From edb5016809f3bc657283d8c2402970dbbab3c5cf Mon Sep 17 00:00:00 2001
From: Craig Jennings <c@cjennings.net>
Date: Tue, 23 Jun 2026 20:55:07 -0400
Subject: fix(installer): RAID validation, set -e fix, drop dead shadow branch

Two installer cleanups from the todo backlog.

validate_config now rejects a RAID_LEVEL the selected disk count can't support, guarding the unattended path (the interactive path already constrains the choice). While adding it I found a latent bug: the error loop's ((errors++)) returned 0 on the first error and tripped set -e in the monolith's `[[ UNATTENDED == true ]] && validate_config` call, aborting after one warning instead of listing every problem. Switched to pre-increment so the count accumulates as designed. Added four bats cases, including one that runs validate_config under set -e outside bats' run shield.

build.sh dropped the dead shadow-file rebuild else-branch. The profile is always copied fresh from releng (which ships /etc/shadow), so the branch never ran, and its hardcoded account list had drifted from what releng provides. Replaced with an assertion that fails the build loudly if the file is ever missing.
---
 installer/lib/config.sh | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

(limited to 'installer/lib/config.sh')

diff --git a/installer/lib/config.sh b/installer/lib/config.sh
index 3ba2bb3..ed54e36 100644
--- a/installer/lib/config.sh
+++ b/installer/lib/config.sh
@@ -116,20 +116,30 @@ check_config() {
 validate_config() {
     local errors=0
 
-    [[ -z "$HOSTNAME" ]] && { warn "HOSTNAME not set"; ((errors++)); }
-    [[ -z "$TIMEZONE" ]] && { warn "TIMEZONE not set"; ((errors++)); }
-    [[ ${#SELECTED_DISKS[@]} -eq 0 ]] && { warn "No disks selected"; ((errors++)); }
-    [[ -z "$ROOT_PASSWORD" ]] && { warn "ROOT_PASSWORD not set"; ((errors++)); }
+    [[ -z "$HOSTNAME" ]] && { warn "HOSTNAME not set"; ((++errors)); }
+    [[ -z "$TIMEZONE" ]] && { warn "TIMEZONE not set"; ((++errors)); }
+    [[ ${#SELECTED_DISKS[@]} -eq 0 ]] && { warn "No disks selected"; ((++errors)); }
+    [[ -z "$ROOT_PASSWORD" ]] && { warn "ROOT_PASSWORD not set"; ((++errors)); }
 
     # Validate disks exist
     for disk in "${SELECTED_DISKS[@]}"; do
-        [[ -b "$disk" ]] || { warn "Disk not found: $disk"; ((errors++)); }
+        [[ -b "$disk" ]] || { warn "Disk not found: $disk"; ((++errors)); }
     done
 
     # Validate timezone
     if [[ -n "$TIMEZONE" && ! -f "/usr/share/zoneinfo/$TIMEZONE" ]]; then
         warn "Invalid timezone: $TIMEZONE"
-        ((errors++))
+        ((++errors))
+    fi
+
+    # Validate the RAID level against the selected disk count. The
+    # interactive path only offers levels valid for the count, so this
+    # guards the unattended config, where RAID_LEVEL is set by hand and
+    # can name a level the disk count can't support. raid_is_valid treats
+    # an empty level on a single disk (no RAID) as valid.
+    if ! raid_is_valid "$RAID_LEVEL" "${#SELECTED_DISKS[@]}"; then
+        warn "Invalid RAID_LEVEL '$RAID_LEVEL' for ${#SELECTED_DISKS[@]} disk(s)"
+        ((++errors))
     fi
 
     if [[ $errors -gt 0 ]]; then
-- 
cgit v1.2.3