vasilito/RedBear-OS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: build system hardening — collision detection, validation gates, init path enforcement

Browse Source 
5-phase hardening to prevent silent file-layer collisions (the D-Bus
regression class):

Phase 1: lint-config-paths.sh + make lint-config in depends.mk
Phase 2: CollisionTracker in installer (content-hash comparison)
Phase 3: installs manifests in recipe.toml + validate-file-ownership.sh
Phase 4: validate-init-services.sh + make validate in disk.mk
Phase 5: documentation (AGENTS.md, BUILD-SYSTEM-HARDENING-PLAN.md)

Both redbear-mini and redbear-full build and validate clean.
66 declared install paths in base, zero conflicts.
This commit is contained in:
Vasilito
2026-05-03 22:25:22 +01:00
parent 907d447369
commit 2e764746e7
21 changed files with 1503 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files
config/redbear-mini.toml
+15 -11
View File
@@ -296,7 +296,7 @@ type = { scheme = "ucsi" }
"""
[[files]]
path = "/usr/lib/init.d/12_boot-late.target"
path = "/etc/init.d/12_boot-late.target"
data = """
[unit]
description = "Late boot services target"
@@ -306,7 +306,7 @@ requires_weak = [
"""
[[files]]
path = "/usr/lib/init.d/11_udev.service"
path = "/etc/init.d/11_udev.service"
data = """
[unit]
description = "udev compatibility shim"
@@ -317,11 +317,11 @@ requires_weak = [
[service]
cmd = "udev-shim"
type = { scheme = "udev" }
type = "oneshot_async"
"""
[[files]]
path = "/usr/lib/init.d/10_evdevd.service"
path = "/etc/init.d/10_evdevd.service"
data = """
[unit]
description = "Evdev input daemon"
@@ -336,7 +336,7 @@ type = "oneshot_async"
"""
[[files]]
path = "/usr/lib/init.d/11_wifictl.service"
path = "/etc/init.d/11_wifictl.service"
data = """
[unit]
description = "Wi-Fi control daemon"
@@ -351,7 +351,7 @@ type = "oneshot_async"
"""
[[files]]
path = "/usr/lib/init.d/12_dbus.service"
path = "/etc/init.d/12_dbus.service"
data = """
[unit]
description = "D-Bus system bus"
@@ -366,7 +366,7 @@ type = "oneshot_async"
"""
[[files]]
path = "/usr/lib/init.d/13_redbear-sessiond.service"
path = "/etc/init.d/13_redbear-sessiond.service"
data = """
[unit]
description = "Red Bear session broker (org.freedesktop.login1)"
@@ -380,7 +380,7 @@ type = "oneshot_async"
"""
[[files]]
path = "/usr/lib/init.d/13_iommu.service"
path = "/etc/init.d/13_iommu.service"
data = """
[unit]
description = "IOMMU DMA remapping daemon"
@@ -395,7 +395,7 @@ type = "oneshot_async"
"""
[[files]]
path = "/usr/lib/init.d/14_redbear-upower.service"
path = "/etc/init.d/14_redbear-upower.service"
data = """
[unit]
description = "UPower D-Bus service (org.freedesktop.UPower)"
@@ -409,7 +409,7 @@ type = "oneshot_async"
"""
[[files]]
path = "/usr/lib/init.d/14_redbear-udisks.service"
path = "/etc/init.d/14_redbear-udisks.service"
data = """
[unit]
description = "UDisks2 D-Bus service (org.freedesktop.UDisks2)"
@@ -423,7 +423,7 @@ type = "oneshot_async"
"""
[[files]]
path = "/usr/lib/init.d/14_redbear-polkit.service"
path = "/etc/init.d/14_redbear-polkit.service"
data = """
[unit]
description = "PolicyKit1 D-Bus service (org.freedesktop.PolicyKit1)"
@@ -465,3 +465,7 @@ path = "/etc/pcid.d/00_text_mode_gpu_mask.toml"
data = """
# redbear-live-mini: no display driver matched; class 0x03 devices are skipped
"""
[[files]]
path = "/etc/environment.d/10-debug.conf"
data = "INIT_LOG_LEVEL=DEBUG"