aesthetic.computer / core
Monorepo for Aesthetic.Computer aesthetic.computer
4
fork

Configure Feed

Select the types of activity you want to include in your feed.

ac-os: AC_ANON=1 anonymous flash mode + cache-aware OTA pull

AC_ANON=1 writes {"handle":"anonymous"} to the USB config and skips
baking any Claude/GitHub/AC tokens — useful when handing someone a
device to boot notepat without inscribing your session onto it. Also
skips require_login since pull_ota only hits public CDN URLs.

pull_ota now checks the cached /tmp/ac-os-pull/vmlinuz sha256 against
the remote hash up-front and skips the download entirely when it
matches. Slim kernel + initramfs get the same check via Content-Length
since there's no published hash for those. Saves ~260 MB over slow
links when re-flashing the same OTA release.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

prompt.ac/@jeffrey 142bc0b2 f16d8804

+59 -17
+59 -17
fedac/native/ac-os
··· 888 888 local CLAUDE_CREDS="" 889 889 local CLAUDE_STATE="" 890 890 891 + # AC_ANON=1 produces a shareable USB — no handle, no tokens, no 892 + # Claude/GitHub creds. Flash this when giving someone a device to 893 + # boot into notepat without inscribing your session onto it. 894 + if [ "${AC_ANON:-0}" = "1" ]; then 895 + USB_CONFIG='{"handle":"anonymous"}' 896 + ac_media_write_legacy_config "${CONFIG_FILE}" "${USB_CONFIG}" 897 + log "USB config: anonymous (no tokens, no session)" 898 + return 0 899 + fi 900 + 891 901 if [ -n "${AC_USER_HANDLE:-}" ]; then 892 902 AC_ACCESS_TOKEN=$(read_ac_access_token) 893 903 HANDLE_TOKEN_JSON=$(fetch_authenticated_handle_tokens "${AC_ACCESS_TOKEN}" || true) ··· 1435 1445 mkdir -p "${PULL_DIR}" 1436 1446 local PULLED_KERNEL="${PULL_DIR}/vmlinuz" 1437 1447 1438 - log "Downloading kernel (~$(( KERNEL_SIZE / 1048576 ))MB)..." 1439 - curl -f --progress-bar -o "${PULLED_KERNEL}" "${KERNEL_URL}" || { err "Download failed"; exit 1; } 1440 - 1441 - # Verify SHA256 1448 + # Fetch expected hash up-front so we can skip the download if the 1449 + # cached file already matches. Saves ~260 MB over slow links when 1450 + # re-flashing the same OTA release. 1442 1451 log "Verifying SHA256..." 1443 1452 local EXPECTED_HASH 1444 1453 EXPECTED_HASH=$(curl -sf "${HASH_URL}") || { err "Failed to fetch hash"; exit 1; } 1445 - local ACTUAL_HASH 1446 - ACTUAL_HASH=$(sha256sum "${PULLED_KERNEL}" | cut -d' ' -f1) 1447 - if [ "${ACTUAL_HASH}" != "${EXPECTED_HASH}" ]; then 1448 - err "SHA256 mismatch!" 1449 - err " expected: ${EXPECTED_HASH}" 1450 - err " got: ${ACTUAL_HASH}" 1451 - exit 1 1454 + 1455 + local SKIP_DOWNLOAD=0 1456 + if [ -f "${PULLED_KERNEL}" ]; then 1457 + local CACHED_HASH 1458 + CACHED_HASH=$(sha256sum "${PULLED_KERNEL}" | cut -d' ' -f1) 1459 + if [ "${CACHED_HASH}" = "${EXPECTED_HASH}" ]; then 1460 + log "Cached kernel matches — skipping download" 1461 + SKIP_DOWNLOAD=1 1462 + fi 1452 1463 fi 1453 - log "SHA256 verified: ${ACTUAL_HASH:0:16}..." 1464 + 1465 + if [ "${SKIP_DOWNLOAD}" -eq 0 ]; then 1466 + log "Downloading kernel (~$(( KERNEL_SIZE / 1048576 ))MB)..." 1467 + curl -f --progress-bar -o "${PULLED_KERNEL}" "${KERNEL_URL}" || { err "Download failed"; exit 1; } 1468 + local ACTUAL_HASH 1469 + ACTUAL_HASH=$(sha256sum "${PULLED_KERNEL}" | cut -d' ' -f1) 1470 + if [ "${ACTUAL_HASH}" != "${EXPECTED_HASH}" ]; then 1471 + err "SHA256 mismatch!" 1472 + err " expected: ${EXPECTED_HASH}" 1473 + err " got: ${ACTUAL_HASH}" 1474 + exit 1 1475 + fi 1476 + fi 1477 + log "SHA256 verified: ${EXPECTED_HASH:0:16}..." 1454 1478 1455 1479 # Download slim kernel + initramfs for universal Mac/ThinkPad boot 1456 1480 local SLIM_URL="${CDN_BASE}/native-notepat-latest.vmlinuz-slim" ··· 1458 1482 local PULLED_SLIM="${PULL_DIR}/vmlinuz-slim" 1459 1483 local PULLED_INITRAMFS="${PULL_DIR}/initramfs.cpio.gz" 1460 1484 if curl -sf --head "${SLIM_URL}" >/dev/null 2>&1; then 1461 - log "Downloading slim kernel..." 1462 - curl -f --progress-bar -o "${PULLED_SLIM}" "${SLIM_URL}" || true 1463 - log "Downloading initramfs..." 1464 - curl -f --progress-bar -o "${PULLED_INITRAMFS}" "${INITRAMFS_URL}" || true 1485 + # Cache-aware downloads for slim+initramfs too. We don't have a 1486 + # published hash for these, so we use HEAD's Content-Length as 1487 + # a cheap freshness check — if the local size matches remote, 1488 + # assume the file is the one the kernel hash above verified. 1489 + local SLIM_REMOTE_SIZE=$(curl -sfI "${SLIM_URL}" | awk -F'[: ]+' '/^[Cc]ontent-[Ll]ength:/ {print $2+0}' | tr -d '\r') 1490 + local INIT_REMOTE_SIZE=$(curl -sfI "${INITRAMFS_URL}" | awk -F'[: ]+' '/^[Cc]ontent-[Ll]ength:/ {print $2+0}' | tr -d '\r') 1491 + local SLIM_LOCAL_SIZE=$([ -f "${PULLED_SLIM}" ] && stat -c%s "${PULLED_SLIM}" 2>/dev/null || echo 0) 1492 + local INIT_LOCAL_SIZE=$([ -f "${PULLED_INITRAMFS}" ] && stat -c%s "${PULLED_INITRAMFS}" 2>/dev/null || echo 0) 1493 + if [ "${SLIM_LOCAL_SIZE}" = "${SLIM_REMOTE_SIZE}" ] && [ "${SLIM_REMOTE_SIZE}" -gt 0 ]; then 1494 + log "Cached slim kernel matches — skipping download" 1495 + else 1496 + log "Downloading slim kernel..." 1497 + curl -f --progress-bar -o "${PULLED_SLIM}" "${SLIM_URL}" || true 1498 + fi 1499 + if [ "${INIT_LOCAL_SIZE}" = "${INIT_REMOTE_SIZE}" ] && [ "${INIT_REMOTE_SIZE}" -gt 0 ]; then 1500 + log "Cached initramfs matches — skipping download" 1501 + else 1502 + log "Downloading initramfs..." 1503 + curl -f --progress-bar -o "${PULLED_INITRAMFS}" "${INITRAMFS_URL}" || true 1504 + fi 1465 1505 if [ -f "${PULLED_SLIM}" ] && [ -f "${PULLED_INITRAMFS}" ]; then 1466 1506 log "Universal boot files ready (slim $(du -sh "${PULLED_SLIM}" | cut -f1) + initramfs $(du -sh "${PULLED_INITRAMFS}" | cut -f1))" 1467 1507 fi ··· 1563 1603 log "Smoke test passed — USB flashed!" 1564 1604 ;; 1565 1605 pull) 1566 - require_login 1606 + # AC_ANON=1 skips login — pull_ota only hits public CDN URLs and 1607 + # the flash writes an anonymous config.json (no baked tokens). 1608 + [ "${AC_ANON:-0}" != "1" ] && require_login 1567 1609 pull_ota 1568 1610 flash_usb 1569 1611 ;;