Compare commits

..

No commits in common. "99af60bc16a2be9a26a196008398762071d7ad5d" and "f3fc9a3a92989df5d76f4985759eb29ab1461652" have entirely different histories.

2 changed files with 4 additions and 31 deletions

View File

@ -48,7 +48,6 @@ jobs:
output_pattern: "secubox-live-amd64-*.img*"
needs_qemu: false
embed_image: false
extra_args: "--kiosk"
# MOCHAbin (arm64) - U-Boot distroboot
- platform: mochabin

View File

@ -104,7 +104,6 @@ while [[ $# -gt 0 ]]; do
--out) OUT_DIR="$2"; shift 2 ;;
--size) IMG_SIZE="$2"; shift 2 ;;
--local-cache) USE_LOCAL_CACHE=1; shift ;;
--kiosk) INCLUDE_KIOSK=1; shift ;;
--no-kiosk) INCLUDE_KIOSK=0; shift ;;
--no-persistence) INCLUDE_PERSISTENCE=0; shift ;;
--no-compress) NO_COMPRESS=1; shift ;;
@ -1138,24 +1137,6 @@ mount_chroot_fs() {
mount_chroot_fs
# Make EVERY dpkg op in the chroot keep existing conffiles and never prompt.
# secubox-mesh's mesh.toml is an auto-detected conffile; in the headless chroot
# its prompt aborts with "end of file on stdin at conffile prompt", failing the
# whole build. dpkg.cfg.d covers apt installs AND bare `dpkg --configure -a`.
install -d "${ROOTFS}/etc/dpkg/dpkg.cfg.d"
printf 'force-confold\nforce-confdef\n' > "${ROOTFS}/etc/dpkg/dpkg.cfg.d/90-secubox-confold"
# Deny service start/stop/reload during install — the chroot has no running
# init/dbus, so packages like dbus / the kiosk X11+chromium stack abort their
# postinst ("Failed to connect to system message bus", invoke-rc.d errors),
# which fails the whole build. Removed before squashfs so the real system
# boots services normally (systemd starts enabled units regardless).
cat > "${ROOTFS}/usr/sbin/policy-rc.d" <<'POLICY'
#!/bin/sh
exit 101
POLICY
chmod +x "${ROOTFS}/usr/sbin/policy-rc.d"
cat > "${ROOTFS}/etc/apt/sources.list" <<EOF
deb ${APT_MIRROR} ${SUITE} main contrib non-free non-free-firmware
deb ${APT_MIRROR} ${SUITE}-updates main contrib non-free non-free-firmware
@ -3216,16 +3197,12 @@ fi
# Verify nginx config is valid
if [[ -x "${ROOTFS}/usr/sbin/nginx" ]]; then
if ! chroot "${ROOTFS}" nginx -t 2>&1 | grep -q "syntax is ok"; then
warn "nginx config still invalid after final cleanup (regenerated at first boot)"
# Show the error and try to fix. `|| true`: nginx -t returns non-zero here
# (config IS invalid — that's why we're in this branch), so without it the
# command substitution trips set -e/pipefail and aborts the whole build
# right after this warn. The image's nginx config is rebuilt at first boot
# by secubox-net-detect, so a build-time-invalid config is non-fatal.
nginx_error=$(chroot "${ROOTFS}" nginx -t 2>&1 | head -5 || true)
warn "nginx config still invalid after final cleanup"
# Show the error and try to fix
nginx_error=$(chroot "${ROOTFS}" nginx -t 2>&1 | head -5)
echo "$nginx_error"
# Extract missing file from error message and create empty config
missing_file=$(echo "$nginx_error" | grep -oP '"/etc/nginx/secubox\.d/\K[^"]+' || true)
missing_file=$(echo "$nginx_error" | grep -oP '"/etc/nginx/secubox\.d/\K[^"]+')
if [[ -n "$missing_file" ]]; then
log "Creating missing config: $missing_file"
touch "${ROOTFS}/etc/nginx/secubox.d/${missing_file}"
@ -3364,9 +3341,6 @@ umount -lf "${ROOTFS}/sys" 2>/dev/null || true
log "7/8 Creating SquashFS filesystem..."
mkdir -p "${LIVE_DIR}/live"
# Remove the build-time service-deny shim so the booted system starts services.
rm -f "${ROOTFS}/usr/sbin/policy-rc.d"
mksquashfs "${ROOTFS}" "${LIVE_DIR}/live/filesystem.squashfs" \
-comp xz -b 1M -Xdict-size 100% -e boot/grub -e boot/efi