When invoked as "sudo bash install-nodejs.sh" by an unprivileged user, "~"
expanded to the calling user's home before sudo elevated, so root's
".npmrc" ended up with "cache=/home/<user>/.cache/npm" and subsequent
"sudo npm install -g" runs left root-owned cache dirs inside the user's
home. Hardcode the path so the cache always lands under root.
install-chrome.sh now pins Debian Bookworm to apt priority 100 with
chromium-* elevated to 990, preventing apt from "upgrading" unrelated
Ubuntu packages like libjpeg-dev to Bookworm's higher-versioned one
(which would pull libjpeg62-turbo-dev and collide with Ubuntu's
libjpeg-turbo8-dev). The conflict affected all Ubuntu+Bookworm-
chromium ARM64 builds; Resolute happened to surface it first.
The Resolute Dockerfiles now install libheif (1.21.2) from the
Resolute apt repo and explicitly pull the codec plugins, replacing
the older 1.20.2 archive previously fetched by install-libheif.sh.
Signed-off-by: Michael Mayer <michael@photoprism.app>
Ubuntu 26.04 ("resolute") and Debian trixie+ no longer ship the
"cgroupfs-mount" package — modern systemd handles cgroup v2 mounting
natively. With the package gone from the index, the existing
"apt-get install" line aborted with:
E: Package 'cgroupfs-mount' has no installation candidate
before Docker itself was installed. Probe the index via "apt-cache show"
and include the package only when it is actually available; older
distros that still ship it are unaffected.
Two issues prevented the script from running cleanly when piped into
sudo (the most reliable invocation over SSH):
1. The header recommended `bash <(curl …)`, but with sudo the process
substitution opens /dev/fd/63 in the unprivileged parent shell and
the elevated bash cannot read it — the script aborted with
`bash: /dev/fd/63: No such file or directory`. Replace with the
`curl -fsSL … | sudo bash` pattern (and keep an explicit
download-then-run fallback). Also call out the broken sudo + process
substitution form so users do not retry it.
2. With stdin piped to bash, `gpg --dearmor` tried to write status to
/dev/tty and failed with `gpg: cannot open '/dev/tty'`, breaking the
keyring import (and silently leaving an empty keyring on a fresh
host). Pass `--no-tty --batch --yes` to both gpg calls.
Tested end-to-end on Ubuntu 26.04 ("resolute") via
`curl -fsSL …/install-chrome.sh | sudo bash` from a clean state
(no preexisting keyring or apt list): keyring valid OpenPGP file, deb
fetched and installed, `google-chrome --version` returns 147.0.7727.116.
- Flag <name>.ServeHTTP(<writer>, c.Request) calls without a nearby
LimitRequestBodyBytes so SDK-delegated handlers (MCP today, future
SDKs tomorrow) are held to the same body-cap contract as BindJSON.
- Also flag direct reads via io.ReadAll, io.LimitReader,
json.NewDecoder, xml.NewDecoder, and yaml.NewDecoder on c.Request.Body
Signed-off-by: Michael Mayer <michael@photoprism.app>
Set BUILDKIT_STEP_LOG_MAX_SIZE=5 MiB and BUILDKIT_STEP_LOG_MAX_SPEED=10 MiB/s
on both the local and remote ssh://arm multibuilder nodes so long apt-get
transcripts on unstable Ubuntu bases aren't truncated during preview builds.
- add scripts/dist/install-libvips.sh for Jammy backport installs
- switch jammy and jammy-slim Dockerfiles to use the new installer
- document libvips 8.14+ requirement in setup/pkg/linux docs
- update thumb/README.md and regenerate setup/pkg/linux/README.html
Signed-off-by: Michael Mayer <michael@photoprism.app>
Run `go fix ./...` and keep mechanical modernization updates.
- Replace `interface{}` with `any` in signatures and local types
- Apply formatter/style cleanups from go1.26 tooling
- Keep `omitempty` behavior-preserving simplifications suggested by fix
- No functional feature changes intended
Validation:
- go test ./... -run '^$' -count=1 (Go 1.26.0)
- GOTOOLCHAIN=go1.24.10 go test ./... -run '^$' -count=1
Signed-off-by: Michael Mayer <michael@photoprism.app>