feat: atomic patch application, colored init output, XKB bridge, USB HID hardening

Build system (src/cook/fetch.rs): - Atomic patch application: applies patches to staging directory (cp -al), atomically swaps on success, discards on failure — source tree is never left in a partially-patched state - normalize_patch(): strips diff --git/index/new-file-mode headers that the build system's patch command does not recognize - cleanup_workspace_pollution(): removes orphaned recipes/Cargo.toml and recipes/Cargo.lock to prevent workspace conflicts - Added --allow-protected CLI flag to repo binary Input stack (local/patches/base/P3-*.patch): - P3-ps2d-led-feedback: PS/2 LED state handling + InputProducer migration - P3-inputd-keymap-bridge: InputProducer enum, keymap bridge query - P3-usbhidd-hardening: HID descriptor validation, static lookup table, 8-button mouse support, transfer retry with exponential backoff - P3-init-colored-output: ANSI-color coded init daemon output (green OK, red FAILED, yellow SKIP/WARN) XKB bridge (local/recipes/system/redbear-keymapd/source/src/xkb.rs): - Parses X11 xkb/symbols/* format, maps XKB keycodes to PS/2 scancodes, 80+ X11 keysym names to Unicode, 4-level key support Patch governance (local/patches/base/absorbed/README.md): - Documents consolidation of P0-P3 patches into redox.patch
2026-05-03 08:21:54 +01:00
parent 7b48083a14
commit aca2f2913d
13 changed files with 2920 additions and 40 deletions
@@ -80,6 +80,8 @@ const REPO_HELP_STR: &str = r#"
        --category=<category>      apply to all recipes in <cookbook_dir>/<category>
        --filesystem=<filesystem>  override recipes config using installer file
        --repo-binary              override recipes config to use repo_binary
+        --allow-protected         allow re-fetching of protected recipes
+                                   (equivalent to REDBEAR_ALLOW_PROTECTED_FETCH=1)

    cook env and their defaults:
        CI=                          set to any value to disable TUI
@@ -465,6 +467,10 @@ fn parse_args(args: Vec<String>) -> anyhow::Result<(CliConfig, CliCommand, Vec<C
                    "--repo-binary" => override_filesystem_repo_binary = true,
                    "--with-package-deps" => config.with_package_deps = true,
                    "--all" => config.all = true,
+                    "--allow-protected" => {
+                        // SAFETY: set once at startup, before any threading
+                        unsafe { env::set_var("REDBEAR_ALLOW_PROTECTED_FETCH", "1"); }
+                    }
                    _ => {
                        eprintln!("Error: Unknown flag: {}", arg);
                        process::exit(1);