clawdie/clawdie-iso
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(firstboot): run the password gate before the GPU/KMS switch

Browse source 
Reorder the gate to REQUIRE: FILESYSTEMS devfs / BEFORE: clawdie_live_gpu LOGIN
so it runs on the plain early boot text console, before clawdie_live_gpu does its
KMS/framebuffer mode-switch. That removes the console-flush race entirely, so the
sleep 1 + screen-clear workaround is gone. Still before LOGIN, hence before sddm
and colibri_daemon (race-free property preserved).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Sam & Claude 2026-06-25 05:59:05 +02:00
parent 0cd59efa6d
commit 70731cddda
1 changed files with 11 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
live/operator-session/clawdie-firstboot-rootpw
View file

@ -24,9 +24,14 @@
# countdown lives only in _start and is not exercised by the logic test.
# PROVIDE: clawdie_firstboot_rootpw
# REQUIRE: clawdie_live_gpu FILESYSTEMS
# BEFORE: sddm colibri_daemon
# REQUIRE: FILESYSTEMS devfs
# BEFORE: clawdie_live_gpu LOGIN
# KEYWORD: nojail
#
# Ordering: runs on the plain early boot text console, BEFORE clawdie_live_gpu
# does its KMS/framebuffer mode-switch (so there is no console-flush race) and
# BEFORE LOGIN (so before sddm and before colibri_daemon, which REQUIRE LOGIN).
# Needs only FILESYSTEMS + devfs (console, /etc/master.passwd, /var marker, pw).
if [ -r /etc/rc.subr ]; then
. /etc/rc.subr
@ -103,15 +108,12 @@ _rootpw_prompt_and_set() {
clawdie_firstboot_rootpw_start() {
_rootpw_secured && return 0
# Talk to the operator on the system console.
# Talk to the operator on the system console. We run before the GPU/KMS
# mode-switch, so this is the stable early text console — no settle/clear
# workaround needed.
exec < "${ROOTPW_CONSOLE}" > "${ROOTPW_CONSOLE}" 2>&1
# vt(4)/framebuffer may not have flushed right after the GPU rc script;
# settle and clear (terminfo-free) so the prompt is actually visible.
sleep 1
printf '\033[H\033[2J'
printf '================ FIRST BOOT — SECURE THIS NODE ================\n\n'
printf '\n================ FIRST BOOT — SECURE THIS NODE ================\n\n'
printf ' This stick boots with NO root password. Set one now.\n'
printf ' WRITE BOTH PASSWORDS ON PAPER — there is no recovery.\n\n'
printf ' Press ENTER within %ss to set passwords' "${ROOTPW_COUNTDOWN}"