From adb8cd17254d0b39e3939aec5f121f5e50da43a4 Mon Sep 17 00:00:00 2001 From: Sam & Claude Date: Thu, 25 Jun 2026 14:02:46 +0200 Subject: [PATCH] fix: atomic write of provider.env in enable-mother MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Step 4 of clawdie-enable-mother.sh rewrote provider.env in place with `cat "$tmp" >"$f"`, which truncates the live secrets file before streaming the new content. A crash, signal, disk-full, or concurrent read during that window leaves provider.env empty or partial — and the colibri_daemon prestart sources it for the provider key + BW_* creds. Switch to the write-temp-then-rename pattern already used for external-mcp.json in step 3: mktemp in provider.env's own directory (so the rename stays on one filesystem and is atomic), chmod 0600 before the swap, then mv. A reader now always sees a complete file, old or new. Also add jq to the disk-install extras so disk-deployed hosts can run the script post-deploy (step 3 hard-requires jq; the live image already ships it). Co-Authored-By: Claude Opus 4.8 --- live/operator-session/clawdie-enable-mother.sh | 7 +++---- packages/pkg-list-disk-install-extras.txt | 4 ++++ 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/live/operator-session/clawdie-enable-mother.sh b/live/operator-session/clawdie-enable-mother.sh index c653115a..9ff3e11a 100755 --- a/live/operator-session/clawdie-enable-mother.sh +++ b/live/operator-session/clawdie-enable-mother.sh @@ -145,12 +145,11 @@ echo "[4/5] Enabling external MCP calls..." mdo -u root sh -c ' set -eu f="$1" - tmp="$(mktemp)" + tmp="$(mktemp "$(dirname "$f")/.provider.env.XXXXXX")" grep -v "^COLIBRI_MCP_EXTERNAL_CALL=" "$f" >"$tmp" 2>/dev/null || : printf "COLIBRI_MCP_EXTERNAL_CALL=\"1\"\n" >>"$tmp" - cat "$tmp" >"$f" - rm -f "$tmp" - chmod 0600 "$f" + chmod 0600 "$tmp" + mv "$tmp" "$f" ' sh "$PROVIDER_ENV" # 5. Restart the daemon so the Pi inherits the new env + registry. diff --git a/packages/pkg-list-disk-install-extras.txt b/packages/pkg-list-disk-install-extras.txt index 67efa5da..323f7043 100644 --- a/packages/pkg-list-disk-install-extras.txt +++ b/packages/pkg-list-disk-install-extras.txt @@ -1,6 +1,10 @@ # Disk-install extras — fetched into the offline repository, not installed on the live USB. # TODO: Installed by disk-install path, not live USB. See FIRSTBOOT.md when disk install lands. # +# clawdie-enable-mother.sh uses jq to merge mother entries into external-mcp.json. +# Include it here so disk-installed hosts can run the script post-deploy. +jq +# # Two categories live here. They share the same code path (fetched to the # offline repo, not installed on live) but have different long-term homes: #