| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
The 19:06 verification run showed the portal skip not firing: a socket-activated xdg-desktop-portal process exists even headless, so the process check was the wrong precondition. The skip now keys on a running Hyprland, same as the socket check. That run confirmed the other three skips live (warnings 5 to 2); the remaining counted warnings are this portal case and the lingering question, which stays open.
|
| |
|
|
| |
Four warnings fired on every headless VM run, training the reader to ignore the warning count: the Hyprland socket and portal queries (no graphical login), the mDNS ping (slirp passes no multicast), and docker-not-responding (enabled but deliberately not started pre-reboot). Each now detects its precondition and logs a skip that counts nowhere; the warn paths stay for the cases that are real (compositor running without a socket, portal running but unqueryable, mDNS failing on real networking, docker active but dead). The lingering warning stays — it needs its own investigation.
|
| |
|
|
| |
The dotfiles validation hardcoded .dotfiles/common/.zshrc, but a none install stows the standalone minimal/ tree, so the first none-run ever to reach validation failed on a correct symlink. The expected path now follows DESKTOP_ENV from the VM conf.
|
| |
|
|
|
|
| |
Pocketbook is nowhere near ready, so I pulled it back from publication: deleted the github mirror and the cjennings.net repo, removed the server mirror hook, and copied the package into pocketbook/ here until it's ready to spin back out.
Dropped the steps that provisioned it on a fresh install: the gtk4-layer-shell dep and the pip install in archsetup, and the clone in post-install.sh. That clone pointed at the now-deleted github repo, so it would have failed a fresh run regardless. Re-wiring the install is tracked in the pocketbook backlog.
|
| | |
|
| |
|
|
| |
The dotfiles live in a separate repo now, so the VM test clones that source, bundles it, and clones from the bundle into /tmp/dotfiles-test on the VM. archsetup's in-VM clone of DOTFILES_REPO then resolves against the local path with no network. DOTFILES_SOURCE overrides the source for testing a local checkout instead of the published repo. The cleanup trap tracks the host-side bundle and clone, so a mid-run abort leaves nothing behind.
|
| |
|
|
|
|
|
|
| |
The touchpad toggle's notification was too loud, and the eight notify sounds varied by ~13 dB in RMS loudness — bug and fail came out two to three times louder than info or security.
I added a --silent flag to notify (shows the popup, plays no sound) and a NOTIFY_VOLUME knob (paplay scale, default 65536) so the master level can drop without re-encoding. toggle-touchpad now passes --silent on both enable and disable. normalize-notify-sounds.sh measures each .ogg and shifts it to a uniform -31 dB mean. It writes through the file instead of mv-ing over it, so the stow symlinks survive when the script runs against the live sound dir. I re-encoded all eight sounds to the new level.
Tests: a new tests/notify suite (12 tests) covers --silent, the volume knob, flag composition, and the error paths.
|
| |
|
|
|
|
| |
init runs under #!/bin/sh but used $(<file) to read /etc/hostname, a bashism that breaks on a strict POSIX sh. I switched it to $(cat) and quoted $interface_up in the same script.
The two VM_IP assignments in the test scripts are read by the sourced validation.sh, which shellcheck can't follow, so they now carry a documented disable=SC2034 instead of a bare suppression. The rest of the shellcheck findings across the scripts are intentional (word-splitting on $SSH_OPTS, integer tests in [ ]) or already accepted, so I left them alone.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Two real bugs and a sweep of hygiene across the harness. `make test`
passed cleanly on this branch with the same 52/0/5 profile as the
2026-05-11 run, so the wiring is verified end-to-end.
Real bugs:
- `lib/vm-utils.sh` `snapshot_exists` was running
`qemu-img snapshot -l | grep -q "$snapshot_name"`, which matches the
name as a substring anywhere in the output — including inside dates
or filenames in other fields. Replaced with an awk field extraction
on the TAG column plus `grep -Fxq` for a whole-line literal match.
- `run-test-baremetal.sh` was setting `VALIDATION_PASSED=true|false`
after validation, but `validation.sh` already uses
`VALIDATION_PASSED` as a pass counter. The test report then
referenced `$VALIDATION_PASSED_COUNT`, which is defined nowhere.
Renamed the boolean to `TEST_PASSED` (matching run-test.sh's
pattern) and report the actual counter.
Cleanup traps and arg validation:
- `run-test.sh` now installs a top-level EXIT trap that, on abort,
kills QEMU and restores the clean-install snapshot. A
`CLEANUP_DONE=1` sentinel keeps the existing normal-path cleanup
from double-firing. This is the recurring pain from 2026-05-11
where two failed runs left orphaned QEMU processes and dirty base
disks behind.
- `create-base-vm.sh` and `debug-vm.sh` got the same kind of trap, plus
`debug-vm.sh` now rejects non-`.qcow2` paths up front instead of
letting QEMU fail later.
- `run-test.sh`, `run-test-baremetal.sh`, and `cleanup-tests.sh` now
validate that options with required values actually receive one
(`${var:?msg}` for `--script`/`--snapshot`/`--host`/`--password`,
numeric check for `--keep`).
- `run-test-baremetal.sh` traps the temp git bundle for cleanup if the
script aborts before its explicit `rm`. The ZFS rollback loop now
uses `while IFS= read -r ds` and quotes `$ds` inside the ssh_cmd so
dataset names with whitespace wouldn't break it.
Smaller hygiene:
- `vm-utils.sh` `check_ovmf` also checks `OVMF_VARS_TEMPLATE`; `start_qemu`
validates disk and ISO paths before building the QEMU command;
numeric tests quoted.
- `cleanup-tests.sh` find expression for temp disks wrapped in
`\( ... -o ... \)`, all `while read` loops use `IFS= read -r`,
orphaned QEMU cleanup tries SIGTERM with a 2s sleep before SIGKILL.
- `create-base-vm.sh` moved the "Copy an archangel-*.iso" info line
before its `fatal` instead of after (unreachable), and added the
serial-log path to the final summary.
- `lib/logging.sh` `stop_timer` no longer produces `$((end - ))` when
the named timer was never started.
- `lib/network-diagnostics.sh` `read` → `IFS= read -r`.
- `setup-testing-env.sh` now installs all missing pacman packages in
one transaction instead of one-at-a-time (avoids half-installed
state if package N fails). KVM check also verifies the user has
read+write on `/dev/kvm` and prints the `gpasswd -a $(id -un) kvm`
fix if not.
A few items from the review I deliberately skipped: replacing the
codebase-wide unquoted `$SSH_OPTS` string with an array (cosmetic, would
need to be done everywhere at once), `set -e` adds where the existing
fall-through-on-failure is intentional, and a `--force` gate on
`create-base-vm.sh` (would break the expected workflow).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Three things were wrong with the old script:
- One line had a duplicate `flathub` argument (`flatpak install ...
flathub flathub org.gnome.Crosswords`). Flatpak tolerated it; still
a typo.
- Nothing added the flathub remote, so a fresh machine without it would
fail on every line.
- 24 nearly identical `flatpak install` lines with no central handling
if one app failed.
I moved the app IDs into a single `APPS=()` array (sorted) and looped.
The script now runs `flatpak remote-add --if-not-exists --user flathub
https://flathub.org/repo/flathub.flatpakrepo` up front, collects any
failed apps into a `failed` array, and prints a summary plus a non-zero
exit at the end if anything didn't install. I used `set -uo pipefail`
rather than `-euo` on purpose so a single failed install doesn't abort
the rest of the run.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The "verifying Bridge is listening" check used a regex
`127\.0\.0\.1:(1143|1025)` against `ss -ltn` output. That matches if
*either* port is listening, but the success message claims both are. So
a half-broken Bridge (IMAP up, SMTP down or vice versa) would pass the
check.
I split the check into two greps and report which port is missing.
When the check fails, the script now also prints the last 10 lines of
`systemctl --user status protonmail-bridge` to stderr so the operator
sees the service state immediately instead of being told to go run the
command themselves.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
gitrepos.sh did the same `~/.dotfiles` / `~/.emacs.d` remote swap that
post-install.sh already had, plus a `git pull --set-upstream origin main`
follow-on that post-install was missing. I folded the pull into the
post-install remote-rewrite block and dropped gitrepos.sh.
While in the file, I also:
- Quoted every variable (`"$logfile"`, `"$HOME"` paths, `"$(whoami)"`).
- Sent the remote-rewrite block to the log file like the other blocks
do (was leaking to stdout).
- Made the remote-rewrite idempotent. A re-run used to break the
`cd && remote remove && remote add` chain because remove fails when
origin is already the desired URL. The loop now uses
`git -C "$dir" remote set-url` when origin exists and `remote add`
when it does not.
- Pre-created `~/sync`, `~/pictures`, `~/code`, `~/projects` so the
clones don't fail on missing parent dirs.
- Wrapped each `git clone` in a `clone_if_missing` helper so a re-run
skips destinations that already exist instead of erroring out.
README.md picks up the gitrepos.sh removal in the forking note.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Audit pass: each of these had no references anywhere in the repo
(excluding self-references and review notes).
- wip-bootcandy.sh — "wip" prefix, non-executable. Comments mention a
boot animation but the script only installs ly and disables
getty@tty2.
- protonmail-bridge.sh — `pacman_install protonmail-bridge` (the package
landed in extra) plus cmail-setup-finish.sh now cover this.
- wireguard-proton.sh — hardcoded USGA tunnel and a relative
`../assets/wireguard-config/*.conf` path that depends on the caller's
pwd.
- create-archiso-zfs.sh — one-off ISO build snippet, non-executable.
- scripts/testing/lib/finalize-base-vm.sh — libvirt-era leftover. The
test stack moved to direct QEMU and nothing sources or calls it.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
I extended cmail-setup-finish.sh with two boot-cleanliness fixes for the systemd --user Bridge service.
The autostart cleanup removes ~/.config/autostart/Proton Mail Bridge.desktop, which double-launches Bridge and throws an "orphan instance" dialog every login.
The wait-for-dns drop-in installs an ExecStartPre loop that waits up to 30 seconds for DNS before Bridge's first API call. User-instance systemd doesn't carry network-online.target, so After=network.target doesn't imply the resolver is up. The leading '-' makes the pre-step non-fatal so an offline boot still starts the unit.
|
| |
|
|
|
|
| |
validate_hyprland_plugins and validate_hyprpm_hook checked for the hyprland-plugins-setup script and the hyprpm pacman hook, both removed in 4a3056a (Hyprland 0.54 brings the layouts into core). I deleted the two functions and their calls in validate_window_manager.
I also disabled errexit in run-test.sh from the validation phase onward, so one failed check is counted in VALIDATION_FAILED instead of aborting the run before the report or VM cleanup. About 16 validations across the file do a bare `return 1` after `validation_fail`; any of them firing under the previous behavior would have killed the harness mid-run.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bridge first-run is interactive, so I put the cmail wiring in a post-install
helper rather than running it inside archsetup. scripts/cmail-setup-finish.sh
handles the post-first-run steps idempotently: it decrypts the encrypted
cmailpass, copies Bridge's self-signed cert to ~/.config/protonbridge.pem,
symlinks the cmail-action triage helper into ~/.local/bin, and enables the
user-level protonmail-bridge service.
I added loginctl enable-linger in essential_services so the user service
survives logout — without it, triaging cmail from a remote agent or SSH
session has nothing to talk to. outro prints a four-step runbook for the
manual steps after reboot.
|
| |
|
|
|
|
|
| |
Add workspace allfloat toggle on mod+shift+f (was togglefloating, now
on mod+shift+space only). Add scripts/setup-chess.sh for En Croissant,
lc0, Maia, and Stockfish setup. Update log-cleanup to use filename
dates instead of mtime. Update ssh and calibre configs.
|
| |
|
|
|
|
|
| |
Add rustup toolchain manager to developer_workstation (before AUR
packages that need rust to compile). Add log-cleanup cron job with
test validation. Update ISO glob for archangel naming. Add dunst
icon theme, hyprlock animations, waybar log filtering.
|
| |
|
|
|
|
|
| |
Install gtk4-layer-shell and pocketbook (via pipx) during Hyprland setup,
and clone the source repo in post-install for development.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
| |
|
|
|
| |
Add texlive-latexextra for pdflatex resume builds (enumitem package).
Update test VM password and Arch mirror URL. Process inbox items.
|
| |
|
|
|
|
|
|
|
| |
Add package-inventory script that compares archsetup-declared packages
against the live system. Fix awk for-loop parser and dependency
filtering. Add 10 missing packages to archsetup (hyprpaper, wev, socat,
sshpass, flatpak, solaar, ttf-dejavu, atomicparsley, freetube,
tidal-dl-ng). Fix pipx_install function name bug. Change Hyprland
follow_mouse to 0 to fix swap focus issue.
|
| |
|
|
|
|
|
|
| |
hyprpm requires running Hyprland to determine version for plugin
compilation. Move plugin installation from archsetup to a first-login
script (hyprland-plugins-setup) that runs via exec-once. Script checks
if plugins are already installed and skips if so. Update validation to
check for setup script presence instead of enabled plugins.
|
| |
|
|
|
|
|
| |
- Add pacman hook to rebuild hyprpm plugins after Hyprland updates
- Change startup to hyprpm update -n (rebuilds if needed)
- Fix stash-restore to preserve master window using batch commands
- Add validation tests for plugins and hyprpm hook
|
| |
|
|
|
|
| |
Validates that portals.conf uses gtk backend for Settings portal
and that the portal returns color-scheme=1 (prefer-dark) for
libadwaita apps like Nautilus.
|
| |
|
|
|
|
|
|
| |
Set ARCHSETUP_REPO=/tmp/archsetup-test in VM config so archsetup
uses the bundled test repo instead of cloning from remote server.
This ensures tests use the current local changes.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
| |
|
|
|
|
|
| |
The git bundle command was running from current directory
instead of PROJECT_ROOT, causing it to bundle from wrong repo.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Test Infrastructure:
- Add make test-keep target to keep VM running after test
- Add make test-vm-base target for creating base VM only
- Update make test to auto-create VM if missing
- Remove manual user creation from create-base-vm.sh (archsetup handles it)
- Remove unused USERNAME/USER_PASSWORD from archsetup-test.conf
Archsetup:
- Add snapper-gui-git for btrfs snapshot GUI
- Add SYNC_ACL=yes for snapper permissions
- Add setfacl for wheel group access to /.snapshots
Hyprland:
- Remove easyeffects scratchpad (keep auto-launch)
- Remove ecosystem permissions (caused too many popups)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
| |
|
|
|
| |
Add 'make test' Makefile target to run full VM integration test suite.
Print test report to terminal after generation for immediate visibility.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace the never-fully-operational libvirt-based VM test infrastructure
with direct QEMU management and archangel ISO for fully automated,
unattended base VM creation.
Key changes:
- vm-utils.sh: complete rewrite — QEMU process mgmt via PID file,
monitor socket for graceful shutdown, qemu-img snapshots, SSH
port forwarding (localhost:2222)
- create-base-vm.sh: boots archangel ISO, SSHs in, runs unattended
install via config file, verifies, creates clean-install snapshot
- run-test.sh: snapshot revert, git bundle transfer, detached archsetup
execution with setsid, polling, validation, and report generation
- debug-vm.sh: CoW overlay disk, GTK display, auto-cleanup on close
- setup-testing-env.sh: reduced deps to qemu-full/sshpass/edk2-ovmf/socat
- cleanup-tests.sh: PID-based process management, orphan detection
- validation.sh: port-based SSH (backward compatible), fuzzel/foot for
Hyprland, corrected package list paths
- network-diagnostics.sh: getent/curl instead of nslookup/ping (SLIRP)
New files:
- archsetup-test.conf: archangel config for base VM (btrfs, no encrypt)
- archsetup-vm.conf: archsetup config for unattended test execution
- assets/archangel.conf.example: reference archangel config
Deleted:
- finalize-base-vm.sh: merged into create-base-vm.sh
- archinstall-config.json: replaced by archangel .conf format
Tested: full end-to-end run — 51 validations passed, 0 failures.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rename dotfiles/system to dotfiles/common for clarity - indicates
shared dotfiles used across all desktop environments (DWM, Hyprland).
Removed config directories for uninstalled applications:
- ghostty (using different terminal)
- lf (using ranger instead)
- mopidy (using mpd instead)
- nitrogen (X11-only, obsolete for Wayland)
- pychess (not installed)
- JetBrains (not installed via archsetup)
- youtube-dl (using yt-dlp with different config location)
Kept audacious config for potential future use.
Updated all references in archsetup, CLAUDE.md, todo.org, and
validation.sh.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
|
|
This flag was removed from archsetup but remained in test scripts.
|
