vasilito/RedBear-OS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: build system hardening — collision detection, validation gates, init path enforcement

Browse Source 
5-phase hardening to prevent silent file-layer collisions (the D-Bus
regression class):

Phase 1: lint-config-paths.sh + make lint-config in depends.mk
Phase 2: CollisionTracker in installer (content-hash comparison)
Phase 3: installs manifests in recipe.toml + validate-file-ownership.sh
Phase 4: validate-init-services.sh + make validate in disk.mk
Phase 5: documentation (AGENTS.md, BUILD-SYSTEM-HARDENING-PLAN.md)

Both redbear-mini and redbear-full build and validate clean.
66 declared install paths in base, zero conflicts.
This commit is contained in:
Vasilito
2026-05-03 22:25:22 +01:00
parent 907d447369
commit 2e764746e7
21 changed files with 1503 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files
config/redbear-greeter-services.toml
+7 -7
View File
@@ -3,7 +3,7 @@
# This fragment is intended to be included by the active desktop/graphics target.
[[files]]
path = "/usr/lib/init.d/05_boot-essential.target"
path = "/etc/init.d/05_boot-essential.target"
data = """
[unit]
description = "Boot essential services target"
@@ -30,7 +30,7 @@ redbear-session-launch = {}
redbear-greeter = {}
[[files]]
path = "/usr/lib/init.d/19_redbear-authd.service"
path = "/etc/init.d/19_redbear-authd.service"
data = """
[unit]
description = "Red Bear authentication daemon"
@@ -44,7 +44,7 @@ type = "oneshot_async"
"""
[[files]]
path = "/usr/lib/init.d/20_display.service"
path = "/etc/init.d/20_display.service"
data = """
[unit]
description = "Compositor proof (Phase 2: KWin virtual + Qt6 smoke + 60s survival)"
@@ -61,7 +61,7 @@ type = "oneshot_async"
"""
[[files]]
path = "/usr/lib/init.d/20_greeter.service"
path = "/etc/init.d/20_greeter.service"
data = """
[unit]
description = "Red Bear greeter service (experimental Phase 3 user session bring-up)"
@@ -80,7 +80,7 @@ type = "oneshot_async"
"""
[[files]]
path = "/usr/lib/init.d/30_console.service"
path = "/etc/init.d/30_console.service"
data = """
[unit]
description = "Console terminals"
@@ -96,7 +96,7 @@ respawn = true
"""
[[files]]
path = "/usr/lib/init.d/29_activate_console.service"
path = "/etc/init.d/29_activate_console.service"
data = """
[unit]
description = "Activate fallback console VT"
@@ -111,7 +111,7 @@ type = "oneshot_async"
"""
[[files]]
path = "/usr/lib/init.d/31_debug_console.service"
path = "/etc/init.d/31_debug_console.service"
data = """
[unit]
description = "Debug console"