Three issues caught during tadbit onboarding:
1. run_once_00-install-bootstrap-tools.sh.tmpl (gentoo branch):
'gnupg' is ambiguous (app-crypt/gnupg vs app-vim/gnupg). Use full
category/package names: app-crypt/gnupg, app-crypt/age, etc.
The previous 'for p in age curl ...' loop fed short names to
emerge which printed '!!! The short ebuild name gnupg is
ambiguous' and exited 1.
2. run_once_20-install-user-packages-gentoo.sh.tmpl:
sys-devel/base-devel doesn't exist on Gentoo (it's an Arch/Fedora
concept; Gentoo's toolchain is the @system set which is always
installed). Removed base-devel from the package list.
3. Universal scripts (run_once_20 + run_once_40) were running on
gentoo and hitting either 'die unsupported os_family' (universal
20) or 'WARNING sway packages not configured for gentoo' (universal
40). Added early-return: 'if os_family == gentoo, exit 0' at the
top of each universal script so the gentoo-specific scripts
handle the box. (Same pattern the chaotic-aur script already had.)
4. run_once_10-add-gentoo-overlays.sh.tmpl:
The cached ~/.cache/eselect-repo/repositories.xml was corrupt on
tadbit (lxml.etree.XMLSyntaxError on every 'eselect repository
list' call). Added a sanity check: parse the XML with
xml.etree.ElementTree, delete if invalid, re-fetch.
After these fixes, the bootstrap on tadbit is expected to run cleanly
with --keep-going (the four failures above all become no-ops).
Tadbit (tadbit-gentoo, x86_64, gcc 15.2.1, TKG kernel) joins the
homelab as the 7th machine — the first gentoo box. Adds Gentoo
support to the bootstrap alongside arch and debian.
New scripts:
- run_once_10-add-gentoo-overlays.sh.tmpl: enables GURU overlay
via 'eselect repository enable guru' + 'emaint sync -r guru'.
Idempotent — skips if GURU is already at /var/db/repos/guru.
GURU is required because eza, lazygit, topgrade, and most modern
CLI tools only live in GURU (not main).
- run_once_20-install-user-packages-gentoo.sh.tmpl: emerge-based
user package set. Writes USE flags to package.use/ BEFORE
emerging so foot/wofi/waybar get the right features. Detects
missing packages via 'command -v <basename>'. Falls back to
the official curl installer for bun (no gentoo package).
- run_once_40-install-sway-gentoo.sh.tmpl: sway stack via emerge
with USE flags for X+wayland+tray+upower+wireplumber.
Updated scripts:
- .chezmoi.yaml.tmpl: os_family detection now also matches 'gentoo'.
Critical fix: Gentoo's /etc/os-release uses single-quoted values
('gentoo' not 'gentoo' or "gentoo"), and chezmoi's parser doesn't
strip them. Without trimAll "'", .chezmoi.osRelease.id returns
the literal string 'gentoo' with quotes, and the eq test fails.
Symptom: os_family silently becomes 'unknown'.
- run_once_00-install-bootstrap-tools.sh.tmpl: added gentoo branch
that uses emerge --sync + emerge (skipping if tree is < 1 day old).
- run_onchange_30-ensure-cargo.sh.tmpl: added gentoo branch for
bat (already installed by emerge, just verify), topgrade (GURU),
cargo-update (dev-util/cargo-update in main).
README: documented Gentoo-specific quirks (USE flags, GURU,
single-quote parsing, no binary packages).
Several run_once scripts unconditionally called sudo pacman/apt to
install packages — even on boxes where every package was already
present. That triggered a sudo password prompt on every fresh
chezmoi apply for nothing.
Two changes:
1. .chezmoi.yaml.tmpl: fall back to ~/.local/bin/age if /usr/bin/age
isn't installed (matters during initial bootstrap before age is
installed system-wide).
2. run_once_*.sh.tmpl: detect missing packages first; only call sudo
if there's actually something to install. For the LAN hosts script,
detect the existing block and skip if it's already correct.
These changes are transparent on boxes that already had everything
installed (the existing 5): no behavior change. They reduce sudo
prompts on bit (the new box, where most packages are pre-installed)
from ~5 prompts to 1 (just for /etc/hosts).
Many Rust crates (cargo-update, anything depending on openssl-sys)
need libssl-dev + pkg-config at build time. Without these,
`cargo install cargo-update` fails on debian with:
Could not find openssl via pkg-config
The system library `openssl` required by crate `openssl-sys`
was not found.
Add them to APT_PKGS in run_once_00-install-bootstrap-tools.sh.tmpl
so new debian boxes have them from the start. Existing Pis
(rye, crouton) need a one-time `sudo apt-get install -y libssl-dev
pkg-config` after pulling this commit.
chezmoi runs scripts as the invoking user, not root. run_once_00 was
calling apt-get/pacman directly, which fails on debian with
'Permission denied' on /var/lib/apt/lists/lock and on arch with
similar pacman lock errors. Same pattern was already correct in
run_once_20. Mirror that here.
This is the bug that blocked rye on the second attempt.
chezmoi runs run_once_* scripts as the invoking user (uid != 0).
The earlier check [[ $(id -u) -ne 0 ]] && die ... killed the script
immediately when invoked via 'chezmoi apply' or 'chezmoi init --apply'
from a normal user session.
The scripts use sudo internally for package operations (pacman/apt),
so elevation happens correctly. The id -u check was wrong: it belongs
in a script that's *meant* to be invoked as root directly, not in a
chezmoi-managed script.
