From 2b481b6656e2399a8d9a606462c9099e26ecdf95 Mon Sep 17 00:00:00 2001
From: brian <brian@hanson.xyz>
Date: Tue, 14 Apr 2026 18:41:06 -0500
Subject: [PATCH] provision: simplify boot with quick_boot flag, auto-update
 from git

- on_start.sh: always enables WiFi, waits 30s for connectivity if
  no /data/quick_boot, then runs provision.sh
- New provision.sh: sets up SSH keys, installs openvpn, pulls latest
  code from remote (hard reset, remote wins), runs build_only.sh,
  touches /data/quick_boot on success
- Delete old dev/on_start.sh, dev/provision.sh, dev/on_start_brian.sh.cpt
  (encrypted key decryption no longer needed)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 system/clearpilot/dev/on_start.sh           | 17 --------
 system/clearpilot/dev/on_start_brian.sh.cpt |  2 -
 system/clearpilot/dev/provision.sh          | 48 ---------------------
 system/clearpilot/on_start.sh               | 23 +++++++++-
 system/clearpilot/provision.sh              | 48 +++++++++++++++++++++
 5 files changed, 69 insertions(+), 69 deletions(-)
 delete mode 100755 system/clearpilot/dev/on_start.sh
 delete mode 100755 system/clearpilot/dev/on_start_brian.sh.cpt
 delete mode 100755 system/clearpilot/dev/provision.sh
 create mode 100644 system/clearpilot/provision.sh

diff --git a/system/clearpilot/dev/on_start.sh b/system/clearpilot/dev/on_start.sh
deleted file mode 100755
index 040c433..0000000
--- a/system/clearpilot/dev/on_start.sh
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/bin/bash
-
-# tmp for debugging
-date >> /tmp/dongles
-echo check dongle >> /tmp/dongles
-cat /data/params/d/DongleId >> /tmp/dongles
-echo done >> /tmp/dongles
-
-dongle_id=$(cat /data/params/d/DongleId)
-if [[ ! $dongle_id == 90bb71* ]]; then
-    exit 1
-fi
-
-echo Bringing up brian dev environment
-
-bash /data/openpilot/system/clearpilot/dev/provision.sh
-bash /data/openpilot/system/clearpilot/dev/on_start_brian.sh
\ No newline at end of file
diff --git a/system/clearpilot/dev/on_start_brian.sh.cpt b/system/clearpilot/dev/on_start_brian.sh.cpt
deleted file mode 100755
index 99f7de5..0000000
--- a/system/clearpilot/dev/on_start_brian.sh.cpt
+++ /dev/null
@@ -1,2 +0,0 @@
-•Í’T4üoŠd¿á¹³€å–³!qús^§‘1EŒ½—ðÓÉQ¯Åe|0b.7ša|Þ¶$Âï)x‰ ÷9‘Sü8BÌQÛ÷øÃ;TÝ`~?Q!hj2ÔŒwqô/[´ Xðt¬Ç5‡ü,«Ëñm¾^v¯$vf‚ÇH°)J½A
-²W°n`<@’‹.¬ç&>­&}m8˜‰àÃ;½\$^`Aª›Œ
\ No newline at end of file
diff --git a/system/clearpilot/dev/provision.sh b/system/clearpilot/dev/provision.sh
deleted file mode 100755
index 1c17a57..0000000
--- a/system/clearpilot/dev/provision.sh
+++ /dev/null
@@ -1,48 +0,0 @@
-#!/bin/bash
-
-# Provision script for BrianBot
-# These actions only occur on BrianBot's comma device.
-
-# 1. Check the string in /data/params/d/DongleId
-dongle_id=$(cat /data/params/d/DongleId)
-if [[ ! $dongle_id == 90bb71* ]]; then
-    exit 1
-fi
-
-echo "BrianBot dongle ID detected."
-
-# 2. Check if ccrypt is installed, install if not
-if ! command -v ccrypt >/dev/null 2>&1; then
-    echo "Installing ccrypt..."
-    sudo apt-get update
-    sudo apt-get install -y ccrypt
-fi
-
-# 3. Decrypt SSH keys if they have not been decrypted yet
-if [ ! -f /data/openpilot/system/clearpilot/dev/id_rsa.pub ]; then
-   echo "Decrypting SSH keys..."
-   bash /data/openpilot/system/clearpilot/tools/decrypt /data/openpilot/system/clearpilot/dev/id_rsa.pub.cpt /data/openpilot/system/clearpilot/dev/id_rsa.pub
-   bash /data/openpilot/system/clearpilot/tools/decrypt /data/openpilot/system/clearpilot/dev/id_rsa.cpt /data/openpilot/system/clearpilot/dev/id_rsa
-   bash /data/openpilot/system/clearpilot/tools/decrypt /data/openpilot/system/clearpilot/dev/on_start_brian.sh.cpt /data/openpilot/system/clearpilot/dev/on_start_brian.sh
-fi
-
-# 4. Ensure .ssh directory and keys exist
-ssh_dir="/data/ssh/.ssh"
-if [[ ! -f "$ssh_dir/id_rsa" || ! -f "$ssh_dir/id_rsa.pub" ]]; then
-    echo "Setting up SSH directory and keys..."
-    mkdir -p "$ssh_dir"
-    cp /data/openpilot/system/clearpilot/dev/id_rsa /data/openpilot/system/clearpilot/dev/id_rsa.pub "$ssh_dir"
-    chmod 700 "$ssh_dir"
-    chmod 600 "$ssh_dir/id_rsa" "$ssh_dir/id_rsa.pub"
-    echo hansonxyz > /data/params/d/GithubUsername
-    cat /data/openpilot/system/clearpilot/dev/GithubSshKeys > /data/params/d/GithubSshKeys
-    echo 1 > /data/params/d/SshEnabled
-    sudo systemctl restart ssh
-    cd /data/openpilot
-    git remote remove origin
-    git remote add origin git@privategit.hanson.xyz:brianhansonxyz/clearpilot.git
-fi
-
-echo "Script execution complete."
-
-
diff --git a/system/clearpilot/on_start.sh b/system/clearpilot/on_start.sh
index 42a5126..6009e52 100755
--- a/system/clearpilot/on_start.sh
+++ b/system/clearpilot/on_start.sh
@@ -3,5 +3,24 @@
 # Install logo
 bash /data/openpilot/system/clearpilot/startup_logo/set_logo.sh
 
-# Reverse ssh disabled â€” using VPN for remote access instead
-# bash /data/openpilot/system/clearpilot/dev/on_start.sh
+# Always ensure WiFi radio is on
+nmcli radio wifi on 2>/dev/null
+
+if [ ! -f /data/quick_boot ]; then
+    # No quick_boot flag â€” wait for internet connectivity (up to 30s)
+    echo "Waiting for internet connectivity (up to 30s)..."
+    for i in $(seq 1 30); do
+        if nmcli networking connectivity check 2>/dev/null | grep -q "full"; then
+            echo "Internet connectivity detected after ${i}s"
+            break
+        fi
+        sleep 1
+    done
+
+    # If online, run provision
+    if nmcli networking connectivity check 2>/dev/null | grep -q "full"; then
+        bash /data/openpilot/system/clearpilot/provision.sh
+    else
+        echo "No internet connectivity after 30s, skipping provision"
+    fi
+fi
diff --git a/system/clearpilot/provision.sh b/system/clearpilot/provision.sh
new file mode 100644
index 0000000..81488d6
--- /dev/null
+++ b/system/clearpilot/provision.sh
@@ -0,0 +1,48 @@
+#!/bin/bash
+
+# ClearPilot provision script
+# Runs on first boot (no /data/quick_boot) when internet is available.
+# Sets up SSH, installs packages, pulls latest code, and builds.
+
+# Dongle gate
+dongle_id=$(cat /data/params/d/DongleId 2>/dev/null)
+if [[ ! $dongle_id == 90bb71* ]]; then
+    echo "provision: dongle ID not recognized, skipping"
+    exit 0
+fi
+
+echo "provision: starting"
+
+# 1. SSH authorized keys and service
+cat /data/openpilot/system/clearpilot/dev/GithubSshKeys > /data/params/d/GithubSshKeys
+echo -n 1 > /data/params/d/SshEnabled
+sudo systemctl enable ssh 2>/dev/null
+sudo systemctl start ssh
+
+# 2. Remount / read-write and install packages
+sudo mount -o remount,rw /
+sudo apt-get update -qq
+sudo apt-get install -y openvpn
+
+# 3. Pull latest from remote (remote always wins)
+cd /data/openpilot
+git fetch origin clearpilot
+LOCAL=$(git rev-parse HEAD)
+REMOTE=$(git rev-parse origin/clearpilot)
+if [ "$LOCAL" != "$REMOTE" ]; then
+    echo "provision: updating from $LOCAL to $REMOTE"
+    git reset --hard origin/clearpilot
+    sudo chown -R comma:comma /data/openpilot
+fi
+
+# 4. Build
+echo "provision: running build"
+su - comma -c "bash /data/openpilot/build_only.sh"
+if [ $? -eq 0 ]; then
+    echo "provision: build succeeded"
+    touch /data/quick_boot
+else
+    echo "provision: build failed"
+fi
+
+echo "provision: complete"