Issue 6 #7
Open
Issue 6 #7
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 5 commits
November 2, 2025 02:37
- Fixed critical bug where sshd_config was deleted from tar even without -P flag * Only delete shadow/sshd_config when password modification is requested * Prevents SSH from breaking when not using password authentication - Improved MAC address persistence logic * Moved MAC service creation after opensleep-wifi service (dependency fix) * Made MAC service conditional on WiFi being configured * Fixed wpa_supplicant timing: now waits for opensleep-mac service * Made wpa_supplicant MAC dependency conditional (only if -m flag used) - Fixed file ownership issues * User files in /home/rewt now owned by rewt:rewt (not root:root) * System service files correctly owned by root:root - Added comprehensive MAC address lessons learned documentation * Documents what doesn't work (.link files, early service timing) * Documents what does work (service-based approach with correct ordering) * Includes debugging tips and factory reset behavior Status: SSH working, MAC address timing fixes implemented (pending test)
Problem: MAC address still changing despite opensleep-mac.service running Root cause: NetworkManager is active and has MAC randomization enabled - NetworkManager can override manually set MAC addresses - Default behavior is to randomize MAC for privacy/security Solution: Add NetworkManager configuration to disable MAC randomization - Created /etc/NetworkManager/conf.d/99-disable-wifi-mac-randomization.conf - Disables wifi.scan-rand-mac-address - Forces wifi.cloned-mac-address=permanent - Applied to both staging (for tar) and mounted partition Boot sequence now: 1. opensleep-wifi.service - loads brcmfmac driver (random MAC) 2. opensleep-mac.service - sets persistent MAC via ip link 3. NetworkManager - starts but respects permanent MAC (no randomization) 4. wpa_supplicant - connects using our configured MAC Status: Testing MAC persistence with NetworkManager configuration
✅ MAC ADDRESS PERSISTENCE NOW WORKING! Added convenience debug command to welcome banner: - Shows one-liner to run opensleep in debug mode - Command: sudo systemctl stop opensleep && cd /opt/opensleep && sudo RUST_LOG=debug,rumqttc=info ./opensleep - Only displayed when opensleep is installed - Easy copy-paste for troubleshooting Boot sequence confirmed working: 1. opensleep-wifi.service - loads brcmfmac driver 2. opensleep-mac.service - sets persistent MAC 3. NetworkManager - respects permanent MAC (no randomization) 4. wpa_supplicant - connects with configured MAC Testing results: ✅ SSH key authentication working ✅ MAC address persists across reboots ✅ WiFi connects automatically ✅ opensleep service running ✅ Eight Sleep services disabled
✅ MAC ADDRESS PERSISTENCE CONFIRMED WORKING! Updated boot sequence documentation: - Changed from 3-stage to 4-stage process - Added NetworkManager as critical step 3 - Documented NetworkManager MAC randomization configuration - Explained why NetworkManager config is essential Key addition: NetworkManager Configuration - NetworkManager was the missing piece causing MAC changes - Config disables MAC randomization: wifi.cloned-mac-address=permanent - Without this, NetworkManager overrides opensleep-mac.service - Config file: /etc/NetworkManager/conf.d/99-disable-wifi-mac-randomization.conf Updated wpa_supplicant documentation: - Now shows conditional dependency on opensleep-mac.service - Only adds MAC dependency if -m flag was used - Prevents dependency on non-existent service Complete working boot sequence: 1. opensleep-wifi.service - loads driver (random MAC) 2. opensleep-mac.service - sets persistent MAC 3. NetworkManager - respects permanent MAC (no randomization) 4. wpa_supplicant - connects with configured MAC All features now working: ✅ SSH key authentication ✅ Persistent MAC address ✅ WiFi auto-connect ✅ Factory reset survival ✅ opensleep service ✅ Eight Sleep services disabled
Problem: Password modification was being skipped due to incorrect validation - Shadow file extracted from tar has ownership 0:0 (root:root) - Script assumed 0:0 meant 'file created by us, not extracted' - This is WRONG: shadow files are legitimately owned by root - Caused all password modification attempts to fail Root Cause: Misunderstood tar extraction behavior - tar --numeric-owner preserves numeric UIDs/GIDs - Files owned by root (UID 0) in archive extract as 0:0 - This is correct and expected behavior for /etc/shadow Solution: Change validation from ownership check to content check - Now checks if file contains 'rewt:' entry (grep -q '^rewt:') - This validates file has actual content and correct format - Still catches empty files and extraction failures - Accepts legitimate root-owned shadow files Log output from failed attempt: [*] Original shadow file: perms=400 owner=0:0 [-] WARNING: /etc/shadow has ownership 0:0, skipping password modification Expected behavior after fix: [*] Original shadow file: perms=400 owner=0:0 ✓ Password set, permissions preserved Status: Ready to test password modification with -P flag
added 4 commits
November 2, 2025 14:16
- Updated patching guide with -P and -m flag documentation - Added 'Tested Features' section confirming password auth works - Created FUTURE_TASKS.md to track enhancement ideas: * NTP time synchronization * SSH key cleanup (remove Eight Sleep keys) * Static IP address configuration * On-device opensleep compilation research - Password authentication confirmed working November 2, 2025
- systemd-timesyncd already active and working - Syncing with local router (192.168.2.1) - System clock properly synchronized - opensleep uses America/New_York timezone from config.ron - No additional configuration needed
- New optional -R flag removes all Eight Sleep SSH keys - Keeps only user-provided SSH key for security - WARNING: Prevents Eight Sleep mobile app pairing - WARNING: Prevents Eight Sleep remote access - Recommended for privacy when using opensleep - Cannot restore Eight Sleep functionality without reflashing - Identified Eight Sleep keys: momerath@gene, root@pizzapi-vpn, eng@eightsleep.com, glitlab
- Added error message when -R flag is used - Updated usage docs to show -R is disabled - Removed FUTURE_TASKS.md from repository (moved to .memory-bank-pod3sd) - SSH key cleanup feature needs debugging before re-enabling
Author
|
@LiamSnow please pull this down and test with your binary and config, i don't know if my setup is wrong or not, i've been having issues getting my bed to start cooling. Testing with your config and binary assuming you have a pod3 with sd card will verify the script isn't the issue, allowing us to merge the pr |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Script for creating a patched factory image with opensleep installed and configured.
Password issue resolved, tested with:
/mnt/f/workspaces/opensleep/scripts/full_patch_workflow.sh
-i /mnt/f/drive\ images/pod3_rootfs_orgional.img
-k /mnt/c/Users/Matrix/.ssh/id_ed25519.pub
-s "wifi access point"
-p "wifi password"
-b /mnt/f/drive\ images/opensleep
-S /mnt/f/drive\ images/opensleep.service
-c /mnt/f/drive\ images/config.ron
-m "mac address"
-P "root password"
-d