clawdie/clawdie-iso
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request 'feature/ublock-origin-preinstall' (#116) from feature/ublock-origin-preinstall into main

Browse source 
Reviewed-on: #116
This commit is contained in:
clawdie 2026-06-23 07:14:37 +02:00
commit 4bc9779512
7 changed files with 79 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
BUILD.md
View file

@ -146,7 +146,7 @@ Published/downloaded artifacts are compressed as `.img.xz`. Stream the
compressed image directly into `dd`: compressed image directly into `dd`:
```sh ```sh
xz -dc clawdie-quindecim-0.11.0.img.xz | sudo dd of=/dev/daX bs=1M status=progress conv=fsync xz -dc clawdie-quindecim-0.11.0.img.xz | dd of=/dev/daX bs=1M status=progress conv=fsync && sync
sync sync
``` ```
@ -163,7 +163,7 @@ curl -fL --retry 5 --retry-delay 5 -O \
For a build-local uncompressed image, plain `dd` is also fine: For a build-local uncompressed image, plain `dd` is also fine:
```sh ```sh
sudo dd if=tmp/output/clawdie-quindecim-0.11.0.img of=/dev/daX bs=1M status=progress conv=fsync dd if=tmp/output/clawdie-quindecim-0.11.0.img of=/dev/daX bs=1M status=progress conv=fsync && sync
sync sync
``` ```

12
FLASHING.md
View file

@ -68,7 +68,7 @@ Flash by streaming xz into `dd`:
```sh ```sh
set -o pipefail 2>/dev/null || true set -o pipefail 2>/dev/null || true
xz -dc clawdie-quindecim-0.11.0.img.xz | sudo dd of=/dev/sdX bs=4M status=progress conv=fsync xz -dc clawdie-quindecim-0.11.0.img.xz | dd of=/dev/sdX bs=4M status=progress conv=fsync && sync
sync sync
``` ```
@ -116,7 +116,7 @@ sudo umount /dev/daXs* 2>/dev/null
Flash by streaming xz into `dd`: Flash by streaming xz into `dd`:
```sh ```sh
xz -dc clawdie-quindecim-0.11.0.img.xz | sudo dd of=/dev/daX bs=1M status=progress conv=fsync xz -dc clawdie-quindecim-0.11.0.img.xz | dd of=/dev/daX bs=1M status=progress conv=fsync && sync
sync sync
``` ```
@ -152,14 +152,14 @@ For a local build artifact that already exists as a raw image:
### Linux ### Linux
```sh ```sh
sudo dd if=clawdie-quindecim-0.11.0.img of=/dev/sdX bs=4M status=progress conv=fsync dd if=clawdie-quindecim-0.11.0.img of=/dev/sdX bs=4M status=progress conv=fsync && sync
sync sync
``` ```
### FreeBSD ### FreeBSD
```sh ```sh
sudo dd if=clawdie-quindecim-0.11.0.img of=/dev/daX bs=1M status=progress conv=fsync dd if=clawdie-quindecim-0.11.0.img of=/dev/daX bs=1M status=progress conv=fsync && sync
sync sync
``` ```
@ -189,7 +189,7 @@ Then wipe only after confirming `/dev/sdX` is the USB stick:
```sh ```sh
sudo sgdisk --zap-all /dev/sdX sudo sgdisk --zap-all /dev/sdX
sudo dd if=/dev/zero of=/dev/sdX bs=16M status=progress conv=fsync dd if=/dev/zero of=/dev/sdX bs=16M status=progress conv=fsync
sync sync
``` ```
@ -205,7 +205,7 @@ Then wipe only after confirming `/dev/daX` is the USB stick:
```sh ```sh
sudo gpart destroy -F /dev/daX sudo gpart destroy -F /dev/daX
sudo dd if=/dev/zero of=/dev/daX bs=16M status=progress conv=fsync dd if=/dev/zero of=/dev/daX bs=16M status=progress conv=fsync
sync sync
``` ```

4
README.md
View file

@ -243,7 +243,7 @@ Linux:
```sh ```sh
sha256sum -c clawdie-quindecim-0.11.0.img.xz.sha256 sha256sum -c clawdie-quindecim-0.11.0.img.xz.sha256
set -o pipefail 2>/dev/null || true set -o pipefail 2>/dev/null || true
xz -dc clawdie-quindecim-0.11.0.img.xz | sudo dd of=/dev/sdX bs=4M status=progress conv=fsync xz -dc clawdie-quindecim-0.11.0.img.xz | dd of=/dev/sdX bs=4M status=progress conv=fsync && sync
sync sync
``` ```
@ -252,7 +252,7 @@ FreeBSD:
```sh ```sh
HASH=$(awk '{print $1}' clawdie-quindecim-0.11.0.img.xz.sha256) HASH=$(awk '{print $1}' clawdie-quindecim-0.11.0.img.xz.sha256)
sha256 -c "$HASH" clawdie-quindecim-0.11.0.img.xz sha256 -c "$HASH" clawdie-quindecim-0.11.0.img.xz
xz -dc clawdie-quindecim-0.11.0.img.xz | sudo dd of=/dev/daX bs=1M status=progress conv=fsync xz -dc clawdie-quindecim-0.11.0.img.xz | dd of=/dev/daX bs=1M status=progress conv=fsync && sync
sync sync
``` ```

4
TESTING.md
View file

@ -418,7 +418,7 @@ If you see stale labels such as `nomadbsd_zroot`, wipe the whole stick first:
```sh ```sh
sudo umount /dev/sdX* 2>/dev/null || true sudo umount /dev/sdX* 2>/dev/null || true
sudo sgdisk --zap-all /dev/sdX sudo sgdisk --zap-all /dev/sdX
sudo dd if=/dev/zero of=/dev/sdX bs=16M status=progress conv=fsync dd if=/dev/zero of=/dev/sdX bs=16M status=progress conv=fsync
``` ```
### Flash the image ### Flash the image
@ -433,7 +433,7 @@ curl -fL --retry 5 --retry-delay 5 -O \
https://osa.smilepowered.org/downloads/iso/clawdie-quindecim-0.11.0.img.xz.sha256 https://osa.smilepowered.org/downloads/iso/clawdie-quindecim-0.11.0.img.xz.sha256
sha256sum -c clawdie-quindecim-0.11.0.img.xz.sha256 sha256sum -c clawdie-quindecim-0.11.0.img.xz.sha256
set -o pipefail 2>/dev/null || true set -o pipefail 2>/dev/null || true
xz -dc clawdie-quindecim-0.11.0.img.xz | sudo dd of=/dev/sdX bs=4M status=progress conv=fsync xz -dc clawdie-quindecim-0.11.0.img.xz | dd of=/dev/sdX bs=4M status=progress conv=fsync && sync
sync sync
``` ```

65
build.sh
View file

@ -864,12 +864,74 @@ install_live_runtime_packages() {
exit 1 exit 1
fi fi
# Lock the repacked networkmgr package so pkg upgrade doesn't replace it
# with the upstream version that depends on sudo. The ISO uses mdo/mac_do
# instead of sudo; see override_networkmgr_package() above.
if ! chroot "${MOUNT_POINT}" /usr/local/sbin/pkg lock -y networkmgr; then
[ "$_mounted_procfs" -eq 1 ] && umount "${MOUNT_POINT}/proc" 2>/dev/null || true
[ "$_mounted_devfs" -eq 1 ] && umount "${MOUNT_POINT}/dev" 2>/dev/null || true
echo "ERROR: failed to lock networkmgr package on live image"
exit 1
fi
refresh_live_desktop_caches refresh_live_desktop_caches
[ "$_mounted_procfs" -eq 1 ] && umount "${MOUNT_POINT}/proc" 2>/dev/null || true [ "$_mounted_procfs" -eq 1 ] && umount "${MOUNT_POINT}/proc" 2>/dev/null || true
[ "$_mounted_devfs" -eq 1 ] && umount "${MOUNT_POINT}/dev" 2>/dev/null || true [ "$_mounted_devfs" -eq 1 ] && umount "${MOUNT_POINT}/dev" 2>/dev/null || true
} }
install_firefox_extensions() {
# Pre-stage uBlock Origin and Bitwarden, and apply enterprise policies
# (no default-browser check — Firefox is the only browser on the USB).
local _ff_dist="${MOUNT_POINT}/usr/local/lib/firefox/distribution"
local _ext_dir="${_ff_dist}/extensions"
local _policies="${_ff_dist}/policies.json"
echo " Configuring Firefox..."
mkdir -p "${_ext_dir}" || {
echo "ERROR: failed to create Firefox distribution directory"
exit 1
}
# Disable "make default browser" popup — Firefox is the only browser.
cat > "${_policies}" <<'POLICIES'
{
"policies": {
"DontCheckDefaultBrowser": true
}
}
POLICIES
chmod 0644 "${_policies}"
# Download a Firefox extension XPI if not already cached.
# Usage: _fetch_xpi <slug> <extension-id> <label>
_fetch_xpi() {
local _slug="$1" _id="$2" _label="$3"
local _xpi="${_ext_dir}/${_id}.xpi"
local _url="https://addons.mozilla.org/firefox/downloads/latest/${_slug}/latest.xpi"
if [ -f "${_xpi}" ]; then
echo " ${_label} XPI already cached, skipping download"
return 0
fi
echo " Downloading ${_label}..."
/usr/bin/fetch -o "${_xpi}" "${_url}" || {
echo "ERROR: failed to download ${_label} XPI"
exit 1
}
}
_fetch_xpi "ublock-origin" "uBlock0@raymondhill.net" "uBlock Origin"
_fetch_xpi "sponsorblock" "sponsorBlocker@ajay.app" "SponsorBlock"
_fetch_xpi "istilldontcareaboutcookies" "idcac-pub@guus.ninja" "I still don't care about cookies"
_fetch_xpi "bitwarden-password-manager" "{446900e4-71c2-419f-a6a7-df9c091e268b}" "Bitwarden"
chmod 0755 "${_ext_dir}"
echo " Firefox extensions staged — auto-installed on first launch"
}
install_colibri_service() { install_colibri_service() {
[ "${FEATURE_COLIBRI:-NO}" = "YES" ] || { [ "${FEATURE_COLIBRI:-NO}" = "YES" ] || {
echo " Colibri service staging disabled (FEATURE_COLIBRI=${FEATURE_COLIBRI:-NO})" echo " Colibri service staging disabled (FEATURE_COLIBRI=${FEATURE_COLIBRI:-NO})"
@ -2413,6 +2475,7 @@ mkdir -p "$USB_SHARE"
rm -f "${MOUNT_POINT}/etc/installerconfig" rm -f "${MOUNT_POINT}/etc/installerconfig"
install_live_runtime_packages install_live_runtime_packages
install_firefox_extensions
configure_live_operator_session configure_live_operator_session
install_colibri_service install_colibri_service
install_zot_agent install_zot_agent
@ -2527,4 +2590,4 @@ echo " Image size : ${IMAGE_LOGICAL_SIZE}"
echo " Allocated : ${IMAGE_ALLOCATED_SIZE} (sparse on build host)" echo " Allocated : ${IMAGE_ALLOCATED_SIZE} (sparse on build host)"
echo "" echo ""
echo " Write to USB:" echo " Write to USB:"
echo " dd if=${OUTPUT_IMAGE} of=/dev/daX bs=1M status=progress" echo " dd if=${OUTPUT_IMAGE} of=/dev/daX bs=1M status=progress conv=fsync && sync"

4
live/operator-session/panel-skel/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-panel.xml
View file

@ -35,8 +35,8 @@
<value type="int" value="5"/> <value type="int" value="5"/>
<value type="int" value="6"/> <value type="int" value="6"/>
<value type="int" value="7"/> <value type="int" value="7"/>
<value type="int" value="8"/>
<value type="int" value="9"/> <value type="int" value="9"/>
<value type="int" value="8"/>
<value type="int" value="10"/> <value type="int" value="10"/>
<value type="int" value="12"/> <value type="int" value="12"/>
</property> </property>
@ -96,7 +96,7 @@
<property name="plugin-10" type="string" value="xkb"> <property name="plugin-10" type="string" value="xkb">
<property name="display-type" type="uint" value="0"/> <property name="display-type" type="uint" value="0"/>
<property name="display-name" type="uint" value="0"/> <property name="display-name" type="uint" value="0"/>
<property name="display-scale" type="uint" value="60"/> <property name="display-scale" type="uint" value="50"/>
<property name="group-policy" type="uint" value="0"/> <property name="group-policy" type="uint" value="0"/>
</property> </property>
<property name="plugin-12" type="string" value="clock"> <property name="plugin-12" type="string" value="clock">

2
skills/iso-flash-verify/SKILL.md
View file

@ -95,7 +95,7 @@ whole-disk path with the operator before writing.
Example for Linux, replacing `/dev/sdX` with the confirmed whole disk: Example for Linux, replacing `/dev/sdX` with the confirmed whole disk:
```sh ```sh
xz -dc tmp/flash-downloads/<image>.img.xz | sudo dd of=/dev/sdX bs=4M status=progress conv=fsync xz -dc tmp/flash-downloads/<image>.img.xz | dd of=/dev/sdX bs=4M status=progress conv=fsync && sync
sync sync
``` ```