feat: build system transition to release fork + archive hardening
Release fork infrastructure: - REDBEAR_RELEASE=0.1.1 with offline enforcement (fetch/distclean/unfetch blocked) - 195 BLAKE3-verified source archives in standard format - Atomic provisioning via provision-release.sh (staging + .complete sentry) - 5-phase improvement plan: restore format auto-detection, source tree validation (validate-source-trees.py), archive-map.json, REPO_BINARY fallback Archive normalization: - Removed 87 duplicate/unversioned archives from shared pool - Regenerated all archives in consistent format with source/ + recipe.toml - BLAKE3SUMS and manifest.json generated from stable tarball set Patch management: - verify-patches.sh: pre-sync dry-run report (OK/REVERSED/CONFLICT) - 121 upstream-absorbed patches moved to absorbed/ directories - 43 active patches verified clean against rebased sources - Stress test: base updated to upstream HEAD, relibc reset and patched Compilation fixes: - relibc: Vec imports in redox-rt (proc.rs, lib.rs, sys.rs) - relibc: unsafe from_raw_parts in mod.rs (2024 edition) - fetch.rs: rev comparison handles short/full hash prefixes - kibi recipe: corrected rev mismatch New scripts: restore-sources.sh, provision-release.sh, verify-sources-archived.sh, check-upstream-releases.sh, validate-source-trees.py, verify-patches.sh, repair-archive-format.sh, generate-manifest.py Documentation: AGENTS.md, README.md, local/AGENTS.md updated for release fork model
This commit is contained in:
@@ -189,7 +189,7 @@ live under `local/`:
|
||||
- validation helpers under `local/scripts/`
|
||||
- support-language and roadmap updates under `local/docs/`
|
||||
|
||||
That keeps the first implementation pass aligned with Red Bear's overlay model and rebase strategy.
|
||||
That keeps the first implementation pass aligned with Red Bear's release fork model and rebase strategy.
|
||||
|
||||
### 3. Desktop parity is not the first milestone
|
||||
|
||||
@@ -310,7 +310,7 @@ Some of the implementation targets below refer to upstream-managed trees such as
|
||||
|
||||
In Red Bear, changes against those paths should be carried through the relevant patch carrier under
|
||||
`local/patches/` until intentionally upstreamed. This plan names the technical integration point,
|
||||
not a recommendation to edit upstream-managed trees outside Red Bear's normal overlay model.
|
||||
not a recommendation to edit upstream-managed trees outside Red Bear's normal release fork model.
|
||||
|
||||
### Phase B0 — Scope Freeze and Support Model
|
||||
|
||||
|
||||
@@ -56,7 +56,7 @@ When reordering patches, test the FULL chain: remove source, rebuild, verify.
|
||||
|
||||
`recipes/core/base/recipe.toml` is git-tracked. Changes to it are durable.
|
||||
`recipes/core/base/source/` is a fetched working copy — destroyed by `make clean`,
|
||||
`make distclean`, source refresh, and sync-upstream.
|
||||
`make distclean`, source immutable archived, and provision-release.
|
||||
|
||||
Any change to source/ MUST be preserved as a patch in `local/patches/base/`.
|
||||
|
||||
|
||||
@@ -67,9 +67,9 @@ All profiles produce outputs under `build/x86_64/`. Each profile gets its own di
|
||||
- Enables the shared `wired-dhcp` netctl profile by default for the VM/wired baseline.
|
||||
- Ships the shared firmware/input runtime service prerequisites so the early substrate can be tested on the smallest profile as well.
|
||||
|
||||
### Historical and experimental overlays
|
||||
### Historical and experimental release fork
|
||||
|
||||
- Experimental overlays such as `redbear-bluetooth-experimental` and `redbear-wifi-experimental`
|
||||
- Experimental release fork such as `redbear-bluetooth-experimental` and `redbear-wifi-experimental`
|
||||
are bounded validation slices layered on top of the tracked compile targets, not additional
|
||||
compile targets.
|
||||
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
## Purpose
|
||||
|
||||
This document centralizes what the main repository scripts do and do not handle under the Red Bear
|
||||
overlay model.
|
||||
release fork model.
|
||||
|
||||
The goal is to remove guesswork from the sync/fetch/apply/build workflow.
|
||||
|
||||
@@ -11,11 +11,11 @@ The goal is to remove guesswork from the sync/fetch/apply/build workflow.
|
||||
|
||||
| Script | Primary role | What it handles | What it does **not** guarantee |
|
||||
|---|---|---|---|
|
||||
| `local/scripts/sync-upstream.sh` | Refresh top-level upstream repo state | fetches upstream, reports conflict risk, rebases repo commits, reapplies build-system overlays via `apply-patches.sh` | does not automatically solve every subsystem overlay conflict; does not by itself make upstream WIP recipes safe shipping inputs |
|
||||
| `local/scripts/apply-patches.sh` | Reapply durable Red Bear overlays | applies build-system patches, relinks recipe patch symlinks, relinks local recipe overlays into `recipes/` | does not fully rebase stale patch carriers; does not validate runtime behavior; does not decide WIP ownership for you |
|
||||
| `local/scripts/build-redbear.sh` | Build Red Bear profiles from upstream base + local overlay | applies overlays, builds cookbook if needed, validates profile naming, launches the actual image build; only allows upstream recipe refresh when passed `--upstream` | does not guarantee every nested upstream source tree is fresh; does not replace explicit subsystem/runtime validation |
|
||||
| `scripts/fetch-all-sources.sh` | Fetch mainline recipe source inputs for builds | downloads mainline/upstream recipe sources, reports status/preflight, and supports config-scoped fetches while leaving local overlays in place | does not mean fetched upstream WIP source is the durable shipping source of truth |
|
||||
| `local/scripts/fetch-sources.sh` | Fetch mainline recipe sources for browsing and patching | when passed `--upstream`, fetches `recipes/*` source trees so the upstream-managed side is locally available for reading, editing, and patch preparation | does not decide whether upstream should replace the local overlay |
|
||||
| `local/scripts/provision-release.sh` | Refresh top-level upstream repo state | fetches upstream, reports conflict risk, rebases repo commits, reapplies build-system release fork via `apply-patches.sh` | does not automatically solve every subsystem release fork conflict; does not by itself make upstream WIP recipes safe shipping inputs |
|
||||
| `local/scripts/apply-patches.sh` | Reapply durable Red Bear release fork | applies build-system patches, relinks recipe patch symlinks, relinks local recipe release fork into `recipes/` | does not fully rebase stale patch carriers; does not validate runtime behavior; does not decide WIP ownership for you |
|
||||
| `local/scripts/build-redbear.sh` | Build Red Bear profiles from upstream base + local release fork | applies release fork, builds cookbook if needed, validates profile naming, launches the actual image build; only allows upstream recipe immutable archived when passed `--upstream` | does not guarantee every nested upstream source tree is fresh; does not replace explicit subsystem/runtime validation |
|
||||
| `scripts/fetch-all-sources.sh` | Fetch mainline recipe source inputs for builds | downloads mainline/upstream recipe sources, reports status/preflight, and supports config-scoped fetches while leaving local release fork in place | does not mean fetched upstream WIP source is the durable shipping source of truth |
|
||||
| `local/scripts/fetch-sources.sh` | Fetch mainline recipe sources for browsing and patching | when passed `--upstream`, fetches `recipes/*` source trees so the upstream-managed side is locally available for reading, editing, and patch preparation | does not decide whether upstream should replace the local release fork |
|
||||
| `local/scripts/build-redbear-wifictl-redox.sh` | Build `redbear-wifictl` for the Redox target with the repo toolchain | prepends `prefix/x86_64-unknown-redox/sysroot/bin` to `PATH` and runs `cargo build --target x86_64-unknown-redox` in the `redbear-wifictl` crate | does not prove runtime Wi-Fi behavior; only closes the target-build environment gap for this crate |
|
||||
| `local/scripts/test-iwlwifi-driver-runtime.sh` | Exercise the bounded Intel driver lifecycle inside a target runtime | validates bounded probe/prepare/init/activate/scan/connect/disconnect/retry surfaces for `redbear-iwlwifi` on a live target runtime | does not prove real AP association, packet flow, DHCP success over Wi-Fi, or end-to-end connectivity |
|
||||
| `local/scripts/test-wifi-control-runtime.sh` | Exercise the bounded Wi-Fi control/profile lifecycle inside a target runtime | validates `/scheme/wifictl` control nodes, bounded connect/disconnect behavior, and profile-manager/runtime reporting surfaces on a live target runtime | does not prove real AP association or end-to-end connectivity |
|
||||
@@ -68,8 +68,8 @@ repo already contains `prefix/x86_64-unknown-redox/sysroot/bin/x86_64-unknown-re
|
||||
|
||||
Default Red Bear behavior is local-first:
|
||||
|
||||
- use locally available package/source trees and overlay state for normal builds,
|
||||
- treat upstream refresh as an explicit operator action only (`--upstream`, dedicated fetch/sync),
|
||||
- use locally available package/source trees and release fork state for normal builds,
|
||||
- treat upstream immutable archived as an explicit operator action only (`--upstream`, dedicated fetch/sync),
|
||||
- do not fail policy-level expectations just because upstream network access is temporarily broken.
|
||||
|
||||
This is required so builds and recovery workflows remain operable during upstream outages or
|
||||
@@ -77,14 +77,14 @@ connectivity failures.
|
||||
|
||||
### Upstream sync
|
||||
|
||||
Use `local/scripts/sync-upstream.sh` when the goal is to refresh the top-level upstream Redox base.
|
||||
Use `local/scripts/provision-release.sh` when the goal is to immutable archived the top-level upstream Redox base.
|
||||
|
||||
This is a repository sync operation, not a guarantee that every local subsystem overlay is already
|
||||
This is a repository sync operation, not a guarantee that every local subsystem release fork is already
|
||||
rebased cleanly.
|
||||
|
||||
### Overlay reapplication
|
||||
|
||||
Use `local/scripts/apply-patches.sh` when the goal is to reconstruct Red Bear’s overlay on top of a
|
||||
Use `local/scripts/apply-patches.sh` when the goal is to reconstruct Red Bear’s release fork on top of a
|
||||
fresh upstream tree.
|
||||
|
||||
This is the core durable-state recovery path.
|
||||
@@ -92,13 +92,13 @@ This is the core durable-state recovery path.
|
||||
### Build execution
|
||||
|
||||
Use `local/scripts/build-redbear.sh` when the goal is to build a tracked Red Bear profile from the
|
||||
current upstream base plus local overlay. Add `--upstream` only when you explicitly want Redox/upstream
|
||||
recipe sources refreshed during that build.
|
||||
current upstream base plus local release fork. Add `--upstream` only when you explicitly want Redox/upstream
|
||||
recipe sources immutable archived during that build.
|
||||
|
||||
### Source refresh
|
||||
### Source immutable archived
|
||||
|
||||
Use `scripts/fetch-all-sources.sh` and `local/scripts/fetch-sources.sh --upstream` when the goal is to
|
||||
refresh recipe source inputs, but do not confuse fetched upstream WIP source with a trusted shipping
|
||||
immutable archived recipe source inputs, but do not confuse fetched upstream WIP source with a trusted shipping
|
||||
source.
|
||||
|
||||
## WIP Rule in Script Terms
|
||||
@@ -108,7 +108,7 @@ If a subsystem is still upstream WIP, the scripts should be interpreted this way
|
||||
- fetching upstream WIP source is allowed and useful through the explicit upstream fetch commands or
|
||||
`--upstream` where a wrapper requires it,
|
||||
- syncing upstream WIP source is allowed and useful through the explicit upstream sync command,
|
||||
- but shipping decisions should still prefer the local overlay until upstream promotion and reevaluation happen.
|
||||
- but shipping decisions should still prefer the local release fork until upstream promotion and reevaluation happen.
|
||||
|
||||
That means “script fetched it successfully” is not the same as “Red Bear should now ship upstream’s
|
||||
WIP version directly.”
|
||||
|
||||
@@ -54,7 +54,7 @@ In scope:
|
||||
- evdevd / udev-shim / libinput / seatd integration as they affect Wayland,
|
||||
- Mesa/GBM/EGL software-path proof and the Wayland-facing graphics runtime,
|
||||
- KWin as the intended production Wayland compositor path,
|
||||
- local overlay ownership decisions for Wayland components and validation harnesses.
|
||||
- local release fork ownership decisions for Wayland components and validation harnesses.
|
||||
|
||||
Out of scope:
|
||||
|
||||
@@ -123,7 +123,7 @@ Rules:
|
||||
| Session path | seat/session proof bounded by QEMU validation; full hardware trust supplementary for KWin path |
|
||||
| Hardware graphics | no hardware-accelerated Wayland proof |
|
||||
| KWin truthfulness | reduced-feature real build exists; bounded runtime proof still requires Qt6Quick/QML downstream validation |
|
||||
| WIP ownership | upstream WIP recipes and local overlays are mixed; forward path is not always explicit |
|
||||
| WIP ownership | upstream WIP recipes and local release fork are mixed; forward path is not always explicit |
|
||||
|
||||
## Stability / Completeness Verdict
|
||||
|
||||
|
||||
@@ -303,7 +303,7 @@ Close the loop with evidence, canonical docs, and durable patch carriers.
|
||||
- update canonical docs:
|
||||
- `local/docs/USB-IMPLEMENTATION-PLAN.md`
|
||||
- `local/docs/USB-VALIDATION-RUNBOOK.md`
|
||||
- refresh durable patch carriers under `local/patches/base/`
|
||||
- immutable archived durable patch carriers under `local/patches/base/`
|
||||
- delete only clearly stale, superseded docs after link sweep
|
||||
|
||||
### Exit Criteria
|
||||
@@ -311,7 +311,7 @@ Close the loop with evidence, canonical docs, and durable patch carriers.
|
||||
- all bounded USB/xHCI proofs pass on a fresh image
|
||||
- changed files are diagnostics-clean
|
||||
- canonical docs match actual proof scope
|
||||
- patch carrier is refreshed and reapplicable
|
||||
- patch carrier is immutable archived and reapplicable
|
||||
|
||||
## Validation Matrix
|
||||
|
||||
@@ -356,5 +356,5 @@ This work is complete only when:
|
||||
- `xhcid` builds/tests cleanly
|
||||
- bounded QEMU proof matrix passes on a rebuilt image
|
||||
- canonical docs are synchronized
|
||||
- durable patch carrier is refreshed
|
||||
- durable patch carrier is immutable archived
|
||||
- remaining gaps, if any, are explicitly documented as future or hardware-only work
|
||||
|
||||
@@ -53,9 +53,9 @@ why it is intentionally excluded.
|
||||
- Red Bear builds must remain resilient when access to upstream Redox infrastructure is degraded or
|
||||
unavailable.
|
||||
- Local package/source copies are the default operational source of truth for builds.
|
||||
- Upstream fetch/refresh is opt-in and must be explicitly requested by the operator (for example via
|
||||
- Upstream fetch/immutable archived is opt-in and must be explicitly requested by the operator (for example via
|
||||
an explicit `--upstream` workflow).
|
||||
- After an explicit upstream refresh, local durable overlays (`local/patches`, `local/recipes`) stay
|
||||
- After an explicit upstream immutable archived, local durable release fork (`local/patches`, `local/recipes`) stay
|
||||
authoritative until a conscious reevaluation/promotion decision is made.
|
||||
|
||||
## Profile Intent
|
||||
@@ -94,6 +94,6 @@ For any substantial Red Bear change, record:
|
||||
|
||||
## Upstream Sync Discipline
|
||||
|
||||
- Rebase/sync through `local/scripts/sync-upstream.sh`.
|
||||
- Rebase/sync through `local/scripts/provision-release.sh`.
|
||||
- Keep Red Bear-specific diffs easy to audit.
|
||||
- Update profile docs when config inheritance or package composition changes.
|
||||
|
||||
Reference in New Issue
Block a user