zonefoundry-bridge: Setup code flow + cap-resilient + 1-tap update polish#160
Open
kisssam6886 wants to merge 1 commit into
Open
zonefoundry-bridge: Setup code flow + cap-resilient + 1-tap update polish#160kisssam6886 wants to merge 1 commit into
kisssam6886 wants to merge 1 commit into
Conversation
…lish
Sync the fnOS catalog with the canonical bridge image (zonefoundry/bridge:latest)
behaviour shipped since 2026-05-12. Five user-facing changes:
1. docker-compose.yaml: remove ZF_TOKEN env (pre-2026-05-12 path), add
`security_opt: [apparmor:unconfined]` so fnOS's default AppArmor
docker-default profile doesn't block docker.sock access
(BUG-20260512-33), pin user: "0:0" + pull_policy: always so iOS
1-tap update flow can recreate the container with a fresh image
(BUG-20260512-34).
2. wizard/config: remove "ZoneFoundry Token" text input — Setup code
flow doesn't need pre-registration. Replace the helpText with
Setup code instructions (read 6-letter code from container log
→ iOS app → 更多 → 桥接 → + → 输入设置码).
3. wizard/install: post-install help text walks user to the fnOS
container "日志" tab, points at the Setup code log line, and
sends them to the iOS app's 输入设置码 sheet.
4. scripts/apps/zonefoundry-bridge/meta.env: post-install note also
updated to match the Setup code flow.
5. CHANGELOG.md: new 2026-05-21 entry covers the Setup code flow,
AppArmor + cap-resilient compatibility, and points out that
subsequent iOS-side features (房间改名, 队列重排, 收藏写入) ride
the auto-pinned :latest image without further fnOS edits.
No image change required — fnOS users with the catalog reinstall
or 1-tap update pick up the new behaviour automatically. Pinning
:latest is intentional (per Pin :latest comment in compose file)
because pinning ${VERSION} prevents 1-tap update from working
(restart reuses cached image hash bound at container create time).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Sync the fnOS
zonefoundry-bridgecatalog entry with the canonical bridge image (zonefoundry/bridge:latest) behaviour shipped since 2026-05-12. No image change required —pull_policy: always+ image stays on:latest, so existing fnOS installs and 1-tap updates automatically pick up the new behaviour.Five user-facing changes:
docker-compose.yaml: removeZF_TOKENenv (pre-2026-05-12 path), addsecurity_opt: [apparmor:unconfined]so fnOS's default AppArmordocker-defaultprofile doesn't block docker.sock access (BUG-20260512-33), pinuser: "0:0"+pull_policy: alwaysso iOS 1-tap update flow can recreate the container with a fresh image (BUG-20260512-34).wizard/config: remove "ZoneFoundry Token" text input — Setup code flow doesn't need pre-registration. Replace thehelpTextwith Setup code instructions (read 6-letter code from container log → iOS app → 更多 → 桥接 → + → 输入设置码).wizard/install: post-install help text walks user to the fnOS container "日志" tab, points at the Setup code log line, and sends them to the iOS app's "输入设置码" sheet.scripts/apps/zonefoundry-bridge/meta.env:POST_INSTALL_NOTEalso updated to match the Setup code flow.CHANGELOG.md: new2026-05-21entry covers the Setup code flow, AppArmor + cap-resilient compatibility, and notes that subsequent iOS-side features (房间改名, 队列重排, 收藏写入) ride the auto-pinned:latestimage without further fnOS edits.Why
The bridge's Setup code flow (
BUG-20260512-28) became the recommended onboarding path on 2026-05-12 because it removes the chicken-and-egg of needing to generate a pair code from iOS before the container starts. fnOS users currently hitting the wizard see the old "ZoneFoundry Token" field, which doesn't map to any bridge behaviour anymore (the bridge ignoresZF_TOKENwhen no pair code or cached credentials exist).Pinning
:latest(rather than${VERSION}) is intentional and documented in the compose file — pinning a specific version locks the user out of 1-tap updates because container restart reuses the cached image hash bound at create time.Test plan
docker-compose.yamlvalidated structurally (no env var changes other thanZF_TOKENremoval)CHANGELOG.mdfollows existing date-keyed formatSetup code: ZF-XXXX→ iOS app pairedZF_TOKENenv: reinstall via catalog → new compose dropsZF_TOKEN, cached/app/datacredentials still work, no re-pair neededRelated