- Prevent duplicate root entries in /etc/shadow by cleaning before adding
- Fix password hash compatibility by using proper shadow file format
- Improve password verification and account configuration
- Ensure root account is properly unlocked and configured
- Add better logging for password hash verification

This resolves the 'password hash x is unknown to libcrypt' error and
duplicate root entries that were preventing login to installed systems.

- Fix set_root_password.sh to update both build-time and live system preseed files
- Update auto-installer.sh to handle crypted passwords from preseed
- Fix cleanup.sh to reset both preseed files to default state
- Add changelog entry documenting the critical bug fix
- Resolve login issue where installed systems always used default password

This fixes the core issue where set_root_password.sh only modified the build-time
preseed file, but the auto-installer used the live system preseed file which
remained unchanged, causing installed systems to always have 'changeme' password.

NTP Configuration:
- Add ntp, ntpdate, systemd-timesyncd packages to live CD
- Configure systemd-timesyncd for automatic time synchronization
- Set NTP servers: pool.ntp.org and debian NTP servers
- Enable timesyncd service on installed system

Live CD Root Password:
- Modify override-live-config-passwd hook to set root password from preseed
- Read crypted password from preseed file during live system boot
- Set password directly in /etc/shadow with proper format
- Ensures live CD has the same password as configured during ISO creation
- Fixes password consistency between live CD and installed system

- Add select_timezone() function using tzselect for user-friendly timezone selection
- Integrate timezone selection as Step 2 in installation process
- Update timezone setting to use selected timezone for installed system
- Store selected timezone in /tmp/selected_timezone for use during configuration
- Update total steps from 9 to 10 to accommodate new timezone step
- Maintain backward compatibility with preseed timezone configuration
- Provide clear user interface for timezone selection during installation

- Copy live system's root password hash directly to installed system
- Eliminates need to remember separate passwords for live vs installed
- Uses sed to replace root line in target /etc/shadow with live system hash
- Falls back to default 'mbetter123' if live password copy fails
- Maintains SSH compatibility and password authentication

- Add default root password 'mbetter123' when no preseed password provided
- Improve password setting logic with better error handling and logging
- Ensure root account is properly unlocked and password never expires
- Add debugging output to track password setting process
- Fix 'password check failed' error by guaranteeing password is set

- Updated .xinitrc for mbetterclient user autologin
- Launch Openbox window manager first
- Launch MBetterClient_wrapper.sh in xterm terminal
- Provides proper desktop environment with terminal-based MBetterClient
- Maintains SSL and web-host configuration options

- Removed libgl1-mesa-glx: Mesa GLX OpenGL implementation
- Removed libegl1-mesa: Mesa EGL graphics library
- Removed virtualgl: VirtualGL for 3D acceleration

These packages were removed as requested to reduce the live CD size
while maintaining core Mesa graphics functionality through remaining packages:
- mesa-vdpau-drivers, mesa-vulkan-drivers, mesa-va-drivers
- libglx-mesa0, libegl-mesa0, libgl1-mesa-dri

- mesa-vdpau-drivers: VDPAU video acceleration drivers
- mesa-vulkan-drivers: Vulkan graphics API drivers
- mesa-va-drivers: VA-API video acceleration drivers
- libglx-mesa0: Mesa GLX library for X11 OpenGL support
- libegl-mesa0: Mesa EGL library for embedded graphics
- libegl1-mesa: Mesa EGL implementation
- libgl1-mesa-dri: Mesa DRI OpenGL drivers
- libgl1-mesa-glx: Mesa GLX OpenGL implementation
- libglx-mesa0: Additional Mesa GLX support

These libraries provide complete OpenGL, Vulkan, and video acceleration support for:
- Hardware-accelerated graphics rendering
- Video decoding and encoding acceleration
- Vulkan graphics API support
- EGL and GLX compatibility layers
- Direct rendering infrastructure (DRI)

- mesa-utils: OpenGL utilities for graphics debugging and testing
- virtualgl: VirtualGL for 3D acceleration and remote graphics
- vulkan-tools: Vulkan graphics API tools for modern GPU support
- pciutils: PCI utilities for hardware detection and diagnostics

These packages provide essential tools for:
- Graphics debugging and performance testing
- Hardware detection and PCI device information
- 3D acceleration support
- Vulkan graphics API development and testing

- Enhanced root password configuration for installed system
- Added comprehensive password aging settings to prevent expiration
- Unlock account and remove all password expiration requirements
- Set maximum password age to never expire
- Remove minimum password age restrictions
- Ensure immediate SSH login capability without password change prompt

MBetterClient Updates:
- Updated MBetterClient binary with latest version
- Added MBetterClient_wrapper.sh for enhanced functionality
- Configured wrapper launch with --ssl and --web-host 0.0.0.0 options
- Integrated wrapper into auto-installer for installed systems

Preseed Configuration:
- Updated debian-installer.cfg with enhanced configuration
- Improved root password handling and system setup
- Better compatibility with MBetterClient requirements

System Integration:
- MBetterClient now launches via wrapper on system boot
- SSL encryption enabled for secure communication
- Web interface accessible from all network interfaces
- Complete integration with mbetterclient user autologin

All changes committed and ready for production deployment

- Add --web-host 0.0.0.0 option to wrapper launch command
- Maintain --ssl option for secure communication
- Enable web interface access from all network interfaces
- Complete wrapper configuration for MBetterClient

- Add MbetterClient_wrapper.sh to git repository
- Modify installed system to launch wrapper instead of direct MBetterClient
- Add --ssl option to wrapper launch command
- Wrapper provides enhanced functionality and SSL support for MBetterClient

- Include vim for text editing capabilities
- Available in both live CD and installed system
- Essential tool for system administration and development

- Include ffmpeg binary for multimedia processing
- Required for MBetterClient multimedia functionality
- Available in both live CD and installed system
- Fixes PyInstaller build issues related to ffmpeg dependencies

- Create .xinitrc file that startx needs to launch MBetterClient
- Set proper ownership and executable permissions
- Fixes startx execution by providing required X session script
- Ensures MBetterClient launches properly in X environment

- Change .bashrc to exec startx instead of launching MBetterClient directly
- MBetterClient will now be launched by .xinitrc within the X session
- Maintains XKB environment variables for keyboard configuration
- Allows proper X session initialization before launching applications

- Add chmod u+s to /usr/bin/xkbcomp in installed system
- Fixes XKB keymap compilation errors during X startup
- Resolves 'Failed to activate virtual core keyboard' error
- Allows mbetterclient user to properly initialize X keyboard

- Remove zz-live-config_xinit.sh from /etc/profile.d in installed system
- This script can interfere with X startup and autologin behavior
- Ensures clean X environment for mbetterclient user autologin
- Prevents live-config scripts from overriding installed system configuration

- Add generate-ssh-keys.hook.chroot for live CD build
- Generate RSA, ECDSA, and Ed25519 SSH host keys during build
- Add SSH key generation to auto-installer for installed system
- Remove existing keys before generating new ones
- Fix 'no hostkeys available' SSH server error
- SSH server can now start properly on both live CD and installed system

- Create mbetterclient user with no password in installed system
- Configure inittab for mbetterclient autologin on tty1 instead of root
- Set up mbetterclient .bashrc to launch MBetterClient --web-host 0.0.0.0
- Only autolaunch on tty1 (not SSH sessions)
- Update installation success messages to reflect mbetterclient autologin
- Maintain root SSH access with configured password

- Ensure root password is properly set and not expired in installed system
- Add passwd -u root to unlock account if needed
- Add chage -d 99999 root to remove password expiration
- Create SSH config allowing root login with password
- Fix ensures SSH access works immediately after installation

- Add cleanup code to remove auto-installer.sh from target system
- Remove installation log file from target system
- Exclude auto-installer log from rsync copy (but keep script for installation)
- Auto-installer now self-destructs after successful installation
- Keeps installed system clean by removing installation artifacts

- Replace zenity-based progress with terminal progress bar
- Remove blocking pipe operations that were causing script hangs
- Add visual progress bar with filled/empty blocks
- Remove zenity completion dialog for terminal compatibility
- Clean up unused PROGRESS_PIPE variable
- Progress now works reliably in all terminal environments

Enhanced network configuration with full user interaction:

WiFi Support:
- Automatic wireless interface detection using iw
- Network scanning with SSID selection
- Security protocol selection (WPA/WPA2, WEP, Open)
- Password input for secured networks

Ethernet Support:
- Automatic ethernet interface detection
- Interface selection from available options

IP Configuration:
- DHCP (automatic) or Static IP options
- Manual IP address, gateway, and DNS server entry
- Validation and configuration storage

Installation Integration:
- Network configuration applied to installed system
- Creates /etc/network/interfaces with user settings
- Configures DNS resolution for static setups
- Preserves WiFi credentials and settings

Package Dependencies:
- Added iw, wpasupplicant, dhcpcd5 for full WiFi support
- Maintains existing comprehensive wireless driver support

The auto-installer now provides complete network setup during installation,
configuring the target system with user-specified network preferences.

- Zenity dialog was hanging in terminal environment without proper GUI context
- Replaced unreliable GUI dialogs (zenity/dialog) with terminal confirmation
- Added clear warning display with colored output for visibility
- Simplified confirmation logic with case statement for multiple valid inputs
- Auto-installer now continues reliably without GUI dialog dependencies

Terminal confirmation is more reliable in live CD terminal environments.

- Fixed lsblk output parsing that was causing syntax error at line 138
- Added head -1 and tr -d to handle multiple lines or whitespace in lsblk output
- Added numeric validation to prevent arithmetic errors
- Applied same fix to both disk detection functions (lines 138 and 244)

Auto-installer now runs without syntax errors and properly detects disk sizes.
Autologin system fully operational - console passwordless, SSH requires password.

- Openbox autostart was also trying to launch auto-installer using x-terminal-emulator
- This created conflict with .xinitrc launch method
- Removed installer launch from autostart to avoid duplicate processes
- .xinitrc now handles installer launch exclusively with proper timing
- Semicolon syntax was actually correct (run next command regardless of exit status)
- Prevents multiple installer instances and launch conflicts

Major Discovery:
- live-config scripts 0030-live-debconfig_passwd and 0030-user-setup were
  setting root password to '*' (locked) during boot
- This explains why SSH with configured password was failing
- Scripts were also trying to create 'user' account instead of using root

Solution:
- Created override-live-config-passwd.hook.chroot
- Replaces both password-related live-config scripts
- Preserves root password set during ISO creation
- Prevents account locking by live-config
- Forces LIVE_USERNAME=root instead of creating separate user

This completes the live-config override suite:
- inittab autologin (prevents user login prompt)
- password preservation (enables SSH with configured password)
- proper root account handling throughout boot process

- Start openbox-session in background first to establish window manager
- Wait 2 seconds for window manager to initialize
- Then launch auto-installer in terminal window
- Use 'wait' to keep X session alive instead of double-exec
- Prevents duplicate Openbox instances and ensures proper startup sequence

Root Cause Identified:
- live-config script /usr/lib/live/config/0160-sysvinit was overwriting inittab at runtime
- Script was replacing all getty entries with '/bin/login -f user' instead of root
- This happened AFTER our inittab modifications during boot process

Solution:
- Created override-live-config-sysvinit.hook.chroot to replace the problematic script
- New script forces LIVE_USERNAME=root instead of default 'user'
- Uses proper traditional getty -a syntax: /sbin/getty -a root 38400 tty1
- Maintains tty2-6 as normal login shells for debugging

This should finally resolve the autologin issue by preventing live-config from
overwriting our carefully crafted inittab entries during boot.

- Fix inittab examples in ISO_MODIFICATION_WORKFLOW.md
- Replace agetty --autologin with getty -a root syntax
- Use standard 38400 baud rate format
- Ensure all examples match traditional SysV init compatibility

- Replace agetty --autologin with traditional getty -a root syntax
- Remove bash expansion {2..6} and use explicit tty entries
- Remove linux parameter that may not be supported in older systems
- Use standard 38400 baud rate format
- Ensure compatibility with traditional SysV init systems

Traditional SysV inittab entries now:
1:23:respawn:/sbin/getty -a root 38400 tty1  # Autologin
2:23:respawn:/sbin/getty 38400 tty2          # Normal login
3:23:respawn:/sbin/getty 38400 tty3          # Normal login
...etc

Major Changes:
- Replaced LightDM/SLiM with direct console autologin using SysV inittab
- Fixed root account locking that prevented autologin
- Added comprehensive SSH configuration for remote access
- Created robust auto-start X session with auto-installer launch
- Added terminal emulator support (xterm, lxterminal, xfce4-terminal)

Key Features:
- tty1: Auto-login as root → auto-start X → auto-installer appears
- tty2-6: Normal login shells for debugging access
- SSH: Uses root password from ISO creation (not hardcoded)
- Installed system: Auto-login + OpenVPN + MBetterClient with --web-host 0.0.0.0

Tools Added:
- extract_iso.sh / rebuild_iso.sh: Immediate ISO modification workflow
- fix_inittab_in_image.sh: Complete ISO analysis and rebuild
- Enhanced cleanup.sh with --no-cache option for faster rebuilds
- Comprehensive diagnostic tools and logging

Build System:
- SysV init compatible (no systemd dependencies)
- Clean package list (removed display managers, added xinit)
- Proper inittab format compliance (max 4 char ID fields)
- Enhanced post-installation system configuration

Files Modified:
- config/hooks/live/setup-console-autologin.hook.chroot (new)
- config/hooks/live/enable-ssh-root.hook.chroot (enhanced)
- config/hooks/live/run-autologin-debug.hook.chroot (new)
- config/package-lists/live.list.chroot (cleaned, added terminals)
- config/includes.chroot/root/.bashrc (auto-start X)
- config/includes.chroot/root/.xinitrc (auto-installer launch)
- config/includes.binary/setup-installed-system.sh (OpenVPN + MBetterClient)
- config/includes.chroot/usr/local/bin/live-autologin-debug.sh (new)
- Various diagnostic and logging enhancements

- Add confirm_installation() function with detailed warning dialog
- Show target disk information (size, model, device path)
- Warn users that all data will be completely erased
- Support graphical confirmation (zenity), text-based (dialog), and terminal fallback
- Require explicit 'yes' confirmation before proceeding
- Add as step 4 before any disk partitioning or formatting
- Update total steps from 8 to 9 and renumber subsequent steps
- Installation can be safely cancelled without any changes to target disk
- Improves safety by preventing accidental data loss

- Use PowerShell Format-Volume cmdlet as primary formatting method
- More reliable than diskpart with better error handling
- Get drive information before formatting for verification
- Keep diskpart as fallback method only
- PowerShell doesn't require script files and works more consistently
- Should resolve blank diskpart window and script access issues
- Modern approach using native Windows PowerShell cmdlets