+1 -1

.github/workflows/build-and-push-ghcr.yaml

··· 3 3 push: 4 4 branches: 5 5 - main 6 6 - - pdsv2 6 6 + - next 7 7 tags: 8 8 - v* 9 9 env:

-2

ACCOUNT_MIGRATION.md

··· 1 1 # Account Migration 2 2 3 3 - **Update May 2025:** An updated guide to account migration is now [part of the atproto specifications](https://atproto.com/guides/account-migration). There is also [a blog post available](https://whtwnd.com/bnewbold.net/3l5ii332pf32u) which describes how to do an account migration using a command-line tool (`goat`). 4 4 - 5 3 ### ⚠️ Warning ⚠️ ️ 6 4 Account migration is a potentially destructive operation. Part of the operation involves signing away your old PDS's ability to make updates to your DID. If something goes wrong, you could be permanently locked out of your account, and Bluesky will not be able to help you recover it. 7 5

-33

PUBLISH.md

··· 1 1 - # Publishing a new version of the PDS distro 2 2 - 3 3 - Below are the steps to publish a new version of the PDS distribution. The distribution is hosted by GitHub Container Registry, supported by the `build-and-push-ghcr` workflow. We use git tags to generate Docker tags on the resulting images. 4 4 - 5 5 - 1. Update the @atproto/pds dependency in the `service/` directory. 6 6 - 7 7 - We're using version `0.4.999` as an example. The latest version of the [`@atproto/pds` package](https://www.npmjs.com/package/@atproto/pds) must already be published on npm. 8 8 - ```sh 9 9 - $ cd service/ 10 10 - $ pnpm update @atproto/pds@0.4.999 11 11 - $ cd .. 12 12 - ``` 13 13 - 14 14 - 2. Commit the change directly to `main`. 15 15 - 16 16 - As soon as this is committed and pushed, the workflow to build the Docker image will start running. 17 17 - ```sh 18 18 - $ git add service/ 19 19 - $ git commit -m "pds v0.4.999" 20 20 - $ git push 21 21 - ``` 22 22 - 23 23 - 3. Smoke test the new Docker image. 24 24 - 25 25 - The new Docker image built by GitHub can be found [here](https://github.com/bluesky-social/pds/pkgs/container/pds). You can use the `sha-`prefixed tag to deploy this image to a test PDS for smoke testing. 26 26 - 27 27 - 4. Finally, tag the latest Docker image version. 28 28 - 29 29 - The Docker image will be tagged as `latest`, `0.4.999`, and `0.4`. Our self-hosters generally use the `0.4` tag, and their PDS distribution will be updated automatically over night in many cases. The Docker tags are generated automatically from git tags. 30 30 - ```sh 31 31 - $ git tag v0.4.999 32 32 - $ git push --tags 33 33 - ```

+3 -11

README.md

··· 20 20 * [Open your cloud firewall for HTTP and HTTPS](#open-your-cloud-firewall-for-http-and-https) 21 21 * [Configure DNS for your domain](#configure-dns-for-your-domain) 22 22 * [Check that DNS is working as expected](#check-that-dns-is-working-as-expected) 23 23 - * [Installer on Ubuntu 20.04/22.04/24.04 and Debian 11/12](#installer-on-ubuntu-200422042404-and-debian-1112) 23 23 + * [Installer on Ubuntu 20.04/22.04 and Debian 11/12](#installer-on-ubuntu-20042204-and-debian-1112) 24 24 * [Verifying that your PDS is online and accessible](#verifying-that-your-pds-is-online-and-accessible) 25 25 * [Creating an account using pdsadmin](#creating-an-account-using-pdsadmin) 26 26 * [Creating an account using an invite code](#creating-an-account-using-an-invite-code) ··· 83 83 **Server Recommendations** 84 84 | | | 85 85 | ---------------- | ------------ | 86 86 - | Operating System | Ubuntu 24.04 | 86 86 + | Operating System | Ubuntu 22.04 | 87 87 | Memory (RAM) | 1 GB | 88 88 | CPU Cores | 1 | 89 89 | Storage | 20 GB SSD | ··· 130 130 131 131 These should all return your server's public IP. 132 132 133 133 - ### Installer on Ubuntu 20.04/22.04/24.04 and Debian 11/12 133 133 + ### Installer on Ubuntu 20.04/22.04 and Debian 11/12 134 134 135 135 On your server via ssh, download the installer script using wget: 136 136 ··· 227 227 ``` 228 228 229 229 _Note: Your PDS will need to be restarted with those variables. This varies depending on your setup. If you followed this installation guide, run `systemctl restart pds`. You might need to restart the server or recreate the container, depending on what you are using._ 230 230 - 231 231 - #### Common SMTP issues 232 232 - 233 233 - If you find that your test messages using cURL or other sources go out correctly, but you are not receiving emails from your PDS, you may need to URL encode your username and password on `/pds/pds.env` and restart the PDS service. 234 234 - 235 235 - If the username and/or password contain special characters, the special characters will need to be [percent encoded](https://en.wikipedia.org/wiki/Percent-encoding). For some email services, the username will contain an extra `@` symbol that will also need to be percent encoded. For example, the URL `user&name@oci:p@ssword@smtphost:465` after percent encoding for the username and password fields would become `user%26name%40oci:p%40ssword@smtphost:465`. 236 236 - 237 237 - If you are migrating an account, Bluesky's UI will ask you to confirm your email address. The confirmation code email is meant to come from your PDS. If you are encountering issues with SMTP and want to confirm the address before solving it, you can find the confirmation code on the `email_token` table on `accounts.sqlite`. 238 230 239 231 ### Logging 240 232

+10 -4

installer.sh

··· 31 31 openssl 32 32 sqlite3 33 33 xxd 34 34 - jq 35 34 " 36 35 # Docker packages. 37 36 REQUIRED_DOCKER_PACKAGES=" ··· 94 93 elif [[ "${DISTRIB_CODENAME}" == "jammy" ]]; then 95 94 SUPPORTED_OS="true" 96 95 echo "* Detected supported distribution Ubuntu 22.04 LTS" 97 97 - elif [[ "${DISTRIB_CODENAME}" == "noble" ]]; then 96 96 + elif [[ "${DISTRIB_CODENAME}" == "mantic" ]]; then 98 97 SUPPORTED_OS="true" 99 99 - echo "* Detected supported distribution Ubuntu 24.04 LTS" 98 98 + echo "* Detected supported distribution Ubuntu 23.10 LTS" 100 99 fi 101 100 elif [[ "${DISTRIB_ID}" == "debian" ]]; then 102 101 if [[ "${DISTRIB_CODENAME}" == "bullseye" ]]; then ··· 109 108 fi 110 109 111 110 if [[ "${SUPPORTED_OS}" != "true" ]]; then 112 112 - echo "Sorry, only Ubuntu 20.04, 22.04, 24.04, Debian 11 and Debian 12 are supported by this installer. Exiting..." 111 111 + echo "Sorry, only Ubuntu 20.04, 22.04, Debian 11 and Debian 12 are supported by this installer. Exiting..." 113 112 exit 1 114 113 fi 115 114 ··· 215 214 fi 216 215 217 216 # Admin email 217 217 + if [[ -z "${PDS_ADMIN_EMAIL}" ]]; then 218 218 + read -p "Enter an admin email address (e.g. you@example.com): " PDS_ADMIN_EMAIL 219 219 + fi 220 220 + if [[ -z "${PDS_ADMIN_EMAIL}" ]]; then 221 221 + usage "No admin email specified" 222 222 + fi 223 223 + 218 224 if [[ -z "${PDS_ADMIN_EMAIL}" ]]; then 219 225 read -p "Enter an admin email address (e.g. you@example.com): " PDS_ADMIN_EMAIL 220 226 fi

+1 -1

service/package.json

··· 7 7 "main": "index.js", 8 8 "license": "MIT", 9 9 "dependencies": { 10 10 - "@atproto/pds": "0.4.169" 10 10 + "@atproto/pds": "0.4.166" 11 11 } 12 12 }

+35 -35

service/pnpm-lock.yaml

··· 6 6 7 7 dependencies: 8 8 '@atproto/pds': 9 9 - specifier: 0.4.169 10 10 - version: 0.4.169 9 9 + specifier: 0.4.166 10 10 + version: 0.4.166 11 11 12 12 packages: 13 13 ··· 148 148 '@atproto/crypto': 0.4.4 149 149 dev: false 150 150 151 151 - /@atproto/jwk-jose@0.1.10: 152 152 - resolution: {integrity: sha512-Eiu/u4tZHz3IIhHZt0zneYEffSAO3Oqk/ToKwlu1TqKte6sjtPs/4uquSiAAGFYozqgo92JC/AQclWzzkHI5QQ==} 151 151 + /@atproto/jwk-jose@0.1.9: 152 152 + resolution: {integrity: sha512-HT9GcUe6htDxI5OSYXWdeS6QZ9lpuDDvJk508ppi8a48E/1f8eumoM0QhgbFRF9IKAnnFrtnZDOAvljQzFKwwQ==} 153 153 dependencies: 154 154 - '@atproto/jwk': 0.5.0 154 154 + '@atproto/jwk': 0.4.0 155 155 jose: 5.2.2 156 156 dev: false 157 157 158 158 - /@atproto/jwk@0.5.0: 159 159 - resolution: {integrity: sha512-Qi2NtEqhkG+uz3CKia4+H05WMV/z//dz3ESo5+cyBKrOnxVTJ5ZubMyltWjoYvy6v/jLhorXdDWcjn07yky7MQ==} 158 158 + /@atproto/jwk@0.4.0: 159 159 + resolution: {integrity: sha512-tvp4iZrzqEzKCeTOKz50/o6WdsZzOuWmWjF6On5QAp04fLwLpsFu2Hixgx/lA1KBO0O4sns7YSGcAqSSX6Rdog==} 160 160 dependencies: 161 161 multiformats: 9.9.0 162 162 zod: 3.23.8 ··· 172 172 zod: 3.23.8 173 173 dev: false 174 174 175 175 - /@atproto/oauth-provider-api@0.2.1: 176 176 - resolution: {integrity: sha512-a3sbgsF3wJwCB8bVkM8CsSGuG2bGYl3O4fdIZjTu1IYO+yyYbPYs6r3i2xmNgWZ3bgkWBz4dBOhm8y1rDJuDDQ==} 175 175 + /@atproto/oauth-provider-api@0.2.0: 176 176 + resolution: {integrity: sha512-u18VRCDuz5BloUQKbvTISjQk7CgpDI1hf3leoJ7ADOAo8oW71QZD0tsWDX81R2uB66mKZHptjGSSVxxqpZFipQ==} 177 177 dependencies: 178 178 - '@atproto/jwk': 0.5.0 179 179 - '@atproto/oauth-types': 0.4.1 178 178 + '@atproto/jwk': 0.4.0 179 179 + '@atproto/oauth-types': 0.4.0 180 180 dev: false 181 181 182 182 - /@atproto/oauth-provider-frontend@0.1.12: 183 183 - resolution: {integrity: sha512-vIJjgSkcjcZltAw9duu+mSye4uOtGg6dQqE7KJvnOCexurCi7F/Zw3CDcDdVCl6e/sC/7IM/aFmKZfeYOq5ncA==} 182 182 + /@atproto/oauth-provider-frontend@0.1.11: 183 183 + resolution: {integrity: sha512-MvPUI+vh8a8UWmpAV8VS2qrdJ/B6l75qDQX1z6vF1YkPR1d9SLEdOYx/O26g5ZyuN+Mk00OBdOSfjvON/UOxQA==} 184 184 engines: {node: '>=18.7.0'} 185 185 optionalDependencies: 186 186 - '@atproto/oauth-provider-api': 0.2.1 186 186 + '@atproto/oauth-provider-api': 0.2.0 187 187 dev: false 188 188 189 189 - /@atproto/oauth-provider-ui@0.2.1: 190 190 - resolution: {integrity: sha512-DouvvlSqgEVXn1/FkijiXaCP3QOR8xI5L+aW0laWhxOAoBkEYJ2DY3lZbAMhGtXjXfHIrQ44zUiSC/Nw2KEKbQ==} 189 189 + /@atproto/oauth-provider-ui@0.2.0: 190 190 + resolution: {integrity: sha512-v4rzz3C8i2NBqxycWWDTeosHtv6B9+EW4ZCq9Il6thmHdtT2CmB07R5Ia7zQ1n7lylxI6mC9JqA9CLis0uLz+Q==} 191 191 engines: {node: '>=18.7.0'} 192 192 optionalDependencies: 193 193 - '@atproto/oauth-provider-api': 0.2.1 193 193 + '@atproto/oauth-provider-api': 0.2.0 194 194 dev: false 195 195 196 196 - /@atproto/oauth-provider@0.10.2: 197 197 - resolution: {integrity: sha512-DcdxxfHyI7CQmN3YJi8ljanijgOWp4IaYZkCYWZI6N7/Gmpgwrh0sszwKH2W3BuHnf1LKh4EfWCiR9scWLHwiQ==} 196 196 + /@atproto/oauth-provider@0.10.0: 197 197 + resolution: {integrity: sha512-WbDaMC/9Zd4oslA4pPvf7ozum0YAQRxNspYpEauXtJ/bjVxqViKgV158jnPhDbYfo62NkxSuSaUkTV116U/VBg==} 198 198 engines: {node: '>=18.7.0'} 199 199 dependencies: 200 200 '@atproto-labs/fetch': 0.2.3 ··· 204 204 '@atproto-labs/simple-store-memory': 0.1.3 205 205 '@atproto/common': 0.4.11 206 206 '@atproto/did': 0.1.5 207 207 - '@atproto/jwk': 0.5.0 208 208 - '@atproto/jwk-jose': 0.1.10 209 209 - '@atproto/oauth-provider-api': 0.2.1 210 210 - '@atproto/oauth-provider-frontend': 0.1.12 211 211 - '@atproto/oauth-provider-ui': 0.2.1 212 212 - '@atproto/oauth-scopes': 0.0.2 213 213 - '@atproto/oauth-types': 0.4.1 207 207 + '@atproto/jwk': 0.4.0 208 208 + '@atproto/jwk-jose': 0.1.9 209 209 + '@atproto/oauth-provider-api': 0.2.0 210 210 + '@atproto/oauth-provider-frontend': 0.1.11 211 211 + '@atproto/oauth-provider-ui': 0.2.0 212 212 + '@atproto/oauth-scopes': 0.0.1 213 213 + '@atproto/oauth-types': 0.4.0 214 214 '@atproto/syntax': 0.4.0 215 215 '@hapi/accept': 6.0.3 216 216 '@hapi/address': 5.1.1 ··· 227 227 - supports-color 228 228 dev: false 229 229 230 230 - /@atproto/oauth-scopes@0.0.2: 231 231 - resolution: {integrity: sha512-Wb3/7/zu17npmniMnF4dqcH+shNmZIX7ZuWCF4ThadCDPX0hZ7TV3D3P+JuJAhhQ/b+cCt1PBvpUeWP2cb9rhg==} 230 230 + /@atproto/oauth-scopes@0.0.1: 231 231 + resolution: {integrity: sha512-9IGgwM0KrWUwRTg02o4GKZaoKJLOkFwtkq2i39pYQxqJm18jvEvadxW/sR1A5f9f2vbTZtECgIziU5hdd01U5Q==} 232 232 dev: false 233 233 234 234 - /@atproto/oauth-types@0.4.1: 235 235 - resolution: {integrity: sha512-c5ixf2ZOzcltOu1fDBnO/tok6Wj7JDDK66+Z0q/+bAr8LXgOnxP7zQfJ+DD4gTkB+saTqsqWtVv8qvx/IEtm1g==} 234 234 + /@atproto/oauth-types@0.4.0: 235 235 + resolution: {integrity: sha512-FrRH9JsPw9H4JxfPDrbrI+pB102tbHTygajfHay7xwz78HPOjSbWPRgWW2hYS4w8vDYdB3PYbBj1jPoKetW7LA==} 236 236 dependencies: 237 237 - '@atproto/jwk': 0.5.0 237 237 + '@atproto/jwk': 0.4.0 238 238 zod: 3.23.8 239 239 dev: false 240 240 241 241 - /@atproto/pds@0.4.169: 242 242 - resolution: {integrity: sha512-JXaZ+C/DfYWZ1j17mHmYcMtxRJaMdX0/W2Aqj9iZLQe27BZT+Zdy3mhMt92zqqzCYj1QfhhBdjRtj7CfaaeiPg==} 241 241 + /@atproto/pds@0.4.166: 242 242 + resolution: {integrity: sha512-LwLiLQNOZsZ4LgD4qmtWf3W5FJEaTA3Bi3Y1x79TXrBfcvcmIoNYBUE0WOLmDFfLyp44caODqS6HCLvqc11T7g==} 243 243 engines: {node: '>=18.7.0'} 244 244 dependencies: 245 245 '@atproto-labs/fetch-node': 0.1.9 ··· 250 250 '@atproto/crypto': 0.4.4 251 251 '@atproto/identity': 0.4.8 252 252 '@atproto/lexicon': 0.4.12 253 253 - '@atproto/oauth-provider': 0.10.2 254 254 - '@atproto/oauth-scopes': 0.0.2 253 253 + '@atproto/oauth-provider': 0.10.0 254 254 + '@atproto/oauth-scopes': 0.0.1 255 255 '@atproto/repo': 0.8.5 256 256 '@atproto/syntax': 0.4.0 257 257 '@atproto/xrpc': 0.7.1