initial

isobuild/config/hooks/normal/0050-setup-ecouser.hook.chroot

@@ -0,0 +1,27 @@
+#!/bin/sh
+# Create ecouser for running Sway and Chromium
+
+set -e
+
+echo "Creating ecouser..."
+
+# Create ecouser with home directory and GECOS field (prevents "I have no name!" in terminal)
+useradd -m -s /bin/bash -c "EcoOS User" ecouser || true
+
+# Add ecouser to necessary groups:
+# video,render - GPU access
+# audio - audio access
+# input - input devices
+# seat - seatd compositor access
+# sudo - sudo privileges
+# adm,cdrom,plugdev - standard Ubuntu groups
+usermod -aG video,render,audio,input,seat,sudo,adm,cdrom,plugdev ecouser || true
+
+# Set a default password (ecouser:ecouser)
+echo "ecouser:ecouser" | chpasswd
+
+# Enable sudo without password for ecouser
+echo "ecouser ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/ecouser
+chmod 440 /etc/sudoers.d/ecouser
+
+echo "ecouser created."

isobuild/config/hooks/normal/0055-fix-networkmanager.hook.chroot

@@ -0,0 +1,14 @@
+#!/bin/sh
+# Fix NetworkManager connection file permissions
+
+set -e
+
+echo "Fixing NetworkManager connection permissions..."
+
+# NetworkManager requires connection files to be owned by root:root with 600 permissions
+if [ -d /etc/NetworkManager/system-connections ]; then
+    chown -R root:root /etc/NetworkManager/system-connections
+    chmod 600 /etc/NetworkManager/system-connections/*.nmconnection 2>/dev/null || true
+fi
+
+echo "NetworkManager permissions fixed."

isobuild/config/hooks/normal/0060-install-chromium.hook.chroot

@@ -0,0 +1,54 @@
+#!/bin/sh
+# Install Chromium dependencies
+# Chromium itself is pre-installed from Docker build (network works there)
+
+set -e
+
+echo "Installing Chromium dependencies..."
+
+# Verify Chromium was pre-installed from Docker build
+if [ ! -x /opt/chromium/chrome ]; then
+    echo "ERROR: Chromium not found at /opt/chromium/chrome"
+    echo "This should have been installed during Docker build"
+    exit 1
+fi
+
+# Install required runtime dependencies for Chromium
+# Using --no-install-recommends to minimize size
+DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+    libasound2t64 \
+    libatk-bridge2.0-0t64 \
+    libatk1.0-0t64 \
+    libatspi2.0-0t64 \
+    libcairo2 \
+    libcups2t64 \
+    libdrm2 \
+    libgbm1 \
+    libgtk-3-0t64 \
+    libnspr4 \
+    libnss3 \
+    libpango-1.0-0 \
+    libxcomposite1 \
+    libxdamage1 \
+    libxfixes3 \
+    libxkbcommon0 \
+    libxrandr2 \
+    fonts-liberation \
+    xdg-utils || true
+
+# Verify the symlink exists
+if [ ! -x /usr/bin/chromium-browser ]; then
+    echo "Creating chromium-browser symlink..."
+    cat > /usr/bin/chromium-browser << 'WRAPPER'
+#!/bin/sh
+exec /opt/chromium/chrome "$@"
+WRAPPER
+    chmod +x /usr/bin/chromium-browser
+fi
+
+echo "Chromium dependencies installed."
+echo "Chromium available at:"
+ls -la /opt/chromium/chrome
+ls -la /usr/bin/chromium-browser
+
+echo "Chromium setup complete."

isobuild/config/hooks/normal/0100-enable-services.hook.chroot

@@ -0,0 +1,29 @@
+#!/bin/sh
+# Enable EcoOS services
+
+set -e
+
+echo "Enabling systemd-networkd for static IP..."
+systemctl enable systemd-networkd.service
+systemctl enable systemd-networkd-wait-online.service
+
+echo "Disabling NetworkManager (using networkd instead)..."
+systemctl disable NetworkManager.service 2>/dev/null || true
+systemctl mask NetworkManager.service 2>/dev/null || true
+
+echo "Enabling seatd service..."
+systemctl enable seatd.service
+
+echo "Enabling eco-daemon service..."
+systemctl enable eco-daemon.service
+
+echo "Enabling installer service..."
+systemctl enable ecoos-installer.service
+
+echo "Enabling SSH service..."
+systemctl enable ssh.service || true
+
+echo "Enabling debug service..."
+systemctl enable debug-network.service || true
+
+echo "Services enabled."

isobuild/config/hooks/normal/0200-fix-permissions.hook.chroot

@@ -0,0 +1,52 @@
+#!/bin/sh
+# Final permissions fix before squashfs creation
+# Ensures /etc and critical directories have correct permissions
+# This is CRITICAL - wrong permissions break login, networking, and services
+
+set -e
+
+echo "Fixing critical directory permissions..."
+
+# /etc must be world-readable for systemd and other services to work
+chmod 755 /etc
+
+# Fix all subdirectories in /etc that need to be readable
+for dir in /etc/systemd /etc/systemd/system /etc/systemd/network \
+           /etc/default /etc/security /etc/pam.d /etc/skel \
+           /etc/profile.d /etc/sudoers.d /etc/bash_completion.d \
+           /etc/apt /etc/dpkg /etc/ssl /etc/ssh /etc/sway; do
+    if [ -d "$dir" ]; then
+        chmod 755 "$dir"
+    fi
+done
+
+# Critical files that must be world-readable for system to function
+# These are essential for user/group lookups and shell login
+for file in /etc/passwd /etc/group /etc/hosts /etc/hostname \
+            /etc/profile /etc/bash.bashrc /etc/environment \
+            /etc/shells /etc/nsswitch.conf /etc/resolv.conf \
+            /etc/machine-id /etc/ld.so.conf; do
+    if [ -f "$file" ]; then
+        chmod 644 "$file"
+    fi
+done
+
+# Shadow files should be root-only readable
+chmod 640 /etc/shadow 2>/dev/null || true
+chmod 640 /etc/gshadow 2>/dev/null || true
+
+# Sudoers files need specific permissions
+chmod 440 /etc/sudoers 2>/dev/null || true
+if [ -d /etc/sudoers.d ]; then
+    find /etc/sudoers.d -type f -exec chmod 440 {} \;
+fi
+
+# Fix network config file permissions
+if [ -f /etc/systemd/network/10-wired.network ]; then
+    chmod 644 /etc/systemd/network/10-wired.network
+fi
+
+# Recursively fix /etc - directories should be 755, files 644 (except special cases)
+find /etc -type d -exec chmod 755 {} \; 2>/dev/null || true
+
+echo "Permissions fixed."