archy/.claude/memory/iso-build-session-2026-03-10.md

# ISO Build Session — 2026-03-10

## Status: Changes ready, NOT yet deployed or built

All changes are local. Servers were unreachable at end of session (network issue, not crash).
Need to: deploy to .228 → build new ISO → copy to File Browser Builds folder.

## Changes Made (Local, Uncommitted)

### 1. ISO Login Fix (`image-recipe/build-auto-installer-iso.sh`)
- **Problem**: `chpasswd` fails silently in chroot (PAM not available), leaving password locked
- **Fix**: Direct `/etc/shadow` manipulation with `sed` using SHA-512 hash from `openssl passwd -6`
- Pre-computed hash as fallback if openssl unavailable
- Verification check + chpasswd fallback
- Also added `root:archipelago` password in Dockerfile
- **Credentials**: `archipelago` / `archipelago` (TTY/SSH), `password123` (Web UI)

### 2. Onboarding "Server Starting Up" UX (4 Vue files)
- **Problem**: On fresh install, backend takes 2-5 min to start. Onboarding shows scary error messages.
- **OnboardingDid.vue**: Replaced 3-attempt retry with persistent auto-retry every 4s. Shows "Server starting up" with elapsed timer (e.g. `1:23`) to the right. Keeps trying until backend responds.
- **OnboardingIdentity.vue**: Detects 502/503, shows orange "Server is still starting up" instead of red error.
- **OnboardingBackup.vue**: Same friendly server-starting message.
- **OnboardingVerify.vue**: Same friendly server-starting message.

### 3. First-Boot Container Fixes (`scripts/first-boot-containers.sh`)
- **Problem**: Race conditions — services start before dependencies are ready
- Added `wait_for_container()` function with configurable timeout and logging
- **Bitcoin Knots**: Added RPC health check wait (up to 60s) before LND/NBXplorer/mempool start
- **BTCPay PostgreSQL**: Replaced `sleep 3` with `pg_isready` health check (up to 30s)
- **Mempool MariaDB**: Replaced `sleep 3` with connection check (up to 30s)
- **File Browser**: Removed `--read-only` and `--cap-drop ALL` (was preventing database creation). Added separate `/database` volume mount.

### 4. Build Skill Updated (`.claude/skills/build-iso/SKILL.md`)
- Added "Post-build: Publish to File Browser" step
- ISO gets copied to `/var/lib/archipelago/filebrowser/Builds/` after every build

## Fresh Install Issues Found on .198
- Login was broken (fixed in #1)
- Onboarding showed 502 errors at every step (fixed in #2)
- Containers not launching: Bitcoin Knots, BTCPay, File Browser, Grafana, LND (fixed in #3)
- File Browser specifically: `--read-only` prevented database creation (fixed in #3)
- Could not fully diagnose .198 — went offline before SSH diagnostic completed

## Deploy Steps When Servers Are Back
```bash
# 1. Deploy to live server
./scripts/deploy-to-target.sh --live

# 2. Sync build script
rsync -avz -e "ssh -i ~/.ssh/archipelago-deploy" \
  image-recipe/build-auto-installer-iso.sh \
  archipelago@192.168.1.228:~/archy/image-recipe/

# 3. Sync first-boot script
rsync -avz -e "ssh -i ~/.ssh/archipelago-deploy" \
  scripts/first-boot-containers.sh \
  archipelago@192.168.1.228:~/archy/scripts/

# 4. Build ISO on server
ssh -i ~/.ssh/archipelago-deploy archipelago@192.168.1.228 \
  'cd ~/archy/image-recipe && sudo ./build-auto-installer-iso.sh'

# 5. Copy to File Browser
ssh -i ~/.ssh/archipelago-deploy archipelago@192.168.1.228 \
  'sudo mkdir -p /var/lib/archipelago/filebrowser/Builds && \
   sudo cp ~/archy/image-recipe/results/archipelago-installer-x86_64.iso \
   /var/lib/archipelago/filebrowser/Builds/'

# 6. Download to Mac
scp -i ~/.ssh/archipelago-deploy \
  archipelago@192.168.1.228:~/archy/image-recipe/results/archipelago-installer-x86_64.iso \
  ~/Downloads/
```

## Files Modified (git diff summary)
- `image-recipe/build-auto-installer-iso.sh` — password fix + Dockerfile root password
- `scripts/first-boot-containers.sh` — health checks + filebrowser fix
- `scripts/deploy-to-target.sh` — Tor permission fixes (from earlier)
- `neode-ui/src/views/OnboardingDid.vue` — auto-retry with timer
- `neode-ui/src/views/OnboardingIdentity.vue` — server-starting detection
- `neode-ui/src/views/OnboardingBackup.vue` — server-starting detection
- `neode-ui/src/views/OnboardingVerify.vue` — server-starting detection
- `.claude/skills/build-iso/SKILL.md` — added File Browser publish step
- Frontend already built: `web/dist/neode-ui/` is up to date
changes for build for sxsw 2026-03-10 23:29:05 +00:00			`# ISO Build Session — 2026-03-10`

			`## Status: Changes ready, NOT yet deployed or built`

			`All changes are local. Servers were unreachable at end of session (network issue, not crash).`
			`Need to: deploy to .228 → build new ISO → copy to File Browser Builds folder.`

			`## Changes Made (Local, Uncommitted)`

			### 1. ISO Login Fix (`image-recipe/build-auto-installer-iso.sh`)
			- Problem: `chpasswd` fails silently in chroot (PAM not available), leaving password locked
			- Fix: Direct `/etc/shadow` manipulation with `sed` using SHA-512 hash from `openssl passwd -6`
			`- Pre-computed hash as fallback if openssl unavailable`
			`- Verification check + chpasswd fallback`
			- Also added `root:archipelago` password in Dockerfile
			- Credentials: `archipelago` / `archipelago` (TTY/SSH), `password123` (Web UI)

			`### 2. Onboarding "Server Starting Up" UX (4 Vue files)`
			`- Problem: On fresh install, backend takes 2-5 min to start. Onboarding shows scary error messages.`
			- OnboardingDid.vue: Replaced 3-attempt retry with persistent auto-retry every 4s. Shows "Server starting up" with elapsed timer (e.g. `1:23`) to the right. Keeps trying until backend responds.
			`- OnboardingIdentity.vue: Detects 502/503, shows orange "Server is still starting up" instead of red error.`
			`- OnboardingBackup.vue: Same friendly server-starting message.`
			`- OnboardingVerify.vue: Same friendly server-starting message.`

			### 3. First-Boot Container Fixes (`scripts/first-boot-containers.sh`)
			`- Problem: Race conditions — services start before dependencies are ready`
			- Added `wait_for_container()` function with configurable timeout and logging
			`- Bitcoin Knots: Added RPC health check wait (up to 60s) before LND/NBXplorer/mempool start`
			- BTCPay PostgreSQL: Replaced `sleep 3` with `pg_isready` health check (up to 30s)
			- Mempool MariaDB: Replaced `sleep 3` with connection check (up to 30s)
			- File Browser: Removed `--read-only` and `--cap-drop ALL` (was preventing database creation). Added separate `/database` volume mount.

			### 4. Build Skill Updated (`.claude/skills/build-iso/SKILL.md`)
			`- Added "Post-build: Publish to File Browser" step`
			- ISO gets copied to `/var/lib/archipelago/filebrowser/Builds/` after every build

			`## Fresh Install Issues Found on .198`
			`- Login was broken (fixed in #1)`
			`- Onboarding showed 502 errors at every step (fixed in #2)`
			`- Containers not launching: Bitcoin Knots, BTCPay, File Browser, Grafana, LND (fixed in #3)`
			- File Browser specifically: `--read-only` prevented database creation (fixed in #3)
			`- Could not fully diagnose .198 — went offline before SSH diagnostic completed`

			`## Deploy Steps When Servers Are Back`
			```bash
			`# 1. Deploy to live server`
			`./scripts/deploy-to-target.sh --live`

			`# 2. Sync build script`
			`rsync -avz -e "ssh -i ~/.ssh/archipelago-deploy" \`
			`image-recipe/build-auto-installer-iso.sh \`
			`archipelago@192.168.1.228:~/archy/image-recipe/`

			`# 3. Sync first-boot script`
			`rsync -avz -e "ssh -i ~/.ssh/archipelago-deploy" \`
			`scripts/first-boot-containers.sh \`
			`archipelago@192.168.1.228:~/archy/scripts/`

			`# 4. Build ISO on server`
			`ssh -i ~/.ssh/archipelago-deploy archipelago@192.168.1.228 \`
			`'cd ~/archy/image-recipe && sudo ./build-auto-installer-iso.sh'`

			`# 5. Copy to File Browser`
			`ssh -i ~/.ssh/archipelago-deploy archipelago@192.168.1.228 \`
			`'sudo mkdir -p /var/lib/archipelago/filebrowser/Builds && \`
			`sudo cp ~/archy/image-recipe/results/archipelago-installer-x86_64.iso \`
			`/var/lib/archipelago/filebrowser/Builds/'`

			`# 6. Download to Mac`
			`scp -i ~/.ssh/archipelago-deploy \`
			`archipelago@192.168.1.228:~/archy/image-recipe/results/archipelago-installer-x86_64.iso \`
			`~/Downloads/`
			```

			`## Files Modified (git diff summary)`
			- `image-recipe/build-auto-installer-iso.sh` — password fix + Dockerfile root password
			- `scripts/first-boot-containers.sh` — health checks + filebrowser fix
			- `scripts/deploy-to-target.sh` — Tor permission fixes (from earlier)
			- `neode-ui/src/views/OnboardingDid.vue` — auto-retry with timer
			- `neode-ui/src/views/OnboardingIdentity.vue` — server-starting detection
			- `neode-ui/src/views/OnboardingBackup.vue` — server-starting detection
			- `neode-ui/src/views/OnboardingVerify.vue` — server-starting detection
			- `.claude/skills/build-iso/SKILL.md` — added File Browser publish step
			- Frontend already built: `web/dist/neode-ui/` is up to date