Commit Graph

13 Commits

Author SHA1 Message Date
vasilito adae16ace3 Makefile: add verify-patches, verify-file-patches, verify-all targets
Improvement C: explicit verification targets for the
build system. The user requested 'build system must
report complete when upstream have our patches applied'.

* make verify-patches
  Runs check-cargo-patches.sh — verifies all [patch.crates-io]
  and [patch.'<URL>'] sections in local sources'
  Cargo.toml files resolve to the expected local fork
  paths. Returns non-zero on any unresolved patch.

* make verify-file-patches
  Runs check-unwired-patches.sh --strict — verifies
  all file-level .patch files in local/patches/ are
  referenced by at least one recipe.toml patches = [...]
  entry. Returns non-zero on any unwired patch.

* make verify-all
  Runs both. This is the comprehensive Phase J end-to-end
  verification.

The cookbook itself already logs [SUMMARY] All N patches
validated successfully for file-level patches. These
new Makefile targets make the verification part of the
standard build workflow.
2026-07-01 15:02:40 +03:00
vasilito cb8b093564 fix(build): make local/recipes/* sources unconditionally immutable
Internal Red Bear subprojects (tlc, redbear-*, redbear-greeter, etc.) live
under local/recipes/* and have no upstream source — they are committed to
our own gitea only. If lost, they cannot be recovered from any public
source.

The previous guard used is_local_overlay() && !redbear_allow_local_unfetch()
which could be bypassed by setting REDBEAR_ALLOW_LOCAL_UNFETCH=1. This was
triggered inadvertently (exact trigger unknown) and destroyed the source
tree of local/recipes/tui/tlc/source/.

This commit makes the protection UNCONDITIONAL:

- is_local_overlay() already correctly identifies any path under
  local/recipes/ as internal.
- The handle_clean unfetch path now refuses ALL local/recipes/* sources
  with a clear error message. No env var can override this.
- The fetch() path's git-reset/git-clean-ffdx and source-wipe guards now
  also refuse local overlays unconditionally.
- The dead redbear_allow_local_unfetch() function is removed.
- Makefile distclean-nuclear target is documented as a no-op for local/.

distclean still works for non-local recipes (upstream sources from
sources/redbear-0.1.0/ or git mirrors can be safely re-fetched).
2026-06-18 15:13:11 +03:00
vasilito b31fd7d3e5 feat: build system hardening — collision detection, validation gates, init path enforcement
5-phase hardening to prevent silent file-layer collisions (the D-Bus
regression class):

Phase 1: lint-config-paths.sh + make lint-config in depends.mk
Phase 2: CollisionTracker in installer (content-hash comparison)
Phase 3: installs manifests in recipe.toml + validate-file-ownership.sh
Phase 4: validate-init-services.sh + make validate in disk.mk
Phase 5: documentation (AGENTS.md, BUILD-SYSTEM-HARDENING-PLAN.md)

Both redbear-mini and redbear-full build and validate clean.
66 declared install paths in base, zero conflicts.
2026-05-03 22:25:22 +01:00
vasilito 9af8da420a feat: build system transition to release fork + archive hardening
Release fork infrastructure:
- REDBEAR_RELEASE=0.1.1 with offline enforcement (fetch/distclean/unfetch blocked)
- 195 BLAKE3-verified source archives in standard format
- Atomic provisioning via provision-release.sh (staging + .complete sentry)
- 5-phase improvement plan: restore format auto-detection, source tree
  validation (validate-source-trees.py), archive-map.json, REPO_BINARY fallback

Archive normalization:
- Removed 87 duplicate/unversioned archives from shared pool
- Regenerated all archives in consistent format with source/ + recipe.toml
- BLAKE3SUMS and manifest.json generated from stable tarball set

Patch management:
- verify-patches.sh: pre-sync dry-run report (OK/REVERSED/CONFLICT)
- 121 upstream-absorbed patches moved to absorbed/ directories
- 43 active patches verified clean against rebased sources
- Stress test: base updated to upstream HEAD, relibc reset and patched

Compilation fixes:
- relibc: Vec imports in redox-rt (proc.rs, lib.rs, sys.rs)
- relibc: unsafe from_raw_parts in mod.rs (2024 edition)
- fetch.rs: rev comparison handles short/full hash prefixes
- kibi recipe: corrected rev mismatch

New scripts: restore-sources.sh, provision-release.sh, verify-sources-archived.sh,
check-upstream-releases.sh, validate-source-trees.py, verify-patches.sh,
repair-archive-format.sh, generate-manifest.py

Documentation: AGENTS.md, README.md, local/AGENTS.md updated for release fork model
2026-05-02 01:41:17 +01:00
vasilito 1278a48b90 build: Packages/ directory with 91 pkgar files + auto-sync script
Packages/ is the canonical binary package repository for Red Bear OS.
Contains stage.pkgar copies of all built packages (91 files).

New scripts:
- local/scripts/sync-packages.sh: syncs built pkgar → Packages/
- make packages-sync: run sync
- make packages-list: list package count

Future: cache-auto will auto-sync to Packages/ after each build.
2026-04-28 12:54:31 +01:00
vasilito d30d2834a4 build: make cache sync obligatory part of build stream
Every successful 'make all' now:
1. BEFORE: restores cache from git if needed
2. AFTER:  syncs built packages to git-tracked cache
3. AFTER:  auto-commits cache to git (with fallback if not in repo)

Flow: build → cache-sync → cache-commit
Cache survives: make clean, make distclean, git clone

This makes the build system fully resilient for a fork/overlay OS.
2026-04-28 08:33:03 +01:00
vasilito 62468ee440 cache: git-tracked build cache — 16 packages, survives make clean + clone
Red Bear is a fork/overlay on top of Redox. The upstream build
system wasn't designed for forks — it loses all cached stages on
make clean with no recovery path.

This commit adds a git-tracked build cache:
- local/cache/pkgar/{pkg}/stage.pkgar — per-package cache files
- cache-sync.sh: sync built packages → git-tracked cache
- cache-sync.sh --restore: restore cache → recipe targets
- cache-sync.sh --commit: sync + git commit
- Auto-restore before build, auto-sync after build

Cache survives: make clean, make distclean, git clone, upstream rebase.
Recovery from clean: seconds (restore from git) vs hours (full rebuild).
2026-04-28 08:14:22 +01:00
vasilito 5ed419c970 build: Red Bear cache system — resilient to make clean
Adds comprehensive build cache snapshot and restore for overlay OS.

Problem: Upstream Redox build system is single-stream — make clean
destroys cached stage.pkgar files permanently. Build can't recover
without full from-scratch rebuild (2-4 hours).

Solution: Red Bear cache system provides:
- snapshot-cache.sh: Save all stage.pkgar to local/cache/
- restore-cache.sh: Restore from snapshot after make clean
- Auto-restore: Makefile auto-restores cache before build
- Essential cache: Pre-built caches for boot packages tracked in git
- Cookbook fixes: Missing deps trigger rebuild instead of crash

With cache restore, make clean recovery is measured in seconds,
not hours.

Gaps fixed in cookbook:
- modified_all_btree: missing dep → UNIX_EPOCH (rebuild trigger)
- sysroot install: missing dep → skip + rebuild
2026-04-28 08:07:14 +01:00
vasilito 24e03c6cb6 Guard make distclean against local/ overlay source deletion
make distclean now documents that local/ is protected and will NOT be deleted. Add make distclean-nuclear as the only path that can touch local overlay sources (requires REDBEAR_ALLOW_LOCAL_UNFETCH=1). Add unfetch risk comments in mk/repo.mk for local overlay recipes.
2026-04-22 22:00:34 +01:00
vasilito cdd081c664 Integrate Red Bear boot and packaging updates 2026-04-22 10:22:09 +01:00
vasilito 05a31de115 Add build system ISO generation and QEMU improvements 2026-04-18 00:48:58 +01:00
vasilito 43fd088349 Rename rbos → redbear everywhere, add redbear-info system tool
Replace all 'rbos'/'RBOS' references with 'redbear'/'Red Bear OS'
across the build system, scripts, docs, and configs. Renamed files:
  rbos.ipxe → redbear.ipxe
  assets/rbos-icon.png → assets/redbear-icon.png
  recipes/system/rbos-info → recipes/system/redbear-info

Added redbear-info: a system tool that enumerates all Red Bear OS
custom components, checks runtime availability via scheme paths and
binary presence, and prints status/test info. Supports --verbose,
--json, and --test output modes. Zero external dependencies.
2026-04-12 19:46:54 +01:00
vasilito 50b731f1b7 Red Bear OS — microkernel OS in Rust, based on Redox
Derivative of Redox OS (https://www.redox-os.org) adding:
- AMD GPU driver (amdgpu) via LinuxKPI compat layer
- ext4 filesystem support (ext4d scheme daemon)
- ACPI fixes for AMD bare metal (x2APIC, DMAR, IVRS, MCFG)
- Custom branding (hostname, os-release, boot identity)

Build system is full upstream Redox with RBOS overlay in local/.
Patches for kernel, base, and relibc are symlinked from local/patches/
and protected from make clean/distclean. Custom recipes live in
local/recipes/ with symlinks into the recipes/ search path.

Build:  make all CONFIG_NAME=redbear-full
Sync:   ./local/scripts/sync-upstream.sh
2026-04-12 19:05:00 +01:00