Merge pull request 'Fix colibri daemon rc.d — 4 bugs resolved (v0.9.1)' (#16) from fix/colibri-rc-d-bugs into main
This commit is contained in:
123kupola
parent
28c480ba26
commit
3bc802bc66
2 changed files with 39 additions and 9 deletions
10
build.sh
10
build.sh
|
|
@ -290,8 +290,7 @@ preflight_colibri_artifacts() {
|
|||
echo " Set COLIBRI_REPO=/path/to/colibri or FEATURE_COLIBRI=NO."
|
||||
exit 1
|
||||
fi
|
||||
if ! grep -q '^command="/usr/sbin/daemon"' "${_colibri_rc}" || \
|
||||
! grep -q '^procname="/usr/sbin/daemon"' "${_colibri_rc}"; then
|
||||
if ! grep -q '^command="/usr/sbin/daemon"' "${_colibri_rc}"; then
|
||||
echo "ERROR: Colibri rc.d source does not supervise with daemon(8): ${_colibri_rc}"
|
||||
echo " Update the Colibri checkout before building; a foreground daemon blocks live boot."
|
||||
exit 1
|
||||
|
|
@ -751,11 +750,16 @@ install_colibri_service() {
|
|||
/var/db/colibri \
|
||||
/var/run/colibri \
|
||||
/var/log/colibri
|
||||
chmod 0750 \
|
||||
chmod 0755 \
|
||||
"${MOUNT_POINT}/var/db/colibri" \
|
||||
"${MOUNT_POINT}/var/run/colibri" \
|
||||
"${MOUNT_POINT}/var/log/colibri"
|
||||
|
||||
# Allow operator to use 'colibri' CLI without root
|
||||
if /usr/sbin/pw -R "${MOUNT_POINT}" usershow clawdie >/dev/null 2>&1; then
|
||||
/usr/sbin/pw -R "${MOUNT_POINT}" groupmod colibri -m clawdie
|
||||
fi
|
||||
|
||||
set_config_line "${MOUNT_POINT}/etc/rc.conf" "colibri_daemon_enable=\"${COLIBRI_DAEMON_ENABLE:-YES}\""
|
||||
set_config_line "${MOUNT_POINT}/etc/rc.conf" 'colibri_daemon_user="colibri"'
|
||||
set_config_line "${MOUNT_POINT}/etc/rc.conf" 'colibri_daemon_group="colibri"'
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ SCRIPT_DIR=$(CDPATH= cd -- "$(dirname -- "$0")" && pwd)
|
|||
REPO_ROOT=$(CDPATH= cd -- "${SCRIPT_DIR}/.." && pwd)
|
||||
COLIBRI_REPO=${COLIBRI_REPO:-"${REPO_ROOT}/../colibri"}
|
||||
COLIBRI_ARTIFACT_DIR=${COLIBRI_ARTIFACT_DIR:-"${COLIBRI_REPO}/target/release"}
|
||||
COLIBRI_STAGE_ENABLE=${COLIBRI_STAGE_ENABLE:-NO}
|
||||
COLIBRI_STAGE_ENABLE=${COLIBRI_STAGE_ENABLE:-YES}
|
||||
COLIBRI_STAGE_INCLUDE_TUI=${COLIBRI_STAGE_INCLUDE_TUI:-1}
|
||||
COLIBRI_COST_MODE=${COLIBRI_COST_MODE:-smart}
|
||||
|
||||
|
|
@ -70,13 +70,39 @@ install -m 0555 "${RC_SOURCE}" "${RC_DIR}/colibri_daemon"
|
|||
install -m 0644 "${NEWSYSLOG_SOURCE}" "${NEWSYSLOG_DIR}/colibri.conf"
|
||||
|
||||
if ! grep -q '^command="/usr/sbin/daemon"' "${RC_DIR}/colibri_daemon" || \
|
||||
! grep -q '^procname="/usr/sbin/daemon"' "${RC_DIR}/colibri_daemon" || \
|
||||
! grep -q -- '-o .*colibri_daemon_program' "${RC_DIR}/colibri_daemon"; then
|
||||
echo "ERROR: staged colibri_daemon rc.d script does not supervise colibri-daemon with daemon(8)" >&2
|
||||
echo " Update COLIBRI_REPO (${COLIBRI_REPO}) before building; the live USB must not block boot in rc.d." >&2
|
||||
exit 66
|
||||
fi
|
||||
|
||||
# Fix procname: the upstream procname="/usr/sbin/daemon" doesn't match
|
||||
# daemon(8)'s process title ("daemon: name[pid] (daemon)"). Match the
|
||||
# first word instead. Since check_pidfile uses the pidfile (PID-scoped),
|
||||
# there's no collision with other daemon(8) instances.
|
||||
sed -i '' 's/^procname="\/usr\/sbin\/daemon"$/procname="daemon:"/' \
|
||||
"${RC_DIR}/colibri_daemon"
|
||||
|
||||
# Fix ${name}_program override: rc.subr line 1120 silently replaces
|
||||
# command= with ${name}_program if set, so colibri_daemon_program=
|
||||
# overrode command="/usr/sbin/daemon" — daemon(8) was never invoked.
|
||||
# Rename the variable so rc.subr leaves command= alone.
|
||||
sed -i '' 's/colibri_daemon_program/colibri_daemon_binary/g' \
|
||||
"${RC_DIR}/colibri_daemon"
|
||||
|
||||
# Remove -u from daemon(8) args: rc.subr already runs as colibri via su,
|
||||
# so daemon(8)'s own privilege drop double-drops and fails with
|
||||
# "failed to set user environment".
|
||||
sed -i '' 's/ -u \${colibri_daemon_user} //' \
|
||||
"${RC_DIR}/colibri_daemon"
|
||||
|
||||
# Fix pidfile permissions: daemon(8) -P creates the pidfile as 0600
|
||||
# owned by the target user, which blocks non-root users (clawdie) from
|
||||
# running 'service colibri_daemon status'. Chmod in poststart.
|
||||
sed -i '' '/socket ready/a\
|
||||
chmod 644 "${pidfile}" 2>/dev/null || true' \
|
||||
"${RC_DIR}/colibri_daemon"
|
||||
|
||||
cat > "${ETC_DIR}/rc.conf.sample" <<EOF
|
||||
# Colibri control plane service defaults for the Clawdie ISO.
|
||||
# Merge into /etc/rc.conf or /etc/rc.conf.d/colibri_daemon.
|
||||
|
|
@ -97,9 +123,9 @@ Colibri ISO staging notes
|
|||
=========================
|
||||
|
||||
The ISO build creates the colibri user/group and stages the rc.d service.
|
||||
Current operator USB builds keep the daemon disabled at boot unless explicitly
|
||||
overridden in build.cfg, so Colibri cannot block SDDM/XFCE startup. Runtime
|
||||
validation:
|
||||
The colibri-daemon runs under daemon(8) supervision and is enabled at boot.
|
||||
If the daemon fails, it restarts automatically without blocking SDDM/XFCE.
|
||||
Runtime validation:
|
||||
|
||||
service colibri_daemon start
|
||||
colibri status
|
||||
|
|
@ -108,7 +134,7 @@ validation:
|
|||
service colibri_daemon stop
|
||||
EOF
|
||||
|
||||
chmod 0750 "${DB_DIR}" "${RUN_DIR}" "${LOG_DIR}"
|
||||
chmod 0755 "${DB_DIR}" "${RUN_DIR}" "${LOG_DIR}"
|
||||
|
||||
cat <<EOF
|
||||
Staged Colibri into ${DESTDIR}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue