penguins-eggs 25.11.21 → 25.12.7

package/dist/classes/ovary.d/edit-live-fs.js

@@ -1,6 +1,6 @@
 /**
  * ./src/classes/ovary.d/edit-live-fs.ts
- * penguins-eggs v.25.7.x / ecmascript 2020
+ * penguins-eggs v.25.12.5 / ecmascript 2020
  * author: Piero Proietti
  * email: piero.proietti@gmail.com
  * license: MIT
@@ -9,231 +9,261 @@
 import fs from 'fs';
 import os from 'os';
 import path from 'node:path';
-import shx from 'shelljs';
+import { shx } from '../../lib/utils.js';
 import Utils from '../utils.js';
 import Pacman from '../pacman.js';
 import Systemctl from '../systemctl.js';
 import { exec } from '../../lib/utils.js';
 // _dirname
 const __dirname = path.dirname(new URL(import.meta.url).pathname);
-/**
- * editLiveFs
- * - Mark if is_clone or is_clone_crypted
- * - Truncate logs, remove archived log
- * - Allow all fixed drives to be mounted with pmount
- * - Enable or disable password login trhough ssh for users (not root)
- * - Create an empty /etc/fstab
- * - Blanck /etc/machine-id
- * - Add some basic files to /dev
- * - Clear configs from /etc/network/interfaces, wicd and NetworkManager and netman
- */
 export async function editLiveFs(clone = false) {
-    if (this.verbose) {
+    if (this.verbose)
         console.log('Ovary: editLiveFs');
-    }
-    /**
-     * /etc/penguins-eggs.d/is_clone file created on live
-     */
+    const workDir = this.settings.work_dir.merged;
     if (clone) {
-        await exec(`touch ${this.settings.work_dir.merged}/etc/penguins-eggs.d/is_clone`, this.echo);
+        await exec(`touch ${workDir}/etc/penguins-eggs.d/is_clone`, this.echo);
     }
-    /**
-     * /etc/default/epoptes-client created on live
-     */
     if (Pacman.packageIsInstalled('epoptes')) {
-        const file = `${this.settings.work_dir.merged}/etc/default/epoptes-client`;
+        const file = `${workDir}/etc/default/epoptes-client`;
         const text = `SERVER=${os.hostname}.local\n`;
         fs.writeFileSync(file, text);
     }
     if (this.familyId === 'debian') {
-        // Aggiungo UMASK=0077 in /etc/initramfs-tools/conf.d/calamares-safe-initramfs.conf
         const text = 'UMASK=0077\n';
         const file = '/etc/initramfs-tools/conf.d/eggs-safe-initramfs.conf';
         Utils.write(file, text);
     }
-    // Truncate logs, remove archived logs.
-    let cmd = `find ${this.settings.work_dir.merged}/var/log -name "*gz" -print0 | xargs -0r rm -f`;
+    // Truncate logs
+    let cmd = `find ${workDir}/var/log -name "*gz" -print0 | xargs -0r rm -f`;
     await exec(cmd, this.echo);
-    cmd = `find ${this.settings.work_dir.merged}/var/log/ -type f -exec truncate -s 0 {} \\;`;
+    cmd = `find ${workDir}/var/log/ -type f -exec truncate -s 0 {} \\;`;
     await exec(cmd, this.echo);
-    // Allow all fixed drives to be mounted with pmount
-    if (this.settings.config.pmount_fixed && fs.existsSync(`${this.settings.work_dir.merged}/etc/pmount.allow`)) {
-        // MX aggiunto /etc
-        await exec(`sed -i 's:#/dev/sd\[a-z\]:/dev/sd\[a-z\]:' ${this.settings.work_dir.merged}/etc/pmount.allow`, this.echo);
-    }
-    // Remove obsolete live-config file
-    if (fs.existsSync(`${this.settings.work_dir.merged}lib/live/config/1161-openssh-server`)) {
-        await exec(`rm -f ${this.settings.work_dir.merged}/lib/live/config/1161-openssh-server`, this.echo);
-    }
-    if (fs.existsSync(`${this.settings.work_dir.merged}/etc/ssh/sshd_config`)) {
-        /**
-         * enable/disable SSH root/users password login
-         */
-        await exec(`sed -i '/PermitRootLogin/d' ${this.settings.work_dir.merged}/etc/ssh/sshd_config`);
-        await exec(`sed -i '/PasswordAuthentication/d' ${this.settings.work_dir.merged}/etc/ssh/sshd_config`);
+    // =========================================================================
+    // FIX DEFINITIVO PER DEVUAN/SYSVINIT (Init Script Hardening)
+    // =========================================================================
+    if (Utils.isSysvinit()) {
+        if (this.verbose)
+            console.log('SysVinit detected: Hardening init scripts...');
+        await patchInitScripts(workDir, this.verbose);
+    }
+    // =========================================================================
+    // Fix Symlinks /var/run e /var/lock
+    const varRun = `${workDir}/var/run`;
+    if (fs.existsSync(varRun) && !fs.lstatSync(varRun).isSymbolicLink()) {
+        if (this.verbose)
+            console.log('Fixing /var/run symlink...');
+        await exec(`rm -rf ${varRun}`, this.echo);
+        await exec(`ln -s /run ${varRun}`, this.echo);
+    }
+    const varLock = `${workDir}/var/lock`;
+    if (fs.existsSync(varLock) && !fs.lstatSync(varLock).isSymbolicLink()) {
+        if (this.verbose)
+            console.log('Fixing /var/lock symlink...');
+        await exec(`rm -rf ${varLock}`, this.echo);
+        await exec(`ln -s /run/lock ${varLock}`, this.echo);
+    }
+    // Altri fix standard
+    if (this.settings.config.pmount_fixed && fs.existsSync(`${workDir}/etc/pmount.allow`)) {
+        await exec(`sed -i 's:#/dev/sd\[a-z\]:/dev/sd\[a-z\]:' ${workDir}/etc/pmount.allow`, this.echo);
+    }
+    if (fs.existsSync(`${workDir}lib/live/config/1161-openssh-server`)) {
+        await exec(`rm -f ${workDir}/lib/live/config/1161-openssh-server`, this.echo);
+    }
+    if (fs.existsSync(`${workDir}/etc/ssh/sshd_config`)) {
+        await exec(`sed -i '/PermitRootLogin/d' ${workDir}/etc/ssh/sshd_config`);
+        await exec(`sed -i '/PasswordAuthentication/d' ${workDir}/etc/ssh/sshd_config`);
         if (this.settings.config.ssh_pass) {
-            await exec(`echo 'PasswordAuthentication yes' | tee -a ${this.settings.work_dir.merged}/etc/ssh/sshd_config`, this.echo);
+            await exec(`echo 'PasswordAuthentication yes' | tee -a ${workDir}/etc/ssh/sshd_config`, this.echo);
         }
         else {
-            await exec(`echo 'PermitRootLogin prohibit-password' | tee -a ${this.settings.work_dir.merged}/etc/ssh/sshd_config`, this.echo);
-            await exec(`echo 'PasswordAuthentication no' | tee -a ${this.settings.work_dir.merged}/etc/ssh/sshd_config`, this.echo);
+            await exec(`echo 'PermitRootLogin prohibit-password' | tee -a ${workDir}/etc/ssh/sshd_config`, this.echo);
+            await exec(`echo 'PasswordAuthentication no' | tee -a ${workDir}/etc/ssh/sshd_config`, this.echo);
         }
     }
-    /**
-     * ufw --force reset
-     */
-    // if (Pacman.packageIsInstalled('ufw')) {
-    //    await exec('ufw --force reset')
-    // }
-    /**
-     * /etc/fstab should exist, even if it's empty,
-     * to prevent error messages at boot
-     */
-    await exec(`rm ${this.settings.work_dir.merged}/etc/fstab`, this.echo);
-    await exec(`touch ${this.settings.work_dir.merged}/etc/fstab`, this.echo);
-    /**
-     * Remove crypttab if exists
-     * this is crucial for tpm systems.
-     */
-    if (fs.existsSync(`${this.settings.work_dir.merged}/etc/crypttab`)) {
-        await exec(`rm ${this.settings.work_dir.merged}/etc/crypttab`, this.echo);
-    }
-    /**
-     * Blank out systemd machine id.
-     * If it does not exist, systemd-journald will fail,
-     * but if it exists and is empty, systemd will automatically
-     * set up a new unique ID.
-     */
-    if (fs.existsSync(`${this.settings.work_dir.merged}/etc/machine-id`)) {
-        await exec(`rm ${this.settings.work_dir.merged}/etc/machine-id`, this.echo);
-        await exec(`touch ${this.settings.work_dir.merged}/etc/machine-id`, this.echo);
-        Utils.write(`${this.settings.work_dir.merged}/etc/machine-id`, ':');
-    }
-    /**
-     * LMDE4: utilizza UbuntuMono16.pf2
-     * aggiungo un link a /boot/grub/fonts/UbuntuMono16.pf2
-     */
-    if (fs.existsSync(`${this.settings.work_dir.merged}/boot/grub/fonts/unicode.pf2`)) {
-        shx.cp(`${this.settings.work_dir.merged}/boot/grub/fonts/unicode.pf2`, `${this.settings.work_dir.merged}/boot/grub/fonts/UbuntuMono16.pf2`);
-    }
-    /**
-     * cleaning /etc/resolv.conf
-     */
-    const resolvFile = `${this.settings.work_dir.merged}/etc/resolv.conf`;
-    shx.rm(resolvFile);
-    /**
-     * Per tutte le distro systemd
-     */
+    await exec(`rm ${workDir}/etc/fstab`, this.echo);
+    await exec(`touch ${workDir}/etc/fstab`, this.echo);
+    if (fs.existsSync(`${workDir}/etc/crypttab`)) {
+        await exec(`rm ${workDir}/etc/crypttab`, this.echo);
+    }
+    // 🔧 [MODIFICA 1] Machine ID cleanup
+    // Cancelliamo SEMPRE il machine-id, anche su SysVinit.
+    // Questo garantisce che lo script patchato (dbus) trovi il file mancante e lo rigeneri.
+    if (fs.existsSync(`${workDir}/etc/machine-id`)) {
+        await exec(`rm ${workDir}/etc/machine-id`, this.echo);
+        await exec(`touch ${workDir}/etc/machine-id`, this.echo); // Lo ricreiamo vuoto
+    }
+    // Rimuoviamo anche quello in /var/lib/dbus per forzare la rigenerazione
+    if (fs.existsSync(`${workDir}/var/lib/dbus/machine-id`)) {
+        await exec(`rm ${workDir}/var/lib/dbus/machine-id`, this.echo);
+    }
+    if (fs.existsSync(`${workDir}/boot/grub/fonts/unicode.pf2`)) {
+        shx.cp(`${workDir}/boot/grub/fonts/unicode.pf2`, `${workDir}/boot/grub/fonts/UbuntuMono16.pf2`);
+    }
+    shx.rm(`${workDir}/etc/resolv.conf`);
+    // Systemd cleanup
     if (Utils.isSystemd()) {
         const systemdctl = new Systemctl(this.verbose);
-        /*
-        * Arch: /ci/minimal/arch-minimal.sh:
-        * systemctl set-default multi-user.target
-        * systemctl enable getty@tty1.service
-        * systemctl enable systemd-networkd.service
-        * systemctl enable 'systemd-resolved.service
-        */
-        if (await systemdctl.isEnabled('remote-cryptsetup.target')) {
-            await systemdctl.disable('remote-cryptsetup.target', this.settings.work_dir.merged, true);
-        }
-        if (await systemdctl.isEnabled('speech-dispatcherd.service')) {
-            await systemdctl.disable('speech-dispatcherd.service', this.settings.work_dir.merged, true);
-        }
-        if (await systemdctl.isEnabled('wpa_supplicant-nl80211@.service')) {
-            await systemdctl.disable('wpa_supplicant-nl80211@.service', this.settings.work_dir.merged, true);
-        }
-        if (await systemdctl.isEnabled('wpa_supplicant@.service')) {
-            await systemdctl.disable('wpa_supplicant@.service', this.settings.work_dir.merged, true);
-        }
-        if (await systemdctl.isEnabled('wpa_supplicant-wired@.service')) {
-            await systemdctl.disable('wpa_supplicant-wired@.service', this.settings.work_dir.merged, true);
-        }
-        /**
-         * All systemd distros
-         */
-        await exec(`rm -f ${this.settings.work_dir.merged}/var/lib/wicd/configurations/*`, this.echo);
-        await exec(`rm -f ${this.settings.work_dir.merged}/etc/wicd/wireless-settings.conf`, this.echo);
-        await exec(`rm -f ${this.settings.work_dir.merged}/etc/NetworkManager/system-connections/*`, this.echo);
-        await exec(`rm -f ${this.settings.work_dir.merged}/etc/network/wifi/*`, this.echo);
-        /**
-         * removing from /etc/network/:
-         * if-down.d if-post-down.d if-pre-up.d if-up.d interfaces interfaces.d
-         */
+        if (await systemdctl.isEnabled('remote-cryptsetup.target'))
+            await systemdctl.disable('remote-cryptsetup.target', workDir, true);
+        if (await systemdctl.isEnabled('speech-dispatcherd.service'))
+            await systemdctl.disable('speech-dispatcherd.service', workDir, true);
+        if (await systemdctl.isEnabled('wpa_supplicant-nl80211@.service'))
+            await systemdctl.disable('wpa_supplicant-nl80211@.service', workDir, true);
+        if (await systemdctl.isEnabled('wpa_supplicant@.service'))
+            await systemdctl.disable('wpa_supplicant@.service', workDir, true);
+        if (await systemdctl.isEnabled('wpa_supplicant-wired@.service'))
+            await systemdctl.disable('wpa_supplicant-wired@.service', workDir, true);
+        await exec(`rm -f ${workDir}/var/lib/wicd/configurations/*`, this.echo);
+        await exec(`rm -f ${workDir}/etc/wicd/wireless-settings.conf`, this.echo);
+        await exec(`rm -f ${workDir}/etc/NetworkManager/system-connections/*`, this.echo);
+        await exec(`rm -f ${workDir}/etc/network/wifi/*`, this.echo);
         const cleanDirs = ['if-down.d', 'if-post-down.d', 'if-pre-up.d', 'if-up.d', 'interfaces.d'];
-        let cleanDir = '';
-        for (cleanDir of cleanDirs) {
-            await exec(`rm -f ${this.settings.work_dir.merged}/etc/network/${cleanDir}/wpasupplicant`, this.echo);
+        for (const cleanDir of cleanDirs) {
+            await exec(`rm -f ${workDir}/etc/network/${cleanDir}/wpasupplicant`, this.echo);
         }
     }
-    /**
-     * Clear configs from /etc/network/interfaces, wicd and NetworkManager
-     * and netman, so they aren't stealthily included in the snapshot.
-     */
     if (this.familyId === 'debian') {
-        if (fs.existsSync(`${this.settings.work_dir.merged}/etc/network/interfaces`)) {
-            await exec(`rm -f ${this.settings.work_dir.merged}/etc/network/interfaces`, this.echo);
-            Utils.write(`${this.settings.work_dir.merged}/etc/network/interfaces`, 'auto lo\niface lo inet loopback');
-        }
-        /**
-         * add some basic files to /dev
-         */
-        if (!fs.existsSync(`${this.settings.work_dir.merged}/dev/console`)) {
-            await exec(`mknod -m 622 ${this.settings.work_dir.merged}/dev/console c 5 1`, this.echo);
-        }
-        if (!fs.existsSync(`${this.settings.work_dir.merged}/dev/null`)) {
-            await exec(`mknod -m 666 ${this.settings.work_dir.merged}/dev/null c 1 3`, this.echo);
-        }
-        if (!fs.existsSync(`${this.settings.work_dir.merged}/dev/zero`)) {
-            await exec(`mknod -m 666 ${this.settings.work_dir.merged}/dev/zero c 1 5`, this.echo);
-        }
-        if (!fs.existsSync(`${this.settings.work_dir.merged}/dev/ptmx`)) {
-            await exec(`mknod -m 666 ${this.settings.work_dir.merged}/dev/ptmx c 5 2`, this.echo);
-        }
-        if (!fs.existsSync(`${this.settings.work_dir.merged}/dev/tty`)) {
-            await exec(`mknod -m 666 ${this.settings.work_dir.merged}/dev/tty c 5 0`, this.echo);
-        }
-        if (!fs.existsSync(`${this.settings.work_dir.merged}/dev/random`)) {
-            await exec(`mknod -m 444 ${this.settings.work_dir.merged}/dev/random c 1 8`, this.echo);
-        }
-        if (!fs.existsSync(`${this.settings.work_dir.merged}/dev/urandom`)) {
-            await exec(`mknod -m 444 ${this.settings.work_dir.merged}/dev/urandom c 1 9`, this.echo);
+        if (fs.existsSync(`${workDir}/etc/network/interfaces`)) {
+            await exec(`rm -f ${workDir}/etc/network/interfaces`, this.echo);
+            Utils.write(`${workDir}/etc/network/interfaces`, 'auto lo\niface lo inet loopback');
         }
-        if (!fs.existsSync(`${this.settings.work_dir.merged}/dev/{console,ptmx,tty}`)) {
-            await exec(`chown -v root:tty ${this.settings.work_dir.merged}/dev/{console,ptmx,tty}`, this.echo);
+        const devNodes = [
+            { path: 'console', m: '622', type: 'c', major: 5, minor: 1 },
+            { path: 'null', m: '666', type: 'c', major: 1, minor: 3 },
+            { path: 'zero', m: '666', type: 'c', major: 1, minor: 5 },
+            { path: 'ptmx', m: '666', type: 'c', major: 5, minor: 2 },
+            { path: 'tty', m: '666', type: 'c', major: 5, minor: 0 },
+            { path: 'random', m: '444', type: 'c', major: 1, minor: 8 },
+            { path: 'urandom', m: '444', type: 'c', major: 1, minor: 9 },
+        ];
+        for (const node of devNodes) {
+            if (!fs.existsSync(`${workDir}/dev/${node.path}`)) {
+                await exec(`mknod -m ${node.m} ${workDir}/dev/${node.path} ${node.type} ${node.major} ${node.minor}`, this.echo);
+            }
         }
-        if (!fs.existsSync(`${this.settings.work_dir.merged}/dev/fd`)) {
-            await exec(`ln -sv /proc/self/fd ${this.settings.work_dir.merged}/dev/fd`, this.echo);
+        if (!fs.existsSync(`${workDir}/dev/console`)) {
+            await exec(`chown -v root:tty ${workDir}/dev/{console,ptmx,tty}`, this.echo);
         }
-        if (!fs.existsSync(`${this.settings.work_dir.merged}/dev/stdin`)) {
-            await exec(`ln -sv /proc/self/fd/0 ${this.settings.work_dir.merged}/dev/stdin`, this.echo);
+        const links = [
+            { src: '/proc/self/fd', dest: 'fd' },
+            { src: '/proc/self/fd/0', dest: 'stdin' },
+            { src: '/proc/self/fd/1', dest: 'stdout' },
+            { src: '/proc/self/fd/2', dest: 'stderr' },
+            { src: '/proc/kcore', dest: 'core' }
+        ];
+        for (const link of links) {
+            if (!fs.existsSync(`${workDir}/dev/${link.dest}`)) {
+                await exec(`ln -sv ${link.src} ${workDir}/dev/${link.dest}`, this.echo);
+            }
         }
-        if (!fs.existsSync(`${this.settings.work_dir.merged}/dev/stdout`)) {
-            await exec(`ln -sv /proc/self/fd/1 ${this.settings.work_dir.merged}/dev/stdout`, this.echo);
-        }
-        if (!fs.existsSync(`${this.settings.work_dir.merged}/dev/stderr`)) {
-            await exec(`ln -sv /proc/self/fd/2 ${this.settings.work_dir.merged}/dev/stderr`, this.echo);
-        }
-        if (!fs.existsSync(`${this.settings.work_dir.merged}/dev/core`)) {
-            await exec(`ln -sv /proc/kcore ${this.settings.work_dir.merged}/dev/core`, this.echo);
+        if (!fs.existsSync(`${workDir}/dev/shm`))
+            await exec(`mkdir -v ${workDir}/dev/shm`, this.echo);
+        if (!fs.existsSync(`${workDir}/dev/pts`))
+            await exec(`mkdir -v ${workDir}/dev/pts`, this.echo);
+        await exec(`chmod 1777 ${workDir}/dev/shm`, this.echo);
+        if (!fs.existsSync(`${workDir}/tmp`))
+            await exec(`mkdir ${workDir}/tmp`, this.echo);
+        await exec(`chmod 1777 ${workDir}/tmp`, this.echo);
+    }
+}
+/**
+ * Patcha direttamente gli script di init in /etc/init.d/
+ */
+async function patchInitScripts(workDir, verbose) {
+    // 1. PATCH DBUS (Il più importante)
+    const dbusScript = `${workDir}/etc/init.d/dbus`;
+    if (fs.existsSync(dbusScript)) {
+        if (verbose)
+            console.log(`Patching ${dbusScript} to fix missing directories and RO fs...`);
+        let content = fs.readFileSync(dbusScript, 'utf8');
+        let modified = false;
+        // PATCH A: Header con gestione Ramdisk Fallback e Mount Proc
+        // Questa intestazione viene inserita all'inizio e prova a montare tmpfs se non può scrivere
+        const dbusFix = `
+### EGGS-FIX-START
+# 1. Assicuriamoci che /proc sia montato (necessario per leggere uuid kernel)
+if ! mountpoint -q /proc/; then
+  mount -t proc proc /proc
+fi
+
+# 2. Gestione Filesystem Read-Only (RO)
+# Se non possiamo scrivere in /var/lib/dbus, montiamo un tmpfs (RAM) sopra.
+# Questo bypassa il blocco dell'overlayfs non ancora pronto tipico delle build AppImage.
+if ! mkdir -p /var/lib/dbus 2>/dev/null || ! touch /var/lib/dbus/.rw_check 2>/dev/null; then
+  echo "EGGS-DEBUG: Filesystem Read-Only detected! Mounting tmpfs on /var/lib/dbus" > /dev/console
+  mount -t tmpfs -o size=1m tmpfs /var/lib/dbus
+fi
+rm -f /var/lib/dbus/.rw_check
+
+# 3. Creazione Directory Runtime
+mkdir -p /var/run/dbus /var/lib/dbus
+chmod 755 /var/run/dbus /var/lib/dbus
+
+# 4. Generazione Machine ID (Non-Blocking Strategy)
+# Se il file non esiste (o è vuoto), lo creiamo.
+if [ ! -s /var/lib/dbus/machine-id ]; then
+  # Prova A: Usa UUID del kernel (Istantaneo, non blocca)
+  if [ -f /proc/sys/kernel/random/uuid ]; then
+    cat /proc/sys/kernel/random/uuid | tr -d '-' > /var/lib/dbus/machine-id
+  # Prova B: Fallback statico
+  else
+    echo "00000000000000000000000000000001" > /var/lib/dbus/machine-id
+  fi
+  chmod 644 /var/lib/dbus/machine-id
+fi
+
+# 5. Sync /etc/machine-id (Best effort, ignora errori se /etc è RO)
+if [ ! -s /etc/machine-id ] && [ -s /var/lib/dbus/machine-id ]; then
+  cp /var/lib/dbus/machine-id /etc/machine-id 2>/dev/null || true
+fi
+### EGGS-FIX-END
+`;
+        if (!content.includes('EGGS-FIX-START')) {
+            content = content.replace('#!/bin/sh', `#!/bin/sh\n${dbusFix}`);
+            modified = true;
         }
-        if (!fs.existsSync(`${this.settings.work_dir.merged}/dev/shm`)) {
-            await exec(`mkdir -v ${this.settings.work_dir.merged}/dev/shm`, this.echo);
+        // PATCH B: SABOTAGE PREVENTION (Questa è quella che mancava!)
+        // Impediamo che create_machineid cancelli il file che abbiamo appena creato
+        // perché l'uptime è basso. 
+        if (content.includes('rm -f "${MACHINEID}"')) {
+            if (verbose)
+                console.log('Patching dbus: disabling auto-delete of machine-id on boot');
+            content = content.replace('rm -f "${MACHINEID}"', ': # EGGS-PATCH: Prevent deletion of valid machine-id');
+            modified = true;
         }
-        if (!fs.existsSync(`${this.settings.work_dir.merged}/dev/pts`)) {
-            await exec(`mkdir -v ${this.settings.work_dir.merged}/dev/pts`, this.echo);
+        if (modified) {
+            fs.writeFileSync(dbusScript, content, 'utf8');
         }
-        if (!fs.existsSync(`${this.settings.work_dir.merged}/dev/shm`)) {
-            await exec(`chmod 1777 ${this.settings.work_dir.merged}/dev/shm`, this.echo);
+    }
+    // 2. PATCH RSYSLOG
+    const rsyslogScript = `${workDir}/etc/init.d/rsyslog`;
+    if (fs.existsSync(rsyslogScript)) {
+        let content = fs.readFileSync(rsyslogScript, 'utf8');
+        const fix = `
+### EGGS-FIX-START
+mkdir -p /var/spool/rsyslog
+chmod 755 /var/spool/rsyslog
+### EGGS-FIX-END
+`;
+        if (!content.includes('EGGS-FIX-START')) {
+            content = content.replace('#!/bin/sh', `#!/bin/sh\n${fix}`);
+            fs.writeFileSync(rsyslogScript, content, 'utf8');
         }
-        /**
-         * creo /tmp
-         */
-        if (!fs.existsSync(`${this.settings.work_dir.merged}/tmp`)) {
-            await exec(`mkdir ${this.settings.work_dir.merged}/tmp`, this.echo);
+    }
+    // 3. PATCH CRON
+    const cronScript = `${workDir}/etc/init.d/cron`;
+    if (fs.existsSync(cronScript)) {
+        let content = fs.readFileSync(cronScript, 'utf8');
+        const fix = `
+### EGGS-FIX-START
+mkdir -p /var/spool/cron/crontabs
+chmod 1730 /var/spool/cron/crontabs
+chown root:crontab /var/spool/cron/crontabs 2>/dev/null || true
+### EGGS-FIX-END
+`;
+        if (!content.includes('EGGS-FIX-START')) {
+            content = content.replace('#!/bin/sh', `#!/bin/sh\n${fix}`);
+            fs.writeFileSync(cronScript, content, 'utf8');
         }
-        /**
-         * Assegno 1777 a /tmp creava problemi con MXLINUX
-         */
-        await exec(`chmod 1777 ${this.settings.work_dir.merged}/tmp`, this.echo);
     }
 }

package/dist/classes/ovary.d/fertilization.js

@@ -25,7 +25,7 @@ export async function fertilization(snapshot_prefix = '', snapshot_basename = ''
     this.settings = new Settings();
     if (await this.settings.load()) {
         await this.settings.loadRemix(this.theme);
-        this.volid = Utils.getVolid(this.settings.remix.name);
+        this.volid = Utils.VolidTrim(this.settings.remix.name);
         this.uuid = Utils.uuidGen();
         //this.familyId = this.settings.distro.familyId
         this.nest = this.settings.config.snapshot_mnt;

package/dist/classes/ovary.d/make-dot-disk.js

@@ -7,7 +7,7 @@
  */
 // packages
 import fs from 'node:fs';
-import shx from 'shelljs';
+import { shx } from '../../lib/utils.js';
 import path from 'path';
 // interfaces
 // libraries

package/dist/classes/ovary.d/produce.js

@@ -9,7 +9,7 @@ import chalk from 'chalk';
 import mustache from 'mustache';
 // packages
 import fs from 'node:fs';
-import shx from 'shelljs';
+import { shx } from '../../lib/utils.js';
 import path from 'path';
 // libraries
 import { exec } from '../../lib/utils.js';

package/dist/classes/ovary.d/user-create-live.d.ts

@@ -1,14 +1,8 @@
 /**
- * ./src/classes/ovary.d/create-user-live.ts
+ * src/classes/ovary.d/user-create-live.ts
  * penguins-eggs v.25.7.x / ecmascript 2020
- * author: Piero Proietti
- * email: piero.proietti@gmail.com
- * license: MIT
+ * * REFACTORED: Uses "The SysUser Master" class.
+ * Creates the live user directly in the merged filesystem safely.
  */
 import Ovary from '../ovary.js';
-/**
-   * list degli utenti: grep -E 1[0-9]{3}  /etc/passwd | sed s/:/\ / | awk '{print $1}'
-   * create la home per user_opt
-   * @param verbose
-   */
-export declare function userCreateLive(this: Ovary): Promise<void>;
+export default function userCreateLive(this: Ovary): Promise<void>;