From 7c3b1c0ab9af1afeb68fdf9470e40b4c183bf0f5 Mon Sep 17 00:00:00 2001 From: Your Name Date: Sun, 28 Jun 2026 02:06:24 +0800 Subject: [PATCH] fix(reboot): require double key for host runner sentinel --- scripts/reboot-recovery/awoooi-startup-110.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/reboot-recovery/awoooi-startup-110.sh b/scripts/reboot-recovery/awoooi-startup-110.sh index ac739b8a..0eb47f86 100644 --- a/scripts/reboot-recovery/awoooi-startup-110.sh +++ b/scripts/reboot-recovery/awoooi-startup-110.sh @@ -193,9 +193,9 @@ RUNNER_SERVICE="gitea-act-runner-host.service" RUNNER_ENABLE_SENTINEL="/run/awoooi-runner-host-enabled" START_GITEA_RUNNER_ON_BOOT="${AWOOOI_START_GITEA_RUNNER_ON_BOOT:-0}" START_GITEA_RUNNER_ALLOWED=0 -# The runtime operator sentinel is the explicit, reversible approval to keep -# the host runner open during an authorized deployment window. -if [ -e "$RUNNER_ENABLE_SENTINEL" ]; then +# The runtime operator sentinel is the second key for an authorized deployment +# window. A single env var or a stale sentinel alone must not reopen host CI. +if [ "$START_GITEA_RUNNER_ON_BOOT" = "1" ] && [ -e "$RUNNER_ENABLE_SENTINEL" ]; then START_GITEA_RUNNER_ALLOWED=1 fi if [ -x "$RUNNER_DIR/act_runner" ] && [ -f "$RUNNER_DIR/config.yaml" ]; then