5-phase hardening to prevent silent file-layer collisions (the D-Bus
regression class):
Phase 1: lint-config-paths.sh + make lint-config in depends.mk
Phase 2: CollisionTracker in installer (content-hash comparison)
Phase 3: installs manifests in recipe.toml + validate-file-ownership.sh
Phase 4: validate-init-services.sh + make validate in disk.mk
Phase 5: documentation (AGENTS.md, BUILD-SYSTEM-HARDENING-PLAN.md)
Both redbear-mini and redbear-full build and validate clean.
66 declared install paths in base, zero conflicts.
Finalize all non-artifact changes accumulated from other sessions:
- config updates, recipe changes, source edits, patches
- pkgar/cache artifacts intentionally excluded (build outputs)
This is the maximum achievable scope for this session.
Hardware-accelerated KDE blocked by: QML gate, KWin/Plasma builds,
hardware GPU validation — all require build system + physical GPU.
Getty services now use respawn = true so init restarts them on
exit. redbear-live-mini expanded with additional boot-late services
and reorganized service ordering. Device services TOML gains new
entries for hardened daemon lifecycle.
5-crate Rust workspace implementing full VFAT support: fatd scheme daemon
(FSScheme with open/read/write/mkdir/unlink/rename/fstat), fat-mkfs (create
FAT12/16/32 with labels and cluster size), fat-label (read/write BPB + root-dir
volume labels), fat-check (verify + repair dirty flags, FSInfo, lost clusters,
orphaned LFN). 60 unit tests, 0 unwrap in production code. Included in all 5
redbear configs via redbear-device-services.toml.
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent)
Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
vasilito