- install.sh: pre-create ks.cfg with o+w after permission setup so
non-root users can overwrite it (OEMDRV root itself stays o=rX)
- install.sh: restore su drop to $SUDO_USER when it is set and not
root; fall back to direct root execution otherwise
- configure.sh: remove the hard root check so both cases work
- configure.md: update docs to reflect root/non-root support
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Move setup_system.conf.dist to system_setup/config.dist/ and
skel.tar.zst.dist + pack_skel.sh to system_setup/skel/; config/ now
holds only gitignored local files
- Fix configure.sh CONF_DIST path (was pointing at non-existent
config/setup_system.conf.dist)
- Fix skel/pack_skel.sh: remove vestigial source line whose path was
wrong in both old and new location
- Update error messages in setup_system.inc.sh and
sync_client_software.sh to reference new dist file location
- Move machine_uuid reading/writing into setup_system.inc.sh so all
scripts have MACHINEID available; setup_system.conf.dist now uses
MACHINEID conditionally with a hostname fallback
- sync_client_software.sh: fix && / typo (should be && \) that broke
the flatpak remote-add → install chain; add network error handling
after flatpak install; cleanup upgrade logic and chown placement
- Update CLAUDE.md and install.md to reflect new dist file locations
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Detect existing OEMDRV partition at startup; offer to reuse it
instead of creating a new one (mounts if needed, sources existing
setup_system.inc.sh before cloning)
- When existing repo origin/branch differs from REPO_URL/REPO_BRANCH,
offer to pull from existing origin, migrate to new origin (preserving
gitignored local files), or fall through to fresh clone
- Extract finish_install() and do_clone_and_done() helpers to share
clone, permissions, and configure.sh prompt across all paths
- Replace generic chmod with chown root:root + chmod ug=rwX,o=rX
recursively, plus o+w on config/ and config.d/
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Fetches user_full_name (givenname + sn) and user_email from FreeIPA via
ipalib and writes them into the Thunderbird IMAP account prefs. Adds
ipalib availability check to logon_script.sh. Drops TB_MAIL_FULLNAME
config variable.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Adds SERVERFQDN_IMAP and TB_MAIL_FULLNAME to setup_system.conf.dist.
On each logon the script checks if an IMAP account for DAVTOKEN_USER@TLDOMAIN
already exists in prefs.js; if not it writes the server, identity, and account
entries and registers it with accountmanager. Idempotent — skipped when the
account is already present.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Ensures session bus socket and kwalletd5/6 talk permissions are set at
logon, so Flatseal or a missing manifest entry cannot silently break
Talk's credential storage and Plasma integration.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
--scope ... & had two problems:
1. systemd-run stayed alive in the autostart service cgroup;
KillMode=control-group sent it SIGTERM when logon_script.sh exited,
tearing down the scope and killing Talk mid-initialization.
2. The scope lacked Delegate=yes, preventing Electron's zygote from
creating sub-cgroups for the GPU/renderer processes.
The previous commit added Delegate=yes but kept --scope, so problem 1
remained: the scope was still torn down on service exit, causing the
GPU/network service crash visible in talk.log.
Switch to a transient service unit identical to the Nextcloud Desktop
Client fix: --no-block returns immediately so systemd-run is gone from
the cgroup before the service ends; --property=Delegate=yes is retained
for Electron's zygote. Tested: service active, zygote and network
service running, no GPU crash.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
systemd-run --scope ... & left the systemd-run binary running as a
background process inside the autostart service's cgroup. When
logon_script.sh exited, systemd's KillMode=control-group sent SIGTERM
to all remaining cgroup processes, including systemd-run. systemd-run,
on receiving SIGTERM while monitoring a scope, stopped the scope and
killed the Nextcloud client -- at exactly the same moment the autostart
service ended.
--no-block with --scope is not supported. Switch to a transient service
unit (drop --scope, add --no-block). systemd-run registers the unit and
returns immediately, leaving the cgroup before logon_script.sh ends.
The Nextcloud process then runs as an independent systemd user service,
unaffected by the autostart service lifecycle. Tested: Nextcloud keeps
running after systemd-run exits.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Nextcloud Talk is an Electron app. Electron uses a zygote process to
fork sandboxed child processes (GPU, renderer, network service) into
their own sub-cgroups. systemd-run --scope without Delegate=yes locks
down the cgroup — sub-cgroups cannot be created — so the zygote fails,
causing the GPU process to crash immediately on startup.
Adding --property=Delegate=yes hands cgroup management to the scope,
allowing flatpak/bubblewrap and Electron's zygote to create the
sub-cgroups they need. Tested: no GPU crash with this flag set.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
/var/tmp is persistent on-disk storage. The encryption key must never
be written to disk, even temporarily. Replaced all occurrences of
/var/tmp/IPAVAULTKEY.txt with ${XDG_RUNTIME_DIR}/IPAVAULTKEY, which
is a per-user tmpfs directory (/run/user/<UID>) created by
systemd-logind: guaranteed memory-only, mode 0700, wiped on logout.
Also removed the TODO comment that tracked this exact issue.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
setsid -f forks the process into a new session but leaves it in the
calling service's cgroup. systemd-run --user --scope moves it into its
own transient scope cgroup so the autostart service can finish normally.
Added & to background the launch, replacing the fork that setsid -f
was providing. Tested: scope is created and Talk starts correctly.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Same root cause as the gocryptfs and Nextcloud fixes: kwalletd6 is a
long-running daemon that stays alive for the entire KDE session.
Launching it with setsid keeps it in the autostart service cgroup,
preventing app-logon_script.sh@autostart from reaching finished state.
Replace setsid with systemd-run --user --scope so kwalletd6 runs in
its own transient scope cgroup.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
KDE Plasma runs each autostart .desktop entry as a systemd user unit.
systemd tracks service liveness by cgroup membership, not just the
main PID. Any process forked inside the service — even via setsid or &
— stays in the service's cgroup and keeps app-logon_script.sh@autostart
in active (running) state indefinitely after logon_script.sh exits.
mount_ecrypt_home.sh: wrap the gocryptfs mount call with
systemd-run --user --scope --unit=gocryptfs-home
The FUSE daemon that gocryptfs forks now lives in its own transient
scope cgroup. Exit-code propagation is unchanged because systemd-run
--scope returns the main process's exit code.
0050_nextcloud_desktopclient/user_run.sh: replace
/usr/bin/setsid ... &
with
systemd-run --user --scope --unit=nextcloud-client ... &
setsid creates a new session but does not move the process out of the
cgroup; systemd-run --scope does.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Free-space start alignment
parted reports free space starting at 0,02 MiB (before the GPT
alignment boundary). The collect_free_space awk now rounds the start
up to the next whole MiB (ceiling) and enforces a minimum of 1 MiB,
then recomputes the usable size from the adjusted start. This prevents
parted from being asked to create a partition at 0 MiB, which it
cannot do.
Locale-independent partition creation
The previous `printf 'Yes\n' | parted mkpart` relied on parted
accepting an English answer to its alignment-confirmation prompt.
On a German-locale system parted asks "Ist dies noch akzeptabel?"
and ignores "Yes", causing mkpart to fail. Replaced with `parted -s`
(script/non-interactive mode), consistent with every other parted
call in the script.
Correct new-partition detection on disks with gaps
The old heuristic took the highest partition number after partprobe.
On a disk where existing partitions are numbered 2/3/4, a new
partition in the gap before them receives number 1 — making the
old heuristic point at partition 4 (the existing btrfs volume) and
subsequently run mkfs.btrfs on it. The new awk matches by start
position (OEMDRV_START ± 1 MiB) instead, which is unambiguous
regardless of how numbers are assigned.
Infinite loop on EOF stdin
When the selection while-loop's `read` hits EOF (e.g. stdin exhausted
after sudo consumed a piped password), it returns exit code 1 with an
empty INPUT, which falls through to "Invalid input." and spins
forever. Added `|| { echo; echo "Aborted."; exit 0; }` to all three
read calls in the loop.
install.md: drop stale install_from_repo.sh reference from title;
clarify that REPO_URL/REPO_BRANCH overrides are optional.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
install.sh writes the last 12 chars of the DMI system UUID to
config.d/machine_uuid.sys (0444) after git clone, so non-root scripts
can derive the hardware-bound hostname without needing dmidecode.
conf.dist reads machine_uuid.sys first; falls back to dmidecode (root)
or hostname -s (user) if the file is absent.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Instead of dying immediately, check_tools now lists missing packages,
asks the user to install them with dnf, and re-verifies after install.
Decline still aborts as before.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Each variable is now prompted in a retry loop so a failed test re-prompts
that specific variable instead of restarting the whole wizard. Adds DNS-based
IPA domain validation (_ldap._tcp SRV + _kerberos TXT + _kerberos._udp SRV),
matching what ipa-client-install --domain performs. Fixes syntax errors
(bare `do` → `while true; do`, `continue` → `break`). Expands VARS to include
IPAVAULTNAME, CLIENT_SOFTWARE_SRC, DISTCONFIGPATH_SRC.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Daniel unbrot Pätzold
obel1x
unbrot