feat(Trixie)!: upgrade to debian trixie

[meteyou]

This PR will upgrade MainsailOS from Debian Bookworm to Debian Trixie as base image.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Major release bump to 3.0.0-alpha2; device entries moved from bookworm to trixie with updated image URLs; CI workflows add custopizer: "main" to CustoPiZer steps; Klipper NumPy/deps adjusted; Crowsnest repo/branch and install flow changed; Raspberry Pi post-setup adds password and service configuration.

Changes

Cohort / File(s)	Summary
CI/CD Workflows .github/workflows/build.yml, .github/workflows/release.yml	Added custopizer: "main" input to the CustoPiZer action step in both workflows.
Version & Device Config VERSION, config.yml	Bumped version to 3.0.0-alpha2. Renamed device entries from *-bookworm to *-trixie and updated Raspberry Pi OS and Armbian image and sha256 URLs (fixed a broken multi-line URL).
Klipper Setup modules/generic/50-klipper	Removed libatlas-base-dev from DEPS and added conditional re-inclusion if available; loosened NumPy pin from numpy<1.26 to numpy to support newer Python.
Crowsnest Installation modules/generic/53-crowsnest	Changed REPO to mryel00/crowsnest-dev.git, added BRANCH=pynest and git clone -b ${BRANCH}; removed INSTALL_SCRIPT and package parsing/apt install steps, retaining clone and install logic.
Base Environment modules/generic/files/00-config	Exported new environment variable BASE_PASSWORD=raspberry.
Raspberry Pi Post-Setup modules/raspberry/10-config-raspberry	Added post-swap steps to set hashed password for BASE_USER (via /usr/lib/userconf-pi/userconf if present), disable userconfig.service, enable getty@tty1.service, and conditionally enable SSH (via imager_custom hook or systemctl).

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

Poem

🐇 I nibble config lines at dawn,
Bookworm dozes while Trixie’s on,
Keys set snug, services hum bright,
Workflows sparkle through the night,
A rabbit claps — the build feels right!

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'feat(Trixie)!: upgrade to debian trixie' directly and clearly describes the main change in the changeset—upgrading MainsailOS from Debian Bookworm to Debian Trixie.
Description check	✅ Passed	The description 'This PR will upgrade MainsailOS from Debian Bookworm to Debian Trixie as base image' is directly related to and accurately summarizes the changeset, which includes version bumps, config updates, and dependency adjustments for the Trixie upgrade.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

modules/raspberry/10-config-raspberry (1)

73-77: Pre-existing bug: Variable name mismatch in swap configuration check.

Line 73 checks PICONFIG_SWAP_CONF_FILE, but the variable defined on line 20 is SWAP_CONF_FILE. This condition will never be true, so the swap configuration is never applied.

🐛 Proposed fix

-if [[ -f "${PICONFIG_SWAP_CONF_FILE}" ]]; then
+if [[ -f "${SWAP_CONF_FILE}" ]]; then

🤖 Fix all issues with AI agents

In `@modules/generic/53-crowsnest`:
- Around line 20-21: The production config currently points
REPO="https://github.com/mryel00/crowsnest-dev.git" and BRANCH="pynest" (a
personal fork and development branch) and runs git clone ${REPO} crowsnest -b
${BRANCH}; change this to use the official upstream repository and a stable
release branch (restore mainsail-crew/crowsnest and an appropriate tag) or, if
this fork is temporarily required, add a clear TODO comment near the REPO/BRANCH
declarations stating the reason and a concrete timeline/date to switch back to
the official repo; also fix the clone invocation to properly quote variables by
using the quoted form of the git clone arguments (i.e., quote REPO and BRANCH)
so shell expansion is safe.

🧹 Nitpick comments (3)

modules/generic/files/00-config (1)

17-18: Ensure users are prompted to change the default password on first login.

The hardcoded default password raspberry is a well-known default for Raspberry Pi images and a common target for automated attacks. While this is typical for Pi image distributions, ensure the documentation or first-boot experience clearly instructs users to change this password immediately.

config.yml (1)

3-4: Using "latest" URLs may impact build reproducibility.

The raspios_lite_*_latest URLs will fetch whatever version is current at build time, meaning different CI runs could produce images based on different upstream OS versions. This is a trade-off: always latest vs. reproducible builds.

If reproducibility is important, consider pinning to a specific release URL (e.g., with a date or version suffix) or documenting the expected behavior.

Also applies to: 22-23

modules/generic/53-crowsnest (1)

35-35: Quote variables in git clone command.

Shell best practice is to quote variable expansions to prevent word splitting and globbing issues.

Suggested fix

-sudo -u "${BASE_USER}" git clone ${REPO} crowsnest -b ${BRANCH}
+sudo -u "${BASE_USER}" git clone "${REPO}" crowsnest -b "${BRANCH}"

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Step 1: Verify repository and branch existence
echo "=== Checking mryel00/crowsnest-dev repository ==="
REPO_STATUS=$(curl -s -w "\n%{http_code}" "https://api.github.com/repos/mryel00/crowsnest-dev")
HTTP_CODE=$(echo "$REPO_STATUS" | tail -n1)
REPO_DATA=$(echo "$REPO_STATUS" | head -n-1)

echo "HTTP Status: $HTTP_CODE"
if [ "$HTTP_CODE" = "200" ]; then
  echo "Repository exists"
  echo "$REPO_DATA" | jq -r '.description, .archived, .owner.login' 2>/dev/null | head -3
else
  echo "Repository not found or error"
fi

echo ""
echo "=== Checking pynest branch ==="
BRANCH_STATUS=$(curl -s -w "\n%{http_code}" "https://api.github.com/repos/mryel00/crowsnest-dev/branches/pynest")
BRANCH_HTTP_CODE=$(echo "$BRANCH_STATUS" | tail -n1)
BRANCH_DATA=$(echo "$BRANCH_STATUS" | head -n-1)

echo "HTTP Status: $BRANCH_HTTP_CODE"
if [ "$BRANCH_HTTP_CODE" = "200" ]; then
  echo "Branch exists"
  echo "$BRANCH_DATA" | jq -r '.commit.commit.committer.date, .commit.sha' 2>/dev/null
else
  echo "Branch not found or error"
fi

Repository: mainsail-crew/MainsailOS

Length of output: 324

---

🏁 Script executed:

# Step 2: Check the actual file to confirm the changes
echo "=== Checking actual file content ==="
if [ -f "modules/generic/53-crowsnest" ]; then
  echo "File exists. Checking lines 20-21:"
  sed -n '15,25p' modules/generic/53-crowsnest
else
  echo "File not found at modules/generic/53-crowsnest"
fi

Repository: mainsail-crew/MainsailOS

Length of output: 426

---

🏁 Script executed:

# Step 3: Get context around line 35 to verify git clone command
echo "=== Checking git clone usage around line 35 ==="
if [ -f "modules/generic/53-crowsnest" ]; then
  sed -n '30,40p' modules/generic/53-crowsnest
fi

Repository: mainsail-crew/MainsailOS

Length of output: 505

---

Using a personal fork and development branch in production configuration.

The repository was changed from the official mainsail-crew/crowsnest to the personal fork mryel00/crowsnest-dev with the pynest branch. While the repository exists and shows recent activity (last commit Jan 21), using a personal fork for production images presents ongoing risks:

1. Ownership and continuity: Personal repositories can be transferred, deleted, or become unavailable if ownership changes
2. Organizational oversight: Less visibility and formal review compared to official organization repositories
3. Stability: The branch naming (pynest) and recent development activity indicate this is an active development branch, not a stable release

If this is temporary work for Trixie compatibility being upstreamed, add a TODO comment with a timeline for switching back to the official repository.

Additionally, the git clone command uses unquoted variables: git clone ${REPO} crowsnest -b ${BRANCH} should be git clone "${REPO}" crowsnest -b "${BRANCH}" for proper shell quoting.

🤖 Prompt for AI Agents

In `@modules/generic/53-crowsnest` around lines 20 - 21, The production config
currently points REPO="https://github.com/mryel00/crowsnest-dev.git" and
BRANCH="pynest" (a personal fork and development branch) and runs git clone
${REPO} crowsnest -b ${BRANCH}; change this to use the official upstream
repository and a stable release branch (restore mainsail-crew/crowsnest and an
appropriate tag) or, if this fork is temporarily required, add a clear TODO
comment near the REPO/BRANCH declarations stating the reason and a concrete
timeline/date to switch back to the official repo; also fix the clone invocation
to properly quote variables by using the quoted form of the git clone arguments
(i.e., quote REPO and BRANCH) so shell expansion is safe.

[Copilot]

Pull request overview

This PR upgrades MainsailOS from Debian Bookworm to Debian Trixie as the base operating system. The upgrade involves updating base image URLs, adjusting package dependencies for compatibility with Trixie, implementing user setup automation, and switching to a development version of crowsnest.

Changes:

• Updated all base image references from Bookworm to Trixie across Raspberry Pi and Armbian configurations
• Modified Klipper dependencies to remove libatlas-base-dev and updated NumPy version constraints for Python 3.13 compatibility
• Added automated user setup with password configuration and enabled SSH/getty services by default
• Switched crowsnest to a development repository (mryel00/crowsnest-dev) on the pynest branch

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 10 comments.

Show a summary per file

File	Description
config.yml	Updated all image configurations from bookworm to trixie naming and URLs, switched from versioned to _latest URLs for Raspberry Pi images
VERSION	Bumped version to 3.0.0-alpha indicating a major breaking change
modules/raspberry/10-config-raspberry	Added user setup with password hashing, enabled getty and SSH services by default
modules/generic/files/00-config	Added BASE_PASSWORD export with default "raspberry" password
modules/generic/50-klipper	Removed libatlas-base-dev dependency, updated NumPy version constraint for Python 3.13 support
modules/generic/53-crowsnest	Changed repository to development fork, removed dependency installation logic
.github/workflows/build.yml	Added custopizer parameter to CustoPiZer action
.github/workflows/release.yml	Added custopizer parameter to CustoPiZer action

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@modules/generic/53-crowsnest`:
- Line 22: Update the DEPS array that currently only contains git and make so
the installer will install a C compiler and pkg-config; specifically modify the
DEPS definition (the DEPS=(git make) line) to include build-essential and
pkg-config so ustreamer can compile on Debian Trixie.

♻️ Duplicate comments (2)

modules/generic/53-crowsnest (2)

20-21: Personal fork + dev branch still wired into production config.

Same concern as before: this points at a personal fork/branch rather than upstream.

---

35-35: Quote REPO/BRANCH in git clone to avoid word-splitting/globbing.

Previously flagged; still applicable.

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@modules/generic/50-klipper`:
- Around line 86-89: Replace the unconstrained numpy pip install so it prevents
NumPy 2.x while allowing 1.26+ for Python 3.13; specifically update the command
that uses BASE_USER and ENV_DIR (the line invoking "${ENV_DIR}"/bin/pip install
"numpy") to install a constrained version like numpy>=1.26,<2 (i.e., pip install
"numpy>=1.26,<2") so Klipper's input shaper remains compatible while supporting
Python 3.13.

[coderabbitai]

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@modules/generic/50-klipper`:
- Around line 89-92: Replace the unconstrained pip install call that currently
runs under BASE_USER and uses ENV_DIR to install numpy with a constrained spec
that enforces both the minimum version required for Python 3.13 and the maximum
safe major release for Klipper (e.g., change the pip install argument from
"numpy" to a bounded spec like "numpy>=1.26,<2.0"); update the line that invokes
"${ENV_DIR}"/bin/pip install "numpy" so it uses the bounded requirement and keep
the same sudo -u "${BASE_USER}" execution context.