diff --git a/docs/how-to/self-update/service-env-forge-access.md b/docs/how-to/self-update/service-env-forge-access.md index df6cccc..7a31238 100644 --- a/docs/how-to/self-update/service-env-forge-access.md +++ b/docs/how-to/self-update/service-env-forge-access.md @@ -3,35 +3,39 @@ title: Service env forge access modified: 2026-06-04 tags: - how-to -status: active requires: [] --- # Service env forge access -The known blocker. `cargo install --git ssh://forgejo@forge.ops.eblu.me:2222/…` -works from an interactive shell (it has an SSH agent/key and cargo on PATH) — -but the daemon runs under launchd/systemd, whose environment likely has -**neither**. Self-update via cargo can't work until the service context can -reach the forge and run cargo. +The runtime-environment prerequisite for the apply path: a `hephd` started by +launchd/systemd runs with a minimal environment, so it must be able to find +cargo and fetch the repo when it runs `cargo install`. -## What to establish +## Resolved (and how the original premise was wrong) -- **cargo + toolchain on the service PATH.** launchd/systemd start with a - minimal env; `~/.cargo/bin` and rustup's toolchain must be discoverable. - Likely bake `PATH`/`EnvironmentFile` into the generated plist/unit - (`crates/heph/src/service.rs`). -- **Forge SSH auth without an interactive agent.** Options to evaluate: a - dedicated read-only deploy key referenced via `GIT_SSH_COMMAND`/an SSH config - entry, or `SSH_AUTH_SOCK` exported to the service. Must work headless. -- **The canonical-host caveat.** Owner note: cargo rejects `forge.ops.eblu.me` - over HTTPS because the forge advertises `forge.eblu.me` as canonical; the - **SSH** URL on port 2222 sidesteps this and is the proven path (used by the - install how-to and the v1.0.3 redeploy). Pin self-update to the SSH URL; - capture any `insteadOf`/known_hosts setup needed headlessly. +This card was first written assuming self-update needed **forge SSH +credentials** for a headless service — because the install how-to uses +`ssh://forgejo@forge.ops.eblu.me:2222/…`. That premise was wrong: -## Done when +- **hephaestus is a public repo**, and `cargo install --git` is a plain + anonymous git clone — *not* the Forgejo cargo **registry** (the registry is + access-restricted and is the thing that required `forge.ops.eblu.me`; it is + unrelated to git clone). So **no credentials, no SSH, no deploy key**. +- Verified end-to-end: `cargo install --git https://forge.eblu.me/eblume/hephaestus.git --tag v1.0.3 hephd` + builds a working binary anonymously. Self-update uses that canonical public + HTTPS URL (`INSTALL_GIT_URL`), and the release poll uses the same host. -A hephd running as the installed service can, in its own environment, complete -`cargo install --locked --git ssh://… --tag hephd` non-interactively. -Unblocks [[cargo-install-from-tag]]. Part of [[hephd-self-update]]. +So the only real requirement was the **environment**, handled in +`crates/heph/src/service.rs`: `heph daemon start --self-update` generates a +launchd/systemd service that passes `--self-update` and bakes a `PATH` +(including `~/.cargo/bin`) + `HOME` so the minimal service env can find cargo +and the toolchain. `restart` preserves the setting. Default services are +unchanged. + +## Remaining (owner) + +The Rust toolchain must be installed for the service user (cargo builds from +source), and a real on-device run — enable `--self-update`, then confirm a +live upgrade when the next release lands — is the final end-to-end check. See +[[hephd-self-update]].