-
release(v1.7.40-alpha): fix tarball root perms at source so OTA can't 500 again
Ghost
released this
2026-04-22 17:54:44 +00:00 | 522 commits to main since this releasev1.7.38 and v1.7.39 both shipped with
./inside the frontend tarball marked
drwx------ (700). Tar extraction preserves archive perms, so every node that
pulled the OTA landed with /opt/archipelago/web-ui at 700, nginx (www-data)
returned 500 "permission denied" on every page, and the browser showed
"Internal Server Error nginx". .116 hit this on both v1.7.38 and v1.7.39
rollouts. The v1.7.39 runtime self-heal in main.rs was the wrong layer —
systemd's ReadOnlyPaths namespace made /opt/archipelago read-only from inside
the archipelago service, so chmod from there returned EROFS.Root cause: create-release-manifest.sh used mktemp -d (700 default umask) for
staging, then tar preserved that 700 in the archive's root entry.Fix the archive itself:
- chmod 755 staging dir +
find -type d -exec chmod 755+-type f chmod 644
before tar, so the on-disk entries are correct. - tar --owner=0 --group=0 --mode='u=rwX,go=rX' to normalize archive perms
belt-and-braces in case file-mode drift ever reappears. - Post-tar verify:
tar tvzf | head -1must show drwxr-xr-x at root, or
the release script aborts before the manifest is even generated.
Binary unchanged semantically — the main.rs self-heal stays in as a last-
resort belt (can't hurt on nodes whose FS isn't namespace-isolated), and the
update.rs in-extractor chmod stays in so v1.7.40-onwards extractors are
double-safe. The authoritative fix is the archive.Co-Authored-By: Claude Opus 4.7 (1M context) noreply@anthropic.com
Downloads
- chmod 755 staging dir +