docs: keep live rebuild lane action-focused (Sam & Codex)
Remove historical fix-it wording from the live rebuild runbook and make ISO staging validate the corrected Colibri rc.d contract directly instead of rewriting older variants.\n\nChecks: npx --yes prettier@3 --check docs/LIVE-COLIBRI-REBUILD.md; sh -n scripts/stage-colibri-iso.sh; fake Colibri staging + sh -n staged rc.d script; git diff --check.
This commit is contained in:
parent
54c92d5993
commit
e5aceb4756
2 changed files with 19 additions and 50 deletions
|
|
@ -132,9 +132,8 @@ mdo -u root service colibri_daemon start
|
|||
```
|
||||
|
||||
`service colibri_daemon start` should return to the shell after a few seconds. If
|
||||
it stays in the foreground, check that the rc.d script uses
|
||||
`colibri_daemon_binary`, not `colibri_daemon_program`, and that `command=` is
|
||||
`/usr/sbin/daemon`.
|
||||
it does not, stop the command, collect the service file and daemon log, and hand
|
||||
those back through git before continuing.
|
||||
|
||||
## Validate runtime
|
||||
|
||||
|
|
@ -197,15 +196,16 @@ mdo -u root service colibri_daemon restart
|
|||
Sanity checks:
|
||||
|
||||
```sh
|
||||
grep -n 'colibri_daemon_program\|colibri_daemon_binary\|^command=\|^command_args=' /usr/local/etc/rc.d/colibri_daemon
|
||||
sh -n /usr/local/etc/rc.d/colibri_daemon
|
||||
service colibri_daemon status
|
||||
colibri status
|
||||
```
|
||||
|
||||
Expected:
|
||||
|
||||
- `colibri_daemon_binary` exists.
|
||||
- `command="/usr/sbin/daemon"` exists.
|
||||
- no `colibri_daemon_program` remains.
|
||||
- no `-u ${colibri_daemon_user}` remains in `command_args`.
|
||||
- the rc.d script has valid shell syntax.
|
||||
- `service colibri_daemon start` returns to the shell.
|
||||
- `colibri status` can connect to `/var/run/colibri/colibri.sock`.
|
||||
|
||||
## Future ISO improvement
|
||||
|
||||
|
|
|
|||
|
|
@ -71,51 +71,20 @@ install -m 0555 "${RC_SOURCE}" "${RC_DIR}/colibri_daemon"
|
|||
install -m 0644 "${NEWSYSLOG_SOURCE}" "${NEWSYSLOG_DIR}/colibri.conf"
|
||||
|
||||
if ! grep -q '^command="/usr/sbin/daemon"' "${RC_DIR}/colibri_daemon" || \
|
||||
! grep -Eq -- '-o .*colibri_daemon_(program|binary)' "${RC_DIR}/colibri_daemon"; then
|
||||
echo "ERROR: staged colibri_daemon rc.d script does not supervise colibri-daemon with daemon(8)" >&2
|
||||
echo " Update COLIBRI_REPO (${COLIBRI_REPO}) before building; the live USB must not block boot in rc.d." >&2
|
||||
! grep -q -- '-o .*colibri_daemon_binary' "${RC_DIR}/colibri_daemon" || \
|
||||
! grep -q 'rm -f "${colibri_daemon_socket}" "${pidfile}" "${supervisor_pidfile}"' "${RC_DIR}/colibri_daemon" || \
|
||||
! grep -q 'chmod 644 "${pidfile}"' "${RC_DIR}/colibri_daemon" || \
|
||||
! grep -q 'chmod 660 "${colibri_daemon_socket}"' "${RC_DIR}/colibri_daemon"; then
|
||||
echo "ERROR: staged colibri_daemon rc.d script is missing required live USB supervision hooks" >&2
|
||||
echo " Update COLIBRI_REPO (${COLIBRI_REPO}) before building." >&2
|
||||
exit 66
|
||||
fi
|
||||
|
||||
# Fix procname: the upstream procname="/usr/sbin/daemon" doesn't match
|
||||
# daemon(8)'s process title ("daemon: name[pid] (daemon)"). Match the
|
||||
# first word instead. Since check_pidfile uses the pidfile (PID-scoped),
|
||||
# there's no collision with other daemon(8) instances.
|
||||
sed -i '' 's/^procname="\/usr\/sbin\/daemon"$/procname="daemon:"/' \
|
||||
"${RC_DIR}/colibri_daemon"
|
||||
|
||||
# Fix ${name}_program override: rc.subr line 1120 silently replaces
|
||||
# command= with ${name}_program if set, so colibri_daemon_program=
|
||||
# overrode command="/usr/sbin/daemon" — daemon(8) was never invoked.
|
||||
# Rename the variable so rc.subr leaves command= alone. Newer Colibri sources
|
||||
# may already use colibri_daemon_binary; this replacement is intentionally
|
||||
# harmless when there is no old variable left.
|
||||
sed -i '' 's/colibri_daemon_program/colibri_daemon_binary/g' \
|
||||
"${RC_DIR}/colibri_daemon"
|
||||
|
||||
# Remove -u from daemon(8) args: rc.subr already runs as colibri via su,
|
||||
# so daemon(8)'s own privilege drop double-drops and fails with
|
||||
# "failed to set user environment".
|
||||
sed -i '' 's/ -u \${colibri_daemon_user} //' \
|
||||
"${RC_DIR}/colibri_daemon"
|
||||
|
||||
# Fix pidfile permissions: daemon(8) -P creates the pidfile as 0600
|
||||
# owned by the target user, which blocks non-root users (clawdie) from
|
||||
# running 'service colibri_daemon status'. Chmod in poststart.
|
||||
# Use awk instead of sed append syntax: BSD sed's multi-line append form is
|
||||
# easy to get wrong and can corrupt the rc.d script by appending to every line.
|
||||
# Newer Colibri sources may already carry these chmods; do not duplicate them.
|
||||
if ! grep -q 'chmod 644 "${pidfile}"' "${RC_DIR}/colibri_daemon"; then
|
||||
_rc_tmp="${RC_DIR}/colibri_daemon.tmp"
|
||||
awk '
|
||||
{ print }
|
||||
/socket ready/ {
|
||||
print " chmod 644 \"${pidfile}\" 2>/dev/null || true"
|
||||
print " chmod 660 \"${colibri_daemon_socket}\" 2>/dev/null || true"
|
||||
}
|
||||
' "${RC_DIR}/colibri_daemon" > "${_rc_tmp}"
|
||||
mv "${_rc_tmp}" "${RC_DIR}/colibri_daemon"
|
||||
chmod 0555 "${RC_DIR}/colibri_daemon"
|
||||
if grep -q 'colibri_daemon_program' "${RC_DIR}/colibri_daemon" || \
|
||||
grep -q -- '-u \${colibri_daemon_user}' "${RC_DIR}/colibri_daemon"; then
|
||||
echo "ERROR: staged colibri_daemon rc.d script has unsupported live USB command wiring" >&2
|
||||
echo " Update COLIBRI_REPO (${COLIBRI_REPO}) before building." >&2
|
||||
exit 66
|
||||
fi
|
||||
|
||||
# Add DeepSeek API key and cache warming to daemon environment.
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue