/dist
           mkdir -p sdk/baseDist
           mkdir -p patch-db/client/node_modules
@@ -307,40 +281,3 @@ jobs:
           name: ${{ matrix.platform }}.img
           path: results/*.img
         if: ${{ matrix.platform == 'raspberrypi' }}
-
-      - name: Upload OTA to registry
-        run: >-
-          PLATFORM=${{ matrix.platform }} make upload-ota TARGET="${{
-            fromJson('{
-              "alpha": "alpha-registry-x.start9.com",
-              "beta": "beta-registry.start9.com",
-            }')[github.event.inputs.deploy]
-          }}" KEY="${{
-            fromJson(
-              format('{{
-                "alpha": "{0}",
-                "beta": "{1}",
-              }}', secrets.ALPHA_INDEX_KEY, secrets.BETA_INDEX_KEY)
-            )[github.event.inputs.deploy]
-          }}"
-        if: ${{ github.event.inputs.deploy != '' && github.event.inputs.deploy != 'NONE' }}
-
-  index:
-    if: ${{ github.event.inputs.deploy != '' && github.event.inputs.deploy != 'NONE' }}
-    needs: [image]
-    runs-on: ubuntu-latest
-    steps:
-      - run: >-
-          curl "https://${{
-            fromJson('{
-              "alpha": "alpha-registry-x.start9.com",
-              "beta": "beta-registry.start9.com",
-            }')[github.event.inputs.deploy]
-          }}:8443/resync.cgi?key=${{
-            fromJson(
-              format('{{
-                "alpha": "{0}",
-                "beta": "{1}",
-              }}', secrets.ALPHA_INDEX_KEY, secrets.BETA_INDEX_KEY)
-            )[github.event.inputs.deploy]
-          }}"

.gitignore

@@ -1,28 +1,22 @@
 .DS_Store
 .idea
-/*.img
-/*.img.gz
-/*.img.xz
-/*-raspios-bullseye-arm64-lite.img
-/*-raspios-bullseye-arm64-lite.zip
+*.img
+*.img.gz
+*.img.xz
+*.zip
 /product_key.txt
 /*_product_key.txt
 .vscode/settings.json
 deploy_web.sh
-deploy_web.sh
 secrets.db
 .vscode/
-/cargo-deps/**/*
-/PLATFORM.txt
-/ENVIRONMENT.txt
-/GIT_HASH.txt
-/VERSION.txt
-/*.deb
+/build/env/*.txt
+*.deb
 /target
-/*.squashfs
+*.squashfs
 /results
 /dpkg-workdir
 /compiled.tar
 /compiled-*.tar
-/firmware
-/tmp
+/build/lib/firmware
+tmp

Makefile

@@ -1,23 +1,23 @@
 ls-files = $(shell git ls-files --cached --others --exclude-standard $1) 
 PROFILE = release
 
-PLATFORM_FILE := $(shell ./check-platform.sh)
-ENVIRONMENT_FILE := $(shell ./check-environment.sh)
-GIT_HASH_FILE := $(shell ./check-git-hash.sh)
-VERSION_FILE := $(shell ./check-version.sh)
-BASENAME := $(shell PROJECT=startos ./basename.sh)
-PLATFORM := $(shell if [ -f ./PLATFORM.txt ]; then cat ./PLATFORM.txt; else echo unknown; fi)
+PLATFORM_FILE := $(shell ./build/env/check-platform.sh)
+ENVIRONMENT_FILE := $(shell ./build/env/check-environment.sh)
+GIT_HASH_FILE := $(shell ./build/env/check-git-hash.sh)
+VERSION_FILE := $(shell ./build/env/check-version.sh)
+BASENAME := $(shell PROJECT=startos ./build/env/basename.sh)
+PLATFORM := $(shell if [ -f $(PLATFORM_FILE) ]; then cat $(PLATFORM_FILE); else echo unknown; fi)
 ARCH := $(shell if [ "$(PLATFORM)" = "raspberrypi" ]; then echo aarch64; else echo $(PLATFORM) | sed 's/-nonfree$$//g'; fi)
 RUST_ARCH := $(shell if [ "$(ARCH)" = "riscv64" ]; then echo riscv64gc; else echo $(ARCH); fi)
-REGISTRY_BASENAME := $(shell PROJECT=start-registry PLATFORM=$(ARCH) ./basename.sh)
-TUNNEL_BASENAME := $(shell PROJECT=start-tunnel PLATFORM=$(ARCH) ./basename.sh)
+REGISTRY_BASENAME := $(shell PROJECT=start-registry PLATFORM=$(ARCH) ./build/env/basename.sh)
+TUNNEL_BASENAME := $(shell PROJECT=start-tunnel PLATFORM=$(ARCH) ./build/env/basename.sh)
 IMAGE_TYPE=$(shell if [ "$(PLATFORM)" = raspberrypi ]; then echo img; else echo iso; fi)
 WEB_UIS := web/dist/raw/ui/index.html web/dist/raw/setup-wizard/index.html web/dist/raw/install-wizard/index.html
 COMPRESSED_WEB_UIS := web/dist/static/ui/index.html web/dist/static/setup-wizard/index.html web/dist/static/install-wizard/index.html
-FIRMWARE_ROMS := ./firmware/$(PLATFORM) $(shell jq --raw-output '.[] | select(.platform[] | contains("$(PLATFORM)")) | "./firmware/$(PLATFORM)/" + .id + ".rom.gz"' build/lib/firmware.json)
-BUILD_SRC := $(call ls-files, build) build/lib/depends build/lib/conflicts $(FIRMWARE_ROMS)
-IMAGE_RECIPE_SRC := $(call ls-files, image-recipe/)
-STARTD_SRC := core/startos/startd.service $(BUILD_SRC)
+FIRMWARE_ROMS := build/lib/firmware/$(PLATFORM) $(shell jq --raw-output '.[] | select(.platform[] | contains("$(PLATFORM)")) | "./build/lib/firmware/$(PLATFORM)/" + .id + ".rom.gz"' build/lib/firmware.json)
+BUILD_SRC := $(call ls-files, build/lib) build/lib/depends build/lib/conflicts $(FIRMWARE_ROMS)
+IMAGE_RECIPE_SRC := $(call ls-files, build/image-recipe/)
+STARTD_SRC := core/startd.service $(BUILD_SRC)
 CORE_SRC := $(call ls-files, core) $(shell git ls-files --recurse-submodules patch-db) $(GIT_HASH_FILE)
 WEB_SHARED_SRC := $(call ls-files, web/projects/shared) $(call ls-files, web/projects/marketplace) $(shell ls -p web/ | grep -v / | sed 's/^/web\//g') web/node_modules/.package-lock.json web/config.json patch-db/client/dist/index.js sdk/baseDist/package.json web/patchdb-ui-seed.json sdk/dist/package.json
 WEB_UI_SRC := $(call ls-files, web/projects/ui)
@@ -28,18 +28,18 @@ PATCH_DB_CLIENT_SRC := $(shell git ls-files --recurse-submodules patch-db/client
 GZIP_BIN := $(shell which pigz || which gzip)
 TAR_BIN := $(shell which gtar || which tar)
 COMPILED_TARGETS := core/target/$(RUST_ARCH)-unknown-linux-musl/$(PROFILE)/startbox core/target/$(RUST_ARCH)-unknown-linux-musl/release/start-container container-runtime/rootfs.$(ARCH).squashfs
-STARTOS_TARGETS := $(STARTD_SRC) $(ENVIRONMENT_FILE) $(GIT_HASH_FILE) $(VERSION_FILE) $(COMPILED_TARGETS) cargo-deps/$(RUST_ARCH)-unknown-linux-musl/release/startos-backup-fs $(PLATFORM_FILE) \
+STARTOS_TARGETS := $(STARTD_SRC) $(ENVIRONMENT_FILE) $(GIT_HASH_FILE) $(VERSION_FILE) $(COMPILED_TARGETS) target/$(RUST_ARCH)-unknown-linux-musl/release/startos-backup-fs $(PLATFORM_FILE) \
 	$(shell if [ "$(PLATFORM)" = "raspberrypi" ]; then \
-		echo cargo-deps/aarch64-unknown-linux-musl/release/pi-beep; \
+		echo target/aarch64-unknown-linux-musl/release/pi-beep; \
 	fi) \
 	$(shell /bin/bash -c 'if [[ "${ENVIRONMENT}" =~ (^|-)unstable($$|-) ]]; then \
-		echo cargo-deps/$(RUST_ARCH)-unknown-linux-musl/release/flamegraph; \
+		echo target/$(RUST_ARCH)-unknown-linux-musl/release/flamegraph; \
 	fi') \
 	$(shell /bin/bash -c 'if [[ "${ENVIRONMENT}" =~ (^|-)console($$|-) ]]; then \
-		echo cargo-deps/$(RUST_ARCH)-unknown-linux-musl/release/tokio-console; \
+		echo target/$(RUST_ARCH)-unknown-linux-musl/release/tokio-console; \
 	fi')
-REGISTRY_TARGETS := core/target/$(RUST_ARCH)-unknown-linux-musl/$(PROFILE)/registrybox core/startos/start-registryd.service
-TUNNEL_TARGETS := core/target/$(RUST_ARCH)-unknown-linux-musl/$(PROFILE)/tunnelbox core/startos/start-tunneld.service
+REGISTRY_TARGETS := core/target/$(RUST_ARCH)-unknown-linux-musl/$(PROFILE)/registrybox core/start-registryd.service
+TUNNEL_TARGETS := core/target/$(RUST_ARCH)-unknown-linux-musl/$(PROFILE)/tunnelbox core/start-tunneld.service
 
 ifeq ($(REMOTE),)
 	mkdir = mkdir -p $1
@@ -73,7 +73,7 @@ metadata: $(VERSION_FILE) $(PLATFORM_FILE) $(ENVIRONMENT_FILE) $(GIT_HASH_FILE)
 
 clean:
 	rm -rf core/target
-	rm -rf core/startos/bindings
+	rm -rf core/bindings
 	rm -rf web/.angular
 	rm -f web/config.json
 	rm -rf web/node_modules
@@ -81,7 +81,7 @@ clean:
 	rm -rf patch-db/client/node_modules
 	rm -rf patch-db/client/dist
 	rm -rf patch-db/target
-	rm -rf cargo-deps
+	rm -rf target
 	rm -rf dpkg-workdir
 	rm -rf image-recipe/deb
 	rm -rf results
@@ -89,14 +89,8 @@ clean:
 	rm -rf container-runtime/dist
 	rm -rf container-runtime/node_modules
 	rm -f container-runtime/*.squashfs
-	if [ -d container-runtime/tmp/combined ] && mountpoint container-runtime/tmp/combined; then sudo umount container-runtime/tmp/combined; fi
-	if [ -d container-runtime/tmp/lower ] && mountpoint container-runtime/tmp/lower; then sudo umount container-runtime/tmp/lower; fi
-	rm -rf container-runtime/tmp
 	(cd sdk && make clean)
-	rm -f ENVIRONMENT.txt
-	rm -f PLATFORM.txt
-	rm -f GIT_HASH.txt
-	rm -f VERSION.txt
+	rm -f env/*.txt
 
 format:
 	cd core && cargo +nightly fmt
@@ -113,10 +107,10 @@ test-container-runtime: container-runtime/node_modules/.package-lock.json $(call
 	cd container-runtime && npm test
 
 install-cli: $(GIT_HASH_FILE)
-	./core/build-cli.sh --install
+	./core/build/build-cli.sh --install
 
 cli: $(GIT_HASH_FILE)
-	./core/build-cli.sh
+	./core/build/build-cli.sh
 
 registry: core/target/$(RUST_ARCH)-unknown-linux-musl/$(PROFILE)/registrybox
 
@@ -127,49 +121,49 @@ install-registry: $(REGISTRY_TARGETS)
 	$(call ln,/usr/bin/start-registrybox,$(DESTDIR)/usr/bin/start-registry)
 
 	$(call mkdir,$(DESTDIR)/lib/systemd/system)
-	$(call cp,core/startos/start-registryd.service,$(DESTDIR)/lib/systemd/system/start-registryd.service)
+	$(call cp,core/start-registryd.service,$(DESTDIR)/lib/systemd/system/start-registryd.service)
 
 core/target/$(RUST_ARCH)-unknown-linux-musl/$(PROFILE)/registrybox: $(CORE_SRC) $(ENVIRONMENT_FILE)
-	ARCH=$(ARCH) PROFILE=$(PROFILE) ./core/build-registrybox.sh
+	ARCH=$(ARCH) PROFILE=$(PROFILE) ./core/build/build-registrybox.sh
 
 tunnel: core/target/$(RUST_ARCH)-unknown-linux-musl/$(PROFILE)/tunnelbox
 
-install-tunnel: core/target/$(RUST_ARCH)-unknown-linux-musl/$(PROFILE)/tunnelbox core/startos/start-tunneld.service
+install-tunnel: core/target/$(RUST_ARCH)-unknown-linux-musl/$(PROFILE)/tunnelbox core/start-tunneld.service
 	$(call mkdir,$(DESTDIR)/usr/bin)
 	$(call cp,core/target/$(RUST_ARCH)-unknown-linux-musl/$(PROFILE)/tunnelbox,$(DESTDIR)/usr/bin/start-tunnelbox)
 	$(call ln,/usr/bin/start-tunnelbox,$(DESTDIR)/usr/bin/start-tunneld)
 	$(call ln,/usr/bin/start-tunnelbox,$(DESTDIR)/usr/bin/start-tunnel)
 
 	$(call mkdir,$(DESTDIR)/lib/systemd/system)
-	$(call cp,core/startos/start-tunneld.service,$(DESTDIR)/lib/systemd/system/start-tunneld.service)
+	$(call cp,core/start-tunneld.service,$(DESTDIR)/lib/systemd/system/start-tunneld.service)
 
 	$(call mkdir,$(DESTDIR)/usr/lib/startos/scripts)
 	$(call cp,build/lib/scripts/forward-port,$(DESTDIR)/usr/lib/startos/scripts/forward-port)
 
 core/target/$(RUST_ARCH)-unknown-linux-musl/$(PROFILE)/tunnelbox: $(CORE_SRC) $(ENVIRONMENT_FILE) $(GIT_HASH_FILE) web/dist/static/start-tunnel/index.html
-	ARCH=$(ARCH) PROFILE=$(PROFILE) ./core/build-tunnelbox.sh
+	ARCH=$(ARCH) PROFILE=$(PROFILE) ./core/build/build-tunnelbox.sh
 
 deb: results/$(BASENAME).deb
 
-results/$(BASENAME).deb: dpkg-build.sh $(call ls-files,debian/startos) $(STARTOS_TARGETS)
-	PLATFORM=$(PLATFORM) REQUIRES=debian ./build/os-compat/run-compat.sh ./dpkg-build.sh
+results/$(BASENAME).deb: debian/dpkg-build.sh $(call ls-files,debian/startos) $(STARTOS_TARGETS)
+	PLATFORM=$(PLATFORM) REQUIRES=debian ./build/os-compat/run-compat.sh ./debian/dpkg-build.sh
 
 registry-deb: results/$(REGISTRY_BASENAME).deb
 
-results/$(REGISTRY_BASENAME).deb: dpkg-build.sh $(call ls-files,debian/start-registry) $(REGISTRY_TARGETS)
-	PROJECT=start-registry PLATFORM=$(ARCH) REQUIRES=debian ./build/os-compat/run-compat.sh ./dpkg-build.sh
+results/$(REGISTRY_BASENAME).deb: debian/dpkg-build.sh $(call ls-files,debian/start-registry) $(REGISTRY_TARGETS)
+	PROJECT=start-registry PLATFORM=$(ARCH) REQUIRES=debian ./build/os-compat/run-compat.sh ./debian/dpkg-build.sh
 
 tunnel-deb: results/$(TUNNEL_BASENAME).deb
 
-results/$(TUNNEL_BASENAME).deb: dpkg-build.sh $(call ls-files,debian/start-tunnel) $(TUNNEL_TARGETS) build/lib/scripts/forward-port
-	PROJECT=start-tunnel PLATFORM=$(ARCH) REQUIRES=debian DEPENDS=wireguard-tools,iptables,conntrack ./build/os-compat/run-compat.sh ./dpkg-build.sh
+results/$(TUNNEL_BASENAME).deb: debian/dpkg-build.sh $(call ls-files,debian/start-tunnel) $(TUNNEL_TARGETS) build/lib/scripts/forward-port
+	PROJECT=start-tunnel PLATFORM=$(ARCH) REQUIRES=debian DEPENDS=wireguard-tools,iptables,conntrack ./build/os-compat/run-compat.sh ./debian/dpkg-build.sh
 
 $(IMAGE_TYPE): results/$(BASENAME).$(IMAGE_TYPE)
 
 squashfs: results/$(BASENAME).squashfs
 
 results/$(BASENAME).$(IMAGE_TYPE) results/$(BASENAME).squashfs: $(IMAGE_RECIPE_SRC) results/$(BASENAME).deb
-	./image-recipe/run-local-build.sh "results/$(BASENAME).deb"
+	./build/image-recipe/run-local-build.sh "results/$(BASENAME).deb"
 
 # For creating os images. DO NOT USE
 install: $(STARTOS_TARGETS)
@@ -178,18 +172,18 @@ install: $(STARTOS_TARGETS)
 	$(call cp,core/target/$(RUST_ARCH)-unknown-linux-musl/$(PROFILE)/startbox,$(DESTDIR)/usr/bin/startbox)
 	$(call ln,/usr/bin/startbox,$(DESTDIR)/usr/bin/startd)
 	$(call ln,/usr/bin/startbox,$(DESTDIR)/usr/bin/start-cli)
-	if [ "$(PLATFORM)" = "raspberrypi" ]; then $(call cp,cargo-deps/aarch64-unknown-linux-musl/release/pi-beep,$(DESTDIR)/usr/bin/pi-beep); fi
+	if [ "$(PLATFORM)" = "raspberrypi" ]; then $(call cp,target/aarch64-unknown-linux-musl/release/pi-beep,$(DESTDIR)/usr/bin/pi-beep); fi
 	if /bin/bash -c '[[ "${ENVIRONMENT}" =~ (^|-)unstable($$|-) ]]'; then \
-		$(call cp,cargo-deps/$(RUST_ARCH)-unknown-linux-musl/release/flamegraph,$(DESTDIR)/usr/bin/flamegraph); \
+		$(call cp,target/$(RUST_ARCH)-unknown-linux-musl/release/flamegraph,$(DESTDIR)/usr/bin/flamegraph); \
 	fi
 	if /bin/bash -c '[[ "${ENVIRONMENT}" =~ (^|-)console($$|-) ]]'; then \
-		$(call cp,cargo-deps/$(RUST_ARCH)-unknown-linux-musl/release/tokio-console,$(DESTDIR)/usr/bin/tokio-console); \
+		$(call cp,target/$(RUST_ARCH)-unknown-linux-musl/release/tokio-console,$(DESTDIR)/usr/bin/tokio-console); \
 	fi
-	$(call cp,cargo-deps/$(RUST_ARCH)-unknown-linux-musl/release/startos-backup-fs,$(DESTDIR)/usr/bin/startos-backup-fs)
+	$(call cp,target/$(RUST_ARCH)-unknown-linux-musl/release/startos-backup-fs,$(DESTDIR)/usr/bin/startos-backup-fs)
 	$(call ln,/usr/bin/startos-backup-fs,$(DESTDIR)/usr/sbin/mount.backup-fs)
 	
 	$(call mkdir,$(DESTDIR)/lib/systemd/system)
-	$(call cp,core/startos/startd.service,$(DESTDIR)/lib/systemd/system/startd.service)
+	$(call cp,core/startd.service,$(DESTDIR)/lib/systemd/system/startd.service)
 
 	$(call mkdir,$(DESTDIR)/usr/lib)
 	$(call rm,$(DESTDIR)/usr/lib/startos)
@@ -197,18 +191,16 @@ install: $(STARTOS_TARGETS)
 	$(call mkdir,$(DESTDIR)/usr/lib/startos/container-runtime)
 	$(call cp,container-runtime/rootfs.$(ARCH).squashfs,$(DESTDIR)/usr/lib/startos/container-runtime/rootfs.squashfs)
 
-	$(call cp,PLATFORM.txt,$(DESTDIR)/usr/lib/startos/PLATFORM.txt)
-	$(call cp,ENVIRONMENT.txt,$(DESTDIR)/usr/lib/startos/ENVIRONMENT.txt)
-	$(call cp,GIT_HASH.txt,$(DESTDIR)/usr/lib/startos/GIT_HASH.txt)
-	$(call cp,VERSION.txt,$(DESTDIR)/usr/lib/startos/VERSION.txt)
-
-	$(call cp,firmware/$(PLATFORM),$(DESTDIR)/usr/lib/startos/firmware)
+	$(call cp,build/env/PLATFORM.txt,$(DESTDIR)/usr/lib/startos/PLATFORM.txt)
+	$(call cp,build/env/ENVIRONMENT.txt,$(DESTDIR)/usr/lib/startos/ENVIRONMENT.txt)
+	$(call cp,build/env/GIT_HASH.txt,$(DESTDIR)/usr/lib/startos/GIT_HASH.txt)
+	$(call cp,build/env/VERSION.txt,$(DESTDIR)/usr/lib/startos/VERSION.txt)
 
 update-overlay: $(STARTOS_TARGETS)
 	@echo "\033[33m!!! THIS WILL ONLY REFLASH YOUR DEVICE IN MEMORY !!!\033[0m"
 	@echo "\033[33mALL CHANGES WILL BE REVERTED IF YOU RESTART THE DEVICE\033[0m"
 	@if [ -z "$(REMOTE)" ]; then >&2 echo "Must specify REMOTE" && false; fi
-	@if [ "`ssh $(REMOTE) 'cat /usr/lib/startos/VERSION.txt'`" != "`cat ./VERSION.txt`" ]; then >&2 echo "StartOS requires migrations: update-overlay is unavailable." && false; fi
+	@if [ "`ssh $(REMOTE) 'cat /usr/lib/startos/VERSION.txt'`" != "`cat $(VERSION_FILE)`" ]; then >&2 echo "StartOS requires migrations: update-overlay is unavailable." && false; fi
 	$(call ssh,"sudo systemctl stop startd")
 	$(MAKE) install REMOTE=$(REMOTE) SSHPASS=$(SSHPASS) PLATFORM=$(PLATFORM)
 	$(call ssh,"sudo systemctl start startd")
@@ -266,7 +258,7 @@ emulate-reflash: $(STARTOS_TARGETS)
 	$(call ssh,'sudo /media/startos/next/usr/lib/startos/scripts/chroot-and-upgrade --no-sync "apt-get install -y $(shell cat ./build/lib/depends)"')
 
 upload-ota: results/$(BASENAME).squashfs
-	TARGET=$(TARGET) KEY=$(KEY) ./upload-ota.sh
+	TARGET=$(TARGET) KEY=$(KEY) ./build/upload-ota.sh
 
 container-runtime/debian.$(ARCH).squashfs: ./container-runtime/download-base-image.sh
 	ARCH=$(ARCH) ./container-runtime/download-base-image.sh
@@ -279,16 +271,16 @@ container-runtime/node_modules/.package-lock.json: container-runtime/package-loc
 	npm --prefix container-runtime ci
 	touch container-runtime/node_modules/.package-lock.json
 
-ts-bindings: core/startos/bindings/index.ts
+ts-bindings: core/bindings/index.ts
 	mkdir -p sdk/base/lib/osBindings
-	rsync -ac --delete core/startos/bindings/ sdk/base/lib/osBindings/
+	rsync -ac --delete core/bindings/ sdk/base/lib/osBindings/
 
-core/startos/bindings/index.ts: $(call ls-files, core) $(ENVIRONMENT_FILE)
-	rm -rf core/startos/bindings
-	./core/build-ts.sh
-	ls core/startos/bindings/*.ts | sed 's/core\/startos\/bindings\/\([^.]*\)\.ts/export { \1 } from ".\/\1";/g' | grep -v '"./index"' | tee core/startos/bindings/index.ts
-	npm --prefix sdk exec -- prettier --config ./sdk/base/package.json -w ./core/startos/bindings/*.ts
-	touch core/startos/bindings/index.ts
+core/bindings/index.ts: $(call ls-files, core) $(ENVIRONMENT_FILE)
+	rm -rf core/bindings
+	./core/build/build-ts.sh
+	ls core/bindings/*.ts | sed 's/core\/startos\/bindings\/\([^.]*\)\.ts/export { \1 } from ".\/\1";/g' | grep -v '"./index"' | tee core/bindings/index.ts
+	npm --prefix sdk exec -- prettier --config ./sdk/base/package.json -w ./core/bindings/*.ts
+	touch core/bindings/index.ts
 
 sdk/dist/package.json sdk/baseDist/package.json: $(call ls-files, sdk) sdk/base/lib/osBindings/index.ts
 	(cd sdk && make bundle)
@@ -303,21 +295,21 @@ container-runtime/dist/node_modules/.package-lock.json container-runtime/dist/pa
 	./container-runtime/install-dist-deps.sh
 	touch container-runtime/dist/node_modules/.package-lock.json
 
-container-runtime/rootfs.$(ARCH).squashfs: container-runtime/debian.$(ARCH).squashfs container-runtime/container-runtime.service container-runtime/update-image.sh container-runtime/deb-install.sh container-runtime/dist/index.js container-runtime/dist/node_modules/.package-lock.json core/target/$(RUST_ARCH)-unknown-linux-musl/release/start-container
-	ARCH=$(ARCH) REQUIRES=qemu ./build/os-compat/run-compat.sh ./container-runtime/update-image.sh
+container-runtime/rootfs.$(ARCH).squashfs: container-runtime/debian.$(ARCH).squashfs container-runtime/container-runtime.service container-runtime/update-image.sh container-runtime/update-image-local.sh container-runtime/deb-install.sh container-runtime/dist/index.js container-runtime/dist/node_modules/.package-lock.json core/target/$(RUST_ARCH)-unknown-linux-musl/release/start-container
+	ARCH=$(ARCH) ./container-runtime/update-image-local.sh
 
 build/lib/depends build/lib/conflicts: $(ENVIRONMENT_FILE) $(PLATFORM_FILE) $(shell ls build/dpkg-deps/*)
 	PLATFORM=$(PLATFORM) ARCH=$(ARCH) build/dpkg-deps/generate.sh
 
-$(FIRMWARE_ROMS): build/lib/firmware.json download-firmware.sh $(PLATFORM_FILE)
-	./download-firmware.sh $(PLATFORM)
+$(FIRMWARE_ROMS): build/lib/firmware.json ./build/download-firmware.sh $(PLATFORM_FILE)
+	./build/download-firmware.sh $(PLATFORM)
 
 core/target/$(RUST_ARCH)-unknown-linux-musl/$(PROFILE)/startbox: $(CORE_SRC) $(COMPRESSED_WEB_UIS) web/patchdb-ui-seed.json $(ENVIRONMENT_FILE)
-	ARCH=$(ARCH) PROFILE=$(PROFILE) ./core/build-startbox.sh
+	ARCH=$(ARCH) PROFILE=$(PROFILE) ./core/build/build-startbox.sh
 	touch core/target/$(RUST_ARCH)-unknown-linux-musl/$(PROFILE)/startbox
 
 core/target/$(RUST_ARCH)-unknown-linux-musl/release/start-container: $(CORE_SRC) $(ENVIRONMENT_FILE)
-	ARCH=$(ARCH) ./core/build-start-container.sh
+	ARCH=$(ARCH) ./core/build/build-start-container.sh
 	touch core/target/$(RUST_ARCH)-unknown-linux-musl/release/start-container
 
 web/package-lock.json: web/package.json sdk/baseDist/package.json
@@ -350,10 +342,10 @@ web/dist/raw/start-tunnel/index.html: $(WEB_START_TUNNEL_SRC) $(WEB_SHARED_SRC)
 	touch web/dist/raw/start-tunnel/index.html
 
 web/dist/static/%/index.html: web/dist/raw/%/index.html
-	./compress-uis.sh $*
+	./web/compress-uis.sh $*
 
-web/config.json: $(GIT_HASH_FILE) web/config-sample.json
-	jq '.useMocks = false' web/config-sample.json | jq '.gitHash = "$(shell cat GIT_HASH.txt)"' > web/config.json
+web/config.json: $(GIT_HASH_FILE) $(ENVIRONMENT_FILE) web/config-sample.json web/update-config.sh
+	./web/update-config.sh	
 
 patch-db/client/node_modules/.package-lock.json: patch-db/client/package.json
 	npm --prefix patch-db/client ci
@@ -374,17 +366,17 @@ uis: $(WEB_UIS)
 # this is a convenience step to build the UI
 ui: web/dist/raw/ui
 
-cargo-deps/aarch64-unknown-linux-musl/release/pi-beep: ./build-cargo-dep.sh
-	ARCH=aarch64 ./build-cargo-dep.sh pi-beep
+target/aarch64-unknown-linux-musl/release/pi-beep: ./build/build-cargo-dep.sh
+	ARCH=aarch64 ./build/build-cargo-dep.sh pi-beep
 
-cargo-deps/$(RUST_ARCH)-unknown-linux-musl/release/tokio-console: ./build-cargo-dep.sh
-	ARCH=$(ARCH) ./build-cargo-dep.sh tokio-console
+target/$(RUST_ARCH)-unknown-linux-musl/release/tokio-console: ./build/build-cargo-dep.sh
+	ARCH=$(ARCH) ./build/build-cargo-dep.sh tokio-console
 	touch $@
 
-cargo-deps/$(RUST_ARCH)-unknown-linux-musl/release/startos-backup-fs: ./build-cargo-dep.sh
-	ARCH=$(ARCH) ./build-cargo-dep.sh --git https://github.com/Start9Labs/start-fs.git startos-backup-fs
+target/$(RUST_ARCH)-unknown-linux-musl/release/startos-backup-fs: ./build/build-cargo-dep.sh
+	ARCH=$(ARCH) ./build/build-cargo-dep.sh --git https://github.com/Start9Labs/start-fs.git startos-backup-fs
 	touch $@
 
-cargo-deps/$(RUST_ARCH)-unknown-linux-musl/release/flamegraph: ./build-cargo-dep.sh
-	ARCH=$(ARCH) ./build-cargo-dep.sh flamegraph
+target/$(RUST_ARCH)-unknown-linux-musl/release/flamegraph: ./build/build-cargo-dep.sh
+	ARCH=$(ARCH) ./build/build-cargo-dep.sh flamegraph
 	touch $@

agents/VERSION_BUMP.md

@@ -10,7 +10,7 @@ When bumping from version `X.Y.Z-alpha.N` to `X.Y.Z-alpha.N+1`, you need to upda
 
 ### 1. Core Rust Crate Version
 
-**File: `core/startos/Cargo.toml`**
+**File: `core/Cargo.toml`**
 
 Update the version string (line ~18):
 
@@ -31,7 +31,7 @@ This will update the version in `Cargo.lock` automatically.
 
 ### 2. Create New Version Migration Module
 
-**File: `core/startos/src/version/vX_Y_Z_alpha_N+1.rs`**
+**File: `core/src/version/vX_Y_Z_alpha_N+1.rs`**
 
 Create a new version file by copying the previous version and updating:
 
@@ -79,7 +79,7 @@ impl VersionT for Version {
 
 ### 3. Update Version Module Registry
 
-**File: `core/startos/src/version/mod.rs`**
+**File: `core/src/version/mod.rs`**
 
 Make changes in **5 locations**:
 
@@ -176,9 +176,9 @@ This pattern helps you quickly find all the places that need updating in the nex
 
 ## Summary Checklist
 
-- [ ] Update `core/startos/Cargo.toml` version
-- [ ] Create new `core/startos/src/version/vX_Y_Z_alpha_N+1.rs` file
-- [ ] Update `core/startos/src/version/mod.rs` in 5 locations
+- [ ] Update `core/Cargo.toml` version
+- [ ] Create new `core/src/version/vX_Y_Z_alpha_N+1.rs` file
+- [ ] Update `core/src/version/mod.rs` in 5 locations
 - [ ] Run `cargo check` to update `core/Cargo.lock`
 - [ ] Update `sdk/package/lib/StartSdk.ts` OSVersion
 - [ ] Update `web/package.json` and `web/package-lock.json` version

build-cargo-dep.sh

@@ -1,29 +0,0 @@
-#!/bin/bash
-
-set -e
-shopt -s expand_aliases
-
-if [ "$0" != "./build-cargo-dep.sh" ]; then
-	>&2 echo "Must be run from start-os directory"
-	exit 1
-fi
-
-if [ -z "$ARCH" ]; then
-	ARCH=$(uname -m)
-fi
-
-RUST_ARCH="$ARCH"
-if [ "$ARCH" = "riscv64" ]; then
-  RUST_ARCH="riscv64gc"
-fi
-
-mkdir -p cargo-deps
-
-source core/builder-alias.sh
-
-RUSTFLAGS="-C target-feature=+crt-static"
-
-rust-zig-builder cargo-zigbuild install $* --target-dir /workdir/cargo-deps/ --target=$RUST_ARCH-unknown-linux-musl
-if [ "$(ls -nd "cargo-deps/$RUST_ARCH-unknown-linux-musl/release/${!#}" | awk '{ print $3 }')" != "$UID" ]; then
-  rust-zig-builder sh -c "chown -R $UID:$UID cargo-deps && chown -R $UID:$UID  /usr/local/cargo"
-fi

build/build-cargo-dep.sh

@@ -0,0 +1,26 @@
+#!/bin/bash
+
+cd "$(dirname "${BASH_SOURCE[0]}")/.."
+
+set -e
+shopt -s expand_aliases
+
+if [ -z "$ARCH" ]; then
+	ARCH=$(uname -m)
+fi
+
+RUST_ARCH="$ARCH"
+if [ "$ARCH" = "riscv64" ]; then
+  RUST_ARCH="riscv64gc"
+fi
+
+mkdir -p target
+
+source core/build/builder-alias.sh
+
+RUSTFLAGS="-C target-feature=+crt-static"
+
+rust-zig-builder cargo-zigbuild install $* --target-dir /workdir/target/ --target=$RUST_ARCH-unknown-linux-musl
+if [ "$(ls -nd "target/$RUST_ARCH-unknown-linux-musl/release/${!#}" | awk '{ print $3 }')" != "$UID" ]; then
+  rust-zig-builder sh -c "chown -R $UID:$UID target && chown -R $UID:$UID  /usr/local/cargo"
+fi

build/download-firmware.sh

@@ -11,13 +11,13 @@ if [ -z "$PLATFORM" ]; then
 	exit 1
 fi
 
-rm -rf ./firmware/$PLATFORM
-mkdir -p ./firmware/$PLATFORM
+rm -rf ./lib/firmware/$PLATFORM
+mkdir -p ./lib/firmware/$PLATFORM
 
-cd ./firmware/$PLATFORM
+cd ./lib/firmware/$PLATFORM
 
 firmwares=()
-while IFS= read -r line; do firmwares+=("$line"); done < <(jq -c ".[] | select(.platform[] | contains(\"$PLATFORM\"))" ../../build/lib/firmware.json)
+while IFS= read -r line; do firmwares+=("$line"); done < <(jq -c ".[] | select(.platform[] | contains(\"$PLATFORM\"))" ../../firmware.json)
 for firmware in "${firmwares[@]}"; do
 	if [ -n "$firmware" ]; then
 		id=$(echo "$firmware" | jq --raw-output '.id')

build/env/check-environment.sh

@@ -1,8 +1,10 @@
 #!/bin/bash
 
+cd "$(dirname "${BASH_SOURCE[0]}")"
+
 if ! [ -f ./ENVIRONMENT.txt ] || [ "$(cat ./ENVIRONMENT.txt)" != "$ENVIRONMENT" ]; then
     >&2 echo "Updating ENVIRONMENT.txt to \"$ENVIRONMENT\""
     echo -n "$ENVIRONMENT" > ./ENVIRONMENT.txt
 fi
 
-echo -n ./ENVIRONMENT.txt
+echo -n ./build/env/ENVIRONMENT.txt

build/env/check-git-hash.sh

@@ -1,5 +1,7 @@
 #!/bin/bash
 
+cd "$(dirname "${BASH_SOURCE[0]}")"
+
 if [ "$GIT_BRANCH_AS_HASH" != 1 ]; then
     GIT_HASH="$(git rev-parse HEAD)$(if ! git diff-index --quiet HEAD --; then echo '-modified'; fi)"
 else
@@ -11,4 +13,4 @@ if ! [ -f ./GIT_HASH.txt ] || [ "$(cat ./GIT_HASH.txt)" != "$GIT_HASH" ]; then
     echo -n "$GIT_HASH" > ./GIT_HASH.txt
 fi
 
-echo -n ./GIT_HASH.txt
+echo -n ./build/env/GIT_HASH.txt

build/env/check-platform.sh

@@ -1,8 +1,10 @@
 #!/bin/bash
 
+cd "$(dirname "${BASH_SOURCE[0]}")"
+
 if ! [ -f ./PLATFORM.txt ] || [ "$(cat ./PLATFORM.txt)" != "$PLATFORM" ] && [ -n "$PLATFORM" ]; then
     >&2 echo "Updating PLATFORM.txt to \"$PLATFORM\""
     echo -n "$PLATFORM" > ./PLATFORM.txt
 fi
 
-echo -n ./PLATFORM.txt
+echo -n ./build/env/PLATFORM.txt

build/env/check-version.sh

@@ -1,6 +1,8 @@
 #!/bin/bash
 
-FE_VERSION="$(cat web/package.json | grep '"version"' | sed 's/[ \t]*"version":[ \t]*"\([^"]*\)",/\1/')"
+cd "$(dirname "${BASH_SOURCE[0]}")"
+
+FE_VERSION="$(cat ../../web/package.json | grep '"version"' | sed 's/[ \t]*"version":[ \t]*"\([^"]*\)",/\1/')"
 
 # TODO: Validate other version sources - backend/Cargo.toml, backend/src/version/mod.rs
 
@@ -10,4 +12,4 @@ if ! [ -f ./VERSION.txt ] || [ "$(cat ./VERSION.txt)" != "$VERSION" ]; then
     echo -n "$VERSION" > ./VERSION.txt
 fi
 
-echo -n ./VERSION.txt
+echo -n ./build/env/VERSION.txt

build/image-recipe/run-local-build.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 set -e
 
-cd "$(dirname "${BASH_SOURCE[0]}")"/..
+cd "$(dirname "${BASH_SOURCE[0]}")/../.."
 
 BASEDIR="$(pwd -P)"
 
@@ -12,15 +12,15 @@ if tty -s; then
   USE_TTY="-it"
 fi
 
-dockerfile_hash=$(sha256sum ${BASEDIR}/image-recipe/Dockerfile | head -c 7)
+dockerfile_hash=$(sha256sum ${BASEDIR}/build/image-recipe/Dockerfile | head -c 7)
 
 docker_img_name="startos_build:${SUITE}-${dockerfile_hash}"
 
 if [ -z "$(docker images -q "${docker_img_name}")" ]; then
-	docker build --build-arg=SUITE=${SUITE} -t "${docker_img_name}" ./image-recipe
+	docker build --build-arg=SUITE=${SUITE} -t "${docker_img_name}" ./build/image-recipe
 fi
 
-docker run $USE_TTY --rm --privileged -v "$(pwd)/image-recipe:/root/image-recipe" -v "$(pwd)/results:/root/results" \
+docker run $USE_TTY --rm --privileged -v "$(pwd)/build/image-recipe:/root/image-recipe" -v "$(pwd)/results:/root/results" \
 	-e IB_SUITE="$SUITE" \
 	-e IB_UID="$UID" \
 	-e IB_INCLUDE \

build/os-compat/buildenv.Dockerfile

@@ -1,4 +1,4 @@
-FROM debian:forky
+FROM debian:trixie
 
 RUN apt-get update && \
     apt-get install -y \
@@ -12,35 +12,15 @@ RUN apt-get update && \
     jq \
     gzip \
     brotli \
-    qemu-user-static \
-    binfmt-support \
     squashfs-tools \
     git \
     debspawn \
     rsync \
     b3sum \
-    fuse-overlayfs \
     sudo \
-    systemd \
-    systemd-container \
-    systemd-sysv \
-    dbus \
-    dbus-user-session \
     nodejs
 
-RUN systemctl mask \
-    systemd-firstboot.service \
-    systemd-udevd.service \
-    getty@tty1.service \
-    console-getty.service
-
 RUN git config --global --add safe.directory /root/start-os
 
-RUN mkdir -p /etc/debspawn && \
-    echo "AllowUnsafePermissions=true" > /etc/debspawn/global.toml
-
 RUN mkdir -p /root/start-os
-WORKDIR /root/start-os
-
-COPY docker-entrypoint.sh /docker-entrypoint.sh
-ENTRYPOINT [ "/docker-entrypoint.sh" ]
+WORKDIR /root/start-os

build/os-compat/docker-entrypoint.sh

@@ -1,3 +0,0 @@
-#!/bin/bash
-
-exec /lib/systemd/systemd --unit=multi-user.target --show-status=false --log-target=journal

build/os-compat/run-compat.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-if [ "$FORCE_COMPAT" = 1 ] || ( [ "$REQUIRES" = "linux" ] && [ "$(uname -s)" != "Linux" ] ) || ( [ "$REQUIRES" = "debian" ] && ! which dpkg > /dev/null ) || ( [ "$REQUIRES" = "qemu" ] && ! which qemu-$ARCH > /dev/null ); then
+if [ "$FORCE_COMPAT" = 1 ] || ( [ "$REQUIRES" = "linux" ] && [ "$(uname -s)" != "Linux" ] ) || ( [ "$REQUIRES" = "debian" ] && ! which dpkg > /dev/null ); then
     project_pwd="$(cd "$(dirname "${BASH_SOURCE[0]}")"/../.. && pwd)/"
     pwd="$(pwd)/"
     if ! [[ "$pwd" = "$project_pwd"* ]]; then

build/upload-ota.sh

@@ -0,0 +1,143 @@
+#!/bin/bash
+
+if [ -z "$VERSION" ]; then
+    >&2 echo '$VERSION required'
+    exit 2
+fi
+
+if [ -z "$RUN_ID" ]; then
+    >&2 echo '$RUN_ID required'
+    exit 2
+fi
+
+set -e
+
+if [ "$SKIP_DL" != "1" ]; then
+    rm -rf ~/Downloads/v$VERSION
+    mkdir ~/Downloads/v$VERSION
+    cd ~/Downloads/v$VERSION
+
+    for arch in aarch64 aarch64-nonfree riscv64 x86_64 x86_64-nonfree raspberrypi; do
+        while ! gh run download -R Start9Labs/start-os $RUN_ID -n $arch.squashfs -D $(pwd); do sleep 1; done
+    done
+    for arch in aarch64 aarch64-nonfree riscv64 x86_64 x86_64-nonfree; do
+        while ! gh run download -R Start9Labs/start-os $RUN_ID -n $arch.iso -D $(pwd); do sleep 1; done
+    done
+    while ! gh run download -R Start9Labs/start-os $RUN_ID -n raspberrypi.img -D $(pwd); do sleep 1; done
+
+    if [ -n "$ST_RUN_ID" ]; then
+        for arch in aarch64 riscv64 x86_64; do
+            while ! gh run download -R Start9Labs/start-os $ST_RUN_ID -n start-tunnel_$arch.deb -D $(pwd); do sleep 1; done
+    done
+    fi
+
+    if [ -n "$CLI_RUN_ID" ]; then
+        for arch in aarch64 riscv64 x86_64; do
+            for os in linux macos; do
+                pair=${arch}-${os}
+                if [ "${pair}" = "riscv64-linux" ]; then
+                    target=riscv64gc-unknown-linux-musl
+                elif [ "${pair}" = "riscv64-macos" ]; then
+                    continue
+                elif [ "${os}" = "linux" ]; then
+                    target="${arch}-unknown-linux-musl"
+                elif [ "${os}" = "macos" ]; then
+                    target="${arch}-apple-darwin"
+                fi
+                while ! gh run download -R Start9Labs/start-os $CLI_RUN_ID -n start-cli_$target -D $(pwd); do sleep 1; done
+                mv start-cli "start-cli_${pair}"
+            done
+        done
+    fi
+else
+    cd ~/Downloads/v$VERSION
+fi
+
+start-cli --registry=https://alpha-registry-x.start9.com registry os version add $VERSION "v$VERSION" '' ">=0.3.5 <=$VERSION"
+
+if [ "$SKIP_UL" = "2" ]; then
+    exit 2
+elif [ "$SKIP_UL" != "1" ]; then
+    for file in *.squashfs *.iso *.deb start-cli_*; do
+        gh release upload -R Start9Labs/start-os v$VERSION $file
+    done
+    for file in *.img; do
+        if ! [ -f $file.gz ]; then
+            cat $file | pigz > $file.gz
+        fi
+        gh release upload -R Start9Labs/start-os v$VERSION $file.gz
+    done
+fi
+
+if [ "$SKIP_INDEX" != "1" ]; then
+    for arch in aarch64 aarch64-nonfree x86_64 x86_64-nonfree; do
+        for file in *_$arch.squashfs *_$arch.iso; do
+            start-cli --registry=https://alpha-registry-x.start9.com registry os asset add --platform=$arch --version=$VERSION $file https://github.com/Start9Labs/start-os/releases/download/v$VERSION/$(echo -n "$file" | sed 's/~/./g')
+        done
+    done
+    for arch in raspberrypi; do
+        for file in *_$arch.squashfs; do
+            start-cli --registry=https://alpha-registry-x.start9.com registry os asset add --platform=$arch --version=$VERSION $file https://github.com/Start9Labs/start-os/releases/download/v$VERSION/$(echo -n "$file" | sed 's/~/./g')
+        done
+    done
+fi
+
+for file in *.iso *.img *.img.gz *.squashfs *.deb start-cli_*; do
+    gpg -u 7CFFDA41CA66056A --detach-sign --armor -o "${file}.asc" "$file"
+done
+
+gpg --export -a 7CFFDA41CA66056A > dr-bonez.key.asc
+tar -czvf signatures.tar.gz *.asc
+
+gh release upload -R Start9Labs/start-os v$VERSION signatures.tar.gz
+
+cat << 'EOF'
+# StartOS Checksums
+
+## SHA-256
+```
+EOF
+sha256sum *.iso *.img *img.gz *.squashfs
+cat << 'EOF'
+```
+
+## BLAKE-3
+```
+EOF
+b3sum *.iso *.img *.img.gz *.squashfs
+cat << 'EOF'
+```
+
+# Start-Tunnel Checksums
+
+## SHA-256
+```
+EOF
+sha256sum start-tunnel*.deb
+cat << 'EOF'
+```
+
+## BLAKE-3
+```
+EOF
+b3sum start-tunnel*.deb
+cat << 'EOF'
+```
+
+# start-cli Checksums
+
+## SHA-256
+```
+EOF
+sha256sum start-cli_*
+cat << 'EOF'
+```
+
+## BLAKE-3
+```
+EOF
+b3sum start-cli_*
+cat << 'EOF'
+```
+EOF
+

container-runtime/deb-install.sh

@@ -2,9 +2,6 @@
 
 set -e
 
-mkdir -p /run/systemd/resolve
-echo "nameserver 8.8.8.8" > /run/systemd/resolve/stub-resolv.conf
-
 apt-get update
 apt-get install -y curl rsync qemu-user-static nodejs
 
@@ -16,7 +13,4 @@ sed -i '/\(^\|#\)ForwardToSyslog=/c\ForwardToSyslog=no' /etc/systemd/journald.co
 
 systemctl enable container-runtime.service
 
-rm -rf /run/systemd
-
-rm -f /etc/resolv.conf
 echo "nameserver 10.0.3.1" > /etc/resolv.conf

container-runtime/mkcontainer.sh

@@ -1,28 +0,0 @@
-#!/bin/bash
-
-set -e
-
-IMAGE=$1
-
-if [ -z "$IMAGE" ]; then
-    >&2 echo "usage: $0 <image id>"
-    exit 1
-fi
-
-if ! [ -d "/media/images/$IMAGE" ]; then
-    >&2 echo "image does not exist"
-    exit 1
-fi
-
-container=$(mktemp -d)
-mkdir -p $container/rootfs $container/upper $container/work
-mount -t overlay -olowerdir=/media/images/$IMAGE,upperdir=$container/upper,workdir=$container/work overlay $container/rootfs
-
-rootfs=$container/rootfs
-
-for special in dev sys proc run; do
-    mkdir -p $rootfs/$special
-    mount --bind /$special $rootfs/$special
-done
-
-echo $rootfs

container-runtime/rmcontainer.sh

@@ -1,12 +0,0 @@
-#!/bin/bash
-
-set -e
-
-rootfs=$1
-if [ -z "$rootfs" ]; then
-    >&2 echo "usage: $0 <container rootfs path>"
-    exit 1
-fi
-
-umount --recursive $rootfs
-rm -rf $rootfs/..

container-runtime/src/Adapters/Systems/SystemForEmbassy/index.ts

@@ -287,7 +287,6 @@ function convertProperties(
   }
 }
 
-const DEFAULT_REGISTRY = "https://registry.start9.com"
 export class SystemForEmbassy implements System {
   private version: ExtendedVersion
   currentRunning: MainLoop | undefined

container-runtime/update-image-local.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+
+cd "$(dirname "${BASH_SOURCE[0]}")/.."
+
+USE_TTY=
+if tty -s; then
+  USE_TTY="-it"
+fi
+
+DOCKER_PLATFORM=linux/${ARCH}
+case $ARCH in
+    x86_64)
+        DOCKER_PLATFORM=linux/amd64;;
+    aarch64)
+        DOCKER_PLATFORM=linux/arm64;;
+esac
+
+docker run --rm $USE_TTY --platform=$DOCKER_PLATFORM -eARCH --privileged -v "$(pwd):/root/start-os" start9/build-env /root/start-os/container-runtime/update-image.sh

container-runtime/update-image.sh

@@ -9,56 +9,35 @@ if [ "$ARCH" = "riscv64" ]; then
   RUST_ARCH="riscv64gc"
 fi
 
-if mountpoint -q tmp/combined; then sudo umount -l tmp/combined; fi
-if mountpoint -q tmp/lower; then sudo umount tmp/lower; fi
-sudo rm -rf tmp
-mkdir -p tmp/lower tmp/upper tmp/work tmp/combined
-if which squashfuse > /dev/null; then
-    sudo squashfuse debian.${ARCH}.squashfs tmp/lower
-else
-    sudo mount debian.${ARCH}.squashfs tmp/lower
-fi
-if which fuse-overlayfs > /dev/null; then
-    sudo fuse-overlayfs -olowerdir=tmp/lower,upperdir=tmp/upper,workdir=tmp/work overlay tmp/combined
-else
-    sudo mount -t overlay -olowerdir=tmp/lower,upperdir=tmp/upper,workdir=tmp/work overlay tmp/combined
-fi
+mount -t tmpfs tmpfs /tmp
+mkdir -p /tmp/lower /tmp/upper /tmp/work /tmp/combined
+mount -o loop debian.${ARCH}.squashfs /tmp/lower
+mount -t overlay -olowerdir=/tmp/lower,upperdir=/tmp/upper,workdir=/tmp/work overlay /tmp/combined
+echo mounted overlay
 
-QEMU=
-if [ "$ARCH" != "$(uname -m)" ]; then
-    QEMU=/usr/bin/qemu-${ARCH}
-    if ! which qemu-$ARCH > /dev/null; then
-        >&2 echo qemu-user is required for cross-platform builds
-        sudo umount tmp/combined
-        sudo umount tmp/lower
-        sudo rm -rf tmp
-        exit 1
-    fi
-    sudo cp $(which qemu-$ARCH) tmp/combined${QEMU}
-fi
-
-sudo mkdir -p tmp/combined/usr/lib/startos/
-sudo rsync -a --copy-unsafe-links dist/ tmp/combined/usr/lib/startos/init/
-sudo chown -R 0:0 tmp/combined/usr/lib/startos/
-sudo cp container-runtime.service tmp/combined/lib/systemd/system/container-runtime.service
-sudo chown 0:0 tmp/combined/lib/systemd/system/container-runtime.service
-sudo cp container-runtime-failure.service tmp/combined/lib/systemd/system/container-runtime-failure.service
-sudo chown 0:0 tmp/combined/lib/systemd/system/container-runtime-failure.service
-sudo cp ../core/target/${RUST_ARCH}-unknown-linux-musl/release/start-container tmp/combined/usr/bin/start-container
-echo -e '#!/bin/bash\nexec start-container "$@"' | sudo tee tmp/combined/usr/bin/start-cli # TODO: remove
-sudo chmod +x tmp/combined/usr/bin/start-cli
-sudo chown 0:0 tmp/combined/usr/bin/start-container
-echo container-runtime | sha256sum | head -c 32 | cat - <(echo) | sudo tee tmp/combined/etc/machine-id
-cat deb-install.sh | sudo systemd-nspawn --console=pipe -D tmp/combined $QEMU /bin/bash
-sudo truncate -s 0 tmp/combined/etc/machine-id
-
-if [ -n "$QEMU" ]; then
-    sudo rm tmp/combined${QEMU}
-fi
+mkdir -p /tmp/combined/usr/lib/startos/
+rsync -a --copy-unsafe-links --info=progress2 dist/ /tmp/combined/usr/lib/startos/init/
+chown -R 0:0 /tmp/combined/usr/lib/startos/
+cp container-runtime.service /tmp/combined/lib/systemd/system/container-runtime.service
+chown 0:0 /tmp/combined/lib/systemd/system/container-runtime.service
+cp container-runtime-failure.service /tmp/combined/lib/systemd/system/container-runtime-failure.service
+chown 0:0 /tmp/combined/lib/systemd/system/container-runtime-failure.service
+cp ../core/target/${RUST_ARCH}-unknown-linux-musl/release/start-container /tmp/combined/usr/bin/start-container
+echo -e '#!/bin/bash\nexec start-container "$@"' > /tmp/combined/usr/bin/start-cli # TODO: remove
+chmod +x /tmp/combined/usr/bin/start-cli
+chown 0:0 /tmp/combined/usr/bin/start-container
+echo container-runtime | sha256sum | head -c 32 | cat - <(echo) > /tmp/combined/etc/machine-id
+rm -f /tmp/combined/etc/resolv.conf
+cp /etc/resolv.conf /tmp/combined/etc/resolv.conf
+for fs in proc sys dev; do
+    mount --bind /$fs /tmp/combined/$fs
+done
+cat deb-install.sh | chroot /tmp/combined /bin/bash
+for fs in proc sys dev; do
+    umount /tmp/combined/$fs
+done
+truncate -s 0 /tmp/combined/etc/machine-id
 
 rm -f rootfs.${ARCH}.squashfs
 mkdir -p ../build/lib/container-runtime
-sudo mksquashfs tmp/combined rootfs.${ARCH}.squashfs
-sudo umount tmp/combined
-sudo umount tmp/lower
-sudo rm -rf tmp
+mksquashfs /tmp/combined rootfs.${ARCH}.squashfs

core/Cargo.toml

@@ -1,3 +1,290 @@
-[workspace]
+[package]
+authors = ["Aiden McClelland <me@drbonez.dev>"]
+description = "The core of StartOS"
+documentation = "https://docs.rs/start-os"
+edition = "2024"
+keywords = [
+  "bitcoin",
+  "full-node",
+  "lightning",
+  "privacy",
+  "raspberry-pi",
+  "self-hosted",
+]
+license = "MIT"
+name = "start-os"
+readme = "README.md"
+repository = "https://github.com/Start9Labs/start-os"
+version = "0.4.0-alpha.16" # VERSION_BUMP
 
-members = ["startos"]
+[lib]
+name = "startos"
+path = "src/lib.rs"
+
+[[bin]]
+name = "startbox"
+path = "src/main/startbox.rs"
+
+[[bin]]
+name = "start-cli"
+path = "src/main/start-cli.rs"
+
+[[bin]]
+name = "start-container"
+path = "src/main/start-container.rs"
+
+[[bin]]
+name = "registrybox"
+path = "src/main/registrybox.rs"
+
+[[bin]]
+name = "tunnelbox"
+path = "src/main/tunnelbox.rs"
+
+[features]
+arti = [
+  "arti-client",
+  "safelog",
+  "tor-cell",
+  "tor-hscrypto",
+  "tor-hsservice",
+  "tor-keymgr",
+  "tor-llcrypto",
+  "tor-proto",
+  "tor-rtcompat",
+]
+beta = []
+console = ["console-subscriber", "tokio/tracing"]
+default = []
+dev = []
+test = []
+unstable = ["backtrace-on-stack-overflow"]
+
+[dependencies]
+aes = { version = "0.7.5", features = ["ctr"] }
+arti-client = { version = "0.33", features = [
+  "compression",
+  "ephemeral-keystore",
+  "experimental-api",
+  "onion-service-client",
+  "onion-service-service",
+  "rustls",
+  "static",
+  "tokio",
+], default-features = false, git = "https://github.com/Start9Labs/arti.git", branch = "patch/disable-exit", optional = true }
+async-acme = { version = "0.6.0", git = "https://github.com/dr-bonez/async-acme.git", features = [
+  "use_rustls",
+  "use_tokio",
+] }
+async-compression = { version = "0.4.32", features = [
+  "brotli",
+  "gzip",
+  "tokio",
+  "zstd",
+] }
+async-stream = "0.3.5"
+async-trait = "0.1.74"
+axum = { version = "0.8.4", features = ["ws", "http2"] }
+backtrace-on-stack-overflow = { version = "0.3.0", optional = true }
+base32 = "0.5.0"
+base64 = "0.22.1"
+base64ct = "1.6.0"
+basic-cookies = "0.1.4"
+blake3 = { version = "1.5.0", features = ["mmap", "rayon"] }
+bytes = "1"
+chrono = { version = "0.4.31", features = ["serde"] }
+clap = { version = "4.4.12", features = ["string"] }
+color-eyre = "0.6.2"
+console = "0.16.2"
+console-subscriber = { version = "0.5.0", optional = true }
+const_format = "0.2.34"
+cookie = "0.18.0"
+cookie_store = "0.22.0"
+curve25519-dalek = "4.1.3"
+der = { version = "0.7.9", features = ["derive", "pem"] }
+digest = "0.10.7"
+divrem = "1.0.0"
+dns-lookup = "3.0.1"
+ed25519 = { version = "2.2.3", features = ["alloc", "pem", "pkcs8"] }
+ed25519-dalek = { version = "2.2.0", features = [
+  "digest",
+  "hazmat",
+  "pkcs8",
+  "rand_core",
+  "serde",
+  "zeroize",
+] }
+ed25519-dalek-v1 = { package = "ed25519-dalek", version = "1" }
+exver = { version = "0.2.0", git = "https://github.com/Start9Labs/exver-rs.git", features = [
+  "serde",
+] }
+fd-lock-rs = "0.1.4"
+form_urlencoded = "1.2.1"
+futures = "0.3.28"
+gpt = "4.1.0"
+hex = "0.4.3"
+hickory-server = { version = "0.25.2", features = ["resolver"] }
+hmac = "0.12.1"
+http = "1.0.0"
+http-body-util = "0.1"
+hyper = { version = "1.5", features = ["http1", "http2", "server"] }
+hyper-util = { version = "0.1.10", features = [
+  "http1",
+  "http2",
+  "server",
+  "server-auto",
+  "server-graceful",
+  "service",
+  "tokio",
+] }
+id-pool = { version = "0.2.2", default-features = false, features = [
+  "serde",
+  "u16",
+] }
+iddqd = "0.3.14"
+imbl = { version = "6", features = ["serde", "small-chunks"] }
+imbl-value = { version = "0.4.3", features = ["ts-rs"] }
+include_dir = { version = "0.7.3", features = ["metadata"] }
+indexmap = { version = "2.0.2", features = ["serde"] }
+indicatif = { version = "0.18.3", features = ["tokio"] }
+inotify = "0.11.0"
+integer-encoding = { version = "4.0.0", features = ["tokio_async"] }
+ipnet = { version = "2.8.0", features = ["serde"] }
+isocountry = "0.3.2"
+itertools = "0.14.0"
+jaq-core = "0.10.1"
+jaq-std = "0.10.0"
+josekit = "0.10.3"
+jsonpath_lib = { git = "https://github.com/Start9Labs/jsonpath.git" }
+lazy_async_pool = "0.3.3"
+lazy_format = "2.0"
+lazy_static = "1.4.0"
+lettre = { version = "0.11.18", default-features = false, features = [
+  "aws-lc-rs",
+  "builder",
+  "hostname",
+  "pool",
+  "rustls-platform-verifier",
+  "smtp-transport",
+  "tokio1-rustls",
+] }
+libc = "0.2.149"
+log = "0.4.20"
+mbrman = "0.6.0"
+miette = { version = "7.6.0", features = ["fancy"] }
+mio = "1"
+new_mime_guess = "4"
+nix = { version = "0.30.1", features = [
+  "fs",
+  "mount",
+  "net",
+  "process",
+  "sched",
+  "signal",
+  "user",
+] }
+nom = "8.0.0"
+num = "0.4.1"
+num_cpus = "1.16.0"
+num_enum = "0.7.0"
+once_cell = "1.19.0"
+openssh-keys = "0.6.2"
+openssl = { version = "0.10.57", features = ["vendored"] }
+p256 = { version = "0.13.2", features = ["pem"] }
+patch-db = { version = "*", path = "../patch-db/patch-db", features = [
+  "trace",
+] }
+pbkdf2 = "0.12.2"
+pin-project = "1.1.3"
+pkcs8 = { version = "0.10.2", features = ["std"] }
+prettytable-rs = "0.10.0"
+proptest = "1.3.1"
+proptest-derive = "0.7.0"
+qrcode = "0.14.1"
+r3bl_tui = "0.7.6"
+rand = "0.9.2"
+regex = "1.10.2"
+reqwest = { version = "0.12.25", features = [
+  "json",
+  "socks",
+  "stream",
+  "http2",
+] }
+reqwest_cookie_store = "0.9.0"
+rpassword = "7.2.0"
+rust-argon2 = "3.0.0"
+rpc-toolkit = { git = "https://github.com/Start9Labs/rpc-toolkit.git" }
+safelog = { version = "0.4.8", git = "https://github.com/Start9Labs/arti.git", branch = "patch/disable-exit", optional = true }
+semver = { version = "1.0.20", features = ["serde"] }
+serde = { version = "1.0", features = ["derive", "rc"] }
+serde_cbor = { package = "ciborium", version = "0.2.1" }
+serde_json = "1.0"
+serde_toml = { package = "toml", version = "0.9.9+spec-1.0.0" }
+serde_yaml = { package = "serde_yml", version = "0.0.12" }
+sha-crypt = "0.5.0"
+sha2 = "0.10.2"
+signal-hook = "0.3.17"
+socket2 = { version = "0.6.0", features = ["all"] }
+socks5-impl = { version = "0.7.2", features = ["client", "server"] }
+sqlx = { version = "0.8.6", features = [
+  "postgres",
+  "runtime-tokio-rustls",
+], default-features = false }
+sscanf = "0.4.1"
+ssh-key = { version = "0.6.2", features = ["ed25519"] }
+tar = "0.4.40"
+termion = "4.0.5"
+textwrap = "0.16.1"
+thiserror = "2.0.12"
+tokio = { version = "1.38.1", features = ["full"] }
+tokio-rustls = "0.26.4"
+tokio-stream = { version = "0.1.14", features = ["io-util", "net", "sync"] }
+tokio-tar = { git = "https://github.com/dr-bonez/tokio-tar.git" }
+tokio-tungstenite = { version = "0.26.2", features = ["native-tls", "url"] }
+tokio-util = { version = "0.7.9", features = ["io"] }
+tor-cell = { version = "0.33", git = "https://github.com/Start9Labs/arti.git", branch = "patch/disable-exit", optional = true }
+tor-hscrypto = { version = "0.33", features = [
+  "full",
+], git = "https://github.com/Start9Labs/arti.git", branch = "patch/disable-exit", optional = true }
+tor-hsservice = { version = "0.33", git = "https://github.com/Start9Labs/arti.git", branch = "patch/disable-exit", optional = true }
+tor-keymgr = { version = "0.33", features = [
+  "ephemeral-keystore",
+], git = "https://github.com/Start9Labs/arti.git", branch = "patch/disable-exit", optional = true }
+tor-llcrypto = { version = "0.33", features = [
+  "full",
+], git = "https://github.com/Start9Labs/arti.git", branch = "patch/disable-exit", optional = true }
+tor-proto = { version = "0.33", git = "https://github.com/Start9Labs/arti.git", branch = "patch/disable-exit", optional = true }
+tor-rtcompat = { version = "0.33", features = [
+  "rustls",
+  "tokio",
+], git = "https://github.com/Start9Labs/arti.git", branch = "patch/disable-exit", optional = true }
+torut = "0.2.1"
+tower-service = "0.3.3"
+tracing = "0.1.39"
+tracing-error = "0.2.0"
+tracing-journald = "0.3.0"
+tracing-subscriber = { version = "0.3.17", features = ["env-filter"] }
+ts-rs = "9.0.1"
+typed-builder = "0.23.2"
+url = { version = "2.4.1", features = ["serde"] }
+uuid = { version = "1.4.1", features = ["v4"] }
+visit-rs = "0.1.1"
+x25519-dalek = { version = "2.0.1", features = ["static_secrets"] }
+zbus = "5.1.1"
+hashing-serializer = "0.1.1"
+
+[target.'cfg(target_os = "linux")'.dependencies]
+procfs = "0.18.0"
+pty-process = "0.5.1"
+
+[profile.test]
+opt-level = 3
+
+[profile.dev]
+opt-level = 3
+
+[profile.dev.package.backtrace]
+opt-level = 3
+
+[profile.dev.package.sqlx-macros]
+opt-level = 3

core/build/build-cli.sh

@@ -60,7 +60,7 @@ if [ -z "${TARGET:-}" ]; then
   fi
 fi
 
-cd ..
+cd ../..
 FEATURES="$(echo "${ENVIRONMENT:-}" | sed 's/-/,/g')"
 RUSTFLAGS=""
 if [[ "${ENVIRONMENT:-}" =~ (^|-)console($|-) ]]; then

core/build/build-registrybox.sh

@@ -30,7 +30,7 @@ if [ "$ARCH" = "riscv64" ]; then
   RUST_ARCH="riscv64gc"
 fi
 
-cd ..
+cd ../..
 FEATURES="$(echo $ENVIRONMENT | sed 's/-/,/g')"
 RUSTFLAGS=""
 

core/build/build-start-container.sh

@@ -30,7 +30,7 @@ if [ "$ARCH" = "riscv64" ]; then
   RUST_ARCH="riscv64gc"
 fi
 
-cd ..
+cd ../..
 FEATURES="$(echo $ENVIRONMENT | sed 's/-/,/g')"
 RUSTFLAGS=""
 

core/build/build-startbox.sh

@@ -30,7 +30,7 @@ if [ "$ARCH" = "riscv64" ]; then
   RUST_ARCH="riscv64gc"
 fi
 
-cd ..
+cd ../..
 FEATURES="$(echo $ENVIRONMENT | sed 's/-/,/g')"
 RUSTFLAGS=""
 

core/build/build-ts.sh

@@ -30,7 +30,7 @@ if [ "$ARCH" = "riscv64" ]; then
 	RUST_ARCH="riscv64gc"
 fi
 
-cd ..
+cd ../..
 FEATURES="$(echo $ENVIRONMENT | sed 's/-/,/g')"
 RUSTFLAGS=""
 if [[ "${ENVIRONMENT}" =~ (^|-)console($|-) ]]; then
@@ -39,6 +39,6 @@ fi
 echo "FEATURES=\"$FEATURES\""
 echo "RUSTFLAGS=\"$RUSTFLAGS\""
 rust-zig-builder cargo test --manifest-path=./core/Cargo.toml $BUILD_FLAGS --features test,$FEATURES --locked 'export_bindings_'
-if [ "$(ls -nd "core/startos/bindings" | awk '{ print $3 }')" != "$UID" ]; then
-  rust-zig-builder sh -c "chown -R $UID:$UID core/target && chown -R $UID:$UID core/startos/bindings && chown -R $UID:$UID  /usr/local/cargo"
+if [ "$(ls -nd "core/bindings" | awk '{ print $3 }')" != "$UID" ]; then
+  rust-zig-builder sh -c "chown -R $UID:$UID core/target && chown -R $UID:$UID core/bindings && chown -R $UID:$UID  /usr/local/cargo"
 fi

core/build/build-tunnelbox.sh

@@ -30,7 +30,7 @@ if [ "$ARCH" = "riscv64" ]; then
   RUST_ARCH="riscv64gc"
 fi
 
-cd ..
+cd ../..
 FEATURES="$(echo $ENVIRONMENT | sed 's/-/,/g')"
 RUSTFLAGS=""