50744952b7
Some checks failed
Build Archipelago ISO (dev) / build-iso (push) Has been cancelled
v1.7.38 and v1.7.39 both shipped with `./` inside the frontend tarball marked drwx------ (700). Tar extraction preserves archive perms, so every node that pulled the OTA landed with /opt/archipelago/web-ui at 700, nginx (www-data) returned 500 "permission denied" on every page, and the browser showed "Internal Server Error nginx". .116 hit this on both v1.7.38 and v1.7.39 rollouts. The v1.7.39 runtime self-heal in main.rs was the wrong layer — systemd's ReadOnlyPaths namespace made /opt/archipelago read-only from inside the archipelago service, so chmod from there returned EROFS. Root cause: create-release-manifest.sh used mktemp -d (700 default umask) for staging, then tar preserved that 700 in the archive's root entry. Fix the archive itself: - chmod 755 staging dir + `find -type d -exec chmod 755` + `-type f chmod 644` before tar, so the on-disk entries are correct. - tar --owner=0 --group=0 --mode='u=rwX,go=rX' to normalize archive perms belt-and-braces in case file-mode drift ever reappears. - Post-tar verify: `tar tvzf | head -1` must show drwxr-xr-x at root, or the release script aborts before the manifest is even generated. Binary unchanged semantically — the main.rs self-heal stays in as a last- resort belt (can't hurt on nodes whose FS isn't namespace-isolated), and the update.rs in-extractor chmod stays in so v1.7.40-onwards extractors are double-safe. The authoritative fix is the archive. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
29 lines
1.9 KiB
JSON
29 lines
1.9 KiB
JSON
{
|
|
"version": "1.7.40-alpha",
|
|
"release_date": "2026-04-22",
|
|
"changelog": [
|
|
"Proper fix for the 500 / Internal Server Error after update. The v1.7.38 and v1.7.39 frontend archives had the wrong permissions baked into the archive itself — the tarball's root directory entry was private, so every node that extracted it ended up with a web UI directory nginx couldn't read. v1.7.40 packages the archive with correct world-readable permissions from the start, verified before the release is even cut.",
|
|
"Signing in is quiet after the first boot. The intro music, welcome voice, and transition sounds only play during initial onboarding — every login after that is silent. Typing sounds in the search bar and dashboard are unaffected.",
|
|
"Nodes that completed setup no longer get bounced back through the onboarding wizard after clearing browser cache, updating, or rebooting. The node self-heals so already-onboarded nodes always go straight to the login screen.",
|
|
"Trimmed the App Store — FIPS, Nostr Relay, Nostr VPN, Routstr, and Penpot are no longer listed and their container images have been removed from all registries. Your node's built-in FIPS transport is untouched."
|
|
],
|
|
"components": [
|
|
{
|
|
"name": "archipelago",
|
|
"current_version": "1.7.37-alpha",
|
|
"new_version": "1.7.40-alpha",
|
|
"download_url": "https://git.tx1138.com/lfg2025/archy/raw/branch/main/releases/v1.7.40-alpha/archipelago",
|
|
"sha256": "5c8c0c6e4700f4da3e1cb58167ddea6d93f46d5c7d7f0352f7367b998c672708",
|
|
"size_bytes": 41107136
|
|
},
|
|
{
|
|
"name": "archipelago-frontend-1.7.40-alpha.tar.gz",
|
|
"current_version": "1.7.37-alpha",
|
|
"new_version": "1.7.40-alpha",
|
|
"download_url": "https://git.tx1138.com/lfg2025/archy/raw/branch/main/releases/v1.7.40-alpha/archipelago-frontend-1.7.40-alpha.tar.gz",
|
|
"sha256": "0bb58abd5276c83d42a92b0f09697162a300f0222962ad52c8175fb4c904e3e8",
|
|
"size_bytes": 162084678
|
|
}
|
|
]
|
|
}
|