From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from atuin.qyliss.net (localhost [IPv6:::1])
	by atuin.qyliss.net (Postfix) with ESMTP id 3B2E0578F;
	Wed, 04 Feb 2026 17:57:16 +0000 (UTC)
Received: by atuin.qyliss.net (Postfix, from userid 993)
	id 0662956D6; Wed, 04 Feb 2026 17:57:12 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,DMARC_PASS,SPF_HELO_PASS autolearn=unavailable
	autolearn_force=no version=4.0.1
Received: from mout-p-102.mailbox.org (mout-p-102.mailbox.org
 [IPv6:2001:67c:2050:0:465::102])
	by atuin.qyliss.net (Postfix) with ESMTPS id B10775653
	for <devel@spectrum-os.org>; Wed, 04 Feb 2026 17:57:07 +0000 (UTC)
Received: from smtp202.mailbox.org (smtp202.mailbox.org
 [IPv6:2001:67c:2050:b231:465::202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mout-p-102.mailbox.org (Postfix) with ESMTPS id 4f5p2j5vfyz9tY0
	for <devel@spectrum-os.org>; Wed,  4 Feb 2026 18:57:01 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mailbox.org;
 s=mail20150812;
	t=1770227821;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=NcJOM6fBbNukjBVHVbT5VG/+cZavVXKIaCU2sqdimKU=;
	b=OAhBQXTQsi60d9e1swb0hE9QKzmLw4ege3ssGVsN0MtzD3dAAJYXCA9EoMT0rIZnUDDkip
	jomBc9SLXCVRNdfgWVh7edDwb0zhp+pySCmqIYIMT2WC/Wn+apqhQgZS3nFe7c8AubJ+aN
	T4lIkWQke01KIQm4h0Nk8DCCAfRdJGC0j+PMHEU41B4tacGDcFYEJX/CMVc2CiAd7UeM/9
	od5U5K52WSrPgc1eJ9QrSxdGKFfhEe52l5n6VV9D6knxXsQHrBK9h3Rm4MwLm2/sR8IdYc
	V4jmlxjCYAQ5g8ToQ1sbf852JZpv0ArG6TYCr87sRvpA4wLrlsZVAekKtsdk0w==
Authentication-Results: outgoing_mbo_mout;
	dkim=pass header.d=mailbox.org header.s=mail20150812 header.b=OAhBQXTQ;
	spf=pass (outgoing_mbo_mout: domain of johannes.suellner@mailbox.org
 designates 2001:67c:2050:b231:465::202 as permitted sender)
 smtp.mailfrom=johannes.suellner@mailbox.org
From: =?UTF-8?q?Johannes=20S=C3=BCllner?= <johannes.suellner@mailbox.org>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mailbox.org;
 s=mail20150812;
	t=1770227821;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=NcJOM6fBbNukjBVHVbT5VG/+cZavVXKIaCU2sqdimKU=;
	b=OAhBQXTQsi60d9e1swb0hE9QKzmLw4ege3ssGVsN0MtzD3dAAJYXCA9EoMT0rIZnUDDkip
	jomBc9SLXCVRNdfgWVh7edDwb0zhp+pySCmqIYIMT2WC/Wn+apqhQgZS3nFe7c8AubJ+aN
	T4lIkWQke01KIQm4h0Nk8DCCAfRdJGC0j+PMHEU41B4tacGDcFYEJX/CMVc2CiAd7UeM/9
	od5U5K52WSrPgc1eJ9QrSxdGKFfhEe52l5n6VV9D6knxXsQHrBK9h3Rm4MwLm2/sR8IdYc
	V4jmlxjCYAQ5g8ToQ1sbf852JZpv0ArG6TYCr87sRvpA4wLrlsZVAekKtsdk0w==
To: devel@spectrum-os.org
Subject: [PATCH v2 2/5] host/rootfs: integrate spectrum-installer
Date: Wed,  4 Feb 2026 18:55:22 +0100
Message-ID: <20260204175543.22164-4-johannes.suellner@mailbox.org>
In-Reply-To: <20260204175543.22164-2-johannes.suellner@mailbox.org>
References: <20260204175543.22164-2-johannes.suellner@mailbox.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-MBO-RS-ID: e3a683126e87f8e11ce
X-MBO-RS-META: sc7nowd44cxgg3qpzh9z9kkyinga8yzy
X-Rspamd-Queue-Id: 4f5p2j5vfyz9tY0
Message-ID-Hash: 3PZL4ZMORITNMNMPKWB6FHLWBR7GLT5R
X-Message-ID-Hash: 3PZL4ZMORITNMNMPKWB6FHLWBR7GLT5R
X-MailFrom: johannes.suellner@mailbox.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation;
 header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1;
 header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3;
 header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
CC: =?UTF-8?q?Johannes=20S=C3=BCllner?= <johannes.suellner@mailbox.org>
X-Mailman-Version: 3.3.9
Precedence: list
List-Id: Patches and low-level development discussion <devel.spectrum-os.org>
Archived-At: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/message/3PZL4ZMORITNMNMPKWB6FHLWBR7GLT5R/>
List-Archive: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/>
List-Help: <mailto:devel-request@spectrum-os.org?subject=help>
List-Owner: <mailto:devel-owner@spectrum-os.org>
List-Post: <mailto:devel@spectrum-os.org>
List-Subscribe: <mailto:devel-join@spectrum-os.org>
List-Unsubscribe: <mailto:devel-leave@spectrum-os.org>

The installer needs to run as root, so that `systemd-repart` can write
to disks. Since Weston is not running as root (since b26f59e), just as
with the root terminal, we add a s6-sudod service for the installer.

Signed-off-by: Johannes Süllner <johannes.suellner@mailbox.org>
---
 host/rootfs/default.nix                         |  4 ++--
 host/rootfs/file-list.mk                        |  3 +++
 .../spectrum-installer-as-root/notification-fd  |  1 +
 .../notification-fd.license                     |  2 ++
 .../service/spectrum-installer-as-root/run      | 17 +++++++++++++++++
 host/rootfs/image/etc/s6-rc/weston/run          |  1 +
 host/rootfs/image/etc/xdg/weston/weston.ini     |  5 +++++
 .../image/usr/bin/spectrum-installer-as-root    |  5 +++++
 pkgs/default.nix                                |  2 ++
 9 files changed, 38 insertions(+), 2 deletions(-)
 create mode 100644 host/rootfs/image/etc/s6-linux-init/run-image/service/spectrum-installer-as-root/notification-fd
 create mode 100644 host/rootfs/image/etc/s6-linux-init/run-image/service/spectrum-installer-as-root/notification-fd.license
 create mode 100755 host/rootfs/image/etc/s6-linux-init/run-image/service/spectrum-installer-as-root/run
 create mode 100755 host/rootfs/image/usr/bin/spectrum-installer-as-root

diff --git a/host/rootfs/default.nix b/host/rootfs/default.nix
index 66aa366..f53d3e3 100644
--- a/host/rootfs/default.nix
+++ b/host/rootfs/default.nix
@@ -4,7 +4,7 @@
 
 import ../../lib/call-package.nix (
 { callSpectrumPackage, config, spectrum-build-tools
-, src, pkgsMusl, inkscape, linux_latest, xorg
+, src, pkgsMusl, inkscape, linux_latest, spectrum-installer, xorg
 }:
 pkgsMusl.callPackage (
 
@@ -62,7 +62,7 @@ let
   # https://inbox.vuxu.org/musl/20251017-dlopen-use-rpath-of-caller-dso-v1-1-46c69eda1473@iscas.ac.cn/
   usrPackages = [
     appvm dejavu_fonts firmware kernel.modules kmod.lib lvm2 mesa
-    netvm systemd westonLite
+    netvm spectrum-installer systemd westonLite
   ];
 
   appvms = {
diff --git a/host/rootfs/file-list.mk b/host/rootfs/file-list.mk
index 3899d62..54d8e00 100644
--- a/host/rootfs/file-list.mk
+++ b/host/rootfs/file-list.mk
@@ -25,6 +25,8 @@ FILES = \
 	image/etc/s6-linux-init/run-image/service/serial-getty/notification-fd \
 	image/etc/s6-linux-init/run-image/service/serial-getty/run \
 	image/etc/s6-linux-init/run-image/service/serial-getty/template/run \
+	image/etc/s6-linux-init/run-image/service/spectrum-installer-as-root/notification-fd \
+	image/etc/s6-linux-init/run-image/service/spectrum-installer-as-root/run \
 	image/etc/s6-linux-init/run-image/service/vm-services/notification-fd \
 	image/etc/s6-linux-init/run-image/service/vm-services/run \
 	image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/dbus/notification-fd \
@@ -62,6 +64,7 @@ FILES = \
 	image/usr/bin/run-appimage \
 	image/usr/bin/run-flatpak \
 	image/usr/bin/run-vmm \
+	image/usr/bin/spectrum-installer-as-root \
 	image/usr/bin/spectrum-update \
 	image/usr/bin/vm-console \
 	image/usr/bin/vm-import \
diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/service/spectrum-installer-as-root/notification-fd b/host/rootfs/image/etc/s6-linux-init/run-image/service/spectrum-installer-as-root/notification-fd
new file mode 100644
index 0000000..00750ed
--- /dev/null
+++ b/host/rootfs/image/etc/s6-linux-init/run-image/service/spectrum-installer-as-root/notification-fd
@@ -0,0 +1 @@
+3
diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/service/spectrum-installer-as-root/notification-fd.license b/host/rootfs/image/etc/s6-linux-init/run-image/service/spectrum-installer-as-root/notification-fd.license
new file mode 100644
index 0000000..0d3d47c
--- /dev/null
+++ b/host/rootfs/image/etc/s6-linux-init/run-image/service/spectrum-installer-as-root/notification-fd.license
@@ -0,0 +1,2 @@
+SPDX-License-Identifier: CC0-1.0
+SPDX-FileCopyrightText: 2025 Alyssa Ross <hi@alyssa.is>
diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/service/spectrum-installer-as-root/run b/host/rootfs/image/etc/s6-linux-init/run-image/service/spectrum-installer-as-root/run
new file mode 100755
index 0000000..a8ab652
--- /dev/null
+++ b/host/rootfs/image/etc/s6-linux-init/run-image/service/spectrum-installer-as-root/run
@@ -0,0 +1,17 @@
+#!/bin/execlineb -PW
+# SPDX-License-Identifier: EUPL-1.2+
+# SPDX-FileCopyrightText: 2025 Alyssa Ross <hi@alyssa.is>
+
+s6-ipcserver-socketbinder -a 0700 /run/spectrum-installer-as-root
+
+if { chown wayland /run/spectrum-installer-as-root }
+
+fdmove 1 3
+s6-ipcserverd -1P
+
+exec -c
+/bin/export PATH /usr/bin
+/bin/export WAYLAND_DISPLAY ""
+s6-sudod
+cd /
+spectrum-installer
diff --git a/host/rootfs/image/etc/s6-rc/weston/run b/host/rootfs/image/etc/s6-rc/weston/run
index fd59586..fa4772a 100644
--- a/host/rootfs/image/etc/s6-rc/weston/run
+++ b/host/rootfs/image/etc/s6-rc/weston/run
@@ -63,6 +63,7 @@ bwrap
   # For udev
   --ro-bind /run/udev /run/udev
   --bind /run/root-terminal /run/root-terminal
+  --bind /run/spectrum-installer-as-root /run/spectrum-installer-as-root
   --tmpfs /tmp
   --tmpfs /dev/shm
   # Filtered /proc (without nasty stuff)
diff --git a/host/rootfs/image/etc/xdg/weston/weston.ini b/host/rootfs/image/etc/xdg/weston/weston.ini
index a4763c6..f21041e 100644
--- a/host/rootfs/image/etc/xdg/weston/weston.ini
+++ b/host/rootfs/image/etc/xdg/weston/weston.ini
@@ -13,3 +13,8 @@ path=/bin/root-terminal
 icon=/usr/share/icons/hicolor/20x20/apps/com.system76.CosmicFiles.png
 displayname=Files
 path=/bin/cosmic-files
+
+[launcher]
+icon=/usr/share/icons/hicolor/22x22/apps/spectrum-installer.png
+displayname=Spectrum installer
+path=/bin/spectrum-installer-as-root
diff --git a/host/rootfs/image/usr/bin/spectrum-installer-as-root b/host/rootfs/image/usr/bin/spectrum-installer-as-root
new file mode 100755
index 0000000..c03d3ac
--- /dev/null
+++ b/host/rootfs/image/usr/bin/spectrum-installer-as-root
@@ -0,0 +1,5 @@
+#!/bin/execlineb -Ws0
+# SPDX-License-Identifier: EUPL-1.2+
+# SPDX-FileCopyrightText: 2025 Alyssa Ross <hi@alyssa.is>
+
+s6-sudo -- /run/spectrum-installer-as-root $@
diff --git a/pkgs/default.nix b/pkgs/default.nix
index a80c5b3..5849e58 100644
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -50,6 +50,8 @@ let
       appSupport = false;
       driverSupport = true;
     };
+    spectrum-installer =
+      self.callSpectrumPackage ../tools/spectrum-installer {};
     spectrum-router = self.callSpectrumPackage ../tools/router {};
     xdg-desktop-portal-spectrum-host =
       self.callSpectrumPackage ../tools/xdg-desktop-portal-spectrum-host {};