Run the live session as an unprivileged user (Hyprland won't run as root)
The live medium autologged root on tty1 and exec'd Hyprland, but Hyprland
refuses to start with superuser privileges ("launched with superuser
privileges, but the privileges check is not omitted") and exited before
even creating a log — leaving tty1 at a blank blinking cursor. (Boot,
switch-root, firstboot suppression and the bos login on other ttys were
all already working.)
Adopt the standard live-ISO pattern:
- bos-live-setup.service (oneshot, gated on the archisobasedir cmdline so
it only runs on the live medium) creates an unprivileged `liveuser`,
adds it to the usual hardware groups, clears its password, and drops in
a minimal live Hyprland config that auto-launches the installer.
- tty1 autologin now targets liveuser instead of root.
- Calamares needs root, so bos-launch-calamares runs it via passwordless
sudo (/etc/sudoers.d/99-bos-live) with the Wayland env preserved, so the
root installer renders on the live user's compositor.
This commit is contained in:
Breadway
parent
80e8efc84e
commit
937a31732b
7 changed files with 83 additions and 1 deletions
54
iso/airootfs/usr/local/bin/bos-live-setup
Normal file
54
iso/airootfs/usr/local/bin/bos-live-setup
Normal file
|
|
@ -0,0 +1,54 @@
|
|||
#!/bin/bash
|
||||
# Create the unprivileged BOS live user and its Hyprland session.
|
||||
#
|
||||
# Hyprland refuses to run as root (superuser-privileges check), so the live
|
||||
# session must run as a normal user. Calamares — which does need root — is
|
||||
# launched onto the user's Wayland socket via passwordless sudo (see
|
||||
# bos-launch-calamares). Runs once at boot, before the tty1 autologin getty.
|
||||
set -e
|
||||
|
||||
if ! id liveuser &>/dev/null; then
|
||||
useradd -m -s /bin/bash liveuser
|
||||
for g in wheel video input audio storage power; do
|
||||
getent group "$g" >/dev/null 2>&1 && gpasswd -a liveuser "$g" >/dev/null || true
|
||||
done
|
||||
passwd -d liveuser >/dev/null
|
||||
fi
|
||||
|
||||
install -d -m 0700 -o liveuser -g liveuser /home/liveuser/.config/hypr
|
||||
|
||||
# Minimal live compositor config: auto-launch the installer.
|
||||
cat >/home/liveuser/.config/hypr/hyprland.conf <<'EOF'
|
||||
monitor=,preferred,auto,1
|
||||
|
||||
exec-once = bos-launch-calamares
|
||||
|
||||
general {
|
||||
border_size = 2
|
||||
col.active_border = rgba(88c0d0ff)
|
||||
col.inactive_border = rgba(4c566aff)
|
||||
}
|
||||
decoration { rounding = 4 }
|
||||
input {
|
||||
kb_layout = us
|
||||
follow_mouse = 1
|
||||
}
|
||||
misc {
|
||||
disable_hyprland_logo = true
|
||||
disable_splash_rendering = true
|
||||
}
|
||||
EOF
|
||||
|
||||
# Start Hyprland on tty1 login; capture output and fall back to a shell so a
|
||||
# failed compositor start is visible rather than a blank looping cursor.
|
||||
cat >/home/liveuser/.bash_profile <<'EOF'
|
||||
if [[ "$(tty)" == /dev/tty1 ]] && [[ -z "$WAYLAND_DISPLAY" ]]; then
|
||||
export WLR_RENDERER_ALLOW_SOFTWARE=1
|
||||
export WLR_NO_HARDWARE_CURSORS=1
|
||||
Hyprland &>/var/log/hyprland-live.log
|
||||
echo "Hyprland exited (rc=$?). Log: /var/log/hyprland-live.log"
|
||||
exec bash -i
|
||||
fi
|
||||
EOF
|
||||
|
||||
chown -R liveuser:liveuser /home/liveuser
|
||||
Loading…
Add table
Add a link
Reference in a new issue