Red Bear OS — microkernel OS in Rust, based on Redox

Derivative of Redox OS (https://www.redox-os.org) adding:
- AMD GPU driver (amdgpu) via LinuxKPI compat layer
- ext4 filesystem support (ext4d scheme daemon)
- ACPI fixes for AMD bare metal (x2APIC, DMAR, IVRS, MCFG)
- Custom branding (hostname, os-release, boot identity)

Build system is full upstream Redox with RBOS overlay in local/.
Patches for kernel, base, and relibc are symlinked from local/patches/
and protected from make clean/distclean. Custom recipes live in
local/recipes/ with symlinks into the recipes/ search path.

Build:  make all CONFIG_NAME=redbear-full
Sync:   ./local/scripts/sync-upstream.sh

recipes/net/download/curl/recipe.toml

@@ -0,0 +1,30 @@
+[source]
+git = "https://gitlab.redox-os.org/redox-os/curl.git"
+branch = "redox-8.6"
+upstream = "https://github.com/curl/curl.git"
+
+[build]
+template = "cmake"
+dependencies = [
+    #TODO: git fails to build when this is a dependency: "libpsl",
+    "nghttp2",
+    "openssl3",
+    "zlib",
+]
+cmakeflags = [
+    "-DCURL_DISABLE_FTP=On",
+    "-DCURL_DISABLE_TFTP=On",
+    "-DENABLE_IPV6=Off",
+    "-DCURL_DISABLE_NTLM=On",
+    "-DENABLE_THREADED_RESOLVER=Off",
+    "-DCURL_CA_PATH=/etc/ssl/certs",
+    "-DUSE_NGHTTP2=On",
+    "-DCURL_USE_OPENSSL=On",
+    "-DUSE_ZLIB=On",
+    "-DCURL_USE_LIBPSL=Off",
+]
+
+[package]
+dependencies = [
+    "ca-certificates"
+]

recipes/net/download/wget/recipe.toml

@@ -0,0 +1,11 @@
+[source]
+tar = "https://ftp.gnu.org/gnu/wget/wget-1.21.4.tar.gz"
+blake3 = "1c3c31259d23ed3890535fd3b8713082c74e41d459c8f290c1650ab1afab8f35"
+[build]
+dependencies = [
+    "openssl3",
+]
+template = "configure"
+configureflags = [
+    "--with-ssl=openssl"
+]

recipes/net/http/simple-http-server/recipe.toml

@@ -0,0 +1,11 @@
+[source]
+git = "https://github.com/TheWaWaR/simple-http-server"
+[build]
+template = "custom"
+dependencies = [
+    "openssl1",
+]
+script = """
+DYNAMIC_INIT
+cookbook_cargo
+"""

recipes/net/nginx/recipe.toml

@@ -0,0 +1,65 @@
+#TODO FastCGI not working
+[source]
+tar = "https://nginx.org/download/nginx-1.28.0.tar.gz"
+patches = [
+    "redox.patch"
+]
+
+[build]
+template = "custom"
+dependencies = [
+    "pcre",
+    "openssl3",
+    "zlib",
+]
+script = """
+DYNAMIC_INIT
+rsync -av --delete "${COOKBOOK_SOURCE}"/* ./
+ARCH="${TARGET%%-*}"
+COOKBOOK_CONFIGURE_FLAGS=(
+    --crossbuild=Redox:$ARCH
+    --with-cc="$CC"
+    --with-cc-opt="$CFLAGS $CPPFLAGS"
+    --with-ld-opt="$LDFLAGS"
+    --sbin-path=/usr/bin/nginx 
+    --modules-path=/usr/lib/nginx/modules
+    --conf-path=/etc/nginx/nginx.conf
+    --error-log-path=/var/log/nginx/error.log
+    --http-log-path=/var/log/nginx/access.log 
+    --http-client-body-temp-path=/var/lib/nginx/body 
+    --http-proxy-temp-path=/var/lib/nginx/proxy 
+    --http-fastcgi-temp-path=/var/lib/nginx/fastcgi 
+    --http-uwsgi-temp-path=/var/lib/nginx/uwsgi 
+    --http-scgi-temp-path=/var/lib/nginx/scgi 
+    --pid-path=/var/run/nginx.pid
+    --lock-path=/var/lock/nginx.lock
+    --user=nginx
+    --group=nginx
+    --with-compat
+    --with-debug
+    --with-pcre
+    --with-pcre-jit
+    --with-stream
+    --with-stream_realip_module
+    --with-stream_ssl_module
+    --with-stream_ssl_preread_module
+    --with-threads
+    --with-http_ssl_module
+    --with-http_v2_module
+    --with-http_v3_module
+    --with-http_realip_module
+    --with-http_gzip_static_module
+    --with-http_stub_status_module
+    --with-http_addition_module
+)
+
+unset AR AS CC CXX LD LDFLAGS NM OBJCOPY OBJDUMP RANLIB READELF RUSTFLAGS STRIP
+
+cookbook_configure
+
+mkdir -p "$COOKBOOK_STAGE"/var/lib/nginx/{body,proxy,fastcgi,uwsgi,scgi} \
+ "$COOKBOOK_STAGE"/var/log/nginx/
+#TODO: pkgar don't track empty directories
+touch "$COOKBOOK_STAGE"/var/lib/nginx/{body,proxy,fastcgi,uwsgi,scgi}/.tmp \
+ "$COOKBOOK_STAGE"/var/log/nginx/.tmp
+"""

recipes/net/nginx/redox.patch

@@ -0,0 +1,111 @@
+diff -ruwN source/auto/cc/clang source-new/auto/cc/clang
+--- source/auto/cc/clang	2025-04-23 18:48:54.000000000 +0700
++++ source-new/auto/cc/clang	2026-02-24 07:55:59.340299231 +0700
+@@ -88,9 +88,6 @@
+     CFLAGS="$CFLAGS -Wno-deprecated-declarations"
+ fi
+ 
+-# stop on warning
+-CFLAGS="$CFLAGS -Werror"
+-
+ # debug
+ CFLAGS="$CFLAGS -g"
+ 
+diff -ruwN source/auto/cc/gcc source-new/auto/cc/gcc
+--- source/auto/cc/gcc	2025-04-23 18:48:54.000000000 +0700
++++ source-new/auto/cc/gcc	2026-02-24 07:56:03.156908192 +0700
+@@ -165,9 +165,6 @@
+ esac
+ 
+ 
+-# stop on warning
+-CFLAGS="$CFLAGS -Werror"
+-
+ # debug
+ CFLAGS="$CFLAGS -g"
+ 
+diff -ruwN source/auto/feature source-new/auto/feature
+--- source/auto/feature	2025-04-23 18:48:54.000000000 +0700
++++ source-new/auto/feature	2025-09-16 02:44:58.617532926 +0700
+@@ -53,7 +53,7 @@
+ 
+         yes)
+             # /bin/sh is used to intercept "Killed" or "Abort trap" messages
+-            if /bin/sh -c $NGX_AUTOTEST >> $NGX_AUTOCONF_ERR 2>&1; then
++            #if /bin/sh -c $NGX_AUTOTEST >> $NGX_AUTOCONF_ERR 2>&1; then
+                 echo " found"
+                 ngx_found=yes
+ 
+@@ -61,9 +61,9 @@
+                     have=$ngx_have_feature . auto/have
+                 fi
+ 
+-            else
+-                echo " found but is not working"
+-            fi
++            #else
++            #    echo " found but is not working"
++            #fi
+         ;;
+ 
+         value)
+diff -ruwN source/auto/types/sizeof source-new/auto/types/sizeof
+--- source/auto/types/sizeof	2025-04-23 18:48:54.000000000 +0700
++++ source-new/auto/types/sizeof	2025-09-16 02:44:58.618532943 +0700
+@@ -33,7 +33,7 @@
+ END
+ 
+ 
+-ngx_test="$CC $CC_TEST_FLAGS $CC_AUX_FLAGS \
++ngx_test="gcc $CC_TEST_FLAGS $CC_AUX_FLAGS \
+           -o $NGX_AUTOTEST $NGX_AUTOTEST.c $NGX_LD_OPT $ngx_feature_libs"
+ 
+ eval "$ngx_test >> $NGX_AUTOCONF_ERR 2>&1"
+diff -ruwN source/auto/types/typedef source-new/auto/types/typedef
+--- source/auto/types/typedef	2025-04-23 18:48:54.000000000 +0700
++++ source-new/auto/types/typedef	2025-09-16 02:44:58.618532943 +0700
+@@ -34,7 +34,7 @@
+ 
+ END
+ 
+-    ngx_test="$CC $CC_TEST_FLAGS $CC_AUX_FLAGS \
++    ngx_test="gcc $CC_TEST_FLAGS $CC_AUX_FLAGS \
+               -o $NGX_AUTOTEST $NGX_AUTOTEST.c $NGX_LD_OPT $ngx_feature_libs"
+ 
+     eval "$ngx_test >> $NGX_AUTOCONF_ERR 2>&1"
+diff -ruwN source/src/os/unix/ngx_process.c source-new/src/os/unix/ngx_process.c
+--- source/src/os/unix/ngx_process.c	2025-04-23 18:48:54.000000000 +0700
++++ source-new/src/os/unix/ngx_process.c	2025-09-16 02:44:58.618532943 +0700
+@@ -143,6 +143,7 @@
+         }
+ 
+         on = 1;
++        /*
+         if (ioctl(ngx_processes[s].channel[0], FIOASYNC, &on) == -1) {
+             ngx_log_error(NGX_LOG_ALERT, cycle->log, ngx_errno,
+                           "ioctl(FIOASYNC) failed while spawning \"%s\"", name);
+@@ -156,6 +157,7 @@
+             ngx_close_channel(ngx_processes[s].channel, cycle->log);
+             return NGX_INVALID_PID;
+         }
++        */
+ 
+         if (fcntl(ngx_processes[s].channel[0], F_SETFD, FD_CLOEXEC) == -1) {
+             ngx_log_error(NGX_LOG_ALERT, cycle->log, ngx_errno,
+diff -ruwN source/src/os/unix/ngx_process_cycle.c source-new/src/os/unix/ngx_process_cycle.c
+--- source/src/os/unix/ngx_process_cycle.c	2025-04-23 18:48:54.000000000 +0700
++++ source-new/src/os/unix/ngx_process_cycle.c	2025-09-27 02:17:21.509383985 +0700
+@@ -804,11 +804,13 @@
+             exit(2);
+         }
+ 
++        /*
+         if (initgroups(ccf->username, ccf->group) == -1) {
+             ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno,
+                           "initgroups(%s, %d) failed",
+                           ccf->username, ccf->group);
+         }
++        */
+ 
+ #if (NGX_HAVE_PR_SET_KEEPCAPS && NGX_HAVE_CAPABILITIES)
+         if (ccf->transparent && ccf->user) {

recipes/net/openssh/recipe.toml

@@ -0,0 +1,37 @@
+#TODO lack of resolv.h, expect dns not working
+#TODO lack of utmpx.h, expect no way to track login in sshd
+[source]
+tar = "https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.8p1.tar.gz"
+patches = [
+    "redox.patch",
+]
+[build]
+template = "custom"
+dependencies = [
+    "openssl3",
+    "zlib",
+    "zstd",
+]
+script = """
+DYNAMIC_INIT
+COOKBOOK_CONFIGURE_FLAGS+=(
+    --disable-strip
+    --sysconfdir=/etc/ssh
+)
+export CFLAGS+=" -DSYSTEMD_NOTIFY=1"
+cookbook_configure
+mv "${COOKBOOK_STAGE}"/usr/sbin/sshd "${COOKBOOK_STAGE}"/usr/bin/sshd
+rmdir "${COOKBOOK_STAGE}"/usr/sbin
+
+# Extracted from `make host-key-force`
+# TODO: Postscript to generate this
+# ssh-keygen -t dsa -f "${COOKBOOK_STAGE}"/etc/ssh/ssh_host_dsa_key -N ""
+# ssh-keygen -t rsa -f "${COOKBOOK_STAGE}"/etc/ssh/ssh_host_rsa_key -N ""
+# ssh-keygen -t ed25519 -f "${COOKBOOK_STAGE}"/etc/ssh/ssh_host_ed25519_key -N ""
+# ssh-keygen -t ecdsa -f "${COOKBOOK_STAGE}"/etc/ssh/ssh_host_ecdsa_key -N ""
+
+CONFIG_FILE="${COOKBOOK_STAGE}"/etc/ssh/sshd_config
+
+# ipv6 is not working yet
+sed -i "s/#AddressFamily any/AddressFamily inet/g" "${CONFIG_FILE}"
+"""

recipes/net/openssh/redox.patch

@@ -0,0 +1,686 @@
+diff -ruwN source/configure source-new/configure
+--- source/configure	2024-07-01 11:36:28.000000000 +0700
++++ source-new/configure	2025-09-06 23:54:58.147442355 +0700
+@@ -12606,6 +12606,10 @@
+ printf "%s\n" "#define BROKEN_POLL 1" >>confdefs.h
+ 
+ 	;;
++*-*-redox)
++
++  # todo
++	;;
+ mips-sony-bsd|mips-sony-newsos4)
+ 
+ printf "%s\n" "#define NEED_SETPGRP 1" >>confdefs.h
+diff -ruwN source/defines.h source-new/defines.h
+--- source/defines.h	2024-07-01 11:36:28.000000000 +0700
++++ source-new/defines.h	2025-09-07 01:35:40.209700338 +0700
+@@ -52,6 +52,18 @@
+ #define IPPORT_RESERVED 0
+ #endif
+ 
++#ifndef IPPORT_RESERVED
++#define IPPORT_RESERVED 1024
++#endif
++
++#ifndef IN_LOOPBACKNET
++#define IN_LOOPBACKNET 127
++#endif
++
++#ifndef MAXDNAME
++#define MAXDNAME 256
++#endif
++
+ /*
+  * Definitions for IP type of service (ip_tos)
+  */
+@@ -454,19 +466,21 @@
+ # define _PATH_DEVNULL "/dev/null"
+ #endif
+ 
+-/* user may have set a different path */
+-#if defined(_PATH_MAILDIR) && defined(MAIL_DIRECTORY)
+-# undef _PATH_MAILDIR
+-#endif /* defined(_PATH_MAILDIR) && defined(MAIL_DIRECTORY) */
+-
+-#ifdef MAIL_DIRECTORY
+-# define _PATH_MAILDIR MAIL_DIRECTORY
++#ifndef _PATH_MAILDIR
++# define _PATH_MAILDIR "/var/mail"
+ #endif
+ 
+ #ifndef _PATH_NOLOGIN
+ # define _PATH_NOLOGIN "/etc/nologin"
+ #endif
+ 
++#ifndef ST_RDONLY
++#define ST_RDONLY	1
++#endif
++#ifndef ST_NOSUID
++#define ST_NOSUID	2
++#endif
++
+ /* Define this to be the path of the xauth program. */
+ #ifdef XAUTH_PATH
+ #define _PATH_XAUTH XAUTH_PATH
+diff -ruwN source/hostfile.c source-new/hostfile.c
+--- source/hostfile.c	2024-07-01 11:36:28.000000000 +0700
++++ source-new/hostfile.c	2025-09-06 21:09:36.555438339 +0700
+@@ -44,7 +44,9 @@
+ #include <netinet/in.h>
+ 
+ #include <errno.h>
++#ifndef __redox__
+ #include <resolv.h>
++#endif
+ #include <stdarg.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+diff -ruwN source/loginrec.c source-new/loginrec.c
+--- source/loginrec.c	2024-07-01 11:36:28.000000000 +0700
++++ source-new/loginrec.c	2025-09-06 21:09:36.556438304 +0700
+@@ -1033,7 +1033,7 @@
+ 		return (0);
+ 	}
+ # else
+-	if (!utmpx_write_direct(li, &ut)) {
++	if (!utmpx_write_direct(li, &utx)) {
+ 		logit("%s: utmp_write_direct() failed", __func__);
+ 		return (0);
+ 	}
+diff -ruwN source/loginrec.h source-new/loginrec.h
+--- source/loginrec.h	2024-07-01 11:36:28.000000000 +0700
++++ source-new/loginrec.h	2025-09-06 21:09:36.556438304 +0700
+@@ -30,6 +30,7 @@
+  **/
+ 
+ #include "includes.h"
++#include "openbsd-compat/utmpx.h"
+ 
+ struct ssh;
+ 
+diff -ruwN source/misc.c source-new/misc.c
+--- source/misc.c	2024-07-01 11:36:28.000000000 +0700
++++ source-new/misc.c	2025-09-07 01:21:42.201992304 +0700
+@@ -2843,7 +2843,6 @@
+ 			error("%s: dup2: %s", tag, strerror(errno));
+ 			_exit(1);
+ 		}
+-		closefrom(STDERR_FILENO + 1);
+ 
+ 		if (geteuid() == 0 &&
+ 		    initgroups(pw->pw_name, pw->pw_gid) == -1) {
+diff -ruwN source/monitor.c source-new/monitor.c
+--- source/monitor.c	2024-07-01 11:36:28.000000000 +0700
++++ source-new/monitor.c	2025-09-07 00:46:23.435378053 +0700
+@@ -484,18 +484,19 @@
+ 		pfd[0].events = POLLIN;
+ 		pfd[1].fd = pmonitor->m_log_recvfd;
+ 		pfd[1].events = pfd[1].fd == -1 ? 0 : POLLIN;
+-		if (poll(pfd, pfd[1].fd == -1 ? 1 : 2, -1) == -1) {
++		// redox can't handle timeout -1 (the poll stuck)
++		if (poll(pfd, pfd[1].fd == -1 ? 1 : 2, 1000) == -1) {
+ 			if (errno == EINTR || errno == EAGAIN)
+ 				continue;
+ 			fatal_f("poll: %s", strerror(errno));
+ 		}
+ 		if (pfd[1].revents) {
++
+ 			/*
+ 			 * Drain all log messages before processing next
+ 			 * monitor request.
+ 			 */
+ 			monitor_read_log(pmonitor);
+-			continue;
+ 		}
+ 		if (pfd[0].revents)
+ 			break;  /* Continues below */
+@@ -1577,7 +1578,8 @@
+ 	res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty));
+ 	if (res == 0)
+ 		goto error;
+-	pty_setowner(authctxt->pw, s->tty);
++	// non sense in redox
++	// pty_setowner(authctxt->pw, s->tty);
+ 
+ 	if ((r = sshbuf_put_u32(m, 1)) != 0 ||
+ 	    (r = sshbuf_put_cstring(m, s->tty)) != 0)
+diff -ruwN source/openbsd-compat/bsd-statvfs.h source-new/openbsd-compat/bsd-statvfs.h
+--- source/openbsd-compat/bsd-statvfs.h	2024-07-01 11:36:28.000000000 +0700
++++ source-new/openbsd-compat/bsd-statvfs.h	2025-09-06 21:09:36.556438304 +0700
+@@ -37,13 +37,6 @@
+ typedef unsigned long fsfilcnt_t;
+ #endif
+ 
+-#ifndef ST_RDONLY
+-#define ST_RDONLY	1
+-#endif
+-#ifndef ST_NOSUID
+-#define ST_NOSUID	2
+-#endif
+-
+ 	/* as defined in IEEE Std 1003.1, 2004 Edition */
+ struct statvfs {
+ 	unsigned long f_bsize;	/* File system block size. */
+diff -ruwN source/openbsd-compat/getrrsetbyname.c source-new/openbsd-compat/getrrsetbyname.c
+--- source/openbsd-compat/getrrsetbyname.c	2024-07-01 11:36:28.000000000 +0700
++++ source-new/openbsd-compat/getrrsetbyname.c	2025-09-06 21:09:36.556438304 +0700
+@@ -67,6 +67,52 @@
+ #endif
+ #define _THREAD_PRIVATE(a,b,c) (c)
+ 
++#ifdef __redox__
++
++#include <sys/types.h>
++#include <stdint.h>
++
++/*
++ * Minimalist replacement for <resolv.h> for systems that lack it,
++ * such as Redox OS. This provides the basic structures needed by
++ * the OpenSSH compatibility layer.
++ */
++
++// Define necessary constants
++#define MAXNS           3   /* max # name servers we'll track */
++#define MAXDNSRCH       6   /* max # domains in search path */
++#define MAXRESOLVSORT   10  /* number of nets to sort on */
++#define MAXDNAME        256 /* max length of a domain name */
++
++/*
++ * A simplified, portable version of the resolver state structure.
++ * Glibc-specific fields, hooks, and complex unions have been removed.
++ */
++struct __res_state {
++    int   retrans;                /* retransmission time interval */
++    int   retry;                  /* number of times to retransmit */
++    unsigned long options;        /* option flags */
++    int   nscount;                /* number of name servers */
++    struct sockaddr_in nsaddr_list[MAXNS]; /* address of name servers */
++    unsigned short id;            /* current message id */
++    char *dnsrch[MAXDNSRCH + 1];  /* components of domain to search */
++    char  defdname[MAXDNAME];     /* default domain name */
++    
++    struct {
++        struct in_addr addr;
++        uint32_t       mask;
++    } sort_list[MAXRESOLVSORT];
++    
++    int   res_h_errno;            /* last error code for this context */
++    
++    // Simplified bitfields, removing glibc internals
++    unsigned ndots : 4;           /* threshold for initial abs. query */
++    unsigned nsort : 4;           /* number of elements in sort_list[] */
++};
++
++typedef struct __res_state *res_state;
++#endif /* __redox */
++
+ #ifndef HAVE__RES_EXTERN
+ struct __res_state _res;
+ #endif
+@@ -167,6 +213,24 @@
+ 	struct dns_rr		*next;
+ };
+ 
++#ifdef __redox__
++typedef struct {
++    uint16_t id;
++    uint8_t  rd : 1;
++    uint8_t  tc : 1;
++    uint8_t  aa : 1;
++    uint8_t  opcode : 4;
++    uint8_t  qr : 1;
++    uint8_t  rcode : 4;
++    uint8_t  z : 3;
++    uint8_t  ra : 1;
++    uint16_t qdcount;
++    uint16_t ancount;
++    uint16_t nscount;
++    uint16_t arcount;
++} HEADER;
++#endif
++
+ struct dns_response {
+ 	HEADER			header;
+ 	struct dns_query	*query;
+@@ -221,10 +285,10 @@
+ 	}
+ 
+ 	/* initialize resolver */
+-	if ((_resp->options & RES_INIT) == 0 && res_init() == -1) {
++	// if (res_init() == -1) {
+ 		result = ERRSET_FAIL;
+ 		goto fail;
+-	}
++	// }
+ 
+ #ifdef DEBUG
+ 	_resp->options |= RES_DEBUG;
+@@ -482,12 +546,12 @@
+ 			prev->next = curr;
+ 
+ 		/* name */
+-		length = dn_expand(answer, answer + size, *cp, name,
+-		    sizeof(name));
+-		if (length < 0) {
++		// length = dn_expand(answer, answer + size, *cp, name,
++		//     sizeof(name));
++		// if (length < 0) {
+ 			free_dns_query(head);
+ 			return (NULL);
+-		}
++		// }
+ 		curr->name = strdup(name);
+ 		if (curr->name == NULL) {
+ 			free_dns_query(head);
+@@ -542,12 +606,12 @@
+ 			prev->next = curr;
+ 
+ 		/* name */
+-		length = dn_expand(answer, answer + size, *cp, name,
+-		    sizeof(name));
+-		if (length < 0) {
++		// length = dn_expand(answer, answer + size, *cp, name,
++		//     sizeof(name));
++		// if (length < 0) {
+ 			free_dns_rr(head);
+ 			return (NULL);
+-		}
++		// }
+ 		curr->name = strdup(name);
+ 		if (curr->name == NULL) {
+ 			free_dns_rr(head);
+diff -ruwN source/openbsd-compat/getrrsetbyname.h source-new/openbsd-compat/getrrsetbyname.h
+--- source/openbsd-compat/getrrsetbyname.h	2024-07-01 11:36:28.000000000 +0700
++++ source-new/openbsd-compat/getrrsetbyname.h	2025-09-06 21:09:36.557438268 +0700
+@@ -54,9 +54,13 @@
+ 
+ #include <sys/types.h>
+ #include <netinet/in.h>
++#ifndef __redox__
+ #include <arpa/nameser.h>
++#endif
+ #include <netdb.h>
++#ifndef __redox__
+ #include <resolv.h>
++#endif
+ 
+ #ifndef HFIXEDSZ
+ #define HFIXEDSZ 12
+diff -ruwN source/openbsd-compat/inet_ntop.c source-new/openbsd-compat/inet_ntop.c
+--- source/openbsd-compat/inet_ntop.c	2024-07-01 11:36:28.000000000 +0700
++++ source-new/openbsd-compat/inet_ntop.c	2025-09-06 21:09:36.557438268 +0700
+@@ -26,7 +26,9 @@
+ #include <sys/socket.h>
+ #include <netinet/in.h>
+ #include <arpa/inet.h>
++#ifndef __redox__
+ #include <arpa/nameser.h>
++#endif
+ #include <string.h>
+ #include <errno.h>
+ #include <stdio.h>
+diff -ruwN source/openbsd-compat/openbsd-compat.h source-new/openbsd-compat/openbsd-compat.h
+--- source/openbsd-compat/openbsd-compat.h	2024-07-01 11:36:28.000000000 +0700
++++ source-new/openbsd-compat/openbsd-compat.h	2025-09-06 21:09:36.557438268 +0700
+@@ -36,6 +36,8 @@
+ 
+ #include <stddef.h>  /* for wchar_t */
+ 
++#include "getopt.h"
++
+ /* OpenBSD function replacements */
+ #include "base64.h"
+ #include "sigact.h"
+diff -ruwN source/openbsd-compat/utmpx.c source-new/openbsd-compat/utmpx.c
+--- source/openbsd-compat/utmpx.c	1970-01-01 07:00:00.000000000 +0700
++++ source-new/openbsd-compat/utmpx.c	2025-09-06 21:09:36.557438268 +0700
+@@ -0,0 +1,13 @@
++#include "utmpx.h"
++#include <stddef.h> // For NULL
++
++#ifdef __redox__
++
++void endutxent(void) { /* Do nothing */ }
++struct utmpx *getutxent(void) { return NULL; }
++struct utmpx *getutxid(const struct utmpx *ut) { return NULL; }
++struct utmpx *getutxline(const struct utmpx *ut) { return NULL; }
++struct utmpx *pututxline(const struct utmpx *ut) { return NULL; }
++void setutxent(void) { /* Do nothing */ }
++
++#endif
+\ No newline at end of file
+diff -ruwN source/openbsd-compat/utmpx.h source-new/openbsd-compat/utmpx.h
+--- source/openbsd-compat/utmpx.h	1970-01-01 07:00:00.000000000 +0700
++++ source-new/openbsd-compat/utmpx.h	2025-09-06 21:09:36.557438268 +0700
+@@ -0,0 +1,69 @@
++#ifndef _COMPAT_UTMPX_H
++#define _COMPAT_UTMPX_H
++#ifdef __redox__
++#include <sys/types.h>
++#include <sys/time.h>
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++/*
++ * This header provides a POSIX-compliant definition of the utmpx structure
++ * and related functions for systems that lack a native <utmpx.h>, such as Redox OS.
++ */
++
++// Define standard sizes for character arrays, based on common practice (e.g., Linux)
++#define UT_LINESIZE   32
++#define UT_NAMESIZE   32
++#define UT_HOSTSIZE   256
++#define UT_IDSIZE     4
++
++/*
++ * The utmpx structure, containing user accounting information.
++ */
++struct utmpx {
++    char            ut_user[UT_NAMESIZE]; /* User login name */
++    char            ut_id[UT_IDSIZE];     /* Unspecified terminal id */
++    char            ut_line[UT_LINESIZE]; /* Device name of tty */
++    pid_t           ut_pid;               /* Process ID */
++    short           ut_type;              /* Type of entry */
++    struct timeval  ut_tv;                /* Time entry was made */
++    // Non-standard but very common fields, often needed for compatibility
++    char            ut_host[UT_HOSTSIZE]; /* Host name for remote login */
++    // Padding to align the structure, if necessary
++    char            __padding[16];
++};
++
++/*
++ * Symbolic constants for the ut_type field.
++ */
++#define EMPTY           0 /* No valid user accounting information */
++#define BOOT_TIME       1 /* Time of system boot */
++#define OLD_TIME        2 /* Time when system clock changed */
++#define NEW_TIME        3 /* Time after system clock changed */
++#define USER_PROCESS    4 /* A user process */
++#define INIT_PROCESS    5 /* A process spawned by the init process */
++#define LOGIN_PROCESS   6 /* The session leader of a logged-in user */
++#define DEAD_PROCESS    7 /* A session leader who has exited */
++
++/*
++ * Function prototypes for utmpx database manipulation.
++ *
++ * NOTE: These are stubs. Since Redox OS does not have a utmp/utmpx
++ * database, these functions won't have a real implementation. They
++ * are declared here to satisfy the linker.
++ */
++void          endutxent(void);
++struct utmpx *getutxent(void);
++struct utmpx *getutxid(const struct utmpx *);
++struct utmpx *getutxline(const struct utmpx *);
++struct utmpx *pututxline(const struct utmpx *);
++void          setutxent(void);
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* __redox__ */
++#endif /* _COMPAT_UTMPX_H */
+\ No newline at end of file
+diff -ruwN source/readconf.c source-new/readconf.c
+--- source/readconf.c	2024-07-01 11:36:28.000000000 +0700
++++ source-new/readconf.c	2025-09-07 01:21:42.201992304 +0700
+@@ -554,7 +554,6 @@
+ 
+ 		if (stdfd_devnull(1, 1, 0) == -1)
+ 			fatal_f("stdfd_devnull failed");
+-		closefrom(STDERR_FILENO + 1);
+ 
+ 		argv[0] = shell;
+ 		argv[1] = "-c";
+diff -ruwN source/readpass.c source-new/readpass.c
+--- source/readpass.c	2024-07-01 11:36:28.000000000 +0700
++++ source-new/readpass.c	2025-09-07 01:21:42.201992304 +0700
+@@ -278,7 +278,6 @@
+ 	if (pid == 0) {
+ 		if (stdfd_devnull(1, 1, 0) == -1)
+ 			fatal_f("stdfd_devnull failed");
+-		closefrom(STDERR_FILENO + 1);
+ 		setenv("SSH_ASKPASS_PROMPT", "none", 1); /* hint to UI */
+ 		execlp(askpass, askpass, prompt, (char *)NULL);
+ 		error_f("exec(%s): %s", askpass, strerror(errno));
+diff -ruwN source/regress/netcat.c source-new/regress/netcat.c
+--- source/regress/netcat.c	2024-07-01 11:36:28.000000000 +0700
++++ source-new/regress/netcat.c	2025-09-06 21:09:36.558438233 +0700
+@@ -1384,7 +1384,9 @@
+ #include <stdlib.h>
+ #include <string.h>
+ #include <unistd.h>
++#ifndef __redox__
+ #include <resolv.h>
++#endif
+ 
+ #define SOCKS_PORT	"1080"
+ #define HTTP_PROXY_PORT	"3128"
+diff -ruwN source/session.c source-new/session.c
+--- source/session.c	2024-07-01 11:36:28.000000000 +0700
++++ source-new/session.c	2025-09-07 01:22:43.637928015 +0700
+@@ -1365,10 +1365,12 @@
+ 			exit(1);
+ 		}
+ 		/* Initialize the group list. */
++#ifndef __redox__
+ 		if (initgroups(pw->pw_name, pw->pw_gid) < 0) {
+ 			perror("initgroups");
+ 			exit(1);
+ 		}
++#endif
+ 		endgrent();
+ #endif
+ 
+@@ -1490,7 +1492,6 @@
+ 	 * initgroups, because at least on Solaris 2.3 it leaves file
+ 	 * descriptors open.
+ 	 */
+-	closefrom(STDERR_FILENO + 1);
+ }
+ 
+ /*
+@@ -1624,7 +1625,6 @@
+ 			exit(1);
+ 	}
+ 
+-	closefrom(STDERR_FILENO + 1);
+ 
+ 	do_rc_files(ssh, s, shell);
+ 
+diff -ruwN source/sshbuf-misc.c source-new/sshbuf-misc.c
+--- source/sshbuf-misc.c	2024-07-01 11:36:28.000000000 +0700
++++ source-new/sshbuf-misc.c	2025-09-06 21:09:36.559438198 +0700
+@@ -28,7 +28,9 @@
+ #include <stdio.h>
+ #include <limits.h>
+ #include <string.h>
++#ifndef __redox__
+ #include <resolv.h>
++#endif
+ #include <ctype.h>
+ #include <unistd.h>
+ 
+diff -ruwN source/ssh.c source-new/ssh.c
+--- source/ssh.c	2024-07-01 11:36:28.000000000 +0700
++++ source-new/ssh.c	2025-09-07 01:22:43.638928030 +0700
+@@ -689,7 +689,6 @@
+ 	 * Discard other fds that are hanging around. These can cause problem
+ 	 * with backgrounded ssh processes started by ControlPersist.
+ 	 */
+-	closefrom(STDERR_FILENO + 1);
+ 
+ 	__progname = ssh_get_progname(av[0]);
+ 
+diff -ruwN source/sshconnect2.c source-new/sshconnect2.c
+--- source/sshconnect2.c	2024-07-01 11:36:28.000000000 +0700
++++ source-new/sshconnect2.c	2025-09-07 01:22:58.683157171 +0700
+@@ -2057,7 +2057,6 @@
+ 		sock = STDERR_FILENO + 1;
+ 		if (fcntl(sock, F_SETFD, 0) == -1) /* keep the socket on exec */
+ 			debug3_f("fcntl F_SETFD: %s", strerror(errno));
+-		closefrom(sock + 1);
+ 
+ 		debug3_f("[child] pid=%ld, exec %s",
+ 		    (long)getpid(), _PATH_SSH_KEY_SIGN);
+diff -ruwN source/sshd.c source-new/sshd.c
+--- source/sshd.c	2024-07-01 11:36:28.000000000 +0700
++++ source-new/sshd.c	2025-09-07 01:39:34.681252169 +0700
+@@ -1222,7 +1222,7 @@
+ 		debug("setgroups(): %.200s", strerror(errno));
+ 
+ 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+-	sanitise_stdfd();
++	// sanitise_stdfd();
+ 
+ 	/* Initialize configuration options to their default values. */
+ 	initialize_server_options(&options);
+@@ -1344,7 +1344,6 @@
+ 	if (!test_flag && !do_dump_cfg && !path_absolute(av[0]))
+ 		fatal("sshd requires execution with an absolute path");
+ 
+-	closefrom(STDERR_FILENO + 1);
+ 
+ 	/* Reserve fds we'll need later for reexec things */
+ 	if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1)
+@@ -1482,13 +1481,13 @@
+ 			    options.host_key_files[i]);
+ 			key->sk_flags &= ~SSH_SK_USER_PRESENCE_REQD;
+ 		}
+-		if (r == 0 && key != NULL &&
+-		    (r = sshkey_shield_private(key)) != 0) {
+-			do_log2_r(r, ll, "Unable to shield host key \"%s\"",
+-			    options.host_key_files[i]);
+-			sshkey_free(key);
+-			key = NULL;
+-		}
++		// if (r == 0 && key != NULL &&
++		//     (r = sshkey_shield_private(key)) != 0) {
++		// 	do_log2_r(r, ll, "Unable to shield host key \"%s\"",
++		// 	    options.host_key_files[i]);
++		// 	sshkey_free(key);
++		// 	key = NULL;
++		// }
+ 		if ((r = sshkey_load_public(options.host_key_files[i],
+ 		    &pubkey, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR)
+ 			do_log2_r(r, ll, "Unable to load host key \"%s\"",
+@@ -1600,8 +1599,7 @@
+ 	}
+ 
+ 	/* Ensure privsep directory is correctly configured. */
+-	need_chroot = ((getuid() == 0 || geteuid() == 0) ||
+-	    options.kerberos_authentication);
++	need_chroot = 0;// ((getuid() == 0 || geteuid() == 0) || options.kerberos_authentication);
+ 	if ((getpwnam(SSH_PRIVSEP_USER)) == NULL && need_chroot) {
+ 		fatal("Privilege separation user %s does not exist",
+ 		    SSH_PRIVSEP_USER);
+@@ -1773,7 +1771,7 @@
+ 		close(startup_pipe);
+ 	}
+ 	log_redirect_stderr_to(NULL);
+-	closefrom(REEXEC_MIN_FREE_FD);
++	// closefrom(REEXEC_MIN_FREE_FD);
+ 
+ 	ssh_signal(SIGHUP, SIG_IGN); /* avoid reset to SIG_DFL */
+ 	execv(rexec_argv[0], rexec_argv);
+diff -ruwN source/sshd-session.c source-new/sshd-session.c
+--- source/sshd-session.c	2024-07-01 11:36:28.000000000 +0700
++++ source-new/sshd-session.c	2025-09-06 21:15:43.796191268 +0700
+@@ -1031,7 +1031,7 @@
+ 	if (!rexeced_flag)
+ 		fatal("sshd-session should not be executed directly");
+ 
+-	closefrom(REEXEC_MIN_FREE_FD);
++	// closefrom(REEXEC_MIN_FREE_FD);
+ 
+ 	seed_rng();
+ 
+@@ -1073,7 +1073,7 @@
+ 	options.timing_secret = timing_secret;
+ 
+ 	/* Store privilege separation user for later use if required. */
+-	privsep_chroot = (getuid() == 0 || geteuid() == 0);
++	privsep_chroot = 0;// (getuid() == 0 || geteuid() == 0);
+ 	if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) {
+ 		if (privsep_chroot || options.kerberos_authentication)
+ 			fatal("Privilege separation user %s does not exist",
+diff -ruwN source/sshkey.c source-new/sshkey.c
+--- source/sshkey.c	2024-07-01 11:36:28.000000000 +0700
++++ source-new/sshkey.c	2025-09-06 21:09:36.567437916 +0700
+@@ -43,7 +43,9 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
++#ifndef __redox__
+ #include <resolv.h>
++#endif
+ #include <time.h>
+ #ifdef HAVE_UTIL_H
+ #include <util.h>
+diff -ruwN source/ssh-sk-client.c source-new/ssh-sk-client.c
+--- source/ssh-sk-client.c	2024-07-01 11:36:28.000000000 +0700
++++ source-new/ssh-sk-client.c	2025-09-07 01:21:42.201992304 +0700
+@@ -91,7 +91,6 @@
+ 		}
+ 		close(pair[0]);
+ 		close(pair[1]);
+-		closefrom(STDERR_FILENO + 1);
+ 		debug_f("starting %s %s", helper,
+ 		    verbosity == NULL ? "" : verbosity);
+ 		execlp(helper, helper, verbosity, (char *)NULL);
+diff -ruwN source/ssh-sk-helper.c source-new/ssh-sk-helper.c
+--- source/ssh-sk-helper.c	2024-07-01 11:36:28.000000000 +0700
++++ source-new/ssh-sk-helper.c	2025-09-07 01:22:43.638928030 +0700
+@@ -303,7 +303,6 @@
+ 	 * Rearrange our file descriptors a little; we don't trust the
+ 	 * providers not to fiddle with stdin/out.
+ 	 */
+-	closefrom(STDERR_FILENO + 1);
+ 	if ((in = dup(STDIN_FILENO)) == -1 || (out = dup(STDOUT_FILENO)) == -1)
+ 		fatal("%s: dup: %s", __progname, strerror(errno));
+ 	close(STDIN_FILENO);
+diff -ruwN source/uidswap.c source-new/uidswap.c
+--- source/uidswap.c	2024-07-01 11:36:28.000000000 +0700
++++ source-new/uidswap.c	2025-09-07 00:01:52.531094834 +0700
+@@ -37,7 +37,7 @@
+  * POSIX saved uids or not.
+  */
+ 
+-#if defined(_POSIX_SAVED_IDS) && !defined(BROKEN_SAVED_UIDS)
++#if !defined(BROKEN_SAVED_UIDS)
+ /* Lets assume that posix saved ids also work with seteuid, even though that
+    is not part of the posix specification. */
+ #define SAVED_IDS_WORK_WITH_SETEUID
+@@ -83,6 +83,9 @@
+ 	privileged = 1;
+ 	temporarily_use_uid_effective = 1;
+ 
++	// getgroups broken in redox
++#ifndef __redox__
++
+ 	saved_egroupslen = getgroups(0, NULL);
+ 	if (saved_egroupslen == -1)
+ 		fatal("getgroups: %.100s", strerror(errno));
+@@ -119,6 +122,7 @@
+ 	/* Set the effective uid to the given (unprivileged) uid. */
+ 	if (setgroups(user_groupslen, user_groups) == -1)
+ 		fatal("setgroups: %.100s", strerror(errno));
++#endif
+ #ifndef SAVED_IDS_WORK_WITH_SETEUID
+ 	/* Propagate the privileged gid to all of our gids. */
+ 	if (setgid(getegid()) == -1)
+@@ -168,8 +172,11 @@
+ 		fatal("%s: setgid failed: %s", __func__, strerror(errno));
+ #endif /* SAVED_IDS_WORK_WITH_SETEUID */
+ 
++	// setgroups broken in redox
++#ifndef __redox__
+ 	if (setgroups(saved_egroupslen, saved_egroups) == -1)
+ 		fatal("setgroups: %.100s", strerror(errno));
++#endif
+ 	temporarily_use_uid_effective = 0;
+ }
+ 

recipes/net/redox-ssh/recipe.toml

@@ -0,0 +1,5 @@
+[source]
+git = "https://gitlab.redox-os.org/redox-os/redox-ssh.git"
+
+[build]
+template = "cargo"

recipes/net/rsync/recipe.toml

@@ -0,0 +1,12 @@
+[source]
+tar = "https://download.samba.org/pub/rsync/src/rsync-3.4.1.tar.gz"
+patches = ["redox.patch"]
+
+[build]
+template = "configure"
+dependencies = [
+    "zstd",
+    "lz4",
+    "openssl1",
+    "xxhash",
+]

recipes/net/rsync/redox.patch

@@ -0,0 +1,25 @@
+diff -ruwN source/rsync.h source-new/rsync.h
+--- source/rsync.h	2025-01-16 02:21:54.000000000 +0700
++++ source-new/rsync.h	2025-09-08 12:18:06.427647717 +0700
+@@ -483,6 +483,21 @@
+ #include <sys/sysmacros.h>
+ #endif
+ 
++#ifdef __redox__
++
++// no sys/sysmacros.h, probably no problem
++#include <sys/types.h>
++#define major(dev) (0)
++#define minor(dev) (0)
++#define makedev(maj, min) (0)
++
++// no openat yet
++#undef O_NOFOLLOW
++#undef O_DIRECTORY
++#undef AT_FDCWD
++
++#endif
++
+ #ifdef MAKEDEV_TAKES_3_ARGS
+ #define MAKEDEV(devmajor,devminor) makedev(0,devmajor,devminor)
+ #else