diff --git a/kickstart/veilor-os.ks b/kickstart/veilor-os.ks index 483ba05..581b4ab 100644 --- a/kickstart/veilor-os.ks +++ b/kickstart/veilor-os.ks @@ -182,7 +182,7 @@ cp -a "$SRC/scripts" "$DEST/usr/share/veilor-os/" || echo "[ERR] scripts cp fail ls -la "$DEST/usr/share/veilor-os/" 2>&1 || echo "[ERR] dest dir missing post-cp" # Force root ownership on everything we copied — `cp -a` preserves # CI runner uid (1001), which makes sudo refuse to read /etc/sudoers.d. -chown -R 0:0 "$DEST/etc" "$DEST/usr/share/veilor-os" "$DEST/usr/local/bin" "$DEST/usr/local/sbin" 2>&1 || echo "[WARN] chown failed" +chown -R 0:0 "$DEST/etc" "$DEST/usr/share/veilor-os" "$DEST/usr/local/bin" 2>&1 || echo "[WARN] chown failed" set +x # Persist nochroot log into installed system for diagnostics @@ -191,7 +191,7 @@ set +x date echo "SRC=$SRC DEST=$DEST" ls -la "$DEST/usr/share/veilor-os/" 2>&1 - ls -la "$DEST/usr/local/sbin/" 2>&1 + ls -la "$DEST/usr/local/bin/" 2>&1 } > "$DEST/var/log/veilor-nochroot.log" 2>&1 || true %end @@ -205,7 +205,7 @@ echo " veilor-os install — %post" echo "════════════════════════════════════════════════════════" REPO=/usr/share/veilor-os -chmod +x $REPO/scripts/*.sh $REPO/scripts/selinux/*.sh /usr/local/bin/veilor-power /usr/local/bin/veilor-update /usr/local/bin/veilor-doctor /usr/local/sbin/veilor-firstboot /usr/local/sbin/veilor-installer +chmod +x $REPO/scripts/*.sh $REPO/scripts/selinux/*.sh /usr/local/bin/veilor-power /usr/local/bin/veilor-update /usr/local/bin/veilor-doctor /usr/local/bin/veilor-firstboot /usr/local/bin/veilor-installer # Live image plumbing (matches upstream Fedora live ks). Without these the # squashfs/EFI build fails — livesys-scripts ships systemd units lorax expects. diff --git a/overlay/etc/systemd/system/getty@tty1.service.d/veilor-installer.conf b/overlay/etc/systemd/system/getty@tty1.service.d/veilor-installer.conf index a2735ee..df2fcca 100644 --- a/overlay/etc/systemd/system/getty@tty1.service.d/veilor-installer.conf +++ b/overlay/etc/systemd/system/getty@tty1.service.d/veilor-installer.conf @@ -3,7 +3,7 @@ # isn't copied into target system — see kickstart/install.ks). [Service] ExecStart= -ExecStart=-/usr/local/sbin/veilor-installer +ExecStart=-/usr/local/bin/veilor-installer StandardInput=tty StandardOutput=tty StandardError=tty diff --git a/overlay/etc/systemd/system/veilor-firstboot.service b/overlay/etc/systemd/system/veilor-firstboot.service index fb75342..9a8f27f 100644 --- a/overlay/etc/systemd/system/veilor-firstboot.service +++ b/overlay/etc/systemd/system/veilor-firstboot.service @@ -9,7 +9,7 @@ Conflicts=sddm.service [Service] Type=oneshot RemainAfterExit=no -ExecStart=/usr/local/sbin/veilor-firstboot +ExecStart=/usr/local/bin/veilor-firstboot StandardInput=tty StandardOutput=tty StandardError=tty diff --git a/overlay/usr/local/sbin/veilor-firstboot b/overlay/usr/local/bin/veilor-firstboot similarity index 100% rename from overlay/usr/local/sbin/veilor-firstboot rename to overlay/usr/local/bin/veilor-firstboot diff --git a/overlay/usr/local/sbin/veilor-installer b/overlay/usr/local/bin/veilor-installer similarity index 98% rename from overlay/usr/local/sbin/veilor-installer rename to overlay/usr/local/bin/veilor-installer index f1c7047..deb84c7 100644 --- a/overlay/usr/local/sbin/veilor-installer +++ b/overlay/usr/local/bin/veilor-installer @@ -418,7 +418,7 @@ cp -a "$SRC/scripts" "$DEST/usr/share/veilor-os/" || echo "[ERR] scripts cp fail ls -la "$DEST/usr/share/veilor-os/" 2>&1 || echo "[ERR] dest dir missing post-cp" # Force root ownership on everything we copied — `cp -a` preserves # CI runner uid (1001), which makes sudo refuse to read /etc/sudoers.d. -chown -R 0:0 "$DEST/etc" "$DEST/usr/share/veilor-os" "$DEST/usr/local/bin" "$DEST/usr/local/sbin" 2>&1 || echo "[WARN] chown failed" +chown -R 0:0 "$DEST/etc" "$DEST/usr/share/veilor-os" "$DEST/usr/local/bin" 2>&1 || echo "[WARN] chown failed" set +x { @@ -426,7 +426,7 @@ set +x date echo "SRC=$SRC DEST=$DEST" ls -la "$DEST/usr/share/veilor-os/" 2>&1 - ls -la "$DEST/usr/local/sbin/" 2>&1 + ls -la "$DEST/usr/local/bin/" 2>&1 } > "$DEST/var/log/veilor-nochroot.log" 2>&1 || true %end @@ -441,8 +441,8 @@ echo "════════════════════════ REPO=/usr/share/veilor-os chmod +x $REPO/scripts/*.sh $REPO/scripts/selinux/*.sh \ - /usr/local/bin/veilor-power /usr/local/sbin/veilor-firstboot \ - /usr/local/sbin/veilor-installer 2>/dev/null || true + /usr/local/bin/veilor-power /usr/local/bin/veilor-firstboot \ + /usr/local/bin/veilor-installer 2>/dev/null || true # /etc/machine-id reset on first boot > /etc/machine-id diff --git a/scripts/selinux/build-policy.sh b/scripts/selinux/build-policy.sh index 809f1ab..a64fa5c 100755 --- a/scripts/selinux/build-policy.sh +++ b/scripts/selinux/build-policy.sh @@ -3,7 +3,7 @@ # # Modules: # veilor-systemd — capabilities for systemd-modules-load (post-boot lock) -# veilor-firstboot — confine /usr/local/sbin/veilor-firstboot one-shot +# veilor-firstboot — confine /usr/local/bin/veilor-firstboot one-shot # # Usage: # sudo ./build-policy.sh # build + install all @@ -33,9 +33,9 @@ done if printf '%s\n' "${MODULES[@]}" | grep -qx veilor-firstboot; then if command -v restorecon >/dev/null 2>&1; then # Mark the binary + state file with the right types. - semanage fcontext -a -t veilor_firstboot_exec_t '/usr/local/sbin/veilor-firstboot' 2>/dev/null || true + semanage fcontext -a -t veilor_firstboot_exec_t '/usr/local/bin/veilor-firstboot' 2>/dev/null || true semanage fcontext -a -t veilor_firstboot_state_t '/var/lib/veilor-firstboot\.done' 2>/dev/null || true - restorecon -v /usr/local/sbin/veilor-firstboot 2>/dev/null || true + restorecon -v /usr/local/bin/veilor-firstboot 2>/dev/null || true [[ -e /var/lib/veilor-firstboot.done ]] && restorecon -v /var/lib/veilor-firstboot.done 2>/dev/null || true fi fi