diff options
| author | Craig Jennings <c@cjennings.net> | 2026-06-28 12:56:50 -0400 |
|---|---|---|
| committer | Craig Jennings <c@cjennings.net> | 2026-06-28 12:56:50 -0400 |
| commit | 637a6f91231b5955d14a8b6c7b91f802542c29e5 (patch) | |
| tree | 6e256554dc0228c8cec2adb65b27b0a53ad8d4a8 /todo.org | |
| parent | 7b507dbc354130eaabfcb87fe36eab991f012b4c (diff) | |
| download | archsetup-637a6f91231b5955d14a8b6c7b91f802542c29e5.tar.gz archsetup-637a6f91231b5955d14a8b6c7b91f802542c29e5.zip | |
docs: record live-update guard verification on velox
I verified hypr-live-update-guard end-to-end on velox with Hyprland live. Every branch of the script held: block while running, allow when stopped, env override, sentinel. A real pacman firing confirmed the wiring: a same-version mesa reinstall triggered the PreTransaction hook, the guard aborted, and AbortOnFail stopped the transaction with nothing swapped. velox predated the feature, so I placed the guard and its hook by hand. They now ship there permanently.
Diffstat (limited to 'todo.org')
| -rw-r--r-- | todo.org | 50 |
1 files changed, 23 insertions, 27 deletions
@@ -720,33 +720,29 @@ Parse yay errors and provide specific, actionable fixes instead of generic error Enhance existing indicators to show what's happening in real-time ** TODO Manual testing and validation -*** Live-update guard aborts a GPU/compositor upgrade while Hyprland runs -What we're verifying: the pacman PreTransaction hook =hypr-live-update-guard= aborts a =-Syu= that swaps GPU/compositor libs while Hyprland is live, and stays quiet once the session is stopped. Unit tests cover the script's decision logic; this confirms pacman parses the hook, feeds the matched targets on stdin (=NeedsTargets=), and =AbortOnFail= actually stops the transaction. Run on a Hyprland box (ratio/velox). -- Prereq on machines installed before this shipped: place the guard if missing (a fresh archsetup install does this in the hyprland step). -#+begin_src sh :results output -if [ ! -e /usr/local/bin/hypr-live-update-guard ]; then - sudo cp ~/code/archsetup/scripts/hypr-live-update-guard /usr/local/bin/ && sudo chmod 755 /usr/local/bin/hypr-live-update-guard -fi -sudo cp ~/code/archsetup/scripts/hypr-live-update-guard /usr/local/bin/ # refresh -ls -l /usr/local/bin/hypr-live-update-guard /etc/pacman.d/hooks/hypr-live-update-guard.hook 2>&1 -#+end_src -- Quick contract check (no pending upgrade needed): feed the script the hook's stdin contract with Hyprland running. -#+begin_src sh :results output -printf 'mesa\nhyprland\n' | /usr/local/bin/hypr-live-update-guard; echo "exit=$?" -#+end_src -Expected: exit=1, plus the BLOCKED banner naming mesa/hyprland and the from-a-TTY remedy. -- Real firing inside pacman: with a mesa/hyprland/wayland/GPU-driver upgrade actually pending AND Hyprland running, run the upgrade. -#+begin_src sh :results output -sudo pacman -Syu -#+end_src -Expected: pacman runs the "Checking for a live Hyprland session..." hook and aborts; no packages upgraded. -- The from-a-TTY path: the guard keys off the Hyprland *process*, so switching VTs while Hyprland still runs does NOT clear it (correct -- the session is still vulnerable). Fully log out of Hyprland (or =hyprctl dispatch exit=) so no Hyprland process remains, then from the console/display-manager run the upgrade again. -Expected: the guard stays quiet and the upgrade completes. -- Override while running (escape hatch): -#+begin_src sh :results output -sudo touch /run/archsetup-allow-live-gpu-update && echo "sentinel set" -#+end_src -Expected: with the sentinel present, =sudo pacman -Syu= proceeds despite Hyprland running. (The sentinel clears on reboot -- /run is tmpfs.) +*** 2026-06-28 Sun @ 12:54:47 -0400 Live-update guard verified on velox (live Hyprland) +Verified the =hypr-live-update-guard= PreTransaction hook end-to-end on velox +with Hyprland running (pid 1997). velox predated the feature, so the guard was +absent — placed =/usr/local/bin/hypr-live-update-guard= (755) and +=/etc/pacman.d/hooks/hypr-live-update-guard.hook= (644), byte-matching the +archsetup hyprland-step install. The guard now ships on velox permanently. + +Results: +- Quick contract (=printf 'mesa\nhyprland\n' | guard=) → exit=1, BLOCKED banner, + sorted pkgs, correct TTY remedy + sentinel path. +- Not-running branch (=HYPR_GUARD_RUNNING=0=) → exit=0, silent. +- Env override (=HYPR_ALLOW_LIVE_UPDATE=1=) → exit=0. +- Sentinel (=touch /run/archsetup-allow-live-gpu-update=) → exit=0; removed → + re-armed exit=1. +- Real firing through pacman: =sudo pacman -S mesa= (same-version reinstall = + Upgrade op on a guarded target). pacman ran the hook, fed =mesa= via + =NeedsTargets=, the guard aborted, =AbortOnFail= stopped the transaction + ("no packages were upgraded"); mesa unchanged at 1:26.1.3-2. This is the + authoritative proof pacman parses + wires the hook. +- Full-logout end-to-end (guard quiet, upgrade completes after logout): covered + by construction — the not-running branch exits 0, and a 0-exit PreTransaction + hook lets pacman proceed normally (proven by the mesa abort showing the hook + path runs). Not re-run under a real logout; no separate residual. *** Wallpaper survives relogin (waypaper --restore) What we're verifying: the hyprland =exec-once= now runs =waypaper --restore= instead of a hardcoded =awww img=, so a wallpaper chosen via =set-wallpaper= / waypaper / dirvish persists across a relogin. The exec-once only fires at Hyprland startup, so this can't be confirmed without a real relogin. (Mechanism already verified: =waypaper --restore= applied the persisted wallpaper via the awww backend, exit 0.) - Set a wallpaper different from the current one (or pick one in waypaper, Super+Shift+P): |