bug fixing and deploy and build diagnostics
This commit is contained in:
@@ -28,6 +28,9 @@
|
||||
- [iso-build-session-2026-03-10.md](iso-build-session-2026-03-10.md) — ISO build session notes
|
||||
- [unbundled-iso.md](unbundled-iso.md) — Unbundled ISO approach notes
|
||||
|
||||
## Infrastructure
|
||||
- [project_bitcoin_rpc_auth.md](project_bitcoin_rpc_auth.md) — Bitcoin rpcauth, system Tor, reboot survival, container resilience
|
||||
|
||||
## Completed Work
|
||||
- [project_mesh_198_issue.md](project_mesh_198_issue.md) — Mesh .198: 3 bugs fixed and deployed
|
||||
- [project_indeedhub_arch3_fix.md](project_indeedhub_arch3_fix.md) — IndeedHub Arch 3: corrupted combined tarball fixed
|
||||
|
||||
21
.claude/memory/project_bitcoin_rpc_auth.md
Normal file
21
.claude/memory/project_bitcoin_rpc_auth.md
Normal file
@@ -0,0 +1,21 @@
|
||||
---
|
||||
name: Bitcoin RPC rpcauth architecture
|
||||
description: Bitcoin uses rpcauth (salted hash in config, password in secrets file), system Tor for containers, reboot survival
|
||||
type: project
|
||||
---
|
||||
|
||||
Bitcoin RPC uses `rpcauth` — salted HMAC-SHA256 hash in bitcoin.conf, plaintext password in `/var/lib/archipelago/secrets/bitcoin-rpc-password`. Credentials are STABLE across reboots, restarts, deploys.
|
||||
|
||||
**Why:** Cookie auth rotates on every Bitcoin restart, breaking all dependent containers with env-var-only credentials. The `rpcauth` approach keeps the password stable while never exposing plaintext in config files or CLI args.
|
||||
|
||||
**How to apply:**
|
||||
- Bitcoin: reads rpcauth from bitcoin.conf (no CLI credential flags, config generated by first-boot or deploy)
|
||||
- LND: `bitcoind.rpcuser/rpcpass` in lnd.conf (NOT rpccookie — LND v0.18.4 doesn't support it)
|
||||
- All containers: read password from secrets file at creation time, passed via env vars
|
||||
- Rust backend `bitcoin_rpc.rs`: reads from secrets file, cached with OnceCell
|
||||
- bitcoin-ui: mounts `/var/lib/archipelago/secrets:/secrets:ro`, start.sh reads password and injects nginx auth header
|
||||
- System Tor: `SocksPort 0.0.0.0:9050` + SocksPolicy, containers use `host.containers.internal:9050`
|
||||
- `podman-restart.service` enabled for container auto-start after reboot
|
||||
- Tor hidden service hostnames copied to `/var/lib/archipelago/tor-hostnames/` for readable access
|
||||
- .198 ElectrumX points at .228's full Bitcoin node (pruned node can't run ElectrumX locally)
|
||||
- Health monitor interval: 60 seconds — UI may briefly show "crashed" during restarts
|
||||
@@ -1,49 +1,44 @@
|
||||
---
|
||||
name: v1.3.0 Session Status (March 19 late)
|
||||
description: Massive session — 33 pentest fixes, container reliability, federation, mesh channel, 30+ commits
|
||||
name: v1.3.0 Session Status (March 20)
|
||||
description: Tor management system, bug fixes, federation name sync — cloud files working both ways
|
||||
type: project
|
||||
---
|
||||
|
||||
## Deployed to .228 + .198
|
||||
|
||||
### What's Live
|
||||
- All 33 pentest security fixes (backend + frontend + nginx)
|
||||
- Container reliability: memory limits in scripts, crash recovery coordination, health badges
|
||||
- Federation & Peers: DID persistence, rotation, node names, two-column layout, invite types
|
||||
- Archipelago public channel in Mesh (Tor messaging)
|
||||
- LND Connect with CORS fix (bulletproof)
|
||||
- ElectrumX headers.subscribe fix
|
||||
- FileBrowser auto-login
|
||||
- Lightning channel backup export
|
||||
- App iframe auto-retry
|
||||
- Install progress persists across navigation
|
||||
- Full Tor hidden service management (systemd path unit pattern — tor-helper.sh)
|
||||
- Container doctor: system Tor preferred, archy-tor container removed
|
||||
- Federation name sync: server rename pushes to peers
|
||||
- Cloud files working both ways over Tor
|
||||
- Arch channel local echo for sent messages
|
||||
- Web5 Message button → Mesh redirect
|
||||
- Node names in federation/peers
|
||||
- PeerFiles header shows name + DID (not onion)
|
||||
- Connected Nodes flex height
|
||||
- Server name persistence (root-owned file fixed)
|
||||
- Tor services UI: add from installed apps, delete, restart, auth/protocol badges
|
||||
- Layout: Network Interfaces + Tor Services stack on normal screens
|
||||
|
||||
### Active Bugs (fix next session)
|
||||
1. **Archipelago channel**: sent messages don't show to sender (no local echo), .228 says "no peers found"
|
||||
2. **Web5 Send Message modal**: should redirect to Mesh chat, not show its own modal
|
||||
3. **Cloud peer files**: "Operation failed" when browsing .198 files from .228 — Tor connection issue
|
||||
4. **Server name save**: not persisting — no `server-name.txt` on server
|
||||
5. **Node names**: still showing DIDs in some places (cloud peer header, some federation contexts)
|
||||
6. **Tor**: ControlPort 0 fix applied manually but needs to be in deploy script/torrc generation
|
||||
7. **Connected Nodes container**: not filling height, needs max-height fix in Web5 view
|
||||
### Architecture: Tor Management
|
||||
- Backend writes staged torrc + action file to /var/lib/archipelago/tor-config/
|
||||
- systemd path unit (archipelago-tor-helper.path) triggers root-level service
|
||||
- tor-helper.sh processes actions: write-torrc-and-restart, restart, delete-service, sync-hostnames
|
||||
- NoNewPrivileges=yes safe — no sudo from backend
|
||||
- Container doctor ensures system Tor stays running after deploys
|
||||
- Web apps: port 80 on .onion → local app port; Protocol services: direct port
|
||||
|
||||
### Outstanding Tasks
|
||||
- Tor restart button in Network UI
|
||||
- Auto-restart Tor when features fail
|
||||
- ISO build for alpha tester
|
||||
- Deploy to Tailscale nodes (Arch 1/2/3)
|
||||
- .198 stabilization (containers, memory limits)
|
||||
- Container memory limits recreation on existing servers
|
||||
- Meshcore public channel investigation (radio messages not showing)
|
||||
- AIUI API key settings
|
||||
- Message notification → open Mesh chat (not Web5)
|
||||
- Loading state on Archipelago channel send ("Decentralization takes a sec")
|
||||
### Onion Addresses (current)
|
||||
- .228 archipelago: r33p5uzk2vxhdte4a5pfqgeax44a7b2lx57q32dxmx5llzyfz42lwnyd.onion
|
||||
- .198 archipelago: mxn62m4odavwctlpsq2ozvhy3ibjpenlzemumwtkev7wviikttxvjhyd.onion
|
||||
|
||||
### Deploy Notes
|
||||
- Backend binary: atomic swap via `cp -new` + `mv`
|
||||
- Tor fix: remove `ControlPort 0` from torrc, chown debian-tor
|
||||
- LND UI: rebuild with `--no-cache` for CORS credentials fix
|
||||
- Always sync: frontend, nginx config, docker UIs, scripts, core source
|
||||
### Still TODO
|
||||
1. **Tor channel chat** — messages via Archipelago channel need testing/polish
|
||||
2. **ISO build** — update build-auto-installer-iso.sh with tor-helper, systemd units, container doctor changes
|
||||
3. **Better error messaging** — when nodes are down, addresses changed, all situations
|
||||
4. **File access permissions** — public (no auth), federated (full access), peer-set (specific files)
|
||||
5. **Auth on Tor app access** — login before accessing app via .onion (post-beta candidate)
|
||||
6. **.198 health check** — deploy health check times out on .198 (backend works, likely timing)
|
||||
|
||||
**Why:** Session continuity for the massive v1.3.0 effort.
|
||||
**How to apply:** Read at start of next session. Fix active bugs first, then ISO build.
|
||||
**Why:** Session continuity for v1.3.0 beta stabilization effort.
|
||||
**How to apply:** Read at start of next session. Work on TODO items in order.
|
||||
|
||||
Reference in New Issue
Block a user