Start9Labs · dr-bonez · Jan 28, 2025 · Jan 27, 2025 · Jan 28, 2025 · Jan 28, 2025
diff --git a/Makefile b/Makefile
@@ -81,6 +81,8 @@ clean:
 	rm -rf container-runtime/dist
 	rm -rf container-runtime/node_modules
 	rm -f container-runtime/*.squashfs
+	if [ -d container-runtime/tmp/combined ] && mountpoint container-runtime/tmp/combined; then sudo umount container-runtime/tmp/combined; fi
+	if [ -d container-runtime/tmp/lower ] && mountpoint container-runtime/tmp/lower; then sudo umount container-runtime/tmp/lower; fi
 	rm -rf container-runtime/tmp
 	(cd sdk && make clean)
 	rm -f ENVIRONMENT.txt

diff --git a/build/lib/scripts/enable-kiosk b/build/lib/scripts/enable-kiosk
@@ -101,7 +101,9 @@ done
     killall firefox-esr
 ) &
 matchbox-window-manager -use_titlebar no &
-firefox-esr http://localhost --profile /home/kiosk/fx-profile
+cp -r /home/kiosk/fx-profile /home/kiosk/fx-profile-tmp
+firefox-esr http://localhost --profile /home/kiosk/fx-profile-tmp
+rm -rf /home/kiosk/fx-profile-tmp
 EOF
 chmod +x /home/kiosk/kiosk.sh
 

diff --git a/container-runtime/update-image.sh b/container-runtime/update-image.sh
@@ -18,6 +18,13 @@ sudo mount -t overlay -olowerdir=tmp/lower,upperdir=tmp/upper,workdir=tmp/work o
 QEMU=
 if [ "$ARCH" != "$(uname -m)" ]; then
     QEMU=/usr/bin/qemu-${ARCH}-static
+    if ! which qemu-$ARCH-static > /dev/null; then
+        >&2 echo qemu-user-static is required for cross-platform builds
+        sudo umount tmp/combined
+        sudo umount tmp/lower
+        sudo rm -rf tmp
+        exit 1
+    fi
     sudo cp $(which qemu-$ARCH-static) tmp/combined${QEMU}
 fi
 

diff --git a/core/Cargo.lock b/core/Cargo.lock
diff --git a/core/startos/Cargo.toml b/core/startos/Cargo.toml
@@ -14,7 +14,7 @@ keywords = [
 name = "start-os"
 readme = "README.md"
 repository = "https://github.com/Start9Labs/start-os"
-version = "0.3.6-alpha.12"
+version = "0.3.6-alpha.13" # VERSION_BUMP
 license = "MIT"
 
 [lib]

diff --git a/core/startos/src/bins/startd.rs b/core/startos/src/bins/startd.rs
@@ -12,6 +12,7 @@ use tracing::instrument;
 use crate::context::config::ServerConfig;
 use crate::context::rpc::InitRpcContextPhases;
 use crate::context::{DiagnosticContext, InitContext, RpcContext};
+use crate::net::network_interface::SelfContainedNetworkInterfaceListener;
 use crate::net::utils::ipv6_is_local;
 use crate::net::web_server::{Acceptor, UpgradableListener, WebServer};
 use crate::shutdown::Shutdown;
@@ -150,17 +151,9 @@ pub fn main(args: impl IntoIterator<Item = OsString>) {
             .expect("failed to initialize runtime");
         rt.block_on(async {
             let addrs = crate::net::utils::all_socket_addrs_for(80).await?;
-            let mut server = WebServer::new(
-                Acceptor::bind_upgradable(addrs.into_iter().filter(|addr| match addr.ip() {
-                    IpAddr::V4(ip4) => {
-                        ip4.is_loopback()
-                        || (ip4.is_private() && !ip4.octets().starts_with(&[10, 59])) // reserving 10.59 for public wireguard configurations
-                        || ip4.is_link_local()
-                    }
-                    IpAddr::V6(ip6) => ipv6_is_local(ip6),
-                }))
-                .await?,
-            );
+            let mut server = WebServer::new(Acceptor::bind_upgradable(
+                SelfContainedNetworkInterfaceListener::bind(80),
+            ));
             match inner_main(&mut server, &config).await {
                 Ok(a) => {
                     server.shutdown().await;

diff --git a/core/startos/src/context/rpc.rs b/core/startos/src/context/rpc.rs
@@ -85,14 +85,15 @@ pub struct InitRpcContextPhases {
     load_db: PhaseProgressTrackerHandle,
     init_net_ctrl: PhaseProgressTrackerHandle,
     cleanup_init: CleanupInitPhases,
-    // TODO: migrations
+    run_migrations: PhaseProgressTrackerHandle,
 }
 impl InitRpcContextPhases {
     pub fn new(handle: &FullProgressTracker) -> Self {
         Self {
             load_db: handle.add_phase("Loading database".into(), Some(5)),
             init_net_ctrl: handle.add_phase("Initializing network".into(), Some(1)),
             cleanup_init: CleanupInitPhases::new(handle),
+            run_migrations: handle.add_phase("Running migrations".into(), Some(10)),
         }
     }
 }
@@ -125,6 +126,7 @@ impl RpcContext {
             mut load_db,
             mut init_net_ctrl,
             cleanup_init,
+            run_migrations,
         }: InitRpcContextPhases,
     ) -> Result<Self, Error> {
         let tor_proxy = config.tor_socks.unwrap_or(SocketAddr::V4(SocketAddrV4::new(
@@ -276,7 +278,9 @@ impl RpcContext {
         let res = Self(seed.clone());
         res.cleanup_and_initialize(cleanup_init).await?;
         tracing::info!("Cleaned up transient states");
-        crate::version::post_init(&res).await?;
+
+        crate::version::post_init(&res, run_migrations).await?;
+        tracing::info!("Completed migrations");
         Ok(res)
     }
 
@@ -286,7 +290,6 @@ impl RpcContext {
         self.services.shutdown_all().await?;
         self.is_closed.store(true, Ordering::SeqCst);
         tracing::info!("RPC Context is shutdown");
-        // TODO: shutdown http servers
         Ok(())
     }
 

diff --git a/core/startos/src/db/model/public.rs b/core/startos/src/db/model/public.rs
@@ -16,9 +16,9 @@ use ts_rs::TS;
 use crate::account::AccountInfo;
 use crate::db::model::package::AllPackageData;
 use crate::net::acme::AcmeProvider;
-use crate::net::host::address::DomainConfig;
 use crate::net::host::binding::{AddSslOptions, BindInfo, BindOptions, NetInfo};
 use crate::net::host::Host;
+use crate::net::utils::ipv6_is_local;
 use crate::net::vhost::AlpnInfo;
 use crate::prelude::*;
 use crate::progress::FullProgress;
@@ -190,14 +190,29 @@ impl NetworkInterfaceInfo {
     pub fn public(&self) -> bool {
         self.public.unwrap_or_else(|| {
             !self.ip_info.as_ref().map_or(true, |ip_info| {
-                ip_info.subnets.iter().all(|ipnet| {
-                    match ipnet.addr() {
-                        IpAddr::V4(ip4) => {
-                            ip4.is_loopback()
-                            || (ip4.is_private() && !ip4.octets().starts_with(&[10, 59])) // reserving 10.59 for public wireguard configurations
-                            || ip4.is_link_local()
+                let ip4s = ip_info
+                    .subnets
+                    .iter()
+                    .filter_map(|ipnet| {
+                        if let IpAddr::V4(ip4) = ipnet.addr() {
+                            Some(ip4)
+                        } else {
+                            None
                         }
-                        IpAddr::V6(_) => true,
+                    })
+                    .collect::<BTreeSet<_>>();
+                if !ip4s.is_empty() {
+                    return ip4s.iter().all(|ip4| {
+                        ip4.is_loopback()
+                    || (ip4.is_private() && !ip4.octets().starts_with(&[10, 59])) // reserving 10.59 for public wireguard configurations
+                    || ip4.is_link_local()
+                    });
+                }
+                ip_info.subnets.iter().all(|ipnet| {
+                    if let IpAddr::V6(ip6) = ipnet.addr() {
+                        ipv6_is_local(ip6)
+                    } else {
+                        true
                     }
                 })
             })

diff --git a/core/startos/src/init.rs b/core/startos/src/init.rs
@@ -219,7 +219,6 @@ pub struct InitPhases {
     enable_zram: PhaseProgressTrackerHandle,
     update_server_info: PhaseProgressTrackerHandle,
     launch_service_network: PhaseProgressTrackerHandle,
-    run_migrations: PhaseProgressTrackerHandle,
     validate_db: PhaseProgressTrackerHandle,
     postinit: Option<PhaseProgressTrackerHandle>,
 }
@@ -244,7 +243,6 @@ impl InitPhases {
             enable_zram: handle.add_phase("Enabling ZRAM".into(), Some(1)),
             update_server_info: handle.add_phase("Updating server info".into(), Some(1)),
             launch_service_network: handle.add_phase("Launching service intranet".into(), Some(1)),
-            run_migrations: handle.add_phase("Running migrations".into(), Some(10)),
             validate_db: handle.add_phase("Validating database".into(), Some(1)),
             postinit: if Path::new("/media/startos/config/postinit.sh").exists() {
                 Some(handle.add_phase("Running postinit.sh".into(), Some(5)))
@@ -297,7 +295,6 @@ pub async fn init(
         mut enable_zram,
         mut update_server_info,
         mut launch_service_network,
-        run_migrations,
         mut validate_db,
         postinit,
     }: InitPhases,
@@ -412,20 +409,6 @@ pub async fn init(
     Command::new("update-ca-certificates")
         .invoke(crate::ErrorKind::OpenSsl)
         .await?;
-    if tokio::fs::metadata("/home/kiosk/profile").await.is_ok() {
-        Command::new("certutil")
-            .arg("-A")
-            .arg("-n")
-            .arg("StartOS Local Root CA")
-            .arg("-t")
-            .arg("TCu,Cuw,Tuw")
-            .arg("-i")
-            .arg("/usr/local/share/ca-certificates/startos-root-ca.crt")
-            .arg("-d")
-            .arg("/home/kiosk/fx-profile")
-            .invoke(ErrorKind::OpenSsl)
-            .await?;
-    }
     load_ca_cert.complete();
 
     load_wifi.start();

diff --git a/core/startos/src/net/net_controller.rs b/core/startos/src/net/net_controller.rs
@@ -219,7 +219,7 @@ impl NetServiceData {
 
         // LAN
         let server_info = peek.as_public().as_server_info();
-        let net_ifaces = server_info.as_network_interfaces().de()?;
+        let net_ifaces = ctrl.net_iface.ip_info();
         let hostname = server_info.as_hostname().de()?;
         for (port, bind) in &host.bindings {
             if !bind.enabled {
@@ -586,21 +586,24 @@ impl NetServiceData {
 
     async fn update_all(&mut self) -> Result<(), Error> {
         let ctrl = self.net_controller()?;
-        if let Some(id) = &self.id {
+        if let Some(id) = self.id.clone() {
             for (host_id, host) in ctrl
                 .db
                 .peek()
                 .await
                 .as_public()
                 .as_package_data()
-                .as_idx(id)
-                .or_not_found(id)?
+                .as_idx(&id)
+                .or_not_found(&id)?
                 .as_hosts()
                 .as_entries()?
             {
-                self.update(&*ctrl, host_id, host.de()?).await?;
+                tracing::info!("Updating host {host_id} for {id}");
+                self.update(&*ctrl, host_id.clone(), host.de()?).await?;
+                tracing::info!("Updated host {host_id} for {id}");
             }
         } else {
+            tracing::info!("Updating host for Main UI");
             self.update(
                 &*ctrl,
                 HostId::default(),
@@ -613,6 +616,7 @@ impl NetServiceData {
                     .de()?,
             )
             .await?;
+            tracing::info!("Updated host for Main UI");
         }
         Ok(())
     }
@@ -710,6 +714,7 @@ impl NetService {
             drop(ctrl);
             Ok(())
         } else {
+            self.shutdown = true;
             tracing::warn!("NetService dropped after NetController is shutdown");
             Err(Error::new(
                 eyre!("NetController is shutdown"),