Implement full thermal zone backend in acpid:
- thermal.rs: Discover \_TZ_.TZ* zones, evaluate \_TMP, \_CRT, \_PSV,
\_AC0, \_TC1, \_TC2, \_TSP, \_TZP methods
- scheme.rs: Expose /scheme/acpi/thermal/ with per-zone temperature files
- acpi.rs: Add thermal_state and thermal_zone_names() to AcpiContext
Wired as P44 patch in base recipe.toml.
Add deterministic S5 (soft-off) state derivation and structured error
handling to acpid. Derive S5 parameters once at startup (or retry at
shutdown if AML was not ready) instead of re-parsing the _S5 package
on every shutdown attempt. Replace unit-return set_global_s_state()
with ShutdownResult enum for proper error propagation and fallback
handling.
Changes:
- S5State struct caches SLP_TYPa/b, PM1a/b ports, derivation timestamp
- ShutdownError enum: MissingFadt, Pm1aZero, AmlNotReady, S5NotFound,
S5NotPackage, SlpTypNotInteger, S5WriteFailed
- ShutdownResult enum: Ok, FallbackReset, Err(ShutdownError)
- derive_s5_state() method with early init attempt and lazy fallback
- set_global_s_state() returns ShutdownResult instead of ()
- Early S5 derivation in AcpiContext::init() logs AML readiness status
- main.rs logs shutdown result for debugging
This is W2.1/W2.2 from ACPI-IMPROVEMENT-PLAN.md.
P21: Replace 67 panic-grade calls across 9 boot daemon files with
graceful error handling. Affected: ps2d, inputd, fbcond, fbbootlogd.
P22: Add x2APIC MADT fallback for processors with LocalApic entries
instead of LocalX2Apic entries. QEMU KVM boots now correctly detect
all vCPUs via zero-extended APIC ID fallback.
P23: Change 50_rootfs.service from requires_weak to requires on
40_drivers.target, ensuring redoxfs waits for disk drivers before
attempting filesystem mount. This fixes the boot race where rootfs
mount failed before drivers were ready, causing init to have no
userland services after switchroot.
ramfs@.service required randd as requires_weak, which doesn't enforce
readiness ordering. When ramfs called std::random before randd registered
/scheme/rand, it panicked with 'failed to generate random data'.
Changed requires_weak to requires so init waits for randd to register
its scheme before starting ramfs.
Also patched Rust stdlib sys/random/redox.rs to fall back to xorshift64
seeded from ASLR rather than panicking when /scheme/rand is unavailable.
This is a belt-and-suspenders fix: even with proper ordering, the stdlib
should not panic on missing entropy during early boot.
Red Bear OS is a full fork. All sources must be available from git clone
with zero network access. Removed gitignore rules that excluded fetched
source trees under recipes/*/source/, local/recipes/kde/*/source/,
local/recipes/qt/*/source/, and vendor source trees.
Build artifacts (target/, build/, source.tar, *.o, *.so) remain excluded.
127291 files added — kernel, relibc, base, bootloader, pkgar, all KDE/Qt
frameworks, mesa, wayland, DRM drivers, and every other recipe source.
Consolidate ~30 absorbed base patches into surviving carriers. Add
new init service files, driver sources, and network/storage modules
for the base recipe. Move absorbed patches to local/patches/base/absorbed/.
- procmgr.rs: SIGCHLD EPERM → debug (backed by P0-procmgr-sigchld-debug.patch)
- 40_ps2d.service: type notify → oneshot_async (PS/2 doesn't block boot)
Both were working-tree changes flagged by Oracle as not committed.
Phase S1 (Critical Correctness):
- sem_open/sem_close: global refcounting via BTreeMap + AtomicUsize
- sem_close: decrements refcount, munmaps only at zero
- sem_open: reuses existing mapping, O_EXCL returns EEXIST
- sem_unlink: marks entry for removal before shm_unlink
- va_list parsing: reads mode_t and value from stack after oflag
- All 11 sem_* functions verified in libc.so T
Phase S2-S4 (Designed, documented):
- eventfd() function, signalfd read path, EINTR handling
- name canonicalization, cancellation safety
- Full plan in local/docs/RELIBC-AGAINST-GLIBC-ASSESSMENT.md
Reference: glibc 2.41 cloned to local/reference/glibc/
Boot verified: greeter ready on VT 3 with refcounted semaphores
P6-e1000d-msi-migration.patch conflicts with P6-driver-main-fixes.patch
— both modify e1000d/src/main.rs at overlapping lines. The MSI migration
must be merged into P6-driver-main-fixes during the upcoming P6 rebase.
P6-e1000d-msi-migration.patch preserved in local/patches/base/ for reference.
e1000d was the last NIC driver using legacy IRQ (irq.irq_handle()).
Migrated to pci_allocate_interrupt_vector which tries MSI-X first,
then MSI, then falls back to legacy INTx — matching rtl8168d, rtl8139d,
ihdad, ihdgd, and nvmed.
63-line patch at local/patches/base/P6-e1000d-msi-migration.patch,
symlinked and wired into recipes/core/base/recipe.toml.
Base: fix P6-driver-new-modules.patch (ed format -> unified diff) for new
driver modules (ncq, itr, phy). P6-driver-main-fixes.patch now applies with
offset on current upstream source.
Relibc: remove stale P5-named-semaphores (upstream has stubs), add
P10-stack-size-8mb and P11-getrlimit-getrusage (per-process rlimit table,
sysconf integration, getdtablesize fix, null-pointer safety).
Kernel: consolidate 29 individual patches into single redbear-consolidated.patch.
Userutils: P5-redbear-branding replaces P4-login-rate-limit.
Recipe.toml changes now committed so they survive source resets.
MouseTx::handle() treated 0xFE (PS/2 RESEND) as an unknown response,
causing mouse init to fail on hardware where the mouse requests a
resend during the reset/command exchange. Now resends the current
command byte when the mouse returns 0xFE, matching the PS/2 protocol.
Add redbear-usb-storage-check in-guest binary that validates USB mass
storage read and write I/O: discovers /scheme/disk/ devices, writes a
test pattern to sector 2048, reads it back, verifies match, restores
original content. Updates test-usb-storage-qemu.sh with write-proof
verification step.
Includes all accumulated Red Bear OS work: kernel patches, relibc
patches, driver infrastructure, DRM/GPU, KDE recipes, firmware,
validation tooling, build system hardening, and documentation.
5-phase hardening to prevent silent file-layer collisions (the D-Bus
regression class):
Phase 1: lint-config-paths.sh + make lint-config in depends.mk
Phase 2: CollisionTracker in installer (content-hash comparison)
Phase 3: installs manifests in recipe.toml + validate-file-ownership.sh
Phase 4: validate-init-services.sh + make validate in disk.mk
Phase 5: documentation (AGENTS.md, BUILD-SYSTEM-HARDENING-PLAN.md)
Both redbear-mini and redbear-full build and validate clean.
66 declared install paths in base, zero conflicts.
P1 (ACPI/PCI/xHCI, 11 patches) and P5 (init hardening, 2 patches)
exist in local/patches/base/ but cannot be wired due to conflicts
from redox.patch removal. Documented with # TODO rebase notes
per PATCH-GOVERNANCE.md rules.
Fixed common dependency path (../../common → ../common).
Added workspace member entry for drivers/thermald.
thermald now builds as part of base recipe.
19/19 patches. base + base-initfs build.
P3-3: fbcond scrollback — captures last 1000 lines of text output
in ring buffer, exposes via read_scrollback(). Patch created but
needs line number adjustment for clean application.
P3-5: thermal daemon source created at drivers/thermald/. Reads
ACPI thermal zone temperature, logs warnings >65°C, errors >80°C.
Needs Cargo.toml workspace integration and recipe.toml BINS entry.
Part of COMPREHENSIVE-FIX-PLAN-FINAL P3 implementation.
Boot process now includes:
- 25_serial_getty.service: getty on serial console (visible in QEMU -nographic)
- 29_activate_console.service: inputd -A 2 (activate VT2)
- 30_console.service: getty on VT2 (framebuffer console)
Fixed hunk counts (7→8, 8→9) for correct patch application.
Services use 'oneshot_async' type for fire-and-forget startup.
ZSH is the default shell for all user accounts (base.toml, mini, full, greeter).
P2-2: Login rate limiting (userutils/login.rs):
- Tracks consecutive failures, resets on success
- 3+ failures: exponential delay up to 30 seconds
- Applies to both password and blank-password login paths
P2-3: Network stack in initfs (base-initfs + service files):
- Added e1000d, rtl8168d to base-initfs BINS
- 60_smolnetd.service: network stack in initfs
- 61_dhcpd.service: DHCP client in initfs
- Network available before switch_root
Part of COMPREHENSIVE-FIX-AND-IMPROVEMENT-PLAN Phases P2.
Phase B1+B2 from BOOT-PROCESS-AUDIT:
- 45_usbscsid.service: USB mass storage driver in initfs (requires xhcid)
- 30_redox-drm.service: DRM/KMS display driver in initfs (requires hwd+pcid-spawner)
Both condition-architecture-gated to x86/x86_64.
Phase A1 from BOOT-PROCESS-AUDIT. The ACPI shutdown path now:
- Validates PM1a port is non-zero before writing
- Waits 3 seconds for power-off, then retries with PM1b+SLEEP_EN
- Falls back to keyboard controller reset (0x64=0xFE) on failure
- Handles SLP_TYPb correctly
- Removes fragile Pio::new()+write() without validation
logd now writes all log output to /var/log/system.log (5MB auto-rotation)
in addition to existing scheme listeners. Falls back to /tmp/logd-fallback.log
if /var/log is unavailable. Logs survive reboots for post-mortem analysis.
Part of Phase A2 (Boot Reliability) from BOOT-PROCESS-AUDIT-2026-05-03.
The 556MB monolithic redox.patch was impossible to manage, unreviewable,
blocked GitHub pushes, and could only grow. This commit:
- Moves all 64 absorbed patches from absorbed/ to active use in base/
- Removes the absorbed/ directory (consolidation history is now PATCH-HISTORY.md)
- Removes the redox.patch symlink from recipes/core/base/
- Fixes all recipe symlinks to point to active patches (not absorbed/)
- Patches are now individually wired, reviewable, and independently rebasable
The redox.patch mega-file is no longer needed — individual patches
are applied directly from the recipe.toml patches list.
Build system (src/cook/fetch.rs):
- Atomic patch application: applies patches to staging directory (cp -al),
atomically swaps on success, discards on failure — source tree is never
left in a partially-patched state
- normalize_patch(): strips diff --git/index/new-file-mode headers that the
build system's patch command does not recognize
- cleanup_workspace_pollution(): removes orphaned recipes/Cargo.toml and
recipes/Cargo.lock to prevent workspace conflicts
- Added --allow-protected CLI flag to repo binary
Input stack (local/patches/base/P3-*.patch):
- P3-ps2d-led-feedback: PS/2 LED state handling + InputProducer migration
- P3-inputd-keymap-bridge: InputProducer enum, keymap bridge query
- P3-usbhidd-hardening: HID descriptor validation, static lookup table,
8-button mouse support, transfer retry with exponential backoff
- P3-init-colored-output: ANSI-color coded init daemon output (green OK,
red FAILED, yellow SKIP/WARN)
XKB bridge (local/recipes/system/redbear-keymapd/source/src/xkb.rs):
- Parses X11 xkb/symbols/* format, maps XKB keycodes to PS/2 scancodes,
80+ X11 keysym names to Unicode, 4-level key support
Patch governance (local/patches/base/absorbed/README.md):
- Documents consolidation of P0-P3 patches into redox.patch
Finalize all non-artifact changes accumulated from other sessions:
- config updates, recipe changes, source edits, patches
- pkgar/cache artifacts intentionally excluded (build outputs)
This is the maximum achievable scope for this session.
Hardware-accelerated KDE blocked by: QML gate, KWin/Plasma builds,
hardware GPU validation — all require build system + physical GPU.
- plasma-workspace: stub deps deferrable, not unresolved blockers
- knewstuff/kwallet: deferrable (not blocking plasma builds)
- make all vs make live distinction for rebuild
Verified in QEMU: compositor runs, no exceptions, DRM active.
Greeter reaches 'compositor ready, launching greeter UI'.
All canaries present. Boot completes to login prompt.
The 17,046-line redox.patch monolith is no longer referenced in the base
recipe. All 27 individual P2 patches are now listed explicitly in
recipe.toml with symlinks to local/patches/base/.
Coverage gap closed: ixgbed/src/device.rs was the only file not covered
by any individual patch. Added P2-ixgbed-error-handling.patch for the
10GbE Intel driver error handling (println → log::info/warn/error).
Build verified: CI=1 make r.base completes successfully with the new
patch list. The monolith file is preserved as backup but no longer applied.
- IOAPIC: enable full IOAPIC initialization on AMD/Intel bare metal,
dual GSI 0/2 timer mapping for platform compatibility, NMI handler
uses raw COM1 PIO writes to avoid mutex deadlock
- HPET: counter validation, graceful fallback to PIT when HPET missing
- PS/2: fix 0xFE RESEND handling in all MouseState variants, add
controller flush/self-test retry/aux port test from Linux 7.0
- ACPI: defer AML evaluation to avoid blocking initfs driver spawn
- VT chain: remove duplicate rootfs service files (inputd, vesad,
fbcond, getty) that were already handled by initfs phase 1 and the
legacy 30_console script from minimal.toml
- QEMU verified: boots to login prompt, 20 rootfs units (was 26),
single login prompt (was double), only 1 expected error (wifictl)
215 fixes across 33 Rust source files replacing unwrap/expect/panic
with graceful error handling in init, all boot-critical daemons,
and the six graphics driver packages. Fixes inverted scheduler
conditions_met() logic that prevented rootfs from mounting.
- Use full 40-char commit hash in base recipe.toml so the cookbook's
caching logic correctly recognizes already-fetched sources (short
hashes always missed the cache, causing patches to re-apply on top
of already-patched source).
- Add git clean -fd before git reset --hard in fetch.rs so untracked
files from previous patch applications are removed before re-patching.
- Remove ehcid/ohcid/uhcid from base-initfs BINS list (same fix as
base recipe, these drivers don't exist in the current upstream).
With these fixes, redbear-live-mini builds and boots to login prompt in QEMU.