From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from atuin.qyliss.net (localhost [IPv6:::1])
	by atuin.qyliss.net (Postfix) with ESMTP id B92A3A8E4;
	Sun, 15 Mar 2026 11:56:47 +0000 (UTC)
Received: by atuin.qyliss.net (Postfix, from userid 993)
	id EA537A8DB; Sun, 15 Mar 2026 11:56:42 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,DMARC_MISSING,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS
	autolearn=unavailable autolearn_force=no version=4.0.1
Received: from fout-b3-smtp.messagingengine.com
 (fout-b3-smtp.messagingengine.com [202.12.124.146])
	by atuin.qyliss.net (Postfix) with ESMTPS id A98CEA8DA
	for <devel@spectrum-os.org>; Sun, 15 Mar 2026 11:56:40 +0000 (UTC)
Received: from phl-compute-04.internal (phl-compute-04.internal [10.202.2.44])
	by mailfout.stl.internal (Postfix) with ESMTP id 368431D0016F;
	Sun, 15 Mar 2026 07:56:38 -0400 (EDT)
Received: from phl-frontend-04 ([10.202.2.163])
  by phl-compute-04.internal (MEProxy); Sun, 15 Mar 2026 07:56:38 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h=cc
	:content-type:content-type:date:date:from:from:in-reply-to
	:in-reply-to:message-id:mime-version:references:reply-to:subject
	:subject:to:to; s=fm3; t=1773575798; x=1773662198; bh=v5RQODTog6
	P31IfQ2370gBFDqENVHkePv18AygJ4c9U=; b=R4zSsjIIXSkcMxEMKTyDbm5rLm
	QptslHR+PNmMnagXcp2aI4Ym4ut9KiK5uUfmqF1f37nFifr8I+HsDRZJAKMeQPv1
	jn/ak7N2WuDmkGAsw843X/I4PVUa57PGiEx3DlXjUoFBpX0kLm8gC+5OZBq2mbEK
	/zEJ6TNSb8NOER9hsHcy5xBqZ0jJdTrmYL682uItFK8GQELPEBpKz0Fxd+aT7FKl
	iA/dl9JPXW7ca3Nf2TTxSr14izgVgM0/TMefniaWh6KZhCdY/6jD1fuZbDTDP6E0
	SP3r1VBrcrOkvDnRfjl3J0la2ms8+ins2UBrNPlUY+MBbNZNW/NnM89dar8g==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-type:content-type:date:date
	:feedback-id:feedback-id:from:from:in-reply-to:in-reply-to
	:message-id:mime-version:references:reply-to:subject:subject:to
	:to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=
	1773575798; x=1773662198; bh=v5RQODTog6P31IfQ2370gBFDqENVHkePv18
	AygJ4c9U=; b=myvwnVf1uSVd1eCV4UeKOmvstz7O1OfUNNHJojpOPKgNYKOocyq
	Xs4fiJJAwyRhqZdhWTqT0AnO6UnwLpAa3E8OPIqPCFGfMboe8t24VCd7GWU7mqKF
	L8i7yRk70pTnVZHQCQHclXM8250JEgNJLVNyl/YV8qJbxhH7z7rD6wIWy1Q4VZZ2
	7B4NTB38X8rD9IGfj5Z3TIzNdAVnW6C1CJJzOMDcRXPGaNJolCMx7ZFSqND5TIyX
	U4qGavMgBMu+PAg1hrf8VuSgPDsjt82AUeMFrtXP4QaeWZL+8zA9JukFDAKTVJGW
	POjjRW8M2bZ3ZDWvIbdQgFFvj6tRpLtxCXg==
X-ME-Sender: <xms:dZ62ad5zu1OfAHm5cHUMKZshRhzeFayO-paHZkfGC8ASWCfOUuasZw>
    <xme:dZ62afO0KQN6QBg9GvR32ROlYJOjrTp7u4CU1R9wV4gdAX0OBlx12LDNYUTYQQ0pu
    e1AcSLfp5T6vRGKXxxOmq341mDQJCEI0md9v4wJiiIwz-Pa1nau1Q>
X-ME-Received: 
 <xmr:dZ62aTkQ7TZ3Wl1YJegQkBpgJCwU4NvzPIelRWmFqLUmYni8nJHON3EWQ2Ob2sHIEbSiNwIDLfxsPOPVLOpyoWsS4aL0C7lIcbmPZl-3>
X-ME-Proxy-Cause: 
 gggruggvucftvghtrhhoucdtuddrgeefgedrtddtgddvleehgedvucetufdoteggodetrf
    dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfurfetoffkrfgpnffqhgenuceu
    rghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujf
    gurhephffvufgjfhffkfggtgesghdtreertddtjeenucfhrhhomheptehlhihsshgrucft
    ohhsshcuoehhihesrghlhihsshgrrdhisheqnecuggftrfgrthhtvghrnhepffduudffue
    ffgeehieegjedtkefhudehheefudehlefftedtkeeitdegfefgleehnecuvehluhhsthgv
    rhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhephhhisegrlhihshhsrgdrih
    hspdhnsggprhgtphhtthhopeefpdhmohguvgepshhmthhpohhuthdprhgtphhtthhopegu
    vghmihhosggvnhhouhhrsehgmhgrihhlrdgtohhmpdhrtghpthhtohepjhhohhgrnhhnvg
    hsrdhsuhgvlhhlnhgvrhesmhgrihhlsghogidrohhrghdprhgtphhtthhopeguvghvvghl
    sehsphgvtghtrhhumhdqohhsrdhorhhg
X-ME-Proxy: <xmx:dZ62aeQV4XMI8wksrOrloDoT1b_dPMgoYHsyROa1Zhjg4kR2bppvGA>
    <xmx:dZ62aXAyL6v6dgXoELbcOX6K_LVSCbHMwF1eym39M5T3TN3W2CCedg>
    <xmx:dZ62aVSdc9K8a5B_la03qlvlLhzejMuU2uYEWy-BdxcN-HHd5EB_1g>
    <xmx:dZ62aVrwZMamGcvFGw71vQ9HfqhLIZdCOnQyMDr4AYoSPOEDtUCCIg>
    <xmx:dp62aa7SwTuPOyKDhIUjfZCAfgJcwZ8mEMG6smhZgDaZGFTtJNVx9W3S>
Feedback-ID: i12284293:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sun,
 15 Mar 2026 07:56:34 -0400 (EDT)
Received: by mbp.qyliss.net (Postfix, from userid 1000)
	id CDC4C78E5BD2; Sun, 15 Mar 2026 12:56:26 +0100 (CET)
From: Alyssa Ross <hi@alyssa.is>
To: Demi Marie Obenour <demiobenour@gmail.com>, Johannes =?utf-8?Q?S=C3=BC?=
 =?utf-8?Q?llner?=
 <johannes.suellner@mailbox.org>, devel@spectrum-os.org
Subject: Re: [PATCH v2 2/5] host/rootfs: integrate spectrum-installer
In-Reply-To: <6c012315-9fd7-4430-b71c-d9c06538e07c@gmail.com>
References: <20260204175543.22164-2-johannes.suellner@mailbox.org>
 <20260204175543.22164-4-johannes.suellner@mailbox.org>
 <6c012315-9fd7-4430-b71c-d9c06538e07c@gmail.com>
Date: Sun, 15 Mar 2026 12:56:25 +0100
Message-ID: <87ikaxgvbq.fsf@alyssa.is>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha512; protocol="application/pgp-signature"
Message-ID-Hash: ZI37NNOGECJDEARO5JHDB3JTXFG5CTNF
X-Message-ID-Hash: ZI37NNOGECJDEARO5JHDB3JTXFG5CTNF
X-MailFrom: hi@alyssa.is
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation;
 header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1;
 header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3;
 header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
X-Mailman-Version: 3.3.9
Precedence: list
List-Id: Patches and low-level development discussion <devel.spectrum-os.org>
Archived-At: <>
List-Archive: <>
List-Help: <mailto:devel-request@spectrum-os.org?subject=help>
List-Owner: <mailto:devel-owner@spectrum-os.org>
List-Post: <mailto:devel@spectrum-os.org>
List-Subscribe: <mailto:devel-join@spectrum-os.org>
List-Unsubscribe: <mailto:devel-leave@spectrum-os.org>

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Demi Marie Obenour <demiobenour@gmail.com> writes:

> On 2/4/26 12:55, Johannes S=C3=BCllner wrote:
>> The installer needs to run as root, so that `systemd-repart` can write
>> to disks. Since Weston is not running as root (since b26f59e), just as
>> with the root terminal, we add a s6-sudod service for the installer.
>
> Could this be conditional to the live image?  Installed images don't
> need it.

My hope would be to not have a distinction in the end between live and
installed images.  If you're worried about attack surface we could have
some switch to disable it before boot, as far out as possible like in
the kernel command line or a UEFI variable.

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQRV/neXydHjZma5XLJbRZGEIw/wogUCabaeaQAKCRBbRZGEIw/w
otQGAQD3HP6tCaeLCj0wv38TihlrXu8ue7lbTJfc31fUJ3lIoAEAyIl1vAtNn11V
wm0B5FGeqHAXAMthw/y8toaSSbIIjgk=
=W/VE
-----END PGP SIGNATURE-----
--=-=-=--