diff --git a/docs/LIVE-COLIBRI-REBUILD.md b/docs/LIVE-COLIBRI-REBUILD.md index d91f2a7d..b6da912c 100644 --- a/docs/LIVE-COLIBRI-REBUILD.md +++ b/docs/LIVE-COLIBRI-REBUILD.md @@ -132,9 +132,8 @@ mdo -u root service colibri_daemon start ``` `service colibri_daemon start` should return to the shell after a few seconds. If -it stays in the foreground, check that the rc.d script uses -`colibri_daemon_binary`, not `colibri_daemon_program`, and that `command=` is -`/usr/sbin/daemon`. +it does not, stop the command, collect the service file and daemon log, and hand +those back through git before continuing. ## Validate runtime @@ -197,15 +196,16 @@ mdo -u root service colibri_daemon restart Sanity checks: ```sh -grep -n 'colibri_daemon_program\|colibri_daemon_binary\|^command=\|^command_args=' /usr/local/etc/rc.d/colibri_daemon +sh -n /usr/local/etc/rc.d/colibri_daemon +service colibri_daemon status +colibri status ``` Expected: -- `colibri_daemon_binary` exists. -- `command="/usr/sbin/daemon"` exists. -- no `colibri_daemon_program` remains. -- no `-u ${colibri_daemon_user}` remains in `command_args`. +- the rc.d script has valid shell syntax. +- `service colibri_daemon start` returns to the shell. +- `colibri status` can connect to `/var/run/colibri/colibri.sock`. ## Future ISO improvement diff --git a/scripts/stage-colibri-iso.sh b/scripts/stage-colibri-iso.sh index 11abd799..7d258122 100755 --- a/scripts/stage-colibri-iso.sh +++ b/scripts/stage-colibri-iso.sh @@ -71,51 +71,19 @@ install -m 0555 "${RC_SOURCE}" "${RC_DIR}/colibri_daemon" install -m 0644 "${NEWSYSLOG_SOURCE}" "${NEWSYSLOG_DIR}/colibri.conf" if ! grep -q '^command="/usr/sbin/daemon"' "${RC_DIR}/colibri_daemon" || \ - ! grep -Eq -- '-o .*colibri_daemon_(program|binary)' "${RC_DIR}/colibri_daemon"; then - echo "ERROR: staged colibri_daemon rc.d script does not supervise colibri-daemon with daemon(8)" >&2 - echo " Update COLIBRI_REPO (${COLIBRI_REPO}) before building; the live USB must not block boot in rc.d." >&2 + ! grep -q -- '-o .*colibri_daemon_binary' "${RC_DIR}/colibri_daemon" || \ + ! grep -q 'rm -f "${colibri_daemon_socket}" "${pidfile}" "${supervisor_pidfile}"' "${RC_DIR}/colibri_daemon" || \ + ! grep -q 'chmod 644 "${pidfile}"' "${RC_DIR}/colibri_daemon" || \ + ! grep -q 'chmod 660 "${colibri_daemon_socket}"' "${RC_DIR}/colibri_daemon"; then + echo "ERROR: staged colibri_daemon rc.d script is missing required live USB supervision hooks" >&2 + echo " Update COLIBRI_REPO (${COLIBRI_REPO}) before building." >&2 exit 66 fi -# Fix procname: the upstream procname="/usr/sbin/daemon" doesn't match -# daemon(8)'s process title ("daemon: name[pid] (daemon)"). Match the -# first word instead. Since check_pidfile uses the pidfile (PID-scoped), -# there's no collision with other daemon(8) instances. -sed -i '' 's/^procname="\/usr\/sbin\/daemon"$/procname="daemon:"/' \ - "${RC_DIR}/colibri_daemon" - -# Fix ${name}_program override: rc.subr line 1120 silently replaces -# command= with ${name}_program if set, so colibri_daemon_program= -# overrode command="/usr/sbin/daemon" — daemon(8) was never invoked. -# Rename the variable so rc.subr leaves command= alone. Newer Colibri sources -# may already use colibri_daemon_binary; this replacement is intentionally -# harmless when there is no old variable left. -sed -i '' 's/colibri_daemon_program/colibri_daemon_binary/g' \ - "${RC_DIR}/colibri_daemon" - -# Remove -u from daemon(8) args: rc.subr already runs as colibri via su, -# so daemon(8)'s own privilege drop double-drops and fails with -# "failed to set user environment". -sed -i '' 's/ -u \${colibri_daemon_user} //' \ - "${RC_DIR}/colibri_daemon" - -# Fix pidfile permissions: daemon(8) -P creates the pidfile as 0600 -# owned by the target user, which blocks non-root users (clawdie) from -# running 'service colibri_daemon status'. Chmod in poststart. -# Use awk instead of sed append syntax: BSD sed's multi-line append form is -# easy to get wrong and can corrupt the rc.d script by appending to every line. -# Newer Colibri sources may already carry these chmods; do not duplicate them. -if ! grep -q 'chmod 644 "${pidfile}"' "${RC_DIR}/colibri_daemon"; then - _rc_tmp="${RC_DIR}/colibri_daemon.tmp" - awk ' - { print } - /socket ready/ { - print " chmod 644 \"${pidfile}\" 2>/dev/null || true" - print " chmod 660 \"${colibri_daemon_socket}\" 2>/dev/null || true" - } - ' "${RC_DIR}/colibri_daemon" > "${_rc_tmp}" - mv "${_rc_tmp}" "${RC_DIR}/colibri_daemon" - chmod 0555 "${RC_DIR}/colibri_daemon" +if grep -q -- '-u \${colibri_daemon_user}' "${RC_DIR}/colibri_daemon"; then + echo "ERROR: staged colibri_daemon rc.d script has unsupported live USB command wiring" >&2 + echo " Update COLIBRI_REPO (${COLIBRI_REPO}) before building." >&2 + exit 66 fi # Add DeepSeek API key and cache warming to daemon environment.