Build system improvements after Phase 2.0 / 2.1 / 2.2 patch work:
1. New 'diverged' mode in local/fork-upstream-map.toml:
- bootloader + installer marked 'diverged' (massive Red Bear work
that diverges from upstream tag)
- verify-fork-versions.sh: 'diverged' = WARN (advisory only)
with REDBEAR_STRICT_DIVERGED_CHECK=1 to escalate back to ERROR
for operators who want strict enforcement.
2. Bug fix in verify-fork-versions.sh (Phase 2.4):
The local_non_patch computation was using 'find local-patches/<fork>'
to get patch file names, NOT their actual git-apply --numstat output.
Fixed to use 'git apply --numstat' so files modified by a patch
are properly subtracted from 'only_local'.
3. Per-fork declarative expected-differ list:
- libredox: src/lib.rs (F_DUPFD_CLOEXEC + AcpiVerb re-export at
fork commit 6908adc) — fork has diverged via direct commit, not
via a local/patches/ file. Algorithm now recognizes this as
INTEGRATED.
- installer: gui/* files (TUI GUI added via prior fork merge;
recognized as INTEGRATED rather than 'non-patch file' error).
4. libredox fork cleanup:
- Removed .cargo-ok + .cargo_vcs_info.json from tracking (cargo
metadata that should be in .gitignore, not source control)
- Added /Cargo.lock to .gitignore (matches upstream .gitignore)
- This unblocks verify-fork-versions.sh for libredox 0.1.18.
After this commit:
- bash verify-fork-versions.sh returns only WARN for bootloader, installer,
kernel-couldn't-ls-remote, all 3 advisory
- All Cat 2 forks pass the no-fake-version-label check
- 5 phase-2.4 forks tracked correctly
Per Phase 0 audit findings (G1, G2), the build-system version sync
had two omissions that allowed drift to accumulate across branch
bumps:
1. G2: The root Cargo.toml's [package] version was outside the
script's scope. During 0.3.0 -> 0.3.1 branch change, syncing
Cat 1 + Cat 2 versions did not touch the cookbook crate itself,
so 'repo --version' reported the wrong version. Fixed by adding
Phase 0: Cookbook root Cargo.toml block that mirrors the Cat 1
version assignment.
2. G1: After a branch bump, Cargo.lock files were not regenerated.
Each Cat 2 fork's lockfile kept its previous +rb suffix even after
the fork's Cargo.toml was updated. Fixed by adding Phase 3: a
'cargo generate-lockfile' pass that runs in each fork and the
root cookbook after version sync completes. The path-dep +
[patch.crates-io] config in each fork ensures the right crates
are pulled in; the script verifies each cargo generate-lockfile
exit code.
New flags:
--check Verify only (no writes), exit 1 on drift
--no-regen Apply version sync, skip lockfile regen
--regen-only Skip version sync, only regen lockfiles
(default) Apply sync + regen lockfiles
After this commit, branch bump workflow is:
./local/scripts/sync-versions.sh
... and nothing else is needed for Cargo.lock freshness. The
script exits non-zero only if any 'cargo generate-lockfile' fails
in a fork, surfacing build breakage immediately.
Per AGENTS.md § 'Local Fork Recipe Directories Must Not Carry Patch
Files', the symlinks under recipes/core/{base,kernel,relibc,
bootloader,installer}/ pointing at the canonical local/patches/<comp>/
patches were violations. The recipes use path = '...' source so the
cookbook would never apply these patches; the symlinks were a
navigation aid only.
This commit moves all 137 valid symlinks (and the redox.patch
counterparts) to local/docs/legacy-recipe-patches/<comp>/ with a
README explaining the rationale and pointing readers at the canonical
patch location.
The patches themselves (local/patches/<comp>/*.patch) are NOT
modified — they remain git-tracked at their canonical location.
Per AGENTS.md 'NEVER DELETE' policy the patches stay in their
canonical home; only the navigation aid symlinks are relocated.
Breakdown:
base (61) - legacy-recipe-patches/base/
kernel (26) - legacy-recipe-patches/kernel/
relibc (46) - legacy-recipe-patches/relibc/
bootloader (3) - legacy-recipe-patches/bootloader/
installer (1) - legacy-recipe-patches/installer/
After this commit, recipes/core/<comp>/.patch references all show
zero matches per AGENTS.md rule.
1. local/scripts/build-preflight.sh — invoke verify-patch-content.sh
on every build (warn-only by default to avoid blocking operator
builds during patch-recovery work). REDBEAR_SKIP_PATCH_CONTENT_CHECK=1
bypasses the check.
2. local/docs/PATCH-PRESERVATION-AUDIT-2026-07-12.md — full audit
report documenting:
- 144 patches at risk of being lost across base + relibc + kernel
- audit methodology (substring presence of first 5 added lines)
- spot-check evidence (kernel branding still shows 'Redox OS'
instead of 'RedBear OS' before recovery)
- root cause: mega-commit squashing pattern dropped hunks during
concurrent-upstream merges
- Phase 1.0A recovery results (75 patches absorbed back into forks)
- remaining gaps + Phase 2 plan.
Per the Phase 1.0 audit (local/docs/PATCH-PRESERVATION-AUDIT-2026-07-12.md)
no part of the build system was checking that patches listed in
local/patches/<comp>/ had actually been absorbed into the
local/sources/<comp>/ fork's working tree.
This commit adds a tool that audits every Cat 2 fork and reports any
patches whose content is not present in the fork HEAD. The tool is
located at local/scripts/verify-patch-content.{sh,py} and follows the
existing local/scripts/ convention (shell wrapper delegating to
Python implementation).
Audit method:
1. For each .patch in local/patches/<comp>/:
- Extract target file from ---/+++ headers
- Extract first 5 added lines (+ markers)
- Check substring presence in fork HEAD version
2. If 0/5 added lines found, patch is 'orphaned'
Current state (after Phase 1.0A recovery):
- 251 patches total, 155 preserved, 96 still orphaned
- The remaining orphans are patches where the upstream file structure
has shifted too far for patch(1) to apply — those need
upstream-tracking upgrade, deferred to Phase 2.
Usage:
./local/scripts/verify-patch-content.sh (report)
./local/scripts/verify-patch-content.sh --strict (exit 1 on orphans)
./local/scripts/verify-patch-content.sh base kernel (specific forks)
Wired in via build-preflight.sh in the next commit (Phase 1.0B cont.).
This closes the 'silent patch loss' gap identified in the audit.
When the upstream commit hash of the claimed upstream tag has not changed
since the last successful verify, reuse the cached file list instead of
re-cloning and re-hashing from scratch. This makes the canonical preflight
fast on the common case where upstream didn't move.
Cache is stored in .redbear-fork-verify/<fork>-<tag>.fingerprint. Touched
only after a successful full content diff, so cache corruption is detected
on the next run (commit hash mismatch triggers fresh clone).
The verify-overlay-integrity.sh script is now active. It runs at the
start of canonical builds and auto-repairs via apply-patches.sh on
failure.
Restored missing symlinks for:
- recipes/core/base/redox.patch
- recipes/core/bootloader/redox.patch
- recipes/core/bootloader/P2-live-preload-guard.patch
- recipes/core/bootloader/P3-uefi-live-image-safe-read.patch
- recipes/wip/wayland/qt6-wayland-smoke (incorrect relative path)
Created empty stub at local/patches/base/redox.patch so the relibc/base
symlinks can be re-created by apply-patches.sh.
Overlay integrity now reports:
365 recipe symlinks, 0 broken
9 patch symlinks, 0 broken
9 critical patches, 0 missing
10 critical configs, 0 missing
CRITICAL: Add verify-fork-functions.sh — detects silent upstream code loss
from bad merges that file-level verification cannot catch. This is the
verification that would have caught the kfdwrite drop bug.
Wire it into build-preflight.sh (pre-build gate) and upgrade-forks.sh
(post-upgrade gate with automatic rollback on failure).
Fix upgrade-forks.sh:
- Fetch failures now abort instead of being silently swallowed
- Backup branch names include fork name + PID to prevent collisions
- Post-upgrade verification runs verify-fork-functions.sh and rolls
back if upstream functions are missing
Fix bump-fork.sh:
- Replace wrong 'git tag -e' with 'git rev-parse --verify refs/tags/'
- Clone failures now error explicitly instead of silent fallback
- Version sed uses proper regex escaping for + characters
- Atomic swap has rollback recovery if mv fails
- Instructions now mention fork-upstream-map.toml update
Fix sync-upstream.sh:
- Define PROJECT_ROOT before use (was crashing under set -u)
Fix build-preflight.sh:
- Add REDBEAR_SKIP_FUNCTION_CHECK gate for verify-fork-functions.sh
Kernel submodule pointer updated to 0.3.1 branch with kfdwrite restored.
Per user instruction — upgrade to latest. Redox mesa fork at redox-24.0
has no redox-26.0 branch; switched to tar-based upstream 26.1.4 with
Red Bear patches applied on top.
Patch dry-run results vs 26.1.4:
✅ 02-gbm-dumb-prime-export.patch
✅ 04-sys-ioccom-stub-header.patch
✅ 05-vk-sync-wchar-include.patch
🔴 01-virgl-redox-disk-cache.patch (hunk #1 FAIL at 1054)
🔴 03-platform-redox-gpu-probe.patch (8 hunks ignored)
🔴 06-redox-surface-image-fields.patch (hunk #1 FAIL at 333)
🔴 07-wayland-scanner-env-override.patch (hunk #1 FAIL at 1992)
Patches 01,03,06,07 require manual rebase — documented in recipe comment.
Added mesa to apply-patches.sh graphics symlinks for local fork tracking.
- check-fork-drift.sh: compares each submodule HEAD against upstream/master,
reports behind/ahead counts, exits 1 if any fork exceeds threshold
- upgrade-forks.sh: fetches latest upstream, saves RB commits, resets to
upstream, cherry-picks RB patches with conflict handling and backups
- build-preflight.sh: wired drift check into preflight (threshold=50,
suppressible via REDBEAR_SKIP_DRIFT_CHECK=1)
- bootloader submodule pointer updated to latest upstream rebase
Live upstream versions verified 2026-07-11:
- gnu-grep 3.12 (2025-04-10) -- https://ftp.gnu.org/gnu/grep/
- libsodium 1.0.22-stable (2026-07-08) -- https://download.libsodium.org/libsodium/releases/
- autoconf 2.73 (2026-03-20) -- https://ftp.gnu.org/gnu/autoconf/
Each recipe updated with new tar URL + BLAKE3 hash. Build-tool upgrades are
isolated from the fork content-verification system, so these are SAFE to
upgrade without the relibc-style risk.
diffutils was already at 3.12 (previously committed).
Also: fork-upstream-map.toml — bootloader flagged PENDING_REBASE
(2026-07-11 detection: 1.0.0 tag mismatch, fork based on 0.1.0 archive
not a true rebase — documented inline).
Context: A relibc fork check via cargo compare exposed that the fork
labeled 0.6.0 (matching a 2020-12-23 upstream tag) was on a
completely different codebase from upstream master. The fork was
imported as a snapshot. The verify-fork-versions.sh tool allowed
this because 'snapshot' mode skipped byte-for-byte content comparison.
Changes:
1. Remove 'snapshot = skip content check' behavior. All Cat 2 forks must
pass actual content comparison against their claimed upstream tag.
2. Add base to local/fork-upstream-map.toml so it's checked too (was missing).
Effect: Future 'fake version label' divergences (Cargo.toml says
version X but source content does not match upstream X) will be
caught by the preflight check instead of slipping through build.
Implements 7 of 8 improvements from local/docs/BUILD-SYSTEM-IMPROVEMENT-PROPOSAL.md:
Improvement 1+5: trap-based stash-and-restore for ALL 9 fork sources
- Replaces single-relibc stash with a loop over the canonical fork
inventory (relibc, kernel, base, bootloader, installer, redoxfs,
libredox, syscall, userutils)
- Records each stash SHA in a label-keyed map for safe round-tripping
- Pop stashes in LIFO order matching user-visible stash pop convention
- Idempotent: re-entry during the same build does not double-stash
- Reports (does not silently swallow) real git errors during stash push
- Restored on EXIT regardless of success/failure/signal
Improvement 3: cookbook binary freshness check
- Replaces existence-only check with BLAKE3-of-src/.rs fingerprint
- Hash written to target/release/.cookbook-src-fingerprint
- Rebuild triggers on any source file content change, not just mtime
- Survives git operations that change content without touching mtime
Improvement 4: strict-by-default uncommitted-edit gate
- Refuses to build with uncommitted edits in any fork source
- Catches the 'works on my machine' bug class where pkgar fingerprints
silently mismatch the committed HEAD
- Escape hatch: REDBEAR_ALLOW_DIRTY=1 for emergency CI use
- apply-durable-source-edits.py auto-enables strict mode when
REDBEAR_BUILD_PHASE is set (set by build-redbear.sh)
Improvement 6: failure-cleanup trap with diagnostics
- EXIT trap captures last 30 lines of each cookbook log
- Lists orphaned cook/cargo processes (often root cause of follow-on
build failures via held locks)
- Reports per-recipe build state (complete vs incomplete)
- Preserves diagnostics in REDBEAR_BUILD_STATE_DIR (mktemp -d)
- REDBEAR_KEEP_BUILD_STATE=1 retains the state dir after exit
Improvement 7: pre-cook offline/upstream consistency
- Pre-cook now follows the same offline policy as the main build phase
- REDBEAR_ALLOW_UPSTREAM=1 → offline=false
- default / REDBEAR_RELEASE → offline=true
- Pre-cook logs captured into REDBEAR_BUILD_LOGS_DIR for diagnostics
- Sets REDBEAR_BUILD_PHASE=pre-cook so downstream code can distinguish
Improvement 8: cookbook protection against out-of-band invocations
- src/bin/repo.rs emits a warning when invoked without
REDBEAR_CANONICAL_BUILD=1 in the environment
- The warning lists what is bypassed (cache invalidation, prefix
rebuild, fingerprint tracking, dirty gate)
- Non-fatal: CI scripts that manage their own checks are unaffected
Smoke-tested: ./local/scripts/build-redbear.sh redbear-mini now exits 1
when relibc/kernel have uncommitted edits, and proceeds when
REDBEAR_ALLOW_DIRTY=1 is set.
Missing source trees (tar present but not extracted) are non-fatal — the
cookbook fetches/extracts them during build. Also fixed the
--missing-paths-only branch (previous commit).
Missing source trees (e.g. plasma-desktop with recipe.toml but not yet
extracted source/) should not block the build. Sources are fetched/extracted
by the cookbook during the build phase. The validator now warns about
missing sources but returns exit code 0.
Changed QEMU device from -device virtio-gpu (2D only) to
-device virtio-vga-gl -display egl-headless for virgl 3D
acceleration testing. The virgl patches are already wired into
Mesa recipe.toml (6 patches); this enables the runtime probe
to select virgl instead of falling back to llvmpipe swrast.
Also updated test-phase4-wayland-qemu.sh (both expect and
smoke sections). Matches plan §5 Blocker Detail #3 fix.
Three Phase 1.3/2.4 fixes that have real runtime impact:
1. local/scripts/build-redbear.sh: Export ARCH and HOST_ARCH at the top
of the script (derived from uname -m when unset). This fixes the
'Unsupported ARCH for QEMU ""' error from the auto-rebuild-prefix
path introduced in Phase 1.3 — the env(1) wrapper was masking
the variables, and even without it mk/config.mk needed explicit
ARCH to be exported to subprocesses. The prefix rule now succeeds
when the fork source is newer than prefix/x86_64-unknown-redox/sysroot.
2. config/redbear-device-services.toml: Remove the three init.d service
files 16_redbear-{acmd,ecmd,usbaudiod}.service. These are USB device
daemons that take <scheme> <port> [<iface>] arguments and panic on
missing args. They are spawned dynamically by pcid-spawner (00_driver-
manager.service) when matching USB hardware is detected. Starting
them as init services caused the boot to fail with
'thread main panicked at redbear-acmd <scheme> <port> <iface>'.
The binaries are still installed via the [packages] section so
pcid-spawner can find and exec them. This matches the Linux model
where cdc_acm / cdc_eem / snd-usb-audio are kernel modules or
udev-spawned, not init services.
3. config/redbear-mini.toml: Add explicit '-K us' to
29_activate_console.service so the inputd daemon activates VT 2 with
a deterministic keymap. Combined with the Russian (ЙЦУКЕН) keymap
added in commit 75f5480f, all 7 layouts (US, GB, Dvorak, Azerty, Bepo,
IT, RU) are now selectable via 'inputd -K <layout>' or by editing
this service.
The old --check section looked for log strings that do not exist in the
xhcid codebase ("xhcid: using MSI/MSI-X interrupt delivery" etc.).
All six grep patterns were fictitious — the script was written ahead of
P0-A1 anticipating different logging.
Rewrite to match actual debug-level output from xhcid:
irq_reactor.rs:208 — "Running IRQ reactor with IRQ file and event queue"
(irq_file is Some — this is the main proof that interrupts fired)
irq_reactor.rs:125 — "Running IRQ reactor in polling mode."
(irq_file is None — must NOT appear in a passing run)
main.rs:88 — "Enabled MSI-X" (debug, MSI-X configured)
main.rs:95 — "Legacy IRQ <n>" (debug, INTx fallback)
main.rs:143 — "XHCI <pci_name>" (info, controller detected)
Also fails if both polling and IRQ-driven mode appear in the same boot.
- Update AGENTS.md single-repo rule to explicitly forbid creating any new
Gitea repositories and to require deleting per-component repos.
- Change version suffix policy from pre-release -rb to build-metadata +rb
in AGENTS.md, sync-versions.sh, apply-rb-suffix.sh, verify-fork-versions.sh.
- Update migration instructions to push to existing submodule/<component>
branches inside RedBear-OS, not create new repos.
- Update BUILD-SYSTEM-IMPROVEMENTS.md and SLEEP-IMPLEMENTATION-PLAN.md to
reference submodule/* branches instead of defunct per-component repos.
- Fix delete-per-component-repos.sh example to use a real historical repo.
The local bootloader fork claims to be upstream 1.0.0 + Red Bear
patches, but the patches in local/patches/bootloader/ do NOT
apply cleanly to upstream 1.0.0. The fork was originally a 0.1.0
baseline with substantial additions that pre-date the upstream-1.0.0
refactor.
Changes:
* local/fork-upstream-map.toml: set bootloader's upstream tag to
PENDING_REBASE. The verifier recognises this as a deliberate
state marker (a fork whose rebase is in progress) and refuses
the build with a clear error pointing the user to the rebase
procedure documented in the map.
* local/scripts/verify-fork-versions.sh: when a fork is marked
PENDING_REBASE in the map, the script reports a dedicated error
message instead of running the upstream content comparison (which
would always fail for a fork in this state).
The current state of the build is:
* 5 of 6 `-rb1` Cat 2 forks pass the no-fake-version-label
check (redoxfs, redox-scheme, kernel, installer, userutils).
* bootloader refuses to build until a real rebase onto a chosen
upstream tag is completed (the patches must apply cleanly with
--fuzz=0).
* installer has additional divergent content that may need a
rebase too (separate operational task).
This is the strict enforcement the user asked for. The build
cannot proceed silently with fake labels. The user must drive
the rebase work for bootloader (and installer) following the
procedure in fork-upstream-map.toml.
Per local/AGENTS.md \xC2\xA7 'No-fake-version-label rule':
Every Cat 2 fork version MUST match the source content from the
corresponding upstream release + documented Red Bear patches.
A `-rbN` label on stale content is a fake label and a policy
violation.
Changes:
* local/AGENTS.md: documented the no-fake-version-label rule,
including what counts as a fake label, the enforcement contract,
and what a real Red Bear fork looks like.
* local/fork-upstream-map.toml: authoritative mapping of each
Cat 2 fork (syscall, libredox, redoxfs, redox-scheme, relibc,
kernel, bootloader, installer, userutils) to its upstream Git
URL and release tag.
* local/scripts/refresh-fork-upstream-map.sh: auto-update the
fork-upstream-map by querying each upstream repo for the
current latest stable release tag.
* local/scripts/verify-fork-versions.sh: preflight enforcement
script. For each Cat 2 fork with a `-rbN` version field:
1. Compare fork's file list and content against the upstream
release tag from the map. Reject the build if files are
missing (would be a fake label).
2. Reject the build if files exist in local that don't exist
in upstream (must be moved to local/patches/<fork>/ as
documented Red Bear patches).
3. Reject the build if shared files diverge in content.
* local/scripts/apply-rb-suffix.sh: invokes
verify-fork-versions.sh after applying the `-rbN` label so the
build fails fast if the labelled content is fake.
* local/scripts/build-preflight.sh: invokes
verify-fork-versions.sh at the start of every build. Bypassed
only with REDBEAR_SKIP_FORK_VERIFY=1 (emergency only).
* local/patches/bottom/0001-ratui-0.30-braille-compat.patch: the
ratatui 0.30+ compatibility shim for bottom 0.11.2.
This is the structural enforcement that prevents fake labels from
ever reaching the build again. The current 6 forks with `-rbN`
labels are flagged by the verifier — they must be rebased onto
their actual upstream release before the build can succeed.
Add comprehensive policy documentation in AGENTS.md covering:
- local/ fork always takes precedence over recipes/ paths
- build system must ensure local fork is at latest available version
- all Red Bear patches must be applied cleanly on top of latest version
- automatic version bump + patch reapplication via bump-fork.sh
Create local/scripts/bump-fork.sh that implements automatic version bumping:
- Detects current local version vs required version from Cargo.lock
- Fetches upstream source at required version
- Applies all Red Bear patches atomically
- Updates version field and replaces local fork contents
Fix driver-manager Cargo.toml lockfile collision:
- Remove redundant syscall dependency (transitive via pcid_interface)
- Update all driver recipes to use local/sources/syscall and libredox paths
- This eliminates the redox_syscall lockfile collision between
local/sources/syscall and recipes/core/base/syscall (same dir, different paths)
relibc: fix unsafe call for Rust 2024 edition compatibility
Per local/AGENTS.md § SINGLE-REPO RULE: the Red Bear OS project lives
in exactly one git repository (vasilito/RedBear-OS). Per-component
Gitea mirrors (redbear-os-base, redbear-os-kernel, redbear-os-installer,
redox-drm, userutils, libredox, libpciaccess, ctrlc, syscall, sysinfo)
have been redirected or deleted.
For each per-component repo with source content, the working-tree HEAD
was pushed as a 'submodule/<component>' branch on RedBear-OS:
- submodule/base
- submodule/bootloader
- submodule/installer
- submodule/kernel
- submodule/libredox
- submodule/redoxfs
- submodule/relibc
- submodule/syscall
- submodule/userutils
The .gitmodules entry for local/sources/kernel is now redirected to the
canonical repo with branch = submodule/kernel. The other submodule
.gitmodules entries remain to be added in a follow-up.
Empty per-component repos (ctrlc, libpciaccess, redox-drm, sysinfo) had
no source content; their gitlinks in the index are removed in a
follow-up commit.
Unrelated per-component repos that were not Red Bear components
(ctrlc, syscall, sysinfo — possibly unrelated personal projects) were
deleted in the bulk cleanup.
Gitea state under vasilito/ is now exactly: RedBear-OS, hiperiso.
Adds:
- local/scripts/redirect-to-submodules.sh
- local/scripts/delete-per-component-repos.sh
Updates:
- .gitmodules (kernel → RedBear-OS#submodule/kernel)
- local/AGENTS.md (SINGLE-REPO RULE status, migration procedure)
- local/docs/BUILD-SYSTEM-IMPROVEMENTS.md §11 (resolved)
- local/docs/QUIRKS-AUDIT.md (drop dead links)
- local/docs/SLEEP-IMPLEMENTATION-PLAN.md (mark historical)
- CHANGELOG.md (mark historical references)
The new `check-cargo-patches.sh` script verifies that all
[patch.crates-io] and [patch.'<URL>'] sections in the local
sources' Cargo.toml files actually resolve to the expected
local fork paths. It does this by running `cargo metadata`
on each source's workspace and checking that the
resolved source URL (or manifest_path for path-deps)
matches the expected local fork path.
This is the Phase J / Improvement C verification step
that the user explicitly requested: 'Build system must
report complete when upstream have our patches applied.'
The script handles the known-large workspaces gracefully:
* relibc is explicitly skipped — its [patch] section is
only the cc-rs git branch override (no `path` patches),
and `cargo metadata` on relibc takes minutes (hundreds
of deps) which would hang the script.
* All other `cargo metadata` calls are wrapped in a
30-second timeout.
Hardware-agnostic: works on any Red Bear OS checkout
regardless of which OEMs are added to the local sources
(Phase I/II/J DMI matches).
The Qt6SvgTargets.cmake config contains absolute paths to qtsvg's own
sysroot/metatypes/ for INTERFACE_SOURCES. When the cookbook cleans
qtsvg's sysroot between recipe builds, these paths dangle and cause
CMake Generate to fail.
Extend redbear_qt_ensure_dep_sysroots to create symlinks for ALL Qt
directories (metatypes, plugins, mkspecs, modules, qml) — not just
include and lib. Add the call to qtdeclarative's recipe (was missing).
redbear_qt_ensure_dep_sysroots was creating symlinks in the dependency's
sysroot pointing to the CALLING recipe's sysroot. This caused CMake
'hidden library' warnings and corrupts the dependency's build when it
gets rebuilt later.
Fix: derive the dependency's stage path from its sysroot path
(dirname(sysroot)/stage/usr) and link to that instead. This way
qtdeclarative's sysroot include/lib point to qtdeclarative's OWN
stage, not to qt6-sensors' sysroot.
Also fix wayland-patch.sh: replace ${LIBXCB_LIBRARIES} with empty
string instead of a comment. The comment was eating the closing )
on the same line, causing 'Function missing ending paren' CMake
parse error in src/daemon/CMakeLists.txt:63.
Three build failures (qt6-sensors, sddm, kwin) all trace to
qtdeclarative's sysroot/ directory being missing after staging.
CMake config files reference absolute paths into that sysroot.
1. qt-sysroot.sh: add mkdir -p before ln -sf in
redbear_qt_ensure_dep_sysroots() so the parent directory is
created when the dependency sysroot was cleaned up.
2. sddm wayland-patch.sh: fix sed pattern to include LinguistTools
token that exists in the actual upstream CMakeLists.txt line.
Without it the sed silently fails to match, leaving
LinguistTools/Test/QuickTest as REQUIRED components.
3. qt6-sensors recipe.toml: source qt-sysroot.sh and call
redbear_qt_ensure_dep_sysroots() before cmake configure.
Previously the recipe only symlinked plugins/mkspecs/metatypes/
modules but never fixed up dependency sysroot paths, causing
Qt6::Qml INTERFACE_INCLUDE_DIRECTORIES to reference a
non-existent include path.
The stale-build check in build-redbear.sh compared HEAD commit hashes
against a stored fingerprint, which silently ignored uncommitted changes
in local/sources/{relibc,kernel,base,bootloader,installer}.
This meant dev iterations where a maintainer edited the working tree
without committing would not trigger a rebuild of the affected package.
The cookbook would then cook the binary from a fingerprint that
claims 'up to date' but is actually older than the working tree.
This commit extends the staleness test to also check
'git diff HEAD', 'git diff --cached HEAD', and
'git ls-files --others --exclude-standard'. The error message
distinguishes 'uncommitted changes' from 'new commits' so the
operator can tell which case triggered the rebuild.
Also adds local/scripts/lint-doc-comments.sh: a doc-comment hygiene
linter that flags agent-memo style comments (Note:, This implements...,
Changed from..., Added new..., Korean variants) so future commits
can be screened for the WHAT-not-WHY comment anti-pattern.
- recipes/dev/python312/recipe.toml: use COOKBOOK_TOOLCHAIN for
--with-build-python instead of /tmp/python312, which the build system
never stages. Add [ -x ] guard for clear failure on missing dev-dep.
- recipes/core/userutils/recipe.toml: switch from upstream git URL to
local fork (local/sources/userutils/) per the local fork model. The
upstream source opens /scheme/pty/ptmx which the ptyd scheme does not
recognize; the local fork opens /scheme/pty correctly and avoids the
getty PTY panic.
- local/scripts/build-preflight.sh: warn when a recipe build script
references /tmp/<known-package>/, since the cookbook does not stage
host dev-deps under /tmp/<name>. Points authors at COOKBOOK_TOOLCHAIN.
- local/scripts/build-redbear.sh: replace 'tail -1 || true' on pre-cook
failures with proper error capture, last-50-lines tail on failure, and
exit-1. Verify the pkgar exists after a successful cook.
Add local/scripts/cleanup-build.sh - a git-aware cleanup script that
uses 'git ls-files' to whitelist tracked files before deletion.
Prevents the class of cleanup disasters that deleted local recipe
sources and local fork sources.
Update AGENTS.md with the new safe cleanup procedure.
Update CONSOLE-TO-KDE-DESKTOP-PLAN.md to v5.8 with the qtdeclarative
qfeatures.h fix and the new safe cleanup script.
- Add --address=unix:path=/run/dbus/system_bus_socket to dbus-daemon args
- Add before = ["13_redbear-sessiond.service"] for strict ordering
- Fixes redbear-sessiond "failed to read from socket" errors
- Add x11proto to redbear-full.toml package list
- libxau recipe updated with x11proto dependency and custom build script
- Fixes libxau build failure: 'Package xproto was not found'
TLC (Twilight Commander) was missing from both ISO configs. Added
tlc = {} to [packages] in redbear-mini.toml and redbear-full.toml.
Created missing symlink: recipes/tui/tlc -> ../../local/recipes/tui/tlc.
The build-redbear.sh script was applying patches from local/patches/ to
recipes/core/{kernel,base,relibc,installer}/source/ via apply_patch_dir().
For path= (local fork) components, recipes/core/<comp>/source is a SYMLINK
to local/sources/<comp>. The patches went through the symlink and modified
the fork directly — re-adding old code like SchedPolicy that was already
removed from the fork.
This was the root cause of the kernel source reversion bug that caused
intermittent build failures (V157, V159): old patches re-applying stale
code to the synced fork through symlinks.
Fix:
- Remove apply_patch_dir calls for kernel, base, relibc, installer
(all use path= local fork model — changes are committed to the fork)
- Keep apply_patch_dir for bootloader (still uses git= + patches)
- Remove stash_nested_repo_if_dirty for relibc (no patches to stash)
- Update verify-overlay-integrity.sh expected patch symlinks
- Update apply-patches.sh to not create kernel/base patch symlinks
- Fix 005-qtbase signature marker (wrong path: libs → wip/qt)
- Remove 78 old patch symlinks from recipes/core/kernel/ (cleanup)
The preflight validate-source-trees.py was blocking development builds
with 'To restore: ./local/scripts/restore-sources.sh --release=<release>'
because the source/ trees for 17 core recipes (base, kernel, etc.) are
gitignored and only auto-fetched on demand by `repo cook`.
This worked correctly for release mode (REDBEAR_RELEASE=...) where
sources are immutable and pre-extracted, but blocked every dev build.
Now:
- RELEASE mode: full strict validation, sources must be pre-extracted
- Development mode: validation skipped, repo cook auto-fetches sources
This is the documented Red Bear OS policy (see AGENTS.md:
Build flow: 'make all CONFIG_NAME=redbear-full' calls repo cook which
fetches sources from git/tar URLs)
The build was failing at verify-overlay-integrity.sh with:
ERROR: dangling patch symlink: recipes/core/base/redox.patch -> .../local/patches/base/redox.patch
ERROR: missing critical patch: local/patches/base/redox.patch
The mega-patch (100MB+) was gitignored and got lost, while the
dangling symlink at recipes/core/base/ is leftover infrastructure.
The base recipe (recipes/core/base/recipe.toml) does NOT reference
redox.patch - it uses individual P*.patch files (P0-P9). The mega-patch
was abandoned 2026-04-30 in favor of ~100 individual patches.
Changes:
- Remove dangling recipes/core/base/redox.patch symlink
- Update verify-overlay-integrity.sh to drop obsolete references
(redox.patch in base) and consolidate redbear-live-full into the
current critical configs list
- Remove 'local/patches/base/redox.patch' from .gitignore (it is gone
for good; never resurrect the mega-patch approach)
- Document NEVER-GITIGNORE-CRITICAL-INFRASTRUCTURE policy in AGENTS.md
(replaces the obsolete 'Large Patch Files' section that described
the now-removed chunks/reassembly approach)
- Add Linux reference tree migration note (2.1GB tree should eventually
be tracked via sparse submodule or gitea mirror)
check-unwired-patches.sh: scans local/patches/ for .patch files not
referenced in any recipe.toml patches = [...] array. Detects 262
unwired patches (most intentionally kept for reference/rebase).
P2-rebrand-start-message.patch: minimal 39-line patch changing
'Redox OS starting' to 'RedBear OS starting' in x86_64, aarch64,
and riscv64 arch start files. Wired into kernel recipe after
P8-msi.patch. Verified: make r.kernel builds with all 3 patches.
Build system issues surfaced by the detector:
- 250+ kernel individual patches kept for reference (absorbed/)
- ~50 base individual patches — many intentionally unwired
- ~30 relibc patches — may need wiring into relibc recipe
- build-system patches applied by scripts, not recipes
Add redbear-usb-storage-check in-guest binary that validates USB mass
storage read and write I/O: discovers /scheme/disk/ devices, writes a
test pattern to sector 2048, reads it back, verifies match, restores
original content. Updates test-usb-storage-qemu.sh with write-proof
verification step.
Includes all accumulated Red Bear OS work: kernel patches, relibc
patches, driver infrastructure, DRM/GPU, KDE recipes, firmware,
validation tooling, build system hardening, and documentation.