From 04fe51981435fe88ec8f6585c53ef21ba8ff9e62 Mon Sep 17 00:00:00 2001 From: Sam & Claude Date: Sun, 14 Jun 2026 21:45:08 +0200 Subject: [PATCH] fix(iso): avoid corrupting staged colibri rc script (Sam & Codex) Replace fragile BSD sed append usage with awk when adding poststart chmods to the staged colibri_daemon rc.d script. The previous sed form appended the socket chmod after every line, corrupting the live USB service script.\n\nChecks: sh -n scripts/stage-colibri-iso.sh; fake COLIBRI_ARTIFACT_DIR staging; sh -n staged usr/local/etc/rc.d/colibri_daemon; git diff --check. --- scripts/stage-colibri-iso.sh | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/scripts/stage-colibri-iso.sh b/scripts/stage-colibri-iso.sh index 10fce5ba..74b77965 100755 --- a/scripts/stage-colibri-iso.sh +++ b/scripts/stage-colibri-iso.sh @@ -100,11 +100,18 @@ sed -i '' 's/ -u \${colibri_daemon_user} //' \ # Fix pidfile permissions: daemon(8) -P creates the pidfile as 0600 # owned by the target user, which blocks non-root users (clawdie) from # running 'service colibri_daemon status'. Chmod in poststart. -sed -i '' '/socket ready/a\ - chmod 644 "${pidfile}" 2>/dev/null || true -a\ - chmod 660 "${colibri_daemon_socket}" 2>/dev/null || true' \ - "${RC_DIR}/colibri_daemon" +# Use awk instead of sed append syntax: BSD sed's multi-line append form is +# easy to get wrong and can corrupt the rc.d script by appending to every line. +_rc_tmp="${RC_DIR}/colibri_daemon.tmp" +awk ' + { print } + /socket ready/ { + print " chmod 644 \"${pidfile}\" 2>/dev/null || true" + print " chmod 660 \"${colibri_daemon_socket}\" 2>/dev/null || true" + } +' "${RC_DIR}/colibri_daemon" > "${_rc_tmp}" +mv "${_rc_tmp}" "${RC_DIR}/colibri_daemon" +chmod 0555 "${RC_DIR}/colibri_daemon" # Add DeepSeek API key and cache warming to daemon environment. # These are injected into the rc.d prestart so the daemon picks them up -- 2.45.3