| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
VM run #2 exposed two test bugs (archsetup itself passed clean, 53/0/0):
- ScopeMismatch errors on 26 tests: the host-dependent fixtures were
session-scoped, but Testinfra's host fixture is module-scoped, and a
session fixture cannot request a module one. Drop those fixtures to
module scope.
- test_console_font_in_initramfs hardcoded /boot/initramfs-linux.img; this
fleet runs linux-lts, so the image is initramfs-linux-lts.img. Pick the
main (non-fallback) initramfs by glob instead.
|
| |
|
|
|
|
| |
The VM test SSHes into the guest as root with a password for the whole run. archsetup hardens sshd to PermitRootLogin prohibit-password and reloads it partway through the install, so every SSH after that step failed with "Permission denied" and the run aborted before any validation — make test had been silently broken since the hardening landed.
inject_root_key authorizes a throwaway root key right after the first SSH (before archsetup runs) and the ssh/scp helpers now add -i <key> via SSH_KEY_OPT. prohibit-password still allows root key auth, so the harness survives the very hardening it validates. Password stays as the fallback, so the change is additive.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Port all ~26 post-install checks from validation.sh to pytest/Testinfra,
reaching parity before the cutover. Adds test_users, test_packages,
test_services, test_desktop, test_boot, test_keyring, and test_archsetup
(88 tests after parametrizing groups, services, timers, tools, and configs),
plus shared conftest fixtures for ZFS/NVMe/compositor/networking gating.
The shell sweep's three outcomes map cleanly: hard failures become assertions,
advisory warnings and unmet preconditions (headless compositor, slirp
networking, optional services, non-ZFS/non-NVMe hosts) become skips.
One correctness fix vs the shell sweep: check awww, not swww — archsetup
installs awww (swww's successor) and `pacman -Q swww` no longer matches.
Verified on the host: py_compile clean, pytest --collect-only green (88 tests).
The sweep against a real VM is verified by the make test run that follows.
|
| |
|
|
|
|
|
|
| |
Stand up the Testinfra/pytest harness alongside the existing shell sweep so the two can be compared for parity before pytest takes over.
Adds scripts/testing/tests/ (conftest with failure attribution markers, a report hook, and a target_user fixture, plus three parity checks: user, ufw, dotfiles) and scripts/testing/lib/testinfra.sh, which injects a throwaway SSH key into the VM and runs pytest over SSH. The sweep is advisory here (RUN_TESTINFRA toggle, non-fatal) and does not yet affect pass/fail. Pulls python-pytest and python-pytest-testinfra into make deps.
Verified on the host: py_compile clean, pytest --collect-only green, bash -n and shellcheck clean. The sweep running against a real VM is verified by the next make test run.
|
| |
|
|
|
|
| |
Plan to port the VM harness's shell validation sweep (validation.sh, ~26 checks) to Testinfra + pytest for more expressive checks and better reporting, then expand coverage to the parts of archsetup that aren't validated today.
Records the design: where pytest fits in run-test.sh, the SSH connection model (inject a throwaway test key), preserving the three-way issue attribution via pytest markers, smoke/integration tiering, a parity-then-expand migration, and a Goss comparison.
|
| |
|
|
|
|
|
|
| |
Add a backup_system_file helper that snapshots a pre-existing file to <path>.archsetup.bak before archsetup edits it in place, so a botched edit to fstab, mkinitcpio.conf, or sudoers is recoverable. It is idempotent: it never overwrites an existing backup, so the pristine original survives repeated edits within a run and across re-runs. It uses cp -p to preserve mode and ownership.
Only the in-place sed and append edits to pre-existing files route through it (locale.gen, makepkg.conf, pacman.conf, sudoers, wireless-regdom, geoclue.conf, pacman-contrib, fstab, mkinitcpio.conf, vconsole.conf). The brand-new drop-in files archsetup fully owns are skipped: there is no prior state to save, and recovery is just deleting them.
Covered by tests/backup-system-file/ (Normal, Boundary, Error cases, including mode preservation and the no-overwrite guarantee).
|
| |
|
|
| |
Mark the waypaper --restore task DONE, add the relogin manual-test under "Manual testing and validation", and file a follow-up: set-wallpaper's mv detaches the waypaper config from its stow symlink.
|
| |
|
|
|
|
|
| |
- Restore the dropped "Collapsible waybar sides" heading. Its drawer and body were orphaned when an earlier edit clobbered the heading line.
- Re-stamp the oldest-unreviewed task batch; drop "security education" to [#C]; tag the bridge-font and wallpaper-restore items.
- Close the Proton Mail Bridge font task (UI font scaled via QT_FONT_DPI).
- Archive two resolved inbox items to assets/outbox/.
|
| | |
|
| | |
|
| |
|
|
| |
Claimed the dirvish-wallpaper item from the roam inbox (it's a Wayland wallpaper-utility issue). Filed it with the awww/set-wallpaper findings and handed the Emacs dirvish-command piece to that project. Closed the four next-set tasks: the device-udev flag, SPDX headers, boolean-comparison style, and the mpd playlist_directory split.
|
| |
|
|
|
|
|
|
| |
Three release cleanups, all behavior-preserving for my machines:
- Gated the Logitech BRIO udev rule behind INSTALL_DEVICE_UDEV_RULES (default yes, opt-out), so the device-specific rule is off for anyone without that hardware. Added the config read, validation, and a conf.example entry.
- Added a GPL-3.0-or-later SPDX-License-Identifier header after the shebang of all 24 shell scripts in the repo.
- Standardized boolean conditionals on the explicit [ "$var" = "true" ] form, replacing the bare `if $var` idiom. The STEPS function-dispatch is left alone, since it runs a function name rather than testing a boolean.
|
| |
|
|
| |
The first note said the system dconf db fixed it, but that left the running session white: a system-db default emits no change signal, so the appearance portal kept reporting no-preference, and libadwaita reads the portal, not GTK_THEME. The working fix added a user-level color-scheme set to signal the portal live.
|
| |
|
|
| |
Closed four solo tasks: nautilus dark theming (velox was missing the system dconf db that archsetup already declares), the CLI-tools install, the waybar tray-spacing fix, and the calendar-hover month/year highlight. Recorded the python-lyricsgenius recheck, which stays open: it still needs --skipinteg, but the cause moved from an expired PGP signature to a drifting LICENSE.txt checksum.
|
| |
|
|
|
|
| |
I adopted four modern CLI tools after the 2026-06-10 evaluation: bat (syntax-highlighting cat), dust (proportional disk-usage tree), hyperfine (statistical benchmarking), and doggo (a DNS client that speaks DoH/DoT/DoQ). tealdeer was already declared. All four are in extra and go in the General Utilities block.
I also corrected the python-lyricsgenius --skipinteg note. The original expired-signature cause is gone (the package tarball verifies now), but makepkg still fails integrity on a LICENSE.txt the PKGBUILD pulls from github master, so the workaround stays for a different reason than the old comment claimed.
|
| |
|
|
|
|
| |
Closed the three resolved tool-evaluation tasks into actionable work: adopt the modern CLI tools, migrate the terminal from foot to ghostty, and keep nautilus over yazi. Closed the org-capture popup task as sized to the scratchpad. Demoted nine undated high-priority sub-tasks to B per the priority scheme. Folded the wlogout laptop-test task into the rectangular-buttons task and tagged the whole waybar cluster :waybar: so it filters as a unit.
Reviewed the seven oldest-unreviewed tasks and kept all seven. Filed two new waybar tasks (calendar-hover highlight, idle-inhibitor rename) and folded a timer/stopwatch/alarm scope expansion into the existing waybar timer task.
|
| |
|
|
| |
Filed the zoom-launches-tiny and focus-on-unhide bugs as tracked tasks (held for a debug pass), and moved this round's completed tasks into Resolved.
|
| |
|
|
|
|
| |
The installer now writes /etc/ssh/sshd_config.d/10-hardening.conf with PermitRootLogin prohibit-password and reloads sshd, right after it starts the service. Root can still log in by key, never by password. PasswordAuthentication is left at the default so a normal user can bootstrap a key with ssh-copy-id.
This makes the posture intentional instead of leaning on Arch's commented default. velox and ratio both carried an explicit PermitRootLogin yes from earlier provisioning, which I'd already fixed by hand.
|
| | |
|
| | |
|
| |
|
|
| |
audit
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Filed a [#C] task for the Fn+F9-toggles-pocketbook behavior on velox, with the investigation findings: the trigger isn't in any Hyprland bind, remapper, or pocketbook's own source, so it's parked until it resurfaces.
Also closed the paru-vs-yay research task properly: it had been left as a level-2 dated header, which is a sub-task shape, so it became DONE + CLOSED.
|
| |
|
|
| |
Manual-test checklists for the Super+F Dirvish popup (launch, focus-loss dismiss, per-type external launch, single-instance, q). New tasks captured from the roam inbox: wifi remediation scope, waybar emacs-service control, collapse sysmonitor to one icon, and Proton Mail Bridge font size.
|
| | |
|
| |
|
|
|
|
| |
A spike disproved the CSS / state-file approach. GTK3 has no display:none, so native modules go invisible but hold their space, and the bar never reflows. The mechanism is config-swap plus a SIGUSR2 reload, driven through an active config copied into XDG_RUNTIME_DIR so the toggle never rewrites the stowed canonical config.
The spec locks the base sets (left: menu + workspaces; right: date + worldclock + tray), keeps the two sides independent, and stays host-agnostic: the base set is constant, the full set is whatever each host already defines. Spec and spike findings live under working/.
|
| |
|
|
|
|
|
|
|
|
| |
Arch's rolling repo ships zig 0.16+, but ghostel's native-module compile fallback needs exactly 0.15.2: ghostel pins ghostty 1.3.2-dev, whose build does requireZig(0.15.2), and 0.16's build-API changes break the dependency build scripts. So a plain pacman -S zig produces a zig that can't build ghostel.
install_zig_pin downloads zig-x86_64-linux-0.15.2.tar.xz from ziglang.org, verifies the sha256, extracts to /opt/zig-0.15.2, and symlinks /usr/local/bin/zig ahead of /usr/bin on PATH, where pacman -Syu can't bump it. I split the verify-and-install core (zig_install_from_tarball) out so it stays network-free and unit-testable: it refuses on a sha256 mismatch, a missing tarball, or a tree with no zig binary, and short-circuits when a correct install already exists.
ghostel's default path downloads a prebuilt module and needs no zig, so this only matters for the offline compile fallback. The pin needs a one-line bump (ZIG_VERSION + ZIG_SHA256) whenever ghostel moves to a newer ghostty.
Tests live in tests/zig-pin/: 7 cases covering extract+symlink, idempotency, sha256-mismatch refusal, missing tarball, and no-binary cleanup, run against the real function extracted from the script.
|
| |
|
|
|
|
|
|
| |
I ran an audit pass over the open-work tasks. I moved the six release-prep sub-tasks that target the now-standalone ~/.dotfiles repo out of the GitHub-release epic into that project, leaving a dated note pointing at the handoff. The epic now covers archsetup-proper release work only.
I reconciled two stale facts: dropped the dead scripts/gitrepos.sh reference (consolidated into post-install.sh in dae7659), and noted on the install-errors task that the latest VM run holds the error set at four known residuals.
I added a Tags section to the priority scheme (type, effort/autonomy, and an open set of topic tags) so the file declares its tag vocabulary, not just its priorities. I also de-linked two dead handoff-file references and filed the Waybar Wi-Fi no-internet task.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
I marked the two package-inventory tasks DONE. Both are satisfied by scripts/package-inventory, now covered by characterization tests and a make package-diff target. I demoted the CI/CD pipeline task to C, since a full VM install per commit isn't realistic active backlog.
|
| |
|
|
|
|
|
|
| |
package-inventory compares archsetup's declared packages against the live system but had no tests, so a future archsetup edit (a new for-loop shape, a renamed install helper) could silently break the extraction.
I added two env seams so the script is testable without the real system. PKGINV_ARCHSETUP points the extractor at a fixture installer, PKGINV_PACMAN swaps in a fake pacman serving controlled query output. Both default to the real targets, so normal use is unchanged, and the seams match the env-override pattern audit-packages.sh already uses.
The 7 tests pin the extraction (direct calls, for-loop lists, variable-arg skip) and both diff directions against the fixture, with no network or real pacman db. I also added a make package-diff target so the tool is reachable alongside the test targets.
|
| |
|
|
| |
The popup fix shipped in the dotfiles repo (the script now calls cj/quick-capture; the scrolling layout is disabled and Super+Shift+S reassigned to a fullscreen screenshot). I filed the scrolling-layout frame-fit and wrap-around work as a follow-up, and archived the processed cross-project handoff replies.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
The check captured 'ls path && echo yes', so a present linger file produced 'path\nyes', which never string-equals yes — every run warned regardless of actual state. Forensics on a kept VM showed lingering correctly enabled all along (file present mid-install, loginctl Linger=yes, logind healthy): the original VM-artifact hypothesis was wrong, archsetup's enable-linger calls were always fine. test -e captures cleanly; verified returning 'yes' against the live VM.
|
| |
|
|
| |
A single slow mirror (fastly, <1 byte/sec on one signature file) halted a full install at the -Syu step, which had no retry while every per-package install gets three attempts. The refresh now shares MAX_INSTALL_RETRIES; pacman resumes partial downloads, so a transient stall recovers.
|
| |
|
|
|
|
| |
scripts/audit-packages.sh extracts every pacman_install/aur_install package (loop lists included) and verifies each against its declared source — sync dbs for official, one batched RPC query for AUR — flagging movers in both directions. Unit-tested against fixture installers with fake pacman/curl.
First real run over 420 packages found four that vanished from both sources, each now fixed: libva-mesa-driver folded into mesa (line dropped), nvidia-dkms replaced by nvidia-open-dkms (Turing+; legacy cards are the preflight task's problem), swww replaced by awww (its successor, already what both machines run), and libappindicator-gtk3 replaced by libayatana-appindicator. Fifteen AUR entries that graduated to official repos still install fine via yay and are left as-is.
|
| |
|
|
| |
Mirrors the dotfiles Makefile semantics: a package named after the machine (/etc/hostname, uname -n fallback) is stowed after common + DE when the directory exists, skipped with a message otherwise. Hosts without a tier — including the test VM — see no behavior change.
|
| | |
|
| |
|
|
| |
close-out
|
| |
|
|
| |
handoffs
|
| |
|
|
| |
The 19:06 verification run showed the portal skip not firing: a socket-activated xdg-desktop-portal process exists even headless, so the process check was the wrong precondition. The skip now keys on a running Hyprland, same as the socket check. That run confirmed the other three skips live (warnings 5 to 2); the remaining counted warnings are this portal case and the lingering question, which stays open.
|
| |
|
|
|
|
| |
file managers, criteria
Five evaluation reports: modern CLI tools (adopt bat/dust/hyperfine/tealdeer/doggo, all in extra), paru vs yay (stay with yay — paru dormant 11 months with a libalpm-broken stable), terminal emulators (stay with foot; ghostty the only challenger, wezterm effectively unmaintained), Wayland file managers (keep nautilus, add yazi over porting the frozen ranger), and the standing evaluation criteria distilled from the round. Maintenance claims verified against live repo data, not aggregator articles.
|
