vasilito/RedBear-OS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: build system hardening — collision detection, validation gates, init path enforcement

Browse Source 
5-phase hardening to prevent silent file-layer collisions (the D-Bus
regression class):

Phase 1: lint-config-paths.sh + make lint-config in depends.mk
Phase 2: CollisionTracker in installer (content-hash comparison)
Phase 3: installs manifests in recipe.toml + validate-file-ownership.sh
Phase 4: validate-init-services.sh + make validate in disk.mk
Phase 5: documentation (AGENTS.md, BUILD-SYSTEM-HARDENING-PLAN.md)

Both redbear-mini and redbear-full build and validate clean.
66 declared install paths in base, zero conflicts.
This commit is contained in:
Vasilito
2026-05-03 22:25:22 +01:00
parent 907d447369
commit 2e764746e7
21 changed files with 1503 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files
recipes/core/base/recipe.toml
+70
View File
@@ -39,6 +39,76 @@ patches = [
"P4-thermald-workspace.patch",
]
[package]
installs = [
"/lib/pcid.d/ac97d.toml",
"/lib/pcid.d/e1000d.toml",
"/lib/pcid.d/ihdad.toml",
"/lib/pcid.d/ihdgd.toml",
"/lib/pcid.d/ixgbed.toml",
"/lib/pcid.d/rtl8139d.toml",
"/lib/pcid.d/rtl8168d.toml",
"/lib/pcid.d/vboxd.toml",
"/lib/pcid.d/virtio-netd.toml",
"/lib/pcid.d/xhcid.toml",
"/usr/bin/audiod",
"/usr/bin/dhcpd",
"/usr/bin/dw-acpi-i2cd",
"/usr/bin/gpiod",
"/usr/bin/i2cd",
"/usr/bin/i2c-gpio-expanderd",
"/usr/bin/i2c-hidd",
"/usr/bin/inputd",
"/usr/bin/intel-gpiod",
"/usr/bin/ipcd",
"/usr/bin/netstack",
"/usr/bin/pcid",
"/usr/bin/pcid-spawner",
"/usr/bin/ptyd",
"/usr/bin/redoxerd",
"/usr/bin/smolnetd",
"/usr/bin/ucsid",
"/usr/lib/drivers/ac97d",
"/usr/lib/drivers/amd-mp2-i2cd",
"/usr/lib/drivers/e1000d",
"/usr/lib/drivers/ihdad",
"/usr/lib/drivers/ihdgd",
"/usr/lib/drivers/intel-lpss-i2cd",
"/usr/lib/drivers/intel-thc-hidd",
"/usr/lib/drivers/ixgbed",
"/usr/lib/drivers/rtl8139d",
"/usr/lib/drivers/rtl8168d",
"/usr/lib/drivers/sb16d",
"/usr/lib/drivers/thermald",
"/usr/lib/drivers/usbctl",
"/usr/lib/drivers/usbhidd",
"/usr/lib/drivers/usbhubd",
"/usr/lib/drivers/usbscsid",
"/usr/lib/drivers/vboxd",
"/usr/lib/drivers/virtio-gpud",
"/usr/lib/drivers/virtio-netd",
"/usr/lib/drivers/xhcid",
"/usr/lib/init.d/00_base.target",
"/usr/lib/init.d/00_ipcd.service",
"/usr/lib/init.d/00_pcid-spawner.service",
"/usr/lib/init.d/00_ptyd.service",
"/usr/lib/init.d/00_sudo.service",
"/usr/lib/init.d/00_tmp",
"/usr/lib/init.d/05_boot_essential.target",
"/usr/lib/init.d/10_dhcpd.service",
"/usr/lib/init.d/10_net.target",
"/usr/lib/init.d/10_smolnetd.service",
"/usr/lib/init.d/12_boot_late.target",
"/usr/lib/init.d/12_dbus.service",
"/usr/lib/init.d/13_seatd.service",
"/usr/lib/init.d/13_sessiond.service",
"/usr/lib/init.d/20_audiod.service",
"/usr/lib/init.d/29_activate_console.service",
"/usr/lib/init.d/30_console.service",
"/usr/lib/init.d/30_thermald.service",
"/usr/lib/init.d/31_debug_console.service",
]
[build]
template = "custom"
script = """