| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
Adds a design note for building a ZFS base VM via archangel with a filesystem
profile selector (so make test covers the ZFS install path, currently only
exercised on bare metal), migrating run-test-baremetal.sh to key auth and the
Testinfra sweep, and then deleting the dead shell-sweep functions. Links it
from the bare-metal migration follow-up.
|
| |
|
|
|
|
| |
Final fresh make test passed green (96 passed, 10 skipped) with Testinfra as
the authoritative post-install validator. Records the end-state and the three
bugs the work surfaced and fixed.
|
| |
|
|
|
|
|
|
| |
A full archsetup install with heavy AUR builds (vagrant and its git-cloned
installers) can run past the old 90-minute monitor cap on a slow mirror. When
that happened the run stopped monitoring mid-install and validated a
half-installed system, producing spurious late-step failures. Raise MAX_POLLS
from 180 to 300 (90 -> 150 minutes) so a slow-but-healthy install completes.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
run-test.sh no longer runs the shell run_all_validations sweep; the Testinfra
pytest sweep now drives the run's pass/fail. run_testinfra_validation returns
pytest's exit code (and treats "could not run" as a failure, not a silent
pass), surfaces the pass/skip/fail counts through the shared VALIDATION_*
counters, and parses the attribution file so generate_issue_report still
buckets failures into archsetup / base_install / unknown.
The shell-sweep functions stay in validation.sh for now because
run-test-baremetal.sh still calls them; removing them (after migrating the
bare-metal runner) is filed as a follow-up.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add post-install checks beyond the original shell sweep, validated against a
live VM: test_hardening (sshd prohibit-password, quiet-printk sysctl, emptied
/etc/issue, console font, EFI mount perms), test_config_applied (pacman
ParallelDownloads/Color/multilib, makepkg flags, NetworkManager drop-ins,
fail2ban jail, reflector), and test_backups (the .archsetup.bak files
backup_system_file leaves behind — end-to-end proof of that feature).
The new tests caught a real bug: ParallelDownloads stayed at Arch's default 5
because the sed only matched a commented "#ParallelDownloads", but current Arch
ships it uncommented. Match both (^#?ParallelDownloads) so the intended 10 takes
effect.
Verified against a kept VM: 95 passed, 10 skipped (the one remaining failure was
the pre-fix ParallelDownloads on the already-built VM, which the sed fix
resolves on the next fresh install).
|
| |
|
|
|
|
| |
The VM test SSHes into the guest as root with a password for the whole run. archsetup hardens sshd to PermitRootLogin prohibit-password and reloads it partway through the install, so every SSH after that step failed with "Permission denied" and the run aborted before any validation — make test had been silently broken since the hardening landed.
inject_root_key authorizes a throwaway root key right after the first SSH (before archsetup runs) and the ssh/scp helpers now add -i <key> via SSH_KEY_OPT. prohibit-password still allows root key auth, so the harness survives the very hardening it validates. Password stays as the fallback, so the change is additive.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Port all ~26 post-install checks from validation.sh to pytest/Testinfra,
reaching parity before the cutover. Adds test_users, test_packages,
test_services, test_desktop, test_boot, test_keyring, and test_archsetup
(88 tests after parametrizing groups, services, timers, tools, and configs),
plus shared conftest fixtures for ZFS/NVMe/compositor/networking gating.
The shell sweep's three outcomes map cleanly: hard failures become assertions,
advisory warnings and unmet preconditions (headless compositor, slirp
networking, optional services, non-ZFS/non-NVMe hosts) become skips.
One correctness fix vs the shell sweep: check awww, not swww — archsetup
installs awww (swww's successor) and `pacman -Q swww` no longer matches.
Verified on the host: py_compile clean, pytest --collect-only green (88 tests).
The sweep against a real VM is verified by the make test run that follows.
|
| |
|
|
|
|
|
|
| |
Stand up the Testinfra/pytest harness alongside the existing shell sweep so the two can be compared for parity before pytest takes over.
Adds scripts/testing/tests/ (conftest with failure attribution markers, a report hook, and a target_user fixture, plus three parity checks: user, ufw, dotfiles) and scripts/testing/lib/testinfra.sh, which injects a throwaway SSH key into the VM and runs pytest over SSH. The sweep is advisory here (RUN_TESTINFRA toggle, non-fatal) and does not yet affect pass/fail. Pulls python-pytest and python-pytest-testinfra into make deps.
Verified on the host: py_compile clean, pytest --collect-only green, bash -n and shellcheck clean. The sweep running against a real VM is verified by the next make test run.
|
| |
|
|
|
|
| |
Plan to port the VM harness's shell validation sweep (validation.sh, ~26 checks) to Testinfra + pytest for more expressive checks and better reporting, then expand coverage to the parts of archsetup that aren't validated today.
Records the design: where pytest fits in run-test.sh, the SSH connection model (inject a throwaway test key), preserving the three-way issue attribution via pytest markers, smoke/integration tiering, a parity-then-expand migration, and a Goss comparison.
|
| |
|
|
|
|
|
|
| |
Add a backup_system_file helper that snapshots a pre-existing file to <path>.archsetup.bak before archsetup edits it in place, so a botched edit to fstab, mkinitcpio.conf, or sudoers is recoverable. It is idempotent: it never overwrites an existing backup, so the pristine original survives repeated edits within a run and across re-runs. It uses cp -p to preserve mode and ownership.
Only the in-place sed and append edits to pre-existing files route through it (locale.gen, makepkg.conf, pacman.conf, sudoers, wireless-regdom, geoclue.conf, pacman-contrib, fstab, mkinitcpio.conf, vconsole.conf). The brand-new drop-in files archsetup fully owns are skipped: there is no prior state to save, and recovery is just deleting them.
Covered by tests/backup-system-file/ (Normal, Boundary, Error cases, including mode preservation and the no-overwrite guarantee).
|
| |
|
|
| |
Mark the waypaper --restore task DONE, add the relogin manual-test under "Manual testing and validation", and file a follow-up: set-wallpaper's mv detaches the waypaper config from its stow symlink.
|
| |
|
|
|
|
|
| |
- Restore the dropped "Collapsible waybar sides" heading. Its drawer and body were orphaned when an earlier edit clobbered the heading line.
- Re-stamp the oldest-unreviewed task batch; drop "security education" to [#C]; tag the bridge-font and wallpaper-restore items.
- Close the Proton Mail Bridge font task (UI font scaled via QT_FONT_DPI).
- Archive two resolved inbox items to assets/outbox/.
|
| | |
|
| | |
|
| |
|
|
| |
Claimed the dirvish-wallpaper item from the roam inbox (it's a Wayland wallpaper-utility issue). Filed it with the awww/set-wallpaper findings and handed the Emacs dirvish-command piece to that project. Closed the four next-set tasks: the device-udev flag, SPDX headers, boolean-comparison style, and the mpd playlist_directory split.
|
| |
|
|
| |
The first note said the system dconf db fixed it, but that left the running session white: a system-db default emits no change signal, so the appearance portal kept reporting no-preference, and libadwaita reads the portal, not GTK_THEME. The working fix added a user-level color-scheme set to signal the portal live.
|
| |
|
|
| |
Closed four solo tasks: nautilus dark theming (velox was missing the system dconf db that archsetup already declares), the CLI-tools install, the waybar tray-spacing fix, and the calendar-hover month/year highlight. Recorded the python-lyricsgenius recheck, which stays open: it still needs --skipinteg, but the cause moved from an expired PGP signature to a drifting LICENSE.txt checksum.
|
| |
|
|
|
|
| |
Closed the three resolved tool-evaluation tasks into actionable work: adopt the modern CLI tools, migrate the terminal from foot to ghostty, and keep nautilus over yazi. Closed the org-capture popup task as sized to the scratchpad. Demoted nine undated high-priority sub-tasks to B per the priority scheme. Folded the wlogout laptop-test task into the rectangular-buttons task and tagged the whole waybar cluster :waybar: so it filters as a unit.
Reviewed the seven oldest-unreviewed tasks and kept all seven. Filed two new waybar tasks (calendar-hover highlight, idle-inhibitor rename) and folded a timer/stopwatch/alarm scope expansion into the existing waybar timer task.
|
| |
|
|
| |
Filed the zoom-launches-tiny and focus-on-unhide bugs as tracked tasks (held for a debug pass), and moved this round's completed tasks into Resolved.
|
| |
|
|
|
|
| |
The installer now writes /etc/ssh/sshd_config.d/10-hardening.conf with PermitRootLogin prohibit-password and reloads sshd, right after it starts the service. Root can still log in by key, never by password. PasswordAuthentication is left at the default so a normal user can bootstrap a key with ssh-copy-id.
This makes the posture intentional instead of leaning on Arch's commented default. velox and ratio both carried an explicit PermitRootLogin yes from earlier provisioning, which I'd already fixed by hand.
|
| | |
|
| | |
|
| |
|
|
| |
audit
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Filed a [#C] task for the Fn+F9-toggles-pocketbook behavior on velox, with the investigation findings: the trigger isn't in any Hyprland bind, remapper, or pocketbook's own source, so it's parked until it resurfaces.
Also closed the paru-vs-yay research task properly: it had been left as a level-2 dated header, which is a sub-task shape, so it became DONE + CLOSED.
|
| |
|
|
| |
Manual-test checklists for the Super+F Dirvish popup (launch, focus-loss dismiss, per-type external launch, single-instance, q). New tasks captured from the roam inbox: wifi remediation scope, waybar emacs-service control, collapse sysmonitor to one icon, and Proton Mail Bridge font size.
|
| |
|
|
|
|
| |
A spike disproved the CSS / state-file approach. GTK3 has no display:none, so native modules go invisible but hold their space, and the bar never reflows. The mechanism is config-swap plus a SIGUSR2 reload, driven through an active config copied into XDG_RUNTIME_DIR so the toggle never rewrites the stowed canonical config.
The spec locks the base sets (left: menu + workspaces; right: date + worldclock + tray), keeps the two sides independent, and stays host-agnostic: the base set is constant, the full set is whatever each host already defines. Spec and spike findings live under working/.
|
| |
|
|
|
|
|
|
| |
I ran an audit pass over the open-work tasks. I moved the six release-prep sub-tasks that target the now-standalone ~/.dotfiles repo out of the GitHub-release epic into that project, leaving a dated note pointing at the handoff. The epic now covers archsetup-proper release work only.
I reconciled two stale facts: dropped the dead scripts/gitrepos.sh reference (consolidated into post-install.sh in dae7659), and noted on the install-errors task that the latest VM run holds the error set at four known residuals.
I added a Tags section to the priority scheme (type, effort/autonomy, and an open set of topic tags) so the file declares its tag vocabulary, not just its priorities. I also de-linked two dead handoff-file references and filed the Waybar Wi-Fi no-internet task.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
I marked the two package-inventory tasks DONE. Both are satisfied by scripts/package-inventory, now covered by characterization tests and a make package-diff target. I demoted the CI/CD pipeline task to C, since a full VM install per commit isn't realistic active backlog.
|
| |
|
|
| |
The popup fix shipped in the dotfiles repo (the script now calls cj/quick-capture; the scrolling layout is disabled and Super+Shift+S reassigned to a fullscreen screenshot). I filed the scrolling-layout frame-fit and wrap-around work as a follow-up, and archived the processed cross-project handoff replies.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
close-out
|
| |
|
|
| |
handoffs
|
| |
|
|
| |
The 19:06 verification run showed the portal skip not firing: a socket-activated xdg-desktop-portal process exists even headless, so the process check was the wrong precondition. The skip now keys on a running Hyprland, same as the socket check. That run confirmed the other three skips live (warnings 5 to 2); the remaining counted warnings are this portal case and the lingering question, which stays open.
|
| |
|
|
| |
velox's first post-trim boot showed r8152 failing to load rtl_nic/rtl8156b-2.fw — the Framework Ethernet expansion card is a Realtek RTL8156B, so the trim list was wrong to drop realtek firmware. The driver runs on internal defaults without the blob, so nothing broke, but the package is back on velox and out of the removal list.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Add :solo: to the waybar even-spacing and Chrome dupre-theme tasks. Both are ratio-local and objectively verifiable (measure the gaps, confirm the palette hex values), with the eyeball confirmation handed off as a manual-testing reminder. Velox-only or design-call visual tasks stay off.
|
| |
|
|
| |
Add :solo: to the security-dashboard command task. It's buildable and locally verifiable against known system state with no upfront decision, so it meets the clarified solo bar.
|
