feat(packaging): pre-spawn cleanup wrapper for clean restarts

Symptom: each app restart that didn't go through Stop daemon left an orphan mycelium running as root, claiming the TUN \"mycelium\", UDP/9650 (multicast discovery) and TCP/8990 (JSON-RPC, hardcoded in 0.6.1 — no flag). Subsequent starts panicked with EBUSY or \"Address in use\" on whichever port the orphan held. We can't SIGKILL the orphan from user-space (root process). Move the cleanup into an elevated context that runs in the same pkexec authentication as the daemon spawn: /usr/bin/mycellium-bootstrap (new shell script in the .deb) pkill -9 -x mycelium ip link del mycelium / mycel0 exec /usr/bin/mycelium \"\$@\" The polkit policy now annotates this exact path with auth_admin_keep so a single password prompt covers every subsequent restart in the user's session. Sidecar: when /usr/bin/mycellium-bootstrap exists (production install) we hand pkexec that path instead of the bare daemon. \`pnpm tauri dev\` falls back to the unwrapped binary path.
2026-04-26 02:27:07 +02:00
parent 0c9277f687
commit 5229e2c774
6 changed files with 61 additions and 8 deletions
--- a/src-tauri/tauri.conf.json
+++ b/src-tauri/tauri.conf.json
@@ -42,7 +42,8 @@
      "deb": {
        "depends": ["pkexec | policykit-1"],
        "files": {
-          "/usr/share/polkit-1/actions/tech.threefold.mycellium-ui.policy": "packaging/polkit/tech.threefold.mycellium-ui.policy"
+          "/usr/share/polkit-1/actions/tech.threefold.mycellium-ui.policy": "packaging/polkit/tech.threefold.mycellium-ui.policy",
+          "/usr/bin/mycellium-bootstrap": "packaging/mycellium-bootstrap"
        }
      }
    }