5229e2c774
Symptom: each app restart that didn't go through Stop daemon left
an orphan mycelium running as root, claiming the TUN \"mycelium\",
UDP/9650 (multicast discovery) and TCP/8990 (JSON-RPC, hardcoded
in 0.6.1 — no flag). Subsequent starts panicked with EBUSY or
\"Address in use\" on whichever port the orphan held.
We can't SIGKILL the orphan from user-space (root process). Move
the cleanup into an elevated context that runs in the same pkexec
authentication as the daemon spawn:
/usr/bin/mycellium-bootstrap (new shell script in the .deb)
pkill -9 -x mycelium
ip link del mycelium / mycel0
exec /usr/bin/mycelium \"\$@\"
The polkit policy now annotates this exact path with
auth_admin_keep so a single password prompt covers every
subsequent restart in the user's session.
Sidecar: when /usr/bin/mycellium-bootstrap exists (production
install) we hand pkexec that path instead of the bare daemon.
\`pnpm tauri dev\` falls back to the unwrapped binary path.
Releases
Pre-built .deb of the mycellium-ui desktop client. Tested on Debian 12 (bookworm); should work on any apt-based distro shipping libwebkit2gtk-4.1-0 (Ubuntu 24.04+, Debian 12+).
Install
sudo apt install ./mycellium-ui_0.1.0_amd64.deb
apt install with a local path resolves runtime deps (pkexec or policykit-1 depending on the distro, libwebkit2gtk-4.1-0, libgtk-3-0) automatically. Plain dpkg -i will fail if any of those are missing.
The pkexec | policykit-1 alternative covers both Debian 12 (where pkexec ships inside policykit-1) and Debian 13 (where pkexec is a standalone package).
Verify
sha256sum -c SHA256SUMS
What's inside
| Path | Purpose |
|---|---|
/usr/bin/mycellium-ui |
GUI launcher |
/usr/bin/mycelium |
Mycelium daemon (v0.6.1, runs as root via pkexec) |
/usr/share/polkit-1/actions/tech.threefold.mycellium-ui.policy |
polkit action — auth cached per session (auth_admin_keep) |
/usr/share/applications/Mycellium UI.desktop |
Menu entry |
Uninstall
sudo apt remove mycellium-ui