V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

.preseed/preseed.yaml

@@ -572,6 +572,7 @@ software:
   # e2fsprogs
   # fdisk
   # findutils
+  # git
   # grep
   # gzip
   # hostname
@@ -707,7 +708,6 @@ software:
   - debconf
   - debconf-utils
   - dialog
-  - git
   - knot-dnssecutils
   - knot-dnsutils
   - locate

func/cdi_4500_user/4520_accounts_setup.sh

@@ -883,31 +883,70 @@ zsh_omz_installer() {
   ### Declare Arrays, HashMaps, and Variables.
   declare     var_user="${1}"
 
+  ### Install Oh My Zsh and two plugins for a given user (non-interactive, idempotent).
+  ### Args to payload: $1 = username (e.g., "root" or "alice")
   chroot_stdin "${TARGET}" "__payload__" -- "${var_user}" <<'EOF'
 export LC_ALL=C
 user="$1"
-### Login shell for proper HOME, PATH, etc.
-### We also set installer env to prevent zsh spawn or chsh.
-su - "${user}" -s /bin/bash -c '
-  set -euo pipefail
-  export RUNZSH=no CHSH=no KEEP_ZSHRC=yes
-  export ZSH="${HOME}/.oh-my-zsh"
-  ### Pre-create ~/.oh-my-zsh to control perms.
-  mkdir -p "${ZSH}" && chmod 0700 "${ZSH}"
-  umask 0077
-  ### Use wget or curl as available.
-  if command -v wget >/dev/null; then
-    sh -c "$(wget -qO- https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"
+
+### Resolve account data
+pwline="$(getent passwd "${user}" || true)"
+[[ -n "${pwline}" ]] || { echo "User not found: ${user}" >&2; exit 1; }
+IFS=: read -r _ _ uid gid _ home _ <<<"${pwline}"
+
+### Prepare a small script that runs as the target user (correct HOME/ownership)
+usr_script="$(mktemp /tmp/omz_user_install.XXXXXX)"
+cat >|"${usr_script}" <<'USR'
+set -Ceuo pipefail
+export LC_ALL=C
+umask 077
+
+### We are running as the target user here
+ZSH_DIR="${HOME}/.oh-my-zsh"
+
+### If ZSH_DIR exists but is EMPTY (e.g., previous aborted run), remove it, so the installer can proceed.
+if [[ -d "${ZSH_DIR}" ]] && [[ -z "$(ls -A "${ZSH_DIR}")" ]]; then
+  rm -rf "${ZSH_DIR}"
+fi
+
+### If already installed (git repo present), skip the installer.
+if [ -d "${ZSH_DIR}/.git" ]; then
+  :
+else
+  ### Download installer to a temp file and run it with non-interactive env.
+  inst="$(mktemp)"
+  if command -v wget >/dev/null 2>&1; then
+    wget -qO "${inst}" https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh
   else
-    sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"
+    curl -fsSL -o "${inst}" https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh
   fi
-  ### Plugins (clone shallow).
-  ZSH_CUSTOM="${ZSH}/custom"
-  mkdir -p "${ZSH_CUSTOM}/plugins"
-  git clone --depth 1 https://github.com/zsh-users/zsh-autosuggestions "${ZSH_CUSTOM}/plugins/zsh-autosuggestions" || true
-  git clone --depth 1 https://github.com/zsh-users/zsh-syntax-highlighting.git "${ZSH_CUSTOM}/plugins/zsh-syntax-highlighting" || true
-'
-umask 0022
+  ### Ensure that ZSH is not set for the installer, and keep it fully non-interactive.
+  RUNZSH=no CHSH=no KEEP_ZSHRC=yes env -u ZSH sh "${inst}"
+  rm -f "${inst}"
+fi
+
+### Install plugins (shallow clone; idempotent)
+ZSH_CUSTOM="${ZSH_DIR}/custom"
+mkdir -p "${ZSH_CUSTOM}/plugins"
+[[ -d "${ZSH_CUSTOM}/plugins/zsh-autosuggestions/.git" ]] || \
+  git clone --depth 1 https://github.com/zsh-users/zsh-autosuggestions "${ZSH_CUSTOM}/plugins/zsh-autosuggestions"
+[ [ -d "${ZSH_CUSTOM}/plugins/zsh-syntax-highlighting/.git" ]] || \
+  git clone --depth 1 https://github.com/zsh-users/zsh-syntax-highlighting "${ZSH_CUSTOM}/plugins/zsh-syntax-highlighting"
+
+### '~/.zshrc' will be updated later in the main CISS.debian.installer environment.
+
+### Do NOT start zsh here and do NOT chsh (RUNZSH/CHSH handled above).
+:
+USR
+
+### Execute as user (login shell to get proper env), then clean up the temp script.
+if [[ "${uid}" -eq 0 ]]; then
+  ### root user: no su needed
+  bash "${usr_script}"
+else
+  su - "${user}" -s /bin/bash -c "bash '${usr_script}'"
+fi
+rm -f -- "${usr_script}" || :
 :
 EOF