feat: build system hardening — collision detection, validation gates, init path enforcement

5-phase hardening to prevent silent file-layer collisions (the D-Bus regression class): Phase 1: lint-config-paths.sh + make lint-config in depends.mk Phase 2: CollisionTracker in installer (content-hash comparison) Phase 3: installs manifests in recipe.toml + validate-file-ownership.sh Phase 4: validate-init-services.sh + make validate in disk.mk Phase 5: documentation (AGENTS.md, BUILD-SYSTEM-HARDENING-PLAN.md) Both redbear-mini and redbear-full build and validate clean. 66 declared install paths in base, zero conflicts.
2026-05-03 22:25:22 +01:00
parent 907d447369
commit 2e764746e7
21 changed files with 1503 additions and 69 deletions
@@ -36,7 +36,7 @@ pattern = "i915/adlp_dmc_ver2_16.bin"
 chain = ["i915/adlp_dmc_ver2_14.bin", "i915/adlp_dmc_ver2_12.bin"]
 """
 [[files]]
-path = "/usr/lib/init.d/12_boot-late.target"
+path = "/etc/init.d/12_boot-late.target"
 data = """
 [unit]
 description = "Late boot services target"
@@ -508,7 +508,7 @@ pattern = "i915/adlp_dmc_ver2_16.bin"
 chain = ["i915/adlp_dmc_ver2_14.bin", "i915/adlp_dmc_ver2_12.bin"]
 """
 [[files]]
-path = "/usr/lib/init.d/00_driver-manager.service"
+path = "/etc/init.d/00_driver-manager.service"
 data = """
 [unit]
 description = "PCI driver spawner"
@@ -584,7 +584,7 @@ pattern = "i915/adlp_dmc_ver2_16.bin"
 chain = ["i915/adlp_dmc_ver2_14.bin", "i915/adlp_dmc_ver2_12.bin"]
 """
 [[files]]
-path = "/usr/lib/init.d/10_evdevd.service"
+path = "/etc/init.d/10_evdevd.service"
 data = """
 [unit]
 description = "Evdev input daemon"
@@ -661,7 +661,7 @@ pattern = "i915/adlp_dmc_ver2_16.bin"
 chain = ["i915/adlp_dmc_ver2_14.bin", "i915/adlp_dmc_ver2_12.bin"]
 """
 [[files]]
-path = "/usr/lib/init.d/15_cpufreqd.service"
+path = "/etc/init.d/15_cpufreqd.service"
 data = """
 [unit]
 description = "CPU frequency scaling daemon"
@@ -701,7 +701,7 @@ pattern = "i915/adlp_dmc_ver2_16.bin"
 chain = ["i915/adlp_dmc_ver2_14.bin", "i915/adlp_dmc_ver2_12.bin"]
 """
 [[files]]
-path = "/usr/lib/init.d/15_thermald.service"
+path = "/etc/init.d/15_thermald.service"
 data = """
 [unit]
 description = "Thermal management daemon"
@@ -741,7 +741,7 @@ pattern = "i915/adlp_dmc_ver2_16.bin"
 chain = ["i915/adlp_dmc_ver2_14.bin", "i915/adlp_dmc_ver2_12.bin"]
 """
 [[files]]
-path = "/usr/lib/init.d/15_hwrngd.service"
+path = "/etc/init.d/15_hwrngd.service"
 data = """
 [unit]
 description = "Hardware RNG entropy daemon"
@@ -781,7 +781,7 @@ pattern = "i915/adlp_dmc_ver2_16.bin"
 chain = ["i915/adlp_dmc_ver2_14.bin", "i915/adlp_dmc_ver2_12.bin"]
 """
 [[files]]
-path = "/usr/lib/init.d/13_driver-params.service"
+path = "/etc/init.d/13_driver-params.service"
 data = """
 [unit]
 description = "Driver parameter scheme"
@@ -793,7 +793,7 @@ type = { scheme = "driver-params" }
 """

 [[files]]
-path = "/usr/lib/init.d/16_redbear-acmd.service"
+path = "/etc/init.d/16_redbear-acmd.service"
 data = """
 [unit]
 description = "USB CDC ACM serial daemon"
@@ -805,7 +805,7 @@ type = "oneshot_async"
 """

 [[files]]
-path = "/usr/lib/init.d/16_redbear-ecmd.service"
+path = "/etc/init.d/16_redbear-ecmd.service"
 data = """
 [unit]
 description = "USB CDC ECM/NCM ethernet daemon"
@@ -817,7 +817,7 @@ type = "oneshot_async"
 """

 [[files]]
-path = "/usr/lib/init.d/16_redbear-usbaudiod.service"
+path = "/etc/init.d/16_redbear-usbaudiod.service"
 data = """
 [unit]
 description = "USB Audio Class daemon"