Bump package + crate + tauri identifier from 0.1.0 to 0.1.1 and
rebuild the .deb. The 0.1.1 binary includes everything between
fork-init and HEAD~0:
- custom TCP/QUIC listen ports (default 9651/9652)
- daemon-failure banner with shortcut to Settings
- misc UX wording
CHANGELOG split: 0.1.1 section closes the previously-Unreleased
list; 0.1.0 untouched.
release/mycellium-ui-private_0.1.0_amd64.deb removed and replaced
by 0.1.1 with refreshed SHA256SUMS.
This repo is a hard fork of mycellium-ui dedicated to the
mycelium-private experimental track upstream. The two apps coexist
on the same machine via distinct app identifiers, polkit actions,
and binary names.
Renames
- package + crate: mycellium-ui → mycellium-ui-private
- bundle identifier: tech.threefold.mycellium-ui-private
- daemon binary: mycelium-private (separate upstream release tarball)
- bootstrap wrapper: /usr/bin/mycellium-bootstrap-private
- polkit policy file + action id
Functional changes
- SidecarConfig.network_name field (UTF-8, 2..=64 bytes)
- start() refuses to spawn without a network name AND a 32-byte
key file at app_data_dir/network_key.bin; surfaces a clear
error rather than letting mycelium-private fail mid-startup
- network_key_status / generate / import / export / delete
commands; uses OS RNG (rand) and writes 0600
- empty default peers list (no Threefold seed for private overlays)
- new Settings → Private network panel: name input, key generate /
reveal-hex / import / delete, status indicator
Adapted bootstrap script kills both `mycelium` and
`mycelium-private` orphans (cross-clash on UDP/9650 + TCP/8990).
CI workflow + sidebar branding updated. The README explains the
divergence model and how to cherry-pick upstream fixes.
Symptom: each app restart that didn't go through Stop daemon left
an orphan mycelium running as root, claiming the TUN \"mycelium\",
UDP/9650 (multicast discovery) and TCP/8990 (JSON-RPC, hardcoded
in 0.6.1 — no flag). Subsequent starts panicked with EBUSY or
\"Address in use\" on whichever port the orphan held.
We can't SIGKILL the orphan from user-space (root process). Move
the cleanup into an elevated context that runs in the same pkexec
authentication as the daemon spawn:
/usr/bin/mycellium-bootstrap (new shell script in the .deb)
pkill -9 -x mycelium
ip link del mycelium / mycel0
exec /usr/bin/mycelium \"\$@\"
The polkit policy now annotates this exact path with
auth_admin_keep so a single password prompt covers every
subsequent restart in the user's session.
Sidecar: when /usr/bin/mycellium-bootstrap exists (production
install) we hand pkexec that path instead of the bare daemon.
\`pnpm tauri dev\` falls back to the unwrapped binary path.
The /api/v1/admin endpoint only returns the /64 subnet. Users were
copy-pasting the subnet straight into Compose Message and getting
HTTP 422 from the daemon (\"invalid IP address syntax\"). The full
host part (lower 64 bits) is logged once at boot:
INFO mycelium: Node overlay IP: 43d:956e:7877:d933:eecc:b305:21ff:77f9
Capture it from stdout, surface as a new daemonStatus.overlayIp
field, and render it on Status above the subnet card with the hint
\"use this when sending messages\".
The line carries ANSI colour escapes from tracing's compact format,
so push_log strips SGR sequences before scanning. Hand-rolled to
avoid pulling a regex crate.
Also rebuilds the .deb release artifact.
On Debian 13 (trixie), policykit-1 was retired and pkexec moved
into a standalone package. The previous Depends: policykit-1
made `apt install` fail with \"none of the choices are installable\"
on a fresh trixie VM.
Switch to Depends: pkexec | policykit-1 so apt can satisfy the
constraint on both:
- bookworm: policykit-1 (which provides /usr/bin/pkexec)
- trixie: pkexec (standalone)
Also updates SHA256SUMS and the install README accordingly.
Bundle of all phases (P0-P5) plus the diagnostic fixes from the
end-to-end test session: ephemeral peer/metrics ports, no reqwest
connection pool, short-poll inbox, expanded sidecar path probe.
Smoke-tested by exchanging messages with a second mycelium node in
a Docker container against the public Threefold seed
tcp://188.40.132.242:9651 — bidirectional delivery confirmed.
Built on Debian 12 (bookworm), x86_64, glibc-targeted but the
embedded mycelium binary is musl static.
