client is invalid on gitea instances

ok, now it works for some reason.

Woke up the the latest cloudron update and now my gitea instances say "client is invalid" on login

zfs is on the host. cloudron uses non-cow inside the vm.

Otherwise this can end in a true shit show if someone relies on backups that are not working.

As a consequence I think, two things should be changed:

1. Create a working container first before deleting the old one.
2. Verify backups automatically after creating them.

unmounting works after system reboot: To reiterate: The backup that failed, was a backup I created manually 10 minutes earlier. Then I tried earlier backups and I had to go back to 16th October to have a working backup.

How buggy can something be? Yes... Clicking the Remount Storage button meanwhile works without any error?

Next problem: Trying to change the encryption password fails with this message:

Also: When downloading a backup file through the UI: Why is the download not named after the appname and timestamp of the backup, but gernically app-backup + the timestamp of the download process? Why is the cloudron cli required for decrypting backups? It should be standard and documented. Am I missing something?

Also other apps work. Encryption is a global setting isn't it? All backups since 17th October are bricked for this app.

no. Also file names are encrypted... Why do I see fileNames then before it aborts?

Seems like other people had the same problem before. For me everything runs on Zen 4c infra with ecc, zfs... It for sure is not hardware related. Backups worked until a few days ago. Something must have happened on cloudron's die, weird race condition, something. This needs checking, and backups need to be tested every single time automatically by cloudron to find the pattern and cause. It can't be that a tar is corrupted. If the source is corrupted, the tar should still be ok by itself.

Backups should be tested in the background. It is a fail safe that needs to work. If there is a cloudron error across multiple backups of a certain app, that is a cloudron error. Even if the app is corrupted, the backup should still restore the corrupted app. And it for sure should not delete the app before confirming that the restore works!

What old topics? Seems to be specific to one app install. Log shows

Oct 21 15:28:15 box:backupformat/tgz tarExtract: ./data/content/themes/tripoli/assets/sass 0 directory to /home/yellowtent/appsdata/988fb337-3525-4e58-b7cb-f98c569d119d/data/content/themes/tripoli/assets/sass
Oct 21 15:28:15 box:backupformat/tgz tarExtract: ./data/content/themes/tripoli/assets/css/style-min-rtl.css 70801 file to /home/yellowtent/appsdata/988fb337-3525-4e58-b7cb-f98c569d119d/data/content/themes/tripoli/assets/css/style-min-rtl.css
Oct 21 15:28:15 box:backupformat/tgz tarExtract: ./data/content/themes/tripoli/assets/css/style-min.css 70777 file to /home/yellowtent/appsdata/988fb337-3525-4e58-b7cb-f98c569d119d/data/content/themes/tripoli/assets/css/style-min.css
Oct 21 15:28:15 box:backupformat/tgz tarExtract: ./data/content/themes/tripoli/assets/js/app.js 3150 file to /home/yellowtent/appsdata/988fb337-3525-4e58-b7cb-f98c569d119d/data/content/themes/tripoli/assets/js/app.js
Oct 21 15:28:15 box:backupformat/tgz tarExtract: ./data/content/themes/tripoli/assets/js/app.min.js 182622 file to /home/yellowtent/appsdata/988fb337-3525-4e58-b7cb-f98c569d119d/data/content/themes/tripoli/assets/js/app.min.js
Oct 21 15:28:15 box:apptask run: app error for state pending_restore: BoxError: tarExtract pipeline error: Invalid password or tampered file (mac mismatch) at tarExtract (/home/yellowtent/box/src/backupformat/tgz.js:225:26) at process.processTicksAndRejections (node:internal/process/task_queues:95:5) at async /home/yellowtent/box/src/backupformat/tgz.js:248:9 at async promiseRetry (/home/yellowtent/box/src/promise-retry.js:17:20) at async Object.download (/home/yellowtent/box/src/backupformat/tgz.js:244:5) at async download (/home/yellowtent/box/src/backuptask.js:104:5) at async Object.downloadApp (/home/yellowtent/box/src/backuptask.js:138:5) at async install (/home/yellowtent/box/src/apptask.js:368:9) { reason: 'External Error', details: {} }
Oct 21 15:28:15 box:taskworker Task took 119.385 seconds
Oct 21 15:28:15 box:tasks setCompleted - 13773: {"result":null,"error":{"stack":"BoxError: tarExtract pipeline error: Invalid password or tampered file (mac mismatch)\n at tarExtract (/home/yellowtent/box/src/backupformat/tgz.js:225:26)\n at process.processTicksAndRejections (node:internal/process/task_queues:95:5)\n at async /home/yellowtent/box/src/backupformat/tgz.js:248:9\n at async promiseRetry (/home/yellowtent/box/src/promise-retry.js:17:20)\n at async Object.download (/home/yellowtent/box/src/backupformat/tgz.js:244:5)\n at async download (/home/yellowtent/box/src/backuptask.js:104:5)\n at async Object.downloadApp (/home/yellowtent/box/src/backuptask.js:138:5)\n at async install (/home/yellowtent/box/src/apptask.js:368:9)","name":"BoxError","reason":"External Error","details":{},"message":"tarExtract pipeline error: Invalid password or tampered file (mac mismatch)"}}
Oct 21 15:28:15 box:tasks update 13773: {"percent":100,"result":null,"error":{"stack":"BoxError: tarExtract pipeline error: Invalid password or tampered file (mac mismatch)\n at tarExtract (/home/yellowtent/box/src/backupformat/tgz.js:225:26)\n at process.processTicksAndRejections (node:internal/process/task_queues:95:5)\n at async /home/yellowtent/box/src/backupformat/tgz.js:248:9\n at async promiseRetry (/home/yellowtent/box/src/promise-retry.js:17:20)\n at async Object.download (/home/yellowtent/box/src/backupformat/tgz.js:244:5)\n at async download (/home/yellowtent/box/src/backuptask.js:104:5)\n at async Object.downloadApp (/home/yellowtent/box/src/backuptask.js:138:5)\n at async install (/home/yellowtent/box/src/apptask.js:368:9)","name":"BoxError","reason":"External Error","details":{},"message":"tarExtract pipeline error: Invalid password or tampered file (mac mismatch)"}}
Oct 21 15:28:15 

Thank god, the underlying pbs system works for restoration, otherwise this would have been catastrophe... Why does an app get bricked when a backup is used? It should only roll over to the new container, once the restoration succeeded. Like proxmox does it.

Currently restoring backups fails: Error : External Error - tarExtract pipeline error: Invalid password or tampered file (mac mismatch)

I can create them, I can read them alright: But the cloning or restoration fails with "Error : External Error - tarExtract pipeline error: Invalid password or tampered file (mac mismatch)" Backup target is simply a Synology smb share. This worked fine until now it doesn't Backups get created, but can't be used.

@luckow Thank you. Did not find the button. From a UX perspective I feel there should be a button to simply clone an app... Maybe I have a current state, that I want to test something on... And a quick clone button, that creates a backup, clones from that, then deletes the backup again would be perfect somehow.

How do I clone an app other than creating a new app and restoring from backup? Why is there no simple "clone" button?

The jwt stuff works great. I have a default token life time of 1 year now, mirroring what gitlab is doing.

You're right. Sometimes it is just this feeling of: "It worked perfectly before" Btw: Thank you for finding the config.
And yes, the good thing is: Cloudron offers a generally really nice mix of managed experience without blocking control. On the other side, if stuff is working, and then it is not -> I'm sometimes a little confused about how migrations work, if I add too much custom stuff...