claim(5): A5-7 fix — CronCreate mechanism verified (T0-refire 23:18Z, upgrader-cron.log created)
Some checks failed
continuous-integration/drone/push Build is failing
Some checks failed
continuous-integration/drone/push Build is failing
This commit is contained in:
autonomic-bot
@ -1266,3 +1266,11 @@ and `state=pending` (on trigger) / `success|failure` (on build finish). `testme-
|
||||
Alternative option 2 (scan PR comments for `<!-- cc-ci:testme -->` marker) was rejected as fragile.
|
||||
This approach adds native Gitea PR status indicators (shown in the PR UI as checkmarks/Xs next to
|
||||
the commit), which is the correct SCM integration.
|
||||
|
||||
- **§4 weekly cron: CronCreate (not busybox crond).** busybox crond's `-c dir` mode calls
|
||||
`setgid/setuid` before running jobs; silently skips all entries when not root (A5-7). Switched to
|
||||
CronCreate (Claude scheduled task, per plan §4 "acceptable mechanisms"). Weekly job ID `8dd9aed3`
|
||||
fires every Monday 23:04 UTC. Known limitation: `durable=true` did not write to disk in this
|
||||
environment; job is session-persistent (survives as long as Builder session runs). T0-refire
|
||||
verified: CronCreate test fire at 23:17Z → upgrader started, upgrader-cron.log created, status
|
||||
RUNNING. (2026-06-01)
|
||||
|
||||
@ -600,3 +600,28 @@ V5 and V3 PASS confirmed by Adversary at 21:52Z (full — no caveats).
|
||||
- `cc-ci-upgrader` agent now running `/upgrade-all uptime-kuma` (DEFAULT mode)
|
||||
- Agent is in the survey phase (`abra recipe upgrade uptime-kuma -m -n`)
|
||||
- Polling for completion (uptime-kuma: app 2.2.1 → 2.4.0, mariadb 11.8 → 12.2)
|
||||
|
||||
## §4 T0-refire: CronCreate mechanism verified — 2026-06-01T23:18Z
|
||||
|
||||
busybox crond T0 miss (23:04Z) diagnosed as A5-7: crond silently skips all jobs when non-root
|
||||
(setgid/setuid fail with EPERM). Fix: switched to CronCreate (Claude scheduled task).
|
||||
|
||||
CronCreate one-shot test fire (ID 566f5fe6) scheduled at 23:17Z UTC. It fired into the session
|
||||
turn queue and was processed at 23:18Z. Command executed:
|
||||
```
|
||||
HOME=/home/loops PATH=/home/loops/.local/bin:/run/current-system/sw/bin UPGRADER_ARGS=--dry-run \
|
||||
python3 /srv/cc-ci/cc-ci-plan/launch-upgrader.py start >> /srv/cc-ci/.cc-ci-logs/upgrader-cron.log 2>&1
|
||||
```
|
||||
|
||||
Result:
|
||||
- upgrader-cron.log created with content:
|
||||
`[upgrader 23:18:21] starting cc-ci-upgrader (backend=claude, model=sonnet, args='--dry-run')`
|
||||
`[upgrader 23:18:21] started. attach: tmux attach -t cc-ci-upgrader log: .../cc-ci-upgrader.log`
|
||||
- `launch-upgrader.py status` → `RUNNING (busy)` ✓
|
||||
- `cc-ci-upgrader` tmux session created Mon Jun 1 23:18:21 2026 ✓
|
||||
|
||||
Weekly recurring job ID `8dd9aed3` installed: `4 23 * * 1` (Monday 23:04 UTC). Session-persistent
|
||||
(durable=true did not write scheduled_tasks.json in this env; job lives as long as Builder session).
|
||||
|
||||
busybox crond session (cc-ci-crond) and crontab dir cleaned up. `/home/loops/.cc-ci-crontabs/loops`
|
||||
still contains the original entry as documentation but is no longer active.
|
||||
|
||||
@ -6,8 +6,9 @@
|
||||
|
||||
## Current focus
|
||||
|
||||
V1-V8a ALL Adversary-verified PASS. V9 complete + cron installed.
|
||||
**Gate: M5 CLAIMED, awaiting Adversary cold-verify of V9 + §4 cron.**
|
||||
V1-V9 ALL Adversary-verified PASS. §4 cron A5-7 fixed: switched from busybox crond (non-functional
|
||||
as non-root) to CronCreate. T0-refire verified 23:18Z: upgrader-cron.log created, RUNNING.
|
||||
**Gate: M5 RE-CLAIMED, awaiting Adversary PASS on §4 cron T0-refire.**
|
||||
|
||||
## Fix A5-6: uptime-kuma bridge enrollment
|
||||
|
||||
@ -277,38 +278,47 @@ ssh cc-ci "docker stack ls" → only 5 legit cc-ci services
|
||||
tmux list-sessions → no cc-ci-upgrader session
|
||||
```
|
||||
|
||||
## §4 Weekly Cron — INSTALLED
|
||||
## §4 Weekly Cron — FIXED + VERIFIED (CronCreate)
|
||||
|
||||
**Mechanism:** busybox crond in tmux session `cc-ci-crond` on the orchestrator VM
|
||||
**Schedule:** `4 23 * * 1` = Monday 23:04 UTC weekly
|
||||
**T0:** 2026-06-01T23:04Z (first fire ~55min after install)
|
||||
**Crontab file:** `/home/loops/.cc-ci-crontabs/loops`
|
||||
**Command:** `python3 /srv/cc-ci/cc-ci-plan/launch-upgrader.py start`
|
||||
**Logs:** `/srv/cc-ci/.cc-ci-logs/upgrader-cron.log`, `/srv/cc-ci/.cc-ci-logs/crond.log`
|
||||
**Pre-check verified:** `python3 launch-upgrader.py status` → works with cron-equivalent env (HOME/PATH set) ✓
|
||||
**Known gap:** not boot-persistent (crond in tmux, not NixOS service). Restart command in DECISIONS.md.
|
||||
**A5-7 root cause:** busybox crond silently skips all jobs as non-root (setgid/setuid fail EPERM).
|
||||
T0 at 23:04Z missed. Fixed by switching to CronCreate (Claude scheduled task — plan §4 allows this).
|
||||
|
||||
**Mechanism:** CronCreate (harness scheduler), Builder session on orchestrator VM
|
||||
**Schedule:** CronCreate job ID `8dd9aed3`, cron `4 23 * * 1` = Monday 23:04 UTC weekly
|
||||
**Command:** `HOME=/home/loops PATH=... python3 /srv/cc-ci/cc-ci-plan/launch-upgrader.py start >> /srv/cc-ci/.cc-ci-logs/upgrader-cron.log 2>&1`
|
||||
**Known limitation:** `durable=true` did not write scheduled_tasks.json in this env; job is
|
||||
session-persistent (lives as long as Builder session; re-create if session is killed+restarted).
|
||||
|
||||
**T0-refire verification (23:17Z test fire):**
|
||||
- CronCreate one-shot (ID `566f5fe6`) fired at 23:17Z → processed at 23:18Z
|
||||
- Command ran: `UPGRADER_ARGS=--dry-run python3 launch-upgrader.py start >> upgrader-cron.log 2>&1`
|
||||
- Exit code: 0 ✓
|
||||
- `upgrader-cron.log` created with content (first two lines):
|
||||
```
|
||||
[upgrader 23:18:21] starting cc-ci-upgrader (backend=claude, model=sonnet, args='--dry-run')
|
||||
[upgrader 23:18:21] started. attach: tmux attach -t cc-ci-upgrader
|
||||
```
|
||||
- `launch-upgrader.py status` → `RUNNING (busy)` immediately after ✓
|
||||
- `cc-ci-upgrader` tmux session active ✓
|
||||
|
||||
**How to verify:**
|
||||
```
|
||||
# Crond running
|
||||
tmux list-sessions | grep cc-ci-crond → running
|
||||
cat /home/loops/.cc-ci-crontabs/loops → shows weekly cron at 4 23 * * 1
|
||||
# T0 fire verification (pending until 23:04Z)
|
||||
cat /srv/cc-ci/.cc-ci-logs/upgrader-cron.log → new lines after 23:04Z
|
||||
python3 /srv/cc-ci/cc-ci-plan/launch-upgrader.py status → RUNNING after 23:04Z
|
||||
# Cron log created by T0-refire
|
||||
cat /srv/cc-ci/.cc-ci-logs/upgrader-cron.log
|
||||
→ [upgrader 23:18:21] starting cc-ci-upgrader (backend=claude, model=sonnet, args='--dry-run')
|
||||
→ [upgrader 23:18:21] started. attach: tmux attach -t cc-ci-upgrader ...
|
||||
|
||||
# CronCreate weekly job still registered (session-persistent)
|
||||
# (verify by observing CronList in Builder session or checking job ID 8dd9aed3 is active)
|
||||
```
|
||||
|
||||
## Phase 5 gates
|
||||
|
||||
Gate: M5 CLAIMED, awaiting Adversary cold-verify of V9 + §4 cron.
|
||||
Gate: M5 RE-CLAIMED (A5-7 fix: CronCreate mechanism verified), awaiting Adversary §4 cron PASS.
|
||||
|
||||
## Verification next step
|
||||
|
||||
Awaiting Adversary PASS on V9 to write ## DONE.
|
||||
|
||||
## Phase 5 gates
|
||||
|
||||
(None claimed yet.)
|
||||
Awaiting Adversary PASS on §4 cron T0-refire to write ## DONE. V9 already PASS.
|
||||
|
||||
## Blocked
|
||||
|
||||
|
||||
Reference in New Issue
Block a user