First concrete step of the zot consolidation (colibri ADR). Opt-in FEATURE_ZOT
(default NO; Pi stays default during migration).
- build.cfg: FEATURE_ZOT, ZOT_VERSION (pinned v0.2.29), ZOT_REPO,
ZOT_ARTIFACT_DIR, ZOT_DEEPSEEK_KEY (optional bake).
- scripts/stage-zot-iso.sh: install the prebuilt zot binary -> /usr/local/bin/zot;
populate the operator's $ZOT_HOME (~/.local/state/zot) with auth.json
({"deepseek":{"api_key":...}}, 0600) when a key is given, else an
auth.json.sample template + README (telegram via `zot telegram-bot setup`).
- build.sh: status line, resolve_zot_paths, preflight_zot_artifacts (errors with
the GOOS=freebsd go-build hint — zot has no FreeBSD release), install_zot_agent
(+ chown operator state), wired into preflight + install sequences.
zot is built on the FreeBSD host from the pinned tag:
(cd $ZOT_REPO && git checkout v0.2.29 && GOOS=freebsd GOARCH=amd64 \
go build -trimpath -o bin/zot ./cmd/zot)
sh -n clean; staging smoke-tested (binary staged, auth.json 0600 valid).
Credentials use zot's own resolution (--api-key -> env -> auth.json), replacing
baked-into-binary keys. Default build unchanged (FEATURE_ZOT=NO).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
User-facing timestamps in run-bhyve-test.sh used the ambiguous numeric form
%Y-%m-%d. Switch to European display (date +%d.%b.%Y %H:%M:%S). Log filename
keeps sortable ISO 8601 basic (machine artifact, per the rule's internal-storage
exemption).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
bhyve-test.sh captures the guest serial console; this adds a QA gate over that
log so the harness can be used as a build gate (appliance runbook §3):
- CRITICAL (gate the exit): no kernel panic, no reboot loop, boot reached
login/sddm, and no "permission denied" (regression guard for the colibri
socket EACCES we just fixed).
- INFO (best-effort console markers): colibri socket ready, no store-open panic,
clawdie-live-gpu ran.
- Prints the deeper in-guest checklist (socket mode, glasspane query, GPU
branch) that lives in guest logs, not the console.
Exit is non-zero if the boot harness failed OR any critical assert failed.
Also pass-through args to bhyve-test.sh (ISO path / --name).
sh -n clean; gate logic unit-tested (clean boot → pass/exit0; panic+EACCES+no-login
→ fail). INFO/CRITICAL patterns should be confirmed against a real boot console
on first run.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Re-landed on current main (the earlier branch never merged — main moved under
it). Flip COLIBRI_DAEMON_ENABLE default NO -> YES now that live boot is proven
on AMD hardware. rc.d is REQUIRE: LOGIN, so it starts after login and cannot
block SDDM/XFCE. Still env-overridable. Pair with colibri socket-perms fix so
operators connect without EACCES. CLAWDIE_ENABLE left NO.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
build.cfg hard-set GPU_DRIVER="" , and build.sh sources build.cfg after the
environment is already set, so `env GPU_DRIVER=nvidia-590 ./build.sh` was
silently clobbered to "" (no NVIDIA branch baked). There is no --gpu-driver
flag in build.sh, so the environment is the only way to set it.
Use GPU_DRIVER="${GPU_DRIVER:-}" so an env value is honored; default stays "".
Verified: env nvidia-590 -> nvidia-590; no env -> "". Replaces the
detached-worktree workaround applied during the live build.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Opt-in NVIDIA_UNIVERSAL lane (default NO; normal/single-branch builds unchanged):
one ISO that adapts to an unknown NVIDIA target.
- build.cfg: NVIDIA_UNIVERSAL flag.
- build.sh: install_nvidia_universal_repo() stages an on-image pkg repo with all
three branches (390/470/580 + settings), pkg-repo metadata, and a file:// repo
conf; universal mode bakes no branch and sets clawdie_live_gpu_mode=nvidia-auto.
- clawdie_live_gpu: nvidia-auto mode detects the device id (PR #30 fix) -> branch
{390,470,590} -> pkg-name -> `pkg install -r clawdie-nvidia` -> kldload, all
best-effort with fallback to integrated/scfb (never blocks boot).
- doc/NVIDIA-UNIVERSAL-HANDOFF.md: Codex FreeBSD build + hardware validation plan.
sh -n clean; detector+branch+pkg map unit-tested on Linux
(1c8c->590->nvidia-driver-580, 0fc8->470, 0e22->390). The pkg fetch/repo layout,
offline boot install, writable root, kernel ABI, and image size MUST be validated
on the FreeBSD build host + real NVIDIA hardware (see handoff).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The #29 detector grepped `chip=0x10de...`, but FreeBSD's chip field is
chip=0x<device><vendor> with vendor 0x10de in the LOW 16 bits — so it never
matched and the device id / recommended-branch logic was dead.
- nvidia_device_id: match `chip=0x<4hex>10de` and strip to the device id
(chip=0x1c8c10de -> 1c8c).
- nvidia_branch_for_device: non-overlapping architecture ranges returning the
build's lane labels {390,470,590} so detected vs staged compare correctly;
empty/unknown -> 590 (safe default for modern unknown hardware).
Validated on Linux against representative ids: Fermi 0e22->390, Kepler 0fc8->470,
Maxwell 1380 / Pascal 1b81 / Turing 1c8c / Ada 2684 ->590, empty->590. sh -n clean.
This is the detection brain for the universal NVIDIA auto-install lane; the
on-image NVIDIA repo + boot-time install is the FreeBSD build-side work (handoff).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
