fix(manage_zsh): abort shell change if zsh package install fails

Previously, /etc/default/useradd, /etc/adduser.conf, and /etc/passwd
were all updated to use /bin/zsh before pkg_install was called. If the
install failed (e.g. package unavailable, no network), /bin/zsh would
be set as the shell for root and all users even though it was never
installed and not listed in /etc/shells.

pam_shells blocks all authentication (including SSH public key auth)
for any user whose shell is not present in /etc/shells, effectively
locking every user out of the system with no obvious recovery path.

Fix: call pkg_install first and abort with an error message if it fails,
so shell config files and /etc/passwd are only modified after a
successful install.

Author: ajorpheus

tools/modules/system/manage_zsh.sh

@@ -16,13 +16,17 @@ function manage_zsh() {
 
 	if [[ "$1" == "enable" ]]; then
 
-		sed -i "s|^SHELL=.*|SHELL=/bin/zsh|" /etc/default/useradd
-		sed -i -E "s|(^\|#)DSHELL=.*|DSHELL=/bin/zsh|" /etc/adduser.conf
-
 		pkg_update
 
-		# install
-		pkg_install armbian-zsh zsh-common zsh tmux
+		# install zsh before changing any shells — if install fails, abort
+		# to avoid setting an invalid shell that locks all users out via pam_shells
+		if ! pkg_install armbian-zsh zsh-common zsh tmux; then
+			echo "Failed to install zsh packages; shell not changed"
+			return 1
+		fi
+
+		sed -i "s|^SHELL=.*|SHELL=/bin/zsh|" /etc/default/useradd
+		sed -i -E "s|(^\|#)DSHELL=.*|DSHELL=/bin/zsh|" /etc/adduser.conf
 
 		update_skel