Fixes C compilation failures where signal.h (via signalfd_siginfo struct)
uses uint32_t/int32_t/uint64_t without stdint.h being transitively included.
The include chain signal.h -> sys/types.h -> sys/types/internal.h lacked
stdint.h, causing 'unknown type name' errors for uint32_t, uint8_t, and
uintptr_t in any C package compiling against the relibc sysroot headers.
Affected: diffutils, libiconv, and all packages whose autoconf checks
included <signal.h> and failed on the missing stdint types.
Added 'stdint.h' to sys_includes in sys_types_internal/cbindgen.toml.
Durable in local/patches/relibc/P3-sys-types-stdint-include.patch.
- Removed broken netinet/in6_pktinfo_compat.h include from git tracking
- Restored pkgar signing keys from local/cache/keys/
- Restored 100 pkgars from packages/ backup with matching keys
- Mini ISO builds successfully (1.5 GB)
- Full ISO needs COOKBOOK_OFFLINE=false for missing tarballs
ROOT CAUSE: Qt6's auto-generated Wayland wrappers pass NULL proxies
to wl_*_add_listener() during initialization. The generated code stores
wlRegistryBind() return value in m_wl_* member without null check,
then init_listener() calls wl_*_add_listener(m_wl_*, ...) which
page-faults at null+8 (write to proxy->object.implementation).
FIX (kded6): wrapper script renames libqwayland.so to .disabled
before launching kded6.real. QT_QPA_PLATFORM=offscreen alone is not
sufficient — Qt6 still loads wayland plugin despite env var.
FIX (libwayland): null guards in redox.patch for wl_proxy_add_listener,
wl_proxy_get_version, wl_proxy_get_display. Blocked from compilation
by pre-existing relibc conflicts (open_memstream, signalfd_siginfo).
FIX (Qt6 wrappers): regex-based null guard insertion proven in concept.
Blocked by TOML recipe format not supporting backslash escape sequences.
Implementation plan: inject null guards via a separate build step script
rather than inline in recipe.toml.
kded6 wrapper (/usr/bin/kded6 → kded6-wrapper.sh → kded6.real):
- Sets QT_QPA_PLATFORM=offscreen before executing real kded6
- Works regardless of launch mechanism (init, D-Bus, direct)
- No dependency on #ifdef Q_OS_REDOX, D-Bus Environment=, or build cache
- kded6 is a headless D-Bus daemon — Wayland adds no functionality
redox.patch: added null guards to wayland-client.c (wl_proxy_add_listener,
wl_proxy_get_version, wl_proxy_get_display) — durable patch for when
libwayland build is fixed.
- git rm 50 stale .bak patch backup files (surviving across 4+ sessions)
- Update WAYLAND-IMPLEMENTATION-PLAN.md: acknowledge kded6 offscreen
workaround is temporary until Qt6 Wayland null+8 crash is fixed.
kded6 is a headless D-Bus daemon — Wayland adds no functionality.
This addresses Oracle verification gaps: stale doc cleanup now committed,
doc/code contradiction resolved by acknowledging the temporary nature
of the kded6 offscreen workaround.
Three null-safety additions to wayland-client.c, now in the recipe's
redox.patch so they survive source rebuilds:
- wl_proxy_add_listener: return -1 on NULL (prevents null+8 page fault)
- wl_proxy_get_version: return 0 on NULL
- wl_proxy_get_display: return NULL on NULL
Phase S1 (Critical Correctness):
- sem_open/sem_close: global refcounting via BTreeMap + AtomicUsize
- sem_close: decrements refcount, munmaps only at zero
- sem_open: reuses existing mapping, O_EXCL returns EEXIST
- sem_unlink: marks entry for removal before shm_unlink
- va_list parsing: reads mode_t and value from stack after oflag
- All 11 sem_* functions verified in libc.so T
Phase S2-S4 (Designed, documented):
- eventfd() function, signalfd read path, EINTR handling
- name canonicalization, cancellation safety
- Full plan in local/docs/RELIBC-AGAINST-GLIBC-ASSESSMENT.md
Reference: glibc 2.41 cloned to local/reference/glibc/
Boot verified: greeter ready on VT 3 with refcounted semaphores
Generated from clean 866dfad0 + consolidated.patch state via diff.
Two hunks for x86_64: comment on line 87 and info! on line 110.
aarch64 (line 94) and riscv64 (line 100) — one hunk each.
Verified: patch applies with --fuzz=0 on top of redbear-consolidated.
Wired into kernel recipe after P8-msi.patch.
check-unwired-patches.sh: scans local/patches/ for .patch files not
referenced in any recipe.toml patches = [...] array. Detects 262
unwired patches (most intentionally kept for reference/rebase).
P2-rebrand-start-message.patch: minimal 39-line patch changing
'Redox OS starting' to 'RedBear OS starting' in x86_64, aarch64,
and riscv64 arch start files. Wired into kernel recipe after
P8-msi.patch. Verified: make r.kernel builds with all 3 patches.
Build system issues surfaced by the detector:
- 250+ kernel individual patches kept for reference (absorbed/)
- ~50 base individual patches — many intentionally unwired
- ~30 relibc patches — may need wiring into relibc recipe
- build-system patches applied by scripts, not recipes
e1000d was the last NIC driver using legacy IRQ (irq.irq_handle()).
Migrated to pci_allocate_interrupt_vector which tries MSI-X first,
then MSI, then falls back to legacy INTx — matching rtl8168d, rtl8139d,
ihdad, ihdgd, and nvmed.
63-line patch at local/patches/base/P6-e1000d-msi-migration.patch,
symlinked and wired into recipes/core/base/recipe.toml.
- udev-shim: replace .expect() with graceful errors (no more panic on Broken pipe)
- P4-initfs: remove duplicate sessiond (conflicted with config)
- accessibility/ime/keymapd: break instead of exit(1) on EBADF
- P6 driver patches rebased
- Docs: archive old reports, add implementation master plan
Base: fix P6-driver-new-modules.patch (ed format -> unified diff) for new
driver modules (ncq, itr, phy). P6-driver-main-fixes.patch now applies with
offset on current upstream source.
Relibc: remove stale P5-named-semaphores (upstream has stubs), add
P10-stack-size-8mb and P11-getrlimit-getrusage (per-process rlimit table,
sysconf integration, getdtablesize fix, null-pointer safety).
Kernel: consolidate 29 individual patches into single redbear-consolidated.patch.
Userutils: P5-redbear-branding replaces P4-login-rate-limit.
Recipe.toml changes now committed so they survive source resets.
MouseTx::handle() treated 0xFE (PS/2 RESEND) as an unknown response,
causing mouse init to fail on hardware where the mouse requests a
resend during the reset/command exchange. Now resends the current
command byte when the mouse returns 0xFE, matching the PS/2 protocol.
Bootloader hardcoded RedoxFS partition offset at 2 MiB, which fails when
efi_partition_size > 1 (redbear-full, redbear-grub use 16 MiB, placing
RedoxFS at LBA 34816 = 17 MiB). Added GPT partition table parser that
scans for Linux filesystem GUID (0FC63DAF) to find the actual offset.
Also removed invalid 'respawn = true' from 31_debug_console.service in
redbear-full.toml — init's service format does not support this field.
Verified: all three ISOs boot in QEMU UEFI and reach login prompt.
Add redbear-usb-storage-check in-guest binary that validates USB mass
storage read and write I/O: discovers /scheme/disk/ devices, writes a
test pattern to sector 2048, reads it back, verifies match, restores
original content. Updates test-usb-storage-qemu.sh with write-proof
verification step.
Includes all accumulated Red Bear OS work: kernel patches, relibc
patches, driver infrastructure, DRM/GPU, KDE recipes, firmware,
validation tooling, build system hardening, and documentation.
5-phase hardening to prevent silent file-layer collisions (the D-Bus
regression class):
Phase 1: lint-config-paths.sh + make lint-config in depends.mk
Phase 2: CollisionTracker in installer (content-hash comparison)
Phase 3: installs manifests in recipe.toml + validate-file-ownership.sh
Phase 4: validate-init-services.sh + make validate in disk.mk
Phase 5: documentation (AGENTS.md, BUILD-SYSTEM-HARDENING-PLAN.md)
Both redbear-mini and redbear-full build and validate clean.
66 declared install paths in base, zero conflicts.
The init system parser (serde deny_unknown_fields) rejects [service]
sections in .target files. The P4-initfs-dbus-services patch was
creating 05_boot_essential.target and 12_boot_late.target with a
no-op [service] section (cmd=/usr/bin/true). Removed those sections
so targets only contain [unit].
This eliminates "unknown field service, expected unit" init warnings
that could prevent proper service dependency resolution.
P3-3: fbcond scrollback is now fully functional:
- text.rs: 1000-line ring buffer captures all console output
- scheme.rs: new Scrollback handle type, path/N/scrollback open
- main.rs: Scrollback match arm in event loop
- Users can read scrollback via:
cat /scheme/fbcon/2/scrollback
19/19 patches. base + base-initfs build.
Fixed common dependency path (../../common → ../common).
Added workspace member entry for drivers/thermald.
thermald now builds as part of base recipe.
19/19 patches. base + base-initfs build.
P3-3: fbcond scrollback — captures last 1000 lines of text output
in ring buffer, exposes via read_scrollback(). Patch created but
needs line number adjustment for clean application.
P3-5: thermal daemon source created at drivers/thermald/. Reads
ACPI thermal zone temperature, logs warnings >65°C, errors >80°C.
Needs Cargo.toml workspace integration and recipe.toml BINS entry.
Part of COMPREHENSIVE-FIX-PLAN-FINAL P3 implementation.
Changed <policy user="root"> to <policy user="0"> in D-Bus
system.conf.in to avoid getpwnam lookup failures on Redox.
Patch written but does not apply yet — tar source extraction
puts files under dbus-1.16.2/ which requires strip=2 or different
path prefix. Left as documented work-in-progress.
D-Bus daemon runs despite cosmetic user lookup warnings.
D-Bus daemon, sessiond, and seatd all running on redbear-full.
User lookup warnings are pre-existing Redox D-Bus config issue
(does not affect functionality).
Bootloader: alloc_zeroed_page_aligned no longer panics on OVMF
AllocatePages failure. Returns null on error.
Cookbook: pkgar falls back to repo/ dir when target pkgar missing.
Resolves KDE build chain failure.
redbear-full: builds 4.0GB image+ISO, boots without crash.
getty converts numeric args to /scheme/fbcon/{N} paths.
Non-numeric args (like ttyS0) are treated as literal paths
which don't exist in Redox. Changed to:
- 29_activate_console: inputd -A 2
- 30_console: getty 2 → /scheme/fbcon/2 (VT2 login)
- 31_debug_console: getty 3 → /scheme/fbcon/3 (VT3 debug)
Serial console (ttyS0) has no standard scheme path in Redox.
Login prompt is on the framebuffer console (requires graphical QEMU
or VNC to view).
Boot process now includes:
- 25_serial_getty.service: getty on serial console (visible in QEMU -nographic)
- 29_activate_console.service: inputd -A 2 (activate VT2)
- 30_console.service: getty on VT2 (framebuffer console)
Fixed hunk counts (7→8, 8→9) for correct patch application.
Services use 'oneshot_async' type for fire-and-forget startup.
ZSH is the default shell for all user accounts (base.toml, mini, full, greeter).
At initfs time, /var/log/ doesn't exist (rootfs not yet mounted).
Changed persistent_log from File to Option<File> with .ok() instead
of .unwrap_or_else(|| panic!()). If the file can't be opened, logging
continues without persistence — no crash.
QEMU verification: system boots through initfs→rootfs→switch_root→userland.
Colored init output visible. 25+ services start successfully.
P2-2: Login rate limiting (userutils/login.rs):
- Tracks consecutive failures, resets on success
- 3+ failures: exponential delay up to 30 seconds
- Applies to both password and blank-password login paths
P2-3: Network stack in initfs (base-initfs + service files):
- Added e1000d, rtl8168d to base-initfs BINS
- 60_smolnetd.service: network stack in initfs
- 61_dhcpd.service: DHCP client in initfs
- Network available before switch_root
Part of COMPREHENSIVE-FIX-AND-IMPROVEMENT-PLAN Phases P2.
Phase B1+B2 from BOOT-PROCESS-AUDIT:
- 45_usbscsid.service: USB mass storage driver in initfs (requires xhcid)
- 30_redox-drm.service: DRM/KMS display driver in initfs (requires hwd+pcid-spawner)
Both condition-architecture-gated to x86/x86_64.
Phase A1 from BOOT-PROCESS-AUDIT. The ACPI shutdown path now:
- Validates PM1a port is non-zero before writing
- Waits 3 seconds for power-off, then retries with PM1b+SLEEP_EN
- Falls back to keyboard controller reset (0x64=0xFE) on failure
- Handles SLP_TYPb correctly
- Removes fragile Pio::new()+write() without validation
logd now writes all log output to /var/log/system.log (5MB auto-rotation)
in addition to existing scheme listeners. Falls back to /tmp/logd-fallback.log
if /var/log is unavailable. Logs survive reboots for post-mortem analysis.
Part of Phase A2 (Boot Reliability) from BOOT-PROCESS-AUDIT-2026-05-03.
The 556MB monolithic redox.patch was impossible to manage, unreviewable,
blocked GitHub pushes, and could only grow. This commit:
- Moves all 64 absorbed patches from absorbed/ to active use in base/
- Removes the absorbed/ directory (consolidation history is now PATCH-HISTORY.md)
- Removes the redox.patch symlink from recipes/core/base/
- Fixes all recipe symlinks to point to active patches (not absorbed/)
- Patches are now individually wired, reviewable, and independently rebasable
The redox.patch mega-file is no longer needed — individual patches
are applied directly from the recipe.toml patches list.
vasilito