Skip to content

Fix linux gateway first start#1378

Closed
pragmaxim wants to merge 1 commit into
NVIDIA:mainfrom
pragmaxim:fix-linux-gateway-first-start
Closed

Fix linux gateway first start#1378
pragmaxim wants to merge 1 commit into
NVIDIA:mainfrom
pragmaxim:fix-linux-gateway-first-start

Conversation

@pragmaxim
Copy link
Copy Markdown

@pragmaxim pragmaxim commented May 14, 2026
edited
Loading

Fixes #1377

Summary

This change makes the packaged Linux gateway start correctly from a fresh install and makes the source plaintext gateway path usable with Podman.

The main failure was in first-start configuration. The gateway requires an SSH handshake secret, but the packaged systemd services relied on an environment file that may be generated during startup. systemd reads EnvironmentFile before the service start command runs, so a newly generated file is not visible to the first gateway process unless the required value is explicitly passed along.

What This Changes

The Linux systemd startup path now has a small helper that ensures the gateway environment file exists, exports the generated SSH handshake secret when systemd has not already loaded one, and then executes the gateway.

The helper is intentionally narrow. It does not source the full user configuration file, so normal EnvironmentFile override behavior stays under systemd. It only bridges the first-start gap for the required secret.

The Debian package now installs the same bootstrap pieces that the service expects, and Debian/RPM package behavior is aligned around the Linux gateway default port 8080.

The Debian service is also configured as a Podman-backed user service. It binds on an address reachable from sandbox containers, leaves the gRPC callback endpoint unset so the Podman driver can derive the host.containers.internal callback endpoint, and includes certificate SANs needed for that callback.

The source plaintext gateway path now supplies the required SSH handshake secret and uses Podman-compatible defaults when Podman is selected.

Compatibility

  • Linux package-managed gateways use port 8080.
  • Homebrew/macOS behavior remains on its existing port.
  • User-provided systemd environment overrides continue to work through EnvironmentFile.
  • Docker and VM source gateway scripts are not changed by the Podman-specific source gateway defaults.
  • Kubernetes source gateway behavior keeps its existing image pull policy default.

Validation

Validated with:

  • shell syntax checks for changed scripts and adjacent gateway scripts
  • systemd verification for the Debian user service
  • RPM user service syntax verification with spec macros substituted
  • Debian package smoke build
  • startup helper smoke tests for generated and pre-existing SSH handshake secrets
  • whitespace checks

@copy-pr-bot
Copy link
Copy Markdown

copy-pr-bot Bot commented May 14, 2026

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 14, 2026

Thank you for your submission! We ask that you sign our Developer Certificate of Origin before we can accept your contribution. You can sign the DCO by adding a comment below using this text:

I have read the DCO document and I hereby sign the DCO.

You can retrigger this bot by commenting recheck in this Pull Request. Posted by the DCO Assistant Lite bot.

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 14, 2026

Thank you for your interest in contributing to OpenShell, @pragmaxim.

This project uses a vouch system for first-time contributors. Before submitting a pull request, you need to be vouched by a maintainer.

To get vouched:

  1. Open a Vouch Request discussion.
  2. Describe what you want to change and why.
  3. Write in your own words — do not have an AI generate the request.
  4. A maintainer will comment /vouch if approved.
  5. Once vouched, open a new PR (preferred) or reopen this one after a few minutes.

See CONTRIBUTING.md for details.

@github-actions github-actions Bot closed this May 14, 2026
@pragmaxim pragmaxim mentioned this pull request May 14, 2026
Closed
3 tasks
@pragmaxim
Copy link
Copy Markdown
Author

pragmaxim commented May 14, 2026

I have more commits, but they don't show up as the PR is closed

@drew
Copy link
Copy Markdown
Collaborator

drew commented May 14, 2026

I think we'll be able to fix this with #1274

@pragmaxim
Copy link
Copy Markdown
Author

pragmaxim commented May 14, 2026

Hopefully, I fixed 3-4 issues on the way to make it work on Ubuntu.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mrunalp mrunalp Awaiting requested review from mrunalp mrunalp is a code owner

@maxamillion maxamillion Awaiting requested review from maxamillion maxamillion is a code owner

@derekwaynecarr derekwaynecarr Awaiting requested review from derekwaynecarr derekwaynecarr is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Failed to start the gateway from v0.0.37 installation onwards in Ubuntu

2 participants

@pragmaxim @drew