build system audit: implement Phase 1-3 fixes comprehensively
Phase 1 (Critical): - Fix broken config includes: redbear-minimal -> redbear-mini in wifi/bt experimental configs - Fix 05_boot-essential.target dependency: 00_base -> 04_drivers for correct boot ordering - Fix IOMMU service dependency: 00_base -> 05_boot-essential - Fix firmware-loader dependency: 00_base -> 05_boot-essential - Fix messagebus shell: /usr/bin/zsh -> /usr/bin/false (security) - Add offline gate to fetch-firmware.sh (REPO_OFFLINE=1 blocks network access) - Add --upstream gate to fetch-all-sources.sh (network access requires explicit opt-in) - Gate U-Boot wget calls in mk/qemu.mk with REPO_OFFLINE check - Fix patch-inclusion-gate.sh: rewrite from Python deps to pure shell implementation - Fix build-redbear.sh: remove direct patch application, let repo fetch handle it atomically Phase 2 (High): - Increase redbear-full filesystem_size: 4096 -> 8192 MiB for KDE desktop - Deprecate redbear-greeter-services.toml (orphaned, not included by any config) - Add cascade rebuild target to Makefile (make cascade.<package>) - Gate cargo-update.sh with REDBEAR_ALLOW_UPSTREAM - Add deprecation notice to apply-patches.sh - Make protected recipe list data-driven via config/protected-recipes.toml - Replace 127-entry hardcoded Rust matches! with TOML config file reader Phase 3 (Medium): - Fix 5 phantom doc references in local/AGENTS.md (retired/removed docs) - Fix stale config names: redbear-minimal -> redbear-mini across scripts - Fix duplicate references in docs/README.md - Fix run_full.sh and run_mini.sh: hardcoded paths -> relative paths + error handling
This commit is contained in:
@@ -1,6 +1,10 @@
|
||||
#!/usr/bin/env bash
|
||||
# apply-patches.sh — Apply all Red Bear OS overlays on top of upstream Redox build system.
|
||||
#
|
||||
# DEPRECATION NOTICE: Patches are now applied atomically by 'repo fetch' via recipe.toml.
|
||||
# This script is retained for: (1) build-system git patches, (2) recipe symlinks.
|
||||
# Do NOT use this for recipe source patching — that is handled by the cookbook.
|
||||
#
|
||||
# Usage: ./local/scripts/apply-patches.sh [--force] [--dry-run]
|
||||
#
|
||||
# This script:
|
||||
|
||||
@@ -124,57 +124,8 @@ stash_nested_repo_if_dirty() {
|
||||
stash_nested_repo_if_dirty "$PROJECT_ROOT/recipes/core/relibc/source" "relibc"
|
||||
|
||||
if [ "$APPLY_PATCHES" = "1" ] && [ -z "${REDBEAR_RELEASE:-}" ]; then
|
||||
echo ">>> Applying local patches..."
|
||||
|
||||
apply_patch_dir() {
|
||||
local patch_dir="$1"
|
||||
local target_dir="$2"
|
||||
local label="$3"
|
||||
|
||||
if [ "$label" = "relibc" ] && [ -d "$target_dir/.git" ]; then
|
||||
if ! git -C "$target_dir" diff --quiet || ! git -C "$target_dir" diff --cached --quiet || [ -n "$(git -C "$target_dir" ls-files --others --exclude-standard)" ]; then
|
||||
echo " STASH relibc source (dirty nested checkout)"
|
||||
rm -f "$target_dir/.git/index.lock"
|
||||
git -C "$target_dir" stash push --all -m "build-redbear-auto-stash" > /dev/null 2>&1 || true
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ ! -d "$patch_dir" ]; then
|
||||
return 0
|
||||
fi
|
||||
|
||||
for patch_file in "$patch_dir"/*.patch; do
|
||||
[ -f "$patch_file" ] || continue
|
||||
patch_name=$(basename "$patch_file")
|
||||
|
||||
if [ "$label" = "base" ] && [ "$patch_name" = "P0-acpid-power-methods.patch" ]; then
|
||||
acpid_file="$target_dir/drivers/acpid/src/acpi.rs"
|
||||
if [ -f "$acpid_file" ] && grep -q "pub fn evaluate_acpi_method(" "$acpid_file"; then
|
||||
echo " SKIP $patch_name (ACPI power helper methods already present)"
|
||||
continue
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ ! -d "$target_dir" ]; then
|
||||
echo " SKIP $patch_name ($label source not fetched yet)"
|
||||
continue
|
||||
fi
|
||||
if patch --dry-run -p1 -d "$target_dir" < "$patch_file" > /dev/null 2>&1; then
|
||||
patch -p1 -d "$target_dir" < "$patch_file" > /dev/null 2>&1
|
||||
echo " OK $patch_name"
|
||||
else
|
||||
echo " SKIP $patch_name (already applied or won't apply)"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
apply_patch_dir "$PROJECT_ROOT/local/patches/kernel" "$PROJECT_ROOT/recipes/core/kernel/source" "kernel"
|
||||
apply_patch_dir "$PROJECT_ROOT/local/patches/base" "$PROJECT_ROOT/recipes/core/base/source" "base"
|
||||
apply_patch_dir "$PROJECT_ROOT/local/patches/relibc" "$PROJECT_ROOT/recipes/core/relibc/source" "relibc"
|
||||
apply_patch_dir "$PROJECT_ROOT/local/patches/bootloader" "$PROJECT_ROOT/recipes/core/bootloader/source" "bootloader"
|
||||
apply_patch_dir "$PROJECT_ROOT/local/patches/installer" "$PROJECT_ROOT/recipes/core/installer/source" "installer"
|
||||
|
||||
stash_nested_repo_if_dirty "$PROJECT_ROOT/recipes/core/relibc/source" "relibc"
|
||||
echo ">>> Patches are applied by 'repo fetch' via recipe.toml (atomic mechanism)"
|
||||
echo ">>> Skipping direct patch application (was bypassing cookbook atomicity)"
|
||||
echo ""
|
||||
elif [ -n "${REDBEAR_RELEASE:-}" ]; then
|
||||
echo ">>> Release mode: skipping patch application (patches pre-applied in archived sources)"
|
||||
|
||||
@@ -12,6 +12,15 @@ VENDOR="amd"
|
||||
SUBSET="all"
|
||||
COPIED_COUNT=0
|
||||
|
||||
# Offline gate: this script downloads from the network.
|
||||
# Block if REPO_OFFLINE=1 (the default during builds).
|
||||
if [ "${REPO_OFFLINE:-1}" = "1" ] && [ -z "${REDBEAR_ALLOW_UPSTREAM:-}" ]; then
|
||||
echo "ERROR: fetch-firmware.sh requires network access but REPO_OFFLINE=1." >&2
|
||||
echo " Set REPO_OFFLINE=0 or pass REDBEAR_ALLOW_UPSTREAM=1 to override." >&2
|
||||
echo " This script is manual-only — it is never called by 'make all' or 'make live'." >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
usage() {
|
||||
cat <<EOF
|
||||
Usage: $(basename "$0") [--vendor amd|intel] [--subset all|rdna|dmc|wifi|bluetooth]
|
||||
|
||||
Reference in New Issue
Block a user