update time dependency in core (#2850)

Update README.md

.github/ISSUE_TEMPLATE/bug-report.yml

@@ -1,6 +1,6 @@
 name: 🐛 Bug Report
-description: Create a report to help us improve embassyOS
-title: '[bug]: '
+description: Create a report to help us improve StartOS
+title: "[bug]: "
 labels: [Bug, Needs Triage]
 assignees:
   - MattDHill
@@ -10,27 +10,25 @@ body:
       label: Prerequisites
       description: Please confirm you have completed the following.
       options:
-        - label: I have searched for [existing issues](https://github.com/start9labs/embassy-os/issues) that already report this problem.
+        - label: I have searched for [existing issues](https://github.com/start9labs/start-os/issues) that already report this problem.
           required: true
   - type: input
     attributes:
-      label: embassyOS Version
-      description: What version of embassyOS are you running?
-      placeholder: e.g. 0.3.0
+      label: Server Hardware
+      description: On what hardware are you running StartOS? Please be as detailed as possible!
+      placeholder: Pi (8GB) w/ 32GB microSD & Samsung T7 SSD
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: StartOS Version
+      description: What version of StartOS are you running?
+      placeholder: e.g. 0.3.4.3
     validations:
       required: true
   - type: dropdown
     attributes:
-      label: Device
-      description: What device are you using to connect to Embassy?
-      options:
-        - Phone/tablet
-        - Laptop/Desktop
-    validations:
-      required: true
-  - type: dropdown
-    attributes:
-      label: Device OS
+      label: Client OS
       description: What operating system is your device running?
       options:
         - MacOS
@@ -45,14 +43,14 @@ body:
       required: true
   - type: input
     attributes:
-      label: Device OS Version
+      label: Client OS Version
       description: What version is your device OS?
     validations:
       required: true
   - type: dropdown
     attributes:
       label: Browser
-      description: What browser are you using to connect to Embassy?
+      description: What browser are you using to connect to your server?
       options:
         - Firefox
         - Brave

.github/ISSUE_TEMPLATE/feature-request.yml

@@ -1,6 +1,6 @@
 name: 💡 Feature Request
-description: Suggest an idea for embassyOS
-title: '[feat]: '
+description: Suggest an idea for StartOS
+title: "[feat]: "
 labels: [Enhancement]
 assignees:
   - MattDHill
@@ -10,7 +10,7 @@ body:
       label: Prerequisites
       description: Please confirm you have completed the following.
       options:
-        - label: I have searched for [existing issues](https://github.com/start9labs/embassy-os/issues) that already suggest this feature.
+        - label: I have searched for [existing issues](https://github.com/start9labs/start-os/issues) that already suggest this feature.
           required: true
   - type: textarea
     attributes:
@@ -27,7 +27,7 @@ body:
   - type: textarea
     attributes:
       label: Describe Preferred Solution
-      description: How you want this feature added to embassyOS?
+      description: How you want this feature added to StartOS?
   - type: textarea
     attributes:
       label: Describe Alternatives

.github/workflows/README.md

@@ -1,29 +0,0 @@
-# This folder contains GitHub Actions workflows for building the project
-
-## backend
-Runs: manually (on: workflow_dispatch) or called by product-pipeline (on: workflow_call)
-
-This workflow uses the actions and docker/setup-buildx-action@v1 to prepare the environment for aarch64 cross complilation using docker buildx.
-When execution of aarch64 containers is required the action docker/setup-qemu-action@v1 is added.
-A matrix-strategy has been used to build for both x86_64 and aarch64 platforms in parallel.
-
-### Running unittests
-
-Unittests are run using [cargo-nextest]( https://nexte.st/). First the sources are (cross-)compiled and archived. The archive is then run on the correct platform.
-
-## frontend
-Runs: manually (on: workflow_dispatch) or called by product-pipeline (on: workflow_call)
-
-This workflow builds the frontends.
-
-## product
-Runs: when a pull request targets the master or next branch and when a change to the master or next branch is made
-
-This workflow builds everything, re-using the backend and frontend workflows.
-The download and extraction order of artifacts is relevant to `make`, as it checks the file timestamps to decide which targets need to be executed.
-
-Result: eos.img
-
-## a note on uploading artifacts
-
-Artifacts are used to share data between jobs. File permissions are not maintained during artifact upload. Where file permissions are relevant, the workaround using tar has been used. See (here)[https://github.com/actions/upload-artifact#maintaining-file-permissions-and-case-sensitive-files].

.github/workflows/backend.yaml

@@ -1,233 +0,0 @@
-name: Backend
-
-on:
-  workflow_call:
-  workflow_dispatch:
-
-env:
-  RUST_VERSION: "1.67.1"
-  ENVIRONMENT: "dev"
-
-jobs:
-  build_libs:
-    name: Build libs
-    strategy:
-      fail-fast: false
-      matrix:
-        target: [x86_64, aarch64]
-        include:
-          - target: x86_64
-            snapshot_command: ./build-v8-snapshot.sh
-            artifact_name: js_snapshot
-            artifact_path: libs/js_engine/src/artifacts/JS_SNAPSHOT.bin
-          - target: aarch64
-            snapshot_command: ./build-arm-v8-snapshot.sh
-            artifact_name: arm_js_snapshot
-            artifact_path: libs/js_engine/src/artifacts/ARM_JS_SNAPSHOT.bin
-    runs-on: ubuntu-latest
-    timeout-minutes: 60
-    steps:
-    - uses: actions/checkout@v3
-      with:
-        submodules: recursive
-        
-    - name: Set up QEMU
-      uses: docker/setup-qemu-action@v2
-      if: ${{ matrix.target == 'aarch64' }}
-      
-    - name: Set up Docker Buildx        
-      uses: docker/setup-buildx-action@v2
-      if: ${{ matrix.target == 'aarch64' }}
-
-    - name: "Install Rust"
-      run: |
-        rustup toolchain install ${{ env.RUST_VERSION }} --profile minimal --no-self-update
-        rustup default ${{ inputs.rust }}
-      shell: bash
-      if: ${{ matrix.target == 'x86_64' }}
-    
-    - uses: actions/cache@v3
-      with:
-        path: |
-          ~/.cargo/bin/
-          ~/.cargo/registry/index/
-          ~/.cargo/registry/cache/
-          ~/.cargo/git/db/
-          libs/target/
-        key: ${{ runner.os }}-cargo-libs-${{ matrix.target }}-${{ hashFiles('libs/Cargo.lock') }}
-
-    - name: Build v8 snapshot
-      run: ${{ matrix.snapshot_command }}
-      working-directory: libs
-
-    - uses: actions/upload-artifact@v3
-      with:
-        name: ${{ matrix.artifact_name }}
-        path: ${{ matrix.artifact_path }}
-
-  build_backend:
-    name: Build backend
-    strategy:
-      fail-fast: false
-      matrix:
-        target: [x86_64, aarch64]
-        include:
-          - target: x86_64
-            snapshot_download: js_snapshot
-          - target: aarch64
-            snapshot_download: arm_js_snapshot
-    runs-on: ubuntu-latest
-    timeout-minutes: 120
-    needs: build_libs
-    steps:
-    - uses: actions/checkout@v3
-      with:
-        submodules: recursive
-    
-    - name: Download ${{ matrix.snapshot_download }} artifact
-      uses: actions/download-artifact@v3
-      with:
-        name: ${{ matrix.snapshot_download }}
-        path: libs/js_engine/src/artifacts/
-        
-    - name: "Install Rust"
-      run: |
-        rustup toolchain install ${{ env.RUST_VERSION }} --profile minimal --no-self-update
-        rustup default ${{ inputs.rust }}
-      shell: bash
-      if: ${{ matrix.target == 'x86_64' }}
-    
-    - uses: actions/cache@v3
-      with:
-        path: |
-          ~/.cargo/bin/
-          ~/.cargo/registry/index/
-          ~/.cargo/registry/cache/
-          ~/.cargo/git/db/
-          backend/target/
-        key: ${{ runner.os }}-cargo-backend-${{ matrix.target }}-${{ hashFiles('backend/Cargo.lock') }}
-
-    - name: Install dependencies
-      run: |
-        sudo apt-get update
-        sudo apt-get install libavahi-client-dev
-      if: ${{ matrix.target == 'x86_64' }}
-
-    - name: Check Git Hash
-      run: ./check-git-hash.sh
-
-    - name: Check Environment
-      run: ./check-environment.sh
-
-    - name: Build backend
-      run: make ARCH=${{ matrix.target }} backend
-
-    - name: 'Tar files to preserve file permissions'
-      run: make ARCH=${{ matrix.target }} backend-${{ matrix.target }}.tar
-
-    - uses: actions/upload-artifact@v3
-      with:
-        name: backend-${{ matrix.target }}
-        path: backend-${{ matrix.target }}.tar
-    
-    - name: Install nextest
-      uses: taiki-e/install-action@nextest
-
-    - name: Build and archive tests
-      run: cargo nextest archive --archive-file nextest-archive-${{ matrix.target }}.tar.zst --target ${{ matrix.target }}-unknown-linux-gnu
-      working-directory: backend
-      if: ${{ matrix.target == 'x86_64' }}
-
-    - name: Build and archive tests
-      run: |
-        docker run --rm \
-        -v "$HOME/.cargo/registry":/root/.cargo/registry \
-        -v "$(pwd)":/home/rust/src \
-        -P start9/rust-arm-cross:aarch64 \
-        sh -c 'cd /home/rust/src/backend &&
-          rustup install ${{ env.RUST_VERSION }} &&
-          rustup override set ${{ env.RUST_VERSION }} &&
-          rustup target add aarch64-unknown-linux-gnu &&
-          curl -LsSf https://get.nexte.st/latest/linux | tar zxf - -C ${CARGO_HOME:-~/.cargo}/bin &&
-          cargo nextest archive --archive-file nextest-archive-${{ matrix.target }}.tar.zst --target ${{ matrix.target }}-unknown-linux-gnu'
-      if: ${{ matrix.target == 'aarch64' }}
-
-    - name: Reset permissions
-      run: sudo chown -R $USER target
-      working-directory: backend
-      if: ${{ matrix.target == 'aarch64' }}
-
-    - name: Upload archive to workflow
-      uses: actions/upload-artifact@v3
-      with:
-        name: nextest-archive-${{ matrix.target }}
-        path: backend/nextest-archive-${{ matrix.target }}.tar.zst
-
-  run_tests_backend:
-    name: Test backend
-    strategy:
-      fail-fast: false
-      matrix:
-        target: [x86_64, aarch64]
-        include:
-          - target: x86_64
-          - target: aarch64
-    runs-on: ubuntu-latest
-    timeout-minutes: 60
-    needs: build_backend
-    env:
-      CARGO_TERM_COLOR: always
-    steps:
-    - uses: actions/checkout@v3
-      with:
-        submodules: recursive
-
-    - name: Set up QEMU
-      uses: docker/setup-qemu-action@v2
-      if: ${{ matrix.target == 'aarch64' }}
-
-    - name: Set up Docker Buildx        
-      uses: docker/setup-buildx-action@v2
-      if: ${{ matrix.target == 'aarch64' }}
-
-    - run: mkdir -p ~/.cargo/bin
-      if: ${{ matrix.target == 'x86_64' }}
-
-    - name: Install nextest
-      uses: taiki-e/install-action@v2
-      with:
-        tool: nextest@0.9.47
-      if: ${{ matrix.target == 'x86_64' }}
-
-    - name: Download archive
-      uses: actions/download-artifact@v3
-      with:
-        name: nextest-archive-${{ matrix.target }}
-
-    - name: Download nextest (aarch64)
-      run: wget -O nextest-aarch64.tar.gz https://get.nexte.st/0.9.47/linux-arm
-      if: ${{ matrix.target == 'aarch64' }}
-
-    - name: Run tests
-      run: |
-        ${CARGO_HOME:-~/.cargo}/bin/cargo-nextest nextest run --no-fail-fast --archive-file nextest-archive-${{ matrix.target }}.tar.zst \
-        --filter-expr 'not (test(system::test_get_temp) | test(net::tor::test) | test(system::test_get_disk_usage) | test(net::ssl::certificate_details_persist) | test(net::ssl::ca_details_persist))'
-      if: ${{ matrix.target == 'x86_64' }}
-
-    - name: Run tests
-      run: |
-        docker run --rm --platform linux/arm64/v8 \
-        -v "/home/runner/.cargo/registry":/usr/local/cargo/registry \
-        -v "$(pwd)":/home/rust/src \
-        -e CARGO_TERM_COLOR=${{ env.CARGO_TERM_COLOR }} \
-        -P ubuntu:20.04 \
-        sh -c '
-          apt-get update &&
-          apt-get install -y ca-certificates &&
-          apt-get install -y rsync &&
-          cd /home/rust/src &&
-          mkdir -p ~/.cargo/bin &&
-          tar -zxvf nextest-aarch64.tar.gz -C ${CARGO_HOME:-~/.cargo}/bin &&
-          ${CARGO_HOME:-~/.cargo}/bin/cargo-nextest nextest run --archive-file nextest-archive-${{ matrix.target }}.tar.zst \
-          --filter-expr "not (test(system::test_get_temp) | test(net::tor::test) | test(system::test_get_disk_usage) | test(net::ssl::certificate_details_persist) | test(net::ssl::ca_details_persist))"'
-      if: ${{ matrix.target == 'aarch64' }}

.github/workflows/debian.yaml

@@ -1,63 +0,0 @@
-name: Debian Package
-
-on:
-  workflow_call:
-  workflow_dispatch:
-
-env:
-  NODEJS_VERSION: '16.11.0'
-  ENVIRONMENT: "dev"
-
-jobs:
-  dpkg:
-    name: Build dpkg
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v3
-      with:
-        repository: Start9Labs/embassy-os-deb
-
-    - uses: actions/checkout@v3
-      with:
-        submodules: recursive
-        path: embassyos-0.3.x
-    - run: |
-        cp -r debian embassyos-0.3.x/
-        VERSION=0.3.x ./control.sh
-        cp embassyos-0.3.x/backend/embassyd.service embassyos-0.3.x/debian/embassyos.embassyd.service
-        cp embassyos-0.3.x/backend/embassy-init.service embassyos-0.3.x/debian/embassyos.embassy-init.service
-    
-    - uses: actions/setup-node@v3
-      with:
-        node-version: ${{ env.NODEJS_VERSION }}
-    
-    - name: Get npm cache directory
-      id: npm-cache-dir
-      run: |
-        echo "dir=$(npm config get cache)" >> $GITHUB_OUTPUT
-    - uses: actions/cache@v3
-      id: npm-cache
-      with:
-        path: ${{ steps.npm-cache-dir.outputs.dir }}
-        key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
-        restore-keys: |
-          ${{ runner.os }}-node-
-
-    - name: Install dependencies
-      run: |
-        sudo apt-get update
-        sudo apt-get install debmake debhelper-compat
-
-    - name: Set up QEMU
-      uses: docker/setup-qemu-action@v2
-      
-    - name: Set up Docker Buildx        
-      uses: docker/setup-buildx-action@v2
-
-    - name: Run build
-      run: "make VERSION=0.3.x TAG=${{ github.ref_name }}"
-
-    - uses: actions/upload-artifact@v3
-      with:
-        name: deb
-        path: embassyos_0.3.x-1_amd64.deb

.github/workflows/frontend.yaml

@@ -1,46 +0,0 @@
-name: Frontend
-
-on:
-  workflow_call:
-  workflow_dispatch:
-
-env:
-  NODEJS_VERSION: '16.11.0'
-  ENVIRONMENT: "dev"
-
-jobs:
-  frontend:
-    name: Build frontend
-    runs-on: ubuntu-latest
-    timeout-minutes: 60
-    steps:
-    - uses: actions/checkout@v3
-      with:
-        submodules: recursive
-
-    - uses: actions/setup-node@v3
-      with:
-        node-version: ${{ env.NODEJS_VERSION }}
-    
-    - name: Get npm cache directory
-      id: npm-cache-dir
-      run: |
-        echo "dir=$(npm config get cache)" >> $GITHUB_OUTPUT
-    - uses: actions/cache@v3
-      id: npm-cache
-      with:
-        path: ${{ steps.npm-cache-dir.outputs.dir }}
-        key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
-        restore-keys: |
-          ${{ runner.os }}-node-
-
-    - name: Build frontends
-      run: make frontends
-
-    - name: 'Tar files to preserve file permissions'
-      run: tar -cvf frontend.tar ENVIRONMENT.txt GIT_HASH.txt VERSION.txt frontend/dist frontend/config.json
-
-    - uses: actions/upload-artifact@v3
-      with:
-        name: frontend
-        path: frontend.tar

.github/workflows/product.yaml

@@ -1,129 +0,0 @@
-name: Build Pipeline
-
-on:
-  workflow_dispatch:
-  push:
-    branches:
-    - master
-    - next
-  pull_request:
-    branches:
-    - master
-    - next
-
-env:
-  ENVIRONMENT: "dev"
-
-jobs:
-  compat:
-    uses: ./.github/workflows/reusable-workflow.yaml
-    with:
-      build_command: make system-images/compat/docker-images/aarch64.tar
-      artifact_name: compat.tar
-      artifact_path: system-images/compat/docker-images/aarch64.tar
-
-  utils:
-    uses: ./.github/workflows/reusable-workflow.yaml
-    with:
-      build_command: make system-images/utils/docker-images/aarch64.tar
-      artifact_name: utils.tar
-      artifact_path: system-images/utils/docker-images/aarch64.tar
-
-  binfmt:
-    uses: ./.github/workflows/reusable-workflow.yaml
-    with:
-      build_command: make system-images/binfmt/docker-images/aarch64.tar
-      artifact_name: binfmt.tar
-      artifact_path: system-images/binfmt/docker-images/aarch64.tar
-
-  backend:
-    uses: ./.github/workflows/backend.yaml
-
-  frontend:
-    uses: ./.github/workflows/frontend.yaml
-    
-  image:
-    name: Build image
-    runs-on: ubuntu-latest
-    timeout-minutes: 60
-    needs: [compat,utils,binfmt,backend,frontend]
-    steps:
-    - uses: actions/checkout@v3
-      with:
-        submodules: recursive
-
-    - name: Download compat.tar artifact
-      uses: actions/download-artifact@v3
-      with:
-        name: compat.tar
-        path: system-images/compat/docker-images/
-
-    - name: Download utils.tar artifact
-      uses: actions/download-artifact@v3
-      with:
-        name: utils.tar
-        path: system-images/utils/docker-images/
-    
-    - name: Download binfmt.tar artifact
-      uses: actions/download-artifact@v3
-      with:
-        name: binfmt.tar
-        path: system-images/binfmt/docker-images/
-
-    - name: Download js_snapshot artifact
-      uses: actions/download-artifact@v3
-      with:
-        name: js_snapshot
-        path: libs/js_engine/src/artifacts/
-  
-    - name: Download arm_js_snapshot artifact
-      uses: actions/download-artifact@v3
-      with:
-        name: arm_js_snapshot
-        path: libs/js_engine/src/artifacts/
-
-    - name: Download backend artifact
-      uses: actions/download-artifact@v3
-      with:
-        name: backend-aarch64
-
-    - name: 'Extract backend'
-      run: 
-        tar -mxvf backend-aarch64.tar
-
-    - name: Download frontend artifact
-      uses: actions/download-artifact@v3
-      with:
-        name: frontend
-
-    - name: Skip frontend build
-      run: |
-        mkdir frontend/node_modules
-        mkdir frontend/dist
-        mkdir patch-db/client/node_modules
-        mkdir patch-db/client/dist
-
-    - name: 'Extract frontend'
-      run: |
-        tar -mxvf frontend.tar frontend/config.json
-        tar -mxvf frontend.tar frontend/dist
-        tar -xvf frontend.tar GIT_HASH.txt
-        tar -xvf frontend.tar ENVIRONMENT.txt
-        tar -xvf frontend.tar VERSION.txt
-        rm frontend.tar
-
-    - name: Cache raspiOS
-      id: cache-raspios
-      uses: actions/cache@v3
-      with:
-        path: raspios.img
-        key: cache-raspios
-    
-    - name: Build image
-      run: |
-        make V=1 eos_raspberrypi-uninit.img --debug
-      
-    - uses: actions/upload-artifact@v3
-      with:
-        name: image
-        path: eos_raspberrypi-uninit.img

.github/workflows/pureos-iso.yaml

@@ -1,70 +0,0 @@
-name: PureOS Based ISO
-
-on:
-  workflow_call:
-  workflow_dispatch:
-  push:
-    branches:
-    - master
-    - next
-  pull_request:
-    branches:
-    - master
-    - next
-
-env:
-  ENVIRONMENT: "dev"
-
-jobs:
-  dpkg:
-    uses: ./.github/workflows/debian.yaml
-
-  iso:
-    name: Build iso
-    runs-on: ubuntu-22.04
-    needs: [dpkg]
-    steps:
-    - uses: actions/checkout@v3
-      with:
-        repository: Start9Labs/eos-image-recipes
-
-    - name: Install dependencies
-      run: |
-        sudo apt update
-        wget http://ftp.us.debian.org/debian/pool/main/d/debspawn/debspawn_0.6.1-1_all.deb
-        sha256sum ./debspawn_0.6.1-1_all.deb | grep fb8a3f588438ff9ef51e713ec1d83306db893f0aa97447565e28bbba9c6e90c6
-        sudo apt-get install -y ./debspawn_0.6.1-1_all.deb
-        wget https://repo.pureos.net/pureos/pool/main/d/debootstrap/debootstrap_1.0.125pureos1_all.deb
-        sudo apt-get install -y --allow-downgrades ./debootstrap_1.0.125pureos1_all.deb
-        wget https://repo.pureos.net/pureos/pool/main/p/pureos-archive-keyring/pureos-archive-keyring_2021.11.0_all.deb
-        sudo apt-get install -y ./pureos-archive-keyring_2021.11.0_all.deb
-
-    - name: Configure debspawn
-      run: |
-        sudo mkdir -p /etc/debspawn/
-        echo "AllowUnsafePermissions=true" | sudo tee /etc/debspawn/global.toml
-
-    - uses: actions/cache@v3
-      with:
-        path: /var/lib/debspawn
-        key: ${{ runner.os }}-debspawn-init-byzantium
-
-    - name: Make build container
-      run: "debspawn list | grep byzantium || debspawn create --with-init byzantium"
-
-    - run: "mkdir -p overlays/vendor/root"
-
-    - name: Download dpkg
-      uses: actions/download-artifact@v3
-      with:
-        name: deb
-        path: overlays/vendor/root
-
-    - name: Run build
-      run: |
-        ./run-local-build.sh --no-fakemachine byzantium none custom "" true
-
-    - uses: actions/upload-artifact@v3
-      with:
-        name: iso
-        path: results/*.iso

.github/workflows/reusable-workflow.yaml

@@ -1,37 +0,0 @@
-name: Reusable Workflow
-
-on:
-  workflow_call:
-    inputs:
-      build_command:
-        required: true
-        type: string
-      artifact_name:
-        required: true
-        type: string
-      artifact_path:
-        required: true
-        type: string
-
-env:
-  ENVIRONMENT: "dev"
-
-jobs:
-  generic_build_job:
-    runs-on: ubuntu-latest
-    timeout-minutes: 60
-    steps:
-    - uses: actions/checkout@v3
-      with:
-        submodules: recursive
-
-    - name: Set up Docker Buildx        
-      uses: docker/setup-buildx-action@v2
-
-    - name: Build image
-      run: ${{ inputs.build_command }}
-
-    - uses: actions/upload-artifact@v3
-      with:
-        name: ${{ inputs.artifact_name }}
-        path: ${{ inputs.artifact_path }}

.github/workflows/startos-iso.yaml

@@ -0,0 +1,237 @@
+name: Debian-based ISO and SquashFS
+
+on:
+  workflow_call:
+  workflow_dispatch:
+    inputs:
+      environment:
+        type: choice
+        description: Environment
+        options:
+          - NONE
+          - dev
+          - unstable
+          - dev-unstable
+          - docker
+          - dev-docker
+          - dev-unstable-docker
+      runner:
+        type: choice
+        description: Runner
+        options:
+          - standard
+          - fast
+      platform:
+        type: choice
+        description: Platform
+        options:
+          - ALL
+          - x86_64
+          - x86_64-nonfree
+          - aarch64
+          - aarch64-nonfree
+          - raspberrypi
+      deploy:
+        type: choice
+        description: Deploy
+        options:
+          - NONE
+          - alpha
+          - beta
+  push:
+    branches:
+      - master
+      - next/*
+  pull_request:
+    branches:
+      - master
+      - next/*
+
+env:
+  NODEJS_VERSION: "18.15.0"
+  ENVIRONMENT: '${{ fromJson(format(''["{0}", ""]'', github.event.inputs.environment || ''dev''))[github.event.inputs.environment == ''NONE''] }}'
+
+jobs:
+  compile:
+    name: Compile Base Binaries
+    strategy:
+      fail-fast: true
+      matrix:
+        arch: >-
+          ${{
+            fromJson('{
+              "x86_64": ["x86_64"],
+              "x86_64-nonfree": ["x86_64"],
+              "aarch64": ["aarch64"],
+              "aarch64-nonfree": ["aarch64"],
+              "raspberrypi": ["aarch64"],
+              "ALL": ["x86_64", "aarch64"]
+            }')[github.event.inputs.platform || 'ALL']
+          }}
+    runs-on: ${{ fromJson('["ubuntu-22.04", "buildjet-32vcpu-ubuntu-2204"]')[github.event.inputs.runner == 'fast'] }}
+    steps:
+      - run: |
+          sudo mount -t tmpfs tmpfs .
+        if: ${{ github.event.inputs.runner == 'fast' }}
+
+      - uses: actions/checkout@v3
+        with:
+          submodules: recursive
+
+      - uses: actions/setup-node@v3
+        with:
+          node-version: ${{ env.NODEJS_VERSION }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Make
+        run: make ARCH=${{ matrix.arch }} compiled-${{ matrix.arch }}.tar
+
+      - uses: actions/upload-artifact@v3
+        with:
+          name: compiled-${{ matrix.arch }}.tar
+          path: compiled-${{ matrix.arch }}.tar
+  image:
+    name: Build Image
+    needs: [compile]
+    strategy:
+      fail-fast: false
+      matrix:
+        platform: >-
+          ${{
+            fromJson(
+              format(
+                '[
+                  ["{0}"],
+                  ["x86_64", "x86_64-nonfree", "aarch64", "aarch64-nonfree", "raspberrypi"]
+                ]',
+                github.event.inputs.platform || 'ALL'
+              )
+            )[(github.event.inputs.platform || 'ALL') == 'ALL']
+          }}
+    runs-on: >-
+      ${{
+        fromJson(
+          format(
+            '["ubuntu-22.04", "{0}"]',
+            fromJson('{
+              "x86_64": "buildjet-8vcpu-ubuntu-2204",
+              "x86_64-nonfree": "buildjet-8vcpu-ubuntu-2204",
+              "aarch64": "buildjet-8vcpu-ubuntu-2204-arm",
+              "aarch64-nonfree": "buildjet-8vcpu-ubuntu-2204-arm",
+              "raspberrypi": "buildjet-8vcpu-ubuntu-2204-arm",
+            }')[matrix.platform]
+          )
+        )[github.event.inputs.runner == 'fast']
+      }}
+    env:
+      ARCH: >-
+        ${{
+          fromJson('{
+            "x86_64": "x86_64",
+            "x86_64-nonfree": "x86_64",
+            "aarch64": "aarch64",
+            "aarch64-nonfree": "aarch64",
+            "raspberrypi": "aarch64",
+          }')[matrix.platform]
+        }}
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          submodules: recursive
+
+      - name: Install dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y qemu-user-static
+          wget https://deb.debian.org/debian/pool/main/d/debspawn/debspawn_0.6.2-1_all.deb
+          sha256sum ./debspawn_0.6.2-1_all.deb | grep 37ef27458cb1e35e8bce4d4f639b06b4b3866fc0b9191ec6b9bd157afd06a817
+          sudo apt-get install -y ./debspawn_0.6.2-1_all.deb
+
+      - name: Configure debspawn
+        run: |
+          sudo mkdir -p /etc/debspawn/
+          echo "AllowUnsafePermissions=true" | sudo tee /etc/debspawn/global.toml
+          sudo mkdir -p /var/tmp/debspawn
+
+      - run: sudo mount -t tmpfs tmpfs /var/tmp/debspawn
+        if: ${{ github.event.inputs.runner == 'fast' && (matrix.platform == 'x86_64' || matrix.platform == 'x86_64-nonfree') }}
+
+      - name: Download compiled artifacts
+        uses: actions/download-artifact@v3
+        with:
+          name: compiled-${{ env.ARCH }}.tar
+
+      - name: Extract compiled artifacts
+        run: tar -xvf compiled-${{ env.ARCH }}.tar
+
+      - name: Prevent rebuild of compiled artifacts
+        run: |
+          mkdir -p web/dist/raw
+          PLATFORM=${{ matrix.platform }} make -t compiled-${{ env.ARCH }}.tar
+
+      - name: Run iso build
+        run: PLATFORM=${{ matrix.platform }} make iso
+        if: ${{ matrix.platform != 'raspberrypi' }}
+
+      - name: Run img build
+        run: PLATFORM=${{ matrix.platform }} make img
+        if: ${{ matrix.platform == 'raspberrypi' }}
+
+      - uses: actions/upload-artifact@v3
+        with:
+          name: ${{ matrix.platform }}.squashfs
+          path: results/*.squashfs
+
+      - uses: actions/upload-artifact@v3
+        with:
+          name: ${{ matrix.platform }}.iso
+          path: results/*.iso
+        if: ${{ matrix.platform != 'raspberrypi' }}
+
+      - uses: actions/upload-artifact@v3
+        with:
+          name: ${{ matrix.platform }}.img
+          path: results/*.img
+        if: ${{ matrix.platform == 'raspberrypi' }}
+
+      - name: Upload OTA to registry
+        run: >-
+          PLATFORM=${{ matrix.platform }} make upload-ota TARGET="${{
+            fromJson('{
+              "alpha": "alpha-registry-x.start9.com",
+              "beta": "beta-registry.start9.com",
+            }')[github.event.inputs.deploy]
+          }}" KEY="${{
+            fromJson(
+              format('{{
+                "alpha": "{0}",
+                "beta": "{1}",
+              }}', secrets.ALPHA_INDEX_KEY, secrets.BETA_INDEX_KEY)
+            )[github.event.inputs.deploy]
+          }}"
+        if: ${{ github.event.inputs.deploy != '' && github.event.inputs.deploy != 'NONE' }}
+
+  index:
+    if: ${{ github.event.inputs.deploy != '' && github.event.inputs.deploy != 'NONE' }}
+    needs: [image]
+    runs-on: ubuntu-22.04
+    steps:
+      - run: >-
+          curl "https://${{
+            fromJson('{
+              "alpha": "alpha-registry-x.start9.com",
+              "beta": "beta-registry.start9.com",
+            }')[github.event.inputs.deploy]
+          }}:8443/resync.cgi?key=${{
+            fromJson(
+              format('{{
+                "alpha": "{0}",
+                "beta": "{1}",
+              }}', secrets.ALPHA_INDEX_KEY, secrets.BETA_INDEX_KEY)
+            )[github.event.inputs.deploy]
+          }}"

.github/workflows/test.yaml

@@ -0,0 +1,31 @@
+name: Automated Tests
+
+on:
+  push:
+    branches:
+      - master
+      - next/*
+  pull_request:
+    branches:
+      - master
+      - next/*
+
+env:
+  NODEJS_VERSION: "18.15.0"
+  ENVIRONMENT: dev-unstable
+
+jobs:
+  test:
+    name: Run Automated Tests
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          submodules: recursive
+
+      - uses: actions/setup-node@v3
+        with:
+          node-version: ${{ env.NODEJS_VERSION }}
+
+      - name: Build And Run Tests
+        run: make test

.gitignore

@@ -16,13 +16,16 @@ deploy_web.sh
 secrets.db
 .vscode/
 /cargo-deps/**/*
+/PLATFORM.txt
 /ENVIRONMENT.txt
 /GIT_HASH.txt
 /VERSION.txt
-/embassyos-*.tar.gz
 /eos-*.tar.gz
 /*.deb
 /target
 /*.squashfs
-/debian
-/DEBIAN
+/results
+/dpkg-workdir
+/compiled.tar
+/compiled-*.tar
+/firmware

CHANGELOG.md

@@ -1,429 +0,0 @@
-# v0.3.3
-## Highlights
-    - x86_64 architecture compatibility
-    - Kiosk mode - use your Embassy with monitor, keyboard, and mouse (available on x86 builds only, disabled on Raspberry Pi)
-    - "Updates" tab - view all service updates from all registries in one place
-    - Various UI/UX improvements
-    - Various bugfixes and optimizations
-
-## What's Changed
-    - Minor typo fixes by @kn0wmad in #1887
-    - Update build pipeline by @moerketh in #1896
-    - Feature/setup migrate by @elvece in #1841
-    - Feat/patch migration by @Blu-J in #1890
-    - make js cancellable by @dr-bonez in #1901
-    - wip: Making Injectable exec by @Blu-J in #1897
-    - Fix/debug by @Blu-J in #1909
-    - chore: Fix on the rsync not having stdout. by @Blu-J in #1911
-    - install wizard project by @MattDHill in #1893
-    - chore: Remove the duplicate loggging information that is making usele… by @Blu-J in #1912
-    - Http proxy by @redragonx in #1772
-    - fix(marketplace): loosen type in categories component by @waterplea in #1918
-    - set custom meta title by @MattDHill in #1915
-    - Feature/git hash by @dr-bonez in #1919
-    - closes #1900 by @dr-bonez in #1920
-    - feature/marketplace icons by @dr-bonez in #1921
-    - Bugfix/0.3.3 migration by @dr-bonez in #1922
-    - feat: Exposing the rsync that we have to the js by @Blu-J in #1907
-    - Feature/install wizard disk info by @dr-bonez in #1923
-    - bump shared and marketplace npm versions by @dr-bonez in #1924
-    - fix error handling when store unreachable by @dr-bonez in #1925
-    - wait for network online before launching init by @dr-bonez in #1930
-    - silence service crash notifications by @dr-bonez in #1929
-    - disable efi by @dr-bonez in #1931
-    - Tor daemon fix by @redragonx in #1934
-    - wait for url to be available before launching kiosk by @dr-bonez in #1933
-    - fix migration to support portable fatties by @dr-bonez in #1935
-    - Add guid to partition type by @MattDHill in #1932
-    - add localhost support to the http server by @redragonx in #1939
-    - refactor setup wizard by @dr-bonez in #1937
-    - feat(shared): Ticker add new component and use it in marketplace by @waterplea in #1940
-    - feat: For ota update using rsyncd by @Blu-J in #1938
-    - Feat/update progress by @MattDHill in #1944
-    - Fix/app show hidden by @MattDHill in #1948
-    - create dpkg and iso workflows by @dr-bonez in #1941
-    - changing ip addr type by @redragonx in #1950
-    - Create mountpoints first by @k0gen in #1949
-    - Hard code registry icons by @MattDHill in #1951
-    - fix: Cleanup by sending a command and kill when dropped by @Blu-J in #1945
-    - Update setup wizard styling by @elvece in #1954
-    - Feature/homepage by @elvece in #1956
-    - Fix millis by @Blu-J in #1960
-    - fix accessing dev tools by @MattDHill in #1966
-    - Update/misc UI fixes by @elvece in #1961
-    - Embassy-init typo by @redragonx in #1959
-    - feature: 0.3.2 -> 0.3.3 upgrade by @dr-bonez in #1958
-    - Fix/migrate by @Blu-J in #1962
-    - chore: Make validation reject containers by @Blu-J in #1970
-    - get pubkey and encrypt password on login by @elvece in #1965
-    - Multiple bugs and styling by @MattDHill in #1975
-    - filter out usb stick during install by @dr-bonez in #1974
-    - fix http upgrades by @dr-bonez in #1980
-    - restore interfaces before creating manager by @dr-bonez in #1982
-    - fuckit: no patch db locks by @dr-bonez in #1969
-    - fix websocket hangup error by @dr-bonez in #1981
-    - revert app show to use header and fix back button by @MattDHill in #1984
-    - Update/marketplace info by @elvece in #1983
-    - force docker image removal by @dr-bonez in #1985
-    - do not error if cannot determine live usb device by @dr-bonez in #1986
-    - remove community registry from FE defaults by @MattDHill in #1988
-    - check environment by @dr-bonez in #1990
-    - fix marketplace search and better category disabling by @MattDHill in #1991
-    - better migration progress bar by @dr-bonez in #1993
-    - bump cargo version by @dr-bonez in #1995
-    - preload icons and pause on setup complete for kiosk mode by @MattDHill in #1997
-    - use squashfs for rpi updates by @dr-bonez in #1998
-    - do not start progress at 0 before diff complete by @dr-bonez in #1999
-    - user must click continue in kiosk on success page by @MattDHill in #2001
-    - fix regex in image rip script by @dr-bonez in #2002
-    - fix bug with showing embassy drives and center error text by @MattDHill in #2006
-    - fix partition type by @dr-bonez in #2007
-    - lowercase service for alphabetic sorting by @MattDHill in #2008
-    - dont add updates cat by @MattDHill in #2009
-    - make downloaded page a full html doc by @MattDHill in #2011
-    - wait for monitor to be attached before launching firefox by @chrisguida in #2005
-    - UI fixes by @elvece in #2014
-    - fix: Stop service before by @Blu-J in #2019
-    - shield links update by @k0gen in #2018
-    - fix: Undoing the breaking introduced by trying to stopp by @Blu-J in #2023
-    - update link rename from embassy -> system by @elvece in #2027
-    - initialize embassy before restoring packages by @dr-bonez in #2029
-    - make procfs an optional dependency so sdk can build on macos by @elvece in #2028
-    - take(1) for recover select by @MattDHill in #2030
-    - take one from server info to prevent multiple reqs to registries by @MattDHill in #2032
-    - remove write lock during backup by @MattDHill in #2033
-    - fix: Ensure that during migration we make the urls have a trailing slash by @Blu-J in #2036
-    - fix: Make the restores limited # restore at a time by @Blu-J in #2037
-    - fix error and display of unknown font weight on success page by @elvece in #2038
-
-## Checksums
-```
-8602e759d3ece7cf503b9ca43e8419109f14e424617c2703b3771c8801483d7e  embassyos_amd64.deb
-b5c0d8d1af760881a1b5cf32bd7c5b1d1cf6468f6da594a1b4895a866d03a58c  embassyos_amd64.iso
-fe518453a7e1a8d8c2be43223a1a12adff054468f8082df0560e1ec50df3dbfd  embassyos_raspberrypi.img
-7b1ff0ada27b6714062aa991ec31c2d95ac4edf254cd464a4fa251905aa47ebd  embassyos_raspberrypi.tar.gz
-```
-
-# v0.3.2.1
-## What's Changed
-    - Update index.html copy and styling by @elvece in #1855
-    - increase maximum avahi entry group size by @dr-bonez in #1869
-    - bump version by @dr-bonez in #1871
-
-### Linux and Mac
-
-Download the `eos.tar.gz` file, then extract and flash the resulting eos.img to your SD Card
-Windows
-
-Download the `eos.zip` file, then extract and flash the resulting eos.img to your SD Card
-
-## SHA-256 Checksums
-```
-c4b17658910dd10c37df134d5d5fdd6478f962ba1b803d24477d563d44430f96  eos.tar.gz
-3a8b29878fe222a9d7cbf645c975b12805704b0f39c7daa46033d22380f9828c eos.zip
-dedff3eb408ea411812b8f46e6c6ed32bfbd97f61ec2b85a6be40373c0528256  eos.img
-```
-
-# v0.3.2
-## Highlights
-    - Autoscrolling for logs
-    - Improved connectivity between browser and Embassy
-    - Switch to Postgres for EOS database for better performance
-    - Multiple bug fixes and under-the-hood improvements
-    - Various UI/UX enhancements
-    - Removal of product keys
-
-Update Hash (SHA256): `d8ce908b06baee6420b45be1119e5eb9341ba8df920d1e255f94d1ffb7cc4de9`
-
-Image Hash (SHA256): `e035cd764e5ad9eb1c60e2f7bc3b9bd7248f42a91c69015c8a978a0f94b90bbb`
-
-Note: This image was uploaded as a gzipped POSIX sparse TAR file. The recommended command for unpacking it on systems that support sparse files is `tar --format=posix --sparse -zxvf eos.tar.gz`
-
-## What's Changed
-    - formatting by @dr-bonez in #1698
-    - Update README.md by @kn0wmad in #1705
-    - Update README.md by @dr-bonez in #1703
-    - feat: migrate to Angular 14 and RxJS 7 by @waterplea in #1681
-    - 0312 multiple FE by @MattDHill in #1712
-    - Fix http requests by @MattDHill in #1717
-    - Add build-essential to README.md by @chrisguida in #1716
-    - write image to sparse-aware archive format by @dr-bonez in #1709
-    - fix: Add modification to the max_user_watches by @Blu-J in #1695
-    - [Feat] follow logs by @chrisguida in #1714
-    - Update README.md by @dr-bonez in #1728
-    - fix build for patch-db client for consistency by @elvece in #1722
-    - fix cli install by @chrisguida in #1720
-    - highlight instructions if not viewed by @MattDHill in #1731
-    - Feat: HttpReader by @redragonx in #1733
-    - Bugfix/dns by @dr-bonez in #1741
-    - add x86 build and run unittests to backend pipeline by @moerketh in #1682
-    - [Fix] websocket connecting and patchDB connection monitoring by @MattDHill in #1738
-    - Set pipeline job timeouts and add ca-certificates to test container by @moerketh in #1753
-    - Disable bluetooth properly #862 by @redragonx in #1745
-    - [feat]: resumable downloads by @dr-bonez in #1746
-    - Fix/empty properties by @elvece in #1764
-    - use hostname from patchDB as default server name by @MattDHill in #1758
-    - switch to postgresql by @dr-bonez in #1763
-    - remove product key from setup flow by @MattDHill in #1750
-    - pinning cargo dep versions for CLI by @redragonx in #1775
-    - fix: Js deep dir by @Blu-J in #1784
-    - 0.3.2 final cleanup by @dr-bonez in #1782
-    - expect ui marketplace to be undefined by @MattDHill in #1787
-    - fix init to exit on failure by @dr-bonez in #1788
-    - fix search to return more accurate results by @MattDHill in #1792
-    - update backend dependencies by @dr-bonez in #1796
-    - use base64 for HTTP headers by @dr-bonez in #1795
-    - fix: Bad cert of *.local.local is now fixed to correct. by @Blu-J in #1798
-    - fix duplicate patch updates, add scroll button to setup success by @MattDHill in #1800
-    - level_slider reclaiming that precious RAM memory by @k0gen in #1799
-    - stop leaking avahi clients by @dr-bonez in #1802
-    - fix: Deep is_parent was wrong and could be escapped by @Blu-J in #1801
-    - prevent cfg str generation from running forever by @dr-bonez in #1804
-    - better RPC error message by @MattDHill in #1803
-    - Bugfix/marketplace add by @elvece in #1805
-    - fix mrketplace swtiching by @MattDHill in #1810
-    - clean up code and logs by @MattDHill in #1809
-    - fix: Minor fix that matt wanted by @Blu-J in #1808
-    - onion replace instead of adding tor repository by @k0gen in #1813
-    - bank Start as embassy hostname from the begining by @k0gen in #1814
-    - add descriptions to marketplace list page by @elvece in #1812
-    - Fix/encryption by @elvece in #1811
-    - restructure initialization by @dr-bonez in #1816
-    - update license by @MattDHill in #1819
-    - perform system rebuild after updating by @dr-bonez in #1820
-    - ignore file not found error for delete by @dr-bonez in #1822
-    - Multiple by @MattDHill in #1823
-    - Bugfix/correctly package backend job by @moerketh in #1826
-    - update patch-db by @dr-bonez in #1831
-    - give name to logs file by @MattDHill in #1833
-    - play song during update by @dr-bonez in #1832
-    - Seed patchdb UI data by @elvece in #1835
-    - update patch db and enable logging by @dr-bonez in #1837
-    - reduce patch-db log level to warn by @dr-bonez in #1840
-    - update ts matches to fix properties ordering bug by @elvece in #1843
-    - handle multiple image tags having the same hash and increase timeout by @dr-bonez in #1844
-    - retry pgloader up to 5x by @dr-bonez in #1845
-    - show connection bar right away by @MattDHill in #1849
-    - dizzy Rebranding to embassyOS by @k0gen in #1851
-    - update patch db by @MattDHill in #1852
-    - camera_flash screenshots update by @k0gen in #1853
-    - disable concurrency and delete tmpdir before retry by @dr-bonez in #1846
-
-## New Contributors
-
-	- @redragonx made their first contribution in #1733
-
-
-# v0.3.1.1
-## What's Changed
-
-    - whale2 docker stats fix by @k0gen in #1630
-    - update backend dependencies by @dr-bonez in #1637
-    - Fix/receipts health by @Blu-J in #1616
-    - return correct error on failed os download by @dr-bonez in #1636
-    - fix build by @dr-bonez in #1639
-    - Update product.yaml by @dr-bonez in #1638
-    - handle case where selected union enum is invalid after migration by @MattDHill in #1658
-    - fix: Resolve fighting with NM by @Blu-J in #1660
-    - sdk: don't allow mounts in inject actions by @chrisguida in #1653
-    - feat: Variable args by @Blu-J in #1667
-    - add readme to system-images folder by @elvece in #1665
-    - Mask chars beyond 16 by @MattDHill in #1666
-    - chore: Update to have the new version 0.3.1.1 by @Blu-J in #1668
-    - feat: Make the rename effect by @Blu-J in #1669
-    - fix migration, add logging by @dr-bonez in #1674
-    - run build checks only when relevant FE changes by @elvece in #1664
-    - trust local ca by @dr-bonez in #1670
-    - lower log level for docker deser fallback message by @dr-bonez in #1672
-    - refactor build process by @dr-bonez in #1675
-    - chore: enable strict mode by @waterplea in #1569
-    - draft releases notes for 0311 by @MattDHill in #1677
-    - add standby mode by @dr-bonez in #1671
-    - feat: atomic writing by @Blu-J in #1673
-    - allow server.update to update to current version by @dr-bonez in #1679
-    - allow falsey rpc response by @dr-bonez in #1680
-    - issue notification when individual package restore fails by @dr-bonez in #1685
-    - replace bang with question mark in html by @MattDHill in #1683
-    - only validate mounts for inject if eos >=0.3.1.1 by @dr-bonez in #1686
-    - add marketplace_url to backup metadata for service by @dr-bonez in #1688
-    - marketplace published at for service by @MattDHill in #1689
-    - sync data to fs before shutdown by @dr-bonez in #1690
-    - messaging for restart, shutdown, rebuild by @MattDHill in #1691
-    - honor shutdown from diagnostic ui by @dr-bonez in #1692
-    - ask for sudo password immediately during make by @dr-bonez in #1693
-    - sync blockdev after update by @dr-bonez in #1694
-    - set Matt as default assignee by @MattDHill in #1697
-    - NO_KEY for CI images by @dr-bonez in #1700
-    - fix typo by @dr-bonez in #1702
-
-# v0.3.1
-## What's Changed
-    - Feat bulk locking by @Blu-J in #1422
-    - Switching SSH keys to start9 user by @k0gen in #1321
-    - chore: Convert from ajv to ts-matches by @Blu-J in #1415
-    - Fix/id params by @elvece in #1414
-    - make nicer update sound by @ProofOfKeags in #1438
-    - adds product key to error message in setup flow when there is mismatch by @dr-bonez in #1436
-    - Update README.md to include yq by @cryptodread in #1385
-    - yin_yang For the peace of mind yin_yang by @k0gen in #1444
-    - Feature/update sound by @ProofOfKeags in #1439
-    - Feature/script packing by @ProofOfKeags in #1435
-    - rename ActionImplementation to PackageProcedure by @dr-bonez in #1448
-    - Chore/warning cleanse by @ProofOfKeags in #1447
-    - refactor packing to async by @ProofOfKeags in #1453
-    - Add nginx config for proxy redirect by @yzernik in #1421
-    - Proxy local frontend to remote backend by @elvece in #1452
-    - Feat/js action by @Blu-J in #1437
-    - Fix/making js work by @Blu-J in #1456
-    - fix: Dependency vs dependents by @Blu-J in #1462
-    - refactor: isolate network toast and login redirect to separate services by @waterplea in #1412
-    - Fix links in CONTRIBUTING.md, update ToC by @BBlackwo in #1463
-    - Feature/require script consistency by @ProofOfKeags in #1451
-    - Chore/version 0 3 1 0 by @Blu-J in #1475
-    - remove interactive TTY requirement from scripts by @moerketh in #1469
-    - Disable view in marketplace button when side-loaded by @BBlackwo in #1471
-    - Link to tor address on LAN setup page (#1277) by @BBlackwo in #1466
-    - UI version updates and welcome message for 0.3.1 by @elvece in #1479
-    - Update contribution and frontend readme by @BBlackwo in #1467
-    - Clean up config by @MattDHill in #1484
-    - Enable Control Groups for Docker containers by @k0gen in #1468
-    - Fix/patch db unwrap remove by @Blu-J in #1481
-    - handles spaces in working dir in make-image.sh by @moerketh in #1487
-    - UI cosmetic improvements by @MattDHill in #1486
-    - chore: fix the master by @Blu-J in #1495
-    - generate unique ca names based off of server id by @ProofOfKeags in #1500
-    - allow embassy-cli not as root by @dr-bonez in #1501
-    - fix: potential fix for the docker leaking the errors and such by @Blu-J in #1496
-    - Fix/memory leak docker by @Blu-J in #1505
-    - fixes serialization of regex pattern + description by @ProofOfKeags in #1509
-    - allow interactive TTY if available by @dr-bonez in #1508
-    - fix "missing proxy" error in embassy-cli by @dr-bonez in #1516
-    - Feat/js known errors by @Blu-J in #1514
-    - fixes a bug where nginx will crash if eos goes into diagnostic mode a… by @dr-bonez in #1506
-    - fix: restart/ uninstall sometimes didn't work by @Blu-J in #1527
-    - add "error_for_status" to static file downloads by @dr-bonez in #1532
-    - fixes #1169 by @dr-bonez in #1533
-    - disable unnecessary services by @dr-bonez in #1535
-    - chore: Update types to match embassyd by @Blu-J in #1539
-    - fix: found a unsaturaded args fix by @Blu-J in #1540
-    - chore: Update the lite types to include the union and enum by @Blu-J in #1542
-    - Feat: Make the js check for health by @Blu-J in #1543
-    - fix incorrect error message for deserialization in ValueSpecString by @dr-bonez in #1547
-    - fix dependency/dependent id issue by @dr-bonez in #1546
-    - add textarea to ValueSpecString by @dr-bonez in #1534
-    - Feat/js metadata by @Blu-J in #1548
-    - feat: uid/gid/mode added to metadata by @Blu-J in #1551
-    - Strict null checks by @waterplea in #1464
-    - fix backend builds for safe git config by @elvece in #1549
-    - update should send version not version spec by @elvece in #1559
-    - chore: Add tracing for debuging the js procedure slowness by @Blu-J in #1552
-    - Reset password through setup wizard by @MattDHill in #1490
-    - feat: Make sdk by @Blu-J in #1564
-    - fix: Missing a feature flat cfg by @Blu-J in #1563
-    - fixed sentence that didn't make sense by @BitcoinMechanic in #1565
-    - refactor(patch-db): use PatchDB class declaratively by @waterplea in #1562
-    - fix bugs with config and clean up dev options by @MattDHill in #1558
-    - fix: Make it so we only need the password on the backup by @Blu-J in #1566
-    - kill all sessions and remove ripple effect by @MattDHill in #1567
-    - adjust service marketplace button for installation source relevance by @elvece in #1571
-    - fix connection failure display monitoring and other style changes by @MattDHill in #1573
-    - add dns server to embassy-os by @dr-bonez in #1572
-    - Fix/mask generic inputs by @elvece in #1570
-    - Fix/sideload icon type by @elvece in #1577
-    - add avahi conditional compilation flags to dns by @dr-bonez in #1579
-    - selective backups and better drive selection interface by @MattDHill in #1576
-    - Feat/use modern tor by @kn0wmad in #1575
-    - update welcome notes for 031 by @MattDHill in #1580
-    - fix: Properties had a null description by @Blu-J in #1581
-    - fix backup lock ordering by @dr-bonez in #1582
-    - Bugfix/backup lock order by @dr-bonez in #1583
-    - preload redacted and visibility hidden by @MattDHill in #1584
-    - turn chevron red in config if error by @MattDHill in #1586
-    - switch to utc by @dr-bonez in #1587
-    - update patchdb for array patch fix by @elvece in #1588
-    - filter package ids when backing up by @dr-bonez in #1589
-    - add select/deselect all to backups and enum lists by @elvece in #1590
-    - fix: Stop the buffer from dropped pre-maturly by @Blu-J in #1591
-    - chore: commit the snapshots by @Blu-J in #1592
-    - nest new entries and message updates better by @MattDHill in #1595
-    - fix html parsing in logs by @elvece in #1598
-    - don't crash service if io-format is set for main by @dr-bonez in #1599
-    - strip html from colors from logs by @elvece in #1604
-    - feat: fetch effect by @Blu-J in #1605
-    - Fix/UI misc by @elvece in #1606
-    - display bottom item in backup list and refactor for cleanliness by @MattDHill in #1609
-
-# v0.3.0.3
-## What's Changed
-	- refactor: decompose app component by @waterplea in #1359
-	- Update Makefile by @kn0wmad in #1400
-	- ⬐ smarter wget by @k0gen in #1401
-	- prevent the kernel from OOMKilling embassyd by @dr-bonez in #1402
-	- attempt to heal when health check passes by @dr-bonez in #1420
-	- Feat new locking by @Blu-J in #1384
-	- version bump by @dr-bonez in #1423
-	- Update server-show.page.ts by @chrisguida in #1424
-	- Bump async from 2.6.3 to 2.6.4 in /frontend by @dependabot in #1426
-	- Update index.html by @mirkoRainer in #1419
-
-## New Contributors
-    - @dependabot made their first contribution in #1426
-    - @mirkoRainer made their first contribution in #1419
-
-# v0.3.0.2
-- Minor compatibility fixes
-  - #1392
-  - #1390
-  - #1388
-
-# v0.3.0.1
-Minor bugfixes and performance improvements
-
-# v0.3.0
-- Websockets
-	- Real-time sync
-- Patch DB
-	- Closely mirror FE and BE state. Most operating systems are connected to their GUI. Here it is served over the web. Patch DB and websockets serve to close the perceptual gap of this inherent challenge.
-- Switch kernel from Raspbian to Ubuntu
-	- 64 bit
-	- Possibility for alternative hardware
-- Merging of lifeline, agent, and appmgr into embassyd
-	- Elimination of Haskell in favor of pure Rust
-	- Unified API for interacting with the OS
-	- Easier to build from source
-- OS (quarantined from OS and service data)
-	- Kernel/boot
-	- Persistent metadata (disk guid, product key)
-	- Rootfs (the os)
-	- Reserved (for updates) - swaps with rootfs
-- Revamped OS updates
-	- Progress indicators
-	- Non-blocking
-	- Simple swap on reboot
-- Revamped setup flow
-	- Elimination of Setup App (Apple/Google dependencies gone)
-	- Setup Wizard on http://embassy.local
-- Revamped service config
-	- Dynamic, validated forms
-- Diagnostic UI
-	- Missing disk, wrong disk, corrupt disk
-- Turing complete API for actions, backup/restore, config, properties, notifications, health checks, and dependency requirements
-- Optional, arbitrary inputs for actions
-- Install, update, recover progress for apps
-- Multiple interfaces
-	- E.g. rpc, p2p, ui
-- Health checks
-	- Developer defined
-	- Internal, dependencies, and/or external
-- Full Embassy backup (diff-based)
-- External drive support/requirement
-	- Single at first
-	- Groundwork for extension and mirror drives
-- Disk encryption
-	- Random key encrypted with static value
-	- Groundwork for swapping static value with chosen password
-- Session Management
-	- List all active sessions
-	- Option to kill
-- More robust and extensive logs
-- Donations

CONTRIBUTING.md

@@ -1,340 +1,119 @@
-<!-- omit in toc -->
+# Contributing to StartOS
 
-# Contributing to Embassy OS
+This guide is for contributing to the StartOS. If you are interested in packaging a service for StartOS, visit the [service packaging guide](https://docs.start9.com/latest/developer-docs/). If you are interested in promoting, providing technical support, creating tutorials, or helping in other ways, please visit the [Start9 website](https://start9.com/contribute).
 
-First off, thanks for taking the time to contribute! ❤️
 
-All types of contributions are encouraged and valued. See the
-[Table of Contents](#table-of-contents) for different ways to help and details
-about how this project handles them. Please make sure to read the relevant
-section before making your contribution. It will make it a lot easier for us
-maintainers and smooth out the experience for all involved. The community looks
-forward to your contributions. 🎉
+## Collaboration
 
-> And if you like the project, but just don't have time to contribute, that's
-> fine. There are other easy ways to support the project and show your
-> appreciation, which we would also be very happy about:
->
-> - Star the project
-> - Tweet about it
-> - Refer this project in your project's readme
-> - Mention the project at local meetups and tell your friends/colleagues
-> - Buy an [Embassy](https://start9labs.com)
+- [Matrix](https://matrix.to/#/#community-dev:matrix.start9labs.com)
+- [Telegram](https://t.me/start9_labs/47471)
 
-<!-- omit in toc -->
+## Project Structure
 
-## Table of Contents
+```bash
+/
+├── assets/
+├── core/
+├── build/
+├── debian/
+├── web/
+├── image-recipe/
+├── patch-db
+└── system-images/
+```
+#### assets
+screenshots for the StartOS README
 
-- [I Have a Question](#i-have-a-question)
-- [I Want To Contribute](#i-want-to-contribute)
-  - [Reporting Bugs](#reporting-bugs)
-  - [Suggesting Enhancements](#suggesting-enhancements)
-  - [Project Structure](#project-structure)
-  - [Your First Code Contribution](#your-first-code-contribution)
-    - [Setting Up Your Development Environment](#setting-up-your-development-environment)
-    - [Building The Image](#building-the-image)
-  - [Improving The Documentation](#improving-the-documentation)
-- [Styleguides](#styleguides)
-  - [Formatting](#formatting)
-  - [Atomic Commits](#atomic-commits)
-  - [Commit Messages](#commit-messages)
-  - [Pull Requests](#pull-requests)
-  - [Rebasing Changes](#rebasing-changes)
-- [Join The Discussion](#join-the-discussion)
-- [Join The Project Team](#join-the-project-team)
+#### core
+An API, daemon (startd), CLI (start-cli), and SDK (start-sdk) that together provide the core functionality of StartOS.
 
-## I Have a Question
+#### build
+Auxiliary files and scripts to include in deployed StartOS images
 
-> If you want to ask a question, we assume that you have read the available
-> [Documentation](https://docs.start9labs.com).
+#### debian
+Maintainer scripts for the StartOS Debian package
 
-Before you ask a question, it is best to search for existing
-[Issues](https://github.com/Start9Labs/embassy-os/issues) that might help you.
-In case you have found a suitable issue and still need clarification, you can
-write your question in this issue. It is also advisable to search the internet
-for answers first.
+#### web
+Web UIs served under various conditions and used to interact with StartOS APIs.
 
-If you then still feel the need to ask a question and need clarification, we
-recommend the following:
+#### image-recipe
+Scripts for building StartOS images
 
-- Open an [Issue](https://github.com/Start9Labs/embassy-os/issues/new).
-- Provide as much context as you can about what you're running into.
-- Provide project and platform versions, depending on what seems relevant.
+#### patch-db (submodule)
+A diff based data store used to synchronize data between the web interfaces and server.
 
-We will then take care of the issue as soon as possible.
+#### system-images
+Docker images that assist with creating backups.
 
-<!--
-You might want to create a separate issue tag for questions and include it in this description. People should then tag their issues accordingly.
-
-Depending on how large the project is, you may want to outsource the questioning, e.g. to Stack Overflow or Gitter. You may add additional contact and information possibilities:
-- IRC
-- Slack
-- Gitter
-- Stack Overflow tag
-- Blog
-- FAQ
-- Roadmap
-- E-Mail List
-- Forum
--->
-
-## I Want To Contribute
-
-> ### Legal Notice <!-- omit in toc -->
->
-> When contributing to this project, you must agree that you have authored 100%
-> of the content, that you have the necessary rights to the content and that the
-> content you contribute may be provided under the project license.
-
-### Reporting Bugs
-
-<!-- omit in toc -->
-
-#### Before Submitting a Bug Report
-
-A good bug report shouldn't leave others needing to chase you up for more
-information. Therefore, we ask you to investigate carefully, collect information
-and describe the issue in detail in your report. Please complete the following
-steps in advance to help us fix any potential bug as fast as possible.
-
-- Make sure that you are using the latest version.
-- Determine if your bug is really a bug and not an error on your side e.g. using
-  incompatible environment components/versions (Make sure that you have read the
-  [documentation](https://start9.com/latest/user-manual). If you are looking for
-  support, you might want to check [this section](#i-have-a-question)).
-- To see if other users have experienced (and potentially already solved) the
-  same issue you are having, check if there is not already a bug report existing
-  for your bug or error in the
-  [bug tracker](https://github.com/Start9Labs/embassy-os/issues?q=label%3Abug).
-- Also make sure to search the internet (including Stack Overflow) to see if
-  users outside of the GitHub community have discussed the issue.
-- Collect information about the bug:
-  - Stack trace (Traceback)
-  - Client OS, Platform and Version (Windows/Linux/macOS/iOS/Android,
-    Firefox/Tor Browser/Consulate)
-  - Version of the interpreter, compiler, SDK, runtime environment, package
-    manager, depending on what seems relevant.
-  - Possibly your input and the output
-  - Can you reliably reproduce the issue? And can you also reproduce it with
-    older versions?
-
-<!-- omit in toc -->
-
-#### How Do I Submit a Good Bug Report?
-
-> You must never report security related issues, vulnerabilities or bugs to the
-> issue tracker, or elsewhere in public. Instead sensitive bugs must be sent by
-> email to <security@start9labs.com>.
-
-<!-- You may add a PGP key to allow the messages to be sent encrypted as well. -->
-
-We use GitHub issues to track bugs and errors. If you run into an issue with the
-project:
-
-- Open an [Issue](https://github.com/Start9Labs/embassy-os/issues/new/choose)
-  selecting the appropriate type.
-- Explain the behavior you would expect and the actual behavior.
-- Please provide as much context as possible and describe the _reproduction
-  steps_ that someone else can follow to recreate the issue on their own. This
-  usually includes your code. For good bug reports you should isolate the
-  problem and create a reduced test case.
-- Provide the information you collected in the previous section.
-
-Once it's filed:
-
-- The project team will label the issue accordingly.
-- A team member will try to reproduce the issue with your provided steps. If
-  there are no reproduction steps or no obvious way to reproduce the issue, the
-  team will ask you for those steps and mark the issue as `Question`. Bugs with
-  the `Question` tag will not be addressed until they are answered.
-- If the team is able to reproduce the issue, it will be marked a scoping level
-  tag, as well as possibly other tags (such as `Security`), and the issue will
-  be left to be [implemented by someone](#your-first-code-contribution).
-
-<!-- You might want to create an issue template for bugs and errors that can be used as a guide and that defines the structure of the information to be included. If you do so, reference it here in the description. -->
-
-### Suggesting Enhancements
-
-This section guides you through submitting an enhancement suggestion for Embassy
-OS, **including completely new features and minor improvements to existing
-functionality**. Following these guidelines will help maintainers and the
-community to understand your suggestion and find related suggestions.
-
-<!-- omit in toc -->
-
-#### Before Submitting an Enhancement
-
-- Make sure that you are using the latest version.
-- Read the [documentation](https://start9.com/latest/user-manual) carefully and
-  find out if the functionality is already covered, maybe by an individual
-  configuration.
-- Perform a [search](https://github.com/Start9Labs/embassy-os/issues) to see if
-  the enhancement has already been suggested. If it has, add a comment to the
-  existing issue instead of opening a new one.
-- Find out whether your idea fits with the scope and aims of the project. It's
-  up to you to make a strong case to convince the project's developers of the
-  merits of this feature. Keep in mind that we want features that will be useful
-  to the majority of our users and not just a small subset. If you're just
-  targeting a minority of users, consider writing an add-on/plugin library.
-
-<!-- omit in toc -->
-
-#### How Do I Submit a Good Enhancement Suggestion?
-
-Enhancement suggestions are tracked as
-[GitHub issues](https://github.com/Start9Labs/embassy-os/issues).
-
-- Use a **clear and descriptive title** for the issue to identify the
-  suggestion.
-- Provide a **step-by-step description of the suggested enhancement** in as many
-  details as possible.
-- **Describe the current behavior** and **explain which behavior you expected to
-  see instead** and why. At this point you can also tell which alternatives do
-  not work for you.
-- You may want to **include screenshots and animated GIFs** which help you
-  demonstrate the steps or point out the part which the suggestion is related
-  to. You can use [this tool](https://www.cockos.com/licecap/) to record GIFs on
-  macOS and Windows, and [this tool](https://github.com/colinkeenan/silentcast)
-  or [this tool](https://github.com/GNOME/byzanz) on Linux.
-  <!-- this should only be included if the project has a GUI -->
-- **Explain why this enhancement would be useful** to most Embassy OS users. You
-  may also want to point out the other projects that solved it better and which
-  could serve as inspiration.
-
-<!-- You might want to create an issue template for enhancement suggestions that can be used as a guide and that defines the structure of the information to be included. If you do so, reference it here in the description. -->
-
-### Project Structure
-
-embassyOS is composed of the following components. Please visit the README for
-each component to understand the dependency requirements and installation
-instructions.
-
-- [`backend`](backend/README.md) (Rust) is a command line utility, daemon, and
-  software development kit that sets up and manages services and their
-  environments, provides the interface for the ui, manages system state, and
-  provides utilities for packaging services for embassyOS.
-- [`build`](build/README.md) contains scripts and necessary for deploying
-  embassyOS to a debian/raspbian system.
-- [`frontend`](frontend/README.md) (Typescript Ionic Angular) is the code that
-  is deployed to the browser to provide the user interface for embassyOS.
-  - `projects/ui` - Code for the user interface that is displayed when embassyOS
-    is running normally.
-  - `projects/setup-wizard`(frontend/README.md) - Code for the user interface
-    that is displayed during the setup and recovery process for embassyOS.
-  - `projects/diagnostic-ui` - Code for the user interface that is displayed
-    when something has gone wrong with starting up embassyOS, which provides
-    helpful debugging tools.
-- `libs` (Rust) is a set of standalone crates that were separated out of
-  `backend` for the purpose of portability
-- `patch-db` - A diff based data store that is used to synchronize data between
-  the front and backend.
-  - Notably, `patch-db` has a
-    [client](https://github.com/Start9Labs/patch-db/tree/master/client) with its
-    own dependency and installation requirements.
-- `system-images` - (Docker, Rust) A suite of utility Docker images that are
-  preloaded with embassyOS to assist with functions relating to services (eg.
-  configuration, backups, health checks).
-
-### Your First Code Contribution
-
-#### Setting Up Your Development Environment
-
-First, clone the embassyOS repository and from the project root, pull in the
-submodules for dependent libraries.
+## Environment Setup
 
+#### Clone the StartOS repository
+```sh
+git clone https://github.com/Start9Labs/start-os.git
+cd start-os
+```
+
+#### Load the PatchDB submodule
 ```sh
-git clone https://github.com/Start9Labs/embassy-os.git
 git submodule update --init --recursive
 ```
 
-Depending on which component of the ecosystem you are interested in contributing
-to, follow the installation requirements listed in that component's README
-(linked [above](#project-structure))
+#### Continue to your project of interest for additional instructions:
+- [`core`](core/README.md)
+- [`web-interfaces`](web-interfaces/README.md)
+- [`build`](build/README.md)
+- [`patch-db`](https://github.com/Start9Labs/patch-db)
 
-#### Building The Raspberry Pi Image
+## Building
+This project uses [GNU Make](https://www.gnu.org/software/make/) to build its components. To build any specific component, simply run `make <TARGET>` replacing `<TARGET>` with the name of the target you'd like to build
 
-This step is for setting up an environment in which to test your code changes if
-you do not yet have a embassyOS.
+### Requirements
+- [GNU Make](https://www.gnu.org/software/make/)
+- [Docker](https://docs.docker.com/get-docker/)
+- [NodeJS v18.15.0](https://docs.npmjs.com/downloading-and-installing-node-js-and-npm)
+- [sed](https://www.gnu.org/software/sed/)
+- [grep](https://www.gnu.org/software/grep/)
+- [awk](https://www.gnu.org/software/gawk/)
+- [jq](https://jqlang.github.io/jq/)
+- [gzip](https://www.gnu.org/software/gzip/)
+- [brotli](https://github.com/google/brotli)
 
-- Requirements
-  - `ext4fs` (available if running on the Linux kernel)
-  - [Docker](https://docs.docker.com/get-docker/)
-  - GNU Make
-- Building
-  - see setup instructions [here](build/README.md)
-  - run `make embassyos-raspi.img ARCH=aarch64` from the project root
+### Environment variables
+- `PLATFORM`: which platform you would like to build for. Must be one of `x86_64`, `x86_64-nonfree`, `aarch64`, `aarch64-nonfree`, `raspberrypi`
+    - NOTE: `nonfree` images are for including `nonfree` firmware packages in the built ISO
+- `ENVIRONMENT`: a hyphen separated set of feature flags to enable
+    - `dev`: enables password ssh (INSECURE!) and does not compress frontends
+    - `unstable`: enables assertions that will cause errors on unexpected inconsistencies that are undesirable in production use either for performance or reliability reasons
+    - `docker`: use `docker` instead of `podman`
+- `GIT_BRANCH_AS_HASH`: set to `1` to use the current git branch name as the git hash so that the project does not need to be rebuilt on each commit
 
-### Improving The Documentation
-
-You can find the repository for Start9's documentation
-[here](https://github.com/Start9Labs/documentation). If there is something you
-would like to see added, let us know, or create an issue yourself. Welcome are
-contributions for lacking or incorrect information, broken links, requested
-additions, or general style improvements.
-
-Contributions in the form of setup guides for integrations with external
-applications are highly encouraged. If you struggled through a process and would
-like to share your steps with others, check out the docs for each
-[service](https://github.com/Start9Labs/documentation/blob/master/source/user-manuals/available-services/index.rst)
-we support. The wrapper repos contain sections for adding integration guides,
-such as this
-[one](https://github.com/Start9Labs/bitcoind-wrapper/tree/master/docs). These
-not only help out others in the community, but inform how we can create a more
-seamless and intuitive experience.
-
-## Styleguides
-
-### Formatting
-
-Each component of embassyOS contains its own style guide. Code must be formatted
-with the formatter designated for each component. These are outlined within each
-component folder's README.
-
-### Atomic Commits
-
-Commits
-[should be atomic](https://en.wikipedia.org/wiki/Atomic_commit#Atomic_commit_convention)
-and diffs should be easy to read. Do not mix any formatting fixes or code moves
-with actual code changes.
-
-### Commit Messages
-
-If a commit touches only 1 component, prefix the message with the affected
-component. i.e. `backend: update to tokio v0.3`.
-
-### Pull Requests
-
-The body of a pull request should contain sufficient description of what the
-changes do, as well as a justification. You should include references to any
-relevant [issues](https://github.com/Start9Labs/embassy-os/issues).
-
-### Rebasing Changes
-
-When a pull request conflicts with the target branch, you may be asked to rebase
-it on top of the current target branch. The `git rebase` command will take care
-of rebuilding your commits on top of the new base.
-
-This project aims to have a clean git history, where code changes are only made
-in non-merge commits. This simplifies auditability because merge commits can be
-assumed to not contain arbitrary code changes.
-
-## Join The Discussion
-
-Current or aspiring contributors? Join our community developer
-[Matrix channel](https://matrix.to/#/#community-dev:matrix.start9labs.com).
-
-Just interested in or using the project? Join our community
-[Telegram](https://t.me/start9_labs) or
-[Matrix](https://matrix.to/#/#community:matrix.start9labs.com).
-
-## Join The Project Team
-
-Interested in becoming a part of the Start9 Labs team? Send an email to
-<jobs@start9labs.com>
-
-<!-- omit in toc -->
-
-## Attribution
-
-This guide is based on the **contributing-gen**.
-[Make your own](https://github.com/bttger/contributing-gen)!
+### Useful Make Targets
+- `iso`: Create a full `.iso` image
+    - Only possible from Debian
+    - Not available for `PLATFORM=raspberrypi`
+    - Additional Requirements:
+        - [debspawn](https://github.com/lkhq/debspawn)
+- `img`: Create a full `.img` image
+    - Only possible from Debian
+    - Only available for `PLATFORM=raspberrypi`
+    - Additional Requirements:
+        - [debspawn](https://github.com/lkhq/debspawn)
+- `format`: Run automatic code formatting for the project
+    - Additional Requirements:
+        - [rust](https://rustup.rs/)
+- `test`: Run automated tests for the project
+    - Additional Requirements:
+        - [rust](https://rustup.rs/)
+- `update`: Deploy the current working project to a device over ssh as if through an over-the-air update
+    - Requires an argument `REMOTE` which is the ssh address of the device, i.e. `start9@192.168.122.2`
+- `reflash`: Deploy the current working project to a device over ssh as if using a live `iso` image to reflash it
+    - Requires an argument `REMOTE` which is the ssh address of the device, i.e. `start9@192.168.122.2`
+- `update-overlay`: Deploy the current working project to a device over ssh to the in-memory overlay without restarting it
+    - WARNING: changes will be reverted after the device is rebooted
+    - WARNING: changes to `init` will not take effect as the device is already initialized
+    - Requires an argument `REMOTE` which is the ssh address of the device, i.e. `start9@192.168.122.2`
+- `wormhole`: Deploy the `startbox` to a device using [magic-wormhole](https://github.com/magic-wormhole/magic-wormhole)
+    - When the build it complete will emit a command to paste into the shell of the device to upgrade it
+    - Additional Requirements:
+        - [magic-wormhole](https://github.com/magic-wormhole/magic-wormhole)
+- `clean`: Delete all compiled artifacts

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2023 Start9 Labs, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

LICENSE.md

@@ -1,42 +0,0 @@
-# START9 NON-COMMERCIAL LICENSE v1
-Version 1, 22 September 2022
-
-TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-### 1.Definitions
-
-"License" means version 1 of the Start9 Non-Commercial License.
-
-"Licensor" means the Start9 Labs, Inc, or its successor(s) in interest, or a future assignee of the copyright.
-
-"You" (or "Your") means an individual or organization exercising permissions granted by this License.
-
-"Source Code" for a work means the preferred form of the work for making modifications to it.
-
-"Object Code" means any non-source form of a work, including the machine-language output by a compiler or assembler.
-
-"Work" means any work of authorship, whether in Source or Object form, made available under this License.
-
-"Derivative Work" means any work, whether in Source or Object form, that is based on (or derived from) the Work.
-
-"Distribute" means to convey or to publish and generally has the same meaning here as under U.S. Copyright law.
-
-"Sell" means practicing any or all of the rights granted to you under the License to provide to third parties, for a fee or other consideration (including, without limitation, fees for hosting, consulting, or support services), a product or service whose value derives, entirely or substantially, from the functionality of the Work or Derivative Work.
-
-### 2. Grant of Rights
-
-Subject to the terms of this license, the Licensor grants you, the licensee, a non-exclusive, worldwide, royalty-free copyright license to access, audit, copy, modify, compile, run, test, distribute, or otherwise use the Software.
-
-### 3. Limitations
-
-1. The grant of rights under the License does NOT include, and the License does NOT grant You the right to Sell the Work or Derivative Work.
-2. If you Distribute the Work or Derivative Work, you expressly undertake not to remove or modify, in any manner, the copyright notices attached to the Work or displayed in any output of the Work when run, and to reproduce these notices, in an identical manner, in any distributed copies of the Work or Derivative Work together with a copy of this License.
-3. If you Distribute a Derivative Work, it must carry prominent notices stating that it has been modified from the Work, providing a relevant date.
-
-### 4. Contributions
-
-You hereby grant to Licensor a perpetual, irrevocable, worldwide, non-exclusive, royalty-free license to use and exploit any Derivative Work of which you are the author.
-
-### 5. Disclaimer
-
-THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. LICENSOR HAS NO OBLIGATION TO SUPPORT RECIPIENTS OF THE SOFTWARE.

Makefile

@@ -1,213 +1,238 @@
-RASPI_TARGETS := eos_raspberrypi-uninit.img eos_raspberrypi-uninit.tar.gz
-OS_ARCH := $(shell if echo $(RASPI_TARGETS) | grep -qw "$(MAKECMDGOALS)"; then echo raspberrypi; else uname -m; fi)
-ARCH := $(shell if [ "$(OS_ARCH)" = "raspberrypi" ]; then echo aarch64; else echo $(OS_ARCH); fi)
-ENVIRONMENT_FILE = $(shell ./check-environment.sh)
-GIT_HASH_FILE = $(shell ./check-git-hash.sh)
-VERSION_FILE = $(shell ./check-version.sh)
-EMBASSY_BINS := backend/target/$(ARCH)-unknown-linux-gnu/release/embassyd backend/target/$(ARCH)-unknown-linux-gnu/release/embassy-init backend/target/$(ARCH)-unknown-linux-gnu/release/embassy-cli backend/target/$(ARCH)-unknown-linux-gnu/release/embassy-sdk backend/target/$(ARCH)-unknown-linux-gnu/release/avahi-alias libs/target/aarch64-unknown-linux-musl/release/embassy_container_init libs/target/x86_64-unknown-linux-musl/release/embassy_container_init
-EMBASSY_UIS := frontend/dist/ui frontend/dist/setup-wizard frontend/dist/diagnostic-ui frontend/dist/install-wizard
-BUILD_SRC := $(shell find build)
-EMBASSY_SRC := backend/embassyd.service backend/embassy-init.service $(EMBASSY_UIS) $(BUILD_SRC)
-COMPAT_SRC := $(shell find system-images/compat/ -not -path 'system-images/compat/target/*' -and -not -name *.tar -and -not -name target)
-UTILS_SRC := $(shell find system-images/utils/ -not -name *.tar)
-BINFMT_SRC := $(shell find system-images/binfmt/ -not -name *.tar)
-BACKEND_SRC := $(shell find backend/src) $(shell find backend/migrations) $(shell find patch-db/*/src) $(shell find libs/*/src) libs/*/Cargo.toml backend/Cargo.toml backend/Cargo.lock
-FRONTEND_SHARED_SRC := $(shell find frontend/projects/shared) $(shell ls -p frontend/ | grep -v / | sed 's/^/frontend\//g') frontend/package.json frontend/node_modules frontend/config.json patch-db/client/dist frontend/patchdb-ui-seed.json
-FRONTEND_UI_SRC := $(shell find frontend/projects/ui)
-FRONTEND_SETUP_WIZARD_SRC := $(shell find frontend/projects/setup-wizard)
-FRONTEND_DIAGNOSTIC_UI_SRC := $(shell find frontend/projects/diagnostic-ui)
-FRONTEND_INSTALL_WIZARD_SRC := $(shell find frontend/projects/install-wizard)
-PATCH_DB_CLIENT_SRC := $(shell find patch-db/client -not -path patch-db/client/dist)
+PLATFORM_FILE := $(shell ./check-platform.sh)
+ENVIRONMENT_FILE := $(shell ./check-environment.sh)
+GIT_HASH_FILE := $(shell ./check-git-hash.sh)
+VERSION_FILE := $(shell ./check-version.sh)
+BASENAME := $(shell ./basename.sh)
+PLATFORM := $(shell if [ -f ./PLATFORM.txt ]; then cat ./PLATFORM.txt; else echo unknown; fi)
+ARCH := $(shell if [ "$(PLATFORM)" = "raspberrypi" ]; then echo aarch64; else echo $(PLATFORM) | sed 's/-nonfree$$//g'; fi)
+IMAGE_TYPE=$(shell if [ "$(PLATFORM)" = raspberrypi ]; then echo img; else echo iso; fi)
+BINS := core/target/$(ARCH)-unknown-linux-gnu/release/startbox core/target/aarch64-unknown-linux-musl/release/container-init core/target/x86_64-unknown-linux-musl/release/container-init
+WEB_UIS := web/dist/raw/ui web/dist/raw/setup-wizard web/dist/raw/diagnostic-ui web/dist/raw/install-wizard
+FIRMWARE_ROMS := ./firmware/$(PLATFORM) $(shell jq --raw-output '.[] | select(.platform[] | contains("$(PLATFORM)")) | "./firmware/$(PLATFORM)/" + .id + ".rom.gz"' build/lib/firmware.json)
+BUILD_SRC := $(shell git ls-files build) build/lib/depends build/lib/conflicts $(FIRMWARE_ROMS)
+DEBIAN_SRC := $(shell git ls-files debian/)
+IMAGE_RECIPE_SRC := $(shell git ls-files image-recipe/)
+STARTD_SRC := core/startos/startd.service $(BUILD_SRC)
+COMPAT_SRC := $(shell git ls-files system-images/compat/)
+UTILS_SRC := $(shell git ls-files system-images/utils/)
+BINFMT_SRC := $(shell git ls-files system-images/binfmt/)
+CORE_SRC := $(shell git ls-files core) $(shell git ls-files --recurse-submodules patch-db) web/dist/static web/patchdb-ui-seed.json $(GIT_HASH_FILE)
+WEB_SHARED_SRC := $(shell git ls-files web/projects/shared) $(shell ls -p web/ | grep -v / | sed 's/^/web\//g') web/node_modules web/config.json patch-db/client/dist web/patchdb-ui-seed.json
+WEB_UI_SRC := $(shell git ls-files web/projects/ui)
+WEB_SETUP_WIZARD_SRC := $(shell git ls-files web/projects/setup-wizard)
+WEB_DIAGNOSTIC_UI_SRC := $(shell git ls-files web/projects/diagnostic-ui)
+WEB_INSTALL_WIZARD_SRC := $(shell git ls-files web/projects/install-wizard)
+PATCH_DB_CLIENT_SRC := $(shell git ls-files --recurse-submodules patch-db/client)
 GZIP_BIN := $(shell which pigz || which gzip)
-ALL_TARGETS := $(EMBASSY_BINS) system-images/compat/docker-images/$(ARCH).tar system-images/utils/docker-images/$(ARCH).tar system-images/binfmt/docker-images/$(ARCH).tar $(EMBASSY_SRC) $(ENVIRONMENT_FILE) $(GIT_HASH_FILE) $(VERSION_FILE)
+TAR_BIN := $(shell which gtar || which tar)
+COMPILED_TARGETS := $(BINS) system-images/compat/docker-images/$(ARCH).tar system-images/utils/docker-images/$(ARCH).tar system-images/binfmt/docker-images/$(ARCH).tar
+ALL_TARGETS := $(STARTD_SRC) $(ENVIRONMENT_FILE) $(GIT_HASH_FILE) $(VERSION_FILE) $(COMPILED_TARGETS) $(shell if [ "$(PLATFORM)" = "raspberrypi" ]; then echo cargo-deps/aarch64-unknown-linux-gnu/release/pi-beep; fi)  $(shell /bin/bash -c 'if [[ "${ENVIRONMENT}" =~ (^|-)unstable($$|-) ]]; then echo cargo-deps/$(ARCH)-unknown-linux-gnu/release/tokio-console; fi') $(PLATFORM_FILE)
 
 ifeq ($(REMOTE),)
 	mkdir = mkdir -p $1
 	rm = rm -rf $1
 	cp = cp -r $1 $2
+	ln = ln -sf $1 $2
 else
-	mkdir = ssh $(REMOTE) 'mkdir -p $1'
-	rm  = ssh $(REMOTE) 'sudo rm -rf $1'
+	ifeq ($(SSHPASS),)
+		ssh = ssh $(REMOTE) $1
+	else 
+		ssh = sshpass -p $(SSHPASS) ssh $(REMOTE) $1
+	endif
+	mkdir = $(call ssh,'sudo mkdir -p $1')
+	rm  = $(call ssh,'sudo rm -rf $1')
+	ln = $(call ssh,'sudo ln -sf $1 $2')
 define cp
-	tar --transform "s|^$1|x|" -czv -f- $1 | ssh $(REMOTE) "sudo tar --transform 's|^x|$2|' -xzv -f- -C /"
+	$(TAR_BIN) --transform "s|^$1|x|" -czv -f- $1 | $(call ssh,"sudo tar --transform 's|^x|$2|' -xzv -f- -C /")
 endef
 endif
 
 .DELETE_ON_ERROR:
 
-.PHONY: all gzip install clean format sdk snapshots frontends ui backend reflash eos_raspberrypi.img sudo
+.PHONY: all metadata install clean format sdk snapshots uis ui reflash deb $(IMAGE_TYPE) squashfs sudo wormhole test
 
 all: $(ALL_TARGETS)
 
+metadata: $(VERSION_FILE) $(PLATFORM_FILE) $(ENVIRONMENT_FILE) $(GIT_HASH_FILE)
+
 sudo:
 	sudo true
 
 clean:
-	rm -f 2022-01-28-raspios-bullseye-arm64-lite.zip
-	rm -f raspios.img
-	rm -f eos_raspberrypi-uninit.img
-	rm -f eos_raspberrypi-uninit.tar.gz
-	rm -f ubuntu.img
-	rm -f product_key.txt
 	rm -f system-images/**/*.tar
 	rm -rf system-images/compat/target
-	rm -rf backend/target
-	rm -rf frontend/.angular
-	rm -f frontend/config.json
-	rm -rf frontend/node_modules
-	rm -rf frontend/dist
-	rm -rf libs/target
+	rm -rf core/target
+	rm -rf web/.angular
+	rm -f web/config.json
+	rm -rf web/node_modules
+	rm -rf web/dist
 	rm -rf patch-db/client/node_modules
 	rm -rf patch-db/client/dist
 	rm -rf patch-db/target
 	rm -rf cargo-deps
-	rm ENVIRONMENT.txt
-	rm GIT_HASH.txt
-	rm VERSION.txt
+	rm -rf dpkg-workdir
+	rm -rf image-recipe/deb
+	rm -rf results
+	rm -rf build/lib/firmware
+	rm -f ENVIRONMENT.txt
+	rm -f PLATFORM.txt
+	rm -f GIT_HASH.txt
+	rm -f VERSION.txt
 
 format:
-	cd backend && cargo +nightly fmt
-	cd libs && cargo +nightly fmt
+	cd core && cargo +nightly fmt
+
+test: $(CORE_SRC) $(ENVIRONMENT_FILE)
+	cd core && cargo build && cargo test
 
 sdk:
-	cd backend/ && ./install-sdk.sh
+	cd core && ./install-sdk.sh
 
-eos_raspberrypi-uninit.img: $(ALL_TARGETS) raspios.img cargo-deps/aarch64-unknown-linux-gnu/release/nc-broadcast cargo-deps/aarch64-unknown-linux-gnu/release/pi-beep | sudo
-	! test -f eos_raspberrypi-uninit.img || rm eos_raspberrypi-uninit.img
-	./build/raspberry-pi/make-image.sh
+deb: results/$(BASENAME).deb
 
-lite-upgrade.img: raspios.img cargo-deps/aarch64-unknown-linux-gnu/release/nc-broadcast cargo-deps/aarch64-unknown-linux-gnu/release/pi-beep $(BUILD_SRC) eos.raspberrypi.squashfs
-	! test -f lite-upgrade.img || rm lite-upgrade.img
-	./build/raspberry-pi/make-upgrade-image.sh
+debian/control: build/lib/depends build/lib/conflicts
+	./debuild/control.sh
 
-eos_raspberrypi.img: raspios.img $(BUILD_SRC) eos.raspberrypi.squashfs $(VERSION_FILE) $(ENVIRONMENT_FILE) $(GIT_HASH_FILE) | sudo
-	! test -f eos_raspberrypi.img || rm eos_raspberrypi.img
-	./build/raspberry-pi/make-initialized-image.sh
+results/$(BASENAME).deb: dpkg-build.sh $(DEBIAN_SRC) $(VERSION_FILE) $(PLATFORM_FILE) $(ENVIRONMENT_FILE) $(GIT_HASH_FILE)
+	PLATFORM=$(PLATFORM) ./dpkg-build.sh
+
+$(IMAGE_TYPE): results/$(BASENAME).$(IMAGE_TYPE)
+
+squashfs: results/$(BASENAME).squashfs
+
+results/$(BASENAME).$(IMAGE_TYPE) results/$(BASENAME).squashfs: $(IMAGE_RECIPE_SRC) results/$(BASENAME).deb
+	./image-recipe/run-local-build.sh "results/$(BASENAME).deb"
 
 # For creating os images. DO NOT USE
 install: $(ALL_TARGETS)
 	$(call mkdir,$(DESTDIR)/usr/bin)
-	$(call cp,backend/target/$(ARCH)-unknown-linux-gnu/release/embassy-init,$(DESTDIR)/usr/bin/embassy-init)
-	$(call cp,backend/target/$(ARCH)-unknown-linux-gnu/release/embassyd,$(DESTDIR)/usr/bin/embassyd)
-	$(call cp,backend/target/$(ARCH)-unknown-linux-gnu/release/embassy-cli,$(DESTDIR)/usr/bin/embassy-cli)
-	$(call cp,backend/target/$(ARCH)-unknown-linux-gnu/release/avahi-alias,$(DESTDIR)/usr/bin/avahi-alias)
+	$(call cp,core/target/$(ARCH)-unknown-linux-gnu/release/startbox,$(DESTDIR)/usr/bin/startbox)
+	$(call ln,/usr/bin/startbox,$(DESTDIR)/usr/bin/startd)
+	$(call ln,/usr/bin/startbox,$(DESTDIR)/usr/bin/start-cli)
+	$(call ln,/usr/bin/startbox,$(DESTDIR)/usr/bin/start-sdk)
+	$(call ln,/usr/bin/startbox,$(DESTDIR)/usr/bin/start-deno)
+	$(call ln,/usr/bin/startbox,$(DESTDIR)/usr/bin/avahi-alias)
+	$(call ln,/usr/bin/startbox,$(DESTDIR)/usr/bin/embassy-cli)
+	if [ "$(PLATFORM)" = "raspberrypi" ]; then $(call cp,cargo-deps/aarch64-unknown-linux-gnu/release/pi-beep,$(DESTDIR)/usr/bin/pi-beep); fi
+	if /bin/bash -c '[[ "${ENVIRONMENT}" =~ (^|-)unstable($$|-) ]]'; then $(call cp,cargo-deps/$(ARCH)-unknown-linux-gnu/release/tokio-console,$(DESTDIR)/usr/bin/tokio-console); fi
 	
+	$(call mkdir,$(DESTDIR)/lib/systemd/system)
+	$(call cp,core/startos/startd.service,$(DESTDIR)/lib/systemd/system/startd.service)
+
 	$(call mkdir,$(DESTDIR)/usr/lib)
-	$(call rm,$(DESTDIR)/usr/lib/embassy)
-	$(call cp,build/lib,$(DESTDIR)/usr/lib/embassy)
+	$(call rm,$(DESTDIR)/usr/lib/startos)
+	$(call cp,build/lib,$(DESTDIR)/usr/lib/startos)
 
-	$(call cp,ENVIRONMENT.txt,$(DESTDIR)/usr/lib/embassy/ENVIRONMENT.txt)
-	$(call cp,GIT_HASH.txt,$(DESTDIR)/usr/lib/embassy/GIT_HASH.txt)
-	$(call cp,VERSION.txt,$(DESTDIR)/usr/lib/embassy/VERSION.txt)
+	$(call cp,PLATFORM.txt,$(DESTDIR)/usr/lib/startos/PLATFORM.txt)
+	$(call cp,ENVIRONMENT.txt,$(DESTDIR)/usr/lib/startos/ENVIRONMENT.txt)
+	$(call cp,GIT_HASH.txt,$(DESTDIR)/usr/lib/startos/GIT_HASH.txt)
+	$(call cp,VERSION.txt,$(DESTDIR)/usr/lib/startos/VERSION.txt)
 
-	$(call mkdir,$(DESTDIR)/usr/lib/embassy/container)
-	$(call cp,libs/target/aarch64-unknown-linux-musl/release/embassy_container_init,$(DESTDIR)/usr/lib/embassy/container/embassy_container_init.arm64)
-	$(call cp,libs/target/x86_64-unknown-linux-musl/release/embassy_container_init,$(DESTDIR)/usr/lib/embassy/container/embassy_container_init.amd64)
+	$(call mkdir,$(DESTDIR)/usr/lib/startos/container)
+	$(call cp,core/target/aarch64-unknown-linux-musl/release/container-init,$(DESTDIR)/usr/lib/startos/container/container-init.arm64)
+	$(call cp,core/target/x86_64-unknown-linux-musl/release/container-init,$(DESTDIR)/usr/lib/startos/container/container-init.amd64)
 
-	$(call mkdir,$(DESTDIR)/usr/lib/embassy/system-images)
-	$(call cp,system-images/compat/docker-images/$(ARCH).tar,$(DESTDIR)/usr/lib/embassy/system-images/compat.tar)
-	$(call cp,system-images/utils/docker-images/$(ARCH).tar,$(DESTDIR)/usr/lib/embassy/system-images/utils.tar)
-	$(call cp,system-images/binfmt/docker-images/$(ARCH).tar,$(DESTDIR)/usr/lib/embassy/system-images/binfmt.tar)
+	$(call mkdir,$(DESTDIR)/usr/lib/startos/system-images)
+	$(call cp,system-images/compat/docker-images/$(ARCH).tar,$(DESTDIR)/usr/lib/startos/system-images/compat.tar)
+	$(call cp,system-images/utils/docker-images/$(ARCH).tar,$(DESTDIR)/usr/lib/startos/system-images/utils.tar)
+	$(call cp,system-images/binfmt/docker-images/$(ARCH).tar,$(DESTDIR)/usr/lib/startos/system-images/binfmt.tar)
+	
+	$(call cp,firmware/$(PLATFORM),$(DESTDIR)/usr/lib/startos/firmware)
 
-	$(call mkdir,$(DESTDIR)/var/www/html)
-	$(call cp,frontend/dist/diagnostic-ui,$(DESTDIR)/var/www/html/diagnostic)
-	$(call cp,frontend/dist/setup-wizard,$(DESTDIR)/var/www/html/setup)
-	$(call cp,frontend/dist/install-wizard,$(DESTDIR)/var/www/html/install)
-	$(call cp,frontend/dist/ui,$(DESTDIR)/var/www/html/main)
-	$(call cp,index.html,$(DESTDIR)/var/www/html/index.html)
-
-update-overlay:
+update-overlay: $(ALL_TARGETS)
 	@echo "\033[33m!!! THIS WILL ONLY REFLASH YOUR DEVICE IN MEMORY !!!\033[0m"
 	@echo "\033[33mALL CHANGES WILL BE REVERTED IF YOU RESTART THE DEVICE\033[0m"
 	@if [ -z "$(REMOTE)" ]; then >&2 echo "Must specify REMOTE" && false; fi
-	@if [ "`ssh $(REMOTE) 'cat /usr/lib/embassy/VERSION.txt'`" != "`cat ./VERSION.txt`" ]; then >&2 echo "Embassy requires migrations: update-overlay is unavailable." && false; fi
-	@if ssh $(REMOTE) "pidof embassy-init"; then >&2 echo "Embassy in INIT: update-overlay is unavailable." && false; fi
-	ssh $(REMOTE) "sudo systemctl stop embassyd"
-	$(MAKE) install REMOTE=$(REMOTE) OS_ARCH=$(OS_ARCH)
-	ssh $(REMOTE) "sudo systemctl start embassyd"
+	@if [ "`ssh $(REMOTE) 'cat /usr/lib/startos/VERSION.txt'`" != "`cat ./VERSION.txt`" ]; then >&2 echo "StartOS requires migrations: update-overlay is unavailable." && false; fi
+	$(call ssh,"sudo systemctl stop startd")
+	$(MAKE) install REMOTE=$(REMOTE) SSHPASS=$(SSHPASS) PLATFORM=$(PLATFORM)
+	$(call ssh,"sudo systemctl start startd")
 
-update:
+wormhole: core/target/$(ARCH)-unknown-linux-gnu/release/startbox
+	@wormhole send core/target/$(ARCH)-unknown-linux-gnu/release/startbox 2>&1 | awk -Winteractive '/wormhole receive/ { printf "sudo /usr/lib/startos/scripts/chroot-and-upgrade \"cd /usr/bin && rm startbox && wormhole receive --accept-file %s && chmod +x startbox\"\n", $$3 }'
+
+update: $(ALL_TARGETS)
 	@if [ -z "$(REMOTE)" ]; then >&2 echo "Must specify REMOTE" && false; fi
-	ssh $(REMOTE) "sudo rsync -a --delete --force --info=progress2 /media/embassy/embassyfs/current/ /media/embassy/next/"
-	$(MAKE) install REMOTE=$(REMOTE) DESTDIR=/media/embassy/next OS_ARCH=$(OS_ARCH)
-	ssh $(REMOTE) "sudo touch /media/embassy/config/upgrade && sudo sync && sudo reboot"
+	$(call ssh,"sudo rsync -a --delete --force --info=progress2 /media/embassy/embassyfs/current/ /media/embassy/next/")
+	$(MAKE) install REMOTE=$(REMOTE) SSHPASS=$(SSHPASS) DESTDIR=/media/embassy/next PLATFORM=$(PLATFORM)
+	$(call ssh,'sudo NO_SYNC=1 /media/embassy/next/usr/lib/startos/scripts/chroot-and-upgrade "apt-get install -y $(shell cat ./build/lib/depends)"')
 
-emulate-reflash:
+emulate-reflash: $(ALL_TARGETS)
 	@if [ -z "$(REMOTE)" ]; then >&2 echo "Must specify REMOTE" && false; fi
-	ssh $(REMOTE) "sudo rsync -a --delete --force --info=progress2 /media/embassy/embassyfs/current/ /media/embassy/next/"
-	$(MAKE) install REMOTE=$(REMOTE) DESTDIR=/media/embassy/next OS_ARCH=$(OS_ARCH)
-	ssh $(REMOTE) "sudo touch /media/embassy/config/upgrade && sudo rm -f /media/embassy/config/disk.guid && sudo sync && sudo reboot"
+	$(call ssh,"sudo rsync -a --delete --force --info=progress2 /media/embassy/embassyfs/current/ /media/embassy/next/")
+	$(MAKE) install REMOTE=$(REMOTE) SSHPASS=$(SSHPASS) DESTDIR=/media/embassy/next PLATFORM=$(PLATFORM)
+	$(call ssh,"sudo touch /media/embassy/config/upgrade && sudo rm -f /media/embassy/config/disk.guid && sudo sync && sudo reboot")
 
-system-images/compat/docker-images/aarch64.tar system-images/compat/docker-images/x86_64.tar: $(COMPAT_SRC)
-	cd system-images/compat && make
+upload-ota: results/$(BASENAME).squashfs
+	TARGET=$(TARGET) KEY=$(KEY) ./upload-ota.sh
 
-system-images/utils/docker-images/aarch64.tar system-images/utils/docker-images/x86_64.tar: $(UTILS_SRC)
-	cd system-images/utils && make
+build/lib/depends build/lib/conflicts: build/dpkg-deps/*
+	build/dpkg-deps/generate.sh
 
-system-images/binfmt/docker-images/aarch64.tar system-images/binfmt/docker-images/x86_64.tar: $(BINFMT_SRC)
-	cd system-images/binfmt && make
+$(FIRMWARE_ROMS): build/lib/firmware.json download-firmware.sh $(PLATFORM_FILE)
+	./download-firmware.sh $(PLATFORM)
 
-raspios.img:
-	wget --continue https://downloads.raspberrypi.org/raspios_lite_arm64/images/raspios_lite_arm64-2022-01-28/2022-01-28-raspios-bullseye-arm64-lite.zip
-	unzip 2022-01-28-raspios-bullseye-arm64-lite.zip
-	mv 2022-01-28-raspios-bullseye-arm64-lite.img raspios.img
+system-images/compat/docker-images/$(ARCH).tar: $(COMPAT_SRC) core/Cargo.lock
+	cd system-images/compat && make docker-images/$(ARCH).tar && touch docker-images/$(ARCH).tar
 
-snapshots: libs/snapshot_creator/Cargo.toml
-	cd libs/  && ./build-v8-snapshot.sh
-	cd libs/  && ./build-arm-v8-snapshot.sh
+system-images/utils/docker-images/$(ARCH).tar: $(UTILS_SRC)
+	cd system-images/utils && make docker-images/$(ARCH).tar && touch docker-images/$(ARCH).tar
 
-$(EMBASSY_BINS): $(BACKEND_SRC) $(ENVIRONMENT_FILE) $(GIT_HASH_FILE) frontend/patchdb-ui-seed.json
-	cd backend && ARCH=$(ARCH) ./build-prod.sh
-	touch $(EMBASSY_BINS)
+system-images/binfmt/docker-images/$(ARCH).tar: $(BINFMT_SRC)
+	cd system-images/binfmt && make docker-images/$(ARCH).tar && touch docker-images/$(ARCH).tar
 
-frontend/node_modules: frontend/package.json
-	npm --prefix frontend ci
+snapshots: core/snapshot-creator/Cargo.toml
+	cd core/ && ARCH=aarch64 ./build-v8-snapshot.sh
+	cd core/ && ARCH=x86_64 ./build-v8-snapshot.sh
 
-frontend/dist/ui: $(FRONTEND_UI_SRC) $(FRONTEND_SHARED_SRC) $(ENVIRONMENT_FILE)
-	npm --prefix frontend run build:ui
+$(BINS): $(CORE_SRC) $(ENVIRONMENT_FILE)
+	cd core && ARCH=$(ARCH) ./build-prod.sh
+	touch $(BINS)
 
-frontend/dist/setup-wizard: $(FRONTEND_SETUP_WIZARD_SRC) $(FRONTEND_SHARED_SRC) $(ENVIRONMENT_FILE)
-	npm --prefix frontend run build:setup
+web/node_modules: web/package.json
+	npm --prefix web ci
 
-frontend/dist/diagnostic-ui: $(FRONTEND_DIAGNOSTIC_UI_SRC) $(FRONTEND_SHARED_SRC) $(ENVIRONMENT_FILE)
-	npm --prefix frontend run build:dui
+web/dist/raw/ui: $(WEB_UI_SRC) $(WEB_SHARED_SRC)
+	npm --prefix web run build:ui
 
-frontend/dist/install-wizard: $(FRONTEND_INSTALL_WIZARD_SRC) $(FRONTEND_SHARED_SRC) $(ENVIRONMENT_FILE)
-	npm --prefix frontend run build:install-wiz
+web/dist/raw/setup-wizard: $(WEB_SETUP_WIZARD_SRC) $(WEB_SHARED_SRC)
+	npm --prefix web run build:setup
 
-frontend/config.json: $(GIT_HASH_FILE) frontend/config-sample.json
-	jq '.useMocks = false' frontend/config-sample.json > frontend/config.json
-	jq '.packageArch = "$(ARCH)"' frontend/config.json > frontend/config.json.tmp
-	jq '.osArch = "$(OS_ARCH)"' frontend/config.json.tmp > frontend/config.json
-	rm frontend/config.json.tmp
-	npm --prefix frontend run-script build-config
+web/dist/raw/diagnostic-ui: $(WEB_DIAGNOSTIC_UI_SRC) $(WEB_SHARED_SRC)
+	npm --prefix web run build:dui
 
-frontend/patchdb-ui-seed.json: frontend/package.json
-	jq '."ack-welcome" = "$(shell yq '.version' frontend/package.json)"' frontend/patchdb-ui-seed.json > ui-seed.tmp
-	mv ui-seed.tmp frontend/patchdb-ui-seed.json
+web/dist/raw/install-wizard: $(WEB_INSTALL_WIZARD_SRC) $(WEB_SHARED_SRC)
+	npm --prefix web run build:install-wiz
+
+web/dist/static: $(WEB_UIS) $(ENVIRONMENT_FILE)
+	./compress-uis.sh
+
+web/config.json: $(GIT_HASH_FILE) web/config-sample.json
+	jq '.useMocks = false' web/config-sample.json | jq '.gitHash = "$(shell cat GIT_HASH.txt)"' > web/config.json
+
+web/patchdb-ui-seed.json: web/package.json
+	jq '."ack-welcome" = $(shell jq '.version' web/package.json)' web/patchdb-ui-seed.json > ui-seed.tmp
+	mv ui-seed.tmp web/patchdb-ui-seed.json
 
 patch-db/client/node_modules: patch-db/client/package.json
 	npm --prefix patch-db/client ci
 
 patch-db/client/dist: $(PATCH_DB_CLIENT_SRC) patch-db/client/node_modules
 	! test -d patch-db/client/dist || rm -rf patch-db/client/dist
-	npm --prefix frontend run build:deps
+	npm --prefix web run build:deps
 
 # used by github actions
-backend-$(ARCH).tar: $(EMBASSY_BINS)
+compiled-$(ARCH).tar: $(COMPILED_TARGETS) $(ENVIRONMENT_FILE) $(GIT_HASH_FILE) $(VERSION_FILE)
 	tar -cvf $@ $^
 
-# this is a convenience step to build all frontends - it is not referenced elsewhere in this file
-frontends: $(EMBASSY_UIS) 
+# this is a convenience step to build all web uis - it is not referenced elsewhere in this file
+uis: $(WEB_UIS) 
 
 # this is a convenience step to build the UI
-ui: frontend/dist/ui
-
-# used by github actions
-backend: $(EMBASSY_BINS)
-
-cargo-deps/aarch64-unknown-linux-gnu/release/nc-broadcast:
-	./build-cargo-dep.sh nc-broadcast
+ui: web/dist/raw/ui
 
 cargo-deps/aarch64-unknown-linux-gnu/release/pi-beep:
-	./build-cargo-dep.sh pi-beep
+	ARCH=aarch64 ./build-cargo-dep.sh pi-beep
+
+cargo-deps/$(ARCH)-unknown-linux-gnu/release/tokio-console:
+	ARCH=$(ARCH) ./build-cargo-dep.sh tokio-console

README.md

@@ -1,51 +1,82 @@
-# embassyOS
-[![version](https://img.shields.io/github/v/tag/Start9Labs/embassy-os?color=success)](https://github.com/Start9Labs/embassy-os/releases)
-[![build](https://github.com/Start9Labs/embassy-os/actions/workflows/product.yaml/badge.svg)](https://github.com/Start9Labs/embassy-os/actions/workflows/product.yaml)
-[![community](https://img.shields.io/badge/community-matrix-yellow)](https://matrix.to/#/#community:matrix.start9labs.com)
-[![community](https://img.shields.io/badge/community-telegram-informational)](https://t.me/start9_labs)
-[![support](https://img.shields.io/badge/support-docs-important)](https://docs.start9.com)
-[![developer](https://img.shields.io/badge/developer-matrix-blueviolet)](https://matrix.to/#/#community-dev:matrix.start9labs.com)
-[![website](https://img.shields.io/website?down_color=lightgrey&down_message=offline&up_color=green&up_message=online&url=https%3A%2F%2Fstart9.com)](https://start9.com)
+<div align="center">
+  <img src="web/projects/shared/assets/img/icon.png" alt="StartOS Logo" width="16%" />
+  <h1 style="margin-top: 0;">StartOS</h1>
+  <a href="https://github.com/Start9Labs/start-os/releases">
+    <img alt="GitHub release (with filter)" src="https://img.shields.io/github/v/release/start9labs/start-os?logo=github">
+  </a>
+  <a href="https://github.com/Start9Labs/start-os/actions/workflows/startos-iso.yaml">
+    <img src="https://github.com/Start9Labs/start-os/actions/workflows/startos-iso.yaml/badge.svg">
+  </a>
+    <a href="https://heyapollo.com/product/startos">
+    <img alt="Static Badge" src="https://img.shields.io/badge/apollo-review%20%E2%AD%90%E2%AD%90%E2%AD%90%E2%AD%90%E2%AD%90%20-slateblue">
+  </a>
+  <a href="https://twitter.com/start9labs">
+    <img alt="X (formerly Twitter) Follow" src="https://img.shields.io/twitter/follow/start9labs">
+  </a>
+  <a href="https://matrix.to/#/#community:matrix.start9labs.com">
+    <img alt="Static Badge" src="https://img.shields.io/badge/community-matrix-yellow?logo=matrix">
+  </a>
+  <a href="https://t.me/start9_labs">
+    <img alt="Static Badge" src="https://img.shields.io/badge/community-telegram-blue?logo=telegram">
+  </a>
+  <a href="https://docs.start9.com">
+    <img alt="Static Badge" src="https://img.shields.io/badge/docs-orange?label=%F0%9F%91%A4%20support">
+  </a>
+  <a href="https://matrix.to/#/#community-dev:matrix.start9labs.com">
+    <img alt="Static Badge" src="https://img.shields.io/badge/developer-matrix-darkcyan?logo=matrix">
+  </a>
+  <a href="https://start9.com">
+    <img alt="Website" src="https://img.shields.io/website?up_message=online&down_message=offline&url=https%3A%2F%2Fstart9.com&logo=website&label=%F0%9F%8C%90%20website">
+  </a>
+</div>
+<br />
+<div align="center">
+  <h3>
+    Welcome to the era of Sovereign Computing
+  </h3>
+  <p>
+    StartOS is an open source Linux distribution optimized for running a personal server. It facilitates the discovery, installation, network configuration, service configuration, data backup, dependency management, and health monitoring of self-hosted software services.
+  </p>
+</div>
+<br />
+<p align="center">
+<img src="assets/StartOS.png" alt="StartOS" width="85%">
+</p>
+<br />
 
-[![mastodon](https://img.shields.io/mastodon/follow/000000001?domain=https%3A%2F%2Fmastodon.start9labs.com&label=Follow&style=social)](http://mastodon.start9labs.com)
-[![twitter](https://img.shields.io/twitter/follow/start9labs?label=Follow)](https://twitter.com/start9labs)
+## Running StartOS
+> [!WARNING]
+> StartOS is in beta. It lacks features. It doesn't always work perfectly. Start9 servers are not plug and play. Using them properly requires some effort and patience. Please do not use StartOS or purchase a server if you are unable or unwilling to follow instructions and learn new concepts.
 
-### _Welcome to the era of Sovereign Computing_ ###
+### 💰 Buy a Start9 server
+This is the most convenient option. Simply [buy a server](https://store.start9.com) from Start9 and plug it in.
 
-embassyOS is a browser-based, graphical operating system for a personal server. embassyOS facilitates the discovery, installation, network configuration, service configuration, data backup, dependency management, and health monitoring of self-hosted software services. It is the most advanced, secure, reliable, and user friendly personal server OS in the world.
-
-## Running embassyOS
-There are multiple ways to get your hands on embassyOS.
-
-### :moneybag: Buy an Embassy
-This is the most convenient option. Simply [buy an Embassy](https://start9.com) from Start9 and plug it in. Depending on where you live, shipping costs and import duties will vary.
-
-### :construction_worker: Build your own Embassy
-While not as convenient as buying an Embassy, this option is easier than you might imagine, and there are 4 reasons why you might prefer it:
-1. You already have your own hardware.
-1. You want to save on shipping costs.
-1. You prefer not to divulge your physical address.
-1. You just like building things.
+### 👷 Build your own server
+This option is easier than you might imagine, and there are 4 reasons why you might prefer it:
+1. You already have hardware
+1. You want to save on shipping costs
+1. You prefer not to divulge your physical address
+1. You just like building things
 
 To pursue this option, follow one of our [DIY guides](https://start9.com/latest/diy).
 
-### :hammer_and_wrench: Build embassyOS from Source
+## ❤️ Contributing
+There are multiple ways to contribute: work directly on StartOS, package a service for the marketplace, or help with documentation and guides. To learn more about contributing, see [here](https://start9.com/contribute/).
 
-embassyOS can be built from source, for personal use, for free.
-A detailed guide for doing so can be found [here](https://github.com/Start9Labs/embassy-os/blob/master/build/README.md).
+To report security issues, please email our security team - security@start9.com.
 
-## :heart: Contributing
-There are multiple ways to contribute: work directly on embassyOS, package a service for the marketplace, or help with documentation and guides. To learn more about contributing, see [here](https://docs.start9.com/latest/contribute/) or [here](https://github.com/Start9Labs/embassy-os/blob/master/CONTRIBUTING.md).
+## 🌎 Marketplace
+There are dozens of services available for StartOS, and new ones are being added all the time. Check out the full list of available services [here](https://marketplace.start9.com/marketplace). To read more about the Marketplace ecosystem, check out this [blog post](https://blog.start9.com/start9-marketplace-strategy/)
+
+## 🖥️ User Interface Screenshots
 
-## UI Screenshots
 <p align="center">
-<img src="assets/embassyOS.png" alt="embassyOS" width="85%">
-</p>
-<p align="center">
-<img src="assets/eOS-preferences.png" alt="Embassy Preferences" width="49%">
-<img src="assets/eOS-ghost.png" alt="Embassy Ghost Service" width="49%">
-</p>
-<p align="center">
-<img src="assets/eOS-synapse-health-check.png" alt="Embassy Synapse Health Checks" width="49%">
-<img src="assets/eOS-sideload.png" alt="Embassy Sideload Service" width="49%">
+<img src="assets/registry.png" alt="StartOS Marketplace" width="49%">
+<img src="assets/community.png" alt="StartOS Community Registry" width="49%">
+<img src="assets/c-lightning.png" alt="StartOS NextCloud Service" width="49%">
+<img src="assets/btcpay.png" alt="StartOS BTCPay Service" width="49%">
+<img src="assets/nextcloud.png" alt="StartOS System Settings" width="49%">
+<img src="assets/system.png" alt="StartOS System Settings" width="49%">
+<img src="assets/welcome.png" alt="StartOS System Settings" width="49%">
+<img src="assets/logs.png" alt="StartOS System Settings" width="49%">
 </p>

backend/Cargo.toml

@@ -1,174 +0,0 @@
-[package]
-authors = ["Aiden McClelland <me@drbonez.dev>"]
-description = "The core of the Start9 Embassy Operating System"
-documentation = "https://docs.rs/embassy-os"
-edition = "2021"
-keywords = [
-  "self-hosted",
-  "raspberry-pi",
-  "privacy",
-  "bitcoin",
-  "full-node",
-  "lightning",
-]
-name = "embassy-os"
-readme = "README.md"
-repository = "https://github.com/Start9Labs/embassy-os"
-version = "0.3.4"
-
-[lib]
-name = "embassy"
-path = "src/lib.rs"
-
-[[bin]]
-name = "embassyd"
-path = "src/bin/embassyd.rs"
-
-[[bin]]
-name = "embassy-init"
-path = "src/bin/embassy-init.rs"
-
-[[bin]]
-name = "embassy-sdk"
-path = "src/bin/embassy-sdk.rs"
-
-[[bin]]
-name = "embassy-cli"
-path = "src/bin/embassy-cli.rs"
-
-[[bin]]
-name = "avahi-alias"
-path = "src/bin/avahi-alias.rs"
-
-[features]
-avahi = ["avahi-sys"]
-default = ["avahi", "js_engine"]
-dev = []
-unstable = ["patch-db/unstable"]
-
-[dependencies]
-aes = { version = "0.7.5", features = ["ctr"] }
-async-compression = { version = "0.3.15", features = [
-  "gzip",
-  "brotli",
-  "tokio",
-] }
-async-stream = "0.3.3"
-async-trait = "0.1.56"
-avahi-sys = { git = "https://github.com/Start9Labs/avahi-sys", version = "0.10.0", branch = "feature/dynamic-linking", features = [
-  "dynamic",
-], optional = true }
-base32 = "0.4.0"
-base64 = "0.13.0"
-base64ct = "1.5.1"
-basic-cookies = "0.1.4"
-bollard = "0.13.0"
-bytes = "1"
-chrono = { version = "0.4.19", features = ["serde"] }
-clap = "3.2.8"
-color-eyre = "0.6.1"
-cookie = "0.16.2"
-cookie_store = "0.19.0"
-current_platform = "0.2.0"
-digest = "0.10.3"
-digest-old = { package = "digest", version = "0.9.0" }
-divrem = "1.0.0"
-ed25519 = { version = "1.5.2", features = ["pkcs8", "pem", "alloc"] }
-ed25519-dalek = { version = "1.0.1", features = ["serde"] }
-emver = { version = "0.1.7", git = "https://github.com/Start9Labs/emver-rs.git", features = [
-  "serde",
-] }
-fd-lock-rs = "0.1.4"
-futures = "0.3.21"
-git-version = "0.3.5"
-gpt = "3.0.0"
-helpers = { path = "../libs/helpers" }
-embassy_container_init = { path = "../libs/embassy_container_init" }
-hex = "0.4.3"
-hmac = "0.12.1"
-http = "0.2.8"
-hyper = { version = "0.14.20", features = ["full"] }
-hyper-ws-listener = "0.2.0"
-imbl = "2.0.0"
-indexmap = { version = "1.9.1", features = ["serde"] }
-ipnet = { version = "2.7.1", features = ["serde"] }
-iprange = { version = "0.6.7", features = ["serde"] }
-isocountry = "0.3.2"
-itertools = "0.10.3"
-josekit = "0.8.1"
-js_engine = { path = '../libs/js_engine', optional = true }
-jsonpath_lib = "0.3.0"
-lazy_static = "1.4.0"
-libc = "0.2.126"
-log = "0.4.17"
-mbrman = "0.5.0"
-models = { version = "*", path = "../libs/models" }
-nix = "0.25.0"
-nom = "7.1.1"
-num = "0.4.0"
-num_enum = "0.5.7"
-openssh-keys = "0.5.0"
-openssl = { version = "0.10.41", features = ["vendored"] }
-patch-db = { version = "*", path = "../patch-db/patch-db", features = [
-  "trace",
-] }
-p256 = { version = "0.12.0", features = ["pem"] }
-pbkdf2 = "0.11.0"
-pin-project = "1.0.11"
-pkcs8 = { version = "0.9.0", features = ["std"] }
-prettytable-rs = "0.10.0"
-proptest = "1.0.0"
-proptest-derive = "0.3.0"
-rand = { version = "0.8.5", features = ["std"] }
-rand-old = { package = "rand", version = "0.7.3" }
-regex = "1.6.0"
-reqwest = { version = "0.11.11", features = ["stream", "json", "socks"] }
-reqwest_cookie_store = "0.5.0"
-rpassword = "7.0.0"
-rpc-toolkit = "0.2.2"
-rust-argon2 = "1.0.0"
-scopeguard = "1.1" # because avahi-sys fucks your shit up
-serde = { version = "1.0.139", features = ["derive", "rc"] }
-serde_cbor = { package = "ciborium", version = "0.2.0" }
-serde_json = "1.0.82"
-serde_toml = { package = "toml", version = "0.5.9" }
-serde_with = { version = "2.0.1", features = ["macros", "json"] }
-serde_yaml = "0.9.11"
-sha2 = "0.10.2"
-sha2-old = { package = "sha2", version = "0.9.9" }
-simple-logging = "2.0.2"
-sqlx = { version = "0.6.0", features = [
-  "chrono",
-  "offline",
-  "runtime-tokio-rustls",
-  "postgres",
-] }
-ssh-key = { version = "0.5.1", features = ["ed25519"] }
-stderrlog = "0.5.3"
-tar = "0.4.38"
-thiserror = "1.0.31"
-tokio = { version = "1.23", features = ["full"] }
-tokio-stream = { version = "0.1.11", features = ["io-util", "sync", "net"] }
-tokio-tar = { git = "https://github.com/dr-bonez/tokio-tar.git" }
-tokio-tungstenite = { version = "0.17.1", features = ["native-tls"] }
-tokio-rustls = "0.23.4"
-tokio-util = { version = "0.7.3", features = ["io"] }
-torut = "0.2.1"
-tracing = "0.1.35"
-tracing-error = "0.2.0"
-tracing-futures = "0.2.5"
-tracing-subscriber = { version = "0.3.14", features = ["env-filter"] }
-trust-dns-server = "0.22.0"
-typed-builder = "0.10.0"
-url = { version = "2.2.2", features = ["serde"] }
-uuid = { version = "1.1.2", features = ["v4"] }
-zeroize = "1.5.7"
-
-[profile.test]
-opt-level = 3
-
-[profile.dev.package.backtrace]
-opt-level = 3
-
-[profile.dev.package.sqlx-macros]
-opt-level = 3

backend/README.md

@@ -1,42 +0,0 @@
-# embassyOS Backend
-
-- Requirements:
-  - [Install Rust](https://rustup.rs)
-  - Recommended: [rust-analyzer](https://rust-analyzer.github.io/)
-  - [Docker](https://docs.docker.com/get-docker/)
-  - [Rust ARM64 Build Container](https://github.com/Start9Labs/rust-arm-builder)
-- Scripts (run withing the `./backend` directory)
-  - `build-prod.sh` - compiles a release build of the artifacts for running on
-    ARM64
-- A Linux computer or VM
-
-## Structure
-
-The embassyOS backend is broken up into 4 different binaries:
-
-- embassyd: This is the main workhorse of embassyOS - any new functionality you
-  want will likely go here
-- embassy-init: This is the component responsible for allowing you to set up
-  your device, and handles system initialization on startup
-- embassy-cli: This is a CLI tool that will allow you to issue commands to
-  embassyd and control it similarly to the UI
-- embassy-sdk: This is a CLI tool that aids in building and packaging services
-  you wish to deploy to the Embassy
-
-Finally there is a library `embassy` that supports all four of these tools.
-
-See [here](/backend/Cargo.toml) for details.
-
-## Building
-
-You can build the entire operating system image using `make` from the root of
-the embassyOS project. This will subsequently invoke the build scripts above to
-actually create the requisite binaries and put them onto the final operating
-system image.
-
-## Questions
-
-If you have questions about how various pieces of the backend system work. Open
-an issue and tag the following people
-
-- dr-bonez

backend/build-dev.sh

@@ -1,24 +0,0 @@
-#!/bin/bash
-
-set -e
-shopt -s expand_aliases
-
-if [ "$0" != "./build-dev.sh" ]; then
-	>&2 echo "Must be run from backend directory"
-	exit 1
-fi
-
-USE_TTY=
-if tty -s; then
-	USE_TTY="-it"
-fi
-
-alias 'rust-arm64-builder'='docker run $USE_TTY --rm -v "$HOME/.cargo/registry":/root/.cargo/registry -v "$(pwd)":/home/rust/src start9/rust-arm-cross:aarch64'
-
-cd ..
-rust-arm64-builder sh -c "(cd backend && cargo build --locked)"
-cd backend
-
-sudo chown -R $USER target
-sudo chown -R $USER ~/.cargo
-#rust-arm64-builder aarch64-linux-gnu-strip target/aarch64-unknown-linux-gnu/release/embassyd

backend/build-portable-dev.sh

@@ -1,23 +0,0 @@
-#!/bin/bash
-
-set -e
-shopt -s expand_aliases
-
-if [ "$0" != "./build-portable-dev.sh" ]; then
-	>&2 echo "Must be run from backend directory"
-	exit 1
-fi
-
-USE_TTY=
-if tty -s; then
-	USE_TTY="-it"
-fi
-
-alias 'rust-musl-builder'='docker run $USE_TTY --rm -v "$HOME"/.cargo/registry:/root/.cargo/registry -v "$(pwd)":/home/rust/src start9/rust-musl-cross:x86_64-musl'
-
-cd ..
-rust-musl-builder sh -c "(cd backend && cargo +beta build --target=x86_64-unknown-linux-musl --no-default-features --locked)"
-cd backend
-
-sudo chown -R $USER target
-sudo chown -R $USER ~/.cargo

backend/build-portable.sh

@@ -1,23 +0,0 @@
-#!/bin/bash
-
-set -e
-shopt -s expand_aliases
-
-if [ "$0" != "./build-portable.sh" ]; then
-	>&2 echo "Must be run from backend directory"
-	exit 1
-fi
-
-USE_TTY=
-if tty -s; then
-	USE_TTY="-it"
-fi
-
-alias 'rust-musl-builder'='docker run $USE_TTY --rm -v "$HOME"/.cargo/registry:/root/.cargo/registry -v "$(pwd)":/home/rust/src start9/rust-musl-cross:x86_64-musl'
-
-cd ..
-rust-musl-builder sh -c "(cd backend && cargo +beta build --release --target=x86_64-unknown-linux-musl --no-default-features --locked)"
-cd backend
-
-sudo chown -R $USER target
-sudo chown -R $USER ~/.cargo

backend/build-prod.sh

@@ -1,71 +0,0 @@
-#!/bin/bash
-
-set -e
-shopt -s expand_aliases
-
-if [ -z "$ARCH" ]; then
-	ARCH=$(uname -m)
-fi
-
-if [ "$0" != "./build-prod.sh" ]; then
-	>&2 echo "Must be run from backend directory"
-	exit 1
-fi
-
-USE_TTY=
-if tty -s; then
-	USE_TTY="-it"
-fi
-
-alias 'rust-gnu-builder'='docker run $USE_TTY --rm -v "$HOME/.cargo/registry":/root/.cargo/registry -v "$(pwd)":/home/rust/src -P start9/rust-arm-cross:aarch64'
-alias 'rust-musl-builder'='docker run $USE_TTY --rm -v "$HOME/.cargo/registry":/root/.cargo/registry -v "$(pwd)":/home/rust/src -P messense/rust-musl-cross:$ARCH-musl'
-
-cd ..
-FLAGS=""
-if [[ "$ENVIRONMENT" =~ (^|-)unstable($|-) ]]; then
-	FLAGS="unstable,$FLAGS"
-fi
-if [[ "$ENVIRONMENT" =~ (^|-)dev($|-) ]]; then
-	FLAGS="dev,$FLAGS"
-fi
-
-set +e
-fail=
-if [[ "$FLAGS" = "" ]]; then
-	rust-gnu-builder sh -c "(git config --global --add safe.directory '*'; cd backend && cargo build --release --locked  --target=$ARCH-unknown-linux-gnu)"
-	if test $? -ne 0; then 
-		fail=true
-	fi
-	for ARCH in x86_64 aarch64
-	do
-		rust-musl-builder sh -c "(git config --global --add safe.directory '*'; cd libs && cargo build --release --locked --bin embassy_container_init )"
-		if test $? -ne 0; then 
-			fail=true
-		fi
-	done
-else
-	echo "FLAGS=$FLAGS"
-	rust-gnu-builder sh -c "(git config --global --add safe.directory '*'; cd backend && cargo build --release --features $FLAGS --locked --target=$ARCH-unknown-linux-gnu)"
-	if test $? -ne 0; then 
-		fail=true
-	fi
-	for ARCH in x86_64 aarch64
-	do
-		rust-musl-builder sh -c "(git config --global --add safe.directory '*'; cd libs && cargo build --release --features $FLAGS --locked --bin embassy_container_init)"
-		if test $? -ne 0; then 
-			fail=true
-		fi
-	done
-fi
-set -e
-cd backend
-
-sudo chown -R $USER target
-sudo chown -R $USER ~/.cargo
-sudo chown -R $USER ../libs/target
-
-if [ -n "$fail" ]; then
-	exit 1
-fi
-
-#rust-arm64-builder aarch64-linux-gnu-strip target/aarch64-unknown-linux-gnu/release/embassyd

backend/embassy-init.service

@@ -1,15 +0,0 @@
-[Unit]
-Description=Embassy Init
-After=network-online.target
-Requires=network-online.target
-Wants=avahi-daemon.service
-
-[Service]
-Type=oneshot
-Environment=RUST_LOG=embassy_init=debug,embassy=debug,js_engine=debug,patch_db=warn
-ExecStart=/usr/bin/embassy-init
-RemainAfterExit=true
-StandardOutput=append:/var/log/embassy-init.log
-
-[Install]
-WantedBy=embassyd.service

backend/embassyd.service

@@ -1,17 +0,0 @@
-[Unit]
-Description=Embassy Daemon
-After=embassy-init.service
-Requires=embassy-init.service
-
-[Service]
-Type=simple
-Environment=RUST_LOG=embassyd=debug,embassy=debug,js_engine=debug,patch_db=warn
-ExecStart=/usr/bin/embassyd
-Restart=always
-RestartSec=3
-ManagedOOMPreference=avoid
-CPUAccounting=true
-CPUWeight=1000
-
-[Install]
-WantedBy=multi-user.target

backend/install-sdk.sh

@@ -1,11 +0,0 @@
-#!/bin/bash
-
-set -e
-shopt -s expand_aliases
-
-if [ "$0" != "./install-sdk.sh" ]; then
-	>&2 echo "Must be run from backend directory"
-	exit 1
-fi
-
-cargo install --bin=embassy-sdk --bin=embassy-cli --path=. --no-default-features --features=js_engine --locked

backend/sqlx-data.json

@@ -1,744 +0,0 @@
-{
-  "db": "PostgreSQL",
-  "1ce5254f27de971fd87f5ab66d300f2b22433c86617a0dbf796bf2170186dd2e": {
-    "describe": {
-      "columns": [],
-      "nullable": [],
-      "parameters": {
-        "Left": [
-          "Text",
-          "Text",
-          "Bytea"
-        ]
-      }
-    },
-    "query": "INSERT INTO network_keys (package, interface, key) VALUES ($1, $2, $3) ON CONFLICT (package, interface) DO NOTHING"
-  },
-  "21471490cdc3adb206274cc68e1ea745ffa5da4479478c1fd2158a45324b1930": {
-    "describe": {
-      "columns": [],
-      "nullable": [],
-      "parameters": {
-        "Left": [
-          "Text"
-        ]
-      }
-    },
-    "query": "DELETE FROM ssh_keys WHERE fingerprint = $1"
-  },
-  "28ea34bbde836e0618c5fc9bb7c36e463c20c841a7d6a0eb15be0f24f4a928ec": {
-    "describe": {
-      "columns": [
-        {
-          "name": "hostname",
-          "ordinal": 0,
-          "type_info": "Text"
-        },
-        {
-          "name": "path",
-          "ordinal": 1,
-          "type_info": "Text"
-        },
-        {
-          "name": "username",
-          "ordinal": 2,
-          "type_info": "Text"
-        },
-        {
-          "name": "password",
-          "ordinal": 3,
-          "type_info": "Text"
-        }
-      ],
-      "nullable": [
-        false,
-        false,
-        false,
-        true
-      ],
-      "parameters": {
-        "Left": [
-          "Int4"
-        ]
-      }
-    },
-    "query": "SELECT hostname, path, username, password FROM cifs_shares WHERE id = $1"
-  },
-  "4099028a5c0de578255bf54a67cef6cb0f1e9a4e158260700f1639dd4b438997": {
-    "describe": {
-      "columns": [
-        {
-          "name": "fingerprint",
-          "ordinal": 0,
-          "type_info": "Text"
-        },
-        {
-          "name": "openssh_pubkey",
-          "ordinal": 1,
-          "type_info": "Text"
-        },
-        {
-          "name": "created_at",
-          "ordinal": 2,
-          "type_info": "Text"
-        }
-      ],
-      "nullable": [
-        false,
-        false,
-        false
-      ],
-      "parameters": {
-        "Left": [
-          "Text"
-        ]
-      }
-    },
-    "query": "SELECT * FROM ssh_keys WHERE fingerprint = $1"
-  },
-  "4691e3a2ce80b59009ac17124f54f925f61dc5ea371903e62cdffa5d7b67ca96": {
-    "describe": {
-      "columns": [
-        {
-          "name": "id",
-          "ordinal": 0,
-          "type_info": "Text"
-        },
-        {
-          "name": "logged_in",
-          "ordinal": 1,
-          "type_info": "Timestamp"
-        },
-        {
-          "name": "logged_out",
-          "ordinal": 2,
-          "type_info": "Timestamp"
-        },
-        {
-          "name": "last_active",
-          "ordinal": 3,
-          "type_info": "Timestamp"
-        },
-        {
-          "name": "user_agent",
-          "ordinal": 4,
-          "type_info": "Text"
-        },
-        {
-          "name": "metadata",
-          "ordinal": 5,
-          "type_info": "Text"
-        }
-      ],
-      "nullable": [
-        false,
-        false,
-        true,
-        false,
-        true,
-        false
-      ],
-      "parameters": {
-        "Left": []
-      }
-    },
-    "query": "SELECT * FROM session WHERE logged_out IS NULL OR logged_out > CURRENT_TIMESTAMP"
-  },
-  "4bcfbefb1eb3181343871a1cd7fc3afb81c2be5c681cfa8b4be0ce70610e9c3a": {
-    "describe": {
-      "columns": [],
-      "nullable": [],
-      "parameters": {
-        "Left": [
-          "Text"
-        ]
-      }
-    },
-    "query": "UPDATE session SET logged_out = CURRENT_TIMESTAMP WHERE id = $1"
-  },
-  "629be61c3c341c131ddbbff0293a83dbc6afd07cae69d246987f62cf0cc35c2a": {
-    "describe": {
-      "columns": [
-        {
-          "name": "password",
-          "ordinal": 0,
-          "type_info": "Text"
-        }
-      ],
-      "nullable": [
-        false
-      ],
-      "parameters": {
-        "Left": []
-      }
-    },
-    "query": "SELECT password FROM account"
-  },
-  "687688055e63d27123cdc89a5bbbd8361776290a9411d527eaf1fdb40bef399d": {
-    "describe": {
-      "columns": [
-        {
-          "name": "key",
-          "ordinal": 0,
-          "type_info": "Bytea"
-        }
-      ],
-      "nullable": [
-        false
-      ],
-      "parameters": {
-        "Left": [
-          "Text",
-          "Text"
-        ]
-      }
-    },
-    "query": "SELECT key FROM tor WHERE package = $1 AND interface = $2"
-  },
-  "6d35ccf780fb2bb62586dd1d3df9c1550a41ee580dad3f49d35cb843ebef10ca": {
-    "describe": {
-      "columns": [],
-      "nullable": [],
-      "parameters": {
-        "Left": [
-          "Text"
-        ]
-      }
-    },
-    "query": "UPDATE session SET last_active = CURRENT_TIMESTAMP WHERE id = $1 AND logged_out IS NULL OR logged_out > CURRENT_TIMESTAMP"
-  },
-  "770c1017734720453dc87b58c385b987c5af5807151ff71a59000014586752e0": {
-    "describe": {
-      "columns": [
-        {
-          "name": "key",
-          "ordinal": 0,
-          "type_info": "Bytea"
-        }
-      ],
-      "nullable": [
-        false
-      ],
-      "parameters": {
-        "Left": [
-          "Text",
-          "Text",
-          "Bytea"
-        ]
-      }
-    },
-    "query": "INSERT INTO network_keys (package, interface, key) VALUES ($1, $2, $3) ON CONFLICT (package, interface) DO UPDATE SET package = EXCLUDED.package RETURNING key"
-  },
-  "7b64f032d507e8ffe37c41f4c7ad514a66c421a11ab04c26d89a7aa8f6b67210": {
-    "describe": {
-      "columns": [
-        {
-          "name": "id",
-          "ordinal": 0,
-          "type_info": "Int4"
-        },
-        {
-          "name": "package_id",
-          "ordinal": 1,
-          "type_info": "Text"
-        },
-        {
-          "name": "created_at",
-          "ordinal": 2,
-          "type_info": "Timestamp"
-        },
-        {
-          "name": "code",
-          "ordinal": 3,
-          "type_info": "Int4"
-        },
-        {
-          "name": "level",
-          "ordinal": 4,
-          "type_info": "Text"
-        },
-        {
-          "name": "title",
-          "ordinal": 5,
-          "type_info": "Text"
-        },
-        {
-          "name": "message",
-          "ordinal": 6,
-          "type_info": "Text"
-        },
-        {
-          "name": "data",
-          "ordinal": 7,
-          "type_info": "Text"
-        }
-      ],
-      "nullable": [
-        false,
-        true,
-        false,
-        false,
-        false,
-        false,
-        false,
-        true
-      ],
-      "parameters": {
-        "Left": [
-          "Int4",
-          "Int8"
-        ]
-      }
-    },
-    "query": "SELECT id, package_id, created_at, code, level, title, message, data FROM notifications WHERE id < $1 ORDER BY id DESC LIMIT $2"
-  },
-  "7c7a3549c997eb75bf964ea65fbb98a73045adf618696cd838d79203ef5383fb": {
-    "describe": {
-      "columns": [],
-      "nullable": [],
-      "parameters": {
-        "Left": [
-          "Text",
-          "Text",
-          "Text",
-          "Bytea",
-          "Text",
-          "Text"
-        ]
-      }
-    },
-    "query": "\n            INSERT INTO account (\n                id,\n                server_id,\n                hostname,\n                password,\n                network_key,\n                root_ca_key_pem,\n                root_ca_cert_pem\n            ) VALUES (\n                0, $1, $2, $3, $4, $5, $6\n            ) ON CONFLICT (id) DO UPDATE SET\n                server_id = EXCLUDED.server_id,\n                hostname = EXCLUDED.hostname,\n                password = EXCLUDED.password,\n                network_key = EXCLUDED.network_key,\n                root_ca_key_pem = EXCLUDED.root_ca_key_pem,\n                root_ca_cert_pem = EXCLUDED.root_ca_cert_pem\n            "
-  },
-  "7e0649d839927e57fa03ee51a2c9f96a8bdb0fc97ee8a3c6df1069e1e2b98576": {
-    "describe": {
-      "columns": [],
-      "nullable": [],
-      "parameters": {
-        "Left": [
-          "Text"
-        ]
-      }
-    },
-    "query": "DELETE FROM tor WHERE package = $1"
-  },
-  "8951b9126fbf60dbb5997241e11e3526b70bccf3e407327917294a993bc17ed5": {
-    "describe": {
-      "columns": [],
-      "nullable": [],
-      "parameters": {
-        "Left": [
-          "Text",
-          "Text",
-          "Bytea"
-        ]
-      }
-    },
-    "query": "INSERT INTO tor (package, interface, key) VALUES ($1, $2, $3) ON CONFLICT (package, interface) DO NOTHING"
-  },
-  "94d471bb374b4965c6cbedf8c17bbf6bea226d38efaf6559923c79a36d5ca08c": {
-    "describe": {
-      "columns": [
-        {
-          "name": "id",
-          "ordinal": 0,
-          "type_info": "Int4"
-        },
-        {
-          "name": "package_id",
-          "ordinal": 1,
-          "type_info": "Text"
-        },
-        {
-          "name": "created_at",
-          "ordinal": 2,
-          "type_info": "Timestamp"
-        },
-        {
-          "name": "code",
-          "ordinal": 3,
-          "type_info": "Int4"
-        },
-        {
-          "name": "level",
-          "ordinal": 4,
-          "type_info": "Text"
-        },
-        {
-          "name": "title",
-          "ordinal": 5,
-          "type_info": "Text"
-        },
-        {
-          "name": "message",
-          "ordinal": 6,
-          "type_info": "Text"
-        },
-        {
-          "name": "data",
-          "ordinal": 7,
-          "type_info": "Text"
-        }
-      ],
-      "nullable": [
-        false,
-        true,
-        false,
-        false,
-        false,
-        false,
-        false,
-        true
-      ],
-      "parameters": {
-        "Left": [
-          "Int8"
-        ]
-      }
-    },
-    "query": "SELECT id, package_id, created_at, code, level, title, message, data FROM notifications ORDER BY id DESC LIMIT $1"
-  },
-  "95c4ab4c645f3302568c6ff13d85ab58252362694cf0f56999bf60194d20583a": {
-    "describe": {
-      "columns": [
-        {
-          "name": "id",
-          "ordinal": 0,
-          "type_info": "Int4"
-        },
-        {
-          "name": "hostname",
-          "ordinal": 1,
-          "type_info": "Text"
-        },
-        {
-          "name": "path",
-          "ordinal": 2,
-          "type_info": "Text"
-        },
-        {
-          "name": "username",
-          "ordinal": 3,
-          "type_info": "Text"
-        },
-        {
-          "name": "password",
-          "ordinal": 4,
-          "type_info": "Text"
-        }
-      ],
-      "nullable": [
-        false,
-        false,
-        false,
-        false,
-        true
-      ],
-      "parameters": {
-        "Left": []
-      }
-    },
-    "query": "SELECT id, hostname, path, username, password FROM cifs_shares"
-  },
-  "a60d6e66719325b08dc4ecfacaf337527233c84eee758ac9be967906e5841d27": {
-    "describe": {
-      "columns": [],
-      "nullable": [],
-      "parameters": {
-        "Left": [
-          "Int4"
-        ]
-      }
-    },
-    "query": "DELETE FROM cifs_shares WHERE id = $1"
-  },
-  "a6b0c8909a3a5d6d9156aebfb359424e6b5a1d1402e028219e21726f1ebd282e": {
-    "describe": {
-      "columns": [
-        {
-          "name": "fingerprint",
-          "ordinal": 0,
-          "type_info": "Text"
-        },
-        {
-          "name": "openssh_pubkey",
-          "ordinal": 1,
-          "type_info": "Text"
-        },
-        {
-          "name": "created_at",
-          "ordinal": 2,
-          "type_info": "Text"
-        }
-      ],
-      "nullable": [
-        false,
-        false,
-        false
-      ],
-      "parameters": {
-        "Left": []
-      }
-    },
-    "query": "SELECT fingerprint, openssh_pubkey, created_at FROM ssh_keys"
-  },
-  "b1147beaaabbed89f2ab8c1e13ec4393a9a8fde2833cf096af766a979d94dee6": {
-    "describe": {
-      "columns": [],
-      "nullable": [],
-      "parameters": {
-        "Left": [
-          "Text",
-          "Text",
-          "Text",
-          "Text",
-          "Int4"
-        ]
-      }
-    },
-    "query": "UPDATE cifs_shares SET hostname = $1, path = $2, username = $3, password = $4 WHERE id = $5"
-  },
-  "d5117054072476377f3c4f040ea429d4c9b2cf534e76f35c80a2bf60e8599cca": {
-    "describe": {
-      "columns": [
-        {
-          "name": "openssh_pubkey",
-          "ordinal": 0,
-          "type_info": "Text"
-        }
-      ],
-      "nullable": [
-        false
-      ],
-      "parameters": {
-        "Left": []
-      }
-    },
-    "query": "SELECT openssh_pubkey FROM ssh_keys"
-  },
-  "da71f94b29798d1738d2b10b9a721ea72db8cfb362e7181c8226d9297507c62b": {
-    "describe": {
-      "columns": [],
-      "nullable": [],
-      "parameters": {
-        "Left": [
-          "Text",
-          "Int4",
-          "Text",
-          "Text",
-          "Text",
-          "Text"
-        ]
-      }
-    },
-    "query": "INSERT INTO notifications (package_id, code, level, title, message, data) VALUES ($1, $2, $3, $4, $5, $6)"
-  },
-  "e185203cf84e43b801dfb23b4159e34aeaef1154dcd3d6811ab504915497ccf7": {
-    "describe": {
-      "columns": [],
-      "nullable": [],
-      "parameters": {
-        "Left": [
-          "Int4"
-        ]
-      }
-    },
-    "query": "DELETE FROM notifications WHERE id = $1"
-  },
-  "e545696735f202f9d13cf22a561f3ff3f9aed7f90027a9ba97634bcb47d772f0": {
-    "describe": {
-      "columns": [
-        {
-          "name": "tor_key",
-          "ordinal": 0,
-          "type_info": "Bytea"
-        }
-      ],
-      "nullable": [
-        true
-      ],
-      "parameters": {
-        "Left": []
-      }
-    },
-    "query": "SELECT tor_key FROM account WHERE id = 0"
-  },
-  "e5843c5b0e7819b29aa1abf2266799bd4f82e761837b526a0972c3d4439a264d": {
-    "describe": {
-      "columns": [],
-      "nullable": [],
-      "parameters": {
-        "Left": [
-          "Text",
-          "Text",
-          "Text"
-        ]
-      }
-    },
-    "query": "INSERT INTO session (id, user_agent, metadata) VALUES ($1, $2, $3)"
-  },
-  "e95322a8e2ae3b93f1e974b24c0b81803f1e9ec9e8ebbf15cafddfc1c5a028ed": {
-    "describe": {
-      "columns": [
-        {
-          "name": "package",
-          "ordinal": 0,
-          "type_info": "Text"
-        },
-        {
-          "name": "interface",
-          "ordinal": 1,
-          "type_info": "Text"
-        },
-        {
-          "name": "key",
-          "ordinal": 2,
-          "type_info": "Bytea"
-        },
-        {
-          "name": "tor_key?",
-          "ordinal": 3,
-          "type_info": "Bytea"
-        }
-      ],
-      "nullable": [
-        false,
-        false,
-        false,
-        false
-      ],
-      "parameters": {
-        "Left": [
-          "Text"
-        ]
-      }
-    },
-    "query": "\n                SELECT\n                    network_keys.package,\n                    network_keys.interface,\n                    network_keys.key,\n                    tor.key AS \"tor_key?\"\n                FROM\n                    network_keys\n                LEFT JOIN\n                    tor\n                ON\n                    network_keys.package = tor.package\n                AND\n                    network_keys.interface = tor.interface\n                WHERE\n                    network_keys.package = $1\n            "
-  },
-  "eb750adaa305bdbf3c5b70aaf59139c7b7569602adb58f2d6b3a94da4f167b0a": {
-    "describe": {
-      "columns": [],
-      "nullable": [],
-      "parameters": {
-        "Left": [
-          "Int4"
-        ]
-      }
-    },
-    "query": "DELETE FROM notifications WHERE id < $1"
-  },
-  "ecc765d8205c0876956f95f76944ac6a5f34dd820c4073b7728c7067aab9fded": {
-    "describe": {
-      "columns": [
-        {
-          "name": "id",
-          "ordinal": 0,
-          "type_info": "Int4"
-        }
-      ],
-      "nullable": [
-        false
-      ],
-      "parameters": {
-        "Left": [
-          "Text",
-          "Text",
-          "Text",
-          "Text"
-        ]
-      }
-    },
-    "query": "INSERT INTO cifs_shares (hostname, path, username, password) VALUES ($1, $2, $3, $4) RETURNING id"
-  },
-  "f6d1c5ef0f9d9577bea8382318967b9deb46da75788c7fe6082b43821c22d556": {
-    "describe": {
-      "columns": [],
-      "nullable": [],
-      "parameters": {
-        "Left": [
-          "Text",
-          "Text",
-          "Text"
-        ]
-      }
-    },
-    "query": "INSERT INTO ssh_keys (fingerprint, openssh_pubkey, created_at) VALUES ($1, $2, $3)"
-  },
-  "f7d2dae84613bcef330f7403352cc96547f3f6dbec11bf2eadfaf53ad8ab51b5": {
-    "describe": {
-      "columns": [
-        {
-          "name": "network_key",
-          "ordinal": 0,
-          "type_info": "Bytea"
-        }
-      ],
-      "nullable": [
-        false
-      ],
-      "parameters": {
-        "Left": []
-      }
-    },
-    "query": "SELECT network_key FROM account WHERE id = 0"
-  },
-  "fe6e4f09f3028e5b6b6259e86cbad285680ce157aae9d7837ac020c8b2945e7f": {
-    "describe": {
-      "columns": [
-        {
-          "name": "id",
-          "ordinal": 0,
-          "type_info": "Int4"
-        },
-        {
-          "name": "password",
-          "ordinal": 1,
-          "type_info": "Text"
-        },
-        {
-          "name": "tor_key",
-          "ordinal": 2,
-          "type_info": "Bytea"
-        },
-        {
-          "name": "server_id",
-          "ordinal": 3,
-          "type_info": "Text"
-        },
-        {
-          "name": "hostname",
-          "ordinal": 4,
-          "type_info": "Text"
-        },
-        {
-          "name": "network_key",
-          "ordinal": 5,
-          "type_info": "Bytea"
-        },
-        {
-          "name": "root_ca_key_pem",
-          "ordinal": 6,
-          "type_info": "Text"
-        },
-        {
-          "name": "root_ca_cert_pem",
-          "ordinal": 7,
-          "type_info": "Text"
-        }
-      ],
-      "nullable": [
-        false,
-        false,
-        true,
-        true,
-        true,
-        false,
-        false,
-        false
-      ],
-      "parameters": {
-        "Left": []
-      }
-    },
-    "query": "SELECT * FROM account WHERE id = 0"
-  }
-}

backend/src/backup/backup_bulk.rs

@@ -1,376 +0,0 @@
-use std::collections::{BTreeMap, BTreeSet};
-use std::path::PathBuf;
-
-use chrono::Utc;
-use clap::ArgMatches;
-use color_eyre::eyre::eyre;
-use helpers::AtomicFile;
-use patch_db::{DbHandle, LockType, PatchDbHandle};
-use rpc_toolkit::command;
-use tokio::io::AsyncWriteExt;
-use tracing::instrument;
-
-use super::target::BackupTargetId;
-use super::PackageBackupReport;
-use crate::auth::check_password_against_db;
-use crate::backup::os::OsBackup;
-use crate::backup::{BackupReport, ServerBackupReport};
-use crate::context::RpcContext;
-use crate::db::model::BackupProgress;
-use crate::disk::mount::backup::BackupMountGuard;
-use crate::disk::mount::filesystem::ReadWrite;
-use crate::disk::mount::guard::TmpMountGuard;
-use crate::notifications::NotificationLevel;
-use crate::s9pk::manifest::PackageId;
-use crate::status::MainStatus;
-use crate::util::display_none;
-use crate::util::serde::IoFormat;
-use crate::version::VersionT;
-use crate::{Error, ErrorKind, ResultExt};
-
-fn parse_comma_separated(arg: &str, _: &ArgMatches) -> Result<BTreeSet<PackageId>, Error> {
-    arg.split(',')
-        .map(|s| s.trim().parse().map_err(Error::from))
-        .collect()
-}
-
-#[command(rename = "create", display(display_none))]
-#[instrument(skip(ctx, old_password, password))]
-pub async fn backup_all(
-    #[context] ctx: RpcContext,
-    #[arg(rename = "target-id")] target_id: BackupTargetId,
-    #[arg(rename = "old-password", long = "old-password")] old_password: Option<
-        crate::auth::PasswordType,
-    >,
-    #[arg(
-        rename = "package-ids",
-        long = "package-ids",
-        parse(parse_comma_separated)
-    )]
-    package_ids: Option<BTreeSet<PackageId>>,
-    #[arg] password: crate::auth::PasswordType,
-) -> Result<(), Error> {
-    let mut db = ctx.db.handle();
-    let old_password_decrypted = old_password
-        .as_ref()
-        .unwrap_or(&password)
-        .clone()
-        .decrypt(&ctx)?;
-    let password = password.decrypt(&ctx)?;
-    check_password_against_db(&mut ctx.secret_store.acquire().await?, &password).await?;
-    let fs = target_id
-        .load(&mut ctx.secret_store.acquire().await?)
-        .await?;
-    let mut backup_guard = BackupMountGuard::mount(
-        TmpMountGuard::mount(&fs, ReadWrite).await?,
-        &old_password_decrypted,
-    )
-    .await?;
-    let all_packages = crate::db::DatabaseModel::new()
-        .package_data()
-        .get(&mut db)
-        .await?
-        .0
-        .keys()
-        .into_iter()
-        .cloned()
-        .collect();
-    let package_ids = package_ids.unwrap_or(all_packages);
-    if old_password.is_some() {
-        backup_guard.change_password(&password)?;
-    }
-    assure_backing_up(&mut db, &package_ids).await?;
-    tokio::task::spawn(async move {
-        let backup_res = perform_backup(&ctx, &mut db, backup_guard, &package_ids).await;
-        let backup_progress = crate::db::DatabaseModel::new()
-            .server_info()
-            .status_info()
-            .backup_progress();
-        backup_progress
-            .clone()
-            .lock(&mut db, LockType::Write)
-            .await
-            .expect("failed to lock server status");
-        match backup_res {
-            Ok(report) if report.iter().all(|(_, rep)| rep.error.is_none()) => ctx
-                .notification_manager
-                .notify(
-                    &mut db,
-                    None,
-                    NotificationLevel::Success,
-                    "Backup Complete".to_owned(),
-                    "Your backup has completed".to_owned(),
-                    BackupReport {
-                        server: ServerBackupReport {
-                            attempted: true,
-                            error: None,
-                        },
-                        packages: report,
-                    },
-                    None,
-                )
-                .await
-                .expect("failed to send notification"),
-            Ok(report) => ctx
-                .notification_manager
-                .notify(
-                    &mut db,
-                    None,
-                    NotificationLevel::Warning,
-                    "Backup Complete".to_owned(),
-                    "Your backup has completed, but some package(s) failed to backup".to_owned(),
-                    BackupReport {
-                        server: ServerBackupReport {
-                            attempted: true,
-                            error: None,
-                        },
-                        packages: report,
-                    },
-                    None,
-                )
-                .await
-                .expect("failed to send notification"),
-            Err(e) => {
-                tracing::error!("Backup Failed: {}", e);
-                tracing::debug!("{:?}", e);
-                ctx.notification_manager
-                    .notify(
-                        &mut db,
-                        None,
-                        NotificationLevel::Error,
-                        "Backup Failed".to_owned(),
-                        "Your backup failed to complete.".to_owned(),
-                        BackupReport {
-                            server: ServerBackupReport {
-                                attempted: true,
-                                error: Some(e.to_string()),
-                            },
-                            packages: BTreeMap::new(),
-                        },
-                        None,
-                    )
-                    .await
-                    .expect("failed to send notification");
-            }
-        }
-        backup_progress
-            .delete(&mut db)
-            .await
-            .expect("failed to change server status");
-    });
-    Ok(())
-}
-
-#[instrument(skip(db, packages))]
-async fn assure_backing_up(
-    db: &mut PatchDbHandle,
-    packages: impl IntoIterator<Item = &PackageId>,
-) -> Result<(), Error> {
-    let mut tx = db.begin().await?;
-    let mut backing_up = crate::db::DatabaseModel::new()
-        .server_info()
-        .status_info()
-        .backup_progress()
-        .get_mut(&mut tx)
-        .await?;
-
-    if backing_up
-        .iter()
-        .flat_map(|x| x.values())
-        .fold(false, |acc, x| {
-            if !x.complete {
-                return true;
-            }
-            acc
-        })
-    {
-        return Err(Error::new(
-            eyre!("Server is already backing up!"),
-            crate::ErrorKind::InvalidRequest,
-        ));
-    }
-    *backing_up = Some(
-        packages
-            .into_iter()
-            .map(|x| (x.clone(), BackupProgress { complete: false }))
-            .collect(),
-    );
-    backing_up.save(&mut tx).await?;
-    tx.commit().await?;
-    Ok(())
-}
-
-#[instrument(skip(ctx, db, backup_guard))]
-async fn perform_backup<Db: DbHandle>(
-    ctx: &RpcContext,
-    mut db: Db,
-    mut backup_guard: BackupMountGuard<TmpMountGuard>,
-    package_ids: &BTreeSet<PackageId>,
-) -> Result<BTreeMap<PackageId, PackageBackupReport>, Error> {
-    let mut backup_report = BTreeMap::new();
-    for package_id in crate::db::DatabaseModel::new()
-        .package_data()
-        .keys(&mut db)
-        .await?
-        .into_iter()
-        .filter(|id| package_ids.contains(id))
-    {
-        let mut tx = db.begin().await?; // for lock scope
-        let installed_model = if let Some(installed_model) = crate::db::DatabaseModel::new()
-            .package_data()
-            .idx_model(&package_id)
-            .and_then(|m| m.installed())
-            .check(&mut tx)
-            .await?
-        {
-            installed_model
-        } else {
-            continue;
-        };
-        let main_status_model = installed_model.clone().status().main();
-
-        main_status_model.lock(&mut tx, LockType::Write).await?;
-        let (started, health) = match main_status_model.get(&mut tx).await?.into_owned() {
-            MainStatus::Starting { .. } => (Some(Utc::now()), Default::default()),
-            MainStatus::Running { started, health } => (Some(started), health.clone()),
-            MainStatus::Stopped | MainStatus::Stopping | MainStatus::Restarting => {
-                (None, Default::default())
-            }
-            MainStatus::BackingUp { .. } => {
-                backup_report.insert(
-                    package_id,
-                    PackageBackupReport {
-                        error: Some(
-                            "Can't do backup because service is in a backing up state".to_owned(),
-                        ),
-                    },
-                );
-                continue;
-            }
-        };
-        main_status_model
-            .put(
-                &mut tx,
-                &MainStatus::BackingUp {
-                    started,
-                    health: health.clone(),
-                },
-            )
-            .await?;
-        tx.save().await?; // drop locks
-
-        let manifest = installed_model.clone().manifest().get(&mut db).await?;
-
-        ctx.managers
-            .get(&(manifest.id.clone(), manifest.version.clone()))
-            .await
-            .ok_or_else(|| {
-                Error::new(eyre!("Manager not found"), crate::ErrorKind::InvalidRequest)
-            })?
-            .synchronize()
-            .await;
-
-        let mut tx = db.begin().await?;
-
-        installed_model.lock(&mut tx, LockType::Write).await?;
-
-        let guard = backup_guard.mount_package_backup(&package_id).await?;
-        let res = manifest
-            .backup
-            .create(
-                ctx,
-                &mut tx,
-                &package_id,
-                &manifest.title,
-                &manifest.version,
-                &manifest.interfaces,
-                &manifest.volumes,
-            )
-            .await;
-        guard.unmount().await?;
-        backup_report.insert(
-            package_id.clone(),
-            PackageBackupReport {
-                error: res.as_ref().err().map(|e| e.to_string()),
-            },
-        );
-
-        if let Ok(pkg_meta) = res {
-            installed_model
-                .last_backup()
-                .put(&mut tx, &Some(pkg_meta.timestamp))
-                .await?;
-            backup_guard
-                .metadata
-                .package_backups
-                .insert(package_id.clone(), pkg_meta);
-        }
-
-        main_status_model
-            .put(
-                &mut tx,
-                &match started {
-                    Some(started) => MainStatus::Running { started, health },
-                    None => MainStatus::Stopped,
-                },
-            )
-            .await?;
-
-        let mut backup_progress = crate::db::DatabaseModel::new()
-            .server_info()
-            .status_info()
-            .backup_progress()
-            .get_mut(&mut tx)
-            .await?;
-        if backup_progress.is_none() {
-            *backup_progress = Some(Default::default());
-        }
-        if let Some(mut backup_progress) = backup_progress
-            .as_mut()
-            .and_then(|bp| bp.get_mut(&package_id))
-        {
-            (*backup_progress).complete = true;
-        }
-        backup_progress.save(&mut tx).await?;
-        tx.save().await?;
-    }
-
-    let ui = crate::db::DatabaseModel::new()
-        .ui()
-        .get(&mut db)
-        .await?
-        .into_owned();
-
-    let mut os_backup_file = AtomicFile::new(
-        backup_guard.as_ref().join("os-backup.cbor"),
-        None::<PathBuf>,
-    )
-    .await
-    .with_kind(ErrorKind::Filesystem)?;
-    os_backup_file
-        .write_all(&IoFormat::Cbor.to_vec(&OsBackup {
-            account: ctx.account.read().await.clone(),
-            ui,
-        })?)
-        .await?;
-    os_backup_file
-        .save()
-        .await
-        .with_kind(ErrorKind::Filesystem)?;
-
-    let timestamp = Some(Utc::now());
-
-    backup_guard.unencrypted_metadata.version = crate::version::Current::new().semver().into();
-    backup_guard.unencrypted_metadata.full = true;
-    backup_guard.metadata.version = crate::version::Current::new().semver().into();
-    backup_guard.metadata.timestamp = timestamp;
-
-    backup_guard.save_and_unmount().await?;
-
-    crate::db::DatabaseModel::new()
-        .server_info()
-        .last_backup()
-        .put(&mut db, &timestamp)
-        .await?;
-    Ok(backup_report)
-}

backend/src/bin/embassy-init.rs

@@ -1,207 +0,0 @@
-use std::path::{Path, PathBuf};
-use std::sync::Arc;
-use std::time::Duration;
-
-use embassy::context::rpc::RpcContextConfig;
-use embassy::context::{DiagnosticContext, InstallContext, SetupContext};
-use embassy::disk::fsck::RepairStrategy;
-use embassy::disk::main::DEFAULT_PASSWORD;
-use embassy::disk::REPAIR_DISK_PATH;
-use embassy::init::STANDBY_MODE_PATH;
-use embassy::net::web_server::WebServer;
-use embassy::shutdown::Shutdown;
-use embassy::sound::CHIME;
-use embassy::util::logger::EmbassyLogger;
-use embassy::util::Invoke;
-use embassy::{Error, ErrorKind, ResultExt, IS_RASPBERRY_PI};
-use tokio::process::Command;
-use tracing::instrument;
-
-#[instrument]
-async fn setup_or_init(cfg_path: Option<PathBuf>) -> Result<(), Error> {
-    if tokio::fs::metadata("/cdrom").await.is_ok() {
-        let ctx = InstallContext::init(cfg_path).await?;
-
-        let server = WebServer::install(([0, 0, 0, 0], 80).into(), ctx.clone()).await?;
-
-        tokio::time::sleep(Duration::from_secs(1)).await; // let the record state that I hate this
-        CHIME.play().await?;
-
-        ctx.shutdown
-            .subscribe()
-            .recv()
-            .await
-            .expect("context dropped");
-
-        server.shutdown().await;
-
-        Command::new("reboot")
-            .invoke(embassy::ErrorKind::Unknown)
-            .await?;
-    } else if tokio::fs::metadata("/media/embassy/config/disk.guid")
-        .await
-        .is_err()
-    {
-        let ctx = SetupContext::init(cfg_path).await?;
-
-        let server = WebServer::setup(([0, 0, 0, 0], 80).into(), ctx.clone()).await?;
-
-        tokio::time::sleep(Duration::from_secs(1)).await; // let the record state that I hate this
-        CHIME.play().await?;
-        ctx.shutdown
-            .subscribe()
-            .recv()
-            .await
-            .expect("context dropped");
-
-        server.shutdown().await;
-
-        tokio::task::yield_now().await;
-        if let Err(e) = Command::new("killall")
-            .arg("firefox-esr")
-            .invoke(ErrorKind::NotFound)
-            .await
-        {
-            tracing::error!("Failed to kill kiosk: {}", e);
-            tracing::debug!("{:?}", e);
-        }
-    } else {
-        let cfg = RpcContextConfig::load(cfg_path).await?;
-        let guid_string = tokio::fs::read_to_string("/media/embassy/config/disk.guid") // unique identifier for volume group - keeps track of the disk that goes with your embassy
-            .await?;
-        let guid = guid_string.trim();
-        let requires_reboot = embassy::disk::main::import(
-            guid,
-            cfg.datadir(),
-            if tokio::fs::metadata(REPAIR_DISK_PATH).await.is_ok() {
-                RepairStrategy::Aggressive
-            } else {
-                RepairStrategy::Preen
-            },
-            DEFAULT_PASSWORD,
-        )
-        .await?;
-        if tokio::fs::metadata(REPAIR_DISK_PATH).await.is_ok() {
-            tokio::fs::remove_file(REPAIR_DISK_PATH)
-                .await
-                .with_ctx(|_| (embassy::ErrorKind::Filesystem, REPAIR_DISK_PATH))?;
-        }
-        if requires_reboot.0 {
-            embassy::disk::main::export(guid, cfg.datadir()).await?;
-            Command::new("reboot")
-                .invoke(embassy::ErrorKind::Unknown)
-                .await?;
-        }
-        tracing::info!("Loaded Disk");
-        embassy::init::init(&cfg).await?;
-    }
-
-    Ok(())
-}
-
-async fn run_script_if_exists<P: AsRef<Path>>(path: P) {
-    let script = path.as_ref();
-    if script.exists() {
-        match Command::new("/bin/bash").arg(script).spawn() {
-            Ok(mut c) => {
-                if let Err(e) = c.wait().await {
-                    tracing::error!("Error Running {}: {}", script.display(), e);
-                    tracing::debug!("{:?}", e);
-                }
-            }
-            Err(e) => {
-                tracing::error!("Error Running {}: {}", script.display(), e);
-                tracing::debug!("{:?}", e);
-            }
-        }
-    }
-}
-
-#[instrument]
-async fn inner_main(cfg_path: Option<PathBuf>) -> Result<Option<Shutdown>, Error> {
-    if *IS_RASPBERRY_PI && tokio::fs::metadata(STANDBY_MODE_PATH).await.is_ok() {
-        tokio::fs::remove_file(STANDBY_MODE_PATH).await?;
-        Command::new("sync").invoke(ErrorKind::Filesystem).await?;
-        embassy::sound::SHUTDOWN.play().await?;
-        futures::future::pending::<()>().await;
-    }
-
-    embassy::sound::BEP.play().await?;
-
-    run_script_if_exists("/media/embassy/config/preinit.sh").await;
-
-    let res = if let Err(e) = setup_or_init(cfg_path.clone()).await {
-        async move {
-            tracing::error!("{}", e.source);
-            tracing::debug!("{}", e.source);
-            embassy::sound::BEETHOVEN.play().await?;
-
-            let ctx = DiagnosticContext::init(
-                cfg_path,
-                if tokio::fs::metadata("/media/embassy/config/disk.guid")
-                    .await
-                    .is_ok()
-                {
-                    Some(Arc::new(
-                        tokio::fs::read_to_string("/media/embassy/config/disk.guid") // unique identifier for volume group - keeps track of the disk that goes with your embassy
-                            .await?
-                            .trim()
-                            .to_owned(),
-                    ))
-                } else {
-                    None
-                },
-                e,
-            )
-            .await?;
-
-            let server = WebServer::diagnostic(([0, 0, 0, 0], 80).into(), ctx.clone()).await?;
-
-            let shutdown = ctx.shutdown.subscribe().recv().await.unwrap();
-
-            server.shutdown().await;
-
-            Ok(shutdown)
-        }
-        .await
-    } else {
-        Ok(None)
-    };
-
-    run_script_if_exists("/media/embassy/config/postinit.sh").await;
-
-    res
-}
-
-fn main() {
-    let matches = clap::App::new("embassy-init")
-        .arg(
-            clap::Arg::with_name("config")
-                .short('c')
-                .long("config")
-                .takes_value(true),
-        )
-        .get_matches();
-
-    EmbassyLogger::init();
-
-    let cfg_path = matches.value_of("config").map(|p| Path::new(p).to_owned());
-    let res = {
-        let rt = tokio::runtime::Builder::new_multi_thread()
-            .enable_all()
-            .build()
-            .expect("failed to initialize runtime");
-        rt.block_on(inner_main(cfg_path))
-    };
-
-    match res {
-        Ok(Some(shutdown)) => shutdown.execute(),
-        Ok(None) => (),
-        Err(e) => {
-            eprintln!("{}", e.source);
-            tracing::debug!("{:?}", e.source);
-            drop(e.source);
-            std::process::exit(e.kind as i32)
-        }
-    }
-}

backend/src/config/mod.rs

@@ -1,837 +0,0 @@
-use std::collections::{BTreeMap, BTreeSet};
-use std::path::PathBuf;
-use std::time::Duration;
-
-use color_eyre::eyre::eyre;
-use futures::future::{BoxFuture, FutureExt};
-use indexmap::IndexSet;
-use itertools::Itertools;
-use patch_db::{DbHandle, LockReceipt, LockTarget, LockTargetId, LockType, Verifier};
-use rand::SeedableRng;
-use regex::Regex;
-use rpc_toolkit::command;
-use serde_json::Value;
-use tracing::instrument;
-
-use crate::context::RpcContext;
-use crate::db::model::{CurrentDependencies, CurrentDependencyInfo, CurrentDependents};
-use crate::dependencies::{
-    add_dependent_to_current_dependents_lists, break_transitive, heal_all_dependents_transitive,
-    BreakTransitiveReceipts, BreakageRes, Dependencies, DependencyConfig, DependencyError,
-    DependencyErrors, DependencyReceipt, TaggedDependencyError, TryHealReceipts,
-};
-use crate::install::cleanup::{remove_from_current_dependents_lists, UpdateDependencyReceipts};
-use crate::procedure::docker::DockerContainers;
-use crate::s9pk::manifest::{Manifest, PackageId};
-use crate::util::display_none;
-use crate::util::serde::{display_serializable, parse_stdin_deserializable, IoFormat};
-use crate::Error;
-
-pub mod action;
-pub mod spec;
-pub mod util;
-
-pub use spec::{ConfigSpec, Defaultable};
-use util::NumRange;
-
-use self::action::{ConfigActions, ConfigRes};
-use self::spec::{ConfigPointerReceipts, PackagePointerSpec, ValueSpecPointer};
-
-pub type Config = serde_json::Map<String, Value>;
-pub trait TypeOf {
-    fn type_of(&self) -> &'static str;
-}
-impl TypeOf for Value {
-    fn type_of(&self) -> &'static str {
-        match self {
-            Value::Array(_) => "list",
-            Value::Bool(_) => "boolean",
-            Value::Null => "null",
-            Value::Number(_) => "number",
-            Value::Object(_) => "object",
-            Value::String(_) => "string",
-        }
-    }
-}
-
-#[derive(Debug, thiserror::Error)]
-pub enum ConfigurationError {
-    #[error("Timeout Error")]
-    TimeoutError(#[from] TimeoutError),
-    #[error("No Match: {0}")]
-    NoMatch(#[from] NoMatchWithPath),
-    #[error("System Error: {0}")]
-    SystemError(Error),
-    #[error("Permission Denied: {0}")]
-    PermissionDenied(ValueSpecPointer),
-}
-impl From<ConfigurationError> for Error {
-    fn from(err: ConfigurationError) -> Self {
-        let kind = match &err {
-            ConfigurationError::SystemError(e) => e.kind,
-            _ => crate::ErrorKind::ConfigGen,
-        };
-        crate::Error::new(err, kind)
-    }
-}
-
-#[derive(Clone, Copy, Debug, thiserror::Error)]
-#[error("Timeout Error")]
-pub struct TimeoutError;
-
-#[derive(Clone, Debug, thiserror::Error)]
-pub struct NoMatchWithPath {
-    pub path: Vec<String>,
-    pub error: MatchError,
-}
-impl NoMatchWithPath {
-    pub fn new(error: MatchError) -> Self {
-        NoMatchWithPath {
-            path: Vec::new(),
-            error,
-        }
-    }
-    pub fn prepend(mut self, seg: String) -> Self {
-        self.path.push(seg);
-        self
-    }
-}
-impl std::fmt::Display for NoMatchWithPath {
-    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        write!(f, "{}: {}", self.path.iter().rev().join("."), self.error)
-    }
-}
-impl From<NoMatchWithPath> for Error {
-    fn from(e: NoMatchWithPath) -> Self {
-        ConfigurationError::from(e).into()
-    }
-}
-
-#[derive(Clone, Debug, thiserror::Error)]
-pub enum MatchError {
-    #[error("String {0:?} Does Not Match Pattern {1}")]
-    Pattern(String, Regex),
-    #[error("String {0:?} Is Not In Enum {1:?}")]
-    Enum(String, IndexSet<String>),
-    #[error("Field Is Not Nullable")]
-    NotNullable,
-    #[error("Length Mismatch: expected {0}, actual: {1}")]
-    LengthMismatch(NumRange<usize>, usize),
-    #[error("Invalid Type: expected {0}, actual: {1}")]
-    InvalidType(&'static str, &'static str),
-    #[error("Number Out Of Range: expected {0}, actual: {1}")]
-    OutOfRange(NumRange<f64>, f64),
-    #[error("Number Is Not Integral: {0}")]
-    NonIntegral(f64),
-    #[error("Variant {0:?} Is Not In Union {1:?}")]
-    Union(String, IndexSet<String>),
-    #[error("Variant Is Missing Tag {0:?}")]
-    MissingTag(String),
-    #[error("Property {0:?} Of Variant {1:?} Conflicts With Union Tag")]
-    PropertyMatchesUnionTag(String, String),
-    #[error("Name of Property {0:?} Conflicts With Map Tag Name")]
-    PropertyNameMatchesMapTag(String),
-    #[error("Pointer Is Invalid: {0}")]
-    InvalidPointer(spec::ValueSpecPointer),
-    #[error("Object Key Is Invalid: {0}")]
-    InvalidKey(String),
-    #[error("Value In List Is Not Unique")]
-    ListUniquenessViolation,
-}
-
-#[command(rename = "config-spec", cli_only, blocking, display(display_none))]
-pub fn verify_spec(#[arg] path: PathBuf) -> Result<(), Error> {
-    let mut file = std::fs::File::open(&path)?;
-    let format = match path.extension().and_then(|s| s.to_str()) {
-        Some("yaml") | Some("yml") => IoFormat::Yaml,
-        Some("json") => IoFormat::Json,
-        Some("toml") => IoFormat::Toml,
-        Some("cbor") => IoFormat::Cbor,
-        _ => {
-            return Err(Error::new(
-                eyre!("Unknown file format. Expected one of yaml, json, toml, cbor."),
-                crate::ErrorKind::Deserialization,
-            ));
-        }
-    };
-    let _: ConfigSpec = format.from_reader(&mut file)?;
-
-    Ok(())
-}
-
-#[command(subcommands(get, set))]
-pub fn config(#[arg] id: PackageId) -> Result<PackageId, Error> {
-    Ok(id)
-}
-
-pub struct ConfigGetReceipts {
-    manifest_volumes: LockReceipt<crate::volume::Volumes, ()>,
-    manifest_version: LockReceipt<crate::util::Version, ()>,
-    manifest_config: LockReceipt<Option<ConfigActions>, ()>,
-}
-
-impl ConfigGetReceipts {
-    pub async fn new<'a>(db: &'a mut impl DbHandle, id: &PackageId) -> Result<Self, Error> {
-        let mut locks = Vec::new();
-
-        let setup = Self::setup(&mut locks, id);
-        Ok(setup(&db.lock_all(locks).await?)?)
-    }
-
-    pub fn setup(
-        locks: &mut Vec<LockTargetId>,
-        id: &PackageId,
-    ) -> impl FnOnce(&Verifier) -> Result<Self, Error> {
-        let manifest_version = crate::db::DatabaseModel::new()
-            .package_data()
-            .idx_model(id)
-            .and_then(|x| x.installed())
-            .map(|x| x.manifest().version())
-            .make_locker(LockType::Write)
-            .add_to_keys(locks);
-        let manifest_volumes = crate::db::DatabaseModel::new()
-            .package_data()
-            .idx_model(id)
-            .and_then(|x| x.installed())
-            .map(|x| x.manifest().volumes())
-            .make_locker(LockType::Write)
-            .add_to_keys(locks);
-        let manifest_config = crate::db::DatabaseModel::new()
-            .package_data()
-            .idx_model(id)
-            .and_then(|x| x.installed())
-            .map(|x| x.manifest().config())
-            .make_locker(LockType::Write)
-            .add_to_keys(locks);
-        move |skeleton_key| {
-            Ok(Self {
-                manifest_volumes: manifest_volumes.verify(skeleton_key)?,
-                manifest_version: manifest_version.verify(skeleton_key)?,
-                manifest_config: manifest_config.verify(skeleton_key)?,
-            })
-        }
-    }
-}
-
-#[command(display(display_serializable))]
-#[instrument(skip(ctx))]
-pub async fn get(
-    #[context] ctx: RpcContext,
-    #[parent_data] id: PackageId,
-    #[allow(unused_variables)]
-    #[arg(long = "format")]
-    format: Option<IoFormat>,
-) -> Result<ConfigRes, Error> {
-    let mut db = ctx.db.handle();
-    let receipts = ConfigGetReceipts::new(&mut db, &id).await?;
-    let action = receipts
-        .manifest_config
-        .get(&mut db)
-        .await?
-        .ok_or_else(|| Error::new(eyre!("{} has no config", id), crate::ErrorKind::NotFound))?;
-
-    let volumes = receipts.manifest_volumes.get(&mut db).await?;
-    let version = receipts.manifest_version.get(&mut db).await?;
-    action.get(&ctx, &id, &version, &volumes).await
-}
-
-#[command(
-    subcommands(self(set_impl(async, context(RpcContext))), set_dry),
-    display(display_none),
-    metadata(sync_db = true)
-)]
-#[instrument]
-pub fn set(
-    #[parent_data] id: PackageId,
-    #[allow(unused_variables)]
-    #[arg(long = "format")]
-    format: Option<IoFormat>,
-    #[arg(long = "timeout")] timeout: Option<crate::util::serde::Duration>,
-    #[arg(stdin, parse(parse_stdin_deserializable))] config: Option<Config>,
-) -> Result<(PackageId, Option<Config>, Option<Duration>), Error> {
-    Ok((id, config, timeout.map(|d| *d)))
-}
-
-/// So, the new locking finds all the possible locks and lifts them up into a bundle of locks.
-/// Then this bundle will be passed down into the functions that will need to touch the db, and
-/// instead of doing the locks down in the system, we have already done the locks and can
-/// do the operation on the db.
-/// An UnlockedLock has two types, the type of setting and getting from the db, and the second type
-/// is the keys that we need to insert on getting/setting because we have included wild cards into the paths.
-pub struct ConfigReceipts {
-    pub dependency_receipt: DependencyReceipt,
-    pub config_receipts: ConfigPointerReceipts,
-    pub update_dependency_receipts: UpdateDependencyReceipts,
-    pub try_heal_receipts: TryHealReceipts,
-    pub break_transitive_receipts: BreakTransitiveReceipts,
-    configured: LockReceipt<bool, String>,
-    config_actions: LockReceipt<ConfigActions, String>,
-    dependencies: LockReceipt<Dependencies, String>,
-    volumes: LockReceipt<crate::volume::Volumes, String>,
-    version: LockReceipt<crate::util::Version, String>,
-    manifest: LockReceipt<Manifest, String>,
-    system_pointers: LockReceipt<Vec<spec::SystemPointerSpec>, String>,
-    pub current_dependents: LockReceipt<CurrentDependents, String>,
-    pub current_dependencies: LockReceipt<CurrentDependencies, String>,
-    dependency_errors: LockReceipt<DependencyErrors, String>,
-    manifest_dependencies_config: LockReceipt<DependencyConfig, (String, String)>,
-    docker_containers: LockReceipt<DockerContainers, String>,
-}
-
-impl ConfigReceipts {
-    pub async fn new<'a>(db: &'a mut impl DbHandle) -> Result<Self, Error> {
-        let mut locks = Vec::new();
-
-        let setup = Self::setup(&mut locks);
-        Ok(setup(&db.lock_all(locks).await?)?)
-    }
-
-    pub fn setup(locks: &mut Vec<LockTargetId>) -> impl FnOnce(&Verifier) -> Result<Self, Error> {
-        let dependency_receipt = DependencyReceipt::setup(locks);
-        let config_receipts = ConfigPointerReceipts::setup(locks);
-        let update_dependency_receipts = UpdateDependencyReceipts::setup(locks);
-        let break_transitive_receipts = BreakTransitiveReceipts::setup(locks);
-        let try_heal_receipts = TryHealReceipts::setup(locks);
-
-        let configured: LockTarget<bool, String> = crate::db::DatabaseModel::new()
-            .package_data()
-            .star()
-            .installed()
-            .map(|x| x.status().configured())
-            .make_locker(LockType::Write)
-            .add_to_keys(locks);
-
-        let config_actions = crate::db::DatabaseModel::new()
-            .package_data()
-            .star()
-            .installed()
-            .and_then(|x| x.manifest().config())
-            .make_locker(LockType::Read)
-            .add_to_keys(locks);
-
-        let dependencies = crate::db::DatabaseModel::new()
-            .package_data()
-            .star()
-            .installed()
-            .map(|x| x.manifest().dependencies())
-            .make_locker(LockType::Read)
-            .add_to_keys(locks);
-
-        let volumes = crate::db::DatabaseModel::new()
-            .package_data()
-            .star()
-            .installed()
-            .map(|x| x.manifest().volumes())
-            .make_locker(LockType::Read)
-            .add_to_keys(locks);
-
-        let version = crate::db::DatabaseModel::new()
-            .package_data()
-            .star()
-            .installed()
-            .map(|x| x.manifest().version())
-            .make_locker(LockType::Read)
-            .add_to_keys(locks);
-
-        let manifest = crate::db::DatabaseModel::new()
-            .package_data()
-            .star()
-            .installed()
-            .map(|x| x.manifest())
-            .make_locker(LockType::Read)
-            .add_to_keys(locks);
-
-        let system_pointers = crate::db::DatabaseModel::new()
-            .package_data()
-            .star()
-            .installed()
-            .map(|x| x.system_pointers())
-            .make_locker(LockType::Write)
-            .add_to_keys(locks);
-
-        let current_dependents = crate::db::DatabaseModel::new()
-            .package_data()
-            .star()
-            .installed()
-            .map(|x| x.current_dependents())
-            .make_locker(LockType::Write)
-            .add_to_keys(locks);
-
-        let current_dependencies = crate::db::DatabaseModel::new()
-            .package_data()
-            .star()
-            .installed()
-            .map(|x| x.current_dependencies())
-            .make_locker(LockType::Write)
-            .add_to_keys(locks);
-
-        let dependency_errors = crate::db::DatabaseModel::new()
-            .package_data()
-            .star()
-            .installed()
-            .map(|x| x.status().dependency_errors())
-            .make_locker(LockType::Write)
-            .add_to_keys(locks);
-
-        let manifest_dependencies_config = crate::db::DatabaseModel::new()
-            .package_data()
-            .star()
-            .installed()
-            .and_then(|x| x.manifest().dependencies().star().config())
-            .make_locker(LockType::Write)
-            .add_to_keys(locks);
-        let docker_containers = crate::db::DatabaseModel::new()
-            .package_data()
-            .star()
-            .installed()
-            .and_then(|x| x.manifest().containers())
-            .make_locker(LockType::Write)
-            .add_to_keys(locks);
-
-        move |skeleton_key| {
-            Ok(Self {
-                dependency_receipt: dependency_receipt(skeleton_key)?,
-                config_receipts: config_receipts(skeleton_key)?,
-                try_heal_receipts: try_heal_receipts(skeleton_key)?,
-                break_transitive_receipts: break_transitive_receipts(skeleton_key)?,
-                update_dependency_receipts: update_dependency_receipts(skeleton_key)?,
-                configured: configured.verify(skeleton_key)?,
-                config_actions: config_actions.verify(skeleton_key)?,
-                dependencies: dependencies.verify(skeleton_key)?,
-                volumes: volumes.verify(skeleton_key)?,
-                version: version.verify(skeleton_key)?,
-                manifest: manifest.verify(skeleton_key)?,
-                system_pointers: system_pointers.verify(skeleton_key)?,
-                current_dependents: current_dependents.verify(skeleton_key)?,
-                current_dependencies: current_dependencies.verify(skeleton_key)?,
-                dependency_errors: dependency_errors.verify(skeleton_key)?,
-                manifest_dependencies_config: manifest_dependencies_config.verify(skeleton_key)?,
-                docker_containers: docker_containers.verify(skeleton_key)?,
-            })
-        }
-    }
-}
-
-#[command(rename = "dry", display(display_serializable))]
-#[instrument(skip(ctx))]
-pub async fn set_dry(
-    #[context] ctx: RpcContext,
-    #[parent_data] (id, config, timeout): (PackageId, Option<Config>, Option<Duration>),
-) -> Result<BreakageRes, Error> {
-    let mut db = ctx.db.handle();
-    let mut tx = db.begin().await?;
-    let mut breakages = BTreeMap::new();
-    let locks = ConfigReceipts::new(&mut tx).await?;
-    configure(
-        &ctx,
-        &mut tx,
-        &id,
-        config,
-        &timeout,
-        true,
-        &mut BTreeMap::new(),
-        &mut breakages,
-        &locks,
-    )
-    .await?;
-
-    locks.configured.set(&mut tx, true, &id).await?;
-    tx.abort().await?;
-    Ok(BreakageRes(breakages))
-}
-
-#[instrument(skip(ctx))]
-pub async fn set_impl(
-    ctx: RpcContext,
-    (id, config, timeout): (PackageId, Option<Config>, Option<Duration>),
-) -> Result<(), Error> {
-    let mut db = ctx.db.handle();
-    let mut tx = db.begin().await?;
-    let mut breakages = BTreeMap::new();
-    let locks = ConfigReceipts::new(&mut tx).await?;
-    configure(
-        &ctx,
-        &mut tx,
-        &id,
-        config,
-        &timeout,
-        false,
-        &mut BTreeMap::new(),
-        &mut breakages,
-        &locks,
-    )
-    .await?;
-    tx.commit().await?;
-    Ok(())
-}
-
-#[instrument(skip(ctx, db, receipts))]
-pub async fn configure<'a, Db: DbHandle>(
-    ctx: &RpcContext,
-    db: &'a mut Db,
-    id: &PackageId,
-    config: Option<Config>,
-    timeout: &Option<Duration>,
-    dry_run: bool,
-    overrides: &mut BTreeMap<PackageId, Config>,
-    breakages: &mut BTreeMap<PackageId, TaggedDependencyError>,
-    receipts: &ConfigReceipts,
-) -> Result<(), Error> {
-    configure_rec(
-        ctx, db, id, config, timeout, dry_run, overrides, breakages, receipts,
-    )
-    .await?;
-    receipts.configured.set(db, true, &id).await?;
-    Ok(())
-}
-
-#[instrument(skip(ctx, db, receipts))]
-pub fn configure_rec<'a, Db: DbHandle>(
-    ctx: &'a RpcContext,
-    db: &'a mut Db,
-    id: &'a PackageId,
-    config: Option<Config>,
-    timeout: &'a Option<Duration>,
-    dry_run: bool,
-    overrides: &'a mut BTreeMap<PackageId, Config>,
-    breakages: &'a mut BTreeMap<PackageId, TaggedDependencyError>,
-    receipts: &'a ConfigReceipts,
-) -> BoxFuture<'a, Result<(), Error>> {
-    async move {
-        // fetch data from db
-        let action = receipts
-            .config_actions
-            .get(db, id)
-            .await?
-            .ok_or_else(not_found)?;
-        let dependencies = receipts
-            .dependencies
-            .get(db, id)
-            .await?
-            .ok_or_else(not_found)?;
-        let volumes = receipts.volumes.get(db, id).await?.ok_or_else(not_found)?;
-        let is_needs_config = !receipts
-            .configured
-            .get(db, id)
-            .await?
-            .ok_or_else(not_found)?;
-        let version = receipts.version.get(db, id).await?.ok_or_else(not_found)?;
-
-        // get current config and current spec
-        let ConfigRes {
-            config: old_config,
-            spec,
-        } = action.get(ctx, id, &version, &volumes).await?;
-
-        // determine new config to use
-        let mut config = if let Some(config) = config.or_else(|| old_config.clone()) {
-            config
-        } else {
-            spec.gen(&mut rand::rngs::StdRng::from_entropy(), timeout)?
-        };
-
-        let manifest = receipts.manifest.get(db, id).await?.ok_or_else(not_found)?;
-
-        spec.validate(&manifest)?;
-        spec.matches(&config)?; // check that new config matches spec
-        spec.update(
-            ctx,
-            db,
-            &manifest,
-            &*overrides,
-            &mut config,
-            &receipts.config_receipts,
-        )
-        .await?; // dereference pointers in the new config
-
-        // create backreferences to pointers
-        let mut sys = receipts
-            .system_pointers
-            .get(db, &id)
-            .await?
-            .ok_or_else(not_found)?;
-        sys.truncate(0);
-        let mut current_dependencies: CurrentDependencies = CurrentDependencies(
-            dependencies
-                .0
-                .iter()
-                .filter_map(|(id, info)| {
-                    if info.requirement.required() {
-                        Some((id.clone(), CurrentDependencyInfo::default()))
-                    } else {
-                        None
-                    }
-                })
-                .collect(),
-        );
-        for ptr in spec.pointers(&config)? {
-            match ptr {
-                ValueSpecPointer::Package(pkg_ptr) => {
-                    if let Some(current_dependency) =
-                        current_dependencies.0.get_mut(pkg_ptr.package_id())
-                    {
-                        current_dependency.pointers.push(pkg_ptr);
-                    } else {
-                        current_dependencies.0.insert(
-                            pkg_ptr.package_id().to_owned(),
-                            CurrentDependencyInfo {
-                                pointers: vec![pkg_ptr],
-                                health_checks: BTreeSet::new(),
-                            },
-                        );
-                    }
-                }
-                ValueSpecPointer::System(s) => sys.push(s),
-            }
-        }
-        receipts.system_pointers.set(db, sys, &id).await?;
-
-        let signal = if !dry_run {
-            // run config action
-            let res = action
-                .set(ctx, id, &version, &dependencies, &volumes, &config)
-                .await?;
-
-            // track dependencies with no pointers
-            for (package_id, health_checks) in res.depends_on.into_iter() {
-                if let Some(current_dependency) = current_dependencies.0.get_mut(&package_id) {
-                    current_dependency.health_checks.extend(health_checks);
-                } else {
-                    current_dependencies.0.insert(
-                        package_id,
-                        CurrentDependencyInfo {
-                            pointers: Vec::new(),
-                            health_checks,
-                        },
-                    );
-                }
-            }
-
-            // track dependency health checks
-            current_dependencies = current_dependencies.map(|x| {
-                x.into_iter()
-                    .filter(|(dep_id, _)| {
-                        if dep_id != id && !manifest.dependencies.0.contains_key(dep_id) {
-                            tracing::warn!("Illegal dependency specified: {}", dep_id);
-                            false
-                        } else {
-                            true
-                        }
-                    })
-                    .collect()
-            });
-            res.signal
-        } else {
-            None
-        };
-
-        // update dependencies
-        let prev_current_dependencies = receipts
-            .current_dependencies
-            .get(db, &id)
-            .await?
-            .unwrap_or_default();
-        remove_from_current_dependents_lists(
-            db,
-            id,
-            &prev_current_dependencies,
-            &receipts.current_dependents,
-        )
-        .await?; // remove previous
-        add_dependent_to_current_dependents_lists(
-            db,
-            id,
-            &current_dependencies,
-            &receipts.current_dependents,
-        )
-        .await?; // add new
-        current_dependencies.0.remove(id);
-        receipts
-            .current_dependencies
-            .set(db, current_dependencies.clone(), &id)
-            .await?;
-
-        let errs = receipts
-            .dependency_errors
-            .get(db, &id)
-            .await?
-            .ok_or_else(not_found)?;
-        tracing::warn!("Dependency Errors: {:?}", errs);
-        let errs = DependencyErrors::init(
-            ctx,
-            db,
-            &manifest,
-            &current_dependencies,
-            &receipts.dependency_receipt.try_heal,
-        )
-        .await?;
-        receipts.dependency_errors.set(db, errs, &id).await?;
-
-        // cache current config for dependents
-        overrides.insert(id.clone(), config.clone());
-
-        // handle dependents
-        let dependents = receipts
-            .current_dependents
-            .get(db, id)
-            .await?
-            .ok_or_else(not_found)?;
-        let prev = if is_needs_config { None } else { old_config }
-            .map(Value::Object)
-            .unwrap_or_default();
-        let next = Value::Object(config.clone());
-        for (dependent, dep_info) in dependents.0.iter().filter(|(dep_id, _)| dep_id != &id) {
-            let dependent_container = receipts.docker_containers.get(db, &dependent).await?;
-            let dependent_container = &dependent_container;
-            // check if config passes dependent check
-            if let Some(cfg) = receipts
-                .manifest_dependencies_config
-                .get(db, (&dependent, &id))
-                .await?
-            {
-                let manifest = receipts
-                    .manifest
-                    .get(db, &dependent)
-                    .await?
-                    .ok_or_else(not_found)?;
-                if let Err(error) = cfg
-                    .check(
-                        ctx,
-                        dependent_container,
-                        dependent,
-                        &manifest.version,
-                        &manifest.volumes,
-                        id,
-                        &config,
-                    )
-                    .await?
-                {
-                    let dep_err = DependencyError::ConfigUnsatisfied { error };
-                    break_transitive(
-                        db,
-                        dependent,
-                        id,
-                        dep_err,
-                        breakages,
-                        &receipts.break_transitive_receipts,
-                    )
-                    .await?;
-                }
-
-                // handle backreferences
-                for ptr in &dep_info.pointers {
-                    if let PackagePointerSpec::Config(cfg_ptr) = ptr {
-                        if cfg_ptr.select(&next) != cfg_ptr.select(&prev) {
-                            if let Err(e) = configure_rec(
-                                ctx, db, dependent, None, timeout, dry_run, overrides, breakages,
-                                receipts,
-                            )
-                            .await
-                            {
-                                if e.kind == crate::ErrorKind::ConfigRulesViolation {
-                                    break_transitive(
-                                        db,
-                                        dependent,
-                                        id,
-                                        DependencyError::ConfigUnsatisfied {
-                                            error: format!("{}", e),
-                                        },
-                                        breakages,
-                                        &receipts.break_transitive_receipts,
-                                    )
-                                    .await?;
-                                } else {
-                                    return Err(e);
-                                }
-                            }
-                        }
-                    }
-                }
-                heal_all_dependents_transitive(ctx, db, id, &receipts.dependency_receipt).await?;
-            }
-        }
-
-        if let Some(signal) = signal {
-            match ctx.managers.get(&(id.clone(), version.clone())).await {
-                None => {
-                    // in theory this should never happen, which indicates this function should be moved behind the
-                    // Manager interface
-                    return Err(Error::new(
-                        eyre!("Manager Not Found for package being configured"),
-                        crate::ErrorKind::Incoherent,
-                    ));
-                }
-                Some(m) => {
-                    m.signal(&signal).await?;
-                }
-            }
-        }
-
-        Ok(())
-    }
-    .boxed()
-}
-#[instrument]
-pub fn not_found() -> Error {
-    Error::new(eyre!("Could not find"), crate::ErrorKind::Incoherent)
-}
-
-/// We want to have a double check that the paths are what we expect them to be.
-/// Found that earlier the paths where not what we expected them to be.
-#[tokio::test]
-async fn ensure_creation_of_config_paths_makes_sense() {
-    let mut fake = patch_db::test_utils::NoOpDb();
-    let config_locks = ConfigReceipts::new(&mut fake).await.unwrap();
-    assert_eq!(
-        &format!("{}", config_locks.configured.lock.glob),
-        "/package-data/*/installed/status/configured"
-    );
-    assert_eq!(
-        &format!("{}", config_locks.config_actions.lock.glob),
-        "/package-data/*/installed/manifest/config"
-    );
-    assert_eq!(
-        &format!("{}", config_locks.dependencies.lock.glob),
-        "/package-data/*/installed/manifest/dependencies"
-    );
-    assert_eq!(
-        &format!("{}", config_locks.volumes.lock.glob),
-        "/package-data/*/installed/manifest/volumes"
-    );
-    assert_eq!(
-        &format!("{}", config_locks.version.lock.glob),
-        "/package-data/*/installed/manifest/version"
-    );
-    assert_eq!(
-        &format!("{}", config_locks.volumes.lock.glob),
-        "/package-data/*/installed/manifest/volumes"
-    );
-    assert_eq!(
-        &format!("{}", config_locks.manifest.lock.glob),
-        "/package-data/*/installed/manifest"
-    );
-    assert_eq!(
-        &format!("{}", config_locks.manifest.lock.glob),
-        "/package-data/*/installed/manifest"
-    );
-    assert_eq!(
-        &format!("{}", config_locks.system_pointers.lock.glob),
-        "/package-data/*/installed/system-pointers"
-    );
-    assert_eq!(
-        &format!("{}", config_locks.current_dependents.lock.glob),
-        "/package-data/*/installed/current-dependents"
-    );
-    assert_eq!(
-        &format!("{}", config_locks.dependency_errors.lock.glob),
-        "/package-data/*/installed/status/dependency-errors"
-    );
-    assert_eq!(
-        &format!("{}", config_locks.manifest_dependencies_config.lock.glob),
-        "/package-data/*/installed/manifest/dependencies/*/config"
-    );
-    assert_eq!(
-        &format!("{}", config_locks.system_pointers.lock.glob),
-        "/package-data/*/installed/system-pointers"
-    );
-}

backend/src/control.rs

@@ -1,208 +0,0 @@
-use std::collections::BTreeMap;
-
-use color_eyre::eyre::eyre;
-use patch_db::{DbHandle, LockReceipt, LockType};
-use rpc_toolkit::command;
-use tracing::instrument;
-
-use crate::context::RpcContext;
-use crate::dependencies::{
-    break_all_dependents_transitive, heal_all_dependents_transitive, BreakageRes, DependencyError,
-    DependencyReceipt, TaggedDependencyError,
-};
-use crate::s9pk::manifest::PackageId;
-use crate::status::MainStatus;
-use crate::util::display_none;
-use crate::util::serde::display_serializable;
-use crate::Error;
-
-#[derive(Clone)]
-pub struct StartReceipts {
-    dependency_receipt: DependencyReceipt,
-    status: LockReceipt<MainStatus, ()>,
-    version: LockReceipt<crate::util::Version, ()>,
-}
-
-impl StartReceipts {
-    pub async fn new(db: &mut impl DbHandle, id: &PackageId) -> Result<Self, Error> {
-        let mut locks = Vec::new();
-
-        let setup = Self::setup(&mut locks, id);
-        Ok(setup(&db.lock_all(locks).await?)?)
-    }
-
-    pub fn setup(
-        locks: &mut Vec<patch_db::LockTargetId>,
-        id: &PackageId,
-    ) -> impl FnOnce(&patch_db::Verifier) -> Result<Self, Error> {
-        let dependency_receipt = DependencyReceipt::setup(locks);
-        let status = crate::db::DatabaseModel::new()
-            .package_data()
-            .idx_model(id)
-            .and_then(|x| x.installed())
-            .map(|x| x.status().main())
-            .make_locker(LockType::Write)
-            .add_to_keys(locks);
-        let version = crate::db::DatabaseModel::new()
-            .package_data()
-            .idx_model(id)
-            .and_then(|x| x.installed())
-            .map(|x| x.manifest().version())
-            .make_locker(LockType::Read)
-            .add_to_keys(locks);
-        move |skeleton_key| {
-            Ok(Self {
-                dependency_receipt: dependency_receipt(skeleton_key)?,
-                status: status.verify(skeleton_key)?,
-                version: version.verify(skeleton_key)?,
-            })
-        }
-    }
-}
-
-#[command(display(display_none), metadata(sync_db = true))]
-#[instrument(skip(ctx))]
-pub async fn start(#[context] ctx: RpcContext, #[arg] id: PackageId) -> Result<(), Error> {
-    let mut db = ctx.db.handle();
-    let mut tx = db.begin().await?;
-    let receipts = StartReceipts::new(&mut tx, &id).await?;
-    let version = receipts.version.get(&mut tx).await?;
-    receipts
-        .status
-        .set(&mut tx, MainStatus::Starting { restarting: false })
-        .await?;
-    heal_all_dependents_transitive(&ctx, &mut tx, &id, &receipts.dependency_receipt).await?;
-
-    tx.commit().await?;
-    drop(receipts);
-
-    ctx.managers
-        .get(&(id, version))
-        .await
-        .ok_or_else(|| Error::new(eyre!("Manager not found"), crate::ErrorKind::InvalidRequest))?
-        .synchronize()
-        .await;
-
-    Ok(())
-}
-#[derive(Clone)]
-pub struct StopReceipts {
-    breaks: crate::dependencies::BreakTransitiveReceipts,
-    status: LockReceipt<MainStatus, ()>,
-}
-
-impl StopReceipts {
-    pub async fn new<'a>(db: &'a mut impl DbHandle, id: &PackageId) -> Result<Self, Error> {
-        let mut locks = Vec::new();
-
-        let setup = Self::setup(&mut locks, id);
-        Ok(setup(&db.lock_all(locks).await?)?)
-    }
-
-    pub fn setup(
-        locks: &mut Vec<patch_db::LockTargetId>,
-        id: &PackageId,
-    ) -> impl FnOnce(&patch_db::Verifier) -> Result<Self, Error> {
-        let breaks = crate::dependencies::BreakTransitiveReceipts::setup(locks);
-        let status = crate::db::DatabaseModel::new()
-            .package_data()
-            .idx_model(id)
-            .and_then(|x| x.installed())
-            .map(|x| x.status().main())
-            .make_locker(LockType::Write)
-            .add_to_keys(locks);
-        move |skeleton_key| {
-            Ok(Self {
-                breaks: breaks(skeleton_key)?,
-                status: status.verify(skeleton_key)?,
-            })
-        }
-    }
-}
-
-#[instrument(skip(db))]
-pub async fn stop_common<Db: DbHandle>(
-    db: &mut Db,
-    id: &PackageId,
-    breakages: &mut BTreeMap<PackageId, TaggedDependencyError>,
-) -> Result<MainStatus, Error> {
-    let mut tx = db.begin().await?;
-    let receipts = StopReceipts::new(&mut tx, id).await?;
-    let last_status = receipts.status.get(&mut tx).await?;
-    receipts.status.set(&mut tx, MainStatus::Stopping).await?;
-
-    tx.save().await?;
-    break_all_dependents_transitive(
-        db,
-        id,
-        DependencyError::NotRunning,
-        breakages,
-        &receipts.breaks,
-    )
-    .await?;
-
-    Ok(last_status)
-}
-
-#[command(
-    subcommands(self(stop_impl(async)), stop_dry),
-    display(display_none),
-    metadata(sync_db = true)
-)]
-pub fn stop(#[arg] id: PackageId) -> Result<PackageId, Error> {
-    Ok(id)
-}
-
-#[command(rename = "dry", display(display_serializable))]
-#[instrument(skip(ctx))]
-pub async fn stop_dry(
-    #[context] ctx: RpcContext,
-    #[parent_data] id: PackageId,
-) -> Result<BreakageRes, Error> {
-    let mut db = ctx.db.handle();
-    let mut tx = db.begin().await?;
-
-    let mut breakages = BTreeMap::new();
-    stop_common(&mut tx, &id, &mut breakages).await?;
-
-    tx.abort().await?;
-
-    Ok(BreakageRes(breakages))
-}
-
-#[instrument(skip(ctx))]
-pub async fn stop_impl(ctx: RpcContext, id: PackageId) -> Result<MainStatus, Error> {
-    let mut db = ctx.db.handle();
-    let mut tx = db.begin().await?;
-
-    let last_statuts = stop_common(&mut tx, &id, &mut BTreeMap::new()).await?;
-
-    tx.commit().await?;
-
-    Ok(last_statuts)
-}
-
-#[command(display(display_none), metadata(sync_db = true))]
-pub async fn restart(#[context] ctx: RpcContext, #[arg] id: PackageId) -> Result<(), Error> {
-    let mut db = ctx.db.handle();
-    let mut tx = db.begin().await?;
-
-    let mut status = crate::db::DatabaseModel::new()
-        .package_data()
-        .idx_model(&id)
-        .and_then(|pde| pde.installed())
-        .map(|i| i.status().main())
-        .get_mut(&mut tx)
-        .await?;
-    if !matches!(&*status, Some(MainStatus::Running { .. })) {
-        return Err(Error::new(
-            eyre!("{} is not running", id),
-            crate::ErrorKind::InvalidRequest,
-        ));
-    }
-    *status = Some(MainStatus::Restarting);
-    status.save(&mut tx).await?;
-    tx.commit().await?;
-
-    Ok(())
-}

backend/src/db/model.rs

@@ -1,421 +0,0 @@
-use std::collections::{BTreeMap, BTreeSet};
-use std::net::{Ipv4Addr, Ipv6Addr};
-use std::sync::Arc;
-
-use chrono::{DateTime, Utc};
-use emver::VersionRange;
-use ipnet::{Ipv4Net, Ipv6Net};
-use isocountry::CountryCode;
-use itertools::Itertools;
-use openssl::hash::MessageDigest;
-use patch_db::json_ptr::JsonPointer;
-use patch_db::{HasModel, Map, MapModel, OptionModel};
-use reqwest::Url;
-use serde::{Deserialize, Serialize};
-use serde_json::Value;
-use ssh_key::public::Ed25519PublicKey;
-
-use crate::account::AccountInfo;
-use crate::config::spec::{PackagePointerSpec, SystemPointerSpec};
-use crate::install::progress::InstallProgress;
-use crate::net::interface::InterfaceId;
-use crate::net::utils::{get_iface_ipv4_addr, get_iface_ipv6_addr};
-use crate::s9pk::manifest::{Manifest, ManifestModel, PackageId};
-use crate::status::health_check::HealthCheckId;
-use crate::status::Status;
-use crate::util::Version;
-use crate::version::{Current, VersionT};
-use crate::Error;
-
-#[derive(Debug, Deserialize, Serialize, HasModel)]
-#[serde(rename_all = "kebab-case")]
-pub struct Database {
-    #[model]
-    pub server_info: ServerInfo,
-    #[model]
-    pub package_data: AllPackageData,
-    pub ui: Value,
-}
-impl Database {
-    pub fn init(account: &AccountInfo) -> Self {
-        let lan_address = account.hostname.lan_address().parse().unwrap();
-        // TODO
-        Database {
-            server_info: ServerInfo {
-                id: account.server_id.clone(),
-                version: Current::new().semver().into(),
-                hostname: Some(account.hostname.no_dot_host_name()),
-                last_backup: None,
-                last_wifi_region: None,
-                eos_version_compat: Current::new().compat().clone(),
-                lan_address,
-                tor_address: format!("http://{}", account.key.tor_address())
-                    .parse()
-                    .unwrap(),
-                ip_info: BTreeMap::new(),
-                status_info: ServerStatus {
-                    backup_progress: None,
-                    updated: false,
-                    update_progress: None,
-                },
-                wifi: WifiInfo {
-                    ssids: Vec::new(),
-                    connected: None,
-                    selected: None,
-                },
-                unread_notification_count: 0,
-                connection_addresses: ConnectionAddresses {
-                    tor: Vec::new(),
-                    clearnet: Vec::new(),
-                },
-                password_hash: account.password.clone(),
-                pubkey: ssh_key::PublicKey::from(Ed25519PublicKey::from(&account.key.ssh_key()))
-                    .to_openssh()
-                    .unwrap(),
-                ca_fingerprint: account
-                    .root_ca_cert
-                    .digest(MessageDigest::sha256())
-                    .unwrap()
-                    .iter()
-                    .map(|x| format!("{x:X}"))
-                    .join(":"),
-                system_start_time: Utc::now().to_rfc3339(),
-            },
-            package_data: AllPackageData::default(),
-            ui: serde_json::from_str(include_str!("../../../frontend/patchdb-ui-seed.json"))
-                .unwrap(),
-        }
-    }
-}
-impl DatabaseModel {
-    pub fn new() -> Self {
-        Self::from(JsonPointer::default())
-    }
-}
-
-#[derive(Debug, Deserialize, Serialize, HasModel)]
-#[serde(rename_all = "kebab-case")]
-pub struct ServerInfo {
-    pub id: String,
-    pub hostname: Option<String>,
-    pub version: Version,
-    pub last_backup: Option<DateTime<Utc>>,
-    /// Used in the wifi to determine the region to set the system to
-    pub last_wifi_region: Option<CountryCode>,
-    pub eos_version_compat: VersionRange,
-    pub lan_address: Url,
-    pub tor_address: Url,
-    #[model]
-    pub ip_info: BTreeMap<String, IpInfo>,
-    #[model]
-    #[serde(default)]
-    pub status_info: ServerStatus,
-    pub wifi: WifiInfo,
-    pub unread_notification_count: u64,
-    pub connection_addresses: ConnectionAddresses,
-    pub password_hash: String,
-    pub pubkey: String,
-    pub ca_fingerprint: String,
-    pub system_start_time: String,
-}
-
-#[derive(Debug, Deserialize, Serialize, HasModel)]
-#[serde(rename_all = "kebab-case")]
-pub struct IpInfo {
-    pub ipv4_range: Option<Ipv4Net>,
-    pub ipv4: Option<Ipv4Addr>,
-    pub ipv6_range: Option<Ipv6Net>,
-    pub ipv6: Option<Ipv6Addr>,
-}
-impl IpInfo {
-    pub async fn for_interface(iface: &str) -> Result<Self, Error> {
-        let (ipv4, ipv4_range) = get_iface_ipv4_addr(iface).await?.unzip();
-        let (ipv6, ipv6_range) = get_iface_ipv6_addr(iface).await?.unzip();
-        Ok(Self {
-            ipv4_range,
-            ipv4,
-            ipv6_range,
-            ipv6,
-        })
-    }
-}
-
-#[derive(Debug, Default, Deserialize, Serialize, HasModel)]
-pub struct BackupProgress {
-    pub complete: bool,
-}
-
-#[derive(Debug, Default, Deserialize, Serialize, HasModel)]
-#[serde(rename_all = "kebab-case")]
-pub struct ServerStatus {
-    #[model]
-    pub backup_progress: Option<BTreeMap<PackageId, BackupProgress>>,
-    pub updated: bool,
-    #[model]
-    pub update_progress: Option<UpdateProgress>,
-}
-
-#[derive(Debug, Deserialize, Serialize, HasModel)]
-#[serde(rename_all = "kebab-case")]
-pub struct UpdateProgress {
-    pub size: Option<u64>,
-    pub downloaded: u64,
-}
-
-#[derive(Debug, Deserialize, Serialize)]
-#[serde(rename_all = "kebab-case")]
-pub struct WifiInfo {
-    pub ssids: Vec<String>,
-    pub selected: Option<String>,
-    pub connected: Option<String>,
-}
-
-#[derive(Debug, Deserialize, Serialize)]
-#[serde(rename_all = "kebab-case")]
-pub struct ServerSpecs {
-    pub cpu: String,
-    pub disk: String,
-    pub memory: String,
-}
-
-#[derive(Debug, Deserialize, Serialize)]
-#[serde(rename_all = "kebab-case")]
-pub struct ConnectionAddresses {
-    pub tor: Vec<String>,
-    pub clearnet: Vec<String>,
-}
-
-#[derive(Debug, Default, Deserialize, Serialize)]
-pub struct AllPackageData(pub BTreeMap<PackageId, PackageDataEntry>);
-impl Map for AllPackageData {
-    type Key = PackageId;
-    type Value = PackageDataEntry;
-    fn get(&self, key: &Self::Key) -> Option<&Self::Value> {
-        self.0.get(key)
-    }
-}
-impl HasModel for AllPackageData {
-    type Model = MapModel<Self>;
-}
-
-#[derive(Debug, Deserialize, Serialize)]
-#[serde(rename_all = "kebab-case")]
-pub struct StaticFiles {
-    license: String,
-    instructions: String,
-    icon: String,
-}
-impl StaticFiles {
-    pub fn local(id: &PackageId, version: &Version, icon_type: &str) -> Self {
-        StaticFiles {
-            license: format!("/public/package-data/{}/{}/LICENSE.md", id, version),
-            instructions: format!("/public/package-data/{}/{}/INSTRUCTIONS.md", id, version),
-            icon: format!("/public/package-data/{}/{}/icon.{}", id, version, icon_type),
-        }
-    }
-}
-
-#[derive(Debug, Deserialize, Serialize, HasModel)]
-#[serde(tag = "state")]
-#[serde(rename_all = "kebab-case")]
-pub enum PackageDataEntry {
-    #[serde(rename_all = "kebab-case")]
-    Installing {
-        static_files: StaticFiles,
-        manifest: Manifest,
-        install_progress: Arc<InstallProgress>,
-    },
-    #[serde(rename_all = "kebab-case")]
-    Updating {
-        static_files: StaticFiles,
-        manifest: Manifest,
-        installed: InstalledPackageDataEntry,
-        install_progress: Arc<InstallProgress>,
-    },
-    #[serde(rename_all = "kebab-case")]
-    Restoring {
-        static_files: StaticFiles,
-        manifest: Manifest,
-        install_progress: Arc<InstallProgress>,
-    },
-    #[serde(rename_all = "kebab-case")]
-    Removing {
-        static_files: StaticFiles,
-        manifest: Manifest,
-        removing: InstalledPackageDataEntry,
-    },
-    #[serde(rename_all = "kebab-case")]
-    Installed {
-        static_files: StaticFiles,
-        manifest: Manifest,
-        installed: InstalledPackageDataEntry,
-    },
-}
-impl PackageDataEntry {
-    pub fn installed(&self) -> Option<&InstalledPackageDataEntry> {
-        match self {
-            Self::Installing { .. } | Self::Restoring { .. } | Self::Removing { .. } => None,
-            Self::Updating { installed, .. } | Self::Installed { installed, .. } => Some(installed),
-        }
-    }
-    pub fn installed_mut(&mut self) -> Option<&mut InstalledPackageDataEntry> {
-        match self {
-            Self::Installing { .. } | Self::Restoring { .. } | Self::Removing { .. } => None,
-            Self::Updating { installed, .. } | Self::Installed { installed, .. } => Some(installed),
-        }
-    }
-    pub fn into_installed(self) -> Option<InstalledPackageDataEntry> {
-        match self {
-            Self::Installing { .. } | Self::Restoring { .. } | Self::Removing { .. } => None,
-            Self::Updating { installed, .. } | Self::Installed { installed, .. } => Some(installed),
-        }
-    }
-    pub fn manifest(self) -> Manifest {
-        match self {
-            PackageDataEntry::Installing { manifest, .. } => manifest,
-            PackageDataEntry::Updating { manifest, .. } => manifest,
-            PackageDataEntry::Restoring { manifest, .. } => manifest,
-            PackageDataEntry::Removing { manifest, .. } => manifest,
-            PackageDataEntry::Installed { manifest, .. } => manifest,
-        }
-    }
-    pub fn manifest_borrow(&self) -> &Manifest {
-        match self {
-            PackageDataEntry::Installing { manifest, .. } => manifest,
-            PackageDataEntry::Updating { manifest, .. } => manifest,
-            PackageDataEntry::Restoring { manifest, .. } => manifest,
-            PackageDataEntry::Removing { manifest, .. } => manifest,
-            PackageDataEntry::Installed { manifest, .. } => manifest,
-        }
-    }
-}
-impl PackageDataEntryModel {
-    pub fn installed(self) -> OptionModel<InstalledPackageDataEntry> {
-        self.0.child("installed").into()
-    }
-    pub fn removing(self) -> OptionModel<InstalledPackageDataEntry> {
-        self.0.child("removing").into()
-    }
-    pub fn install_progress(self) -> OptionModel<InstallProgress> {
-        self.0.child("install-progress").into()
-    }
-    pub fn manifest(self) -> ManifestModel {
-        self.0.child("manifest").into()
-    }
-}
-
-#[derive(Debug, Deserialize, Serialize, HasModel)]
-#[serde(rename_all = "kebab-case")]
-pub struct InstalledPackageDataEntry {
-    #[model]
-    pub status: Status,
-    pub marketplace_url: Option<Url>,
-    #[serde(default)]
-    #[serde(with = "crate::util::serde::ed25519_pubkey")]
-    pub developer_key: ed25519_dalek::PublicKey,
-    #[model]
-    pub manifest: Manifest,
-    pub last_backup: Option<DateTime<Utc>>,
-    #[model]
-    pub system_pointers: Vec<SystemPointerSpec>,
-    #[model]
-    pub dependency_info: BTreeMap<PackageId, StaticDependencyInfo>,
-    #[model]
-    pub current_dependents: CurrentDependents,
-    #[model]
-    pub current_dependencies: CurrentDependencies,
-    #[model]
-    pub interface_addresses: InterfaceAddressMap,
-}
-
-#[derive(Debug, Clone, Deserialize, Serialize)]
-pub struct CurrentDependents(pub BTreeMap<PackageId, CurrentDependencyInfo>);
-impl CurrentDependents {
-    pub fn map(
-        mut self,
-        transform: impl Fn(
-            BTreeMap<PackageId, CurrentDependencyInfo>,
-        ) -> BTreeMap<PackageId, CurrentDependencyInfo>,
-    ) -> Self {
-        self.0 = transform(self.0);
-        self
-    }
-}
-impl Map for CurrentDependents {
-    type Key = PackageId;
-    type Value = CurrentDependencyInfo;
-    fn get(&self, key: &Self::Key) -> Option<&Self::Value> {
-        self.0.get(key)
-    }
-}
-impl HasModel for CurrentDependents {
-    type Model = MapModel<Self>;
-}
-
-#[derive(Debug, Clone, Default, Deserialize, Serialize)]
-pub struct CurrentDependencies(pub BTreeMap<PackageId, CurrentDependencyInfo>);
-impl CurrentDependencies {
-    pub fn map(
-        mut self,
-        transform: impl Fn(
-            BTreeMap<PackageId, CurrentDependencyInfo>,
-        ) -> BTreeMap<PackageId, CurrentDependencyInfo>,
-    ) -> Self {
-        self.0 = transform(self.0);
-        self
-    }
-}
-impl Map for CurrentDependencies {
-    type Key = PackageId;
-    type Value = CurrentDependencyInfo;
-    fn get(&self, key: &Self::Key) -> Option<&Self::Value> {
-        self.0.get(key)
-    }
-}
-impl HasModel for CurrentDependencies {
-    type Model = MapModel<Self>;
-}
-
-#[derive(Clone, Debug, Default, Deserialize, Serialize, HasModel)]
-#[serde(rename_all = "kebab-case")]
-pub struct StaticDependencyInfo {
-    pub manifest: Option<Manifest>,
-    pub icon: String,
-}
-
-#[derive(Clone, Debug, Default, Deserialize, Serialize, HasModel)]
-#[serde(rename_all = "kebab-case")]
-pub struct CurrentDependencyInfo {
-    pub pointers: Vec<PackagePointerSpec>,
-    pub health_checks: BTreeSet<HealthCheckId>,
-}
-
-#[derive(Debug, Deserialize, Serialize)]
-pub struct InterfaceAddressMap(pub BTreeMap<InterfaceId, InterfaceAddresses>);
-impl Map for InterfaceAddressMap {
-    type Key = InterfaceId;
-    type Value = InterfaceAddresses;
-    fn get(&self, key: &Self::Key) -> Option<&Self::Value> {
-        self.0.get(key)
-    }
-}
-impl HasModel for InterfaceAddressMap {
-    type Model = MapModel<Self>;
-}
-
-#[derive(Debug, Deserialize, Serialize, HasModel)]
-#[serde(rename_all = "kebab-case")]
-pub struct InterfaceAddresses {
-    #[model]
-    pub tor_address: Option<String>,
-    #[model]
-    pub lan_address: Option<String>,
-}
-
-#[derive(Debug, Deserialize, Serialize, HasModel)]
-#[serde(rename_all = "kebab-case")]
-pub struct RecoveredPackageInfo {
-    pub title: String,
-    pub icon: String,
-    pub version: Version,
-}

backend/src/db/package.rs

@@ -1,75 +0,0 @@
-use patch_db::{DbHandle, LockReceipt, LockTargetId, LockType, Verifier};
-
-use crate::s9pk::manifest::{Manifest, PackageId};
-use crate::Error;
-
-pub struct PackageReceipts {
-    package_data: LockReceipt<super::model::AllPackageData, ()>,
-}
-
-impl PackageReceipts {
-    pub async fn new<'a>(db: &'a mut impl DbHandle) -> Result<Self, Error> {
-        let mut locks = Vec::new();
-
-        let setup = Self::setup(&mut locks);
-        Ok(setup(&db.lock_all(locks).await?)?)
-    }
-
-    pub fn setup(locks: &mut Vec<LockTargetId>) -> impl FnOnce(&Verifier) -> Result<Self, Error> {
-        let package_data = crate::db::DatabaseModel::new()
-            .package_data()
-            .make_locker(LockType::Read)
-            .add_to_keys(locks);
-        move |skeleton_key| {
-            Ok(Self {
-                package_data: package_data.verify(&skeleton_key)?,
-            })
-        }
-    }
-}
-
-pub async fn get_packages<Db: DbHandle>(
-    db: &mut Db,
-    receipts: &PackageReceipts,
-) -> Result<Vec<PackageId>, Error> {
-    let packages = receipts.package_data.get(db).await?;
-    Ok(packages.0.keys().cloned().collect())
-}
-
-pub struct ManifestReceipts {
-    manifest: LockReceipt<Manifest, String>,
-}
-
-impl ManifestReceipts {
-    pub async fn new<'a>(db: &'a mut impl DbHandle, id: &PackageId) -> Result<Self, Error> {
-        let mut locks = Vec::new();
-
-        let setup = Self::setup(&mut locks, id);
-        Ok(setup(&db.lock_all(locks).await?)?)
-    }
-
-    pub fn setup(
-        locks: &mut Vec<LockTargetId>,
-        _id: &PackageId,
-    ) -> impl FnOnce(&Verifier) -> Result<Self, Error> {
-        let manifest = crate::db::DatabaseModel::new()
-            .package_data()
-            .star()
-            .manifest()
-            .make_locker(LockType::Read)
-            .add_to_keys(locks);
-        move |skeleton_key| {
-            Ok(Self {
-                manifest: manifest.verify(&skeleton_key)?,
-            })
-        }
-    }
-}
-
-pub async fn get_manifest<Db: DbHandle>(
-    db: &mut Db,
-    pkg: &PackageId,
-    receipts: &ManifestReceipts,
-) -> Result<Option<Manifest>, Error> {
-    Ok(receipts.manifest.get(db, pkg).await?)
-}

backend/src/init.rs

@@ -1,443 +0,0 @@
-use std::collections::{BTreeMap, HashMap};
-use std::fs::Permissions;
-use std::os::unix::fs::PermissionsExt;
-use std::path::Path;
-use std::process::Stdio;
-use std::time::Duration;
-
-use color_eyre::eyre::eyre;
-use helpers::NonDetachingJoinHandle;
-use models::ResultExt;
-use patch_db::{DbHandle, LockReceipt, LockType};
-use rand::random;
-use sqlx::{Pool, Postgres};
-use tokio::process::Command;
-
-use crate::account::AccountInfo;
-use crate::context::rpc::RpcContextConfig;
-use crate::db::model::{IpInfo, ServerStatus};
-use crate::install::PKG_ARCHIVE_DIR;
-use crate::middleware::auth::LOCAL_AUTH_COOKIE_PATH;
-use crate::sound::BEP;
-use crate::system::time;
-use crate::util::Invoke;
-use crate::{Error, ARCH};
-
-pub const SYSTEM_REBUILD_PATH: &str = "/media/embassy/config/system-rebuild";
-pub const STANDBY_MODE_PATH: &str = "/media/embassy/config/standby";
-
-pub async fn check_time_is_synchronized() -> Result<bool, Error> {
-    Ok(String::from_utf8(
-        Command::new("timedatectl")
-            .arg("show")
-            .arg("-p")
-            .arg("NTPSynchronized")
-            .invoke(crate::ErrorKind::Unknown)
-            .await?,
-    )?
-    .trim()
-        == "NTPSynchronized=yes")
-}
-
-pub struct InitReceipts {
-    pub server_version: LockReceipt<crate::util::Version, ()>,
-    pub version_range: LockReceipt<emver::VersionRange, ()>,
-    pub last_wifi_region: LockReceipt<Option<isocountry::CountryCode>, ()>,
-    pub status_info: LockReceipt<ServerStatus, ()>,
-    pub ip_info: LockReceipt<BTreeMap<String, IpInfo>, ()>,
-    pub system_start_time: LockReceipt<String, ()>,
-}
-impl InitReceipts {
-    pub async fn new(db: &mut impl DbHandle) -> Result<Self, Error> {
-        let mut locks = Vec::new();
-
-        let server_version = crate::db::DatabaseModel::new()
-            .server_info()
-            .version()
-            .make_locker(LockType::Write)
-            .add_to_keys(&mut locks);
-        let version_range = crate::db::DatabaseModel::new()
-            .server_info()
-            .eos_version_compat()
-            .make_locker(LockType::Write)
-            .add_to_keys(&mut locks);
-        let last_wifi_region = crate::db::DatabaseModel::new()
-            .server_info()
-            .last_wifi_region()
-            .make_locker(LockType::Write)
-            .add_to_keys(&mut locks);
-        let ip_info = crate::db::DatabaseModel::new()
-            .server_info()
-            .ip_info()
-            .make_locker(LockType::Write)
-            .add_to_keys(&mut locks);
-        let status_info = crate::db::DatabaseModel::new()
-            .server_info()
-            .status_info()
-            .into_model()
-            .make_locker(LockType::Write)
-            .add_to_keys(&mut locks);
-        let system_start_time = crate::db::DatabaseModel::new()
-            .server_info()
-            .system_start_time()
-            .make_locker(LockType::Write)
-            .add_to_keys(&mut locks);
-
-        let skeleton_key = db.lock_all(locks).await?;
-        Ok(Self {
-            server_version: server_version.verify(&skeleton_key)?,
-            version_range: version_range.verify(&skeleton_key)?,
-            ip_info: ip_info.verify(&skeleton_key)?,
-            status_info: status_info.verify(&skeleton_key)?,
-            last_wifi_region: last_wifi_region.verify(&skeleton_key)?,
-            system_start_time: system_start_time.verify(&skeleton_key)?,
-        })
-    }
-}
-
-pub async fn pgloader(
-    old_db_path: impl AsRef<Path>,
-    batch_rows: usize,
-    prefetch_rows: usize,
-) -> Result<(), Error> {
-    tokio::fs::write(
-        "/etc/embassy/migrate.load",
-        format!(
-            include_str!("migrate.load"),
-            sqlite_path = old_db_path.as_ref().display(),
-            batch_rows = batch_rows,
-            prefetch_rows = prefetch_rows
-        ),
-    )
-    .await?;
-    match tokio::fs::remove_dir_all("/tmp/pgloader").await {
-        Err(e) if e.kind() == std::io::ErrorKind::NotFound => Ok(()),
-        a => a,
-    }?;
-    tracing::info!("Running pgloader");
-    let out = Command::new("pgloader")
-        .arg("-v")
-        .arg("/etc/embassy/migrate.load")
-        .stdout(Stdio::piped())
-        .stderr(Stdio::piped())
-        .output()
-        .await?;
-    let stdout = String::from_utf8(out.stdout)?;
-    for line in stdout.lines() {
-        tracing::debug!("pgloader: {}", line);
-    }
-    let stderr = String::from_utf8(out.stderr)?;
-    for line in stderr.lines() {
-        tracing::debug!("pgloader err: {}", line);
-    }
-    tracing::debug!("pgloader exited with code {:?}", out.status);
-    if let Some(err) = stdout.lines().chain(stderr.lines()).find_map(|l| {
-        if l.split_ascii_whitespace()
-            .any(|word| word == "ERROR" || word == "FATAL")
-        {
-            Some(l)
-        } else {
-            None
-        }
-    }) {
-        return Err(Error::new(
-            eyre!("pgloader error: {}", err),
-            crate::ErrorKind::Database,
-        ));
-    }
-    tokio::fs::rename(
-        old_db_path.as_ref(),
-        old_db_path.as_ref().with_extension("bak"),
-    )
-    .await?;
-    Ok(())
-}
-
-// must be idempotent
-pub async fn init_postgres(datadir: impl AsRef<Path>) -> Result<(), Error> {
-    let db_dir = datadir.as_ref().join("main/postgresql");
-    let is_mountpoint = || async {
-        Ok::<_, Error>(
-            tokio::process::Command::new("mountpoint")
-                .arg("/var/lib/postgresql")
-                .stdout(std::process::Stdio::null())
-                .stderr(std::process::Stdio::null())
-                .status()
-                .await?
-                .success(),
-        )
-    };
-    let exists = tokio::fs::metadata(&db_dir).await.is_ok();
-    if !exists {
-        Command::new("cp")
-            .arg("-ra")
-            .arg("/var/lib/postgresql")
-            .arg(&db_dir)
-            .invoke(crate::ErrorKind::Filesystem)
-            .await?;
-    }
-    if !is_mountpoint().await? {
-        crate::disk::mount::util::bind(&db_dir, "/var/lib/postgresql", false).await?;
-    }
-    Command::new("chown")
-        .arg("-R")
-        .arg("postgres")
-        .arg("/var/lib/postgresql")
-        .invoke(crate::ErrorKind::Database)
-        .await?;
-    Command::new("systemctl")
-        .arg("start")
-        .arg("postgresql")
-        .invoke(crate::ErrorKind::Database)
-        .await?;
-    if !exists {
-        Command::new("sudo")
-            .arg("-u")
-            .arg("postgres")
-            .arg("createuser")
-            .arg("root")
-            .invoke(crate::ErrorKind::Database)
-            .await?;
-        Command::new("sudo")
-            .arg("-u")
-            .arg("postgres")
-            .arg("createdb")
-            .arg("secrets")
-            .arg("-O")
-            .arg("root")
-            .invoke(crate::ErrorKind::Database)
-            .await?;
-    }
-    Ok(())
-}
-
-pub struct InitResult {
-    pub secret_store: Pool<Postgres>,
-    pub db: patch_db::PatchDb,
-}
-
-pub async fn init(cfg: &RpcContextConfig) -> Result<InitResult, Error> {
-    tokio::fs::create_dir_all("/run/embassy")
-        .await
-        .with_ctx(|_| (crate::ErrorKind::Filesystem, "mkdir -p /run/embassy"))?;
-    if tokio::fs::metadata(LOCAL_AUTH_COOKIE_PATH).await.is_err() {
-        tokio::fs::write(
-            LOCAL_AUTH_COOKIE_PATH,
-            base64::encode(random::<[u8; 32]>()).as_bytes(),
-        )
-        .await
-        .with_ctx(|_| {
-            (
-                crate::ErrorKind::Filesystem,
-                format!("write {}", LOCAL_AUTH_COOKIE_PATH),
-            )
-        })?;
-        tokio::fs::set_permissions(LOCAL_AUTH_COOKIE_PATH, Permissions::from_mode(0o046)).await?;
-        Command::new("chown")
-            .arg("root:embassy")
-            .arg(LOCAL_AUTH_COOKIE_PATH)
-            .invoke(crate::ErrorKind::Filesystem)
-            .await?;
-    }
-
-    let secret_store = cfg.secret_store().await?;
-    tracing::info!("Opened Postgres");
-
-    crate::ssh::sync_keys_from_db(&secret_store, "/home/start9/.ssh/authorized_keys").await?;
-    tracing::info!("Synced SSH Keys");
-
-    let account = AccountInfo::load(&secret_store).await?;
-    let db = cfg.db(&account).await?;
-    tracing::info!("Opened PatchDB");
-    let mut handle = db.handle();
-    crate::db::DatabaseModel::new()
-        .server_info()
-        .lock(&mut handle, LockType::Write)
-        .await?;
-    let receipts = InitReceipts::new(&mut handle).await?;
-
-    // write to ca cert store
-    tokio::fs::write(
-        "/usr/local/share/ca-certificates/embassy-root-ca.crt",
-        account.root_ca_cert.to_pem()?,
-    )
-    .await?;
-    Command::new("update-ca-certificates")
-        .invoke(crate::ErrorKind::OpenSsl)
-        .await?;
-
-    if let Some(wifi_interface) = &cfg.wifi_interface {
-        crate::net::wifi::synchronize_wpa_supplicant_conf(
-            &cfg.datadir().join("main"),
-            wifi_interface,
-            &receipts.last_wifi_region.get(&mut handle).await?,
-        )
-        .await?;
-        tracing::info!("Synchronized WiFi");
-    }
-
-    let should_rebuild = tokio::fs::metadata(SYSTEM_REBUILD_PATH).await.is_ok()
-        || &*receipts.server_version.get(&mut handle).await? < &emver::Version::new(0, 3, 2, 0)
-        || (*ARCH == "x86_64"
-            && &*receipts.server_version.get(&mut handle).await?
-                < &emver::Version::new(0, 3, 4, 0));
-
-    let song = if should_rebuild {
-        Some(NonDetachingJoinHandle::from(tokio::spawn(async {
-            loop {
-                BEP.play().await.unwrap();
-                BEP.play().await.unwrap();
-                tokio::time::sleep(Duration::from_secs(60)).await;
-            }
-        })))
-    } else {
-        None
-    };
-
-    let log_dir = cfg.datadir().join("main/logs");
-    if tokio::fs::metadata(&log_dir).await.is_err() {
-        tokio::fs::create_dir_all(&log_dir).await?;
-    }
-    let current_machine_id = tokio::fs::read_to_string("/etc/machine-id").await?;
-    let mut machine_ids = tokio::fs::read_dir(&log_dir).await?;
-    while let Some(machine_id) = machine_ids.next_entry().await? {
-        if machine_id.file_name().to_string_lossy().trim() != current_machine_id.trim() {
-            tokio::fs::remove_dir_all(machine_id.path()).await?;
-        }
-    }
-    crate::disk::mount::util::bind(&log_dir, "/var/log/journal", false).await?;
-    Command::new("systemctl")
-        .arg("restart")
-        .arg("systemd-journald")
-        .invoke(crate::ErrorKind::Journald)
-        .await?;
-    tracing::info!("Mounted Logs");
-
-    let tmp_dir = cfg.datadir().join("package-data/tmp");
-    if tokio::fs::metadata(&tmp_dir).await.is_err() {
-        tokio::fs::create_dir_all(&tmp_dir).await?;
-    }
-    let tmp_docker = cfg.datadir().join("package-data/tmp/docker");
-    let tmp_docker_exists = tokio::fs::metadata(&tmp_docker).await.is_ok();
-    if should_rebuild && tmp_docker_exists {
-        tokio::fs::remove_dir_all(&tmp_docker).await?;
-    }
-    Command::new("systemctl")
-        .arg("stop")
-        .arg("docker")
-        .invoke(crate::ErrorKind::Docker)
-        .await?;
-    crate::disk::mount::util::bind(&tmp_docker, "/var/lib/docker", false).await?;
-    Command::new("systemctl")
-        .arg("reset-failed")
-        .arg("docker")
-        .invoke(crate::ErrorKind::Docker)
-        .await?;
-    Command::new("systemctl")
-        .arg("start")
-        .arg("docker")
-        .invoke(crate::ErrorKind::Docker)
-        .await?;
-    tracing::info!("Mounted Docker Data");
-
-    if should_rebuild || !tmp_docker_exists {
-        tracing::info!("Creating Docker Network");
-        bollard::Docker::connect_with_unix_defaults()?
-            .create_network(bollard::network::CreateNetworkOptions {
-                name: "start9",
-                driver: "bridge",
-                ipam: bollard::models::Ipam {
-                    config: Some(vec![bollard::models::IpamConfig {
-                        subnet: Some("172.18.0.1/24".into()),
-                        ..Default::default()
-                    }]),
-                    ..Default::default()
-                },
-                options: {
-                    let mut m = HashMap::new();
-                    m.insert("com.docker.network.bridge.name", "br-start9");
-                    m
-                },
-                ..Default::default()
-            })
-            .await?;
-        tracing::info!("Created Docker Network");
-
-        tracing::info!("Loading System Docker Images");
-        crate::install::load_images("/usr/lib/embassy/system-images").await?;
-        tracing::info!("Loaded System Docker Images");
-
-        tracing::info!("Loading Package Docker Images");
-        crate::install::load_images(cfg.datadir().join(PKG_ARCHIVE_DIR)).await?;
-        tracing::info!("Loaded Package Docker Images");
-    }
-
-    tracing::info!("Enabling Docker QEMU Emulation");
-    Command::new("docker")
-        .arg("run")
-        .arg("--privileged")
-        .arg("--rm")
-        .arg("start9/x_system/binfmt")
-        .arg("--install")
-        .arg("all")
-        .invoke(crate::ErrorKind::Docker)
-        .await?;
-    tracing::info!("Enabled Docker QEMU Emulation");
-
-    let mut warn_time_not_synced = true;
-    for _ in 0..60 {
-        if check_time_is_synchronized().await? {
-            warn_time_not_synced = false;
-            break;
-        }
-        tokio::time::sleep(Duration::from_secs(1)).await;
-    }
-    if warn_time_not_synced {
-        tracing::warn!("Timed out waiting for system time to synchronize");
-    } else {
-        tracing::info!("Syncronized system clock");
-    }
-
-    Command::new("systemctl")
-        .arg("start")
-        .arg("tor")
-        .invoke(crate::ErrorKind::Tor)
-        .await?;
-
-    receipts
-        .ip_info
-        .set(&mut handle, crate::net::dhcp::init_ips().await?)
-        .await?;
-    receipts
-        .status_info
-        .set(
-            &mut handle,
-            ServerStatus {
-                updated: false,
-                update_progress: None,
-                backup_progress: None,
-            },
-        )
-        .await?;
-
-    receipts
-        .system_start_time
-        .set(&mut handle, time().await?)
-        .await?;
-
-    crate::version::init(&mut handle, &secret_store, &receipts).await?;
-
-    if should_rebuild {
-        match tokio::fs::remove_file(SYSTEM_REBUILD_PATH).await {
-            Ok(()) => Ok(()),
-            Err(e) if e.kind() == std::io::ErrorKind::NotFound => Ok(()),
-            Err(e) => Err(e),
-        }?;
-    }
-
-    drop(song);
-
-    tracing::info!("System initialized.");
-
-    Ok(InitResult { secret_store, db })
-}

backend/src/install/cleanup.rs

@@ -1,456 +0,0 @@
-use std::collections::HashMap;
-use std::path::PathBuf;
-use std::sync::Arc;
-
-use bollard::image::{ListImagesOptions, RemoveImageOptions};
-use patch_db::{DbHandle, LockReceipt, LockTargetId, LockType, PatchDbHandle, Verifier};
-use sqlx::{Executor, Postgres};
-use tracing::instrument;
-
-use super::PKG_ARCHIVE_DIR;
-use crate::config::{not_found, ConfigReceipts};
-use crate::context::RpcContext;
-use crate::db::model::{
-    AllPackageData, CurrentDependencies, CurrentDependents, InstalledPackageDataEntry,
-    PackageDataEntry,
-};
-use crate::dependencies::{
-    reconfigure_dependents_with_live_pointers, DependencyErrors, TryHealReceipts,
-};
-use crate::error::ErrorCollection;
-use crate::s9pk::manifest::{Manifest, PackageId};
-use crate::util::{Apply, Version};
-use crate::volume::{asset_dir, script_dir};
-use crate::Error;
-
-pub struct UpdateDependencyReceipts {
-    try_heal: TryHealReceipts,
-    dependency_errors: LockReceipt<DependencyErrors, String>,
-    manifest: LockReceipt<Manifest, String>,
-}
-impl UpdateDependencyReceipts {
-    pub async fn new<'a>(db: &'a mut impl DbHandle) -> Result<Self, Error> {
-        let mut locks = Vec::new();
-
-        let setup = Self::setup(&mut locks);
-        Ok(setup(&db.lock_all(locks).await?)?)
-    }
-
-    pub fn setup(locks: &mut Vec<LockTargetId>) -> impl FnOnce(&Verifier) -> Result<Self, Error> {
-        let dependency_errors = crate::db::DatabaseModel::new()
-            .package_data()
-            .star()
-            .installed()
-            .map(|x| x.status().dependency_errors())
-            .make_locker(LockType::Write)
-            .add_to_keys(locks);
-        let manifest = crate::db::DatabaseModel::new()
-            .package_data()
-            .star()
-            .installed()
-            .map(|x| x.manifest())
-            .make_locker(LockType::Write)
-            .add_to_keys(locks);
-        let try_heal = TryHealReceipts::setup(locks);
-        move |skeleton_key| {
-            Ok(Self {
-                dependency_errors: dependency_errors.verify(skeleton_key)?,
-                manifest: manifest.verify(skeleton_key)?,
-                try_heal: try_heal(skeleton_key)?,
-            })
-        }
-    }
-}
-
-#[instrument(skip(ctx, db, deps, receipts))]
-pub async fn update_dependency_errors_of_dependents<'a, Db: DbHandle>(
-    ctx: &RpcContext,
-    db: &mut Db,
-    id: &PackageId,
-    deps: &CurrentDependents,
-    receipts: &UpdateDependencyReceipts,
-) -> Result<(), Error> {
-    for dep in deps.0.keys() {
-        if let Some(man) = receipts.manifest.get(db, dep).await? {
-            if let Err(e) = if let Some(info) = man.dependencies.0.get(id) {
-                info.satisfied(ctx, db, id, None, dep, &receipts.try_heal)
-                    .await?
-            } else {
-                Ok(())
-            } {
-                let mut errs = receipts
-                    .dependency_errors
-                    .get(db, dep)
-                    .await?
-                    .ok_or_else(not_found)?;
-                errs.0.insert(id.clone(), e);
-                receipts.dependency_errors.set(db, errs, dep).await?
-            } else {
-                let mut errs = receipts
-                    .dependency_errors
-                    .get(db, dep)
-                    .await?
-                    .ok_or_else(not_found)?;
-                errs.0.remove(id);
-                receipts.dependency_errors.set(db, errs, dep).await?
-            }
-        }
-    }
-    Ok(())
-}
-
-#[instrument(skip(ctx))]
-pub async fn cleanup(ctx: &RpcContext, id: &PackageId, version: &Version) -> Result<(), Error> {
-    let mut errors = ErrorCollection::new();
-    ctx.managers.remove(&(id.clone(), version.clone())).await;
-    // docker images start9/$APP_ID/*:$VERSION -q | xargs docker rmi
-    let images = ctx
-        .docker
-        .list_images(Some(ListImagesOptions {
-            all: false,
-            filters: {
-                let mut f = HashMap::new();
-                f.insert(
-                    "reference".to_owned(),
-                    vec![format!("start9/{}/*:{}", id, version)],
-                );
-                f
-            },
-            digests: false,
-        }))
-        .await
-        .apply(|res| errors.handle(res));
-    errors.extend(
-        futures::future::join_all(
-            images
-                .into_iter()
-                .flatten()
-                .flat_map(|image| image.repo_tags)
-                .filter(|tag| {
-                    tag.starts_with(&format!("start9/{}/", id))
-                        && tag.ends_with(&format!(":{}", version))
-                })
-                .map(|tag| async {
-                    let tag = tag; // move into future
-                    ctx.docker
-                        .remove_image(
-                            &tag,
-                            Some(RemoveImageOptions {
-                                force: true,
-                                noprune: false,
-                            }),
-                            None,
-                        )
-                        .await
-                }),
-        )
-        .await,
-    );
-    let pkg_archive_dir = ctx
-        .datadir
-        .join(PKG_ARCHIVE_DIR)
-        .join(id)
-        .join(version.as_str());
-    if tokio::fs::metadata(&pkg_archive_dir).await.is_ok() {
-        tokio::fs::remove_dir_all(&pkg_archive_dir)
-            .await
-            .apply(|res| errors.handle(res));
-    }
-    let assets_path = asset_dir(&ctx.datadir, id, version);
-    if tokio::fs::metadata(&assets_path).await.is_ok() {
-        tokio::fs::remove_dir_all(&assets_path)
-            .await
-            .apply(|res| errors.handle(res));
-    }
-    let scripts_path = script_dir(&ctx.datadir, id, version);
-    if tokio::fs::metadata(&scripts_path).await.is_ok() {
-        tokio::fs::remove_dir_all(&scripts_path)
-            .await
-            .apply(|res| errors.handle(res));
-    }
-
-    errors.into_result()
-}
-
-pub struct CleanupFailedReceipts {
-    package_data_entry: LockReceipt<PackageDataEntry, String>,
-    package_entries: LockReceipt<AllPackageData, ()>,
-}
-
-impl CleanupFailedReceipts {
-    pub async fn new<'a>(db: &'a mut impl DbHandle) -> Result<Self, Error> {
-        let mut locks = Vec::new();
-
-        let setup = Self::setup(&mut locks);
-        Ok(setup(&db.lock_all(locks).await?)?)
-    }
-
-    pub fn setup(locks: &mut Vec<LockTargetId>) -> impl FnOnce(&Verifier) -> Result<Self, Error> {
-        let package_data_entry = crate::db::DatabaseModel::new()
-            .package_data()
-            .star()
-            .make_locker(LockType::Write)
-            .add_to_keys(locks);
-        let package_entries = crate::db::DatabaseModel::new()
-            .package_data()
-            .make_locker(LockType::Write)
-            .add_to_keys(locks);
-        move |skeleton_key| {
-            Ok(Self {
-                package_data_entry: package_data_entry.verify(skeleton_key).unwrap(),
-                package_entries: package_entries.verify(skeleton_key).unwrap(),
-            })
-        }
-    }
-}
-
-#[instrument(skip(ctx, db, receipts))]
-pub async fn cleanup_failed<Db: DbHandle>(
-    ctx: &RpcContext,
-    db: &mut Db,
-    id: &PackageId,
-    receipts: &CleanupFailedReceipts,
-) -> Result<(), Error> {
-    let pde = receipts
-        .package_data_entry
-        .get(db, id)
-        .await?
-        .ok_or_else(not_found)?;
-    if let Some(manifest) = match &pde {
-        PackageDataEntry::Installing { manifest, .. }
-        | PackageDataEntry::Restoring { manifest, .. } => Some(manifest),
-        PackageDataEntry::Updating {
-            manifest,
-            installed:
-                InstalledPackageDataEntry {
-                    manifest: installed_manifest,
-                    ..
-                },
-            ..
-        } => {
-            if &manifest.version != &installed_manifest.version {
-                Some(manifest)
-            } else {
-                None
-            }
-        }
-        _ => {
-            tracing::warn!("{}: Nothing to clean up!", id);
-            None
-        }
-    } {
-        cleanup(ctx, id, &manifest.version).await?;
-    }
-
-    match pde {
-        PackageDataEntry::Installing { .. } | PackageDataEntry::Restoring { .. } => {
-            let mut entries = receipts.package_entries.get(db).await?;
-            entries.0.remove(id);
-            receipts.package_entries.set(db, entries).await?;
-        }
-        PackageDataEntry::Updating {
-            installed,
-            static_files,
-            ..
-        } => {
-            receipts
-                .package_data_entry
-                .set(
-                    db,
-                    PackageDataEntry::Installed {
-                        manifest: installed.manifest.clone(),
-                        installed,
-                        static_files,
-                    },
-                    id,
-                )
-                .await?;
-        }
-        _ => (),
-    }
-
-    Ok(())
-}
-
-#[instrument(skip(db, current_dependencies, current_dependent_receipt))]
-pub async fn remove_from_current_dependents_lists<'a, Db: DbHandle>(
-    db: &mut Db,
-    id: &'a PackageId,
-    current_dependencies: &'a CurrentDependencies,
-    current_dependent_receipt: &LockReceipt<CurrentDependents, String>,
-) -> Result<(), Error> {
-    for dep in current_dependencies.0.keys().chain(std::iter::once(id)) {
-        if let Some(mut current_dependents) = current_dependent_receipt.get(db, dep).await? {
-            if current_dependents.0.remove(id).is_some() {
-                current_dependent_receipt
-                    .set(db, current_dependents, dep)
-                    .await?;
-            }
-        }
-    }
-    Ok(())
-}
-pub struct UninstallReceipts {
-    config: ConfigReceipts,
-    removing: LockReceipt<InstalledPackageDataEntry, ()>,
-    packages: LockReceipt<AllPackageData, ()>,
-    current_dependents: LockReceipt<CurrentDependents, String>,
-    update_depenency_receipts: UpdateDependencyReceipts,
-}
-impl UninstallReceipts {
-    pub async fn new<'a>(db: &'a mut impl DbHandle, id: &PackageId) -> Result<Self, Error> {
-        let mut locks = Vec::new();
-
-        let setup = Self::setup(&mut locks, id);
-        Ok(setup(&db.lock_all(locks).await?)?)
-    }
-
-    pub fn setup(
-        locks: &mut Vec<LockTargetId>,
-        id: &PackageId,
-    ) -> impl FnOnce(&Verifier) -> Result<Self, Error> {
-        let config = ConfigReceipts::setup(locks);
-        let removing = crate::db::DatabaseModel::new()
-            .package_data()
-            .idx_model(id)
-            .and_then(|pde| pde.removing())
-            .make_locker(LockType::Write)
-            .add_to_keys(locks);
-
-        let current_dependents = crate::db::DatabaseModel::new()
-            .package_data()
-            .star()
-            .installed()
-            .map(|x| x.current_dependents())
-            .make_locker(LockType::Write)
-            .add_to_keys(locks);
-        let packages = crate::db::DatabaseModel::new()
-            .package_data()
-            .make_locker(LockType::Write)
-            .add_to_keys(locks);
-        let update_depenency_receipts = UpdateDependencyReceipts::setup(locks);
-        move |skeleton_key| {
-            Ok(Self {
-                config: config(skeleton_key)?,
-                removing: removing.verify(skeleton_key)?,
-                current_dependents: current_dependents.verify(skeleton_key)?,
-                update_depenency_receipts: update_depenency_receipts(skeleton_key)?,
-                packages: packages.verify(skeleton_key)?,
-            })
-        }
-    }
-}
-#[instrument(skip(ctx, secrets, db))]
-pub async fn uninstall<Ex>(
-    ctx: &RpcContext,
-    db: &mut PatchDbHandle,
-    secrets: &mut Ex,
-    id: &PackageId,
-) -> Result<(), Error>
-where
-    for<'a> &'a mut Ex: Executor<'a, Database = Postgres>,
-{
-    let mut tx = db.begin().await?;
-    crate::db::DatabaseModel::new()
-        .package_data()
-        .idx_model(&id)
-        .lock(&mut tx, LockType::Write)
-        .await?;
-    let receipts = UninstallReceipts::new(&mut tx, id).await?;
-    let entry = receipts.removing.get(&mut tx).await?;
-    cleanup(ctx, &entry.manifest.id, &entry.manifest.version).await?;
-
-    let packages = {
-        let mut packages = receipts.packages.get(&mut tx).await?;
-        packages.0.remove(id);
-        packages
-    };
-    let dependents_paths: Vec<PathBuf> = entry
-        .current_dependents
-        .0
-        .keys()
-        .flat_map(|x| packages.0.get(x))
-        .flat_map(|x| x.manifest_borrow().volumes.values())
-        .flat_map(|x| x.pointer_path(&ctx.datadir))
-        .collect();
-    receipts.packages.set(&mut tx, packages).await?;
-    // once we have removed the package entry, we can change all the dependent pointers to null
-    reconfigure_dependents_with_live_pointers(ctx, &mut tx, &receipts.config, &entry).await?;
-
-    remove_from_current_dependents_lists(
-        &mut tx,
-        &entry.manifest.id,
-        &entry.current_dependencies,
-        &receipts.current_dependents,
-    )
-    .await?;
-    update_dependency_errors_of_dependents(
-        ctx,
-        &mut tx,
-        &entry.manifest.id,
-        &entry.current_dependents,
-        &receipts.update_depenency_receipts,
-    )
-    .await?;
-    let volumes = ctx
-        .datadir
-        .join(crate::volume::PKG_VOLUME_DIR)
-        .join(&entry.manifest.id);
-
-    tracing::debug!("Cleaning up {:?} at {:?}", volumes, dependents_paths);
-    cleanup_folder(volumes, Arc::new(dependents_paths)).await;
-    remove_tor_keys(secrets, &entry.manifest.id).await?;
-    tx.commit().await?;
-    Ok(())
-}
-
-#[instrument(skip(secrets))]
-pub async fn remove_tor_keys<Ex>(secrets: &mut Ex, id: &PackageId) -> Result<(), Error>
-where
-    for<'a> &'a mut Ex: Executor<'a, Database = Postgres>,
-{
-    let id_str = id.as_str();
-    sqlx::query!("DELETE FROM tor WHERE package = $1", id_str)
-        .execute(secrets)
-        .await?;
-    Ok(())
-}
-
-/// Needed to remove, without removing the folders that are mounted in the other docker containers
-pub fn cleanup_folder(
-    path: PathBuf,
-    dependents_volumes: Arc<Vec<PathBuf>>,
-) -> futures::future::BoxFuture<'static, ()> {
-    Box::pin(async move {
-        let meta_data = match tokio::fs::metadata(&path).await {
-            Ok(a) => a,
-            Err(_e) => {
-                return;
-            }
-        };
-        if !meta_data.is_dir() {
-            tracing::error!("is_not dir, remove {:?}", path);
-            let _ = tokio::fs::remove_file(&path).await;
-            return;
-        }
-        if !dependents_volumes
-            .iter()
-            .any(|v| v.starts_with(&path) || v == &path)
-        {
-            tracing::error!("No parents, remove {:?}", path);
-            let _ = tokio::fs::remove_dir_all(&path).await;
-            return;
-        }
-        let mut read_dir = match tokio::fs::read_dir(&path).await {
-            Ok(a) => a,
-            Err(_e) => {
-                return;
-            }
-        };
-        tracing::error!("Parents, recurse {:?}", path);
-        while let Some(entry) = read_dir.next_entry().await.ok().flatten() {
-            let entry_path = entry.path();
-            cleanup_folder(entry_path, dependents_volumes.clone()).await;
-        }
-    })
-}

backend/src/install/update.rs

@@ -1,105 +0,0 @@
-use std::collections::BTreeMap;
-
-use patch_db::{DbHandle, LockReceipt, LockTargetId, LockType, Verifier};
-use rpc_toolkit::command;
-use tracing::instrument;
-
-use crate::config::not_found;
-use crate::context::RpcContext;
-use crate::db::model::CurrentDependents;
-use crate::dependencies::{
-    break_transitive, BreakTransitiveReceipts, BreakageRes, DependencyError,
-};
-use crate::s9pk::manifest::PackageId;
-use crate::util::serde::display_serializable;
-use crate::util::Version;
-use crate::Error;
-
-pub struct UpdateReceipts {
-    break_receipts: BreakTransitiveReceipts,
-    current_dependents: LockReceipt<CurrentDependents, String>,
-    dependency: LockReceipt<crate::dependencies::DepInfo, (String, String)>,
-}
-
-impl UpdateReceipts {
-    pub async fn new<'a>(db: &'a mut impl DbHandle) -> Result<Self, Error> {
-        let mut locks = Vec::new();
-
-        let setup = Self::setup(&mut locks);
-        Ok(setup(&db.lock_all(locks).await?)?)
-    }
-
-    pub fn setup(locks: &mut Vec<LockTargetId>) -> impl FnOnce(&Verifier) -> Result<Self, Error> {
-        let break_receipts = BreakTransitiveReceipts::setup(locks);
-        let current_dependents = crate::db::DatabaseModel::new()
-            .package_data()
-            .star()
-            .installed()
-            .map(|x| x.current_dependents())
-            .make_locker(LockType::Write)
-            .add_to_keys(locks);
-        let dependency = crate::db::DatabaseModel::new()
-            .package_data()
-            .star()
-            .installed()
-            .map(|x| x.manifest().dependencies().star())
-            .make_locker(LockType::Write)
-            .add_to_keys(locks);
-        move |skeleton_key| {
-            Ok(Self {
-                break_receipts: break_receipts(skeleton_key)?,
-                current_dependents: current_dependents.verify(skeleton_key)?,
-                dependency: dependency.verify(skeleton_key)?,
-            })
-        }
-    }
-}
-
-#[command(subcommands(dry))]
-pub async fn update() -> Result<(), Error> {
-    Ok(())
-}
-
-#[instrument(skip(ctx))]
-#[command(display(display_serializable))]
-pub async fn dry(
-    #[context] ctx: RpcContext,
-    #[arg] id: PackageId,
-    #[arg] version: Version,
-) -> Result<BreakageRes, Error> {
-    let mut db = ctx.db.handle();
-    let mut tx = db.begin().await?;
-    let mut breakages = BTreeMap::new();
-    let receipts = UpdateReceipts::new(&mut tx).await?;
-
-    for dependent in receipts
-        .current_dependents
-        .get(&mut tx, &id)
-        .await?
-        .ok_or_else(not_found)?
-        .0
-        .keys()
-        .into_iter()
-        .filter(|dependent| &&id != dependent)
-    {
-        if let Some(dep_info) = receipts.dependency.get(&mut tx, (&dependent, &id)).await? {
-            let version_req = dep_info.version;
-            if !version.satisfies(&version_req) {
-                break_transitive(
-                    &mut tx,
-                    &dependent,
-                    &id,
-                    DependencyError::IncorrectVersion {
-                        expected: version_req,
-                        received: version.clone(),
-                    },
-                    &mut breakages,
-                    &receipts.break_receipts,
-                )
-                .await?;
-            }
-        }
-    }
-    tx.abort().await?;
-    Ok(BreakageRes(breakages))
-}

backend/src/manager/health.rs

@@ -1,186 +0,0 @@
-use std::collections::BTreeMap;
-use std::sync::atomic::{AtomicBool, Ordering};
-
-use patch_db::{DbHandle, LockReceipt, LockType};
-use tracing::instrument;
-
-use crate::context::RpcContext;
-use crate::db::model::CurrentDependents;
-use crate::dependencies::{break_transitive, heal_transitive, DependencyError};
-use crate::s9pk::manifest::{Manifest, PackageId};
-use crate::status::health_check::{HealthCheckId, HealthCheckResult};
-use crate::status::MainStatus;
-use crate::Error;
-
-struct HealthCheckPreInformationReceipt {
-    status_model: LockReceipt<MainStatus, ()>,
-    manifest: LockReceipt<Manifest, ()>,
-}
-impl HealthCheckPreInformationReceipt {
-    pub async fn new(db: &'_ mut impl DbHandle, id: &PackageId) -> Result<Self, Error> {
-        let mut locks = Vec::new();
-
-        let setup = Self::setup(&mut locks, id);
-        setup(&db.lock_all(locks).await?)
-    }
-
-    pub fn setup(
-        locks: &mut Vec<patch_db::LockTargetId>,
-        id: &PackageId,
-    ) -> impl FnOnce(&patch_db::Verifier) -> Result<Self, Error> {
-        let status_model = crate::db::DatabaseModel::new()
-            .package_data()
-            .idx_model(id)
-            .and_then(|x| x.installed())
-            .map(|x| x.status().main())
-            .make_locker(LockType::Read)
-            .add_to_keys(locks);
-        let manifest = crate::db::DatabaseModel::new()
-            .package_data()
-            .idx_model(id)
-            .and_then(|x| x.installed())
-            .map(|x| x.manifest())
-            .make_locker(LockType::Read)
-            .add_to_keys(locks);
-        move |skeleton_key| {
-            Ok(Self {
-                status_model: status_model.verify(skeleton_key)?,
-                manifest: manifest.verify(skeleton_key)?,
-            })
-        }
-    }
-}
-
-struct HealthCheckStatusReceipt {
-    status: LockReceipt<MainStatus, ()>,
-    current_dependents: LockReceipt<CurrentDependents, ()>,
-}
-impl HealthCheckStatusReceipt {
-    pub async fn new(db: &'_ mut impl DbHandle, id: &PackageId) -> Result<Self, Error> {
-        let mut locks = Vec::new();
-
-        let setup = Self::setup(&mut locks, id);
-        setup(&db.lock_all(locks).await?)
-    }
-
-    pub fn setup(
-        locks: &mut Vec<patch_db::LockTargetId>,
-        id: &PackageId,
-    ) -> impl FnOnce(&patch_db::Verifier) -> Result<Self, Error> {
-        let status = crate::db::DatabaseModel::new()
-            .package_data()
-            .idx_model(id)
-            .and_then(|x| x.installed())
-            .map(|x| x.status().main())
-            .make_locker(LockType::Write)
-            .add_to_keys(locks);
-        let current_dependents = crate::db::DatabaseModel::new()
-            .package_data()
-            .idx_model(id)
-            .and_then(|x| x.installed())
-            .map(|x| x.current_dependents())
-            .make_locker(LockType::Read)
-            .add_to_keys(locks);
-        move |skeleton_key| {
-            Ok(Self {
-                status: status.verify(skeleton_key)?,
-                current_dependents: current_dependents.verify(skeleton_key)?,
-            })
-        }
-    }
-}
-
-#[instrument(skip(ctx, db))]
-pub async fn check<Db: DbHandle>(
-    ctx: &RpcContext,
-    db: &mut Db,
-    id: &PackageId,
-    should_commit: &AtomicBool,
-) -> Result<(), Error> {
-    let mut tx = db.begin().await?;
-    let (manifest, started) = {
-        let mut checkpoint = tx.begin().await?;
-        let receipts = HealthCheckPreInformationReceipt::new(&mut checkpoint, id).await?;
-
-        let manifest = receipts.manifest.get(&mut checkpoint).await?;
-
-        let started = receipts.status_model.get(&mut checkpoint).await?.started();
-
-        checkpoint.save().await?;
-        (manifest, started)
-    };
-
-    let health_results = if let Some(started) = started {
-        manifest
-            .health_checks
-            .check_all(
-                ctx,
-                &manifest.containers,
-                started,
-                id,
-                &manifest.version,
-                &manifest.volumes,
-            )
-            .await?
-    } else {
-        return Ok(());
-    };
-
-    if !should_commit.load(Ordering::SeqCst) {
-        return Ok(());
-    }
-    let current_dependents = {
-        let mut checkpoint = tx.begin().await?;
-        let receipts = HealthCheckStatusReceipt::new(&mut checkpoint, id).await?;
-
-        let status = receipts.status.get(&mut checkpoint).await?;
-
-        if let MainStatus::Running { health: _, started } = status {
-            receipts
-                .status
-                .set(
-                    &mut checkpoint,
-                    MainStatus::Running {
-                        health: health_results.clone(),
-                        started,
-                    },
-                )
-                .await?;
-        }
-        let current_dependents = receipts.current_dependents.get(&mut checkpoint).await?;
-
-        checkpoint.save().await?;
-        current_dependents
-    };
-
-    tracing::debug!("Checking health of {}", id);
-    let receipts = crate::dependencies::BreakTransitiveReceipts::new(&mut tx).await?;
-    tracing::debug!("Got receipts {}", id);
-
-    for (dependent, info) in (current_dependents).0.iter() {
-        let failures: BTreeMap<HealthCheckId, HealthCheckResult> = health_results
-            .iter()
-            .filter(|(_, hc_res)| !matches!(hc_res, HealthCheckResult::Success { .. }))
-            .filter(|(hc_id, _)| info.health_checks.contains(hc_id))
-            .map(|(k, v)| (k.clone(), v.clone()))
-            .collect();
-
-        if !failures.is_empty() {
-            break_transitive(
-                &mut tx,
-                &dependent,
-                id,
-                DependencyError::HealthChecksFailed { failures },
-                &mut BTreeMap::new(),
-                &receipts,
-            )
-            .await?;
-        } else {
-            heal_transitive(ctx, &mut tx, &dependent, id, &receipts.dependency_receipt).await?;
-        }
-    }
-
-    tx.save().await?;
-
-    Ok(())
-}

backend/src/manager/mod.rs

@@ -1,861 +0,0 @@
-use std::collections::BTreeMap;
-use std::future::Future;
-use std::net::Ipv4Addr;
-use std::sync::atomic::{AtomicBool, AtomicU32, Ordering};
-use std::sync::Arc;
-use std::task::Poll;
-use std::time::Duration;
-
-use bollard::container::{KillContainerOptions, StopContainerOptions};
-use color_eyre::eyre::eyre;
-use embassy_container_init::{ProcessGroupId, SignalGroupParams};
-use helpers::UnixRpcClient;
-use nix::sys::signal::Signal;
-use patch_db::DbHandle;
-use sqlx::{Connection, Executor, Postgres};
-use tokio::sync::watch::error::RecvError;
-use tokio::sync::watch::{channel, Receiver, Sender};
-use tokio::sync::{oneshot, Notify, RwLock};
-use tracing::instrument;
-
-use crate::context::RpcContext;
-use crate::manager::sync::synchronizer;
-use crate::net::net_controller::NetService;
-use crate::procedure::docker::{DockerContainer, DockerProcedure, LongRunning};
-#[cfg(feature = "js_engine")]
-use crate::procedure::js_scripts::JsProcedure;
-use crate::procedure::{NoOutput, PackageProcedure, ProcedureName};
-use crate::s9pk::manifest::{Manifest, PackageId};
-use crate::util::{ApplyRef, Container, NonDetachingJoinHandle, Version};
-use crate::volume::Volume;
-use crate::Error;
-
-pub mod health;
-mod sync;
-
-pub const HEALTH_CHECK_COOLDOWN_SECONDS: u64 = 15;
-pub const HEALTH_CHECK_GRACE_PERIOD_SECONDS: u64 = 5;
-
-#[derive(Default)]
-pub struct ManagerMap(RwLock<BTreeMap<(PackageId, Version), Arc<Manager>>>);
-impl ManagerMap {
-    #[instrument(skip(self, ctx, db, secrets))]
-    pub async fn init<Db: DbHandle, Ex>(
-        &self,
-        ctx: &RpcContext,
-        db: &mut Db,
-        secrets: &mut Ex,
-    ) -> Result<(), Error>
-    where
-        for<'a> &'a mut Ex: Executor<'a, Database = Postgres>,
-    {
-        let mut res = BTreeMap::new();
-        for package in crate::db::DatabaseModel::new()
-            .package_data()
-            .keys(db)
-            .await?
-        {
-            let man: Manifest = if let Some(manifest) = crate::db::DatabaseModel::new()
-                .package_data()
-                .idx_model(&package)
-                .and_then(|pkg| pkg.installed())
-                .map(|m| m.manifest())
-                .get(db)
-                .await?
-                .to_owned()
-            {
-                manifest
-            } else {
-                continue;
-            };
-
-            res.insert(
-                (package, man.version.clone()),
-                Arc::new(Manager::create(ctx.clone(), man).await?),
-            );
-        }
-        *self.0.write().await = res;
-        Ok(())
-    }
-
-    #[instrument(skip(self, ctx))]
-    pub async fn add(&self, ctx: RpcContext, manifest: Manifest) -> Result<(), Error> {
-        let mut lock = self.0.write().await;
-        let id = (manifest.id.clone(), manifest.version.clone());
-        if let Some(man) = lock.remove(&id) {
-            if !man.thread.is_empty().await {
-                man.exit().await?;
-            }
-        }
-        lock.insert(id, Arc::new(Manager::create(ctx, manifest).await?));
-        Ok(())
-    }
-
-    #[instrument(skip(self))]
-    pub async fn remove(&self, id: &(PackageId, Version)) {
-        if let Some(man) = self.0.write().await.remove(id) {
-            if let Err(e) = man.exit().await {
-                tracing::error!("Error shutting down manager: {}", e);
-                tracing::debug!("{:?}", e);
-            }
-        }
-    }
-
-    #[instrument(skip(self))]
-    pub async fn empty(&self) -> Result<(), Error> {
-        let res =
-            futures::future::join_all(std::mem::take(&mut *self.0.write().await).into_iter().map(
-                |((id, version), man)| async move {
-                    tracing::debug!("Manager for {}@{} shutting down", id, version);
-                    man.exit().await?;
-                    tracing::debug!("Manager for {}@{} is shutdown", id, version);
-                    if let Err(e) = Arc::try_unwrap(man) {
-                        tracing::trace!(
-                            "Manager for {}@{} still has {} other open references",
-                            id,
-                            version,
-                            Arc::strong_count(&e) - 1
-                        );
-                    }
-                    Ok::<_, Error>(())
-                },
-            ))
-            .await;
-        res.into_iter().fold(Ok(()), |res, x| match (res, x) {
-            (Ok(()), x) => x,
-            (Err(e), Ok(())) => Err(e),
-            (Err(e1), Err(e2)) => Err(Error::new(eyre!("{}, {}", e1.source, e2.source), e1.kind)),
-        })
-    }
-
-    #[instrument(skip(self))]
-    pub async fn get(&self, id: &(PackageId, Version)) -> Option<Arc<Manager>> {
-        self.0.read().await.get(id).cloned()
-    }
-}
-
-pub struct Manager {
-    shared: Arc<ManagerSharedState>,
-    thread: Container<NonDetachingJoinHandle<()>>,
-}
-
-#[derive(Debug, Clone, Copy, PartialEq, Eq, PartialOrd, Ord, Hash)]
-pub enum Status {
-    Starting,
-    Running,
-    Stopped,
-    Paused,
-    Shutdown,
-}
-
-struct ManagerSeed {
-    ctx: RpcContext,
-    manifest: Manifest,
-    container_name: String,
-}
-
-pub struct ManagerSharedState {
-    seed: Arc<ManagerSeed>,
-    persistent_container: Option<PersistentContainer>,
-    status: (Sender<Status>, Receiver<Status>),
-    killer: Notify,
-    on_stop: Sender<OnStop>,
-    synchronized: Notify,
-    synchronize_now: Notify,
-    commit_health_check_results: AtomicBool,
-    next_gid: AtomicU32,
-    main_gid: (Sender<ProcessGroupId>, Receiver<ProcessGroupId>),
-}
-
-#[derive(Debug, Clone, Copy)]
-pub enum OnStop {
-    Restart,
-    Sleep,
-    Exit,
-}
-
-#[instrument(skip(state))]
-async fn run_main(
-    state: &Arc<ManagerSharedState>,
-) -> Result<Result<NoOutput, (i32, String)>, Error> {
-    let rt_state = state.clone();
-
-    let mut runtime = NonDetachingJoinHandle::from(tokio::spawn(start_up_image(rt_state)));
-    let ip = match state.persistent_container.is_some() {
-        false => Some(match get_running_ip(state, &mut runtime).await {
-            GetRunningIp::Ip(x) => x,
-            GetRunningIp::Error(e) => return Err(e),
-            GetRunningIp::EarlyExit(x) => return Ok(x),
-        }),
-        true => None,
-    };
-
-    let svc = if let Some(ip) = ip {
-        Some(add_network_for_main(&*state.seed, ip).await?)
-    } else {
-        None
-    };
-
-    set_commit_health_true(state);
-    let health = main_health_check_daemon(state.clone());
-    fetch_starting_to_running(state);
-    let res = tokio::select! {
-        a = runtime => a.map_err(|_| Error::new(eyre!("Manager runtime panicked!"), crate::ErrorKind::Docker)).and_then(|a| a),
-        _ = health => Err(Error::new(eyre!("Health check daemon exited!"), crate::ErrorKind::Unknown)),
-        _ = state.killer.notified() => Ok(Err((137, "Killed".to_string())))
-    };
-    if let Some(svc) = svc {
-        remove_network_for_main(svc).await?;
-    }
-    res
-}
-
-/// We want to start up the manifest, but in this case we want to know that we have generated the certificates.
-/// Note for _generated_certificate: Needed to know that before we start the state we have generated the certificate
-async fn start_up_image(
-    rt_state: Arc<ManagerSharedState>,
-) -> Result<Result<NoOutput, (i32, String)>, Error> {
-    rt_state
-        .seed
-        .manifest
-        .main
-        .execute::<(), NoOutput>(
-            &rt_state.seed.ctx,
-            &rt_state.seed.manifest.id,
-            &rt_state.seed.manifest.version,
-            ProcedureName::Main,
-            &rt_state.seed.manifest.volumes,
-            None,
-            None,
-        )
-        .await
-}
-
-impl Manager {
-    #[instrument(skip(ctx))]
-    async fn create(ctx: RpcContext, manifest: Manifest) -> Result<Self, Error> {
-        let (on_stop, recv) = channel(OnStop::Sleep);
-        let seed = Arc::new(ManagerSeed {
-            ctx,
-            container_name: DockerProcedure::container_name(&manifest.id, None),
-            manifest,
-        });
-        let persistent_container = PersistentContainer::init(&seed).await?;
-        let shared = Arc::new(ManagerSharedState {
-            seed,
-            persistent_container,
-            status: channel(Status::Stopped),
-            killer: Notify::new(),
-            on_stop,
-            synchronized: Notify::new(),
-            synchronize_now: Notify::new(),
-            commit_health_check_results: AtomicBool::new(true),
-            next_gid: AtomicU32::new(1),
-            main_gid: channel(ProcessGroupId(0)),
-        });
-        shared.synchronize_now.notify_one();
-        let thread_shared = shared.clone();
-        let thread = NonDetachingJoinHandle::from(tokio::spawn(async move {
-            tokio::select! {
-                _ = manager_thread_loop(recv, &thread_shared) => (),
-                _ = synchronizer(&*thread_shared) => (),
-            }
-        }));
-        Ok(Manager {
-            shared,
-            thread: Container::new(Some(thread)),
-        })
-    }
-
-    pub async fn signal(&self, signal: &Signal) -> Result<(), Error> {
-        send_signal(&self.shared, signal).await
-    }
-
-    #[instrument(skip(self))]
-    async fn exit(&self) -> Result<(), Error> {
-        self.shared
-            .commit_health_check_results
-            .store(false, Ordering::SeqCst);
-        let _ = self.shared.on_stop.send(OnStop::Exit);
-
-        match self
-            .shared
-            .seed
-            .ctx
-            .docker
-            .stop_container(
-                &self.shared.seed.container_name,
-                Some(StopContainerOptions {
-                    t: sigterm_timeout(&self.shared.seed.manifest)
-                        .map(|d| d.as_secs())
-                        .unwrap_or(30) as i64,
-                }),
-            )
-            .await
-        {
-            Err(bollard::errors::Error::DockerResponseServerError {
-                status_code: 404, // NOT FOUND
-                ..
-            })
-            | Err(bollard::errors::Error::DockerResponseServerError {
-                status_code: 409, // CONFLICT
-                ..
-            })
-            | Err(bollard::errors::Error::DockerResponseServerError {
-                status_code: 304, // NOT MODIFIED
-                ..
-            }) => (), // Already stopped
-            a => a?,
-        };
-        self.shared.killer.notify_waiters();
-
-        if let Some(thread) = self.thread.take().await {
-            thread.await.map_err(|e| {
-                Error::new(
-                    eyre!("Manager thread panicked: {}", e),
-                    crate::ErrorKind::Docker,
-                )
-            })?;
-        }
-        Ok(())
-    }
-    /// this will depend on locks to main status. if you hold any locks when calling this function that conflict, this will deadlock
-    pub async fn synchronize(&self) {
-        self.shared.synchronize_now.notify_waiters();
-        self.shared.synchronized.notified().await
-    }
-
-    pub fn new_gid(&self) -> ProcessGroupId {
-        ProcessGroupId(
-            self.shared
-                .next_gid
-                .fetch_add(1, std::sync::atomic::Ordering::SeqCst),
-        )
-    }
-
-    pub fn new_main_gid(&self) -> ProcessGroupId {
-        let gid = self.new_gid();
-        self.shared.main_gid.0.send_modify(|x| *x = gid);
-        gid
-    }
-
-    pub fn rpc_client(&self) -> Option<Arc<UnixRpcClient>> {
-        self.shared
-            .persistent_container
-            .as_ref()
-            .map(|c| c.rpc_client.borrow().clone())
-    }
-}
-
-async fn manager_thread_loop(mut recv: Receiver<OnStop>, thread_shared: &Arc<ManagerSharedState>) {
-    loop {
-        fn handle_stop_action<'a>(
-            recv: &'a mut Receiver<OnStop>,
-        ) -> (
-            OnStop,
-            Option<impl Future<Output = Result<(), RecvError>> + 'a>,
-        ) {
-            let val = *recv.borrow_and_update();
-            match val {
-                OnStop::Sleep => (OnStop::Sleep, Some(recv.changed())),
-                a => (a, None),
-            }
-        }
-        let (stop_action, fut) = handle_stop_action(&mut recv);
-        match stop_action {
-            OnStop::Sleep => {
-                if let Some(fut) = fut {
-                    let _ = thread_shared.status.0.send(Status::Stopped);
-                    fut.await.unwrap();
-                    continue;
-                }
-            }
-            OnStop::Exit => {
-                let _ = thread_shared.status.0.send(Status::Shutdown);
-                break;
-            }
-            OnStop::Restart => {
-                let _ = thread_shared.status.0.send(Status::Running);
-            }
-        }
-        match run_main(thread_shared).await {
-            Ok(Ok(NoOutput)) => (), // restart
-            Ok(Err(e)) => {
-                #[cfg(feature = "unstable")]
-                {
-                    use crate::notifications::NotificationLevel;
-                    use crate::status::MainStatus;
-                    let mut db = thread_shared.seed.ctx.db.handle();
-                    let started = crate::db::DatabaseModel::new()
-                        .package_data()
-                        .idx_model(&thread_shared.seed.manifest.id)
-                        .and_then(|pde| pde.installed())
-                        .map::<_, MainStatus>(|i| i.status().main())
-                        .get(&mut db, false)
-                        .await;
-                    match started.as_deref() {
-                        Ok(Some(MainStatus::Running { .. })) => {
-                            let res = thread_shared.seed.ctx.notification_manager
-                                .notify(
-                                    &mut db,
-                                    Some(thread_shared.seed.manifest.id.clone()),
-                                    NotificationLevel::Warning,
-                                    String::from("Service Crashed"),
-                                    format!("The service {} has crashed with the following exit code: {}\nDetails: {}", thread_shared.seed.manifest.id.clone(), e.0, e.1),
-                                    (),
-                                    Some(3600) // 1 hour
-                                )
-                                .await;
-                            if let Err(e) = res {
-                                tracing::error!("Failed to issue notification: {}", e);
-                                tracing::debug!("{:?}", e);
-                            }
-                        }
-                        _ => {
-                            tracing::error!("service just started. not issuing crash notification")
-                        }
-                    }
-                }
-                tracing::error!("service crashed: {}: {}", e.0, e.1);
-                tokio::time::sleep(Duration::from_secs(15)).await;
-            }
-            Err(e) => {
-                tracing::error!("failed to start service: {}", e);
-                tracing::debug!("{:?}", e);
-            }
-        }
-    }
-}
-
-pub struct PersistentContainer {
-    _running_docker: NonDetachingJoinHandle<()>,
-    rpc_client: Receiver<Arc<UnixRpcClient>>,
-}
-
-impl PersistentContainer {
-    #[instrument(skip(seed))]
-    async fn init(seed: &Arc<ManagerSeed>) -> Result<Option<Self>, Error> {
-        Ok(if let Some(containers) = &seed.manifest.containers {
-            let (running_docker, rpc_client) =
-                spawn_persistent_container(seed.clone(), containers.main.clone()).await?;
-            Some(Self {
-                _running_docker: running_docker,
-                rpc_client,
-            })
-        } else {
-            None
-        })
-    }
-}
-
-async fn spawn_persistent_container(
-    seed: Arc<ManagerSeed>,
-    container: DockerContainer,
-) -> Result<(NonDetachingJoinHandle<()>, Receiver<Arc<UnixRpcClient>>), Error> {
-    let (send_inserter, inserter) = oneshot::channel();
-    Ok((
-        tokio::task::spawn(async move {
-            let mut inserter_send: Option<Sender<Arc<UnixRpcClient>>> = None;
-            let mut send_inserter: Option<oneshot::Sender<Receiver<Arc<UnixRpcClient>>>> = Some(send_inserter);
-            loop {
-                if let Err(e) = async {
-                    let (mut runtime, inserter) =
-                        long_running_docker(&seed, &container).await?;
-
-                    let ip = match get_long_running_ip(&*seed, &mut runtime).await {
-                        GetRunningIp::Ip(x) => x,
-                        GetRunningIp::Error(e) => return Err(e),
-                        GetRunningIp::EarlyExit(e) => {
-                            tracing::error!("Early Exit");
-                            tracing::debug!("{:?}", e);
-                            return Ok(());
-                        }
-                    };
-                    let svc = add_network_for_main(&*seed, ip).await?;
-
-                    if let Some(inserter_send) = inserter_send.as_mut() {
-                        let _ = inserter_send.send(Arc::new(inserter));
-                    } else {
-                        let (s, r) = channel(Arc::new(inserter));
-                        inserter_send = Some(s);
-                        if let Some(send_inserter) = send_inserter.take() {
-                            let _ = send_inserter.send(r);
-                        }
-                    }
-
-                    let res = tokio::select! {
-                        a = runtime.running_output => a.map_err(|_| Error::new(eyre!("Manager runtime panicked!"), crate::ErrorKind::Docker)).map(|_| ()),
-                    };
-
-                    remove_network_for_main(svc).await?;
-
-                    res
-                }.await {
-                    tracing::error!("Error in persistent container: {}", e);
-                    tracing::debug!("{:?}", e);
-                } else {
-                    break;
-                }
-                tokio::time::sleep(Duration::from_millis(200)).await;
-            }
-        })
-        .into(),
-        inserter.await.map_err(|_| Error::new(eyre!("Container handle dropped before inserter sent"), crate::ErrorKind::Unknown))?,
-    ))
-}
-
-async fn long_running_docker(
-    seed: &ManagerSeed,
-    container: &DockerContainer,
-) -> Result<(LongRunning, UnixRpcClient), Error> {
-    container
-        .long_running_execute(
-            &seed.ctx,
-            &seed.manifest.id,
-            &seed.manifest.version,
-            &seed.manifest.volumes,
-        )
-        .await
-}
-
-async fn remove_network_for_main(svc: NetService) -> Result<(), Error> {
-    svc.remove_all().await
-}
-
-fn fetch_starting_to_running(state: &Arc<ManagerSharedState>) {
-    let _ = state.status.0.send_modify(|x| {
-        if *x == Status::Starting {
-            *x = Status::Running;
-        }
-    });
-}
-
-async fn main_health_check_daemon(state: Arc<ManagerSharedState>) {
-    tokio::time::sleep(Duration::from_secs(HEALTH_CHECK_GRACE_PERIOD_SECONDS)).await;
-    loop {
-        let mut db = state.seed.ctx.db.handle();
-        if let Err(e) = health::check(
-            &state.seed.ctx,
-            &mut db,
-            &state.seed.manifest.id,
-            &state.commit_health_check_results,
-        )
-        .await
-        {
-            tracing::error!(
-                "Failed to run health check for {}: {}",
-                &state.seed.manifest.id,
-                e
-            );
-            tracing::debug!("{:?}", e);
-        }
-        tokio::time::sleep(Duration::from_secs(HEALTH_CHECK_COOLDOWN_SECONDS)).await;
-    }
-}
-
-fn set_commit_health_true(state: &Arc<ManagerSharedState>) {
-    state
-        .commit_health_check_results
-        .store(true, Ordering::SeqCst);
-}
-
-async fn add_network_for_main(
-    seed: &ManagerSeed,
-    ip: std::net::Ipv4Addr,
-) -> Result<NetService, Error> {
-    let mut svc = seed
-        .ctx
-        .net_controller
-        .create_service(seed.manifest.id.clone(), ip)
-        .await?;
-    // DEPRECATED
-    let mut secrets = seed.ctx.secret_store.acquire().await?;
-    let mut tx = secrets.begin().await?;
-    for (id, interface) in &seed.manifest.interfaces.0 {
-        for (external, internal) in interface.lan_config.iter().flatten() {
-            svc.add_lan(&mut tx, id.clone(), external.0, internal.internal, false)
-                .await?;
-        }
-        for (external, internal) in interface.tor_config.iter().flat_map(|t| &t.port_mapping) {
-            svc.add_tor(&mut tx, id.clone(), external.0, internal.0)
-                .await?;
-        }
-    }
-    for volume in seed.manifest.volumes.values() {
-        if let Volume::Certificate { interface_id } = volume {
-            svc.export_cert(&mut tx, interface_id, ip.into()).await?;
-        }
-    }
-    tx.commit().await?;
-    Ok(svc)
-}
-
-enum GetRunningIp {
-    Ip(Ipv4Addr),
-    Error(Error),
-    EarlyExit(Result<NoOutput, (i32, String)>),
-}
-
-type RuntimeOfCommand = NonDetachingJoinHandle<Result<Result<NoOutput, (i32, String)>, Error>>;
-
-async fn get_running_ip(
-    state: &Arc<ManagerSharedState>,
-    mut runtime: &mut RuntimeOfCommand,
-) -> GetRunningIp {
-    loop {
-        match container_inspect(&*state.seed).await {
-            Ok(res) => {
-                match res
-                    .network_settings
-                    .and_then(|ns| ns.networks)
-                    .and_then(|mut n| n.remove("start9"))
-                    .and_then(|es| es.ip_address)
-                    .filter(|ip| !ip.is_empty())
-                    .map(|ip| ip.parse())
-                    .transpose()
-                {
-                    Ok(Some(ip_addr)) => return GetRunningIp::Ip(ip_addr),
-                    Ok(None) => (),
-                    Err(e) => return GetRunningIp::Error(e.into()),
-                }
-            }
-            Err(bollard::errors::Error::DockerResponseServerError {
-                status_code: 404, // NOT FOUND
-                ..
-            }) => (),
-            Err(e) => return GetRunningIp::Error(e.into()),
-        }
-        if let Poll::Ready(res) = futures::poll!(&mut runtime) {
-            match res {
-                Ok(Ok(response)) => return GetRunningIp::EarlyExit(response),
-                Err(e) => {
-                    return GetRunningIp::Error(Error::new(
-                        match e.try_into_panic() {
-                            Ok(e) => {
-                                eyre!(
-                                    "Manager runtime panicked: {}",
-                                    e.downcast_ref::<&'static str>().unwrap_or(&"UNKNOWN")
-                                )
-                            }
-                            _ => eyre!("Manager runtime cancelled!"),
-                        },
-                        crate::ErrorKind::Docker,
-                    ))
-                }
-                Ok(Err(e)) => {
-                    return GetRunningIp::Error(Error::new(
-                        eyre!("Manager runtime returned error: {}", e),
-                        crate::ErrorKind::Docker,
-                    ))
-                }
-            }
-        }
-    }
-}
-
-async fn get_long_running_ip(seed: &ManagerSeed, runtime: &mut LongRunning) -> GetRunningIp {
-    loop {
-        match container_inspect(seed).await {
-            Ok(res) => {
-                match res
-                    .network_settings
-                    .and_then(|ns| ns.networks)
-                    .and_then(|mut n| n.remove("start9"))
-                    .and_then(|es| es.ip_address)
-                    .filter(|ip| !ip.is_empty())
-                    .map(|ip| ip.parse())
-                    .transpose()
-                {
-                    Ok(Some(ip_addr)) => return GetRunningIp::Ip(ip_addr),
-                    Ok(None) => (),
-                    Err(e) => return GetRunningIp::Error(e.into()),
-                }
-            }
-            Err(bollard::errors::Error::DockerResponseServerError {
-                status_code: 404, // NOT FOUND
-                ..
-            }) => (),
-            Err(e) => return GetRunningIp::Error(e.into()),
-        }
-        if let Poll::Ready(res) = futures::poll!(&mut runtime.running_output) {
-            match res {
-                Ok(_) => return GetRunningIp::EarlyExit(Ok(NoOutput)),
-                Err(_e) => {
-                    return GetRunningIp::Error(Error::new(
-                        eyre!("Manager runtime panicked!"),
-                        crate::ErrorKind::Docker,
-                    ))
-                }
-            }
-        }
-    }
-}
-
-async fn container_inspect(
-    seed: &ManagerSeed,
-) -> Result<bollard::models::ContainerInspectResponse, bollard::errors::Error> {
-    seed.ctx
-        .docker
-        .inspect_container(&seed.container_name, None)
-        .await
-}
-
-async fn wait_for_status(shared: &ManagerSharedState, status: Status) {
-    let mut recv = shared.status.0.subscribe();
-    while {
-        let s = *recv.borrow();
-        s != status
-    } {
-        if recv.changed().await.is_ok() {
-            break;
-        }
-    }
-}
-
-fn sigterm_timeout(manifest: &Manifest) -> Option<Duration> {
-    if let PackageProcedure::Docker(d) = &manifest.main {
-        d.sigterm_timeout.map(|d| *d)
-    } else if let Some(c) = &manifest.containers {
-        c.main.sigterm_timeout.map(|d| *d)
-    } else {
-        None
-    }
-}
-
-#[instrument(skip(shared))]
-async fn stop(shared: &ManagerSharedState) -> Result<(), Error> {
-    shared
-        .commit_health_check_results
-        .store(false, Ordering::SeqCst);
-    shared.on_stop.send_modify(|status| {
-        if matches!(*status, OnStop::Restart) {
-            *status = OnStop::Sleep;
-        }
-    });
-    if *shared.status.1.borrow() == Status::Paused {
-        resume(shared).await?;
-    }
-    send_signal(shared, &Signal::SIGTERM).await?;
-    let _ = tokio::time::timeout(
-        sigterm_timeout(&shared.seed.manifest).unwrap_or(Duration::from_secs(30)),
-        wait_for_status(shared, Status::Stopped),
-    )
-    .await;
-    shared.killer.notify_waiters();
-
-    Ok(())
-}
-
-#[instrument(skip(shared))]
-async fn start(shared: &ManagerSharedState) -> Result<(), Error> {
-    shared.on_stop.send_modify(|status| {
-        if matches!(*status, OnStop::Sleep) {
-            *status = OnStop::Restart;
-        }
-    });
-    let _ = shared.status.0.send_modify(|x| {
-        if *x != Status::Running {
-            *x = Status::Starting
-        }
-    });
-    Ok(())
-}
-
-#[instrument(skip(shared))]
-async fn pause(shared: &ManagerSharedState) -> Result<(), Error> {
-    if let Err(e) = shared
-        .seed
-        .ctx
-        .docker
-        .pause_container(&shared.seed.container_name)
-        .await
-    {
-        tracing::error!("failed to pause container. stopping instead. {}", e);
-        tracing::debug!("{:?}", e);
-        return stop(shared).await;
-    }
-    let _ = shared.status.0.send(Status::Paused);
-    Ok(())
-}
-
-#[instrument(skip(shared))]
-async fn resume(shared: &ManagerSharedState) -> Result<(), Error> {
-    shared
-        .seed
-        .ctx
-        .docker
-        .unpause_container(&shared.seed.container_name)
-        .await?;
-    let _ = shared.status.0.send(Status::Running);
-    Ok(())
-}
-
-async fn send_signal(shared: &ManagerSharedState, signal: &Signal) -> Result<(), Error> {
-    // stop health checks from committing their results
-    shared
-        .commit_health_check_results
-        .store(false, Ordering::SeqCst);
-
-    if let Some(rpc_client) = shared
-        .persistent_container
-        .as_ref()
-        .map(|c| c.rpc_client.borrow().clone())
-    {
-        #[cfg(feature = "js_engine")]
-        if let Err(e) = JsProcedure::default()
-            .execute::<_, NoOutput>(
-                &shared.seed.ctx.datadir,
-                &shared.seed.manifest.id,
-                &shared.seed.manifest.version,
-                ProcedureName::Signal,
-                &shared.seed.manifest.volumes,
-                Some(SignalGroupParams {
-                    gid: shared.main_gid.1.apply_ref(|g| *g.borrow()),
-                    signal: *signal as u32,
-                }),
-                None, // TODO
-                ProcessGroupId(
-                    shared
-                        .next_gid
-                        .fetch_add(1, std::sync::atomic::Ordering::SeqCst),
-                ),
-                Some(rpc_client),
-            )
-            .await?
-        {
-            tracing::error!("Failed to send js signal: {}", e.1);
-            tracing::debug!("{:?}", e);
-        }
-    } else {
-        // send signal to container
-        shared
-            .seed
-            .ctx
-            .docker
-            .kill_container(
-                &shared.seed.container_name,
-                Some(KillContainerOptions {
-                    signal: signal.to_string(),
-                }),
-            )
-            .await
-            .or_else(|e| {
-                if matches!(
-                    e,
-                    bollard::errors::Error::DockerResponseServerError {
-                        status_code: 409, // CONFLICT
-                        ..
-                    } | bollard::errors::Error::DockerResponseServerError {
-                        status_code: 404, // NOT FOUND
-                        ..
-                    }
-                ) {
-                    Ok(())
-                } else {
-                    Err(e)
-                }
-            })?;
-    }
-
-    Ok(())
-}

backend/src/manager/sync.rs

@@ -1,113 +0,0 @@
-use std::collections::BTreeMap;
-use std::time::Duration;
-
-use chrono::Utc;
-
-use super::{pause, resume, start, stop, ManagerSharedState, Status};
-use crate::status::MainStatus;
-use crate::Error;
-
-/// Allocates a db handle. DO NOT CALL with a db handle already in scope
-async fn synchronize_once(shared: &ManagerSharedState) -> Result<Status, Error> {
-    let mut db = shared.seed.ctx.db.handle();
-    let mut status = crate::db::DatabaseModel::new()
-        .package_data()
-        .idx_model(&shared.seed.manifest.id)
-        .expect(&mut db)
-        .await?
-        .installed()
-        .expect(&mut db)
-        .await?
-        .status()
-        .main()
-        .get_mut(&mut db)
-        .await?;
-    let manager_status = *shared.status.1.borrow();
-    match manager_status {
-        Status::Stopped => match &mut *status {
-            MainStatus::Stopped => (),
-            MainStatus::Stopping => {
-                *status = MainStatus::Stopped;
-            }
-            MainStatus::Restarting => {
-                *status = MainStatus::Starting { restarting: true };
-            }
-            MainStatus::Starting { .. } => {
-                start(shared).await?;
-            }
-            MainStatus::Running { started, .. } => {
-                *started = Utc::now();
-                start(shared).await?;
-            }
-            MainStatus::BackingUp { .. } => (),
-        },
-        Status::Starting => match *status {
-            MainStatus::Stopped | MainStatus::Stopping | MainStatus::Restarting => {
-                stop(shared).await?;
-            }
-            MainStatus::Starting { .. } | MainStatus::Running { .. } => (),
-            MainStatus::BackingUp { .. } => {
-                pause(shared).await?;
-            }
-        },
-        Status::Running => match *status {
-            MainStatus::Stopped | MainStatus::Stopping | MainStatus::Restarting => {
-                stop(shared).await?;
-            }
-            MainStatus::Starting { .. } => {
-                *status = MainStatus::Running {
-                    started: Utc::now(),
-                    health: BTreeMap::new(),
-                };
-            }
-            MainStatus::Running { .. } => (),
-            MainStatus::BackingUp { .. } => {
-                pause(shared).await?;
-            }
-        },
-        Status::Paused => match *status {
-            MainStatus::Stopped | MainStatus::Stopping | MainStatus::Restarting => {
-                stop(shared).await?;
-            }
-            MainStatus::Starting { .. } | MainStatus::Running { .. } => {
-                resume(shared).await?;
-            }
-            MainStatus::BackingUp { .. } => (),
-        },
-        Status::Shutdown => (),
-    }
-    status.save(&mut db).await?;
-    Ok(manager_status)
-}
-
-pub async fn synchronizer(shared: &ManagerSharedState) {
-    let mut status_recv = shared.status.0.subscribe();
-    loop {
-        tokio::select! {
-            _ = tokio::time::sleep(Duration::from_secs(5)) => (),
-            _ = shared.synchronize_now.notified() => (),
-            _ = status_recv.changed() => (),
-        }
-        let status = match synchronize_once(shared).await {
-            Err(e) => {
-                tracing::error!(
-                    "Synchronizer for {}@{} failed: {}",
-                    shared.seed.manifest.id,
-                    shared.seed.manifest.version,
-                    e
-                );
-                tracing::debug!("{:?}", e);
-                continue;
-            }
-            Ok(status) => status,
-        };
-        tracing::trace!("{} status synchronized", shared.seed.manifest.id);
-        shared.synchronized.notify_waiters();
-        match status {
-            Status::Shutdown => {
-                break;
-            }
-            _ => (),
-        }
-    }
-}

backend/src/middleware/db.rs

@@ -1,82 +0,0 @@
-use color_eyre::eyre::eyre;
-use futures::future::BoxFuture;
-use futures::FutureExt;
-use http::HeaderValue;
-use rpc_toolkit::hyper::http::Error as HttpError;
-use rpc_toolkit::hyper::{Body, Request, Response};
-use rpc_toolkit::rpc_server_helpers::{
-    noop4, DynMiddleware, DynMiddlewareStage2, DynMiddlewareStage3,
-};
-use rpc_toolkit::yajrc::RpcMethod;
-use rpc_toolkit::Metadata;
-
-use crate::context::RpcContext;
-use crate::{Error, ResultExt};
-
-pub fn db<M: Metadata>(ctx: RpcContext) -> DynMiddleware<M> {
-    Box::new(
-        move |_: &mut Request<Body>,
-              metadata: M|
-              -> BoxFuture<Result<Result<DynMiddlewareStage2, Response<Body>>, HttpError>> {
-            let ctx = ctx.clone();
-            async move {
-                let m2: DynMiddlewareStage2 = Box::new(move |req, rpc_req| {
-                    async move {
-                        let seq = req.headers.remove("x-patch-sequence");
-                        let sync_db = metadata
-                            .get(rpc_req.method.as_str(), "sync_db")
-                            .unwrap_or(false);
-
-                        let m3: DynMiddlewareStage3 = Box::new(move |res, _| {
-                            async move {
-                                if sync_db && seq.is_some() {
-                                    match async {
-                                        let seq = seq
-                                            .ok_or_else(|| {
-                                                Error::new(
-                                                    eyre!("Missing X-Patch-Sequence"),
-                                                    crate::ErrorKind::InvalidRequest,
-                                                )
-                                            })?
-                                            .to_str()
-                                            .with_kind(crate::ErrorKind::InvalidRequest)?
-                                            .parse()?;
-                                        let res = ctx.db.sync(seq).await?;
-                                        let json = match res {
-                                            Ok(revs) => serde_json::to_vec(&revs),
-                                            Err(dump) => serde_json::to_vec(&[dump]),
-                                        }
-                                        .with_kind(crate::ErrorKind::Serialization)?;
-                                        Ok::<_, Error>(base64::encode_config(
-                                            &json,
-                                            base64::URL_SAFE,
-                                        ))
-                                    }
-                                    .await
-                                    {
-                                        Ok(a) => res
-                                            .headers
-                                            .append("X-Patch-Updates", HeaderValue::from_str(&a)?),
-                                        Err(e) => res.headers.append(
-                                            "X-Patch-Error",
-                                            HeaderValue::from_str(&base64::encode_config(
-                                                &e.to_string(),
-                                                base64::URL_SAFE,
-                                            ))?,
-                                        ),
-                                    };
-                                }
-                                Ok(Ok(noop4()))
-                            }
-                            .boxed()
-                        });
-                        Ok(Ok(m3))
-                    }
-                    .boxed()
-                });
-                Ok(Ok(m2))
-            }
-            .boxed()
-        },
-    )
-}

backend/src/net/tor.rs

@@ -1,266 +0,0 @@
-use std::collections::BTreeMap;
-use std::net::SocketAddr;
-use std::sync::{Arc, Weak};
-
-use clap::ArgMatches;
-use color_eyre::eyre::eyre;
-use futures::future::BoxFuture;
-use futures::FutureExt;
-use rpc_toolkit::command;
-use tokio::net::TcpStream;
-use tokio::sync::Mutex;
-use torut::control::{AsyncEvent, AuthenticatedConn, ConnError};
-use torut::onion::{OnionAddressV3, TorSecretKeyV3};
-use tracing::instrument;
-
-use crate::context::RpcContext;
-use crate::util::serde::{display_serializable, IoFormat};
-use crate::{Error, ErrorKind, ResultExt as _};
-
-#[test]
-fn random_key() {
-    println!("x'{}'", hex::encode(rand::random::<[u8; 32]>()));
-}
-
-#[command(subcommands(list_services))]
-pub fn tor() -> Result<(), Error> {
-    Ok(())
-}
-
-fn display_services(services: Vec<OnionAddressV3>, matches: &ArgMatches) {
-    use prettytable::*;
-
-    if matches.is_present("format") {
-        return display_serializable(services, matches);
-    }
-
-    let mut table = Table::new();
-    for service in services {
-        let row = row![&service.to_string()];
-        table.add_row(row);
-    }
-    table.print_tty(false).unwrap();
-}
-
-#[command(rename = "list-services", display(display_services))]
-pub async fn list_services(
-    #[context] ctx: RpcContext,
-    #[allow(unused_variables)]
-    #[arg(long = "format")]
-    format: Option<IoFormat>,
-) -> Result<Vec<OnionAddressV3>, Error> {
-    ctx.net_controller.tor.list_services().await
-}
-
-fn event_handler(_event: AsyncEvent<'static>) -> BoxFuture<'static, Result<(), ConnError>> {
-    async move { Ok(()) }.boxed()
-}
-
-pub struct TorController(Mutex<TorControllerInner>);
-impl TorController {
-    pub async fn init(tor_control: SocketAddr) -> Result<Self, Error> {
-        Ok(TorController(Mutex::new(
-            TorControllerInner::init(tor_control).await?,
-        )))
-    }
-
-    pub async fn add(
-        &self,
-        key: &TorSecretKeyV3,
-        external: u16,
-        target: SocketAddr,
-    ) -> Result<Arc<()>, Error> {
-        self.0.lock().await.add(key, external, target).await
-    }
-
-    pub async fn gc(&self, key: &TorSecretKeyV3, external: u16) -> Result<(), Error> {
-        self.0.lock().await.gc(key, external).await
-    }
-
-    pub async fn list_services(&self) -> Result<Vec<OnionAddressV3>, Error> {
-        self.0.lock().await.list_services().await
-    }
-}
-
-type AuthenticatedConnection = AuthenticatedConn<
-    TcpStream,
-    fn(AsyncEvent<'static>) -> BoxFuture<'static, Result<(), ConnError>>,
->;
-
-pub struct TorControllerInner {
-    control_addr: SocketAddr,
-    connection: AuthenticatedConnection,
-    services: BTreeMap<String, BTreeMap<u16, BTreeMap<SocketAddr, Weak<()>>>>,
-}
-impl TorControllerInner {
-    #[instrument(skip(self))]
-    async fn add(
-        &mut self,
-        key: &TorSecretKeyV3,
-        external: u16,
-        target: SocketAddr,
-    ) -> Result<Arc<()>, Error> {
-        let mut rm_res = Ok(());
-        let onion_base = key
-            .public()
-            .get_onion_address()
-            .get_address_without_dot_onion();
-        let mut service = if let Some(service) = self.services.remove(&onion_base) {
-            rm_res = self.connection.del_onion(&onion_base).await;
-            service
-        } else {
-            BTreeMap::new()
-        };
-        let mut binding = service.remove(&external).unwrap_or_default();
-        let rc = if let Some(rc) = Weak::upgrade(&binding.remove(&target).unwrap_or_default()) {
-            rc
-        } else {
-            Arc::new(())
-        };
-        binding.insert(target, Arc::downgrade(&rc));
-        service.insert(external, binding);
-        let bindings = service
-            .iter()
-            .flat_map(|(ext, int)| {
-                int.iter()
-                    .find(|(_, rc)| rc.strong_count() > 0)
-                    .map(|(addr, _)| (*ext, SocketAddr::from(*addr)))
-            })
-            .collect::<Vec<_>>();
-        self.services.insert(onion_base, service);
-        rm_res?;
-        self.connection
-            .add_onion_v3(key, false, false, false, None, &mut bindings.iter())
-            .await?;
-        Ok(rc)
-    }
-
-    #[instrument(skip(self))]
-    async fn gc(&mut self, key: &TorSecretKeyV3, external: u16) -> Result<(), Error> {
-        let onion_base = key
-            .public()
-            .get_onion_address()
-            .get_address_without_dot_onion();
-        if let Some(mut service) = self.services.remove(&onion_base) {
-            if let Some(mut binding) = service.remove(&external) {
-                binding = binding
-                    .into_iter()
-                    .filter(|(_, rc)| rc.strong_count() > 0)
-                    .collect();
-                if !binding.is_empty() {
-                    service.insert(external, binding);
-                }
-            }
-            let rm_res = self.connection.del_onion(&onion_base).await;
-            if !service.is_empty() {
-                let bindings = service
-                    .iter()
-                    .flat_map(|(ext, int)| {
-                        int.iter()
-                            .find(|(_, rc)| rc.strong_count() > 0)
-                            .map(|(addr, _)| (*ext, SocketAddr::from(*addr)))
-                    })
-                    .collect::<Vec<_>>();
-                self.services.insert(onion_base, service);
-                rm_res?;
-                self.connection
-                    .add_onion_v3(&key, false, false, false, None, &mut bindings.iter())
-                    .await?;
-            } else {
-                rm_res?;
-            }
-        }
-
-        Ok(())
-    }
-
-    #[instrument]
-    async fn init(tor_control: SocketAddr) -> Result<Self, Error> {
-        let mut conn = torut::control::UnauthenticatedConn::new(
-            TcpStream::connect(tor_control).await?, // TODO
-        );
-        let auth = conn
-            .load_protocol_info()
-            .await?
-            .make_auth_data()?
-            .ok_or_else(|| eyre!("Cookie Auth Not Available"))
-            .with_kind(crate::ErrorKind::Tor)?;
-        conn.authenticate(&auth).await?;
-        let mut connection: AuthenticatedConnection = conn.into_authenticated().await;
-        connection.set_async_event_handler(Some(event_handler));
-
-        Ok(Self {
-            control_addr: tor_control,
-            connection,
-            services: BTreeMap::new(),
-        })
-    }
-
-    #[instrument(skip(self))]
-    async fn list_services(&mut self) -> Result<Vec<OnionAddressV3>, Error> {
-        self.connection
-            .get_info("onions/current")
-            .await?
-            .lines()
-            .map(|l| l.trim())
-            .filter(|l| !l.is_empty())
-            .map(|l| l.parse().with_kind(ErrorKind::Tor))
-            .collect()
-    }
-}
-
-#[tokio::test]
-async fn test() {
-    let mut conn = torut::control::UnauthenticatedConn::new(
-        TcpStream::connect(SocketAddr::from(([127, 0, 0, 1], 9051)))
-            .await
-            .unwrap(), // TODO
-    );
-    let auth = conn
-        .load_protocol_info()
-        .await
-        .unwrap()
-        .make_auth_data()
-        .unwrap()
-        .ok_or_else(|| eyre!("Cookie Auth Not Available"))
-        .with_kind(crate::ErrorKind::Tor)
-        .unwrap();
-    conn.authenticate(&auth).await.unwrap();
-    let mut connection: AuthenticatedConn<
-        TcpStream,
-        fn(AsyncEvent<'static>) -> BoxFuture<'static, Result<(), ConnError>>,
-    > = conn.into_authenticated().await;
-    let tor_key = torut::onion::TorSecretKeyV3::generate();
-    connection.get_conf("SocksPort").await.unwrap();
-    connection
-        .add_onion_v3(
-            &tor_key,
-            false,
-            false,
-            false,
-            None,
-            &mut [(443_u16, SocketAddr::from(([127, 0, 0, 1], 8443)))].iter(),
-        )
-        .await
-        .unwrap();
-    connection
-        .del_onion(
-            &tor_key
-                .public()
-                .get_onion_address()
-                .get_address_without_dot_onion(),
-        )
-        .await
-        .unwrap();
-    connection
-        .add_onion_v3(
-            &tor_key,
-            false,
-            false,
-            false,
-            None,
-            &mut [(8443_u16, SocketAddr::from(([127, 0, 0, 1], 8443)))].iter(),
-        )
-        .await
-        .unwrap();
-}

backend/src/version/mod.rs

@@ -1,308 +0,0 @@
-use std::cmp::Ordering;
-
-use async_trait::async_trait;
-use color_eyre::eyre::eyre;
-use patch_db::DbHandle;
-use rpc_toolkit::command;
-use sqlx::PgPool;
-
-use crate::init::InitReceipts;
-use crate::Error;
-
-mod v0_3_0;
-mod v0_3_0_1;
-mod v0_3_0_2;
-mod v0_3_0_3;
-mod v0_3_1;
-mod v0_3_1_1;
-mod v0_3_1_2;
-mod v0_3_2;
-mod v0_3_2_1;
-mod v0_3_3;
-mod v0_3_4;
-
-pub type Current = v0_3_4::Version;
-
-#[derive(serde::Serialize, serde::Deserialize, Debug, Clone)]
-#[serde(untagged)]
-enum Version {
-    V0_3_0(Wrapper<v0_3_0::Version>),
-    V0_3_0_1(Wrapper<v0_3_0_1::Version>),
-    V0_3_0_2(Wrapper<v0_3_0_2::Version>),
-    V0_3_0_3(Wrapper<v0_3_0_3::Version>),
-    V0_3_1(Wrapper<v0_3_1::Version>),
-    V0_3_1_1(Wrapper<v0_3_1_1::Version>),
-    V0_3_1_2(Wrapper<v0_3_1_2::Version>),
-    V0_3_2(Wrapper<v0_3_2::Version>),
-    V0_3_2_1(Wrapper<v0_3_2_1::Version>),
-    V0_3_3(Wrapper<v0_3_3::Version>),
-    V0_3_4(Wrapper<v0_3_4::Version>),
-    Other(emver::Version),
-}
-
-impl Version {
-    fn from_util_version(version: crate::util::Version) -> Self {
-        serde_json::to_value(version.clone())
-            .and_then(serde_json::from_value)
-            .unwrap_or_else(|_e| {
-                tracing::warn!("Can't deserialize: {:?} and falling back to other", version);
-                Version::Other(version.into_version())
-            })
-    }
-    #[cfg(test)]
-    fn as_sem_ver(&self) -> emver::Version {
-        match self {
-            Version::V0_3_0(Wrapper(x)) => x.semver(),
-            Version::V0_3_0_1(Wrapper(x)) => x.semver(),
-            Version::V0_3_0_2(Wrapper(x)) => x.semver(),
-            Version::V0_3_0_3(Wrapper(x)) => x.semver(),
-            Version::V0_3_1(Wrapper(x)) => x.semver(),
-            Version::V0_3_1_1(Wrapper(x)) => x.semver(),
-            Version::V0_3_1_2(Wrapper(x)) => x.semver(),
-            Version::V0_3_2(Wrapper(x)) => x.semver(),
-            Version::V0_3_2_1(Wrapper(x)) => x.semver(),
-            Version::V0_3_3(Wrapper(x)) => x.semver(),
-            Version::V0_3_4(Wrapper(x)) => x.semver(),
-            Version::Other(x) => x.clone(),
-        }
-    }
-}
-
-#[async_trait]
-pub trait VersionT
-where
-    Self: Sized + Send + Sync,
-{
-    type Previous: VersionT;
-    fn new() -> Self;
-    fn semver(&self) -> emver::Version;
-    fn compat(&self) -> &'static emver::VersionRange;
-    async fn up<Db: DbHandle>(&self, db: &mut Db, secrets: &PgPool) -> Result<(), Error>;
-    async fn down<Db: DbHandle>(&self, db: &mut Db, secrets: &PgPool) -> Result<(), Error>;
-    async fn commit<Db: DbHandle>(
-        &self,
-        db: &mut Db,
-        receipts: &InitReceipts,
-    ) -> Result<(), Error> {
-        receipts
-            .version_range
-            .set(db, self.compat().clone())
-            .await?;
-        receipts
-            .server_version
-            .set(db, self.semver().into())
-            .await?;
-
-        Ok(())
-    }
-    async fn migrate_to<V: VersionT, Db: DbHandle>(
-        &self,
-        version: &V,
-        db: &mut Db,
-        secrets: &PgPool,
-        receipts: &InitReceipts,
-    ) -> Result<(), Error> {
-        match self.semver().cmp(&version.semver()) {
-            Ordering::Greater => {
-                self.rollback_to_unchecked(version, db, secrets, receipts)
-                    .await
-            }
-            Ordering::Less => {
-                version
-                    .migrate_from_unchecked(self, db, secrets, receipts)
-                    .await
-            }
-            Ordering::Equal => Ok(()),
-        }
-    }
-    async fn migrate_from_unchecked<V: VersionT, Db: DbHandle>(
-        &self,
-        version: &V,
-        db: &mut Db,
-        secrets: &PgPool,
-        receipts: &InitReceipts,
-    ) -> Result<(), Error> {
-        let previous = Self::Previous::new();
-        if version.semver() < previous.semver() {
-            previous
-                .migrate_from_unchecked(version, db, secrets, receipts)
-                .await?;
-        } else if version.semver() > previous.semver() {
-            return Err(Error::new(
-                eyre!(
-                    "NO PATH FROM {}, THIS IS LIKELY A MISTAKE IN THE VERSION DEFINITION",
-                    version.semver()
-                ),
-                crate::ErrorKind::MigrationFailed,
-            ));
-        }
-        tracing::info!("{} -> {}", previous.semver(), self.semver(),);
-        self.up(db, secrets).await?;
-        self.commit(db, receipts).await?;
-        Ok(())
-    }
-    async fn rollback_to_unchecked<V: VersionT, Db: DbHandle>(
-        &self,
-        version: &V,
-        db: &mut Db,
-        secrets: &PgPool,
-        receipts: &InitReceipts,
-    ) -> Result<(), Error> {
-        let previous = Self::Previous::new();
-        tracing::info!("{} -> {}", self.semver(), previous.semver(),);
-        self.down(db, secrets).await?;
-        previous.commit(db, receipts).await?;
-        if version.semver() < previous.semver() {
-            previous
-                .rollback_to_unchecked(version, db, secrets, receipts)
-                .await?;
-        } else if version.semver() > previous.semver() {
-            return Err(Error::new(
-                eyre!(
-                    "NO PATH TO {}, THIS IS LIKELY A MISTAKE IN THE VERSION DEFINITION",
-                    version.semver()
-                ),
-                crate::ErrorKind::MigrationFailed,
-            ));
-        }
-        Ok(())
-    }
-}
-#[derive(Debug, Clone)]
-struct Wrapper<T>(T);
-impl<T> serde::Serialize for Wrapper<T>
-where
-    T: VersionT,
-{
-    fn serialize<S: serde::Serializer>(&self, serializer: S) -> Result<S::Ok, S::Error> {
-        self.0.semver().serialize(serializer)
-    }
-}
-impl<'de, T> serde::Deserialize<'de> for Wrapper<T>
-where
-    T: VersionT,
-{
-    fn deserialize<D: serde::Deserializer<'de>>(deserializer: D) -> Result<Self, D::Error> {
-        let v = crate::util::Version::deserialize(deserializer)?;
-        let version = T::new();
-        if *v == version.semver() {
-            Ok(Wrapper(version))
-        } else {
-            Err(serde::de::Error::custom("Mismatched Version"))
-        }
-    }
-}
-
-pub async fn init<Db: DbHandle>(
-    db: &mut Db,
-    secrets: &PgPool,
-    receipts: &crate::init::InitReceipts,
-) -> Result<(), Error> {
-    let version = Version::from_util_version(receipts.server_version.get(db).await?);
-    match version {
-        Version::V0_3_0(v) => {
-            v.0.migrate_to(&Current::new(), db, secrets, receipts)
-                .await?
-        }
-        Version::V0_3_0_1(v) => {
-            v.0.migrate_to(&Current::new(), db, secrets, receipts)
-                .await?
-        }
-        Version::V0_3_0_2(v) => {
-            v.0.migrate_to(&Current::new(), db, secrets, receipts)
-                .await?
-        }
-        Version::V0_3_0_3(v) => {
-            v.0.migrate_to(&Current::new(), db, secrets, receipts)
-                .await?
-        }
-        Version::V0_3_1(v) => {
-            v.0.migrate_to(&Current::new(), db, secrets, receipts)
-                .await?
-        }
-        Version::V0_3_1_1(v) => {
-            v.0.migrate_to(&Current::new(), db, secrets, receipts)
-                .await?
-        }
-        Version::V0_3_1_2(v) => {
-            v.0.migrate_to(&Current::new(), db, secrets, receipts)
-                .await?
-        }
-        Version::V0_3_2(v) => {
-            v.0.migrate_to(&Current::new(), db, secrets, receipts)
-                .await?
-        }
-        Version::V0_3_2_1(v) => {
-            v.0.migrate_to(&Current::new(), db, secrets, receipts)
-                .await?
-        }
-        Version::V0_3_3(v) => {
-            v.0.migrate_to(&Current::new(), db, secrets, receipts)
-                .await?
-        }
-        Version::V0_3_4(v) => {
-            v.0.migrate_to(&Current::new(), db, secrets, receipts)
-                .await?
-        }
-        Version::Other(_) => {
-            return Err(Error::new(
-                eyre!("Cannot downgrade"),
-                crate::ErrorKind::InvalidRequest,
-            ))
-        }
-    }
-    Ok(())
-}
-
-pub const COMMIT_HASH: &str =
-    git_version::git_version!(args = ["--always", "--abbrev=40", "--dirty=-modified"]);
-
-#[command(rename = "git-info", local, metadata(authenticated = false))]
-pub fn git_info() -> Result<&'static str, Error> {
-    Ok(COMMIT_HASH)
-}
-
-#[cfg(test)]
-mod tests {
-    use proptest::prelude::*;
-
-    use super::*;
-
-    fn em_version() -> impl Strategy<Value = emver::Version> {
-        any::<(usize, usize, usize, usize)>().prop_map(|(major, minor, patch, super_minor)| {
-            emver::Version::new(major, minor, patch, super_minor)
-        })
-    }
-
-    fn versions() -> impl Strategy<Value = Version> {
-        prop_oneof![
-            Just(Version::V0_3_0(Wrapper(v0_3_0::Version::new()))),
-            Just(Version::V0_3_0_1(Wrapper(v0_3_0_1::Version::new()))),
-            Just(Version::V0_3_0_2(Wrapper(v0_3_0_2::Version::new()))),
-            Just(Version::V0_3_0_3(Wrapper(v0_3_0_3::Version::new()))),
-            Just(Version::V0_3_1(Wrapper(v0_3_1::Version::new()))),
-            Just(Version::V0_3_1_1(Wrapper(v0_3_1_1::Version::new()))),
-            Just(Version::V0_3_1_2(Wrapper(v0_3_1_2::Version::new()))),
-            Just(Version::V0_3_2(Wrapper(v0_3_2::Version::new()))),
-            Just(Version::V0_3_2_1(Wrapper(v0_3_2_1::Version::new()))),
-            Just(Version::V0_3_3(Wrapper(v0_3_3::Version::new()))),
-            Just(Version::V0_3_4(Wrapper(v0_3_4::Version::new()))),
-            em_version().prop_map(Version::Other),
-        ]
-    }
-
-    proptest! {
-        #[test]
-        fn emversion_isomorphic_version(original in em_version()) {
-            let version = Version::from_util_version(original.clone().into());
-            let back = version.as_sem_ver();
-            prop_assert_eq!(original, back, "All versions should round trip");
-        }
-        #[test]
-        fn version_isomorphic_em_version(version in versions()) {
-            let sem_ver = version.as_sem_ver();
-            let back = Version::from_util_version(sem_ver.into());
-            prop_assert_eq!(format!("{:?}",version), format!("{:?}", back), "All versions should round trip");
-        }
-    }
-}

backend/src/version/v0_3_0.rs

@@ -1,37 +0,0 @@
-use emver::VersionRange;
-use lazy_static::lazy_static;
-
-use super::*;
-
-const V0_3_0: emver::Version = emver::Version::new(0, 3, 0, 0);
-lazy_static! {
-    pub static ref V0_3_0_COMPAT: VersionRange = VersionRange::Conj(
-        Box::new(VersionRange::Anchor(
-            emver::GTE,
-            emver::Version::new(0, 3, 0, 0),
-        )),
-        Box::new(VersionRange::Anchor(emver::LTE, Current::new().semver())),
-    );
-}
-
-#[derive(Debug, Clone)]
-pub struct Version;
-#[async_trait]
-impl VersionT for Version {
-    type Previous = v0_3_0::Version;
-    fn new() -> Self {
-        Version
-    }
-    fn semver(&self) -> emver::Version {
-        V0_3_0
-    }
-    fn compat(&self) -> &'static VersionRange {
-        &*V0_3_0_COMPAT
-    }
-    async fn up<Db: DbHandle>(&self, _db: &mut Db, _secrets: &PgPool) -> Result<(), Error> {
-        Ok(())
-    }
-    async fn down<Db: DbHandle>(&self, _db: &mut Db, _secrets: &PgPool) -> Result<(), Error> {
-        Ok(())
-    }
-}

backend/src/version/v0_3_0_1.rs

@@ -1,27 +0,0 @@
-use emver::VersionRange;
-
-use super::*;
-
-const V0_3_0_1: emver::Version = emver::Version::new(0, 3, 0, 1);
-
-#[derive(Debug, Clone)]
-pub struct Version;
-#[async_trait]
-impl VersionT for Version {
-    type Previous = v0_3_0::Version;
-    fn new() -> Self {
-        Version
-    }
-    fn semver(&self) -> emver::Version {
-        V0_3_0_1
-    }
-    fn compat(&self) -> &'static VersionRange {
-        &*v0_3_0::V0_3_0_COMPAT
-    }
-    async fn up<Db: DbHandle>(&self, _db: &mut Db, _secrets: &PgPool) -> Result<(), Error> {
-        Ok(())
-    }
-    async fn down<Db: DbHandle>(&self, _db: &mut Db, _secrets: &PgPool) -> Result<(), Error> {
-        Ok(())
-    }
-}

backend/src/version/v0_3_0_2.rs

@@ -1,27 +0,0 @@
-use emver::VersionRange;
-
-use super::*;
-
-const V0_3_0_2: emver::Version = emver::Version::new(0, 3, 0, 2);
-
-#[derive(Debug, Clone)]
-pub struct Version;
-#[async_trait]
-impl VersionT for Version {
-    type Previous = v0_3_0_1::Version;
-    fn new() -> Self {
-        Version
-    }
-    fn semver(&self) -> emver::Version {
-        V0_3_0_2
-    }
-    fn compat(&self) -> &'static VersionRange {
-        &*v0_3_0::V0_3_0_COMPAT
-    }
-    async fn up<Db: DbHandle>(&self, _db: &mut Db, _secrets: &PgPool) -> Result<(), Error> {
-        Ok(())
-    }
-    async fn down<Db: DbHandle>(&self, _db: &mut Db, _secrets: &PgPool) -> Result<(), Error> {
-        Ok(())
-    }
-}

backend/src/version/v0_3_0_3.rs

@@ -1,27 +0,0 @@
-use emver::VersionRange;
-
-use super::*;
-
-const V0_3_0_3: emver::Version = emver::Version::new(0, 3, 0, 3);
-
-#[derive(Clone, Debug)]
-pub struct Version;
-#[async_trait]
-impl VersionT for Version {
-    type Previous = v0_3_0_2::Version;
-    fn new() -> Self {
-        Version
-    }
-    fn semver(&self) -> emver::Version {
-        V0_3_0_3
-    }
-    fn compat(&self) -> &'static VersionRange {
-        &*v0_3_0::V0_3_0_COMPAT
-    }
-    async fn up<Db: DbHandle>(&self, _db: &mut Db, _secrets: &PgPool) -> Result<(), Error> {
-        Ok(())
-    }
-    async fn down<Db: DbHandle>(&self, _db: &mut Db, _secrets: &PgPool) -> Result<(), Error> {
-        Ok(())
-    }
-}

backend/src/version/v0_3_1.rs

@@ -1,28 +0,0 @@
-use emver::VersionRange;
-
-use super::v0_3_0::V0_3_0_COMPAT;
-use super::*;
-
-const V0_3_1: emver::Version = emver::Version::new(0, 3, 1, 0);
-
-#[derive(Clone, Debug)]
-pub struct Version;
-#[async_trait]
-impl VersionT for Version {
-    type Previous = v0_3_0_3::Version;
-    fn new() -> Self {
-        Version
-    }
-    fn semver(&self) -> emver::Version {
-        V0_3_1
-    }
-    fn compat(&self) -> &'static VersionRange {
-        &*V0_3_0_COMPAT
-    }
-    async fn up<Db: DbHandle>(&self, _db: &mut Db, _secrets: &PgPool) -> Result<(), Error> {
-        Ok(())
-    }
-    async fn down<Db: DbHandle>(&self, _db: &mut Db, _secrets: &PgPool) -> Result<(), Error> {
-        Ok(())
-    }
-}

backend/src/version/v0_3_1_1.rs

@@ -1,28 +0,0 @@
-use emver::VersionRange;
-
-use super::v0_3_0::V0_3_0_COMPAT;
-use super::*;
-
-const V0_3_1_1: emver::Version = emver::Version::new(0, 3, 1, 1);
-
-#[derive(Clone, Debug)]
-pub struct Version;
-#[async_trait]
-impl VersionT for Version {
-    type Previous = v0_3_1::Version;
-    fn new() -> Self {
-        Version
-    }
-    fn semver(&self) -> emver::Version {
-        V0_3_1_1
-    }
-    fn compat(&self) -> &'static VersionRange {
-        &*V0_3_0_COMPAT
-    }
-    async fn up<Db: DbHandle>(&self, _db: &mut Db, _secrets: &PgPool) -> Result<(), Error> {
-        Ok(())
-    }
-    async fn down<Db: DbHandle>(&self, _db: &mut Db, _secrets: &PgPool) -> Result<(), Error> {
-        Ok(())
-    }
-}

backend/src/version/v0_3_1_2.rs

@@ -1,28 +0,0 @@
-use emver::VersionRange;
-
-use super::v0_3_0::V0_3_0_COMPAT;
-use super::*;
-
-const V0_3_1_2: emver::Version = emver::Version::new(0, 3, 1, 2);
-
-#[derive(Clone, Debug)]
-pub struct Version;
-#[async_trait]
-impl VersionT for Version {
-    type Previous = v0_3_1_1::Version;
-    fn new() -> Self {
-        Version
-    }
-    fn semver(&self) -> emver::Version {
-        V0_3_1_2
-    }
-    fn compat(&self) -> &'static VersionRange {
-        &*V0_3_0_COMPAT
-    }
-    async fn up<Db: DbHandle>(&self, _db: &mut Db, _secrets: &PgPool) -> Result<(), Error> {
-        Ok(())
-    }
-    async fn down<Db: DbHandle>(&self, _db: &mut Db, _secrets: &PgPool) -> Result<(), Error> {
-        Ok(())
-    }
-}

backend/src/version/v0_3_2.rs

@@ -1,156 +0,0 @@
-use emver::VersionRange;
-
-use super::v0_3_0::V0_3_0_COMPAT;
-use super::*;
-
-const V0_3_2: emver::Version = emver::Version::new(0, 3, 2, 0);
-
-lazy_static::lazy_static! {
-    static ref DEFAULT_UI: serde_json::Value =serde_json::json!({
-        "name": null,
-        "auto-check-updates": true,
-        "pkg-order": [],
-        "ack-welcome": "0.3.2",
-        "marketplace": {
-          "selected-id": null,
-          "known-hosts": {}
-        },
-        "dev": {},
-        "gaming": {
-          "snake": {
-            "high-score": 0
-          }
-        },
-        "ack-instructions": {}
-      });
-
-}
-
-#[derive(Clone, Debug)]
-pub struct Version;
-#[async_trait]
-impl VersionT for Version {
-    type Previous = v0_3_1_2::Version;
-    fn new() -> Self {
-        Version
-    }
-    fn semver(&self) -> emver::Version {
-        V0_3_2
-    }
-    fn compat(&self) -> &'static VersionRange {
-        &*V0_3_0_COMPAT
-    }
-    async fn up<Db: DbHandle>(&self, db: &mut Db, _secrets: &PgPool) -> Result<(), Error> {
-        let hostname = legacy::hostname::get_hostname(db).await?;
-        crate::db::DatabaseModel::new()
-            .server_info()
-            .hostname()
-            .put(db, &Some(hostname.0))
-            .await?;
-        crate::db::DatabaseModel::new()
-            .server_info()
-            .id()
-            .put(db, &legacy::hostname::generate_id())
-            .await?;
-
-        legacy::hostname::sync_hostname(db).await?;
-        Ok(())
-    }
-    async fn down<Db: DbHandle>(&self, _db: &mut Db, _secrets: &PgPool) -> Result<(), Error> {
-        Ok(())
-    }
-}
-
-mod legacy {
-    pub mod hostname {
-        use patch_db::DbHandle;
-        use rand::{thread_rng, Rng};
-        use tokio::process::Command;
-        use tracing::instrument;
-
-        use crate::util::Invoke;
-        use crate::{Error, ErrorKind};
-        #[derive(Clone, serde::Deserialize, serde::Serialize, Debug)]
-        pub struct Hostname(pub String);
-
-        lazy_static::lazy_static! {
-            static ref ADJECTIVES: Vec<String> = include_str!("../assets/adjectives.txt").lines().map(|x| x.to_string()).collect();
-            static ref NOUNS: Vec<String> = include_str!("../assets/nouns.txt").lines().map(|x| x.to_string()).collect();
-        }
-        impl AsRef<str> for Hostname {
-            fn as_ref(&self) -> &str {
-                &self.0
-            }
-        }
-
-        pub fn generate_hostname() -> Hostname {
-            let mut rng = thread_rng();
-            let adjective = &ADJECTIVES[rng.gen_range(0..ADJECTIVES.len())];
-            let noun = &NOUNS[rng.gen_range(0..NOUNS.len())];
-            Hostname(format!("embassy-{adjective}-{noun}"))
-        }
-
-        pub fn generate_id() -> String {
-            let id = uuid::Uuid::new_v4();
-            id.to_string()
-        }
-
-        #[instrument]
-        pub async fn get_current_hostname() -> Result<Hostname, Error> {
-            let out = Command::new("hostname")
-                .invoke(ErrorKind::ParseSysInfo)
-                .await?;
-            let out_string = String::from_utf8(out)?;
-            Ok(Hostname(out_string.trim().to_owned()))
-        }
-
-        #[instrument]
-        pub async fn set_hostname(hostname: &Hostname) -> Result<(), Error> {
-            let hostname: &String = &hostname.0;
-            let _out = Command::new("hostnamectl")
-                .arg("set-hostname")
-                .arg(hostname)
-                .invoke(ErrorKind::ParseSysInfo)
-                .await?;
-            Ok(())
-        }
-
-        #[instrument(skip(handle))]
-        pub async fn get_id<Db: DbHandle>(handle: &mut Db) -> Result<String, Error> {
-            let id = crate::db::DatabaseModel::new()
-                .server_info()
-                .id()
-                .get(handle)
-                .await?;
-            Ok(id.to_string())
-        }
-
-        pub async fn get_hostname<Db: DbHandle>(handle: &mut Db) -> Result<Hostname, Error> {
-            if let Ok(hostname) = crate::db::DatabaseModel::new()
-                .server_info()
-                .hostname()
-                .get(handle)
-                .await
-            {
-                if let Some(hostname) = hostname.to_owned() {
-                    return Ok(Hostname(hostname));
-                }
-            }
-            let id = get_id(handle).await?;
-            if id.len() != 8 {
-                return Ok(generate_hostname());
-            }
-            return Ok(Hostname(format!("embassy-{}", id)));
-        }
-        #[instrument(skip(handle))]
-        pub async fn sync_hostname<Db: DbHandle>(handle: &mut Db) -> Result<(), Error> {
-            set_hostname(&get_hostname(handle).await?).await?;
-            Command::new("systemctl")
-                .arg("restart")
-                .arg("avahi-daemon")
-                .invoke(crate::ErrorKind::Network)
-                .await?;
-            Ok(())
-        }
-    }
-}

backend/src/version/v0_3_2_1.rs

@@ -1,26 +0,0 @@
-use super::v0_3_0::V0_3_0_COMPAT;
-use super::*;
-
-const V0_3_2_1: emver::Version = emver::Version::new(0, 3, 2, 1);
-
-#[derive(Clone, Debug)]
-pub struct Version;
-#[async_trait]
-impl VersionT for Version {
-    type Previous = v0_3_2::Version;
-    fn new() -> Self {
-        Version
-    }
-    fn semver(&self) -> emver::Version {
-        V0_3_2_1
-    }
-    fn compat(&self) -> &'static emver::VersionRange {
-        &*V0_3_0_COMPAT
-    }
-    async fn up<Db: DbHandle>(&self, _db: &mut Db, _secrets: &PgPool) -> Result<(), Error> {
-        Ok(())
-    }
-    async fn down<Db: DbHandle>(&self, _db: &mut Db, _secrets: &PgPool) -> Result<(), Error> {
-        Ok(())
-    }
-}

backend/src/version/v0_3_3.rs

@@ -1,156 +0,0 @@
-use async_trait::async_trait;
-use emver::VersionRange;
-use regex::Regex;
-use serde_json::{json, Value};
-
-use super::v0_3_0::V0_3_0_COMPAT;
-use super::*;
-use crate::DEFAULT_MARKETPLACE;
-
-const V0_3_3: emver::Version = emver::Version::new(0, 3, 3, 0);
-
-#[derive(Clone, Debug)]
-pub struct Version;
-
-#[async_trait]
-impl VersionT for Version {
-    type Previous = v0_3_2_1::Version;
-    fn new() -> Self {
-        Version
-    }
-    fn semver(&self) -> emver::Version {
-        V0_3_3
-    }
-    fn compat(&self) -> &'static VersionRange {
-        &*V0_3_0_COMPAT
-    }
-    async fn up<Db: DbHandle>(&self, db: &mut Db, _secrets: &PgPool) -> Result<(), Error> {
-        let mut ui = crate::db::DatabaseModel::new().ui().get_mut(db).await?;
-
-        if let Some(Value::String(selected_url)) =
-            ui["marketplace"]
-                .get("selected-id")
-                .and_then(|selected_id| {
-                    if let Value::String(selected_id) = selected_id {
-                        return Some(ui["marketplace"]["known-hosts"].get(&selected_id)?);
-                    }
-                    None
-                })
-        {
-            ui["marketplace"]["selected-url"] = json!(selected_url);
-        }
-        if let Value::Object(ref mut obj) = *ui {
-            obj.remove("pkg-order");
-            obj.remove("auto-check-updates");
-        }
-        let known_hosts = ui["marketplace"]["known-hosts"].take();
-        ui["marketplace"]["known-hosts"] = json!({});
-        if let Value::Object(known_hosts) = known_hosts {
-            for (_id, value) in known_hosts {
-                if let Value::String(url) = &value["url"] {
-                    ui["marketplace"]["known-hosts"][ensure_trailing_slashes(url)] = json!({});
-                }
-            }
-        }
-
-        ui["marketplace"]["known-hosts"]["https://registry.start9.com/"] = json!({});
-
-        if let Some(Value::Object(ref mut obj)) = ui.get_mut("marketplace") {
-            obj.remove("selected-id");
-        }
-        if ui["marketplace"]["selected-url"].is_null() {
-            ui["marketplace"]["selected-url"] = json!(MarketPlaceUrls::Default.url());
-        }
-        ui.save(db).await?;
-
-        Ok(())
-    }
-    async fn down<Db: DbHandle>(&self, db: &mut Db, _secrets: &PgPool) -> Result<(), Error> {
-        let mut ui = crate::db::DatabaseModel::new().ui().get_mut(db).await?;
-        let selected_url = ui["marketplace"]["selected-url"]
-            .as_str()
-            .map(|x| x.to_owned());
-        let known_hosts = ui["marketplace"]["known-hosts"].take();
-        ui["marketplace"]["known-hosts"] = json!({});
-        if let Value::Object(known_hosts) = known_hosts {
-            for (url, obj) in known_hosts {
-                if let Value::String(name) = &obj["name"] {
-                    let id = uuid::Uuid::new_v4().to_string();
-                    if Some(name) == selected_url.as_ref() {
-                        ui["marketplace"]["selected-id"] = Value::String(id.clone());
-                    }
-                    ui["marketplace"]["known-hosts"][id.as_str()] = json!({
-                        "name": name,
-                        "url": url
-                    });
-                }
-            }
-        }
-        ui["auto-check-updates"] = Value::Bool(true);
-        ui["pkg-order"] = json!(crate::db::DatabaseModel::new()
-            .package_data()
-            .keys(db)
-            .await?
-            .iter()
-            .map(|x| x.to_string())
-            .collect::<Vec<String>>());
-        if let Some(Value::Object(ref mut obj)) = ui.get_mut("marketplace") {
-            obj.remove("selected-url");
-        }
-        ui.save(db).await?;
-        Ok(())
-    }
-}
-
-fn ensure_trailing_slashes(url: &str) -> String {
-    lazy_static::lazy_static! {
-        static ref REG: Regex = Regex::new(r".*/$").unwrap();
-    }
-    if REG.is_match(url) {
-        return url.to_string();
-    }
-    format!("{url}/")
-}
-
-#[test]
-fn test_ensure_trailing_slashed() {
-    assert_eq!(
-        &ensure_trailing_slashes("http://start9.com"),
-        "http://start9.com/"
-    );
-    assert_eq!(
-        &ensure_trailing_slashes("http://start9.com/"),
-        "http://start9.com/"
-    );
-    assert_eq!(
-        &ensure_trailing_slashes("http://start9.com/a"),
-        "http://start9.com/a/"
-    );
-}
-
-#[derive(Debug, Clone, Copy)]
-pub enum MarketPlaceUrls {
-    Default,
-}
-
-impl MarketPlaceUrls {
-    pub fn url(&self) -> String {
-        let url_string = match self {
-            MarketPlaceUrls::Default => DEFAULT_MARKETPLACE,
-        };
-        format!("{url_string}/")
-    }
-}
-
-#[test]
-fn test_that_ui_includes_url() {
-    let ui: Value =
-        serde_json::from_str(include_str!("../../../frontend/patchdb-ui-seed.json")).unwrap();
-    for market_place in [MarketPlaceUrls::Default] {
-        let url = market_place.url();
-        assert!(
-            !ui["marketplace"]["known-hosts"][&url].is_null(),
-            "Should have a market place for {url}"
-        );
-    }
-}

backend/src/version/v0_3_4.rs

@@ -1,147 +0,0 @@
-use async_trait::async_trait;
-use emver::VersionRange;
-use itertools::Itertools;
-use openssl::hash::MessageDigest;
-use serde_json::{json, Value};
-use ssh_key::public::Ed25519PublicKey;
-
-use crate::account::AccountInfo;
-use crate::hostname::{generate_hostname, sync_hostname, Hostname};
-
-use super::v0_3_0::V0_3_0_COMPAT;
-use super::*;
-
-const V0_3_4: emver::Version = emver::Version::new(0, 3, 4, 0);
-
-const COMMUNITY_URL: &str = "https://community-registry.start9.com/";
-const MAIN_REGISTRY: &str = "https://registry.start9.com/";
-const COMMUNITY_SERVICES: &[&str] = &[
-    "ipfs",
-    "agora",
-    "lightning-jet",
-    "balanceofsatoshis",
-    "mastodon",
-    "lndg",
-    "robosats",
-    "thunderhub",
-    "syncthing",
-    "sphinx-relay",
-];
-
-#[derive(Clone, Debug)]
-pub struct Version;
-
-#[async_trait]
-impl VersionT for Version {
-    type Previous = v0_3_3::Version;
-    fn new() -> Self {
-        Version
-    }
-    fn semver(&self) -> emver::Version {
-        V0_3_4
-    }
-    fn compat(&self) -> &'static VersionRange {
-        &*V0_3_0_COMPAT
-    }
-    async fn up<Db: DbHandle>(&self, db: &mut Db, secrets: &PgPool) -> Result<(), Error> {
-        let mut account = AccountInfo::load(secrets).await?;
-        crate::db::DatabaseModel::new()
-            .server_info()
-            .pubkey()
-            .put(
-                db,
-                &ssh_key::PublicKey::from(Ed25519PublicKey::from(&account.key.ssh_key()))
-                    .to_openssh()?,
-            )
-            .await?;
-        crate::db::DatabaseModel::new()
-            .server_info()
-            .ca_fingerprint()
-            .put(
-                db,
-                &account
-                    .root_ca_cert
-                    .digest(MessageDigest::sha256())
-                    .unwrap()
-                    .iter()
-                    .map(|x| format!("{x:X}"))
-                    .join(":"),
-            )
-            .await?;
-        let server_info = crate::db::DatabaseModel::new()
-            .server_info()
-            .get(db)
-            .await?
-            .into_owned();
-        account.hostname = server_info
-            .hostname
-            .map(Hostname)
-            .unwrap_or_else(generate_hostname);
-        account.server_id = server_info.id;
-        account.save(secrets).await?;
-        sync_hostname(&account).await?;
-
-        let parsed_url = Some(COMMUNITY_URL.parse().unwrap());
-        let mut ui = crate::db::DatabaseModel::new().ui().get_mut(db).await?;
-        ui["marketplace"]["known-hosts"][COMMUNITY_URL] = json!({});
-        ui["marketplace"]["known-hosts"][MAIN_REGISTRY] = json!({});
-        for package_id in crate::db::DatabaseModel::new()
-            .package_data()
-            .keys(db)
-            .await?
-        {
-            if !COMMUNITY_SERVICES.contains(&&*package_id.to_string()) {
-                continue;
-            }
-            crate::db::DatabaseModel::new()
-                .package_data()
-                .idx_model(&package_id)
-                .expect(db)
-                .await?
-                .installed()
-                .expect(db)
-                .await?
-                .marketplace_url()
-                .put(db, &parsed_url)
-                .await?;
-        }
-        ui["theme"] = json!("Dark".to_string());
-        ui["widgets"] = json!([]);
-        ui.save(db).await?;
-        Ok(())
-    }
-    async fn down<Db: DbHandle>(&self, db: &mut Db, _secrets: &PgPool) -> Result<(), Error> {
-        let mut ui = crate::db::DatabaseModel::new().ui().get_mut(db).await?;
-        let parsed_url = Some(MAIN_REGISTRY.parse().unwrap());
-        for package_id in crate::db::DatabaseModel::new()
-            .package_data()
-            .keys(db)
-            .await?
-        {
-            if !COMMUNITY_SERVICES.contains(&&*package_id.to_string()) {
-                continue;
-            }
-            crate::db::DatabaseModel::new()
-                .package_data()
-                .idx_model(&package_id)
-                .expect(db)
-                .await?
-                .installed()
-                .expect(db)
-                .await?
-                .marketplace_url()
-                .put(db, &parsed_url)
-                .await?;
-        }
-
-        if let Value::Object(ref mut obj) = *ui {
-            obj.remove("theme");
-            obj.remove("widgets");
-        }
-
-        ui["marketplace"]["known-hosts"][COMMUNITY_URL].take();
-        ui["marketplace"]["known-hosts"][MAIN_REGISTRY].take();
-        ui.save(db).await?;
-        Ok(())
-    }
-}

basename.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+
+cd "$(dirname "${BASH_SOURCE[0]}")"
+
+PLATFORM="$(if [ -f ./PLATFORM.txt ]; then cat ./PLATFORM.txt; else echo unknown; fi)"
+VERSION="$(cat ./VERSION.txt)"
+GIT_HASH="$(cat ./GIT_HASH.txt)"
+if [[ "$GIT_HASH" =~ ^@ ]]; then
+  GIT_HASH=unknown
+else
+  GIT_HASH="$(echo -n "$GIT_HASH" |  head -c 7)"
+fi
+STARTOS_ENV="$(cat ./ENVIRONMENT.txt)"
+VERSION_FULL="${VERSION}-${GIT_HASH}"
+if [ -n "$STARTOS_ENV" ]; then
+  VERSION_FULL="$VERSION_FULL~${STARTOS_ENV}"
+fi
+
+echo -n "startos-${VERSION_FULL}_${PLATFORM}"

build-cargo-dep.sh

@@ -4,7 +4,7 @@ set -e
 shopt -s expand_aliases
 
 if [ "$0" != "./build-cargo-dep.sh" ]; then
-	>&2 echo "Must be run from embassy-os directory"
+	>&2 echo "Must be run from start-os directory"
 	exit 1
 fi
 
@@ -13,9 +13,13 @@ if tty -s; then
 	USE_TTY="-it"
 fi
 
-mkdir -p cargo-deps
-alias 'rust-arm64-builder'='docker run $USE_TTY --rm -v "$HOME/.cargo/registry":/root/.cargo/registry -v "$(pwd)"/cargo-deps:/home/rust/src -P start9/rust-arm-cross:aarch64'
+if [ -z "$ARCH" ]; then
+	ARCH=$(uname -m)
+fi
 
-rust-arm64-builder cargo install "$1" --target-dir /home/rust/src
+mkdir -p cargo-deps
+alias 'rust-arm64-builder'='docker run $USE_TTY --rm -v "$HOME/.cargo/registry":/usr/local/cargo/registry -v "$(pwd)"/cargo-deps:/home/rust/src -P start9/rust-arm-cross:aarch64'
+
+rust-arm64-builder cargo install "$1" --target-dir /home/rust/src --target=$ARCH-unknown-linux-gnu
 sudo chown -R $USER cargo-deps
 sudo chown -R $USER ~/.cargo

build/.gitignore

@@ -0,0 +1,2 @@
+lib/depends
+lib/conflicts

build/README.md

@@ -1,4 +1,4 @@
-# Building Embassy OS
+# Building StartOS
 
 ⚠️ The commands given assume a Debian or Ubuntu-based environment. _Building in
 a VM is NOT yet supported_ ⚠️
@@ -42,15 +42,15 @@ a VM is NOT yet supported_ ⚠️
 
 2. Clone the latest repo with required submodules
    > :information_source: You chan check latest available version
-   > [here](https://github.com/Start9Labs/embassy-os/releases)
+   > [here](https://github.com/Start9Labs/start-os/releases)
    ```
-   git clone --recursive https://github.com/Start9Labs/embassy-os.git --branch latest
+   git clone --recursive https://github.com/Start9Labs/start-os.git --branch latest
    ```
 
 ## Build Raspberry Pi Image
 
 ```
-cd embassy-os
+cd start-os
 make embassyos-raspi.img ARCH=aarch64
 ```
 
@@ -62,7 +62,7 @@ We recommend [Balena Etcher](https://www.balena.io/etcher/)
 
 ## Setup
 
-Visit http://embassy.local from any web browser - We recommend
+Visit http://start.local from any web browser - We recommend
 [Firefox](https://www.mozilla.org/firefox/browsers)
 
 Enter your product key. This is generated during the build process and can be
@@ -70,11 +70,11 @@ found in `product_key.txt`, located in the root directory.
 
 ## Troubleshooting
 
-1. I just flashed my SD card, fired up my Embassy, bootup sounds and all, but my
-   browser is saying "Unable to connect" with embassy.local.
+1. I just flashed my SD card, fired up StartOS, bootup sounds and all, but my
+   browser is saying "Unable to connect" with start.local.
 
 - Try doing a hard refresh on your browser, or opening the url in a
-  private/incognito window. If you've ran an instance of Embassy before,
+  private/incognito window. If you've ran an instance of StartOS before,
   sometimes you can have a stale cache that will block you from navigating to
   the page.
 
@@ -91,14 +91,14 @@ found in `product_key.txt`, located in the root directory.
 - Find the IP of your device
 - Run `nc <ip> 8080` and it will print the logs
 
-4. I need to ssh into my Embassy to fix something, but I cannot get to the
+4. I need to ssh into my server to fix something, but I cannot get to the
    console to add ssh keys normally.
 
 - During the Build step, instead of running just
   `make embassyos-raspi.img ARCH=aarch64` run
   `ENVIRONMENT=dev make embassyos-raspi.img ARCH=aarch64`. Flash like normal,
-  and insert into your Embassy. Boot up your Embassy, and on another computer on
-  the same network, ssh into the Embassy with the username `start9` password
+  and insert into your server. Boot up StartOS, then on another computer on
+  the same network, ssh into the the server with the username `start9` password
   `embassy`.
 
 4. I need to reset my password, how can I do that?

build/dpkg-deps/conflicts

@@ -1,5 +1,5 @@
-openresolv
 dhcpcd5
 firewalld
 nginx
-nginx-common
+nginx-common
+openresolv

build/dpkg-deps/depends

@@ -0,0 +1,54 @@
+avahi-daemon
+avahi-utils
+bash-completion
+beep
+bmon
+btrfs-progs
+ca-certificates
+cifs-utils
+cryptsetup
+curl
+dmidecode
+dosfstools
+e2fsprogs
+ecryptfs-utils
+exfatprogs
+flashrom
+grub-common
+htop
+httpdirfs
+iotop
+iw
+jq
+libavahi-client3
+libyajl2
+linux-cpupower
+lm-sensors
+lshw
+lvm2
+magic-wormhole
+man-db
+ncdu
+net-tools
+network-manager
+nvme-cli
+nyx
+openssh-server
+podman
+postgresql
+psmisc
+qemu-guest-agent
+rsync
+samba-common-bin
+smartmontools
+sqlite3
+squashfs-tools
+sudo
+systemd
+systemd-resolved
+systemd-sysv
+systemd-timesyncd
+tor
+util-linux
+vim
+wireless-tools

build/dpkg-deps/docker.depends

@@ -0,0 +1,5 @@
++ containerd.io
++ docker-ce
++ docker-ce-cli
++ docker-compose-plugin
+- podman

build/dpkg-deps/generate.sh

@@ -0,0 +1,43 @@
+#!/bin/bash
+
+set -e
+
+cd "$(dirname "${BASH_SOURCE[0]}")"
+
+IFS="-" read -ra FEATURES <<< "$ENVIRONMENT"
+
+feature_file_checker='
+/^#/ { next }
+/^\+ [a-z0-9]+$/ { next }
+/^- [a-z0-9]+$/ { next }
+{ exit 1 }
+'
+
+for type in conflicts depends; do
+    pkgs=()
+    for feature in ${FEATURES[@]}; do
+        file="$feature.$type"
+        if [ -f $file ]; then
+            # TODO check for syntax errrors
+            cat $file | awk "$feature_file_checker"
+            for pkg in $(cat $file | awk '/^\+/ {print $2}'); do
+                pkgs+=($pkg)
+            done
+        fi
+    done
+    for pkg in $(cat $type); do
+        SKIP=
+        for feature in ${FEATURES[@]}; do
+            file="$feature.$type"
+            if [ -f $file ]; then
+                if grep "^- $pkg$" $file; then
+                    SKIP=1
+                fi
+            fi
+        done
+        if [ -z $SKIP ]; then
+            pkgs+=($pkg)
+        fi
+    done
+    (IFS=$'\n'; echo "${pkgs[*]}") | sort -u > ../lib/$type
+done

build/dpkg-deps/unstable.depends

@@ -0,0 +1,2 @@
++ gdb
++ heaptrack

build/lib/depends

@@ -1,34 +0,0 @@
-tor
-avahi-daemon
-avahi-utils
-iotop
-bmon
-lvm2
-htop
-cryptsetup
-exfat-utils
-sqlite3
-wireless-tools
-net-tools
-ecryptfs-utils
-cifs-utils
-samba-common-bin
-network-manager
-vim
-jq
-ncdu
-postgresql
-pgloader
-openssh-server
-docker-ce
-docker-ce-cli
-containerd.io
-docker-compose-plugin
-beep
-httpdirfs
-iw
-squashfs-tools
-rsync
-systemd-timesyncd
-magic-wormhole
-nyx

build/lib/docker-engine.slice

@@ -1,8 +0,0 @@
-[Unit]
-Description=Slice that limits docker resources 
-Before=slices.target
-
-[Slice]
-MemoryAccounting=true
-MemoryHigh=80%
-MemoryMax=85%

build/lib/firmware.json

@@ -0,0 +1,13 @@
+[
+  {
+    "id": "pureboot-librem_mini_v2-basic_usb_autoboot_blob_jail-Release-28.3",
+    "platform": ["x86_64"],
+    "system-product-name": "librem_mini_v2",
+    "bios-version": {
+      "semver-prefix": "PureBoot-Release-",
+      "semver-range": "<28.3"
+    },
+    "url": "https://source.puri.sm/firmware/releases/-/raw/98418b5b8e9edc2bd1243ad7052a062f79e2b88e/librem_mini_v2/custom/pureboot-librem_mini_v2-basic_usb_autoboot_blob_jail-Release-28.3.rom.gz",
+    "shasum": "5019bcf53f7493c7aa74f8ef680d18b5fc26ec156c705a841433aaa2fdef8f35"
+  }
+]

build/lib/motd

@@ -2,17 +2,33 @@
 printf "\n"
 printf "Welcome to\n"
 cat << "ASCII"
-          |                        ,---.,---.
-,---.,-.-.|---.,---.,---.,---.,   .|   |`---.
-|---'| | ||   |,---|`---.`---.|   ||   |    |
-`---'` ' '`---'`---^`---'`---'`---|`---'`---'
-                              `---'
+
+           ███████        
+         █    █    █      
+       █     █ █     █    
+      █     █   █     █   
+      █    █     █    █   
+       █  █       █  █    
+         █         █      
+           ███████        
+
+    _____     __ ___  __  __
+   (_  |  /\ |__) |  /  \(_
+   __) | /  \|  \ |  \__/__)
 ASCII
+printf "                            v$(cat /usr/lib/startos/VERSION.txt)\n\n"
 printf "   %s (%s %s)\n" "$(uname -o)" "$(uname -r)" "$(uname -m)"
-printf "   $(embassy-cli --version | sed 's/Embassy CLI /embassyOS v/g') - $(embassy-cli git-info)\n"
+printf "   Git Hash: $(cat /usr/lib/startos/GIT_HASH.txt)"
+if [ -n "$(cat /usr/lib/startos/ENVIRONMENT.txt)" ]; then
+    printf " ~ $(cat /usr/lib/startos/ENVIRONMENT.txt)\n"
+else
+    printf "\n"
+fi
 
 printf "\n"
-printf " * Documentation:  https://start9.com\n"
+printf " * Documentation:  https://docs.start9.com\n"
 printf " * Management:     https://%s.local\n" "$(hostname)"
-printf " * Support:        https://t.me/start9_labs\n"
+printf " * Support:        https://start9.com/contact\n"
+printf " * Source Code:    https://github.com/Start9Labs/start-os\n"
+printf " * License:        MIT\n"
 printf "\n"

build/lib/scripts/chroot-and-upgrade

@@ -5,30 +5,42 @@ if [ "$UID" -ne 0 ]; then
     exit 1
 fi
 
-echo 'Syncing...'
-
-rsync -a --delete --force --info=progress2 /media/embassy/embassyfs/current/ /media/embassy/next
+if [ -z "$NO_SYNC" ]; then
+    echo 'Syncing...'
+    rsync -a --delete --force --info=progress2 /media/embassy/embassyfs/current/ /media/embassy/next
+fi
 
 mkdir -p /media/embassy/next/run
 mkdir -p /media/embassy/next/dev
 mkdir -p /media/embassy/next/sys
 mkdir -p /media/embassy/next/proc
+mkdir -p /media/embassy/next/boot
 mount --bind /run /media/embassy/next/run
 mount --bind /dev /media/embassy/next/dev
 mount --bind /sys /media/embassy/next/sys
 mount --bind /proc /media/embassy/next/proc
+mount --bind /boot /media/embassy/next/boot
 
-chroot /media/embassy/next
+if [ -z "$*" ]; then
+    chroot /media/embassy/next
+    CHROOT_RES=$?
+else
+    chroot /media/embassy/next "$SHELL" -c "$*"
+    CHROOT_RES=$?
+fi
 
 umount /media/embassy/next/run
 umount /media/embassy/next/dev
 umount /media/embassy/next/sys
 umount /media/embassy/next/proc
+umount /media/embassy/next/boot
 
-echo 'Upgrading...'
+if [ "$CHROOT_RES" -eq 0 ]; then
+    echo 'Upgrading...'
 
-touch /media/embassy/config/upgrade
+    touch /media/embassy/config/upgrade
 
-sync
+    sync
 
-reboot
+    reboot
+fi

build/lib/scripts/dhclient-exit-hook

@@ -1 +1 @@
-embassy-cli net dhcp update $interface
+start-cli net dhcp update $interface

build/lib/scripts/embassy-initramfs-module

@@ -31,6 +31,8 @@ local_mount_root()
 	modprobe ${FSTYPE}
 	checkfs ${ROOT} root "${FSTYPE}"
 
+	ROOTFLAGS="$(echo "${ROOTFLAGS}" | sed 's/subvol=\(next\|current\)//' | sed 's/^-o *$//')"
+
 	if [ "${FSTYPE}" != "unknown" ]; then
 		mount -t ${FSTYPE} ${ROOTFLAGS} ${ROOT} ${rootmnt}
 	else

build/lib/scripts/enable-kiosk

@@ -3,38 +3,82 @@
 set -e
 
 # install dependencies
-apt update
-apt install --no-install-recommends -y xserver-xorg x11-xserver-utils xinit firefox-esr matchbox-window-manager libnss3-tools
+/usr/bin/apt update
+/usr/bin/apt install --no-install-recommends -y xserver-xorg x11-xserver-utils xinit firefox-esr matchbox-window-manager libnss3-tools
+
+#Change a default preference set by stock debian firefox-esr
+sed -i 's|^pref("extensions.update.enabled", true);$|pref("extensions.update.enabled", false);|' /etc/firefox-esr/firefox-esr.js
+
+if ! id kiosk; then
+    # create kiosk user
+    useradd -s /bin/bash --create-home kiosk
+fi
 
 # create kiosk script
-cat > /home/start9/kiosk.sh << 'EOF'
+cat > /home/kiosk/kiosk.sh << 'EOF'
 #!/bin/sh
 PROFILE=$(mktemp -d)
-if [ -f /usr/local/share/ca-certificates/embassy-root-ca.crt ]; then
-    certutil -A -n "Embassy Local Root CA" -t "TCu,Cuw,Tuw" -i /usr/local/share/ca-certificates/embassy-root-ca.crt -d $PROFILE
+if [ -f /usr/local/share/ca-certificates/startos-root-ca.crt ]; then
+    certutil -A -n "StartOS Local Root CA" -t "TCu,Cuw,Tuw" -i /usr/local/share/ca-certificates/startos-root-ca.crt -d $PROFILE
 fi
 cat >> $PROFILE/prefs.js << EOT
-user_pref("network.proxy.autoconfig_url", "file:///usr/lib/embassy/proxy.pac");
-user_pref("network.proxy.socks_remote_dns", true);
-user_pref("network.proxy.type", 2);
-user_pref("dom.securecontext.allowlist_onions", true);
-user_pref("dom.securecontext.whitelist_onions", true);
-user_pref("signon.rememberSignons", false);
-user_pref("extensions.activeThemeID", "firefox-compact-dark@mozilla.org");
-user_pref("browser.theme.content-theme", 0);
-user_pref("browser.theme.toolbar-theme", 0);
-user_pref("datareporting.policy.firstRunURL", "");
+user_pref("app.normandy.api_url", "");
+user_pref("app.normandy.enabled", false);
+user_pref("app.shield.optoutstudies.enabled", false);
+user_pref("app.update.enabled", false);
+user_pref("browser.aboutHomeSnippets.updateUrl", "");
+user_pref("browser.bookmarks.addedImportButton", false);
+user_pref("browser.casting.enabled", false);
+user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false);
+user_pref("browser.newtabpage.activity-stream.feeds.asrouterfeed", false);
+user_pref("browser.newtabpage.activity-stream.feeds.topsites", false);
+user_pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false);
+user_pref("browser.onboarding.enabled", false);
+user_pref("browser.ping-centre.telemetry", false);
+user_pref("browser.pocket.enabled",	false);
+user_pref("browser.safebrowsing.blockedURIs.enabled", false);
 user_pref("browser.safebrowsing.malware.enabled", false);
 user_pref("browser.safebrowsing.phishing.enabled", false);
+user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false);
+user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false);
+user_pref("browser.safebrowsing.downloads.remote.enabled", false);
+user_pref("browser.search.geoip.url", "");
+user_pref("browser.search.update", false);
+user_pref("browser.search.suggest.enabled",	false);
+user_pref("browser.startup.homepage_override.mstone", "ignore");
+user_pref("browser.theme.content-theme", 0);
+user_pref("browser.theme.toolbar-theme", 0);
+user_pref("browser.urlbar.groupLabels.enabled", false);
+user_pref("browser.urlbar.suggest.searches" false);
+user_pref("datareporting.policy.firstRunURL", "");
 user_pref("datareporting.healthreport.service.enabled", false);
 user_pref("datareporting.healthreport.uploadEnabled", false);
 user_pref("datareporting.policy.dataSubmissionEnabled", false);
-user_pref("datareporting.policy.dataSubmissionEnabled", false);
-user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false);
-user_pref("browser.ping-centre.telemetry", false);
-user_pref("browser.onboarding.enabled", false);
+user_pref("dom.securecontext.allowlist_onions", true);
+user_pref("dom.securecontext.whitelist_onions", true);
+user_pref("experiments.enabled", false);
+user_pref("experiments.activeExperiment", false);
+user_pref("experiments.supported", false);
+user_pref("extensions.activeThemeID", "firefox-compact-dark@mozilla.org");
+user_pref("extensions.blocklist.enabled", false);
+user_pref("extensions.getAddons.cache.enabled", false);
+user_pref("extensions.pocket.enabled", false);
+user_pref("extensions.update.enabled", false);
+user_pref("extensions.shield-recipe-client.enabled", false);
+user_pref("extensions.shield-recipe-client.user_id", "");
+user_pref("extensions.shield-recipe-client.api_url", "");
+user_pref("media.gmp-gmpopenh264.enabled", false);
+user_pref("messaging-system.rsexperimentloader.enabled", false);
+user_pref("network.allow-experiments", false);
+user_pref("network.captive-portal-service.enabled", false);
+user_pref("network.connectivity-service.enabled", false);
+user_pref("network.proxy.autoconfig_url", "file:///usr/lib/startos/proxy.pac");
+user_pref("network.proxy.socks_remote_dns", true);
+user_pref("network.proxy.type", 2);
+user_pref("signon.rememberSignons", false);
 user_pref("toolkit.telemetry.archive.enabled", false);
 user_pref("toolkit.telemetry.bhrPing.enabled", false);
+user_pref("toolkit.telemetry.coverage.opt-out", true);
 user_pref("toolkit.telemetry.enabled", false);
 user_pref("toolkit.telemetry.firstShutdownPing.enabled", false);
 user_pref("toolkit.telemetry.newProfilePing.enabled", false);
@@ -43,25 +87,15 @@ user_pref("toolkit.telemetry.shutdownPingSender.enabled", false);
 user_pref("toolkit.telemetry.unified", false);
 user_pref("toolkit.telemetry.updatePing.enabled", false);
 user_pref("toolkit.telemetry.cachedClientID", "");
-user_pref("experiments.enabled", false);
-user_pref("experiments.activeExperiment", false);
-user_pref("experiments.supported", false);
-user_pref("network.allow-experiments", false);
-user_pref("extensions.shield-recipe-client.enabled", false);
-user_pref("extensions.shield-recipe-client.user_id", "");
-user_pref("extensions.shield-recipe-client.api_url", "");
-user_pref("app.normandy.enabled", false);
-user_pref("app.normandy.api_url", "");
-user_pref("app.shield.optoutstudies.enabled", true);
 EOT
 while ! curl "http://localhost" > /dev/null; do
     sleep 1
 done
-while ! /usr/lib/embassy/scripts/check-monitor; do
+while ! /usr/lib/startos/scripts/check-monitor; do
     sleep 15
 done
 (
-    while /usr/lib/embassy/scripts/check-monitor; do
+    while /usr/lib/startos/scripts/check-monitor; do
         sleep 15
     done
     killall firefox-esr
@@ -70,11 +104,11 @@ matchbox-window-manager -use_titlebar no &
 firefox-esr http://localhost --profile $PROFILE
 rm -rf $PROFILE
 EOF
-chmod +x /home/start9/kiosk.sh
+chmod +x /home/kiosk/kiosk.sh
 
 # use kiosk if tty (not pts)
-if ! grep -q 'kiosk' /home/start9/.profile; then
-cat >> /home/start9/.profile << 'EOF'
+if ! grep -q 'kiosk' /home/kiosk/.profile; then
+cat >> /home/kiosk/.profile << 'EOF'
 # Use kiosk for TTY
 if [[ "$(tty)" =~ ^/dev/tty ]]; then
     exec startx "$HOME/kiosk.sh"
@@ -87,7 +121,7 @@ mkdir -p /etc/systemd/system/getty@tty1.service.d
 cat > /etc/systemd/system/getty@tty1.service.d/autologin.conf << 'EOF'
 [Service]
 ExecStart=
-ExecStart=-/sbin/agetty --autologin start9 --noclear %I $TERM
+ExecStart=-/sbin/agetty --autologin kiosk --noclear %I $TERM
 EOF
 ln -fs /etc/systemd/system/autologin@.service /etc/systemd/system/getty.target.wants/getty@tty1.service
 

build/lib/scripts/fake-apt

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+>&2 echo 'THIS IS NOT A STANDARD DEBIAN SYSTEM'
+>&2 echo 'USING apt COULD CAUSE IRREPARABLE DAMAGE TO YOUR START9 SERVER'
+>&2 echo 'PLEASE TURN BACK NOW!!!'
+if [ "$1" == "upgrade" ] && [ "$(whoami)" == "root" ]; then
+    >&2 echo 'IF YOU THINK RUNNING "sudo apt upgrade" IS A REASONABLE THING TO DO ON THIS SYSTEM, YOU PROBABLY SHOULDN'"'"'T BE ON THE COMMAND LINE.'
+    >&2 echo 'YOU ARE BEING REMOVED FROM THIS SESSION FOR YOUR OWN SAFETY.'
+    pkill -9 -t $(tty | sed 's|^/dev/||g')
+fi
+>&2 echo
+>&2 echo 'If you are SURE you know what you are doing, and are willing to accept the DIRE CONSEQUENCES of doing so, you can run the following command to disable this protection:'
+>&2 echo '    sudo rm /usr/local/bin/apt'
+>&2 echo
+>&2 echo 'Otherwise, what you probably want to do is run:'
+>&2 echo '    sudo /usr/lib/startos/scripts/chroot-and-upgrade'
+>&2 echo 'You can run apt in this context to add packages to your system.'
+>&2 echo 'When you are done with your changes, type "exit" and the device will reboot into a system with the changes applied.'
+>&2 echo 'This is still NOT RECOMMENDED if you don'"'"'t know what you are doing, but at least isn'"'"'t guaranteed to break things.'
+
+exit 1

build/lib/scripts/firefox-trust-cert

@@ -3,6 +3,6 @@
 for mozilladir in $(find /home -name ".mozilla"); do
   for certDB in $(find  ${mozilladir} -name "cert9.db"); do
     certDir=$(dirname ${certDB});
-    certutil -A -n "Embassy Local Root CA" -t "TCu,Cuw,Tuw" -i /usr/local/share/ca-certificates/embassy-root-ca.crt -d ${certDir}
+    certutil -A -n "StartOS Local Root CA" -t "TCu,Cuw,Tuw" -i /usr/local/share/ca-certificates/startos-root-ca.crt -d ${certDir}
   done
 done

build/lib/scripts/grub-probe-eos

@@ -3,30 +3,10 @@
 ARGS=
 
 for ARG in $@; do
- if [ "${ARG%%[!/]*}" = "/" ]; then
-
-  OPTIONS=
-
-  path="$ARG"
-  while true; do
-   if FSTYPE=$( findmnt -n -o FSTYPE "$path" ); then
-    if [ "$FSTYPE" = "overlay" ]; then
-  OPTIONS=$(findmnt -n -o OPTIONS "$path")
-  break
- else
-  break
-    fi
-   fi
-   if [ "$path" = "/" ]; then break; fi
-   path=$(dirname "$path")
-  done
-
-  if LOWERDIR=$(echo "$OPTIONS" | grep -m 1 -oP 'lowerdir=\K[^,]+'); then
-   #echo "[DEBUG] Overlay filesystem detected ${ARG} --> ${LOWERDIR}${ARG%*/}" 1>&2
-   ARG=/media/embassy/embassyfs"${ARG%*/}"
+  if [ -d "/media/embassy/embassyfs" ] && [ "$ARG" = "/" ]; then
+   ARG=/media/embassy/embassyfs
   fi
- fi
- ARGS="$ARGS $ARG"
+  ARGS="$ARGS $ARG"
 done
 
 grub-probe-default $ARGS

build/lib/scripts/install

@@ -1,120 +0,0 @@
-#!/bin/bash
-
-set -e
-
-function partition_for () {
-    if [[ "$1" =~ [0-9]+$ ]]; then
-        echo "$1p$2"
-    else
-        echo "$1$2"
-    fi
-}
-
-OSDISK=$1
-if [ -z "$OSDISK" ]; then
-  >&2 echo "usage: $0 <TARGET DISK>"
-  exit 1
-fi
-
-WIFI_IFACE=
-for IFACE in $(ls /sys/class/net); do
-    if [ -d /sys/class/net/$IFACE/wireless ]; then
-        WIFI_IFACE=$IFACE
-        break
-    fi
-done
-
-ETH_IFACE=
-for IFACE in $(ls /sys/class/net); do
-    if ! [ -d /sys/class/net/$IFACE/wireless ] && [ -d /sys/class/net/$IFACE/device ]; then
-        ETH_IFACE=$IFACE
-        break
-    fi
-done
-if [ -z "$ETH_IFACE" ]; then
-    >&2 echo 'Could not detect ethernet interface'
-    exit 1
-fi
-
-(
-  echo o      # MBR
-  echo n      # New Partition
-  echo p      #   Primary
-  echo 1      #   Index #1
-  echo        #   Default Starting Position
-  echo '+1G'  #   1GB
-  echo t      #   Change Type
-  echo 0b     #     W95 FAT32
-  echo a      #   Set Bootable
-  echo n      # New Partition
-  echo p      #   Primary
-  echo 2      #   Index #2
-  echo        #   Default Starting Position
-  echo '+15G' #   15GB
-  echo n      # New Partition
-  echo p      #   Primary
-  echo 3      #   Index #3
-  echo        #   Default Starting Position
-  echo        #   Use Full Remaining
-  echo t      #   Change Type
-  echo 3      #     (Still Index #3)
-  echo 8e     #     Linux LVM
-  echo w      # Write Changes
-) | fdisk $OSDISK
-
-BOOTPART=`partition_for $OSDISK 1`
-ROOTPART=`partition_for $OSDISK 2`
-
-mkfs.vfat $BOOTPART
-fatlabel $BOOTPART boot
-
-mkfs.ext4 $ROOTPART
-e2label $ROOTPART rootfs
-
-mount $ROOTPART /mnt
-mkdir /mnt/config
-mkdir /mnt/current
-mkdir /mnt/next
-
-mkdir /mnt/current/boot
-mount $BOOTPART /mnt/current/boot
-
-unsquashfs -f -d /mnt/current /cdrom/casper/filesystem.squashfs
-
-cat > /mnt/config/config.yaml << EOF
-os-partitions:
-  boot: $BOOTPART
-  root: $ROOTPART
-ethernet-interface: $ETH_IFACE
-EOF
-
-if [ -n "$WIFI_IFACE" ]; then
-    echo "wifi-interface: $WIFI_IFACE" >> /mnt/config/config.yaml
-fi
-
-# gen fstab
-cat > /mnt/current/etc/fstab << EOF
-$BOOTPART   /boot   vfat    defaults    0   2
-$ROOTPART   /       ext4    defaults    0   1
-EOF
-
-# gen machine-id
-chroot /mnt/current systemd-machine-id-setup
-
-# gen ssh host keys
-chroot /mnt/current ssh-keygen -A
-
-mount --bind /dev /mnt/current/dev
-mount --bind /sys /mnt/current/sys
-mount --bind /proc /mnt/current/proc
-
-chroot /mnt/current update-grub
-chroot /mnt/current grub-install $OSDISK
-
-umount /mnt/current/dev
-umount /mnt/current/sys
-umount /mnt/current/proc
-
-umount /mnt/current/boot
-
-umount /mnt

build/lib/scripts/persist-apt-install

@@ -0,0 +1,20 @@
+#!/bin/bash
+
+if [ -z "$1" ]; then
+    >&2 echo "usage: $0 <PACKAGE_NAME>"
+    exit 1
+fi
+
+TO_INSTALL=()
+while [ -n "$1" ]; do
+    if ! dpkg -s "$1"; then
+        TO_INSTALL+=("$1")
+    fi
+    shift
+done
+
+if [ ${#TO_INSTALL[@]} -ne 0 ]; then
+/usr/lib/startos/scripts/chroot-and-upgrade << EOF
+apt-get update && apt-get install -y ${TO_INSTALL[@]}
+EOF
+fi

build/lib/scripts/tor-check.sh

@@ -0,0 +1,36 @@
+#!/bin/bash
+
+fail=$(printf " [\033[31m fail \033[0m]")
+pass=$(printf " [\033[32m pass \033[0m]")
+
+onion_list=(
+    "Start9|http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion"
+    "Mempool|http://mempoolhqx4isw62xs7abwphsq7ldayuidyx2v2oethdhhj6mlo2r6ad.onion"
+    "DuckDuckGo|https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion"
+    "Brave Search|https://search.brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion"
+)
+
+# Check if ~/.startos/tor-check.list exists and read its contents if available
+if [ -f ~/.startos/tor-check.list ]; then
+    while IFS= read -r line; do
+        # Check if the line starts with a #
+        if [[ ! "$line" =~ ^# ]]; then
+            onion_list+=("$line")
+        fi
+    done < ~/.startos/tor-check.list
+fi
+
+echo "Testing connection to Onion Pages ..."
+
+for data in "${onion_list[@]}"; do
+    name="${data%%|*}"
+    url="${data#*|}"
+    if curl --socks5-hostname localhost:9050 "$url" > /dev/null 2>&1; then
+        echo " ${pass}: $name ($url) "
+    else
+        echo " ${fail}: $name ($url) "
+    fi
+done
+
+echo
+echo "Done."

build/raspberry-pi/033-upgrade.service

@@ -1,12 +0,0 @@
-[Unit]
-Description=Boot process for system initialization.
-After=network-online.target systemd-time-wait-sync.service
-
-[Service]
-Type=oneshot
-ExecStart=/usr/local/bin/033-upgrade.sh
-RemainAfterExit=true
-StandardOutput=append:/var/log/initialization.log
-
-[Install]
-WantedBy=multi-user.target

build/raspberry-pi/033-upgrade.sh

@@ -1,88 +0,0 @@
-#!/bin/bash
-
-set -e
-
-(
-    while true; do
-        beep -r 2 -l 80 -d 20
-        sleep 60
-    done
-) &
-
-if grep 'cb15ae4d-03' /boot/cmdline.txt; then
-    echo Transfer files across
-    e2fsck -f -y /dev/mmcblk0p4
-    while ! resize2fs /dev/mmcblk0p4; do
-        e2fsck -f -y /dev/mmcblk0p4
-    done
-    mkdir -p /media/origin
-    mkdir -p /media/dest
-    mount -r /dev/mmcblk0p3 /media/origin
-    mount -w /dev/mmcblk0p4 /media/dest
-    rsync -acvAXUH --info=progress2 --delete --force /media/origin/ /media/dest/
-    umount /media/origin
-    umount /media/dest
-    rm -rf /media/origin
-    rm -rf /media/dest
-
-    echo Setting up boot to use other partition
-    sed -i 's/PARTUUID=cb15ae4d-03/PARTUUID=cb15ae4d-04/g' /boot/cmdline.txt
-    sync
-    reboot
-fi
-
-mkdir -p /media/root-rw
-mkfs.ext4 /dev/mmcblk0p3
-mount /dev/mmcblk0p3 /media/root-rw
-
-mkdir -p /embassy-os
-mount /dev/mmcblk0p2 /embassy-os
-
-mkdir -p /media/root-rw/config
-mkdir -p /media/root-rw/current
-mkdir -p /media/root-rw/next
-rsync -acvAXUH --info=progress2 /embassy-os/ /media/root-rw/config/
-rsync -acvAXUH --info=progress2 /update/ /media/root-rw/current/
-rsync -acvAXUH --info=progress2 /media/root-rw/current/boot/ /boot/
-cp /etc/machine-id /media/root-rw/current/etc/machine-id
-cp /etc/ssh/ssh_host_rsa_key /media/root-rw/current/etc/ssh/ssh_host_rsa_key
-cp /etc/ssh/ssh_host_rsa_key.pub /media/root-rw/current/etc/ssh/ssh_host_rsa_key.pub
-cp /etc/ssh/ssh_host_ecdsa_key /media/root-rw/current/etc/ssh/ssh_host_ecdsa_key
-cp /etc/ssh/ssh_host_ecdsa_key.pub /media/root-rw/current/etc/ssh/ssh_host_ecdsa_key.pub
-cp /etc/ssh/ssh_host_ed25519_key /media/root-rw/current/etc/ssh/ssh_host_ed25519_key
-cp /etc/ssh/ssh_host_ed25519_key.pub /media/root-rw/current/etc/ssh/ssh_host_ed25519_key.pub
-
-sync
-
-umount /embassy-os
-umount /media/root-rw
-
-fatlabel /dev/mmcblk0p1 boot
-e2label /dev/mmcblk0p3 rootfs
-
-(
-    echo d
-    echo 1
-    echo d
-    echo 2
-    echo n
-    echo p
-    echo 1
-    echo
-    echo
-    echo d
-    echo 3
-    echo d
-    echo 4
-    echo n
-    echo p
-    echo 2
-    echo
-    echo
-    echo t
-    echo 1
-    echo c
-    echo w
-) | fdisk /dev/mmcblk0
-
-reboot

build/raspberry-pi/config.yaml

@@ -1,5 +0,0 @@
-os-partitions:
-  boot: /dev/mmcblk0p1
-  root: /dev/mmcblk0p2
-ethernet-interface: eth0
-wifi-interface: wlan0

build/raspberry-pi/init-with-sound.sh

@@ -1,18 +0,0 @@
-#!/bin/bash
-
-function flatline {
-	echo -n "0" > /sys/class/pwm/pwmchip0/export
-	sleep 0.5
-	echo -n "2272727" > /sys/class/pwm/pwmchip0/pwm0/period
-	echo -n "1136364" > /sys/class/pwm/pwmchip0/pwm0/duty_cycle
-	echo -n "1" > /sys/class/pwm/pwmchip0/pwm0/enable
-	sleep 30
-	echo -n "0" > /sys/class/pwm/pwmchip0/pwm0/enable
-}
-
-initialization.sh 
-STATUS=$?
-if [ $STATUS -ne 0 ]; then
-	flatline
-	exit $STATUS
-fi

build/raspberry-pi/initialization.service

@@ -1,12 +0,0 @@
-[Unit]
-Description=Boot process for system initialization.
-After=network-online.target systemd-time-wait-sync.service
-
-[Service]
-Type=oneshot
-ExecStart=/usr/local/bin/init-with-sound.sh
-RemainAfterExit=true
-StandardOutput=append:/var/log/initialization.log
-
-[Install]
-WantedBy=multi-user.target

build/raspberry-pi/initialization.sh

@@ -1,82 +0,0 @@
-#!/bin/bash
-set -e
-
-# introduce start9 username and embassy as default password
-if ! awk -F: '{ print $1 }' /etc/passwd | grep start9
-then
-	usermod -l start9 -d /home/start9 -m pi
-	groupmod --new-name start9 pi
-	echo start9:embassy | chpasswd
-fi
-
-START=$(date +%s)
-while ! ping -q -w 1 -c 1 `ip r | grep default | cut -d ' ' -f 3` > /dev/null; do
-	>&2 echo "Waiting for internet connection..."
-	sleep 1
-	if [ "$[$START + 60]" -lt $(date +%s) ]; then
-		>&2 echo "Timed out waiting for internet connection..."
-		exit 1
-	fi
-done
-echo "Connected to network"
-
-# Convert all repos to use https:// before apt update
-sed -i "s/http:/https:/g" /etc/apt/sources.list /etc/apt/sources.list.d/*.list
-
-. /usr/lib/embassy/scripts/add-apt-sources
-
-KERN=$(dpkg -s raspberrypi-kernel | grep Version | awk '{print $2}')
-apt-get update
-
-# TODO remove in 0.4.0
-if [ "$KERN" != "1:1.20221104-1" ]; then
-	wget https://archive.raspberrypi.org/debian/pool/main/r/raspberrypi-firmware/raspberrypi-kernel_1.20221104-1_arm64.deb
-	sha256sum raspberrypi-kernel_1.20221104-1_arm64.deb | grep 9de9fe61e17eab351b6d4c8ee42d836c16b066f3593a4a9626283df6df718e42
-	apt-get install -y --allow-change-held-packages --allow-downgrades ./raspberrypi-kernel_1.20221104-1_arm64.deb
-	rm ./raspberrypi-kernel_1.20221104-1_arm64.deb
-fi
-apt-mark hold raspberrypi-bootloader
-apt-mark hold raspberrypi-kernel
-
-apt-get upgrade -y
-if [ "$KERN" != "$(dpkg -s raspberrypi-kernel | grep Version | awk '{print $2}')" ]; then
-	echo "Kernel updated, restarting..."
-	sync
-	reboot
-fi
-
-apt-get install -y $(cat /usr/lib/embassy/depends)
-apt-get remove --purge -y $(cat /usr/lib/embassy/conflicts) beep
-apt-get autoremove -y
-
-systemctl stop tor
-
-. /usr/lib/embassy/scripts/postinst
-
-usermod -aG embassy start9
-
-systemctl enable embassyd.service embassy-init.service
-
-# . /usr/lib/embassy/scripts/enable-kiosk
-
-sed -i 's/^/usb-storage.quirks=152d:0562:u,14cd:121c:u,0781:cfcb:u /g' /boot/cmdline.txt
-
-# making that *sudo docker stats* command fulfil its purpose by displaying all metrics
-sed -i 's/rootwait quiet.*/rootwait cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory quiet/g' /boot/cmdline.txt
-
-systemctl disable nc-broadcast.service
-systemctl disable initialization.service
-
-update-initramfs -c -k "$(uname -r)"
-
-sed -i /boot/config.txt -e "/initramfs.*/d" 
-echo initramfs "initrd.img-$(uname -r)" >> /boot/config.txt
-
-sed -i /boot/cmdline.txt -e "s/^/boot=embassy /"
-
-passwd -l start9
-
-sync
-
-reboot
-