feat: build system transition to release fork + archive hardening

Release fork infrastructure: - REDBEAR_RELEASE=0.1.1 with offline enforcement (fetch/distclean/unfetch blocked) - 195 BLAKE3-verified source archives in standard format - Atomic provisioning via provision-release.sh (staging + .complete sentry) - 5-phase improvement plan: restore format auto-detection, source tree validation (validate-source-trees.py), archive-map.json, REPO_BINARY fallback Archive normalization: - Removed 87 duplicate/unversioned archives from shared pool - Regenerated all archives in consistent format with source/ + recipe.toml - BLAKE3SUMS and manifest.json generated from stable tarball set Patch management: - verify-patches.sh: pre-sync dry-run report (OK/REVERSED/CONFLICT) - 121 upstream-absorbed patches moved to absorbed/ directories - 43 active patches verified clean against rebased sources - Stress test: base updated to upstream HEAD, relibc reset and patched Compilation fixes: - relibc: Vec imports in redox-rt (proc.rs, lib.rs, sys.rs) - relibc: unsafe from_raw_parts in mod.rs (2024 edition) - fetch.rs: rev comparison handles short/full hash prefixes - kibi recipe: corrected rev mismatch New scripts: restore-sources.sh, provision-release.sh, verify-sources-archived.sh, check-upstream-releases.sh, validate-source-trees.py, verify-patches.sh, repair-archive-format.sh, generate-manifest.py Documentation: AGENTS.md, README.md, local/AGENTS.md updated for release fork model
2026-05-02 01:41:17 +01:00
parent f55acba68c
commit 5851974b20
242 changed files with 29015 additions and 1818 deletions
@@ -715,6 +715,20 @@ fn handle_fetch(
    allow_offline: bool,
    logger: &PtyOut,
 ) -> anyhow::Result<FetchResult> {
+    // In release mode, explicit fetch is forbidden. Cook's internal fetch
+    // (allow_offline=true) is still allowed since it respects COOKBOOK_OFFLINE.
+    if !allow_offline {
+        if let Ok(release) = env::var("REDBEAR_RELEASE") {
+            if !release.is_empty() {
+                bail!("{}", Error::Other(format!(
+                    "Fetch is disabled in release mode (REDBEAR_RELEASE={}). \
+                     Sources are immutable. To refresh, run: provision-release.sh",
+                    release
+                )));
+            }
+        }
+    }
+
    let source_dir = match config.cook.offline && allow_offline {
        true => fetch_offline(&recipe, logger),
        false => fetch(&recipe, !recipe.is_deps, logger),
@@ -789,6 +803,17 @@ fn handle_clean(
        cached = false;
    }
    let dir = recipe.dir.join("source");
+    if matches!(*command, CliCommand::Unfetch) {
+        // In release mode, unfetch is forbidden — sources are immutable
+        if let Ok(release) = std::env::var("REDBEAR_RELEASE") {
+            if !release.is_empty() {
+                anyhow::bail!(
+                    "Unfetch is disabled in release mode (REDBEAR_RELEASE={}). Sources are immutable.",
+                    release
+                );
+            }
+        }
+    }
    if dir.exists() && matches!(*command, CliCommand::Unfetch) {
        if is_local_overlay(&recipe.dir) && !redbear_allow_local_unfetch() {
            eprintln!(