clawdie-iso

History

Sam & Claude 73b603d995 feat(firstboot): opt-in require-secured knob + 'will not' skip message clawdie-iso half of the .secured interlock: - build.sh writes colibri_daemon_require_secured="YES" to the operator image's rc.conf. Opt-in so DEPLOYED colibri hosts (shared colibri_daemon.in via the FreeBSD port, no firstboot gate) are unaffected — they never set this knob. - gate skip message upgraded to 'agent will NOT start or register until secured'. Depends on the colibri-side consumer (colibri_daemon.in prestart): when colibri_daemon_require_secured is YES and /var/db/colibri/.secured is absent, export COLIBRI_AUTOSPAWN=NO (after the provider.env source block). Tracked as the colibri follow-up; both must ship in the same 0.12 image for the message to hold. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-25 06:16:34 +02:00
..
operator-session	feat(firstboot): opt-in require-secured knob + 'will not' skip message	2026-06-25 06:16:34 +02:00

Sam & Claude 73b603d995 feat(firstboot): opt-in require-secured knob + 'will not' skip message

clawdie-iso half of the .secured interlock:
- build.sh writes colibri_daemon_require_secured="YES" to the operator image's
  rc.conf. Opt-in so DEPLOYED colibri hosts (shared colibri_daemon.in via the
  FreeBSD port, no firstboot gate) are unaffected — they never set this knob.
- gate skip message upgraded to 'agent will NOT start or register until secured'.

Depends on the colibri-side consumer (colibri_daemon.in prestart): when
colibri_daemon_require_secured is YES and /var/db/colibri/.secured is absent,
export COLIBRI_AUTOSPAWN=NO (after the provider.env source block). Tracked as the
colibri follow-up; both must ship in the same 0.12 image for the message to hold.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

2026-06-25 06:16:34 +02:00

operator-session

feat(firstboot): opt-in require-secured knob + 'will not' skip message

2026-06-25 06:16:34 +02:00