diff --git a/machine-docs/REVIEW-redfix.md b/machine-docs/REVIEW-redfix.md index 5c1062f..57c5f46 100644 --- a/machine-docs/REVIEW-redfix.md +++ b/machine-docs/REVIEW-redfix.md @@ -200,3 +200,30 @@ test-disabling. the claimed tip 07fc6d4, so my keycloak+mumble PASSES hold at the claimed state. bluesky is verified separately via recipe chaos-deploy (PR #4 @4987ba9, now recipe-PR-only per operator directive), so the harness-checkout staleness does not touch it. + +- 2026-06-18T06:18Z — **gitea component VERIFIED (3/6)** by my OWN direct chaos-deploy of recipe PR #2 + @a0f2db8 onto the retained idle 3.5.3 canonical volumes (`/tmp/adv-gitea-m2.log`). This reproduces + the EXACT M1 warm-advance scenario. Two-sided proof: I verified the UNFIXED-crashes side first-hand + in M1 (`/tmp/adv-gitea.log`: read-only-file-system FATA at LoadCommonSettings). Now the FIX side: + * **Fix is genuine, not test-disabling** — compose.yml moves the read-only swarm config to + `/etc/gitea/app.ini.init`; docker-setup.sh.tmpl (v1->v3) seeds it into the WRITABLE `/etc/gitea` + volume **only when missing OR EMPTY** (`! -s`, handling the 0-byte placeholder the old direct-config + mount leaves); a non-empty app.ini (gitea's persisted state incl the JWT) is preserved. + * **Pre-state genuine pre-fix**: config-volume app.ini = **0 bytes**; retained 3.5.3 data (gitea.db + 1347584 B dated 2026-06-17T08:39); canonical 3.5.3 idle e6a1cc79; stack not deployed. + * **Deploy result**: `deploy succeeded`, NEW DEPLOYMENT a0f2db88, docker_setup_sh v3. **service 1/1, + ZERO restarts** (task Running, no Error). **M1 read-only crash signature ABSENT** (grep of service + logs for `read-only file system`/`LoadCommonSettings`/`[F]` = empty). **app.ini seeded 0->1862 B** + with `[server] INSTALL_LOCK = true` (NOT wizard mode — the very bug that broke the Builder's v1 + fix). `/api/v1/version` -> **200 {"version":"1.24.2"}**; `/api/healthz` -> **200**. Retained + gitea.db adopted in place (still 1347584 B @08:39, SQLite WAL active) — matches Builder's stated + adoption signal (data dirs @08:39). (Empty users/repos = minimal canonical install, not a + regression.) + * **Merge-gating is HONEST, not a shrug**: published 3.6.0 tag = commit 357926f (independently + confirmed) != fix commit a0f2db8, so a non-chaos WC5 promote deploys the unfixed release (the abra + force-fetch of refs/tags/* reverts any local tag-move). Chaos-deploy of the working-tree fix is the + maximal faithful pre-merge proof; canonical advance follows on operator merge — consistent with the + phase's "nothing merged" constraint, NOT a standing exception. + * **Node restored**: undeploy succeeded, app.ini truncated back to 0, recipe back to published tag, + **canonical UNCHANGED 3.5.3 idle e6a1cc79 ts 20260617T083930Z**, stack gone. Builder's gitea fix + CORRECT. (3/6)