Files
RedBear-OS/scripts/patch-inclusion-gate.sh
vasilito a0244075e7 build system audit: implement Phase 1-3 fixes comprehensively
Phase 1 (Critical):
- Fix broken config includes: redbear-minimal -> redbear-mini in wifi/bt experimental configs
- Fix 05_boot-essential.target dependency: 00_base -> 04_drivers for correct boot ordering
- Fix IOMMU service dependency: 00_base -> 05_boot-essential
- Fix firmware-loader dependency: 00_base -> 05_boot-essential
- Fix messagebus shell: /usr/bin/zsh -> /usr/bin/false (security)
- Add offline gate to fetch-firmware.sh (REPO_OFFLINE=1 blocks network access)
- Add --upstream gate to fetch-all-sources.sh (network access requires explicit opt-in)
- Gate U-Boot wget calls in mk/qemu.mk with REPO_OFFLINE check
- Fix patch-inclusion-gate.sh: rewrite from Python deps to pure shell implementation
- Fix build-redbear.sh: remove direct patch application, let repo fetch handle it atomically

Phase 2 (High):
- Increase redbear-full filesystem_size: 4096 -> 8192 MiB for KDE desktop
- Deprecate redbear-greeter-services.toml (orphaned, not included by any config)
- Add cascade rebuild target to Makefile (make cascade.<package>)
- Gate cargo-update.sh with REDBEAR_ALLOW_UPSTREAM
- Add deprecation notice to apply-patches.sh
- Make protected recipe list data-driven via config/protected-recipes.toml
- Replace 127-entry hardcoded Rust matches! with TOML config file reader

Phase 3 (Medium):
- Fix 5 phantom doc references in local/AGENTS.md (retired/removed docs)
- Fix stale config names: redbear-minimal -> redbear-mini across scripts
- Fix duplicate references in docs/README.md
- Fix run_full.sh and run_mini.sh: hardcoded paths -> relative paths + error handling
2026-05-28 17:24:50 +03:00

56 lines
2.0 KiB
Bash
Executable File

#!/usr/bin/env bash
# patch-inclusion-gate.sh — block image creation unless Red Bear patches are wired.
#
# Verifies that:
# 1. Every patch file referenced in recipe.toml exists on disk
# 2. Every patch file in local/patches/ is wired into at least one recipe
#
# Public scripts that create harddrive images or live ISOs must call this before
# invoking `make all`, `make live`, or a direct image target.
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
cd "$PROJECT_ROOT"
if [ "${REDBEAR_SKIP_PATCH_INCLUSION_GATE:-0}" = "1" ]; then
echo "WARNING: REDBEAR_SKIP_PATCH_INCLUSION_GATE=1; patch inclusion gate bypassed" >&2
exit 0
fi
errors=0
# Check 1: every patch referenced in recipe.toml must exist on disk
while IFS= read -r recipe_toml; do
recipe_dir="$(dirname "$recipe_toml")"
patch_list=$(grep -oP 'patches\s*=\s*\[([^\]]*)\]' "$recipe_toml" 2>/dev/null | grep -oP '"[^"]+\.patch"' | tr -d '"' || true)
for patch_name in $patch_list; do
patch_path="$recipe_dir/$patch_name"
if [ ! -f "$patch_path" ]; then
echo "ERROR: $recipe_toml references '$patch_name' but file not found at $patch_path" >&2
errors=$((errors + 1))
fi
done
done < <(find recipes local/recipes -name "recipe.toml" -not -path "*/source/*" 2>/dev/null)
# Check 2: every patch in local/patches/ should be wired into at least one recipe
while IFS= read -r patch_file; do
patch_name=$(basename "$patch_file")
component=$(basename "$(dirname "$patch_file")")
wired=$(grep -rl "\"$patch_name\"" recipes/ local/recipes/ --include="recipe.toml" 2>/dev/null | head -1 || true)
if [ -z "$wired" ]; then
echo "WARNING: local/patches/$component/$patch_name is not wired into any recipe.toml" >&2
fi
done < <(find local/patches -name "*.patch" -type f 2>/dev/null)
if [ "$errors" -gt 0 ]; then
echo "ERROR: $errors patch reference(s) broken. Fix before building." >&2
exit 1
fi
echo ">>> Patch inclusion gate passed"