From deae53b721c5ca0d969f1a06243e01ffa2a32809 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 7 Apr 2026 17:13:16 +0000
Subject: [PATCH 1/2] Initial plan


From 65ce66a5412970451bc0b492c0488113957dda04 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 7 Apr 2026 17:14:32 +0000
Subject: [PATCH 2/2] Fix chpasswd: run directly from host with --root /mnt, no
 chroot needed

Agent-Logs-Url: https://github.com/naturallaw777/staging_alpha/sessions/3ff98bf4-8f62-4c81-90fd-36854e88266f

Co-authored-by: naturallaw777 <99053422+naturallaw777@users.noreply.github.com>
---
 iso/installer.py | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/iso/installer.py b/iso/installer.py
index f27df18..2600151 100644
--- a/iso/installer.py
+++ b/iso/installer.py
@@ -1000,24 +1000,27 @@ class InstallerWindow(Adw.ApplicationWindow):
                     raise RuntimeError(proc.stderr.strip() or "Failed to write password file")
                 run(["sudo", "chmod", "600", "/mnt/var/lib/secrets/free-password"])
 
-                # Locate chpasswd in the installed system's Nix store
+                # Find chpasswd in the installed system's Nix store
+                # We run it directly from the host with --root /mnt so it
+                # modifies /mnt/etc/shadow — no chroot needed.
                 chpasswd_find = subprocess.run(
-                    ["sudo", "find", "/mnt/nix/store", "-name", "chpasswd", "-type", "f", "-path", "*/bin/chpasswd"],
+                    ["sudo", "find", "/mnt/nix/store", "-maxdepth", "3",
+                     "-name", "chpasswd", "-type", "f", "-path", "*/bin/chpasswd"],
                     capture_output=True, text=True
                 )
                 chpasswd_paths = chpasswd_find.stdout.strip().splitlines()
                 if not chpasswd_paths:
                     raise RuntimeError("chpasswd binary not found in /mnt/nix/store")
-                # Use the first match; strip the /mnt prefix for chroot-relative path
-                chpasswd_bin = chpasswd_paths[0][len("/mnt"):]
+                # Use the full host path (e.g. /mnt/nix/store/...-shadow-xxx/bin/chpasswd)
+                chpasswd_bin = chpasswd_paths[0]
 
                 proc = subprocess.run(
-                    ["sudo", "chroot", "/mnt", "sh", "-c",
-                     f"echo 'free:{password}' | {chpasswd_bin}"],
+                    ["sudo", chpasswd_bin, "--root", "/mnt"],
+                    input=f"free:{password}",
                     capture_output=True, text=True
                 )
                 if proc.returncode != 0:
-                    raise RuntimeError(proc.stderr.strip() or "Failed to set password in chroot")
+                    raise RuntimeError(proc.stderr.strip() or "Failed to set password")
 
                 run(["sudo", "touch", "/mnt/var/lib/sovran-customer-onboarded"])
             except Exception as e: