see #1
Bug 1 fixed — revert_userdb blindly reloaded userdbd (30-userdb.sh): During --revert, analyze_userdb is never called so DM_NAME is always "unknown". The unconditional userdbd reload would break the lock screen again for users reverting while SDDM was active. Now it detects the active DM directly and skips the reload with a warning if one is found.
Bug 2 fixed — revert_no_conf printed rm -rf /etc/userdb (99-main.sh): The legacy manual-revert instructions nuked all of /etc/userdb, including any pre-existing records that ageless had backed up. Now it prints per-file commands: mv *.pre-ageless where a backup exists, rm only where there's no backup.
closes#5 - thanks to @shadypayload for reporting
**Root cause:** Line 138's `ID_LIKE=${AGELESS_ID_LIKE}` in a heredoc wrote `ID_LIKE=ubuntu debian` (unquoted) to `/etc/os-release`. Any script that sources the file as shell — including `grub-mkconfig` — then tried to execute `debian` as a command.
**Changes made (v0.1.0 → 0.1.1):**
- `become-ageless.sh:138` — `ID_LIKE="${AGELESS_ID_LIKE}"` (the actual bug)
- `become-ageless.sh:136` — `VERSION_CODENAME="${AGELESS_CODENAME,,}"` (unquoted, low-risk but same pattern)
- `become-ageless.sh:161-162` — same fix in the `/etc/lsb-release` heredoc
- Copied updated script to `agelesslinux.org/`
- §7: add explicit block-response shape with mandatory tagline field
("No age verification required to send a fax.")
- §9: surface the same tagline as the byline of /rate-limit
- §5: append the tagline to the magic-link email copy
- §6: lead the attestation with the AC's literal wording
("I certify I live in this district") with the longer-form
attestation underneath
- §4: argue explicitly for relaxing AC #6's "serverless-compatible"
parenthetical in favor of Option B's legibility, with the case
against laid out so the author can flip if they disagree
Resolves the three review items on Kanboard #130.
Decomposition output for Kanboard #130: the verification UX as
rhetorical artifact. Enumerates collected/refused fields, three
architecture options (recommends single Python service), magic-link
flow, week-windowed per-rep ledger, abuse heuristics without CAPTCHA,
and seven proposed implementation sub-tasks.
Five CYOA persona messages (default, parent, developer, student, privacy)
with AB 1043 section citations. Generates one-page branded fax PDFs,
sends via Telnyx Programmable Fax API with per-send cost tracking and
configurable budget ceiling. Integrates with lookup.py legislator data.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Census geocoder resolves addresses to congressional and state legislative
districts. Federal lookup via congress-legislators YAML, state lookup via
Open States CSV. Includes CA algorithmic fax fallback, CLI interface,
and 11 end-to-end pytest tests covering SF + LA addresses.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Federal data from unitedstates/congress-legislators (public domain),
state data from Open States/Plural Policy bulk CSVs. Coverage report
documents fax availability per target state and recommends CA as
launch state (100% algorithmic fax coverage for state legislature).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Linux Mint (LightDM) also confirmed affected by the lock screen bug.
The issue is nss-systemd reading /etc/userdb/ drop-ins, not specific
to any display manager. Rename print_sddm_warning to print_dm_warning,
trigger warning for any detected DM when userdb will be modified.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
test/run-in-container.sh tests the full lifecycle inside containers:
--version, --dry-run, install, backup verification, revert cleanup,
flagrant mode, --persistent gating, userdb creation/removal.
test/test-distros.sh runs across debian, ubuntu, arch, fedora, artix.
test/stubs.sh provides no-op function definitions for testing main flow.
Verified: all 5 distros pass. Arch is the only base image with
systemd-userdbd installed, exercising the full userdb path.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Remove mid-session systemd-userdbd reload that broke SDDM/KDE lock
screen password verification. Add pre-conversion system analysis with
display manager detection and SDDM-specific warnings. Add --dry-run
to preview all actions, /etc/agelesslinux.conf to record what was
installed, and --revert to automatically undo a conversion. Back up
existing userdb records before modifying. Version 0.0.5.
Addresses #1
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
detect base distro ID and ID_LIKE from os-release and chain them
into the generated Ageless Linux os-release, so package managers
(pacman, dnf, apt) still find their distro family. PRETTY_NAME now
shows the base: "Ageless Linux 0.0.4 (Arch Linux)". removes the
Debian-only gate. adds --version flag. updates URLs to agelesslinux.org.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
systemd PR #40954 (merged 2026-03-18) added a birthDate field to JSON
user records. become-ageless.sh now neutralizes this field for all users:
regular mode sets 1970-01-01, flagrant mode sets null. New --persistent
flag installs agelessd, a systemd timer that re-neutralizes every 24h.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Piped execution (curl | bash) silently exited because read got EOF
and defaulted to "no." Now detects missing TTY and errors with a
clear message pointing to --accept. Interactive mode unchanged.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Converts a Debian installation to Ageless Linux by rewriting os-release,
installing an AB 1043 noncompliance notice, and optionally (--flagrant)
refusing to provide any age verification API at all.
Standard mode: stub API that returns an error message.
Flagrant mode: machine-readable REFUSAL, no API, designed for devices
that will be physically handed to children.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
