62 lines
2.2 KiB
Text
62 lines
2.2 KiB
Text
CLAWDIE LIVE USB — SEED PARTITION
|
|
=================================
|
|
|
|
This FAT32 partition lets you customize the live USB BEFORE flashing.
|
|
On every boot, /usr/local/etc/rc.d/clawdie_live_seed imports a small,
|
|
allowlisted set of files from this partition. Editing a file and
|
|
rebooting re-applies it — the importer is idempotent.
|
|
|
|
USAGE FROM LINUX
|
|
----------------
|
|
|
|
1. Flash the image to USB with dd (or write the .img directly).
|
|
2. Mount the CLAWDIESEED partition (typically the third partition on the
|
|
stick, e.g. /dev/sdX3):
|
|
|
|
sudo mount -t vfat /dev/sdX3 /mnt/clawdie-seed
|
|
|
|
3. Drop seed files (see ALLOWLIST below).
|
|
4. Unmount and boot the USB:
|
|
|
|
sync
|
|
sudo umount /mnt/clawdie-seed
|
|
|
|
ALLOWLIST — files honored by the importer
|
|
-----------------------------------------
|
|
|
|
/authorized_keys Public SSH keys for the operator account.
|
|
Installed to ~clawdie/.ssh/authorized_keys
|
|
(mode 0600, owner clawdie:clawdie). CRLF
|
|
line endings are stripped automatically.
|
|
|
|
/ssh/authorized_keys Same as above, in a nested ssh/ namespace.
|
|
Takes precedence over /authorized_keys.
|
|
|
|
Anything else on this partition is IGNORED on purpose. The importer logs
|
|
to /var/log/clawdie-live-seed.log on the live system.
|
|
|
|
PLANNED (not yet active)
|
|
------------------------
|
|
|
|
These paths are reserved for future work; do not rely on them yet:
|
|
|
|
/hostname Override the live hostname (default: clawdie-live).
|
|
/tailscale-authkey One-shot Tailscale auth key for headless bring-up.
|
|
/wifi.env WiFi SSID + PSK for first-boot wpa_supplicant.
|
|
|
|
SECURITY NOTES
|
|
--------------
|
|
|
|
- This is FAT32 — any user with physical access can read and write it.
|
|
- Public SSH keys are not secret; this is the right place for them.
|
|
- Do NOT put private keys, long-lived API tokens, or passwords here.
|
|
A future encrypted-seed format is the right home for that.
|
|
- The importer runs at every boot. Removing a file from the seed and
|
|
rebooting does NOT remove the previously-installed copy from the
|
|
live system; re-flash the image to wipe state.
|
|
|
|
CONTACT
|
|
-------
|
|
|
|
clawdie.si — repository: clawdie-iso, file:
|
|
live/operator-session/clawdie-live-seed
|