The_miro
/
Dotfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(installer): root-owned ~/.config, wrong logging path, flatpak system scope 

Diagnosed from a full guided-install log plus a Hyprland startup log. Three
distinct remaining failures:

1. ~/.config left root-owned. The FIDO/Yubico setup runs `mkdir -p
   ~/.config/Yubico` as root (creating ~/.config itself), then chowned only
   Yubico/. ~/.config stayed root-owned, so every later user step failed with
   EACCES: shell-setup symlinks (starship.toml), the mail/caldav systemd --user
   timers, and Hyprland creating ~/.config/hypr at startup. Chown the whole
   ~/.config in both Yubico spots, and defensively reclaim it in shell-setup.

2. python/wprs/plymouth/zfs sourced ../lib/logging.sh, but apps/ modules need
   ../../lib — so they aborted with "No such file or directory". Corrected.

3. Flatpak app modules ran `flatpak install -y` at system scope, which needs the
   Flatpak SystemHelper D-Bus service + polkit (unavailable in a chroot/TTY
   install) — the "The name is not activatable" failures (wireshark, xournal,
   rnote, firefox-browser, …). Switch ensure_flatpak and all 19 main-flow
   installs to --user scope, matching apply_flatpak_theme's --user overrides.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
main
Amir Alexander Abdelbaki 2026-06-26 18:27:04 +02:00
parent 2c05c4e274
commit 9107b9961a
26 changed files with 50 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
setup/archbaseos-guided-install.sh
View File

@ -504,8 +504,12 @@ grub-mkconfig -o /boot/grub/grub.cfg
# User login FIDO2 — directory + PAM only; key enrollment happens outside chroot # User login FIDO2 — directory + PAM only; key enrollment happens outside chroot
if [[ "$ENABLE_FIDO_USER" == "YES" ]]; then if [[ "$ENABLE_FIDO_USER" == "YES" ]]; then
# Create the Yubico config dir that pam_u2f expects for the u2f_keys file. # Create the Yubico config dir that pam_u2f expects for the u2f_keys file.
# `mkdir -p` here creates ~/.config itself as root, so chown the whole tree
# (not just Yubico/) — otherwise ~/.config stays root-owned and every later
# user-level step (shell-setup symlinks, systemd --user timers, Hyprland's
# own ~/.config/hypr) fails with "Permission denied".
mkdir -p "/home/$USERNAME/.config/Yubico" mkdir -p "/home/$USERNAME/.config/Yubico"
chown "$USERNAME:$USERNAME" "/home/$USERNAME/.config/Yubico" chown -R "$USERNAME:$USERNAME" "/home/$USERNAME/.config"
# `cue` option: pam_u2f prints a prompt so the user knows to touch the key. # `cue` option: pam_u2f prints a prompt so the user knows to touch the key.
echo "auth required pam_u2f.so cue" >> /etc/pam.d/system-local-login echo "auth required pam_u2f.so cue" >> /etc/pam.d/system-local-login
fi fi
@ -525,7 +529,9 @@ if [[ "$ENABLE_FIDO_USER" == "YES" ]]; then
# the live environment may have different /etc/passwd entries. # the live environment may have different /etc/passwd entries.
_NEWUID=$(arch-chroot /mnt id -u "$USERNAME" 2>/dev/null || echo "1000") _NEWUID=$(arch-chroot /mnt id -u "$USERNAME" 2>/dev/null || echo "1000")
_NEWGID=$(arch-chroot /mnt id -g "$USERNAME" 2>/dev/null || echo "1000") _NEWGID=$(arch-chroot /mnt id -g "$USERNAME" 2>/dev/null || echo "1000")
chown -R "$_NEWUID:$_NEWGID" "/mnt/home/${USERNAME}/.config/Yubico" # chown the whole ~/.config tree: the mkdir above created ~/.config as root,
# so reclaiming only Yubico/ would leave ~/.config itself root-owned.
chown -R "$_NEWUID:$_NEWGID" "/mnt/home/${USERNAME}/.config"
# 600: only the owning user can read or write the key file. # 600: only the owning user can read or write the key file.
chmod 600 "$U2F_KEYFILE" chmod 600 "$U2F_KEYFILE"
echo "FIDO2 key enrolled for $USERNAME." echo "FIDO2 key enrolled for $USERNAME."

15
setup/modules/lib/logging.sh
View File

@ -58,12 +58,15 @@ ensure_flatpak() {
log "Installing flatpak..." log "Installing flatpak..."
sudo pacman -S --noconfirm --needed flatpak sudo pacman -S --noconfirm --needed flatpak
fi fi
# Check if the flathub remote is already configured to avoid duplicate remotes. # Add the Flathub remote at --user scope. A system-scope remote (and the
# flatpak remotes lists configured remotes; grep filters for 'flathub'. # matching `flatpak install` below) needs the org.freedesktop.Flatpak
if ! flatpak remotes 2>/dev/null | grep -q flathub; then # SystemHelper D-Bus service + polkit, which are not activatable in a chroot
log "Adding Flathub remote..." # or bare-TTY install — that is the "The name is not activatable" failure.
# --if-not-exists is redundant given the check above, but adds safety # User scope needs neither, so it works during install and is the right place
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo # for per-user app installs anyway (apply_flatpak_theme already uses --user).
if ! flatpak remotes --user 2>/dev/null | grep -q flathub; then
log "Adding Flathub remote (user)..."
flatpak remote-add --user --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
fi fi
} }

2
setup/modules/optional-Modules/apps/ardour.sh
View File

@ -25,7 +25,7 @@ ensure_flatpak
# Install Ardour from the Flathub repository. # Install Ardour from the Flathub repository.
# -y skips the interactive confirmation prompt so the script is non-interactive. # -y skips the interactive confirmation prompt so the script is non-interactive.
flatpak install -y flathub org.ardour.Ardour flatpak install --user -y flathub org.ardour.Ardour
# apply_flatpak_theme: applies the cyberqueer GTK theme override so Ardour's # apply_flatpak_theme: applies the cyberqueer GTK theme override so Ardour's
# GTK widgets match the rest of the desktop, rather than using the Flatpak # GTK widgets match the rest of the desktop, rather than using the Flatpak

2
setup/modules/optional-Modules/apps/audacity.sh
View File

@ -22,7 +22,7 @@ log "Installing Audacity (Flatpak)..."
ensure_flatpak ensure_flatpak
# Install from Flathub. -y suppresses the interactive confirmation. # Install from Flathub. -y suppresses the interactive confirmation.
flatpak install -y flathub org.audacityteam.Audacity flatpak install --user -y flathub org.audacityteam.Audacity
# apply_flatpak_theme: injects the cyberqueer GTK theme into Audacity's # apply_flatpak_theme: injects the cyberqueer GTK theme into Audacity's
# Flatpak environment so it renders consistently with the rest of the desktop. # Flatpak environment so it renders consistently with the rest of the desktop.

2
setup/modules/optional-Modules/apps/blender-povray.sh
View File

@ -29,7 +29,7 @@ ensure_flatpak
# Install Blender from Flathub. The Flatpak edition ships its own Python, # Install Blender from Flathub. The Flatpak edition ships its own Python,
# CUDA/HIP compute libraries, and codec support pre-bundled, avoiding # CUDA/HIP compute libraries, and codec support pre-bundled, avoiding
# dependency conflicts with the system Python or GPU driver packages. # dependency conflicts with the system Python or GPU driver packages.
flatpak install -y flathub org.blender.Blender flatpak install --user -y flathub org.blender.Blender
# apply_flatpak_theme: sets the cyberqueer GTK theme for Blender's dialogs # apply_flatpak_theme: sets the cyberqueer GTK theme for Blender's dialogs
# (the main 3D viewport uses its own renderer, but file choosers and system # (the main 3D viewport uses its own renderer, but file choosers and system

2
setup/modules/optional-Modules/apps/chromium.sh
View File

@ -24,7 +24,7 @@ log "Installing Chromium (Flatpak)..."
ensure_flatpak ensure_flatpak
# Install Chromium from Flathub. -y skips the confirmation prompt. # Install Chromium from Flathub. -y skips the confirmation prompt.
flatpak install -y flathub org.chromium.Chromium flatpak install --user -y flathub org.chromium.Chromium
# apply_flatpak_theme: applies the cyberqueer GTK theme so Chromium's file # apply_flatpak_theme: applies the cyberqueer GTK theme so Chromium's file
# dialogs and context menus match the rest of the desktop. # dialogs and context menus match the rest of the desktop.

2
setup/modules/optional-Modules/apps/firefox-browser.sh
View File

@ -26,7 +26,7 @@ log "Installing Firefox (Flatpak)..."
ensure_flatpak ensure_flatpak
# Install from Flathub. -y skips interactive confirmation. # Install from Flathub. -y skips interactive confirmation.
flatpak install -y flathub org.mozilla.firefox flatpak install --user -y flathub org.mozilla.firefox
# apply_flatpak_theme: injects the cyberqueer GTK theme so Firefox's native # apply_flatpak_theme: injects the cyberqueer GTK theme so Firefox's native
# file-open dialogs and context menus match the rest of the desktop. # file-open dialogs and context menus match the rest of the desktop.

2
setup/modules/optional-Modules/apps/obsidian.sh
View File

@ -4,7 +4,7 @@ source "$(dirname "${BASH_SOURCE[0]}")/../../lib/logging.sh"
log "Installing Obsidian (Flatpak)..." log "Installing Obsidian (Flatpak)..."
ensure_flatpak ensure_flatpak
flatpak install -y flathub md.obsidian.Obsidian flatpak install --user -y flathub md.obsidian.Obsidian
apply_flatpak_theme "md.obsidian.Obsidian" apply_flatpak_theme "md.obsidian.Obsidian"
log "Obsidian installed." log "Obsidian installed."

2
setup/modules/optional-Modules/apps/plymouth.sh
View File

@ -28,7 +28,7 @@
# 9. Regenerate GRUB config and initramfs # 9. Regenerate GRUB config and initramfs
set -euo pipefail set -euo pipefail
source "$(dirname "${BASH_SOURCE[0]}")/../lib/logging.sh" source "$(dirname "${BASH_SOURCE[0]}")/../../lib/logging.sh"
THEME_DIR="/usr/share/plymouth/themes/m-archy" THEME_DIR="/usr/share/plymouth/themes/m-archy"
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"

2
setup/modules/optional-Modules/apps/prism.sh
View File

@ -8,6 +8,6 @@ log "Installing PrismLauncher (Flatpak)..."
# PrismLauncher is a Minecraft launcher that manages multiple instances and Java versions. # PrismLauncher is a Minecraft launcher that manages multiple instances and Java versions.
# The Flatpak edition bundles its own Java runtimes, avoiding system JDK conflicts. # The Flatpak edition bundles its own Java runtimes, avoiding system JDK conflicts.
# -y: non-interactive, auto-approve all prompts. # -y: non-interactive, auto-approve all prompts.
flatpak install -y flathub org.prismlauncher.PrismLauncher flatpak install --user -y flathub org.prismlauncher.PrismLauncher
apply_flatpak_theme "org.prismlauncher.PrismLauncher" apply_flatpak_theme "org.prismlauncher.PrismLauncher"
log "PrismLauncher installed." log "PrismLauncher installed."

2
setup/modules/optional-Modules/apps/python.sh
View File

@ -3,7 +3,7 @@
set -euo pipefail set -euo pipefail
# Path climbs one level (/../) because this optional module lives in a # Path climbs one level (/../) because this optional module lives in a
# subdirectory; logging.sh is in modules/lib/ relative to modules/. # subdirectory; logging.sh is in modules/lib/ relative to modules/.
source "$(dirname "${BASH_SOURCE[0]}")/../lib/logging.sh" source "$(dirname "${BASH_SOURCE[0]}")/../../lib/logging.sh"
# Install the Python ecosystem needed for neovim LSP support and scripting: # Install the Python ecosystem needed for neovim LSP support and scripting:
# python — base interpreter (3.x) # python — base interpreter (3.x)

2
setup/modules/optional-Modules/apps/rdp-client.sh
View File

@ -4,6 +4,6 @@ source "$(dirname "${BASH_SOURCE[0]}")/../../lib/logging.sh"
log "Installing Remmina (Flatpak)..." log "Installing Remmina (Flatpak)..."
ensure_flatpak ensure_flatpak
flatpak install -y flathub org.remmina.Remmina flatpak install --user -y flathub org.remmina.Remmina
apply_flatpak_theme "org.remmina.Remmina" apply_flatpak_theme "org.remmina.Remmina"
log "Remmina installed." log "Remmina installed."

2
setup/modules/optional-Modules/apps/rnote.sh
View File

@ -4,7 +4,7 @@ source "$(dirname "${BASH_SOURCE[0]}")/../../lib/logging.sh"
log "Installing Rnote (Flatpak)..." log "Installing Rnote (Flatpak)..."
ensure_flatpak ensure_flatpak
flatpak install -y flathub com.github.flxzt.rnote flatpak install --user -y flathub com.github.flxzt.rnote
apply_flatpak_theme "com.github.flxzt.rnote" apply_flatpak_theme "com.github.flxzt.rnote"
log "Rnote installed." log "Rnote installed."

2
setup/modules/optional-Modules/apps/shotcut.sh
View File

@ -4,6 +4,6 @@ source "$(dirname "${BASH_SOURCE[0]}")/../../lib/logging.sh"
log "Installing Shotcut (Flatpak)..." log "Installing Shotcut (Flatpak)..."
ensure_flatpak ensure_flatpak
flatpak install -y flathub org.shotcut.Shotcut flatpak install --user -y flathub org.shotcut.Shotcut
apply_flatpak_theme "org.shotcut.Shotcut" apply_flatpak_theme "org.shotcut.Shotcut"
log "Shotcut installed." log "Shotcut installed."

2
setup/modules/optional-Modules/apps/steam.sh
View File

@ -4,6 +4,6 @@ source "$(dirname "${BASH_SOURCE[0]}")/../../lib/logging.sh"
log "Installing Steam (Flatpak)..." log "Installing Steam (Flatpak)..."
ensure_flatpak ensure_flatpak
flatpak install -y flathub com.valvesoftware.Steam flatpak install --user -y flathub com.valvesoftware.Steam
apply_flatpak_theme "com.valvesoftware.Steam" apply_flatpak_theme "com.valvesoftware.Steam"
log "Steam installed." log "Steam installed."

2
setup/modules/optional-Modules/apps/stuntrally.sh
View File

@ -4,6 +4,6 @@ source "$(dirname "${BASH_SOURCE[0]}")/../../lib/logging.sh"
log "Installing Stunt Rally (Flatpak)..." log "Installing Stunt Rally (Flatpak)..."
ensure_flatpak ensure_flatpak
flatpak install -y flathub io.github.stuntrally.StuntRally3 flatpak install --user -y flathub io.github.stuntrally.StuntRally3
apply_flatpak_theme "io.github.stuntrally.StuntRally3" apply_flatpak_theme "io.github.stuntrally.StuntRally3"
log "Stunt Rally installed." log "Stunt Rally installed."

2
setup/modules/optional-Modules/apps/tangent-notes.sh
View File

@ -4,7 +4,7 @@ source "$(dirname "${BASH_SOURCE[0]}")/../../lib/logging.sh"
log "Installing Tangent Notes (Flatpak)..." log "Installing Tangent Notes (Flatpak)..."
ensure_flatpak ensure_flatpak
flatpak install -y flathub io.github.suchnsuch.Tangent flatpak install --user -y flathub io.github.suchnsuch.Tangent
apply_flatpak_theme "io.github.suchnsuch.Tangent" apply_flatpak_theme "io.github.suchnsuch.Tangent"
log "Tangent Notes installed." log "Tangent Notes installed."

2
setup/modules/optional-Modules/apps/vesktop.sh
View File

@ -4,7 +4,7 @@ source "$(dirname "${BASH_SOURCE[0]}")/../../lib/logging.sh"
log "Installing Vesktop (Flatpak)..." log "Installing Vesktop (Flatpak)..."
ensure_flatpak ensure_flatpak
flatpak install -y flathub dev.vencord.Vesktop flatpak install --user -y flathub dev.vencord.Vesktop
apply_flatpak_theme "dev.vencord.Vesktop" apply_flatpak_theme "dev.vencord.Vesktop"
log "Deploying Vencord config..." log "Deploying Vencord config..."

2
setup/modules/optional-Modules/apps/vscodium.sh
View File

@ -4,6 +4,6 @@ source "$(dirname "${BASH_SOURCE[0]}")/../../lib/logging.sh"
log "Installing VSCodium (Flatpak)..." log "Installing VSCodium (Flatpak)..."
ensure_flatpak ensure_flatpak
flatpak install -y flathub com.vscodium.codium flatpak install --user -y flathub com.vscodium.codium
apply_flatpak_theme "com.vscodium.codium" apply_flatpak_theme "com.vscodium.codium"
log "VSCodium installed." log "VSCodium installed."

2
setup/modules/optional-Modules/apps/wireshark.sh
View File

@ -4,6 +4,6 @@ source "$(dirname "${BASH_SOURCE[0]}")/../../lib/logging.sh"
log "Installing Wireshark (Flatpak)..." log "Installing Wireshark (Flatpak)..."
ensure_flatpak ensure_flatpak
flatpak install -y flathub org.wireshark.Wireshark flatpak install --user -y flathub org.wireshark.Wireshark
apply_flatpak_theme "org.wireshark.Wireshark" apply_flatpak_theme "org.wireshark.Wireshark"
log "Wireshark installed." log "Wireshark installed."

2
setup/modules/optional-Modules/apps/wprs.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
# set -euo pipefail: abort on errors, unset vars, and pipeline failures. # set -euo pipefail: abort on errors, unset vars, and pipeline failures.
set -euo pipefail set -euo pipefail
source "$(dirname "${BASH_SOURCE[0]}")/../lib/logging.sh" source "$(dirname "${BASH_SOURCE[0]}")/../../lib/logging.sh"
# wprs (Wayland Proxy for Remote Sessions) allows running Wayland compositors # wprs (Wayland Proxy for Remote Sessions) allows running Wayland compositors
# inside an existing Wayland session — useful for nested/remote desktop setups. # inside an existing Wayland session — useful for nested/remote desktop setups.

2
setup/modules/optional-Modules/apps/xournal.sh
View File

@ -4,6 +4,6 @@ source "$(dirname "${BASH_SOURCE[0]}")/../../lib/logging.sh"
log "Installing Xournal++ (Flatpak)..." log "Installing Xournal++ (Flatpak)..."
ensure_flatpak ensure_flatpak
flatpak install -y flathub com.github.xournalpp.xournalpp flatpak install --user -y flathub com.github.xournalpp.xournalpp
apply_flatpak_theme "com.github.xournalpp.xournalpp" apply_flatpak_theme "com.github.xournalpp.xournalpp"
log "Xournal++ installed." log "Xournal++ installed."

2
setup/modules/optional-Modules/apps/zed-ide.sh
View File

@ -4,6 +4,6 @@ source "$(dirname "${BASH_SOURCE[0]}")/../../lib/logging.sh"
log "Installing Zed editor (Flatpak)..." log "Installing Zed editor (Flatpak)..."
ensure_flatpak ensure_flatpak
flatpak install -y flathub dev.zed.Zed flatpak install --user -y flathub dev.zed.Zed
apply_flatpak_theme "dev.zed.Zed" apply_flatpak_theme "dev.zed.Zed"
log "Zed editor installed." log "Zed editor installed."

2
setup/modules/optional-Modules/apps/zen-browser.sh
View File

@ -4,6 +4,6 @@ source "$(dirname "${BASH_SOURCE[0]}")/../../lib/logging.sh"
log "Installing Zen Browser (Flatpak)..." log "Installing Zen Browser (Flatpak)..."
ensure_flatpak ensure_flatpak
flatpak install -y flathub io.github.zen_browser.zen flatpak install --user -y flathub io.github.zen_browser.zen
apply_flatpak_theme "io.github.zen_browser.zen" apply_flatpak_theme "io.github.zen_browser.zen"
log "Zen Browser installed." log "Zen Browser installed."

2
setup/modules/optional-Modules/apps/zfs.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
# set -euo pipefail: abort on errors, unset vars, and pipeline failures. # set -euo pipefail: abort on errors, unset vars, and pipeline failures.
set -euo pipefail set -euo pipefail
source "$(dirname "${BASH_SOURCE[0]}")/../lib/logging.sh" source "$(dirname "${BASH_SOURCE[0]}")/../../lib/logging.sh"
# zfs-dkms is AUR-only because the ZFS on Linux licence is GPL-incompatible # zfs-dkms is AUR-only because the ZFS on Linux licence is GPL-incompatible
# and cannot be shipped in the official Arch repos. # and cannot be shipped in the official Arch repos.

10
setup/modules/shell-setup.sh
View File

@ -150,6 +150,16 @@ git config --global core.editor nvim
log "Deploying dotfiles..." log "Deploying dotfiles..."
mkdir -p ~/.config ~/Pictures mkdir -p ~/.config ~/Pictures
# Defensive: an earlier root/sudo step (e.g. the installer creating
# ~/.config/Yubico for FIDO before the user-level config exists) can leave
# ~/.config owned by root. `mkdir -p` above won't fix that, and every symlink
# below would then fail with "Permission denied". If ~/.config isn't writable by
# us, reclaim the whole tree. Non-fatal so it never blocks the rest of setup.
if [[ -e "$HOME/.config" && ! -w "$HOME/.config" ]]; then
warn "~/.config is not writable — reclaiming ownership for $(id -un)..."
sudo chown -R "$(id -un):$(id -gn)" "$HOME/.config" 2>/dev/null || true
fi
# Shell init files — symlink so edits in the repo apply immediately # Shell init files — symlink so edits in the repo apply immediately
ln -sf ~/Dotfiles/.bashrc ~/.bashrc ln -sf ~/Dotfiles/.bashrc ~/.bashrc
ln -sf ~/Dotfiles/.zshrc ~/.zshrc ln -sf ~/Dotfiles/.zshrc ~/.zshrc