release(v1.6.0-alpha): refresh with bulletproof FIPS + VPN label fix

Supersedes the earlier v1.6.0-alpha artifacts from today (which were identical to v1.5.0-alpha and only existed for the update-flow smoke test). This drop actually changes behaviour: - archipelago-fips auto-activates on startup when fips_key exists; no Activate button needed. - fips_key on-disk format migrated to bech32 nsec; legacy raw-byte files from v1.5.0-alpha self-heal when this version reads them. - fips.yaml schema matches upstream jmcorgan/fips 0.3+. - VPN status row shows "Not configured" instead of "Starting…" when wg0 isn't up — no VPN peer added yet is not a failure state. New SHA256s + sizes in manifest.json. Fleet nodes .116/.228/.253 will notice within 30 min (periodic update-check). Also lets .198 self-heal its crashlooping archipelago-fips when it picks up the update. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-19 17:13:58 -04:00 · 2026-04-19 17:13:58 -04:00 · 78e7c59e78
commit 78e7c59e78
parent b643b30bba
4 changed files with 13 additions and 6 deletions
--- a/neode-ui/src/views/Server.vue
+++ b/neode-ui/src/views/Server.vue
@ -194,7 +194,7 @@
          <div class="w-2 h-2 rounded-full" :class="networkData.wgIp ? 'bg-green-400' : 'bg-white/20'"></div>
          <span class="text-xs text-white/50">Server Address</span>
        </div>
-        <span class="text-sm font-mono" :class="networkData.wgIp ? 'text-white' : 'text-white/30'">{{ networkData.wgIp || 'Starting...' }}</span>
+        <span class="text-sm font-mono" :class="networkData.wgIp ? 'text-white' : 'text-white/30'">{{ networkData.wgIp || 'Not configured' }}</span>
        <span v-if="networkData.wgPubkey" class="block text-xs font-mono text-white/30 mt-1 truncate">{{ networkData.wgPubkey }}</span>
      </div>

--- a/releases/manifest.json
+++ b/releases/manifest.json
@ -2,7 +2,14 @@
  "version": "1.6.0-alpha",
  "release_date": "2026-04-19",
  "changelog": [
-    "System-update flow smoke test — this release exists solely to validate the in-app update path end-to-end; there are no functional changes versus v1.5.0-alpha."
+    "Bulletproof FIPS from install — no Activate button needed. archipelago auto-starts the FIPS daemon once the seed-derived key exists on disk.",
+    "fips_key written as bech32 nsec (upstream fips daemon format). Auto-migrates legacy raw-byte files from v1.5.0-alpha on first load so existing installs self-heal on this OTA update.",
+    "fips.yaml schema updated to match upstream jmcorgan/fips 0.3+ (`node.identity.persistent: true`, `transports.udp.bind_addr`). Old schema made the daemon crashloop with 'data did not match any variant of untagged enum TransportInstances'.",
+    "ISO: archipelago-fips / archipelago-wg / archipelago-wg-address services no longer masked — ConditionPathExists gates them quietly pre-onboarding. nostr-vpn stays masked (deprecated).",
+    "ISO: persistent journalctl (500M cap) so install, first-boot, and onboarding history survive reboots for post-mortem diagnosis.",
+    "ISO build: verify_backend_version() refuses to ship a binary whose embedded version doesn't match core/archipelago/Cargo.toml. Catches the stale-local-build regression that shipped v1.4.0 binaries inside v1.5.0-alpha ISOs.",
+    "ISO build: installer-env script passed as a bind-mounted file instead of inline `bash -c '…'` — works around a podman/overlay edge case that bricked every rebuild today at debootstrap's first tar extraction.",
+    "VPN status UI: shows 'Not configured' instead of 'Starting…' when no VPN peer has been added yet (wg0 legitimately isn't up; 'Starting' implied something was broken)."
  ],
  "components": [
    {
@ -10,16 +17,16 @@
      "current_version": "1.5.0-alpha",
      "new_version": "1.6.0-alpha",
      "download_url": "https://git.tx1138.com/lfg2025/archy/raw/branch/main/releases/v1.6.0-alpha/archipelago",
-      "sha256": "a65da755af87a4bc6b0ab2e2db376e0ea8a663ef78bfeebf541d576bf0104676",
-      "size_bytes": 40262192
+      "sha256": "04b472a80ddebb4ca089455a831d8cf82a0522cc9b289a5b66bf53dc57ff466b",
+      "size_bytes": 40310192
    },
    {
      "name": "archipelago-frontend-1.6.0-alpha.tar.gz",
      "current_version": "1.5.0-alpha",
      "new_version": "1.6.0-alpha",
      "download_url": "https://git.tx1138.com/lfg2025/archy/raw/branch/main/releases/v1.6.0-alpha/archipelago-frontend-1.6.0-alpha.tar.gz",
-      "sha256": "4ece4f264c25c30a7a4e9c2c573c4b34a566f17572d21e531b8087e187e5f1fd",
-      "size_bytes": 76985962
+      "sha256": "9118ac5a392c7501d1bf35c8b2c328d00a3b3f0845cb2e5f72fd4337b5687c0c",
+      "size_bytes": 76985839
    }
  ]
 }
--- a/releases/v1.6.0-alpha/archipelago
+++ b/releases/v1.6.0-alpha/archipelago
--- a/releases/v1.6.0-alpha/archipelago-frontend-1.6.0-alpha.tar.gz
+++ b/releases/v1.6.0-alpha/archipelago-frontend-1.6.0-alpha.tar.gz