Phase B1+B2 from BOOT-PROCESS-AUDIT:
- 45_usbscsid.service: USB mass storage driver in initfs (requires xhcid)
- 30_redox-drm.service: DRM/KMS display driver in initfs (requires hwd+pcid-spawner)
Both condition-architecture-gated to x86/x86_64.
Phase A1 from BOOT-PROCESS-AUDIT. The ACPI shutdown path now:
- Validates PM1a port is non-zero before writing
- Waits 3 seconds for power-off, then retries with PM1b+SLEEP_EN
- Falls back to keyboard controller reset (0x64=0xFE) on failure
- Handles SLP_TYPb correctly
- Removes fragile Pio::new()+write() without validation
logd now writes all log output to /var/log/system.log (5MB auto-rotation)
in addition to existing scheme listeners. Falls back to /tmp/logd-fallback.log
if /var/log is unavailable. Logs survive reboots for post-mortem analysis.
Part of Phase A2 (Boot Reliability) from BOOT-PROCESS-AUDIT-2026-05-03.
The 556MB monolithic redox.patch was impossible to manage, unreviewable,
blocked GitHub pushes, and could only grow. This commit:
- Moves all 64 absorbed patches from absorbed/ to active use in base/
- Removes the absorbed/ directory (consolidation history is now PATCH-HISTORY.md)
- Removes the redox.patch symlink from recipes/core/base/
- Fixes all recipe symlinks to point to active patches (not absorbed/)
- Patches are now individually wired, reviewable, and independently rebasable
The redox.patch mega-file is no longer needed — individual patches
are applied directly from the recipe.toml patches list.
redox.patch is 556MB, exceeding GitHub's 100MB file size limit.
Split into 7 chunks of ~90MB each under local/patches/base/redox-patch-chunks/.
Reassembly script: local/patches/base/reassemble-redox-patch.sh.
Added redox.patch to .gitignore to prevent future push failures.
Build system (src/cook/fetch.rs):
- Atomic patch application: applies patches to staging directory (cp -al),
atomically swaps on success, discards on failure — source tree is never
left in a partially-patched state
- normalize_patch(): strips diff --git/index/new-file-mode headers that the
build system's patch command does not recognize
- cleanup_workspace_pollution(): removes orphaned recipes/Cargo.toml and
recipes/Cargo.lock to prevent workspace conflicts
- Added --allow-protected CLI flag to repo binary
Input stack (local/patches/base/P3-*.patch):
- P3-ps2d-led-feedback: PS/2 LED state handling + InputProducer migration
- P3-inputd-keymap-bridge: InputProducer enum, keymap bridge query
- P3-usbhidd-hardening: HID descriptor validation, static lookup table,
8-button mouse support, transfer retry with exponential backoff
- P3-init-colored-output: ANSI-color coded init daemon output (green OK,
red FAILED, yellow SKIP/WARN)
XKB bridge (local/recipes/system/redbear-keymapd/source/src/xkb.rs):
- Parses X11 xkb/symbols/* format, maps XKB keycodes to PS/2 scancodes,
80+ X11 keysym names to Unicode, 4-level key support
Patch governance (local/patches/base/absorbed/README.md):
- Documents consolidation of P0-P3 patches into redox.patch
Finalize all non-artifact changes accumulated from other sessions:
- config updates, recipe changes, source edits, patches
- pkgar/cache artifacts intentionally excluded (build outputs)
This is the maximum achievable scope for this session.
Hardware-accelerated KDE blocked by: QML gate, KWin/Plasma builds,
hardware GPU validation — all require build system + physical GPU.
Mesa now builds with -Dgallium-drivers=swrast,virgl for Redox target.
Fixes:
- virgl_screen.c: wrapped disk cache creation in #ifndef __redox__
(build_id_find_nhdr_for_addr uses dl_iterate_phdr — unavailable on Redox)
- bits/safamily-t.h: provided to cross-compiler toolchain sysroot
Durable patch:
- local/patches/mesa/P4-virgl-redox-disk-cache.patch (25 lines)
This enables hardware-accelerated 3D rendering in QEMU via
virtio-gpu + virgl. Mesa EGL/GLES2/GBM now support the virgl
gallium driver alongside llvmpipe software renderer.
63MB pkgar artifact with virgl support.
Kernel hardening (proc.rs +23 lines):
- NGROUPS_MAX=65536 enforcement in Groups write handler
- Reject non-u32-aligned writes with EINVAL
- Process-scope propagation: setgroups() now fans out to
ALL threads sharing the same owner_proc_id
Relibc robustness:
- setrlimit: EINVAL for unknown resources (was silent Ok)
- posix_getgroups: kernel readback when cache is empty,
fixes exec() cache-staleness gap
Oracle audit fixes: H (kernel cap), E (alignment reject),
G (process-scope), C (cache readback), B (rlimit errors)
30-line patch: QPlatformOpenGLContext guards in header.
Recipe: added P1 to patches list (was lost in git checkout).
Recipe: removed broken inline Python attempts.
14-line durability patch adds #if QT_CONFIG(opengl) guards
around createEglWindow, createPlatformOpenGLContext, and
nativeResourceForContext functions that use OpenGL types.
Patch applied during source extraction (not inline Python).
Verified in QEMU: compositor runs, no exceptions, DRM active.
Greeter reaches 'compositor ready, launching greeter UI'.
All canaries present. Boot completes to login prompt.
Add three relibc patches (42 total) to close QtNetwork-critical socket gaps:
- P3-inet6-pton-ntop: AF_INET6 address parsing/formatting with RFC 5952
shorthand, IPv4-mapped suffix support
- P3-tcp-sockopt-forward: forward IPPROTO_TCP getsockopt/setsockopt to
scheme daemon instead of hitting todo_skip
- P3-dns-aaaa-getaddrinfo-ipv6: AAAA DNS record queries, lookup_host_v6,
dual-stack getaddrinfo with sockaddr_in6 entries
Also fix P3-tcp-nodelay to use sys_call_wo + from_raw_parts (const) in the
SOL_SOCKET setsockopt fallback — setsockopt sends data to the kernel, not
reads from it.
The 17,046-line redox.patch monolith is no longer referenced in the base
recipe. All 27 individual P2 patches are now listed explicitly in
recipe.toml with symlinks to local/patches/base/.
Coverage gap closed: ixgbed/src/device.rs was the only file not covered
by any individual patch. Added P2-ixgbed-error-handling.patch for the
10GbE Intel driver error handling (println → log::info/warn/error).
Build verified: CI=1 make r.base completes successfully with the new
patch list. The monolith file is preserved as backup but no longer applied.
Analysis shows existing P0/P1 patches cover ~85% of kernel/redox.patch
(2,335 lines). Extract the two uncovered sections as new patches:
P2-redbear-os-branding.patch (65 lines): Redox->RedBear OS branding in
aarch64, riscv64, x86_shared start files + device init logging milestones.
P3-eventfd-kernel.patch (368 lines): Full EventCounter implementation
in event.rs with blocking read/write, semaphore mode, wait conditions,
and EventScheme eventfd path dispatch in scheme/event.rs.
Update desktop status doc with Wave 2 changes.
Enforce that every source-tree edit must be mirrored to local/patches/
and wired into recipe.toml in the same session. Apply the policy
retroactively to userutils res/issue and res/motd (Redox → Red Bear).
relibc select_epoll() forced timeout=0 when any FD doesn't support epoll
(e.g. TTY on Redox), causing busy-loop. Poll with 100ms interval instead.
Also add stdint.h to signal/cbindgen.toml sys_includes so signalfd_siginfo
struct types (uint32_t, int32_t) resolve without build errors.
Upstream relibc netdb DNS lookup has two bugs exposed by Rust 2024 edition
strict unsafe handling:
1. packet_data is moved into Box::via into_boxed_slice() but the retry
loop tries to call packet_data.as_ptr() on the moved value. Use the
already-created raw pointer packet_data_ptr instead.
2. close() is a safe function in relibc, so wrapping it in unsafe{}
triggers unused-unsafe (promoted to error by -D unused-unsafe). Remove
the unnecessary unsafe blocks around close() calls.
Patch carries in local/patches/relibc/P3-netdb-lookup-retry-fix.patch and
is applied via the relibc recipe patches list.
vasilito