Per the Phase 1.0 audit (local/docs/PATCH-PRESERVATION-AUDIT-2026-07-12.md)
no part of the build system was checking that patches listed in
local/patches/<comp>/ had actually been absorbed into the
local/sources/<comp>/ fork's working tree.
This commit adds a tool that audits every Cat 2 fork and reports any
patches whose content is not present in the fork HEAD. The tool is
located at local/scripts/verify-patch-content.{sh,py} and follows the
existing local/scripts/ convention (shell wrapper delegating to
Python implementation).
Audit method:
1. For each .patch in local/patches/<comp>/:
- Extract target file from ---/+++ headers
- Extract first 5 added lines (+ markers)
- Check substring presence in fork HEAD version
2. If 0/5 added lines found, patch is 'orphaned'
Current state (after Phase 1.0A recovery):
- 251 patches total, 155 preserved, 96 still orphaned
- The remaining orphans are patches where the upstream file structure
has shifted too far for patch(1) to apply — those need
upstream-tracking upgrade, deferred to Phase 2.
Usage:
./local/scripts/verify-patch-content.sh (report)
./local/scripts/verify-patch-content.sh --strict (exit 1 on orphans)
./local/scripts/verify-patch-content.sh base kernel (specific forks)
Wired in via build-preflight.sh in the next commit (Phase 1.0B cont.).
This closes the 'silent patch loss' gap identified in the audit.
Honest documentation of the actual state of collision detection:
- Init-service path collisions: WORKING via lint-config
- Package-vs-config runtime collision detection: NOT implemented
(no code anywhere emits the [COLLISION-ERROR] markers
that validate-collision-log.sh looks for)
- Recipe installs manifest: limited utility because no recipe
currently declares installs
Phase 1 follow-up: implement runtime collision detection in
local/sources/installer/src/ to match the broken AGENTS.md
promise (already updated in the prior commit).
Phase 0 stop-the-bleeding fixes:
1. ROOT COOKBOOK VERSION DRIFT (G2)
Cargo.toml was at 0.2.5 while branch is 0.3.1. Now matches.
Added inline comment explaining the sync-versions.sh invariant
to prevent the next fork bump from re-introducing drift.
2. SILENT TODO FALLBACK (G3)
src/cook/package.rs:199 used .unwrap_or("TODO".into()) which
emitted literal "TODO" into pkgar metadata when a recipe had
no parseable version. Now fails fast with a precise error
message that names the offending recipe and suggests a fix.
Replaces silent metadata lie with actionable diagnostic.
3. CARGO.LOCK DRIFT (G1)
After 0.3.0 -> 0.3.1 fork version sync, four Cargo.lock files
were regenerated to match the new +rb0.3.1 suffix:
- root Cargo.lock
- local/sources/libredox/Cargo.lock
- local/sources/userutils/Cargo.lock
- local/sources/base/Cargo.lock (also accumulated bytemuck
and bytemuck_derive patch bumps as a side effect)
- local/sources/bootloader/Cargo.lock
- local/sources/installer/Cargo.lock
Used 'cargo generate-lockfile' per fork with their path-dep
+ [patch.crates-io] config preserved. Verified each lockfile
now contains the correct Cat 2 fork versions matching their
Cargo.toml at +rb0.3.1.
4. BOOTLOADER VERSION OVERSIGHT
local/sources/bootloader/Cargo.toml was still at
1.0.0+rb0.3.0 after sync-versions.sh --check passed for
everything else. Manual fix applied. Also regenerated its
Cargo.lock to match.
5. COLLISION DETECTION HONESTY (G9)
AGENTS.md and local/AGENTS.md claimed a CollisionTracker
module existed in src/cook/collision.rs and was wired
through the installer at runtime. A whole-tree search
confirmed NO such code exists anywhere. Removed the false
promises and linked to local/docs/COLLISION-DETECTION-STATUS.md
which documents the actual current state (lint-config-only
init-service detection works; general package-vs-config
detection does NOT).
Verified:
- bash -n on all touched scripts: clean
- cargo check --bin repo: clean (redbear_cookbook v0.3.1 now)
- sync-versions.sh --check: clean (75 Cat 1 + 10 Cat 2)
- verify-fork-versions.sh: 1 pre-existing FAIL (bootloader
fork genuinely diverges from upstream tag 1.0.0 — out of
scope for Phase 0; documented for Phase 1 upgrade-forks work)
When the upstream commit hash of the claimed upstream tag has not changed
since the last successful verify, reuse the cached file list instead of
re-cloning and re-hashing from scratch. This makes the canonical preflight
fast on the common case where upstream didn't move.
Cache is stored in .redbear-fork-verify/<fork>-<tag>.fingerprint. Touched
only after a successful full content diff, so cache corruption is detected
on the next run (commit hash mismatch triggers fresh clone).
The verify-overlay-integrity.sh script is now active. It runs at the
start of canonical builds and auto-repairs via apply-patches.sh on
failure.
Restored missing symlinks for:
- recipes/core/base/redox.patch
- recipes/core/bootloader/redox.patch
- recipes/core/bootloader/P2-live-preload-guard.patch
- recipes/core/bootloader/P3-uefi-live-image-safe-read.patch
- recipes/wip/wayland/qt6-wayland-smoke (incorrect relative path)
Created empty stub at local/patches/base/redox.patch so the relibc/base
symlinks can be re-created by apply-patches.sh.
Overlay integrity now reports:
365 recipe symlinks, 0 broken
9 patch symlinks, 0 broken
9 critical patches, 0 missing
10 critical configs, 0 missing
CRITICAL: Add verify-fork-functions.sh — detects silent upstream code loss
from bad merges that file-level verification cannot catch. This is the
verification that would have caught the kfdwrite drop bug.
Wire it into build-preflight.sh (pre-build gate) and upgrade-forks.sh
(post-upgrade gate with automatic rollback on failure).
Fix upgrade-forks.sh:
- Fetch failures now abort instead of being silently swallowed
- Backup branch names include fork name + PID to prevent collisions
- Post-upgrade verification runs verify-fork-functions.sh and rolls
back if upstream functions are missing
Fix bump-fork.sh:
- Replace wrong 'git tag -e' with 'git rev-parse --verify refs/tags/'
- Clone failures now error explicitly instead of silent fallback
- Version sed uses proper regex escaping for + characters
- Atomic swap has rollback recovery if mv fails
- Instructions now mention fork-upstream-map.toml update
Fix sync-upstream.sh:
- Define PROJECT_ROOT before use (was crashing under set -u)
Fix build-preflight.sh:
- Add REDBEAR_SKIP_FUNCTION_CHECK gate for verify-fork-functions.sh
Kernel submodule pointer updated to 0.3.1 branch with kfdwrite restored.
- sync local harfbuzz/pango recipes to latest
- keep cairo/freetype2/glib/libxkbcommon local fork symlinks active
- keep mesa on 26.1.4 local recipe path
- include latest KDE/Plasma app versions and recent media/lib updates
- drop obsolete/unapplied Redox platform patches 03/06/07
- keep only patches that still apply cleanly (01/02/04/05)
- switch non-existent platform 'redox' to upstream-supported wayland + egl-native-platform=surfaceless
- replace removed gallium driver alias 'swrast' with softpipe,llvmpipe
Massive version jumps for image and TTF — 4+ years of accumulated fixes.
Both had no BLAKE3 hash originally (untracked). All tarballs re-downloaded
from https://www.libsdl.org/release/ and hashes verified.
Per user instruction — upgrade to latest. Redox mesa fork at redox-24.0
has no redox-26.0 branch; switched to tar-based upstream 26.1.4 with
Red Bear patches applied on top.
Patch dry-run results vs 26.1.4:
✅ 02-gbm-dumb-prime-export.patch
✅ 04-sys-ioccom-stub-header.patch
✅ 05-vk-sync-wchar-include.patch
🔴 01-virgl-redox-disk-cache.patch (hunk #1 FAIL at 1054)
🔴 03-platform-redox-gpu-probe.patch (8 hunks ignored)
🔴 06-redox-surface-image-fields.patch (hunk #1 FAIL at 333)
🔴 07-wayland-scanner-env-override.patch (hunk #1 FAIL at 1992)
Patches 01,03,06,07 require manual rebase — documented in recipe comment.
Added mesa to apply-patches.sh graphics symlinks for local fork tracking.
freeciv: latest stable release (game).
gstreamer: jumped 5 minor versions, needed for modern desktop audio/video
features.
nettle: 4.0 is the latest (2024-11 release), includes security fixes.
All current per https://invent.kde.org/ tags (live verification).
Per user instruction: 6 months old is already old — these packages
were 1.5+ years stale against latest. All tarballs re-downloaded,
BLAKE3 hashes verified.
iPerf3 3.21 is a bug fix release from July 2025.
rsync 3.4.4 is the latest 3.4.x maintenance release.
git 2.55.0 is the latest 2.55.x stable release, fixing 9+ years of CVEs
and bugs since the Red Bear build's 2.13.1 baseline. This is a security
critical upgrade.
All tarballs re-downloaded from upstream mirrors, BLAKE3 hashes
verified against downloaded files. Per user request: walk through ALL
recipes, not just graphics. This is the active build pipeline batch.
KF6 frameworks: 44 packages 6.27.0 → 6.28.0
- Verified live upstream at https://download.kde.org/stable/frameworks/6.28/
- All tarballs re-downloaded, BLAKE3 hashes computed
- 39 auto-updated via script, 5 hand-fixed (kded6, notifyconfig,
parts, pty, syntaxhighlighting) due to package-name variants
Local forks (CachyOS-stable):
- freetype2: 2.13.3 → 2.14.3
- libxkbcommon: 1.11.0 → 1.13.2
- glib: 2.87.0 → 2.89.1
Upstream recipes (gnome.org):
- harfbuzz: 11.0.1 → 14.2.1
- pango: 1.56.3 → 1.56.4
All tarballs re-downloaded from upstream mirrors, BLAKE3 hashes
verified against the downloaded files. Each recipe updated with
new tar URL + BLAKE3 hash.
This is the first batch of the Round-2 comprehensive upgrade.
cstdlib/fstring.h file 'tostring' recipe was already at 1.19.1
(was a 404 from cairographics.org, kept at 1.18.4). cairo recipe
was already at 1.18.4 (latest).
Build verification pending via build-redbear.sh. Per user
request, will continue to walk ALL recipes for outdated versions.
- check-fork-drift.sh: compares each submodule HEAD against upstream/master,
reports behind/ahead counts, exits 1 if any fork exceeds threshold
- upgrade-forks.sh: fetches latest upstream, saves RB commits, resets to
upstream, cherry-picks RB patches with conflict handling and backups
- build-preflight.sh: wired drift check into preflight (threshold=50,
suppressible via REDBEAR_SKIP_DRIFT_CHECK=1)
- bootloader submodule pointer updated to latest upstream rebase
Bootloader fork rebase:
- Base changed from 0.1.0 pre-patched archive to upstream 1.0.0 tag (c7eeb9f)
- Applied 0001-redbear-local-forks.patch (Cargo.toml crate path redirects)
- Applied fix-uefi-alloc-panic.patch equivalents (4 panic!() -> graceful
error handling in src/main.rs)
- Applied P5-live-preload-cap-1gib.patch (1 GiB cap on live image preload)
- Skipped: P0 GPT partition scan (requires new module + integration),
P1 timeout/default-resolution, P2 live preload guard (subsumed by
panic fixes + cap), P3 live image safe read, P4 large ISO boot,
redox.patch — to be applied in dedicated rebase session.
firmware-loader/Cargo.toml: version 0.1.0 -> 0.3.0 (sync with other
Red Bear custom crates which are at 0.3.0).
fork-upstream-map.toml: bootloader back from PENDING_REBASE to 1.0.0
since the partial rebase matches upstream 1.0.0 content.
fork-upstream-map.toml: base restored to 'main' tracked (was correctly
tracked by build-redbear.sh).
Live upstream versions verified 2026-07-11:
- gnu-grep 3.12 (2025-04-10) -- https://ftp.gnu.org/gnu/grep/
- libsodium 1.0.22-stable (2026-07-08) -- https://download.libsodium.org/libsodium/releases/
- autoconf 2.73 (2026-03-20) -- https://ftp.gnu.org/gnu/autoconf/
Each recipe updated with new tar URL + BLAKE3 hash. Build-tool upgrades are
isolated from the fork content-verification system, so these are SAFE to
upgrade without the relibc-style risk.
diffutils was already at 3.12 (previously committed).
Also: fork-upstream-map.toml — bootloader flagged PENDING_REBASE
(2026-07-11 detection: 1.0.0 tag mismatch, fork based on 0.1.0 archive
not a true rebase — documented inline).
Context: A relibc fork check via cargo compare exposed that the fork
labeled 0.6.0 (matching a 2020-12-23 upstream tag) was on a
completely different codebase from upstream master. The fork was
imported as a snapshot. The verify-fork-versions.sh tool allowed
this because 'snapshot' mode skipped byte-for-byte content comparison.
Changes:
1. Remove 'snapshot = skip content check' behavior. All Cat 2 forks must
pass actual content comparison against their claimed upstream tag.
2. Add base to local/fork-upstream-map.toml so it's checked too (was missing).
Effect: Future 'fake version label' divergences (Cargo.toml says
version X but source content does not match upstream X) will be
caught by the preflight check instead of slipping through build.
Cherry-picked from Qt upstream (commit e488f852fa18c2afc2842a88eff8f66ad4105a45).
Original patch source:
https://download.qt.io/official_releases/qt/6.11/CVE-2026-6210-qtsvg-6.11.diff
Fix: Test types of nodes before downcasting them. A bad cast in
QSvgMarker::drawHelper led to endless recursion resulting in a heap
overflow. While fixing that, another similar case was also fixed.
The diffutils recipe only ran cookbook_configure but never actually
compiled or installed anything, leaving stage.tmp empty (4K). This
caused redbear-mini to fail with a 4.0K INCOMPLETE stage and no
diff/diff3 binaries in the final image.
Add the missing make and make install steps, matching the pattern
used by other autotools recipes (bison, findutils, etc.).