- udev-shim: replace .expect() with graceful errors (no more panic on Broken pipe)
- P4-initfs: remove duplicate sessiond (conflicted with config)
- accessibility/ime/keymapd: break instead of exit(1) on EBADF
- P6 driver patches rebased
- Docs: archive old reports, add implementation master plan
Base: fix P6-driver-new-modules.patch (ed format -> unified diff) for new
driver modules (ncq, itr, phy). P6-driver-main-fixes.patch now applies with
offset on current upstream source.
Relibc: remove stale P5-named-semaphores (upstream has stubs), add
P10-stack-size-8mb and P11-getrlimit-getrusage (per-process rlimit table,
sysconf integration, getdtablesize fix, null-pointer safety).
Kernel: consolidate 29 individual patches into single redbear-consolidated.patch.
Userutils: P5-redbear-branding replaces P4-login-rate-limit.
Recipe.toml changes now committed so they survive source resets.
MouseTx::handle() treated 0xFE (PS/2 RESEND) as an unknown response,
causing mouse init to fail on hardware where the mouse requests a
resend during the reset/command exchange. Now resends the current
command byte when the mouse returns 0xFE, matching the PS/2 protocol.
Bootloader hardcoded RedoxFS partition offset at 2 MiB, which fails when
efi_partition_size > 1 (redbear-full, redbear-grub use 16 MiB, placing
RedoxFS at LBA 34816 = 17 MiB). Added GPT partition table parser that
scans for Linux filesystem GUID (0FC63DAF) to find the actual offset.
Also removed invalid 'respawn = true' from 31_debug_console.service in
redbear-full.toml — init's service format does not support this field.
Verified: all three ISOs boot in QEMU UEFI and reach login prompt.
Add redbear-usb-storage-check in-guest binary that validates USB mass
storage read and write I/O: discovers /scheme/disk/ devices, writes a
test pattern to sector 2048, reads it back, verifies match, restores
original content. Updates test-usb-storage-qemu.sh with write-proof
verification step.
Includes all accumulated Red Bear OS work: kernel patches, relibc
patches, driver infrastructure, DRM/GPU, KDE recipes, firmware,
validation tooling, build system hardening, and documentation.
5-phase hardening to prevent silent file-layer collisions (the D-Bus
regression class):
Phase 1: lint-config-paths.sh + make lint-config in depends.mk
Phase 2: CollisionTracker in installer (content-hash comparison)
Phase 3: installs manifests in recipe.toml + validate-file-ownership.sh
Phase 4: validate-init-services.sh + make validate in disk.mk
Phase 5: documentation (AGENTS.md, BUILD-SYSTEM-HARDENING-PLAN.md)
Both redbear-mini and redbear-full build and validate clean.
66 declared install paths in base, zero conflicts.
The init system parser (serde deny_unknown_fields) rejects [service]
sections in .target files. The P4-initfs-dbus-services patch was
creating 05_boot_essential.target and 12_boot_late.target with a
no-op [service] section (cmd=/usr/bin/true). Removed those sections
so targets only contain [unit].
This eliminates "unknown field service, expected unit" init warnings
that could prevent proper service dependency resolution.
P3-3: fbcond scrollback is now fully functional:
- text.rs: 1000-line ring buffer captures all console output
- scheme.rs: new Scrollback handle type, path/N/scrollback open
- main.rs: Scrollback match arm in event loop
- Users can read scrollback via:
cat /scheme/fbcon/2/scrollback
19/19 patches. base + base-initfs build.
Fixed common dependency path (../../common → ../common).
Added workspace member entry for drivers/thermald.
thermald now builds as part of base recipe.
19/19 patches. base + base-initfs build.
P3-3: fbcond scrollback — captures last 1000 lines of text output
in ring buffer, exposes via read_scrollback(). Patch created but
needs line number adjustment for clean application.
P3-5: thermal daemon source created at drivers/thermald/. Reads
ACPI thermal zone temperature, logs warnings >65°C, errors >80°C.
Needs Cargo.toml workspace integration and recipe.toml BINS entry.
Part of COMPREHENSIVE-FIX-PLAN-FINAL P3 implementation.
Changed <policy user="root"> to <policy user="0"> in D-Bus
system.conf.in to avoid getpwnam lookup failures on Redox.
Patch written but does not apply yet — tar source extraction
puts files under dbus-1.16.2/ which requires strip=2 or different
path prefix. Left as documented work-in-progress.
D-Bus daemon runs despite cosmetic user lookup warnings.
D-Bus daemon, sessiond, and seatd all running on redbear-full.
User lookup warnings are pre-existing Redox D-Bus config issue
(does not affect functionality).
Bootloader: alloc_zeroed_page_aligned no longer panics on OVMF
AllocatePages failure. Returns null on error.
Cookbook: pkgar falls back to repo/ dir when target pkgar missing.
Resolves KDE build chain failure.
redbear-full: builds 4.0GB image+ISO, boots without crash.
getty converts numeric args to /scheme/fbcon/{N} paths.
Non-numeric args (like ttyS0) are treated as literal paths
which don't exist in Redox. Changed to:
- 29_activate_console: inputd -A 2
- 30_console: getty 2 → /scheme/fbcon/2 (VT2 login)
- 31_debug_console: getty 3 → /scheme/fbcon/3 (VT3 debug)
Serial console (ttyS0) has no standard scheme path in Redox.
Login prompt is on the framebuffer console (requires graphical QEMU
or VNC to view).
Boot process now includes:
- 25_serial_getty.service: getty on serial console (visible in QEMU -nographic)
- 29_activate_console.service: inputd -A 2 (activate VT2)
- 30_console.service: getty on VT2 (framebuffer console)
Fixed hunk counts (7→8, 8→9) for correct patch application.
Services use 'oneshot_async' type for fire-and-forget startup.
ZSH is the default shell for all user accounts (base.toml, mini, full, greeter).
At initfs time, /var/log/ doesn't exist (rootfs not yet mounted).
Changed persistent_log from File to Option<File> with .ok() instead
of .unwrap_or_else(|| panic!()). If the file can't be opened, logging
continues without persistence — no crash.
QEMU verification: system boots through initfs→rootfs→switch_root→userland.
Colored init output visible. 25+ services start successfully.
P2-2: Login rate limiting (userutils/login.rs):
- Tracks consecutive failures, resets on success
- 3+ failures: exponential delay up to 30 seconds
- Applies to both password and blank-password login paths
P2-3: Network stack in initfs (base-initfs + service files):
- Added e1000d, rtl8168d to base-initfs BINS
- 60_smolnetd.service: network stack in initfs
- 61_dhcpd.service: DHCP client in initfs
- Network available before switch_root
Part of COMPREHENSIVE-FIX-AND-IMPROVEMENT-PLAN Phases P2.
Phase B1+B2 from BOOT-PROCESS-AUDIT:
- 45_usbscsid.service: USB mass storage driver in initfs (requires xhcid)
- 30_redox-drm.service: DRM/KMS display driver in initfs (requires hwd+pcid-spawner)
Both condition-architecture-gated to x86/x86_64.
Phase A1 from BOOT-PROCESS-AUDIT. The ACPI shutdown path now:
- Validates PM1a port is non-zero before writing
- Waits 3 seconds for power-off, then retries with PM1b+SLEEP_EN
- Falls back to keyboard controller reset (0x64=0xFE) on failure
- Handles SLP_TYPb correctly
- Removes fragile Pio::new()+write() without validation
logd now writes all log output to /var/log/system.log (5MB auto-rotation)
in addition to existing scheme listeners. Falls back to /tmp/logd-fallback.log
if /var/log is unavailable. Logs survive reboots for post-mortem analysis.
Part of Phase A2 (Boot Reliability) from BOOT-PROCESS-AUDIT-2026-05-03.
The 556MB monolithic redox.patch was impossible to manage, unreviewable,
blocked GitHub pushes, and could only grow. This commit:
- Moves all 64 absorbed patches from absorbed/ to active use in base/
- Removes the absorbed/ directory (consolidation history is now PATCH-HISTORY.md)
- Removes the redox.patch symlink from recipes/core/base/
- Fixes all recipe symlinks to point to active patches (not absorbed/)
- Patches are now individually wired, reviewable, and independently rebasable
The redox.patch mega-file is no longer needed — individual patches
are applied directly from the recipe.toml patches list.
redox.patch is 556MB, exceeding GitHub's 100MB file size limit.
Split into 7 chunks of ~90MB each under local/patches/base/redox-patch-chunks/.
Reassembly script: local/patches/base/reassemble-redox-patch.sh.
Added redox.patch to .gitignore to prevent future push failures.
Build system (src/cook/fetch.rs):
- Atomic patch application: applies patches to staging directory (cp -al),
atomically swaps on success, discards on failure — source tree is never
left in a partially-patched state
- normalize_patch(): strips diff --git/index/new-file-mode headers that the
build system's patch command does not recognize
- cleanup_workspace_pollution(): removes orphaned recipes/Cargo.toml and
recipes/Cargo.lock to prevent workspace conflicts
- Added --allow-protected CLI flag to repo binary
Input stack (local/patches/base/P3-*.patch):
- P3-ps2d-led-feedback: PS/2 LED state handling + InputProducer migration
- P3-inputd-keymap-bridge: InputProducer enum, keymap bridge query
- P3-usbhidd-hardening: HID descriptor validation, static lookup table,
8-button mouse support, transfer retry with exponential backoff
- P3-init-colored-output: ANSI-color coded init daemon output (green OK,
red FAILED, yellow SKIP/WARN)
XKB bridge (local/recipes/system/redbear-keymapd/source/src/xkb.rs):
- Parses X11 xkb/symbols/* format, maps XKB keycodes to PS/2 scancodes,
80+ X11 keysym names to Unicode, 4-level key support
Patch governance (local/patches/base/absorbed/README.md):
- Documents consolidation of P0-P3 patches into redox.patch
Finalize all non-artifact changes accumulated from other sessions:
- config updates, recipe changes, source edits, patches
- pkgar/cache artifacts intentionally excluded (build outputs)
This is the maximum achievable scope for this session.
Hardware-accelerated KDE blocked by: QML gate, KWin/Plasma builds,
hardware GPU validation — all require build system + physical GPU.
Mesa now builds with -Dgallium-drivers=swrast,virgl for Redox target.
Fixes:
- virgl_screen.c: wrapped disk cache creation in #ifndef __redox__
(build_id_find_nhdr_for_addr uses dl_iterate_phdr — unavailable on Redox)
- bits/safamily-t.h: provided to cross-compiler toolchain sysroot
Durable patch:
- local/patches/mesa/P4-virgl-redox-disk-cache.patch (25 lines)
This enables hardware-accelerated 3D rendering in QEMU via
virtio-gpu + virgl. Mesa EGL/GLES2/GBM now support the virgl
gallium driver alongside llvmpipe software renderer.
63MB pkgar artifact with virgl support.
Kernel hardening (proc.rs +23 lines):
- NGROUPS_MAX=65536 enforcement in Groups write handler
- Reject non-u32-aligned writes with EINVAL
- Process-scope propagation: setgroups() now fans out to
ALL threads sharing the same owner_proc_id
Relibc robustness:
- setrlimit: EINVAL for unknown resources (was silent Ok)
- posix_getgroups: kernel readback when cache is empty,
fixes exec() cache-staleness gap
Oracle audit fixes: H (kernel cap), E (alignment reject),
G (process-scope), C (cache readback), B (rlimit errors)
vasilito