vasilito/RedBear-OS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2e764746e738eafeb1921bb300134584465441de
RedBear-OS/recipes/core/base/recipe.toml
T
vasilito 2e764746e7 feat: build system hardening — collision detection, validation gates, init path enforcement 
5-phase hardening to prevent silent file-layer collisions (the D-Bus
regression class):

Phase 1: lint-config-paths.sh + make lint-config in depends.mk
Phase 2: CollisionTracker in installer (content-hash comparison)
Phase 3: installs manifests in recipe.toml + validate-file-ownership.sh
Phase 4: validate-init-services.sh + make validate in disk.mk
Phase 5: documentation (AGENTS.md, BUILD-SYSTEM-HARDENING-PLAN.md)

Both redbear-mini and redbear-full build and validate clean.
66 declared install paths in base, zero conflicts.
2026-05-03 22:25:22 +01:00

214 lines
6.5 KiB
TOML
Raw Blame History

[source]
git = "https://gitlab.redox-os.org/redox-os/base.git"
rev = "463f76b9608a896e6f6c9f63457f57f6409873c7"
patches = [
"P0-daemon-fix-init-notify-unwrap.patch",
"P0-workspace-add-bootstrap.patch",
"P0-init-continuous-scheduling.patch",
# TODO: P1 patches (11) exist in local/patches/base/ but need rebase
# after redox.patch removal. ACPI (5), PCI/IRQ (3), xHCI (3) — 1144 lines.
# P1-acpid-acpi-core.patch
# P1-acpid-ec-runtime.patch
# P1-acpid-power-enumeration.patch
# P1-acpid-runtime-hardening.patch
# P1-acpid-scheme-surface.patch
# P1-pcid-uevent-surface.patch
# P1-pci-irq-wave1-3.patch
# P1-pci-irq-wave1-5.patch
# P1-xhcid-device-lifecycle.patch
# P1-xhcid-port-pm-read-fix.patch
# P1-xhcid-uevent-logging.patch
# TODO: P5 patches (2) exist in local/patches/base/ but need rebase.
# P5-init-daemon-panic-hardening.patch
# P5-init-supervisor-restart.patch
"P2-i2c-gpio-ucsi-drivers.patch",
"P9-fix-so-pecred.patch",
"P3-inputd-keymap-bridge.patch",
"P3-ps2d-led-feedback.patch",
"P3-usbhidd-hardening.patch",
"P3-init-colored-output.patch",
"P4-logd-persistent-logging.patch",
"P4-acpi-shutdown-hardening.patch",
"P4-acpi-s3-sleep.patch",
"P4-initfs-usb-drm-services.patch",
"P4-initfs-network-services.patch",
"P4-initfs-getty-services.patch",
"P4-initfs-dbus-services.patch",
"P4-fbcond-scrollback.patch",
"P4-thermal-daemon.patch",
"P4-thermald-workspace.patch",
]
[package]
installs = [
"/lib/pcid.d/ac97d.toml",
"/lib/pcid.d/e1000d.toml",
"/lib/pcid.d/ihdad.toml",
"/lib/pcid.d/ihdgd.toml",
"/lib/pcid.d/ixgbed.toml",
"/lib/pcid.d/rtl8139d.toml",
"/lib/pcid.d/rtl8168d.toml",
"/lib/pcid.d/vboxd.toml",
"/lib/pcid.d/virtio-netd.toml",
"/lib/pcid.d/xhcid.toml",
"/usr/bin/audiod",
"/usr/bin/dhcpd",
"/usr/bin/dw-acpi-i2cd",
"/usr/bin/gpiod",
"/usr/bin/i2cd",
"/usr/bin/i2c-gpio-expanderd",
"/usr/bin/i2c-hidd",
"/usr/bin/inputd",
"/usr/bin/intel-gpiod",
"/usr/bin/ipcd",
"/usr/bin/netstack",
"/usr/bin/pcid",
"/usr/bin/pcid-spawner",
"/usr/bin/ptyd",
"/usr/bin/redoxerd",
"/usr/bin/smolnetd",
"/usr/bin/ucsid",
"/usr/lib/drivers/ac97d",
"/usr/lib/drivers/amd-mp2-i2cd",
"/usr/lib/drivers/e1000d",
"/usr/lib/drivers/ihdad",
"/usr/lib/drivers/ihdgd",
"/usr/lib/drivers/intel-lpss-i2cd",
"/usr/lib/drivers/intel-thc-hidd",
"/usr/lib/drivers/ixgbed",
"/usr/lib/drivers/rtl8139d",
"/usr/lib/drivers/rtl8168d",
"/usr/lib/drivers/sb16d",
"/usr/lib/drivers/thermald",
"/usr/lib/drivers/usbctl",
"/usr/lib/drivers/usbhidd",
"/usr/lib/drivers/usbhubd",
"/usr/lib/drivers/usbscsid",
"/usr/lib/drivers/vboxd",
"/usr/lib/drivers/virtio-gpud",
"/usr/lib/drivers/virtio-netd",
"/usr/lib/drivers/xhcid",
"/usr/lib/init.d/00_base.target",
"/usr/lib/init.d/00_ipcd.service",
"/usr/lib/init.d/00_pcid-spawner.service",
"/usr/lib/init.d/00_ptyd.service",
"/usr/lib/init.d/00_sudo.service",
"/usr/lib/init.d/00_tmp",
"/usr/lib/init.d/05_boot_essential.target",
"/usr/lib/init.d/10_dhcpd.service",
"/usr/lib/init.d/10_net.target",
"/usr/lib/init.d/10_smolnetd.service",
"/usr/lib/init.d/12_boot_late.target",
"/usr/lib/init.d/12_dbus.service",
"/usr/lib/init.d/13_seatd.service",
"/usr/lib/init.d/13_sessiond.service",
"/usr/lib/init.d/20_audiod.service",
"/usr/lib/init.d/29_activate_console.service",
"/usr/lib/init.d/30_console.service",
"/usr/lib/init.d/30_thermald.service",
"/usr/lib/init.d/31_debug_console.service",
]
[build]
template = "custom"
script = """
mkdir -pv "${COOKBOOK_STAGE}/usr/bin"
for package in audiod ipcd ptyd dhcpd; do
"${COOKBOOK_CARGO}" build \
--manifest-path "${COOKBOOK_SOURCE}/${package}/Cargo.toml" \
--target "${TARGET}" \
${build_flags}
cp -v \
"target/${TARGET}/${build_type}/${package}" \
"${COOKBOOK_STAGE}/usr/bin/${package}"
done
"${COOKBOOK_CARGO}" build \
--manifest-path "${COOKBOOK_SOURCE}/netstack/Cargo.toml" \
--target "${TARGET}" \
${build_flags}
cp -v \
"target/${TARGET}/${build_type}/netstack" \
"${COOKBOOK_STAGE}/usr/bin/netstack"
cp -v \
"target/${TARGET}/${build_type}/netstack" \
"${COOKBOOK_STAGE}/usr/bin/smolnetd"
# Drivers that are built on all architectures, and NOT in drivers-initfs
BINS=(
gpiod
i2c-gpio-expanderd
intel-gpiod
amd-mp2-i2cd
dw-acpi-i2cd
e1000d
ihdad
ihdgd
i2c-hidd
intel-thc-hidd
intel-lpss-i2cd
ixgbed
pcid
pcid-spawner
rtl8139d
rtl8168d
usbctl
usbhidd
thermald
usbhubd
ucsid
usbscsid
virtio-gpud
virtio-netd
xhcid
i2cd
inputd
redoxerd
)
# Add additional drivers to the list to build, that are not in drivers-initfs
# depending on the target architecture
case "${TARGET}" in
i586-unknown-redox | i686-unknown-redox | x86_64-unknown-redox)
BINS+=(ac97d sb16d vboxd)
;;
*)
;;
esac
#Build each driver in the list
mkdir -pv "${COOKBOOK_STAGE}/usr/bin" "${COOKBOOK_STAGE}/usr/lib/drivers"
export CARGO_PROFILE_RELEASE_OPT_LEVEL=s
export CARGO_PROFILE_RELEASE_PANIC=abort
# Only build drivers that actually have source Cargo.toml entries
EXISTING_BINS=()
for bin in "${BINS[@]}"
do
if grep -Rqs "^name = \\\"${bin}\\\"$" "${COOKBOOK_SOURCE}"; then
EXISTING_BINS+=("${bin}")
fi
done
"${COOKBOOK_CARGO}" build ${build_flags} \
--manifest-path "${COOKBOOK_SOURCE}/Cargo.toml" \
--target "${TARGET}" \
$(for bin in "${EXISTING_BINS[@]}"; do echo "-p" "${bin}"; done)
for bin in "${EXISTING_BINS[@]}"
do
if [[ "${bin}" == "gpiod" || "${bin}" == "i2c-gpio-expanderd" || "${bin}" == "intel-gpiod" || "${bin}" == "i2cd" || "${bin}" == "dw-acpi-i2cd" || "${bin}" == "i2c-hidd" || "${bin}" == "inputd" || "${bin}" == "pcid" || "${bin}" == "pcid-spawner" || "${bin}" == "redoxerd" || "${bin}" == "ucsid" ]]; then
cp -v "target/${TARGET}/${build_type}/${bin}" "${COOKBOOK_STAGE}/usr/bin"
else
cp -v "target/${TARGET}/${build_type}/${bin}" "${COOKBOOK_STAGE}/usr/lib/drivers"
fi
done
mkdir -pv "${COOKBOOK_STAGE}/lib/pcid.d"
find "${COOKBOOK_SOURCE}/drivers" -maxdepth 3 -type f -name 'config.toml' | while read conf
do
driver="$(basename "$(dirname "$conf")")"
cp -v "$conf" "${COOKBOOK_STAGE}/lib/pcid.d/$driver.toml"
done
mkdir -pv "${COOKBOOK_STAGE}/usr/lib/init.d"
cp -v "${COOKBOOK_SOURCE}/init.d"/* "${COOKBOOK_STAGE}/usr/lib/init.d/"
"""
Reference in New Issue View Git Blame Copy Permalink