build/initramfs/rfs: stabilize paths, tests; add branding guard; ntp robustness

• rfs_flists: normalize CWD to PROJECT_ROOT; invoke packers via absolute paths (fix relative lookup under kernel/current)

• initramfs_create_cpio: redirect to absolute output path; add explicit customization verification logs

• initramfs_test: default INITRAMFS_ARCHIVE to absolute dist/initramfs.cpio.xz when stage is invoked directly

• branding: guard motd/issue/password edits behind ZEROOS_BRANDING (or ZEROOS_REBRANDING) with default disabled; do not touch files unless enabled

• ntp: write /etc/ntp.conf only if absent; symlink ntpd.conf; runtime ntpd.sh parses kernel ntp= and falls back to Google NTP

• docs/config: add commented ZEROOS_BRANDING/REBRANDING examples to config/build.conf

scripts/lib/initramfs.sh

@@ -572,18 +572,22 @@ function initramfs_finalize_customization() {
     
     section_header "Final Zero-OS Customization"
     
-    # Remove root password for passwordless login
-    log_info "Removing root password for passwordless login"
-    if [[ -f "${initramfs_dir}/etc/passwd" ]]; then
-        safe_execute sed -i 's/^root:[^:]*:/root::/' "${initramfs_dir}/etc/passwd"
-        log_info "✓ Root password removed"
-    else
-        log_warn "/etc/passwd not found, skipping password removal"
-    fi
+    # Branding guard (default disabled). Enable by setting ZEROOS_BRANDING=true (or ZEROOS_REBRANDING=true)
+    local _branding="${ZEROOS_BRANDING:-${ZEROOS_REBRANDING:-false}}"
     
-    # Update /etc/motd to Zero-OS
-    log_info "Updating /etc/motd to Zero-OS branding"
-    cat > "${initramfs_dir}/etc/motd" << 'EOF'
+    if [[ "${_branding}" == "true" ]]; then
+        # Remove root password for passwordless login
+        log_info "Branding enabled: removing root password for passwordless login"
+        if [[ -f "${initramfs_dir}/etc/passwd" ]]; then
+            safe_execute sed -i 's/^root:[^:]*:/root::/' "${initramfs_dir}/etc/passwd"
+            log_info "✓ Root password removed"
+        else
+            log_warn "/etc/passwd not found, skipping password removal"
+        fi
+
+        # Update /etc/motd to Zero-OS
+        log_info "Branding enabled: updating /etc/motd to Zero-OS branding"
+        cat > "${initramfs_dir}/etc/motd" << 'EOF'
 
 Welcome to Zero-OS!
 
@@ -593,18 +597,22 @@ Built on Alpine Linux with ThreeFold components.
 For more information: https://github.com/threefoldtech/zos
 
 EOF
-    
-    # Update /etc/issue to Zero-OS
-    log_info "Updating /etc/issue to Zero-OS branding"
-    cat > "${initramfs_dir}/etc/issue" << 'EOF'
+
+        # Update /etc/issue to Zero-OS
+        log_info "Branding enabled: updating /etc/issue to Zero-OS branding"
+        cat > "${initramfs_dir}/etc/issue" << 'EOF'
 Zero-OS \r \m
 Built on \l
 
 EOF
+    else
+        log_info "Branding disabled: leaving /etc/motd, /etc/issue and root password unchanged"
+    fi
     
-    # Create ntp.conf pointing to Google NTP servers (canonical name for hooks)
-    log_info "Creating ntp.conf with Google NTP servers"
-    cat > "${initramfs_dir}/etc/ntp.conf" << 'EOF'
+    # Ensure ntp.conf exists for hooks. Create only if absent, do not overwrite.
+    if [[ ! -f "${initramfs_dir}/etc/ntp.conf" ]]; then
+        log_info "Creating ntp.conf with Google NTP servers (absent)"
+        cat > "${initramfs_dir}/etc/ntp.conf" << 'EOF'
 # Zero-OS NTP Configuration
 # Using Google public NTP servers for reliable time sync
 
@@ -626,16 +634,19 @@ restrict -6 ::1
 # Drift file for time stability
 driftfile /var/lib/ntp/ntp.drift
 EOF
+    else
+        log_info "Keeping existing /etc/ntp.conf (no overwrite)"
+    fi
 
     # Provide BusyBox ntpd compatibility symlink if needed
     if [[ ! -e "${initramfs_dir}/etc/ntpd.conf" ]]; then
         (cd "${initramfs_dir}/etc" && ln -sf ntp.conf ntpd.conf)
     fi
     
-    # Set proper permissions
-    safe_execute chmod 644 "${initramfs_dir}/etc/motd"
-    safe_execute chmod 644 "${initramfs_dir}/etc/issue"
-    safe_execute chmod 644 "${initramfs_dir}/etc/ntp.conf"
+    # Set proper permissions (only if files exist)
+    [[ -f "${initramfs_dir}/etc/motd" ]] && safe_execute chmod 644 "${initramfs_dir}/etc/motd"
+    [[ -f "${initramfs_dir}/etc/issue" ]] && safe_execute chmod 644 "${initramfs_dir}/etc/issue"
+    [[ -f "${initramfs_dir}/etc/ntp.conf" ]] && safe_execute chmod 644 "${initramfs_dir}/etc/ntp.conf"
     
     # Create ntp drift directory
     safe_mkdir "${initramfs_dir}/var/lib/ntp"