Script to update live Nakamochi with locally built nd and ngui

[kristapsk]

Useful for local testing before pushing binaries to any sysupdates channel.

Summary by CodeRabbit

• Chores
  • Added a deployment tool to update Nakamochi devices with locally built binaries. It validates input and optional paths, checks required binaries exist, performs secure remote transfer, verifies integrity via checksums, and automates stopping and starting the service. It also provides log tailing to confirm successful deployment.

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

Adds a new Bash script to deploy locally built nd and ngui binaries to a Nakamochi device over SSH: validates inputs, checks local binaries, discovers remote nd path, runs remote sha256sum, transfers files via scp, restarts the nd service, and tails related logs.

Changes

Cohort / File(s)	Summary
Nakamochi Update Automation tools/update-nakamochi.sh	New script to deploy local nd and ngui binaries to a remote Nakamochi device. Validates arguments, checks local binaries (default ./zig-out/bin), discovers remote nd path by parsing /etc/sv/nd/run, runs remote sha256sum, stops/starts the nd service (sv stop/sv start), copies binaries via scp, and tails nd logs (`grep ndg /var/log/socklog/daemon/current

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant Script as update-nakamochi.sh
    participant Local as Local FS
    participant Remote as Nakamochi (root)

    User->>Script: run with <ip> [binaries-path]
    Script->>Script: validate args
    Script->>Local: check `nd` & `ngui` exist
    alt binaries missing
        Script-->>User: print usage & exit(1)
    else binaries present
        Script->>Remote: ssh -> parse nd path from `/etc/sv/nd/run`
        Remote-->>Script: nd installation path or empty
        alt path found
            Script->>Remote: sha256sum (before)
            Script->>Remote: sv stop nd
            Script->>Local: scp `nd`,`ngui` -> remote path
            Local->>Remote: files copied
            Script->>Remote: sha256sum (after)
            Script->>Remote: sv start nd
            Script->>Remote: tail nd logs (grep ndg ... | tail)
            Remote-->>User: log output & completion
        else path not found
            Script-->>User: error & exit
        end
    end

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 I hopped a command, binaries snug in my pack,
Over SSH meadows, I traced the right track,
Checksums I counted, services I kissed,
Files placed and started — no step was missed,
Now nakamochis hum; I took a small nap. 🚀

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The pull request title "Script to update live Nakamochi with locally built nd and ngui" directly and accurately describes the main change in the changeset, which is the addition of a new Bash script (update-nakamochi.sh) that updates a live Nakamochi instance with locally built binaries. The title is concise, single-sentence, and clearly conveys the primary intent without vague language, emojis, or extraneous details. A developer scanning the repository history would immediately understand the purpose and scope of this change.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 104a7e1 and 772aa2c.

📒 Files selected for processing (1)

• tools/update-nakamochi.sh (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• tools/update-nakamochi.sh

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull Request Overview

This PR adds a shell script for updating a live Nakamochi device with locally built nd and ngui binaries, facilitating local testing before pushing to sysupdates channels.

• Adds a new shell script that automates the process of copying locally built binaries to a remote Nakamochi device
• Includes automatic path detection for the Nakamochi installation directory
• Provides hash verification and service management capabilities

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (3)

tools/update-nakamochi.sh (3)

3-13: Add input validation for Nakamochi IP address.

The script accepts the IP address as a positional argument but does not validate its format. An invalid IP could lead to confusing error messages or unexpected SSH connection attempts.

Consider adding basic IP validation:

 NAKAMOCHI_IP=$1
+
+# Basic IP validation (IPv4 dotted-quad format)
+if ! [[ $NAKAMOCHI_IP =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
+    echo "Error: Invalid IP address format: $NAKAMOCHI_IP"
+    exit 1
+fi

---

28-31: Verify file transfer success before restarting service.

After copying binaries, the script should verify that the checksums have changed, confirming successful file transfer. Currently, there is no check that the transferred files actually replaced the original binaries.

After the SCP commands, capture and compare checksums to confirm successful transfer:

 scp "$BINARIES_PATH/nd" "root@$NAKAMOCHI_IP:$nakamochi_nd_path/nd"
 scp "$BINARIES_PATH/ngui" "root@$NAKAMOCHI_IP:$nakamochi_nd_path/ngui"
-$ssh_cmd "sha256sum $nakamochi_nd_path/*; sv start nd; grep ndg /var/log/socklog/daemon/current | tail"
+echo "Verifying file transfer..."
+$ssh_cmd "sha256sum '$nakamochi_nd_path'/*; sv start nd; grep ndg /var/log/socklog/daemon/current | tail"

Alternatively, store and compare checksums before/after:

-$ssh_cmd "sha256sum $nakamochi_nd_path/*; sv stop nd"
+echo "Pre-update checksums:"
+pre_sums="$($ssh_cmd "sha256sum '$nakamochi_nd_path'/*")"
+echo "$pre_sums"
+$ssh_cmd "sv stop nd"

---

1-32: Consider adding SSH connection timeout.

SSH and SCP commands lack timeouts. On unreliable networks, these commands could hang indefinitely, blocking deployment automation.

Add connection timeout options to SSH and SCP commands:

-ssh_cmd="ssh root@$NAKAMOCHI_IP"
+ssh_cmd="ssh -o ConnectTimeout=10 -o BatchMode=yes root@$NAKAMOCHI_IP"

And update SCP commands with timeout:

-scp "$BINARIES_PATH/nd" "root@$NAKAMOCHI_IP:$nakamochi_nd_path/nd"
-scp "$BINARIES_PATH/ngui" "root@$NAKAMOCHI_IP:$nakamochi_nd_path/ngui"
+scp -o ConnectTimeout=10 "$BINARIES_PATH/nd" "root@$NAKAMOCHI_IP:$nakamochi_nd_path/nd"
+scp -o ConnectTimeout=10 "$BINARIES_PATH/ngui" "root@$NAKAMOCHI_IP:$nakamochi_nd_path/ngui"

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5f684f8 and 5d15de2.

📒 Files selected for processing (1)

• tools/update-nakamochi.sh (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

tools/update-nakamochi.sh (1)

29-30: Consider atomic file transfers to prevent partial corruption.

The binaries are copied directly to their target location. If scp is interrupted or fails partway through, the binary could be left in a corrupted or incomplete state. Consider copying to a temporary filename first and then atomically moving it into place after verifying the transfer succeeded:

-scp "$BINARIES_PATH/nd" "root@$NAKAMOCHI_IP:$nakamochi_nd_path/nd" || { echo "Failed to copy nd binary"; exit 1; }
-scp "$BINARIES_PATH/ngui" "root@$NAKAMOCHI_IP:$nakamochi_nd_path/ngui" || { echo "Failed to copy ngui binary"; exit 1; }
+scp "$BINARIES_PATH/nd" "root@$NAKAMOCHI_IP:$nakamochi_nd_path/nd.tmp" || { echo "Failed to copy nd binary"; exit 1; }
+$ssh_cmd "mv $nakamochi_nd_path/nd.tmp $nakamochi_nd_path/nd" || { echo "Failed to move nd binary into place"; exit 1; }
+scp "$BINARIES_PATH/ngui" "root@$NAKAMOCHI_IP:$nakamochi_nd_path/ngui.tmp" || { echo "Failed to copy ngui binary"; exit 1; }
+$ssh_cmd "mv $nakamochi_nd_path/ngui.tmp $nakamochi_nd_path/ngui" || { echo "Failed to move ngui binary into place"; exit 1; }

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5d15de2 and 104a7e1.

📒 Files selected for processing (1)

• tools/update-nakamochi.sh (1 hunks)

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-10-17T13:19:04.146Z

Learnt from: kristapsk
PR: nakamochi/ndg#46
File: tools/update-nakamochi.sh:22-26
Timestamp: 2025-10-17T13:19:04.146Z
Learning: In the nakamochi/ndg repository, the versioning format (X.Y.Z) and directory structure (/home/uiuser/vX.Y.Z) are stable and controlled by the maintainers through explicit sysupdates pushes, so pattern matching on these paths is considered reliable for internal tooling.

Applied to files:

• tools/update-nakamochi.sh

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build

🔇 Additional comments (2)

tools/update-nakamochi.sh (2)

3-10: Input validation is robust and user-friendly.

Clear usage message, proper exit code, and early failure for missing arguments.

---

15-18: Local binary verification is appropriately defensive.

Explicit checks for both nd and ngui binaries before proceeding, with clear error messaging.