diff --git a/core/Cargo.lock b/core/Cargo.lock index 37fa3cf3..1ef9fcda 100644 --- a/core/Cargo.lock +++ b/core/Cargo.lock @@ -80,7 +80,7 @@ checksum = "a23eb6b1614318a8071c9b2521f36b424b2c83db5eb3a0fead4a6c0809af6e61" [[package]] name = "archipelago" -version = "1.7.39-alpha" +version = "1.7.40-alpha" dependencies = [ "anyhow", "archipelago-container", diff --git a/core/archipelago/Cargo.toml b/core/archipelago/Cargo.toml index 4e3ead58..85dea42d 100644 --- a/core/archipelago/Cargo.toml +++ b/core/archipelago/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "archipelago" -version = "1.7.39-alpha" +version = "1.7.40-alpha" edition = "2021" description = "Archipelago Bitcoin Node OS - Native backend" authors = ["Archipelago Team"] diff --git a/neode-ui/package.json b/neode-ui/package.json index 0660c435..483ec639 100644 --- a/neode-ui/package.json +++ b/neode-ui/package.json @@ -1,7 +1,7 @@ { "name": "neode-ui", "private": true, - "version": "1.7.39-alpha", + "version": "1.7.40-alpha", "type": "module", "scripts": { "start": "./start-dev.sh", diff --git a/neode-ui/src/views/settings/AccountInfoSection.vue b/neode-ui/src/views/settings/AccountInfoSection.vue index 82921281..90993946 100644 --- a/neode-ui/src/views/settings/AccountInfoSection.vue +++ b/neode-ui/src/views/settings/AccountInfoSection.vue @@ -180,6 +180,16 @@ init()
+ +
+
+ v1.7.40-alpha + Apr 22, 2026 +
+
+

Proper fix for the 500 / Internal Server Error after update. The v1.7.38 and v1.7.39 frontend archives had the wrong permissions baked into the archive itself — the tarball's root directory entry was private, so every node that extracted it ended up with a web UI directory nginx couldn't read. v1.7.40 packages the archive with correct world-readable permissions from the start, so no node ever sees the 500 again.

+
+
diff --git a/releases/manifest.json b/releases/manifest.json index 6fcb1673..93e9c056 100644 --- a/releases/manifest.json +++ b/releases/manifest.json @@ -1,8 +1,8 @@ { - "version": "1.7.39-alpha", + "version": "1.7.40-alpha", "release_date": "2026-04-22", "changelog": [ - "Hotfix: on some nodes the v1.7.38 update landed the web UI directory with private permissions, so nginx returned 500 / Internal Server Error on every page. v1.7.39 fixes the updater to leave the new frontend world-readable, and the node now also self-heals on boot if it ever finds the UI in that state again.", + "Proper fix for the 500 / Internal Server Error after update. The v1.7.38 and v1.7.39 frontend archives had the wrong permissions baked into the archive itself — the tarball's root directory entry was private, so every node that extracted it ended up with a web UI directory nginx couldn't read. v1.7.40 packages the archive with correct world-readable permissions from the start, verified before the release is even cut.", "Signing in is quiet after the first boot. The intro music, welcome voice, and transition sounds only play during initial onboarding — every login after that is silent. Typing sounds in the search bar and dashboard are unaffected.", "Nodes that completed setup no longer get bounced back through the onboarding wizard after clearing browser cache, updating, or rebooting. The node self-heals so already-onboarded nodes always go straight to the login screen.", "Trimmed the App Store — FIPS, Nostr Relay, Nostr VPN, Routstr, and Penpot are no longer listed and their container images have been removed from all registries. Your node's built-in FIPS transport is untouched." @@ -11,18 +11,18 @@ { "name": "archipelago", "current_version": "1.7.37-alpha", - "new_version": "1.7.39-alpha", - "download_url": "https://git.tx1138.com/lfg2025/archy/raw/branch/main/releases/v1.7.39-alpha/archipelago", - "sha256": "533d5ff9421aba2a1b4acc981746da1692f6a2abb5101da5500f5f920c26fd3a", - "size_bytes": 41107808 + "new_version": "1.7.40-alpha", + "download_url": "https://git.tx1138.com/lfg2025/archy/raw/branch/main/releases/v1.7.40-alpha/archipelago", + "sha256": "5c8c0c6e4700f4da3e1cb58167ddea6d93f46d5c7d7f0352f7367b998c672708", + "size_bytes": 41107136 }, { - "name": "archipelago-frontend-1.7.39-alpha.tar.gz", + "name": "archipelago-frontend-1.7.40-alpha.tar.gz", "current_version": "1.7.37-alpha", - "new_version": "1.7.39-alpha", - "download_url": "https://git.tx1138.com/lfg2025/archy/raw/branch/main/releases/v1.7.39-alpha/archipelago-frontend-1.7.39-alpha.tar.gz", - "sha256": "e5dc5b51a1e72836688b7883b8032245aa252a33500d6eba37839569b5c5b17a", - "size_bytes": 162085565 + "new_version": "1.7.40-alpha", + "download_url": "https://git.tx1138.com/lfg2025/archy/raw/branch/main/releases/v1.7.40-alpha/archipelago-frontend-1.7.40-alpha.tar.gz", + "sha256": "0bb58abd5276c83d42a92b0f09697162a300f0222962ad52c8175fb4c904e3e8", + "size_bytes": 162084678 } ] } diff --git a/releases/v1.7.40-alpha/archipelago b/releases/v1.7.40-alpha/archipelago new file mode 100755 index 00000000..8f6df823 Binary files /dev/null and b/releases/v1.7.40-alpha/archipelago differ diff --git a/releases/v1.7.40-alpha/archipelago-frontend-1.7.40-alpha.tar.gz b/releases/v1.7.40-alpha/archipelago-frontend-1.7.40-alpha.tar.gz new file mode 100644 index 00000000..f1226319 Binary files /dev/null and b/releases/v1.7.40-alpha/archipelago-frontend-1.7.40-alpha.tar.gz differ diff --git a/scripts/create-release-manifest.sh b/scripts/create-release-manifest.sh index 5281261d..6327d3e7 100755 --- a/scripts/create-release-manifest.sh +++ b/scripts/create-release-manifest.sh @@ -87,8 +87,39 @@ if [ -z "$FRONTEND_ARCHIVE" ]; then echo " Including AIUI from demo/aiui/" cp -r "$PROJECT_ROOT/demo/aiui" "$STAGING_DIR/aiui" fi + # Force world-readable perms on every entry BEFORE tar, so the + # archive's internal mode bits are 755/644 regardless of what + # the staging dir's umask gave us. Without this, mktemp -d + # creates the staging dir at 700, that 700 gets baked into the + # tarball's root `./` entry, and every node that extracts the + # archive ends up with /opt/archipelago/web-ui at 700 — which + # causes nginx (www-data) to return 500 "permission denied" on + # every page. Bit us on the v1.7.38 + v1.7.39 rollouts. + chmod 755 "$STAGING_DIR" + find "$STAGING_DIR" -type d -exec chmod 755 {} + + find "$STAGING_DIR" -type f -exec chmod 644 {} + echo "Creating frontend archive $FRONTEND_ARCHIVE..." - tar -czf "$FRONTEND_ARCHIVE" -C "$STAGING_DIR" . + # --mode is a belt-and-braces in case a file's on-disk perms + # drift again; forces 755 dir / 644 file in the archive too. + tar --owner=0 --group=0 \ + --mode='u=rwX,go=rX' \ + -czf "$FRONTEND_ARCHIVE" \ + -C "$STAGING_DIR" . + # Verify the archive root entry is world-readable before we + # declare success — catches regressions in tar-flag handling + # (BSD tar, busybox tar) that might silently drop --mode. + root_mode=$(tar tvzf "$FRONTEND_ARCHIVE" | head -1 | awk '{print $1}') + case "$root_mode" in + drwxr-xr-x|drwxr-x*x*) + echo " Tarball root perms OK: $root_mode" + ;; + *) + echo " ERROR: tarball root perms are $root_mode (want drwxr-xr-x) — aborting release" + rm -f "$FRONTEND_ARCHIVE" + rm -rf "$STAGING_DIR" + exit 1 + ;; + esac rm -rf "$STAGING_DIR" fi fi