clawdie/clawdie-iso
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
clawdie-iso/skills/iso-flash-verify/SKILL.md
Sam & Claude bb5460427d docs: drop sudo from flash commands, append sync 
All decompress-and-write one-liners now share the same form:
  xz -dc ...img.xz | of=/dev/sdX bs=4M status=progress conv=fsync && sync

- sudo removed (operator runs as root on USB stick)
- && sync appended to all image-write commands
- /dev/zero wipe commands unchanged
- build.sh echo updated to match
2026-06-23 06:41:58 +02:00

2.8 KiB
Raw Blame History

name description
iso-flash-verify Verify a published Clawdie operator USB artifact manifest, download and checksum the image, confirm the whole-disk USB target, flash it, and emit a Colibri flash manifest.

iso-flash-verify

Use this skill for the Hermes USB/IMG Deployer lane. It consumes a published clawdie.iso.publish.v1 manifest and produces a clawdie.iso.flash.v1 manifest. Do not run it from this ISO developer host unless the operator explicitly reassigns flashing.

Safety rules

  • Never flash from terminal scrollback alone; start from a manifest URL or path.
  • Verify the SHA256 and run xz -t before writing bytes.
  • Flash only a whole disk such as /dev/sdX or /dev/daX, never a partition such as /dev/sdX1.
  • Record the selected device model, serial, and size before flashing.
  • Abort if the target is smaller than the raw image size in the manifest.

Manifest output

Write the result to:

tmp/colibri/iso-flash/<run_id>.json
tmp/colibri/iso-flash/latest.json

Schema: clawdie.iso.flash.v1. See docs/ISO-MANIFESTS.md.

1. Select the publish manifest

Set one of these:

MANIFEST_URL="https://osa.smilepowered.org/downloads/iso/<image>.manifest.json"

or:

MANIFEST_PATH="tmp/output/<image>.manifest.json"

2. Download artifacts

For a URL-based handoff:

mkdir -p tmp/flash-downloads
curl -fL -o tmp/flash-downloads/publish.manifest.json "$MANIFEST_URL"

Read the manifest and download the image_url and sha256_url it names. If jq is available:

IMAGE_URL="$(jq -r .image_url tmp/flash-downloads/publish.manifest.json)"
SHA_URL="$(jq -r .sha256_url tmp/flash-downloads/publish.manifest.json)"
curl -fL -O --output-dir tmp/flash-downloads "$IMAGE_URL"
curl -fL -O --output-dir tmp/flash-downloads "$SHA_URL"

3. Verify checksum and xz integrity

cd tmp/flash-downloads
sha256sum -c "$(basename "$SHA_URL")"
xz -t "$(basename "$IMAGE_URL")"
cd -

If the checksum file is in FreeBSD sha256(1) format, compare manually:

sha256sum tmp/flash-downloads/*.img.xz
cat tmp/flash-downloads/*.img.xz.sha256

4. Identify the whole-disk target

On Linux:

lsblk -o NAME,TYPE,SIZE,MODEL,SERIAL,TRAN,RM,MOUNTPOINTS

Unmount any mounted partitions from the selected removable disk. Confirm the whole-disk path with the operator before writing.

5. Flash

Example for Linux, replacing /dev/sdX with the confirmed whole disk:

xz -dc tmp/flash-downloads/<image>.img.xz | dd of=/dev/sdX bs=4M status=progress conv=fsync && sync
sync

6. Emit flash manifest

Record pass/fail checks, the artifact URLs, selected target disk facts, flash command summary, and completion time in clawdie.iso.flash.v1. Print the manifest path and a one-line summary for Colibri ingestion.