build system audit: implement Phase 1-3 fixes comprehensively

Phase 1 (Critical):
- Fix broken config includes: redbear-minimal -> redbear-mini in wifi/bt experimental configs
- Fix 05_boot-essential.target dependency: 00_base -> 04_drivers for correct boot ordering
- Fix IOMMU service dependency: 00_base -> 05_boot-essential
- Fix firmware-loader dependency: 00_base -> 05_boot-essential
- Fix messagebus shell: /usr/bin/zsh -> /usr/bin/false (security)
- Add offline gate to fetch-firmware.sh (REPO_OFFLINE=1 blocks network access)
- Add --upstream gate to fetch-all-sources.sh (network access requires explicit opt-in)
- Gate U-Boot wget calls in mk/qemu.mk with REPO_OFFLINE check
- Fix patch-inclusion-gate.sh: rewrite from Python deps to pure shell implementation
- Fix build-redbear.sh: remove direct patch application, let repo fetch handle it atomically

Phase 2 (High):
- Increase redbear-full filesystem_size: 4096 -> 8192 MiB for KDE desktop
- Deprecate redbear-greeter-services.toml (orphaned, not included by any config)
- Add cascade rebuild target to Makefile (make cascade.<package>)
- Gate cargo-update.sh with REDBEAR_ALLOW_UPSTREAM
- Add deprecation notice to apply-patches.sh
- Make protected recipe list data-driven via config/protected-recipes.toml
- Replace 127-entry hardcoded Rust matches! with TOML config file reader

Phase 3 (Medium):
- Fix 5 phantom doc references in local/AGENTS.md (retired/removed docs)
- Fix stale config names: redbear-minimal -> redbear-mini across scripts
- Fix duplicate references in docs/README.md
- Fix run_full.sh and run_mini.sh: hardcoded paths -> relative paths + error handling
This commit is contained in:
2026-05-28 17:24:50 +03:00
parent 2b11b20a2f
commit a0244075e7
22 changed files with 280 additions and 234 deletions
+24 -128
View File
@@ -58,134 +58,30 @@ pub(crate) fn cleanup_workspace_pollution(recipe_dir: &Path, logger: &PtyOut) {
}
fn redbear_protected_recipe(name: &str) -> bool {
matches!(
name,
// Core patched recipes (upstream + Red Bear patches)
"relibc"
| "bootloader"
| "kernel"
| "base"
| "base-initfs"
| "installer"
| "redoxfs"
| "grub"
// Red Bear custom core recipes
| "ext4d"
| "fatd"
// Red Bear driver infrastructure
| "redox-driver-sys"
| "linux-kpi"
| "firmware-loader"
| "redbear-btusb"
| "redbear-iwlwifi"
// Red Bear GPU stack
| "redox-drm"
| "amdgpu"
// Red Bear system tools
| "cub"
| "evdevd"
| "udev-shim"
| "iommu"
| "redbear-firmware"
| "redbear-hwutils"
| "redbear-info"
| "rbos-info"
| "redbear-meta"
| "redbear-netctl"
| "redbear-netctl-console"
| "redbear-netstat"
| "redbear-btctl"
| "redbear-wifictl"
| "redbear-traceroute"
| "redbear-mtr"
| "redbear-nmap"
| "redbear-sessiond"
| "redbear-authd"
| "redbear-session-launch"
| "redbear-greeter"
| "redbear-dbus-services"
| "redbear-notifications"
| "redbear-upower"
| "redbear-udisks"
| "redbear-polkit"
| "redbear-quirks"
// Red Bear branding
| "redbear-release"
// Qt stack with Red Bear patches (must not be re-fetched online)
| "qtbase"
| "qtwayland"
| "qtdeclarative"
| "qtbase-compat"
// Graphics / display stack with Red Bear patches
| "libdrm"
| "mesa"
// Wayland / input stack with Red Bear patches
| "libwayland"
| "libevdev"
| "libinput"
// IPC / system libraries with Red Bear patches
| "dbus"
| "glib"
// Red Bear library stubs and custom libs
| "libepoxy-stub"
| "libdisplay-info-stub"
| "lcms2-stub"
| "libxcvt-stub"
| "libudev-stub"
| "zbus"
| "libqrencode"
// Red Bear Wayland
| "qt6-wayland-smoke"
| "smallvil"
| "seatd-redox"
// Red Bear KDE (47 recipes)
| "kf6-extra-cmake-modules"
| "kf6-kcoreaddons"
| "kf6-kwidgetsaddons"
| "kf6-kconfig"
| "kf6-ki18n"
| "kf6-kcodecs"
| "kf6-kguiaddons"
| "kf6-kcolorscheme"
| "kf6-kauth"
| "kf6-kitemmodels"
| "kf6-kitemviews"
| "kf6-karchive"
| "kf6-kwindowsystem"
| "kf6-knotifications"
| "kf6-kjobwidgets"
| "kf6-kconfigwidgets"
| "kf6-kcrash"
| "kf6-kdbusaddons"
| "kf6-kglobalaccel"
| "kf6-kservice"
| "kf6-kpackage"
| "kf6-kiconthemes"
| "kf6-kxmlgui"
| "kf6-ktextwidgets"
| "kf6-solid"
| "kf6-sonnet"
| "kf6-kio"
| "kf6-kbookmarks"
| "kf6-kcompletion"
| "kf6-kdeclarative"
| "kf6-kcmutils"
| "kf6-kidletime"
| "kf6-kwayland"
| "kf6-knewstuff"
| "kf6-kwallet"
| "kf6-prison"
| "kf6-kirigami"
| "kdecoration"
| "kwin"
| "plasma-desktop"
| "plasma-workspace"
| "plasma-framework"
| "plasma-wayland-protocols"
| "kirigami"
// Orbutils (has local patch)
| "orbutils"
)
static PROTECTED: std::sync::OnceLock<std::collections::HashSet<String>> = std::sync::OnceLock::new();
let set = PROTECTED.get_or_init(|| {
let mut set = std::collections::HashSet::new();
let config_path = std::path::Path::new("config/protected-recipes.toml");
if let Ok(contents) = std::fs::read_to_string(config_path) {
if let Ok(value) = contents.parse::<toml::Value>() {
if let Some(table) = value.as_table() {
for section in table.values() {
if let Some(arr) = section.get("recipes").and_then(|v| v.as_array()) {
for item in arr {
if let Some(s) = item.as_str() {
set.insert(s.to_string());
}
}
}
}
}
}
} else {
eprintln!("WARNING: config/protected-recipes.toml not found, falling back to empty protected list");
}
set
});
set.contains(name)
}
fn redbear_allow_protected_fetch() -> bool {