feat(install): install baked AUR packages and clean the target config

Wire the baked AUR repo into the installer. Before pacstrap, install_base checks whether the ISO shipped the repo and, if so, exposes [aur] in the live /etc/pacman.conf and reads the package names from the manifest, adding them to the pacstrap set so they install into the target offline. This mirrors the existing [archzfs] handling. pacstrap resolves repos from the live system, not $MNTPOINT.

The live config already carries [aur] from the shipped ISO config, so the append is idempotent by design. A --skip-aur ISO ships no repo, and aur_repo_available gates the whole path, so the installer still works there.

configure_system strips any [aur] stanza from the target /etc/pacman.conf. pacstrap installs a stock target config with no [aur], so this is defensive, but it guarantees the installed system never references /usr/share/aur-packages, which exists only on the live ISO.

Four new common.sh helpers carry the logic: aur_repo_available, append_aur_repo (idempotent), aur_manifest_names (the manifest is the source of what to install, so the list never drifts), and strip_repo_stanza. All four covered across Normal, Boundary, and Error.

2 files changed, 84 insertions, 0 deletions

diff --git a/installer/archangel b/installer/archangel
index ea18202..ec3017a 100755
--- a/installer/archangel
+++ b/installer/archangel
@@ -779,11 +779,27 @@ EOF
         info "ZFS will be built from source via DKMS - this ensures kernel compatibility."
     fi
 
+    # Expose the baked AUR local repo to pacstrap the same way as [archzfs]:
+    # add it to the LIVE /etc/pacman.conf so pacstrap installs the baked
+    # packages into the target offline (pacstrap resolves repos from the live
+    # system, not $MNTPOINT). Only when the ISO actually shipped the repo — a
+    # --skip-aur ISO won't have it. The manifest is the source of which
+    # packages to install, so the list never drifts from what was baked.
+    local aur_repo_dir="/usr/share/aur-packages"
+    local -a aur_packages=()
+    if aur_repo_available "$aur_repo_dir"; then
+        info "Exposing baked AUR repo to pacstrap..."
+        append_aur_repo /etc/pacman.conf "file://$aur_repo_dir"
+        mapfile -t aur_packages < <(aur_manifest_names "$aur_repo_dir/manifest.tsv")
+        info "Baked AUR packages to install: ${aur_packages[*]:-none}"
+    fi
+
     info "Installing base packages (this takes a while)..."
 
     local packages
     mapfile -t packages < <(pacstrap_packages "$FILESYSTEM") \
         || error "Unknown filesystem: $FILESYSTEM"
+    packages+=("${aur_packages[@]}")
 
     # Use yes to auto-select defaults for provider prompts
     yes "" | pacstrap -K $MNTPOINT "${packages[@]}"
@@ -834,6 +850,13 @@ Server = https://github.com/archzfs/archzfs/releases/download/experimental
 SigLevel = Never
 EOF
 
+    # The baked [aur] repo is exposed only in the LIVE config for pacstrap.
+    # The installed system must not reference /usr/share/aur-packages — that
+    # path exists only on the live ISO. pacstrap installs a stock target
+    # pacman.conf (no [aur]), so this is defensive, but it guarantees the
+    # invariant regardless of how the target config was produced.
+    strip_repo_stanza aur "$MNTPOINT/etc/pacman.conf"
+
     # Configure journald for ZFS
     # Problem: journald starts before ZFS mounts /var/log, so journal files
     # get created in tmpfs then hidden when ZFS mounts over it.
diff --git a/installer/lib/common.sh b/installer/lib/common.sh
index 8f44170..0317034 100644
--- a/installer/lib/common.sh
+++ b/installer/lib/common.sh
@@ -124,6 +124,67 @@ required_commands() {
 }
 
 #############################
+# AUR Local Repository
+#############################
+# The ISO can bake a local pacman repo of AUR packages at /usr/share/aur-packages
+# (built by build-aur.sh at ISO-build time). These helpers expose it to
+# pacstrap from the LIVE system, list what it holds, and keep the installed
+# target's pacman.conf from referencing a path the target won't have. See
+# docs/aur-local-repo-spec.org.
+
+# True when the baked AUR repo exists at $1 (default /usr/share/aur-packages).
+# repo-add ships aur.db (a symlink) alongside aur.db.tar.gz; the airootfs copy
+# may dereference the symlink to a plain file, so accept either name. A
+# --skip-aur ISO ships no repo, so this gates every AUR install-time step.
+aur_repo_available() {
+    local repo_dir="${1:-/usr/share/aur-packages}"
+    [[ -f "$repo_dir/aur.db" || -f "$repo_dir/aur.db.tar.gz" ]]
+}
+
+# Append an [aur] stanza pointing at $server to the pacman.conf at $1, unless
+# one is already present. Idempotent so a re-run of the installer doesn't stack
+# duplicates. SigLevel = Optional TrustAll mirrors the build-side stanza: the
+# repo is trusted by construction.
+append_aur_repo() {
+    local pacman_conf="$1" server="$2"
+    grep -q '^\[aur\]' "$pacman_conf" && return 0
+    cat >> "$pacman_conf" <<EOF
+
+[aur]
+SigLevel = Optional TrustAll
+Server = $server
+EOF
+}
+
+# Print the package names (first TSV column) from the AUR build manifest at
+# $1, skipping the header. Empty output when the file is absent — the
+# manifest is the single source for what to install, so the installer never
+# hard-codes the baked package list.
+aur_manifest_names() {
+    local manifest="$1"
+    [[ -f "$manifest" ]] || return 0
+    awk -F'\t' 'NR>1 {print $1}' "$manifest"
+}
+
+# Remove the named repo's stanza (its [name] header and the config lines up to
+# the next [section] or EOF) from the pacman.conf at $2. Used to ensure the
+# installed target never references the baked [aur] repo, whose
+# /usr/share/aur-packages path exists only on the live ISO. A no-op when the
+# stanza is absent.
+strip_repo_stanza() {
+    local repo="$1" pacman_conf="$2"
+    local tmp
+    tmp=$(mktemp)
+    awk -v header="[$repo]" '
+        $0 == header { skip = 1; next }
+        skip && /^\[/ { skip = 0 }
+        skip { next }
+        { print }
+    ' "$pacman_conf" > "$tmp"
+    mv "$tmp" "$pacman_conf"
+}
+
+#############################
 # Password / Passphrase Input
 #############################