clawdie/clawdie-iso
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
clawdie-iso/live/operator-session
History
Sam & Claude 0cd59efa6d feat(firstboot): force root + operator password on first boot (console gate) 
Adds clawdie_firstboot_rootpw, an rc.d gate ordered BEFORE sddm and
colibri_daemon. On the text console (operator present at first boot) it runs a
15s countdown to engage; if engaged it forces a root AND operator (clawdie)
password, echo-off, applied via 'pw usermod -h 0' over stdin (secret never in
argv/ps, never near the agent). Idempotent via a persistent success marker
/var/db/colibri/.secured (/var persists: varmfs=NO). Skipping leaves the node
open and re-prompts next boot — never bricks an unattended/headless boot.

Running before the daemon means the security decision is always made before any
agent can autospawn/node_register, so no cross-component interlock is needed
(rc ordering replaces it). The .secured marker is also the signal a future
colibri change can read to label an unsecured node to mother.

Tests: tests/firstboot-rootpw-test.sh proves marker skip, password validation,
and that the secret is delivered on stdin and NEVER appears in argv (10/10).

Console interactivity (read -t countdown, stty echo-off on /dev/console) must be
verified by booting on osa/bhyve before merge.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-25 05:54:13 +02:00
..
autostart Fix XFCE tray volume and clock sizing (Sam & Codex) 2026-06-05 11:47:45 +02:00
icons xfce: geodesic 2V logo for Start button 2026-06-23 12:48:17 +02:00
mcp-examples docs: add external MCP profile examples to ISO (Sam & Codex) 2026-06-13 19:54:17 +02:00
panel-skel xfce: reduce language widget scale to 50%, reorder panel tray 2026-06-23 07:02:03 +02:00
wallpapers xfce: 4K 6V geodesic dome farm wallpapers (AI-generated) 2026-06-23 13:04:35 +02:00
xorg.conf.d Merge xfce-operator-usb: Track F Colibri, DeepSeek smoke, LLM provider harness 2026-06-04 20:04:23 +02:00
49-clawdie-power.rules Merge xfce-operator-usb: Track F Colibri, DeepSeek smoke, LLM provider harness 2026-06-04 20:04:23 +02:00
bootstrap.html docs: document Python 3.11/3.12 coexistence with FreeBSD defaults 2026-06-21 09:36:28 +02:00
clawdie-bootstrap-launch.sh fix(xfce): replace noisy autostart with start-here note (Sam & Codex) 2026-06-20 08:24:18 +02:00
clawdie-bootstrap.desktop fix(xfce): replace noisy autostart with start-here note (Sam & Codex) 2026-06-20 08:24:18 +02:00
clawdie-enable-mother.desktop feat(iso): wire Colibri OOTB defaults + opt-in Mother MCP link 2026-06-21 18:53:41 +02:00
clawdie-enable-mother.sh feat(enable-mother): publish colibri pubkey to Vaultwarden for hive auth 2026-06-21 20:18:27 +02:00
clawdie-firstboot-rootpw feat(firstboot): force root + operator password on first boot (console gate) 2026-06-25 05:54:13 +02:00
clawdie-hw-probe 0.12.0: hw-probe + model fixes + mother MCP infra 2026-06-23 10:49:38 +02:00
clawdie-join-hive.desktop fix(desktop): match Exec path to installed binary (drop .sh suffix) 2026-06-20 11:40:55 +02:00
clawdie-join-hive.sh docs: harness-neutral cleanup + restore green markdown gate 2026-06-23 18:08:58 +02:00
clawdie-live-audio Merge xfce-operator-usb: AMD ASUS hardware lane + XFCE panel polish (Sam & Claude) 2026-06-04 20:04:23 +02:00
clawdie-live-gpu feat(gpu): universal NVIDIA lane — detect + install branch at boot (Sam & Claude) 2026-06-04 22:19:36 +02:00
clawdie-live-power docs(live-power): document C3 wake-safety invariant; tidy rcorder block 2026-06-20 17:22:28 +02:00
clawdie-live-resolver Merge xfce-operator-usb: AMD ASUS hardware lane + XFCE panel polish (Sam & Claude) 2026-06-04 20:04:23 +02:00
clawdie-live-seed fix(iso): remove real IPs from image, install mother key for daemon user, de-obfuscate docs 2026-06-24 11:19:21 +02:00
clawdie-live-seed.README.txt fix(iso): remove remaining real IPs, add -F robustness, prettier format, known_hosts note 2026-06-24 11:25:18 +02:00
clawdie-live-touchpad-guard Merge xfce-operator-usb: AMD ASUS hardware lane + XFCE panel polish (Sam & Claude) 2026-06-04 20:04:23 +02:00
clawdie-live-wifi Merge xfce-operator-usb: Track F Colibri, DeepSeek smoke, LLM provider harness 2026-06-04 20:04:23 +02:00
clawdie-noblank-guard.sh cleanup(tmp): remove Clawdie-owned host tmp paths (Sam & Pi) 2026-06-20 21:07:05 +02:00
clawdie-startx Merge xfce-operator-usb: Track F Colibri, DeepSeek smoke, LLM provider harness 2026-06-04 20:04:23 +02:00
clawdie-tailscale-up fix(tailscale): make vault auto-join work on the OOTB operator image 2026-06-21 21:48:14 +02:00
clawdie-vault-fetch cleanup(tmp): remove Clawdie-owned host tmp paths (Sam & Pi) 2026-06-20 21:07:05 +02:00
clawdie-wallpaper-gen.sh cleanup(tmp): remove Clawdie-owned host tmp paths (Sam & Pi) 2026-06-20 21:07:05 +02:00
clawdie-xfce-session Merge xfce-operator-usb: AMD ASUS hardware lane + XFCE panel polish (Sam & Claude) 2026-06-04 20:04:23 +02:00
clawdie-xfce-session-inner Merge pull request 'pi/main-live-boot-xfce-colibri-fixes' (#4) from pi/main-live-boot-xfce-colibri-fixes into main 2026-06-04 20:04:23 +02:00
clawdie-xfce.desktop Merge xfce-operator-usb: Track F Colibri, DeepSeek smoke, LLM provider harness 2026-06-04 20:04:23 +02:00
colibri-dashboard.desktop fix(xfce): replace noisy autostart with start-here note (Sam & Codex) 2026-06-20 08:24:18 +02:00
colibri-live-rebuild feat(colibri): gate test-agent staging by build mode (Sam & Pi) 2026-06-21 07:55:24 +02:00
colibri-panel-indicator.sh sync(visuals): hardened panel indicator + wallpaper on join from layered-soul 2026-06-20 12:16:11 +02:00
hw-report Merge pull request 'merge/all-three-fixes' (#11) from merge/all-three-fixes into main 2026-06-04 20:04:23 +02:00
pf-live.conf Merge xfce-operator-usb: Track F Colibri, DeepSeek smoke, LLM provider harness 2026-06-04 20:04:23 +02:00
sddm.conf Merge xfce-operator-usb: Track F Colibri, DeepSeek smoke, LLM provider harness 2026-06-04 20:04:23 +02:00
sshd-live.conf Merge xfce-operator-usb: Track F Colibri, DeepSeek smoke, LLM provider harness 2026-06-04 20:04:23 +02:00
START-HERE.txt docs(seed): document dual-purpose mother-mcp key for Forgejo + mother MCP 2026-06-23 11:36:10 +02:00
xprofile Merge xfce-operator-usb: Track F Colibri, DeepSeek smoke, LLM provider harness 2026-06-04 20:04:23 +02:00