fix(installer): root-owned ~/.config, wrong logging path, flatpak system scope
Diagnosed from a full guided-install log plus a Hyprland startup log. Three distinct remaining failures: 1. ~/.config left root-owned. The FIDO/Yubico setup runs `mkdir -p ~/.config/Yubico` as root (creating ~/.config itself), then chowned only Yubico/. ~/.config stayed root-owned, so every later user step failed with EACCES: shell-setup symlinks (starship.toml), the mail/caldav systemd --user timers, and Hyprland creating ~/.config/hypr at startup. Chown the whole ~/.config in both Yubico spots, and defensively reclaim it in shell-setup. 2. python/wprs/plymouth/zfs sourced ../lib/logging.sh, but apps/ modules need ../../lib — so they aborted with "No such file or directory". Corrected. 3. Flatpak app modules ran `flatpak install -y` at system scope, which needs the Flatpak SystemHelper D-Bus service + polkit (unavailable in a chroot/TTY install) — the "The name is not activatable" failures (wireshark, xournal, rnote, firefox-browser, …). Switch ensure_flatpak and all 19 main-flow installs to --user scope, matching apply_flatpak_theme's --user overrides. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>main
parent
2c05c4e274
commit
9107b9961a
|
|
@ -504,8 +504,12 @@ grub-mkconfig -o /boot/grub/grub.cfg
|
|||
# User login FIDO2 — directory + PAM only; key enrollment happens outside chroot
|
||||
if [[ "$ENABLE_FIDO_USER" == "YES" ]]; then
|
||||
# Create the Yubico config dir that pam_u2f expects for the u2f_keys file.
|
||||
# `mkdir -p` here creates ~/.config itself as root, so chown the whole tree
|
||||
# (not just Yubico/) — otherwise ~/.config stays root-owned and every later
|
||||
# user-level step (shell-setup symlinks, systemd --user timers, Hyprland's
|
||||
# own ~/.config/hypr) fails with "Permission denied".
|
||||
mkdir -p "/home/$USERNAME/.config/Yubico"
|
||||
chown "$USERNAME:$USERNAME" "/home/$USERNAME/.config/Yubico"
|
||||
chown -R "$USERNAME:$USERNAME" "/home/$USERNAME/.config"
|
||||
# `cue` option: pam_u2f prints a prompt so the user knows to touch the key.
|
||||
echo "auth required pam_u2f.so cue" >> /etc/pam.d/system-local-login
|
||||
fi
|
||||
|
|
@ -525,7 +529,9 @@ if [[ "$ENABLE_FIDO_USER" == "YES" ]]; then
|
|||
# the live environment may have different /etc/passwd entries.
|
||||
_NEWUID=$(arch-chroot /mnt id -u "$USERNAME" 2>/dev/null || echo "1000")
|
||||
_NEWGID=$(arch-chroot /mnt id -g "$USERNAME" 2>/dev/null || echo "1000")
|
||||
chown -R "$_NEWUID:$_NEWGID" "/mnt/home/${USERNAME}/.config/Yubico"
|
||||
# chown the whole ~/.config tree: the mkdir above created ~/.config as root,
|
||||
# so reclaiming only Yubico/ would leave ~/.config itself root-owned.
|
||||
chown -R "$_NEWUID:$_NEWGID" "/mnt/home/${USERNAME}/.config"
|
||||
# 600: only the owning user can read or write the key file.
|
||||
chmod 600 "$U2F_KEYFILE"
|
||||
echo "FIDO2 key enrolled for $USERNAME."
|
||||
|
|
|
|||
|
|
@ -58,12 +58,15 @@ ensure_flatpak() {
|
|||
log "Installing flatpak..."
|
||||
sudo pacman -S --noconfirm --needed flatpak
|
||||
fi
|
||||
# Check if the flathub remote is already configured to avoid duplicate remotes.
|
||||
# flatpak remotes lists configured remotes; grep filters for 'flathub'.
|
||||
if ! flatpak remotes 2>/dev/null | grep -q flathub; then
|
||||
log "Adding Flathub remote..."
|
||||
# --if-not-exists is redundant given the check above, but adds safety
|
||||
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
|
||||
# Add the Flathub remote at --user scope. A system-scope remote (and the
|
||||
# matching `flatpak install` below) needs the org.freedesktop.Flatpak
|
||||
# SystemHelper D-Bus service + polkit, which are not activatable in a chroot
|
||||
# or bare-TTY install — that is the "The name is not activatable" failure.
|
||||
# User scope needs neither, so it works during install and is the right place
|
||||
# for per-user app installs anyway (apply_flatpak_theme already uses --user).
|
||||
if ! flatpak remotes --user 2>/dev/null | grep -q flathub; then
|
||||
log "Adding Flathub remote (user)..."
|
||||
flatpak remote-add --user --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
|
||||
fi
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ ensure_flatpak
|
|||
|
||||
# Install Ardour from the Flathub repository.
|
||||
# -y skips the interactive confirmation prompt so the script is non-interactive.
|
||||
flatpak install -y flathub org.ardour.Ardour
|
||||
flatpak install --user -y flathub org.ardour.Ardour
|
||||
|
||||
# apply_flatpak_theme: applies the cyberqueer GTK theme override so Ardour's
|
||||
# GTK widgets match the rest of the desktop, rather than using the Flatpak
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ log "Installing Audacity (Flatpak)..."
|
|||
ensure_flatpak
|
||||
|
||||
# Install from Flathub. -y suppresses the interactive confirmation.
|
||||
flatpak install -y flathub org.audacityteam.Audacity
|
||||
flatpak install --user -y flathub org.audacityteam.Audacity
|
||||
|
||||
# apply_flatpak_theme: injects the cyberqueer GTK theme into Audacity's
|
||||
# Flatpak environment so it renders consistently with the rest of the desktop.
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@ ensure_flatpak
|
|||
# Install Blender from Flathub. The Flatpak edition ships its own Python,
|
||||
# CUDA/HIP compute libraries, and codec support pre-bundled, avoiding
|
||||
# dependency conflicts with the system Python or GPU driver packages.
|
||||
flatpak install -y flathub org.blender.Blender
|
||||
flatpak install --user -y flathub org.blender.Blender
|
||||
|
||||
# apply_flatpak_theme: sets the cyberqueer GTK theme for Blender's dialogs
|
||||
# (the main 3D viewport uses its own renderer, but file choosers and system
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ log "Installing Chromium (Flatpak)..."
|
|||
ensure_flatpak
|
||||
|
||||
# Install Chromium from Flathub. -y skips the confirmation prompt.
|
||||
flatpak install -y flathub org.chromium.Chromium
|
||||
flatpak install --user -y flathub org.chromium.Chromium
|
||||
|
||||
# apply_flatpak_theme: applies the cyberqueer GTK theme so Chromium's file
|
||||
# dialogs and context menus match the rest of the desktop.
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ log "Installing Firefox (Flatpak)..."
|
|||
ensure_flatpak
|
||||
|
||||
# Install from Flathub. -y skips interactive confirmation.
|
||||
flatpak install -y flathub org.mozilla.firefox
|
||||
flatpak install --user -y flathub org.mozilla.firefox
|
||||
|
||||
# apply_flatpak_theme: injects the cyberqueer GTK theme so Firefox's native
|
||||
# file-open dialogs and context menus match the rest of the desktop.
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ source "$(dirname "${BASH_SOURCE[0]}")/../../lib/logging.sh"
|
|||
|
||||
log "Installing Obsidian (Flatpak)..."
|
||||
ensure_flatpak
|
||||
flatpak install -y flathub md.obsidian.Obsidian
|
||||
flatpak install --user -y flathub md.obsidian.Obsidian
|
||||
apply_flatpak_theme "md.obsidian.Obsidian"
|
||||
|
||||
log "Obsidian installed."
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@
|
|||
# 9. Regenerate GRUB config and initramfs
|
||||
|
||||
set -euo pipefail
|
||||
source "$(dirname "${BASH_SOURCE[0]}")/../lib/logging.sh"
|
||||
source "$(dirname "${BASH_SOURCE[0]}")/../../lib/logging.sh"
|
||||
|
||||
THEME_DIR="/usr/share/plymouth/themes/m-archy"
|
||||
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||
|
|
|
|||
|
|
@ -8,6 +8,6 @@ log "Installing PrismLauncher (Flatpak)..."
|
|||
# PrismLauncher is a Minecraft launcher that manages multiple instances and Java versions.
|
||||
# The Flatpak edition bundles its own Java runtimes, avoiding system JDK conflicts.
|
||||
# -y: non-interactive, auto-approve all prompts.
|
||||
flatpak install -y flathub org.prismlauncher.PrismLauncher
|
||||
flatpak install --user -y flathub org.prismlauncher.PrismLauncher
|
||||
apply_flatpak_theme "org.prismlauncher.PrismLauncher"
|
||||
log "PrismLauncher installed."
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
set -euo pipefail
|
||||
# Path climbs one level (/../) because this optional module lives in a
|
||||
# subdirectory; logging.sh is in modules/lib/ relative to modules/.
|
||||
source "$(dirname "${BASH_SOURCE[0]}")/../lib/logging.sh"
|
||||
source "$(dirname "${BASH_SOURCE[0]}")/../../lib/logging.sh"
|
||||
|
||||
# Install the Python ecosystem needed for neovim LSP support and scripting:
|
||||
# python — base interpreter (3.x)
|
||||
|
|
|
|||
|
|
@ -4,6 +4,6 @@ source "$(dirname "${BASH_SOURCE[0]}")/../../lib/logging.sh"
|
|||
|
||||
log "Installing Remmina (Flatpak)..."
|
||||
ensure_flatpak
|
||||
flatpak install -y flathub org.remmina.Remmina
|
||||
flatpak install --user -y flathub org.remmina.Remmina
|
||||
apply_flatpak_theme "org.remmina.Remmina"
|
||||
log "Remmina installed."
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ source "$(dirname "${BASH_SOURCE[0]}")/../../lib/logging.sh"
|
|||
|
||||
log "Installing Rnote (Flatpak)..."
|
||||
ensure_flatpak
|
||||
flatpak install -y flathub com.github.flxzt.rnote
|
||||
flatpak install --user -y flathub com.github.flxzt.rnote
|
||||
apply_flatpak_theme "com.github.flxzt.rnote"
|
||||
|
||||
log "Rnote installed."
|
||||
|
|
|
|||
|
|
@ -4,6 +4,6 @@ source "$(dirname "${BASH_SOURCE[0]}")/../../lib/logging.sh"
|
|||
|
||||
log "Installing Shotcut (Flatpak)..."
|
||||
ensure_flatpak
|
||||
flatpak install -y flathub org.shotcut.Shotcut
|
||||
flatpak install --user -y flathub org.shotcut.Shotcut
|
||||
apply_flatpak_theme "org.shotcut.Shotcut"
|
||||
log "Shotcut installed."
|
||||
|
|
|
|||
|
|
@ -4,6 +4,6 @@ source "$(dirname "${BASH_SOURCE[0]}")/../../lib/logging.sh"
|
|||
|
||||
log "Installing Steam (Flatpak)..."
|
||||
ensure_flatpak
|
||||
flatpak install -y flathub com.valvesoftware.Steam
|
||||
flatpak install --user -y flathub com.valvesoftware.Steam
|
||||
apply_flatpak_theme "com.valvesoftware.Steam"
|
||||
log "Steam installed."
|
||||
|
|
|
|||
|
|
@ -4,6 +4,6 @@ source "$(dirname "${BASH_SOURCE[0]}")/../../lib/logging.sh"
|
|||
|
||||
log "Installing Stunt Rally (Flatpak)..."
|
||||
ensure_flatpak
|
||||
flatpak install -y flathub io.github.stuntrally.StuntRally3
|
||||
flatpak install --user -y flathub io.github.stuntrally.StuntRally3
|
||||
apply_flatpak_theme "io.github.stuntrally.StuntRally3"
|
||||
log "Stunt Rally installed."
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ source "$(dirname "${BASH_SOURCE[0]}")/../../lib/logging.sh"
|
|||
|
||||
log "Installing Tangent Notes (Flatpak)..."
|
||||
ensure_flatpak
|
||||
flatpak install -y flathub io.github.suchnsuch.Tangent
|
||||
flatpak install --user -y flathub io.github.suchnsuch.Tangent
|
||||
apply_flatpak_theme "io.github.suchnsuch.Tangent"
|
||||
|
||||
log "Tangent Notes installed."
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ source "$(dirname "${BASH_SOURCE[0]}")/../../lib/logging.sh"
|
|||
|
||||
log "Installing Vesktop (Flatpak)..."
|
||||
ensure_flatpak
|
||||
flatpak install -y flathub dev.vencord.Vesktop
|
||||
flatpak install --user -y flathub dev.vencord.Vesktop
|
||||
apply_flatpak_theme "dev.vencord.Vesktop"
|
||||
|
||||
log "Deploying Vencord config..."
|
||||
|
|
|
|||
|
|
@ -4,6 +4,6 @@ source "$(dirname "${BASH_SOURCE[0]}")/../../lib/logging.sh"
|
|||
|
||||
log "Installing VSCodium (Flatpak)..."
|
||||
ensure_flatpak
|
||||
flatpak install -y flathub com.vscodium.codium
|
||||
flatpak install --user -y flathub com.vscodium.codium
|
||||
apply_flatpak_theme "com.vscodium.codium"
|
||||
log "VSCodium installed."
|
||||
|
|
|
|||
|
|
@ -4,6 +4,6 @@ source "$(dirname "${BASH_SOURCE[0]}")/../../lib/logging.sh"
|
|||
|
||||
log "Installing Wireshark (Flatpak)..."
|
||||
ensure_flatpak
|
||||
flatpak install -y flathub org.wireshark.Wireshark
|
||||
flatpak install --user -y flathub org.wireshark.Wireshark
|
||||
apply_flatpak_theme "org.wireshark.Wireshark"
|
||||
log "Wireshark installed."
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
#!/bin/bash
|
||||
# set -euo pipefail: abort on errors, unset vars, and pipeline failures.
|
||||
set -euo pipefail
|
||||
source "$(dirname "${BASH_SOURCE[0]}")/../lib/logging.sh"
|
||||
source "$(dirname "${BASH_SOURCE[0]}")/../../lib/logging.sh"
|
||||
|
||||
# wprs (Wayland Proxy for Remote Sessions) allows running Wayland compositors
|
||||
# inside an existing Wayland session — useful for nested/remote desktop setups.
|
||||
|
|
|
|||
|
|
@ -4,6 +4,6 @@ source "$(dirname "${BASH_SOURCE[0]}")/../../lib/logging.sh"
|
|||
|
||||
log "Installing Xournal++ (Flatpak)..."
|
||||
ensure_flatpak
|
||||
flatpak install -y flathub com.github.xournalpp.xournalpp
|
||||
flatpak install --user -y flathub com.github.xournalpp.xournalpp
|
||||
apply_flatpak_theme "com.github.xournalpp.xournalpp"
|
||||
log "Xournal++ installed."
|
||||
|
|
|
|||
|
|
@ -4,6 +4,6 @@ source "$(dirname "${BASH_SOURCE[0]}")/../../lib/logging.sh"
|
|||
|
||||
log "Installing Zed editor (Flatpak)..."
|
||||
ensure_flatpak
|
||||
flatpak install -y flathub dev.zed.Zed
|
||||
flatpak install --user -y flathub dev.zed.Zed
|
||||
apply_flatpak_theme "dev.zed.Zed"
|
||||
log "Zed editor installed."
|
||||
|
|
|
|||
|
|
@ -4,6 +4,6 @@ source "$(dirname "${BASH_SOURCE[0]}")/../../lib/logging.sh"
|
|||
|
||||
log "Installing Zen Browser (Flatpak)..."
|
||||
ensure_flatpak
|
||||
flatpak install -y flathub io.github.zen_browser.zen
|
||||
flatpak install --user -y flathub io.github.zen_browser.zen
|
||||
apply_flatpak_theme "io.github.zen_browser.zen"
|
||||
log "Zen Browser installed."
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
#!/bin/bash
|
||||
# set -euo pipefail: abort on errors, unset vars, and pipeline failures.
|
||||
set -euo pipefail
|
||||
source "$(dirname "${BASH_SOURCE[0]}")/../lib/logging.sh"
|
||||
source "$(dirname "${BASH_SOURCE[0]}")/../../lib/logging.sh"
|
||||
|
||||
# zfs-dkms is AUR-only because the ZFS on Linux licence is GPL-incompatible
|
||||
# and cannot be shipped in the official Arch repos.
|
||||
|
|
|
|||
|
|
@ -150,6 +150,16 @@ git config --global core.editor nvim
|
|||
log "Deploying dotfiles..."
|
||||
mkdir -p ~/.config ~/Pictures
|
||||
|
||||
# Defensive: an earlier root/sudo step (e.g. the installer creating
|
||||
# ~/.config/Yubico for FIDO before the user-level config exists) can leave
|
||||
# ~/.config owned by root. `mkdir -p` above won't fix that, and every symlink
|
||||
# below would then fail with "Permission denied". If ~/.config isn't writable by
|
||||
# us, reclaim the whole tree. Non-fatal so it never blocks the rest of setup.
|
||||
if [[ -e "$HOME/.config" && ! -w "$HOME/.config" ]]; then
|
||||
warn "~/.config is not writable — reclaiming ownership for $(id -un)..."
|
||||
sudo chown -R "$(id -un):$(id -gn)" "$HOME/.config" 2>/dev/null || true
|
||||
fi
|
||||
|
||||
# Shell init files — symlink so edits in the repo apply immediately
|
||||
ln -sf ~/Dotfiles/.bashrc ~/.bashrc
|
||||
ln -sf ~/Dotfiles/.zshrc ~/.zshrc
|
||||
|
|
|
|||
Loading…
Reference in New Issue