From be8e5ee46bd976179ab26c4f7fd25ffc884384b8 Mon Sep 17 00:00:00 2001 From: Dorian Date: Mon, 20 Apr 2026 16:40:25 -0400 Subject: [PATCH] release(v1.7.14-alpha): install overlay + FIPS real fix + AIUI restore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Install UX SystemUpdate.vue now shows a full-screen overlay after apply: the BitcoinFaceAscii logo, a target-version label, an indeterminate progress stripe (solid orange; solid green on ready), and an elapsed-time readout. Polls /health every 1.5s and auto-reloads once the backend reports the new version. 3-min stall → "Reload now" button. Download UI also shows a spinner + "Finishing download — verifying checksum…" while the fake bar sits at 95%. FIPS reconnect — for real this time New fips.reconnect RPC does stop → start → wait 20s → re-poll → classify. Classification buckets: connected / daemon_down / no_seed_key / no_outbound_udp_or_anchor_down / peers_but_no_anchor, each with a plain-language hint surfaced verbatim by the Reconnect button. The real reason nodes like .198/.253 couldn't reach the anchor: identity::write_fips_key_from_seed was writing fips_key.pub as a bech32 npub TEXT file, but upstream fips expects 32 raw bytes. The daemon silently authenticated with garbage. Fix: PublicKey::to_bytes() → raw 32 bytes, and new fips::config::normalize_pub_file migrates legacy files by decoding the npub and rewriting in place. fips.reconnect also re-installs the config + healed keys to /etc/fips before restarting. AIUI preservation + restore apply_update was wiping /opt/archipelago/web-ui/aiui because the Vue build doesn't include it — every OTA lost the Claude sidebar. The preserve block now copies aiui/ + archipelago-companion.apk from the old web-ui into the staging dir before the swap, and prefers new-tar versions if present. To restore it on the three nodes that already lost it (.116/.198/.253), this release bundles the 85 MB aiui build into the frontend tarball. Frontend component size is now ~155 MB. Download / install timeouts Backend download client timeout 1800s → 3600s (1 h). Larger tarball + slow gitea raw throughput put us above the old cap. Frontend update.download rpc timeout 30 min → 65 min to match. package.install rpc timeout 15 min → 45 min — IndeedHub pulls 6 images and was timing out mid-install. UI nit "Rollback to Previous" → "Rollback Available". App-catalog proxy already landed in v1.7.13. Artefacts: archipelago 725e18e6…3c525e6 40462288 archipelago-frontend-1.7.14-alpha.tar.gz c35284be…ff2c16 162077052 (+aiui) Co-Authored-By: Claude Opus 4.7 (1M context) --- core/Cargo.lock | 2 +- core/archipelago/Cargo.toml | 2 +- core/archipelago/src/api/rpc/dispatcher.rs | 1 + core/archipelago/src/api/rpc/fips.rs | 85 +++++++ core/archipelago/src/fips/config.rs | 54 +++++ core/archipelago/src/identity.rs | 14 +- core/archipelago/src/update.rs | 22 +- neode-ui/src/api/rpc-client.ts | 6 +- neode-ui/src/locales/en.json | 10 +- neode-ui/src/locales/es.json | 10 +- neode-ui/src/views/SystemUpdate.vue | 219 ++++++++++++++++-- neode-ui/src/views/server/FipsNetworkCard.vue | 32 ++- 12 files changed, 414 insertions(+), 43 deletions(-) diff --git a/core/Cargo.lock b/core/Cargo.lock index fe7f5725..31ee70c6 100644 --- a/core/Cargo.lock +++ b/core/Cargo.lock @@ -80,7 +80,7 @@ checksum = "a23eb6b1614318a8071c9b2521f36b424b2c83db5eb3a0fead4a6c0809af6e61" [[package]] name = "archipelago" -version = "1.7.13-alpha" +version = "1.7.14-alpha" dependencies = [ "anyhow", "archipelago-container", diff --git a/core/archipelago/Cargo.toml b/core/archipelago/Cargo.toml index 74f2bb59..9e22dec3 100644 --- a/core/archipelago/Cargo.toml +++ b/core/archipelago/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "archipelago" -version = "1.7.13-alpha" +version = "1.7.14-alpha" edition = "2021" description = "Archipelago Bitcoin Node OS - Native backend" authors = ["Archipelago Team"] diff --git a/core/archipelago/src/api/rpc/dispatcher.rs b/core/archipelago/src/api/rpc/dispatcher.rs index 55206dbc..88187771 100644 --- a/core/archipelago/src/api/rpc/dispatcher.rs +++ b/core/archipelago/src/api/rpc/dispatcher.rs @@ -413,6 +413,7 @@ impl RpcHandler { "fips.apply-update" => self.handle_fips_apply_update().await, "fips.install" => self.handle_fips_install().await, "fips.restart" => self.handle_fips_restart().await, + "fips.reconnect" => self.handle_fips_reconnect().await, // System updates "update.check" => self.handle_update_check().await, diff --git a/core/archipelago/src/api/rpc/fips.rs b/core/archipelago/src/api/rpc/fips.rs index 3013f68a..6abcf899 100644 --- a/core/archipelago/src/api/rpc/fips.rs +++ b/core/archipelago/src/api/rpc/fips.rs @@ -44,4 +44,89 @@ impl RpcHandler { fips::service::restart(fips::SERVICE_UNIT).await?; Ok(serde_json::json!({ "restarted": true })) } + + /// Full reconnect: stop the daemon, bring it back, wait for the DHT + /// bootstrap window, poll the identity-cache + peer list, and + /// classify what recovered (or didn't) so the UI can explain it to + /// the user instead of showing a generic failure. + /// + /// Runtime: ~20s. Needs an RPC timeout ≥ 45s on the client. + pub(super) async fn handle_fips_reconnect(&self) -> Result { + let identity_dir = fips::identity_dir_from(&self.config.data_dir); + let before = fips::FipsStatus::query(&identity_dir).await; + + // Heal the pre-fix bech32-text fips_key.pub → 32-raw-bytes + // mismatch. The daemon silently authenticates with a garbage + // pubkey when the .pub file is 63-char text, which looks like + // "anchor unreachable" to the user even though the real fault + // was an identity malformed on the node itself. Re-install the + // config + keys so /etc/fips gets the healed .pub. + let key_src = identity_dir.join("fips_key"); + let pub_src = identity_dir.join("fips_key.pub"); + if key_src.exists() { + let _ = fips::config::normalize_pub_file(&key_src, &pub_src).await; + // Re-install refreshes /etc/fips/fips.pub from the healed + // source. No-op if nothing changed. + let _ = fips::config::install(&identity_dir).await; + } + + // Clean stop+start rather than `restart`, so a daemon that + // fails to come back up surfaces as service_active=false + // instead of quietly sticking with the old process. + let _ = fips::service::stop(fips::SERVICE_UNIT).await; + tokio::time::sleep(std::time::Duration::from_millis(800)).await; + fips::service::activate(fips::SERVICE_UNIT).await?; + + // Anchor bootstrap window: poll the status every ~3s for up to + // 20s. Bail as soon as the anchor is connected. + let mut last_status: Option = None; + let deadline = std::time::Instant::now() + std::time::Duration::from_secs(20); + loop { + tokio::time::sleep(std::time::Duration::from_secs(3)).await; + let s = fips::FipsStatus::query(&identity_dir).await; + if s.anchor_connected { + last_status = Some(s); + break; + } + last_status = Some(s); + if std::time::Instant::now() >= deadline { + break; + } + } + let after = last_status.unwrap_or_else(|| before.clone()); + + let recovered = after.anchor_connected && !before.anchor_connected; + let likely_cause = if after.anchor_connected { + "connected" + } else if !after.service_active { + "daemon_down" + } else if !after.key_present { + "no_seed_key" + } else if after.authenticated_peer_count == 0 { + // Daemon is up with a key but hasn't authenticated any + // peers — almost always outbound UDP/8668 dropped by the + // local firewall/router, or the anchor itself being down. + "no_outbound_udp_or_anchor_down" + } else { + "peers_but_no_anchor" + }; + let hint = match likely_cause { + "connected" => "Anchor is reachable.", + "daemon_down" => "The FIPS daemon didn't come back up — check archipelago-fips.service.", + "no_seed_key" => "No seed-derived FIPS key on disk. Re-run the onboarding unlock step.", + "no_outbound_udp_or_anchor_down" => + "Daemon is running but no peers handshook. Your router / ISP might be blocking outbound UDP 8668, or the anchor (fips.v0l.io) could be down.", + "peers_but_no_anchor" => + "Mesh has peers but the anchor hasn't been seen yet. Give it a minute and re-check.", + _ => "", + }; + + Ok(serde_json::json!({ + "recovered": recovered, + "likely_cause": likely_cause, + "hint": hint, + "before": before, + "after": after, + })) + } } diff --git a/core/archipelago/src/fips/config.rs b/core/archipelago/src/fips/config.rs index 74c63fd3..b6083dec 100644 --- a/core/archipelago/src/fips/config.rs +++ b/core/archipelago/src/fips/config.rs @@ -78,11 +78,65 @@ pub async fn install(identity_dir: &Path) -> Result<()> { install_result?; sudo_install_file(&src_key, DAEMON_KEY_PATH, "0600").await?; + // Heal a legacy fips_key.pub that was written as bech32 npub text + // (pre-fix identity::write_fips_key_from_seed did this). Upstream + // fips expects 32 raw bytes; a text file silently passes through + // and then the daemon can't identify itself to peers. This + // rewrites the source file in place with the correct binary form + // derived from fips_key before staging it to /etc/fips/fips.pub. + normalize_pub_file(&src_key, &src_pub).await?; sudo_install_file(&src_pub, DAEMON_PUB_PATH, "0644").await?; Ok(()) } +/// Ensure `fips_key.pub` is 32 raw bytes. If it's a bech32 npub text +/// file (from the pre-fix writer), decode it and rewrite in place. If +/// the file is missing or its content doesn't match either format, +/// re-derive the public key from `fips_key` and write that. +pub async fn normalize_pub_file(key_path: &Path, pub_path: &Path) -> Result<()> { + // Happy path: already 32 raw bytes. + if let Ok(bytes) = tokio::fs::read(pub_path).await { + if bytes.len() == 32 { + return Ok(()); + } + // bech32 npub text from the pre-fix writer: decode in place. + if let Ok(s) = std::str::from_utf8(&bytes) { + let trimmed = s.trim(); + if trimmed.starts_with("npub1") { + if let Ok(pk) = nostr_sdk::PublicKey::parse(trimmed) { + let raw: [u8; 32] = pk.to_bytes(); + tokio::fs::write(pub_path, raw) + .await + .context("rewriting fips_key.pub as 32 raw bytes")?; + tracing::info!( + "Migrated legacy bech32 fips_key.pub to raw-byte form at {}", + pub_path.display() + ); + return Ok(()); + } + } + } + } + + // Fallback: no pub file, or unreadable format. Re-derive from the + // private key file (already validated by load_fips_keys). + let secret_bytes = tokio::fs::read(key_path) + .await + .with_context(|| format!("read {} to derive public", key_path.display()))?; + let text = std::str::from_utf8(&secret_bytes) + .context("fips_key is not UTF-8 — can't derive public")?; + let secret = nostr_sdk::SecretKey::parse(text.trim()) + .context("fips_key not parseable as bech32 nsec")?; + let keys = nostr_sdk::Keys::new(secret); + let raw: [u8; 32] = keys.public_key().to_bytes(); + tokio::fs::write(pub_path, raw) + .await + .context("writing re-derived fips_key.pub")?; + tracing::info!("Re-derived fips_key.pub from fips_key"); + Ok(()) +} + async fn sudo_install_dir(path: &str) -> Result<()> { let out = Command::new("sudo") .args(["install", "-d", "-m", "0755", path]) diff --git a/core/archipelago/src/identity.rs b/core/archipelago/src/identity.rs index e32bc077..fb0c6e58 100644 --- a/core/archipelago/src/identity.rs +++ b/core/archipelago/src/identity.rs @@ -219,14 +219,22 @@ async fn write_fips_key_from_seed( .await .context("Failed to set FIPS key permissions")?; } - let npub = keys.public_key().to_bech32().unwrap_or_default(); - fs::write(&pub_path, format!("{npub}\n")) + // Upstream fips daemon expects 32 raw bytes in /etc/fips/fips.pub — + // not a bech32 npub string. Writing the bech32 form here meant the + // installed .pub file was a 63-char text file the daemon parsed as + // 63 raw bytes of garbage, so it couldn't identify itself to peers + // and the anchor never handshook. Write the raw public-key bytes + // (PublicKey::to_bytes returns a [u8; 32]) so the daemon reads + // them directly. + let raw_pub: [u8; 32] = keys.public_key().to_bytes(); + fs::write(&pub_path, raw_pub) .await .context("Failed to write FIPS public key")?; + let npub_for_log = keys.public_key().to_bech32().unwrap_or_default(); tracing::info!( "Derived FIPS mesh key from seed (npub: {}...)", - npub.chars().take(20).collect::() + npub_for_log.chars().take(20).collect::() ); Ok(()) } diff --git a/core/archipelago/src/update.rs b/core/archipelago/src/update.rs index f19a25ff..3fa9d1be 100644 --- a/core/archipelago/src/update.rs +++ b/core/archipelago/src/update.rs @@ -176,7 +176,12 @@ pub async fn download_update(data_dir: &Path) -> Result { .context("Failed to create staging dir")?; let client = reqwest::Client::builder() - .timeout(std::time::Duration::from_secs(1800)) + // 1h per component — the bundled frontend+aiui tarball sits at + // ~160 MB and git.tx1138.com raw serves at ~70 KB/s which puts + // the worst case above the old 30 min cap. A larger timeout + // with a tight connect_timeout keeps hung connections from + // swallowing the whole budget. + .timeout(std::time::Duration::from_secs(3600)) .connect_timeout(std::time::Duration::from_secs(30)) .build() .context("Failed to create HTTP client")?; @@ -369,6 +374,21 @@ pub async fn apply_update(data_dir: &Path) -> Result<()> { ]) .await; + // Preserve paths that are installed outside the Vue build + // (baked in by the ISO or sibling installers) and so + // aren't in the new tarball. Without this copy, every OTA + // wipes them — notably aiui/ (Claude Code sidebar) and + // the companion APK. `cp -a` preserves mode/ownership. + for preserved in ["aiui", "archipelago-companion.apk"] { + let src = format!("{}/{}", web_ui, preserved); + let dst = format!("{}/{}", staging_new, preserved); + // Only preserve the old copy if the new tarball + // doesn't already ship a fresher one. + if Path::new(&src).exists() && !Path::new(&dst).exists() { + let _ = host_sudo(&["cp", "-a", &src, &dst]).await; + } + } + // Swap: mv current web-ui aside, then mv new into place. if Path::new(web_ui).exists() { let mv_old = host_sudo(&["mv", web_ui, &staging_old]) diff --git a/neode-ui/src/api/rpc-client.ts b/neode-ui/src/api/rpc-client.ts index 40b5e800..cc5f2107 100644 --- a/neode-ui/src/api/rpc-client.ts +++ b/neode-ui/src/api/rpc-client.ts @@ -525,7 +525,11 @@ class RPCClient { return this.call({ method: 'package.install', params: { id, 'marketplace-url': marketplaceUrl, version }, - timeout: 900000, // 15 min — multi-GB stacks (IndeedHub, Bitcoin, Penpot) take time + // 45 min — IndeedHub is 6 images and gitea raw-file throughput is + // ~70 KB/s per image; 15 min was short enough to kill the install + // mid-pull and land the user on a "didn't work" screen while the + // backend kept working in the background. + timeout: 2700000, }) } diff --git a/neode-ui/src/locales/en.json b/neode-ui/src/locales/en.json index 75e9ad6f..2c3d8d74 100644 --- a/neode-ui/src/locales/en.json +++ b/neode-ui/src/locales/en.json @@ -666,7 +666,7 @@ "applyUpdate": "Install Update", "checkForUpdates": "Check for Updates", "checking": "Checking...", - "rollback": "Rollback to Previous", + "rollback": "Rollback Available", "backToSettings": "Back to Settings", "percentComplete": "{percent}% complete", "applyWarning": "Installing components and restarting services. Do not power off.", @@ -685,6 +685,14 @@ "rollbackSuccess": "Rolled back to previous version. Service will restart.", "rollbackFailed": "Rollback failed.", "pullAndRebuild": "Pull & Rebuild", + "finishingDownload": "Finishing download — verifying checksum…", + "overlayApplying": "Installing update…", + "overlayRestarting": "Restarting server…", + "overlayReconnecting": "Reconnecting to the new version…", + "overlayReady": "Update installed — reloading…", + "overlayStalled": "Taking longer than expected", + "overlayTarget": "Installing v{version}", + "overlayReloadNow": "Reload now", "gitMethodHint": "This node builds from source. Update will git-pull, rebuild the backend and UI, then restart — takes a few minutes.", "gitApplyTitle": "Pull & Rebuild?", "gitApplyMessage": "Archipelago will pull the latest code, rebuild, and restart. This can take several minutes and the UI will be briefly unavailable.", diff --git a/neode-ui/src/locales/es.json b/neode-ui/src/locales/es.json index 4ab451e5..d6ea299f 100644 --- a/neode-ui/src/locales/es.json +++ b/neode-ui/src/locales/es.json @@ -665,7 +665,7 @@ "applyUpdate": "Instalar actualizaci\u00f3n", "checkForUpdates": "Buscar actualizaciones", "checking": "Verificando...", - "rollback": "Revertir a la versi\u00f3n anterior", + "rollback": "Rollback disponible", "backToSettings": "Volver a configuraci\u00f3n", "percentComplete": "{percent}% completado", "applyWarning": "Instalando componentes y reiniciando servicios. No apague el equipo.", @@ -684,6 +684,14 @@ "rollbackSuccess": "Se revirti\u00f3 a la versi\u00f3n anterior. El servicio se reiniciar\u00e1.", "rollbackFailed": "Error al revertir.", "pullAndRebuild": "Pull y Recompilar", + "finishingDownload": "Terminando descarga — verificando checksum…", + "overlayApplying": "Instalando actualizaci\u00f3n…", + "overlayRestarting": "Reiniciando servidor…", + "overlayReconnecting": "Reconectando a la nueva versi\u00f3n…", + "overlayReady": "Actualizaci\u00f3n instalada — recargando…", + "overlayStalled": "Tardando m\u00e1s de lo esperado", + "overlayTarget": "Instalando v{version}", + "overlayReloadNow": "Recargar ahora", "gitMethodHint": "Este nodo compila desde el c\u00f3digo fuente. La actualizaci\u00f3n har\u00e1 git-pull, recompilar\u00e1 y reiniciar\u00e1 — tarda unos minutos.", "gitApplyTitle": "\u00bfPull y Recompilar?", "gitApplyMessage": "Archipelago descargar\u00e1 el c\u00f3digo m\u00e1s reciente, lo compilar\u00e1 y reiniciar\u00e1. Puede tardar varios minutos y la UI estar\u00e1 brevemente no disponible.", diff --git a/neode-ui/src/views/SystemUpdate.vue b/neode-ui/src/views/SystemUpdate.vue index f91bdd75..f7bed4ee 100644 --- a/neode-ui/src/views/SystemUpdate.vue +++ b/neode-ui/src/views/SystemUpdate.vue @@ -113,7 +113,14 @@ :style="{ width: downloadPercentFormatted + '%' }" > -

{{ t('systemUpdate.percentComplete', { percent: downloadPercentFormatted }) }}

+
+
+

+ {{ downloadFinishing + ? t('systemUpdate.finishingDownload') + : t('systemUpdate.percentComplete', { percent: downloadPercentFormatted }) }} +

+
@@ -176,6 +183,67 @@ + + + +
+ +
+ +
+ + +
+

+ {{ installStage === 'applying' ? t('systemUpdate.overlayApplying') + : installStage === 'restarting' ? t('systemUpdate.overlayRestarting') + : installStage === 'reconnecting' ? t('systemUpdate.overlayReconnecting') + : installStage === 'ready' ? t('systemUpdate.overlayReady') + : t('systemUpdate.overlayStalled') }} +

+

+ {{ t('systemUpdate.overlayTarget', { version: installTargetVersion }) }} +

+ + +
+
+
+
+
+ +

{{ installElapsedLabel }}

+ + +
+
+ + +
@@ -221,6 +289,7 @@ import { ref, computed, onMounted } from 'vue' import { useI18n } from 'vue-i18n' import { RouterLink } from 'vue-router' import { rpcClient } from '@/api/rpc-client' +import BitcoinFaceAscii from '@/views/discover/BitcoinFaceAscii.vue' interface UpdateDetail { version: string @@ -255,6 +324,78 @@ const statusMessage = ref('') const statusIsError = ref(false) const downloadPercent = ref(0) const downloadPercentFormatted = computed(() => downloadPercent.value.toFixed(2)) +// Shown next to the progress bar when the fake increment has maxed out +// at 95% but the real RPC hasn't returned yet — lets the user know the +// UI hasn't frozen while SHA verification and disk writes finish. +const downloadFinishing = computed(() => downloading.value && downloadPercent.value >= 95) + +// Install overlay state — drives the full-screen progress modal shown +// while the backend swaps files, restarts, and comes back up on the +// new version. The overlay polls /health and auto-reloads the browser +// as soon as the backend reports the target version, so the user +// doesn't need to manually refresh. +type InstallStage = 'applying' | 'restarting' | 'reconnecting' | 'ready' | 'stalled' +const installing = ref(false) +const installStage = ref('applying') +const installTargetVersion = ref(null) +const installStartedAt = ref(0) +const installElapsedSec = ref(0) +let installPollTimer: ReturnType | null = null +let installElapsedTimer: ReturnType | null = null +const installElapsedLabel = computed(() => { + const s = installElapsedSec.value + if (s < 60) return `Elapsed: ${s}s` + return `Elapsed: ${Math.floor(s / 60)}m${s % 60 < 10 ? '0' : ''}${s % 60}s` +}) +function startInstallOverlay(targetVersion: string) { + installing.value = true + installStage.value = 'applying' + installTargetVersion.value = targetVersion + installStartedAt.value = Date.now() + installElapsedSec.value = 0 + // Tick an elapsed counter once per second for the UI. + installElapsedTimer = setInterval(() => { + installElapsedSec.value = Math.floor((Date.now() - installStartedAt.value) / 1000) + // Stop polling after 3 min — surface the manual reload button. + if (installElapsedSec.value >= 180 && installStage.value !== 'ready') { + installStage.value = 'stalled' + } + }, 1000) + // Start polling /health after a short delay — the backend restarts 2s + // after replying to update.apply, so an immediate poll would see the + // old backend and conclude nothing happened. + setTimeout(() => { + installStage.value = 'restarting' + installPollTimer = setInterval(pollHealth, 1500) + }, 2500) +} +async function pollHealth() { + if (installStage.value === 'ready' || installStage.value === 'stalled') return + try { + const res = await fetch('/health', { signal: AbortSignal.timeout(2000) }) + if (!res.ok) throw new Error(`health ${res.status}`) + const data = await res.json() as { version?: string } + if (data.version && data.version === installTargetVersion.value) { + installStage.value = 'ready' + if (installPollTimer) { clearInterval(installPollTimer); installPollTimer = null } + // Brief pause so the user sees the "Ready" state before the reload. + setTimeout(() => { window.location.reload() }, 1200) + } else { + // Backend is up but still reporting the old version — frontend + // and backend are mid-swap. Signal to the user. + installStage.value = 'reconnecting' + } + } catch { + // Fetch fails while the server is mid-restart. Stay in 'restarting'. + } +} +function reloadNow() { window.location.reload() } +// Cleanup if the component is torn down mid-install (unlikely but safe). +import { onBeforeUnmount } from 'vue' +onBeforeUnmount(() => { + if (installPollTimer) clearInterval(installPollTimer) + if (installElapsedTimer) clearInterval(installElapsedTimer) +}) const lastCheckDisplay = computed(() => { if (!lastCheck.value) return t('common.never') @@ -359,7 +500,7 @@ async function downloadUpdate() { total_bytes: number downloaded_bytes: number components_downloaded: number - }>({ method: 'update.download', timeout: 1_800_000 }) + }>({ method: 'update.download', timeout: 3_900_000 }) downloadPercent.value = 100 downloaded.value = true const sizeMB = (res.downloaded_bytes / 1_048_576).toFixed(1) @@ -395,40 +536,50 @@ async function executeConfirm() { if (action === 'apply') { await applyUpdate() } else if (action === 'git-apply') { - await applyUpdateGit() + await applyUpdateGitWithOverlay() } else if (action === 'rollback') { await rollbackUpdate() } } -async function applyUpdateGit() { - applying.value = true - statusMessage.value = '' - try { - await rpcClient.call({ method: 'update.git-apply', timeout: 900_000 }) - showStatus(t('systemUpdate.gitApplyStarted')) - updateInfo.value = null - } catch (e) { - showStatus(t('systemUpdate.applyFailed'), true) - if (import.meta.env.DEV) console.warn('Git apply failed', e) - } finally { - applying.value = false - } -} - async function applyUpdate() { applying.value = true statusMessage.value = '' + const target = updateInfo.value?.version || null try { await rpcClient.call({ method: 'update.apply', timeout: 300_000 }) - showStatus(t('systemUpdate.applySuccess')) - updateInfo.value = null - downloaded.value = false - await loadStatus() + // Apply succeeded. Backend scheduled a restart 2s after returning; + // show the full-screen overlay while we wait for the new backend + // to report the target version, then auto-reload. + applying.value = false + if (target) { + startInstallOverlay(target) + } else { + // No target version known (legacy path) — fall back to the old + // flash-and-reload behaviour. + showStatus(t('systemUpdate.applySuccess')) + setTimeout(() => window.location.reload(), 3000) + } } catch (e) { showStatus(t('systemUpdate.applyFailed'), true) if (import.meta.env.DEV) console.warn('Apply failed', e) - } finally { + applying.value = false + } +} + +async function applyUpdateGitWithOverlay() { + // Git-apply (dev path) also restarts the service — reuse the overlay + // so the UX matches the manifest path. Target version isn't known up + // front for git-apply; we just wait for a version change on /health. + applying.value = true + statusMessage.value = '' + try { + await rpcClient.call({ method: 'update.git-apply', timeout: 900_000 }) + applying.value = false + startInstallOverlay(updateInfo.value?.version || currentVersion.value) + } catch (e) { + showStatus(t('systemUpdate.applyFailed'), true) + if (import.meta.env.DEV) console.warn('Git apply failed', e) applying.value = false } } @@ -469,3 +620,25 @@ onMounted(() => { Promise.all([loadStatus(), loadSchedule(), checkForUpdates()]) }) + + diff --git a/neode-ui/src/views/server/FipsNetworkCard.vue b/neode-ui/src/views/server/FipsNetworkCard.vue index 011cb30e..07d7a3ec 100644 --- a/neode-ui/src/views/server/FipsNetworkCard.vue +++ b/neode-ui/src/views/server/FipsNetworkCard.vue @@ -180,21 +180,31 @@ async function installAndActivate() { } } -// Restart the FIPS daemon to kick it back onto the public anchor. Stale -// identity-cache entries are the usual cause of "not reached"; systemctl -// restart clears them and re-runs the bootstrap handshake. +// Restart the FIPS daemon and wait for the anchor bootstrap window. +// The backend runs a proper recovery sequence (stop → start → wait → +// classify) and returns a structured diagnostic we can show the user +// instead of a generic "still unreachable". async function reconnectAnchor() { reconnecting.value = true try { - await rpcClient.call({ method: 'fips.restart', timeout: 45_000 }) - // Give the daemon a few seconds to come back and re-populate its - // identity cache before we re-query status. - await new Promise((resolve) => setTimeout(resolve, 5000)) - await loadStatus() - if (status.value.anchor_connected) { - flash('Anchor reconnected') + const res = await rpcClient.call<{ + recovered: boolean + likely_cause: string + hint: string + after: FipsStatus + }>({ method: 'fips.reconnect', timeout: 60_000 }) + // Update the card with the post-reconnect status returned by the + // backend — avoids an extra status fetch race. + status.value = { ...status.value, ...res.after } + if (res.recovered) { + flash('Anchor reconnected.') + } else if (res.likely_cause === 'connected') { + // Already connected, not a "recovery" per se. + flash('Anchor is reachable.') } else { - flash('FIPS restarted — anchor still reporting unreachable. Check network / firewall.', true) + // Surface the backend's diagnostic hint verbatim — it's been + // written for the fleet reader. + flash(res.hint || 'Reconnect finished but anchor is still unreachable.', true) } } catch (e: unknown) { const msg = e instanceof Error ? e.message : String(e)