Files
RedBear-OS/local/docs/CONFIG-AND-INIT-ASSESSMENT.md
T
vasilito e289904852 docs: add 8 comprehensive audit/assessment documents (7500+ lines total)
- STUBS-AUDIT-AND-REWRITE-PLAN.md: master plan, 20 drivers audited
- USB-STUBS-AUDIT.md: USB stack focus, xhcid/usbhubd/usbctl/usbhidd/usbscsid/ucsid
- HID-STUBS-AUDIT.md: HID focus, usbhidd/i2c-hidd/intel-thc-hidd/ps2d/inputd/evdevd
- LOWLEVEL-STUBS-AUDIT.md: ACPI/PCI/IRQ/IOMMU/boot/init, 50+ row coverage
- BOOT-AND-HW-ENABLEMENT-ASSESSMENT.md: kernel to display chain, NO VESA policy
- DESKTOP-SERVICES-ASSESSMENT.md: D-Bus, session, audio, network
- CONFIG-AND-INIT-ASSESSMENT.md: configs, init.d, recipes, layering
- GPU-MESA-KDE-CHAIN-ASSESSMENT.md: Mesa to Plasma build chain

These documents track the v6.0 stub-fix campaign and the comprehensive
Phase 1-5 implementation work. All cited paths and line numbers are
real. Documents are durable in local/docs/ which survives make distclean.
2026-06-09 12:06:18 +03:00

60 KiB
Raw Blame History

Config and Init Sequence Assessment — CONFIG → INIT → SERVICES

Scope: Red Bear OS config hierarchy, init.d service files, recipe integration, installer file layering, mounts, D-Bus, boot logs, and quirk files for the redbear-full boot path targeting Wayland/SDDM/KDE on QEMU (with extensions to bare metal).

Assessment date: 2026-06-09 Source baseline: redbear-0.1.0 (Redox snapshot at build-system commit f55acba68) Toolchain: Rust nightly (edition 2024), cookbook in src/cook/, installer fork in local/sources/installer/, init fork in local/sources/base/init/.

Executive Summary

  • Config hierarchy issues found: 12
  • Init sequence issues found: 9
  • Recipe integration issues found: 14
  • File ownership / collision issues found: 11
  • Estimated time to fix: 35 weeks (one developer), or 23 weeks (two developers in parallel)
  • Phase blockers:
    1. libxkbcommon and xkeyboard-config are referenced in redbear-full.toml but no recipe exists outside recipes/wip/ (which is NOT in the include chain). The SDDM and KWin services will fail to find XKB data and the KWIN_DRM_DEVICES/XKB_CONFIG_ROOT environment variables point at paths that will be empty.
    2. The base recipe's init.d/ directory stages 9 services to /usr/lib/init.d/ that depend on 00_pcid-spawner.service, but the redbear configs replace that with 00_driver-manager.service in /etc/init.d/. Because init reads from BOTH directories and the base versions are in /usr/lib/init.d/ (lower priority but still loaded), the base 10_smolnetd.service waits for a non-existent pcid-spawner — networking on redbear-full can deadlock on first boot.
    3. The redbear-meta umbrella package declares dependencies for packages not yet present in its own recipe source tree (e.g. redox-driver-sys, linux-kpi, amdgpu); the dependency graph works at the cookbook level but the recipe assumes a stable set of forks that are not in local/sources/.
    4. kwin is enabled in the package list but its build script disables 11 of its 12 main features (autostart, screenlocker, tabbox, globalshortcuts, runners, notifications, activities, eis, kcms, x11, x11_backend) — the binary will be a degenerate compositor that SDDM cannot drive into a real KDE session.
    5. amdgpu = "ignore" and libdisplay-info = "ignore", libxcvt = "ignore", lcms2 = "ignore" reduce the desktop surface to a partial build; KWin depends on all four.

Per-Area Assessment

1. Config Hierarchy

redbear-full.toml (663 lines)

  • Includes: redbear-mini.toml only (line 17). No reference to redbear-greeter-services.toml (which is correctly deprecated per its own header). The "wall of overrides" pattern is intentional, but the missing redbear-grub-policy.toml means redbear-full cannot be combined with redbear-grub cleanly — this is acceptable because redbear-grub.toml itself only includes redbear-mini.toml.
  • Packages: 88+ packages declared, see Section 3 for the per-package audit. Two packages do not exist: libxkbcommon and xkeyboard-config (lines 7879).
  • Users: [users.messagebus], [users.root], [users.user], [users.greeter], [users.sddm] defined (lines 22545). All are created by the installer in local/sources/installer/src/installer.rs:329-334 and written to /etc/passwd, /etc/shadow, /etc/group (lines 348-373). UID/GID conflicts: [users.messagebus] uses uid=100 / gid=100 (line 23-24), and [users.sddm] uses uid=102 / gid=102 (line 540-541). No conflict; this is correct.
  • Groups: [groups.greeter], [groups.sddm], [groups.sudo], [groups.user], [groups.messagebus] (lines 547-565). No issues, but [groups.user] declares members = ["user"] (line 560) — note that [users.user] is the canonical user record, and the group here is identical to the user's primary group. Redundant but harmless.
  • Files ([[files]]): 32 entries (counted). Eighteen of them are at /etc/init.d/ (paths to override the base recipe's /usr/lib/init.d/ versions — correct per the build-system-hardening-plan). All override paths are at /etc/init.d/, none are at /usr/lib/init.d/, so the make lint-config rule will pass.
  • Includes chain depth: 4 (redbear-full → redbear-mini → minimal → base). No circular references — verified by walking the includes manually.

redbear-mini.toml (550 lines)

  • Includes: minimal.toml, redbear-legacy-base.toml, redbear-netctl.toml, redbear-device-services.toml, redbear-boot-stages.toml (line 12). Plus the same base dep chain as redbear-full.
  • Packages: Includes all redbear-* system packages. 29 of them. No missing recipes.
  • Init.d files: 13 entries. 13_seatd.service is a no-op echo (line 388-397) — this is intentional for the text-only target. 13_redbear-sessiond.service, 13_iommu.service, 13_redbear-keymapd.service etc. mirror the redbear-full chain.
  • Boot stages: Inherits from redbear-boot-stages.toml which defines the 00/02/04/06/08 target chain (lines 19-109 of redbear-boot-stages.toml). All target names match the redbear-full consumers (verified by grep on the chain).

redbear-grub.toml (16 lines)

  • Includes: redbear-mini.toml and redbear-grub-policy.toml (line 9).
  • Override: bootloader = "grub", efi_partition_size = 16 (lines 12-13).
  • Packages: Adds only grub (line 16). No conflicts.
  • Risk: This config does not extend redbear-mini with the desktop packages. It is a deliberate text-only target. If someone tries to add a desktop package to this config, they will likely also need to include a fragment with init.d/SDDM wiring.

Includes — resolved targets

Include Resolved path Exists Lines
redbear-mini.toml /home/kellito/Builds/RedBear-OS/config/redbear-mini.toml 550
minimal.toml /home/kellito/Builds/RedBear-OS/config/minimal.toml 56
base.toml /home/kellito/Builds/RedBear-OS/config/base.toml 319
redbear-legacy-base.toml /home/kellito/Builds/RedBear-OS/config/redbear-legacy-base.toml 49
redbear-netctl.toml /home/kellito/Builds/RedBear-OS/config/redbear-netctl.toml 106
redbear-device-services.toml /home/kellito/Builds/RedBear-OS/config/redbear-device-services.toml 602
redbear-boot-stages.toml /home/kellito/Builds/RedBear-OS/config/redbear-boot-stages.toml 109
redbear-grub-policy.toml /home/kellito/Builds/RedBear-OS/config/redbear-grub-policy.toml 9
redbear-greeter-services.toml /home/kellito/Builds/RedBear-OS/config/redbear-greeter-services.toml ✓ (deprecated) 129

No circular references detected. The redbear-greeter-services.toml file is correctly marked as deprecated in its own header (lines 1-6); it is no longer included in any active config.

Service list consistency

Services declared in redbear-full.toml and their binary presence (verified by recipe existence + staged binary check):

Service file (config) Recipe Binary built by recipe Notes
/etc/init.d/00_firmware-loader.service recipes/system/firmware-loaderlocal/recipes/system/firmware-loader /usr/bin/firmware-loader OK
/etc/init.d/05_boot-essential.target n/a (target only) n/a OK
/etc/init.d/10_redox-drm.service recipes/gpu/redox-drmlocal/recipes/gpu/redox-drm /usr/bin/redox-drm OK
/etc/init.d/12_dbus.service recipes/system/dbuslocal/recipes/system/dbus /usr/bin/dbus-daemon OK
/etc/init.d/13_iommu.service recipes/system/iommulocal/recipes/system/iommu /usr/bin/iommu OK
/etc/init.d/13_redbear-sessiond.service recipes/system/redbear-sessiondlocal/recipes/system/redbear-sessiond /usr/bin/redbear-sessiond OK
/etc/init.d/13_seatd.service recipes/system/seatdlocal/recipes/system/seatd /usr/bin/seatd OK
/etc/init.d/13_redbear-keymapd.service recipes/system/redbear-keymapdlocal/recipes/system/redbear-keymapd /usr/bin/redbear-keymapd OK
/etc/init.d/13_redbear-ime.service recipes/system/redbear-imelocal/recipes/system/redbear-ime redbear-ime OK
/etc/init.d/13_redbear-accessibility.service recipes/system/redbear-accessibilitylocal/recipes/system/redbear-accessibility redbear-accessibility OK
/etc/init.d/14_redbear-upower.service recipes/system/redbear-upowerlocal/recipes/system/redbear-upower redbear-upower OK
/etc/init.d/14_redbear-udisks.service recipes/system/redbear-udiskslocal/recipes/system/redbear-udisks redbear-udisks OK
/etc/init.d/14_redbear-polkit.service recipes/system/redbear-polkitlocal/recipes/system/redbear-polkit redbear-polkit OK
/etc/init.d/11_redbear-authd.service recipes/system/redbear-authdlocal/recipes/system/redbear-authd /usr/bin/redbear-authd OK
/etc/init.d/12_sddm.service recipes/kde/sddmlocal/recipes/kde/sddm /usr/bin/sddm OK
/etc/init.d/30_console.service recipes/core/coreutils/etc. getty, sh OK
/etc/init.d/31_debug_console.service recipes/core/coreutils/etc. getty OK

User/group list consistency

User UID GID Home Shell Created by installer
root 0 0 (default) /usr/bin/zsh yes (installer.rs:329)
user 1000 1000 /home/user /usr/bin/zsh yes
messagebus 100 100 /nonexistent /usr/bin/false yes
greeter 101 101 /var/lib/sddm /usr/bin/zsh yes
sddm 102 102 /var/lib/sddm /usr/bin/nologin yes

/home/user is created by the config file entry at redbear-full.toml:653-657 (Layer 3 post-install). sddm user's home /var/lib/sddm is NOT explicitly created in the config — SDDM's first boot will create it, but it should be pre-created.

Issue M-1 (medium): /var/lib/sddm and /var/lib/sddm/.config are not pre-created in redbear-full.toml — SDDM's first-run expects to write config files there.

2. Init.d Service Files

Services that should be in init.d but aren't

Service Why it should exist Where referenced
13_redbear-notifications.service The redbear-full.toml package list includes redbear-notifications (line 81) but no init.d entry starts it. The D-Bus .service activation file in redbear-dbus-services/files/session-services/org.freedesktop.Notifications.service will be activated by D-Bus when the desktop session starts, but only if a session bus is up.
13_redbear-greeter.service (or 12_greeter.service) The deprecated redbear-greeter-services.toml (line 64-82) had a 12_greeter.service invoking /usr/bin/redbear-greeterd. This was inlined into redbear-full.toml at lines 449-467 as 12_sddm.service — but the chain to the active greeter is by-passed when SDDM is configured.
13_kded6.service kf6-kded6 is a package but no init.d entry starts kded6 at system level. KDE's session daemons (kglobalacceld, kded6) are typically started by the session manager (ksmserver) when the user logs in. This is the normal design, not a bug.

Service file path correctness

  • All 18 service file entries in redbear-full.toml use /etc/init.d/ paths. No service file is at /usr/lib/init.d/ in the config (the lint check would catch this).
  • The base recipe's init.d/ directory is staged to /usr/lib/init.d/ (see recipes/core/base/recipe.toml:122-127: cp -v "${COOKBOOK_SOURCE}/init.d"/* "${COOKBOOK_STAGE}/usr/lib/init.d/").
  • Per local/sources/base/init/src/main.rs:66 and local/sources/base/config/src/lib.rs:31-36, init reads BOTH directories and /etc/init.d/ wins for any filename conflict. So overrides work correctly.

Service dependencies declared

The redbear-full chain has 19 service files. Their requires_weak graph is:

00_base.target (from base/init.d/00_base.target, present in /usr/lib/init.d/)
  ├── 00_acpid.service (from redbear-device-services.toml:327-336)
  ├── 00_driver-manager.service (from redbear-device-services.toml:443-455)
  │     └── 02_early_hw.target (from redbear-boot-stages.toml:19-27)
  │           └── 04_drivers.target (from redbear-boot-stages.toml:42-50)
  │                 ├── 12_dbus.service (redbear-full.toml:299-313)
  │                 ├── 06_services.target
  │                 │     ├── 12_boot-late.target (redbear-mini.toml:317-325)
  │                 │     │     └── 08_userland.target (redbear-mini.toml:539-549)
  │                 │     └── 11_redbear-authd.service (redbear-full.toml:433-446)
  │                 └── 13_redbear-sessiond.service (redbear-full.toml:315-327)
  │                       └── 13_seatd.service (redbear-full.toml:329-343)
  │
  ├── 00_firmware-loader.service (redbear-full.toml:244-256)
  │     └── 05_boot-essential.target
  │
  └── 10_redox-drm.service (redbear-full.toml:283-297)
        └── 12_sddm.service (redbear-full.toml:448-467)

Issue H-1 (high): 10_redox-drm.service (line 290) requires 00_driver-manager.service, but its description says "if ! head -c 1 /scheme/drm/card0 >/dev/null 2>&1; then exec /usr/bin/redox-drm" — this means the service races the driver-manager to register the DRM scheme. If driver-manager starts redox-drm as a drivers.d match (per redbear-device-services.toml:218-229, the 30-graphics.toml override in redbear-full.toml:206-226), the exec /usr/bin/redox-drm in init.d will fail with "scheme already registered" — the current service body handles this with an echo, but the dependency is misleading.

Issue H-2 (high): 10_smolnetd.service (in redbear-mini.toml:119-131 at /etc/init.d/) requires 00_driver-manager.service, but the base recipe's init.d/10_smolnetd.service (/usr/lib/init.d/) at /home/kellito/Builds/RedBear-OS/recipes/core/base/init.d/10_smolnetd.service:6 requires 00_pcid-spawner.service. Two files with the same name in both directories. Per config_for_dirs precedence, the /etc/init.d/ wins — good. But the base package staging DOES place 00_pcid-spawner.service and 10_smolnetd.service (the base version) into /usr/lib/init.d/. After install, init sees:

  • /usr/lib/init.d/00_pcid-spawner.service (no override exists, will run)
  • /etc/init.d/00_driver-manager.service (will run)
  • /usr/lib/init.d/10_smolnetd.service (overridden by redbear-mini in /etc/init.d/)
  • /etc/init.d/10_smolnetd.service (wins, uses driver-manager)

The 00_pcid-spawner.service will start pcid-spawner (a binary that exists in /usr/bin/pcid-spawner). The redbear-OS design replaces this with driver-manager, but the base recipe still installs the pcid-spawner binary and service file. Both run in parallel — driver-manager will not collide with pcid-spawner because the base pcid-spawner and the new driver-manager both want PCI bus access. Likely runtime conflict on the PCI scheme.

Issue H-3 (high): 10_dhcpd.service (redbear-mini.toml:133-146) is wired to /etc/init.d/10_dhcpd.service and requires 10_smolnetd.service. The base recipe's init.d/10_dhcpd.service at /home/kellito/Builds/RedBear-OS/recipes/core/base/init.d/10_dhcpd.service is at /usr/lib/init.d/. Both exist; the /etc/init.d/ wins. OK.

Issue M-2 (medium): 12_sddm.service (redbear-full.toml:448-467) requires both 13_seatd.service AND 11_redbear-authd.service AND 13_redbear-sessiond.service. The dependency graph is sound, but SDDM activates the user session via PAM, not via init services, so the KWIN_DRM_DEVICES env var set in the init.d block (line 444) is only present in SDDM's environment, not the user session.

Issue M-3 (medium): 13_redbear-keymapd.service, 13_redbear-ime.service, 13_redbear-accessibility.service all require 10_evdevd.service (lines 354, 368, 382). evdevd is started in redbear-mini.toml:343-355. The chain works only if evdevd is up before the keymap/IME/accessibility daemons start. No default_dependencies = false is set, so default ordering applies. OK.

Issue L-1 (low): The 99_kwin_test.service (redbear-full.toml:516-529) is a debug service that runs KWin directly with LIBSEAT_BACKEND=seatd and various debug env vars. Its presence in the production config is a smell — this is a developer debugging tool, not a service.

Issue L-2 (low): The 99_diag_serial.service (redbear-full.toml:499-514) writes a serial marker. Useful for diagnostic, not a service. The CI=1 make all documentation in the AGENTS.md does not mention how to disable this for production.

Services that start but their dependencies haven't

Service Required by Status
redox-drm (via 10_redox-drm.service or drivers.d/30-graphics.toml) KWin, SDDM Detected via head -c 1 /scheme/drm/card0 — if absent, service exits cleanly. OK.
pcid-spawner (base /usr/lib/init.d/00_pcid-spawner.service) base 10_smolnetd.service Both pcid-spawner AND driver-manager will run. Whichever registers scheme:pci first wins. The base service is "type = oneshot" — it exits after binding. driver-manager is "type = oneshot_async" — it stays running. No collision on the scheme registration, but redundant PCI enumeration.
00_pcid-spawner.service is deprecated by the redbear config. The override does not include /etc/init.d/00_pcid-spawner.service — so pcid-spawner still runs from /usr/lib/init.d/.

3. Recipe Integration

Recipes in redbear-full.toml that don't exist

Package Line Issue Status
libxkbcommon 78 No recipe outside recipes/wip/libs/other/libxkbcommon/ MISSING — REQUIRED for KWin and SDDM
xkeyboard-config 79 No recipe outside recipes/wip/x11/xkeyboard-config/ MISSING — REQUIRED for SDDM XKB_CONFIG_ROOT=/usr/share/X11/xkb

Recipes with unresolvable dependencies

Recipe Declared dep Issue
local/recipes/kde/sddm/recipe.toml:11-28 kf6-extra-cmake-modules, kf6-kwindowsystem, kf6-ki18n, etc. All present in local/recipes/kde/. OK.
local/recipes/kde/kwin/recipe.toml:8-53 qt5compat (line 12) No qt5compat recipe in recipes/qt/ or local/recipes/qt/. KWin build will fail at the qt5compat dependency check.
local/recipes/kde/kwin/recipe.toml:9-10 qtbase, qtdeclarative OK.
local/recipes/kde/kwin/recipe.toml:34 kf6-kdeclarative OK (in redbear-full.toml line 113).
local/recipes/system/redbear-sessiond/recipe.toml:3 patches = ["../../../../local/patches/redbear-sessiond/P4-signal-implementations.patch"] The local/patches/ directory is historical-only per AGENTS.md (Build System Safety). The patch must be applied as a git commit in local/sources/redbear-sessiond/ or removed in favor of a direct edit.
local/recipes/system/redbear-meta/recipe.toml:51-64 redbear-release, redox-driver-sys, linux-kpi, redbear-iwlwifi, redbear-firmware, redox-drm, amdgpu, firmware-loader, redbear-wifictl, evdevd, udev-shim The recipe says path = "source" but the source/ directory under local/recipes/system/redbear-meta/ contains only .gitkeep — this is a meta-package with no source. The dependencies field is cookbook-level. OK as long as those packages are also in the package list of the consuming config (they are).
local/recipes/system/redbear-firmware/recipe.toml:8-43 wget linux-firmware at build time This is a build-time fetch. Per AGENTS.md, "fetch-firmware.sh" is a manual-only script. Embedding wget in the recipe is a silent upstream pull during build and a policy violation.

Recipes with version mismatches

Recipe Version Source state
local/recipes/kde/sddm/recipe.toml:5-7 sddm.git rev = "bc9eee8280275723767213220e88f6b14157ba1f" Pinned. OK.
local/recipes/kde/kwin/recipe.toml:2-4 kwin-v6.3.4.tar.gz blake3 = "2aa1e234..." Pinned. OK.
local/recipes/system/dbus/recipe.toml:2-4 dbus-1.16.2.tar.xz Pinned. OK.
local/recipes/system/seatd/recipe.toml:1-3 seatd-0.9.1.tar.gz Pinned. OK.
local/recipes/wayland/libwayland/recipe.toml:4-5 wayland-1.24.0.tar.xz Pinned. OK.
local/recipes/kde/kglobalacceld/recipe.toml:1-2 kglobalacceld-v6.0.0.tar.gz Pinned. OK.
local/recipes/kde/kf6-kded6/recipe.toml:1-2 kded-v6.10.0.tar.gz Pinned. OK.
local/recipes/kde/sddm/recipe.toml:6-7 rev = "bc9eee8280275723767213220e88f6b14157ba1f" Pinned. OK.

No version mismatches detected (all are pinned tarballs or git revisions with a blake3/rev field).

Recipes with unsupported build templates

All recipes use cargo, meson, cmake, make, configure, or custom templates. The custom template is the most common for the local KDE/Qt recipes. All supported by the cookbook.

Recipes that don't exist in the cookbook include path

libxkbcommon and xkeyboard-config (per Section 3 above) are the only missing recipes. Other notable observations:

  • relibc-phase1-tests is referenced as relibc-phase1-tests = {} in redbear-full.toml:164. The recipe exists at local/recipes/tests/relibc-phase1-tests/recipe.toml and is symlinked to recipes/tests/relibc-phase1-tests. The cookbook looks up recipes by name across all categories, so this resolves correctly. Verified by find — symlink chain intact.

Recipe scripts that are policy violations

  • local/recipes/system/redbear-firmware/recipe.toml:8-43 — embedded wget against https://gitlab.com/kernel-firmware/linux-firmware/-/archive/main/linux-firmware-main.tar.gz. This is a silent upstream pull at build time and contradicts the project's no-silent-upstream-pulls policy. Per the project policy, firmware should be fetched via local/scripts/fetch-firmware.sh (manual-only) and committed to local/firmware/.

  • local/recipes/kde/kwin/recipe.toml:79-95 — the build script uses sed to rewrite CMakeLists.txt files to comment out or relax required dependencies (Canberra, UiTools, killer helper). The script also defines a SUN_LEN macro via inline shell append and adds F_ADD_SEALS defines to relibc's fcntl.h. These are stub-avoidance patches applied at build time — they bypass real dependency resolution. The AGENTS.md "Zero tolerance for stubs" policy says stubs are not allowed, but the same policy says "implement the missing functionality" rather than disable features. KWin disables 11 of 12 features in the cmake configure step (lines 154-165). The result is a real KWin binary but with most features disabled — not a stub, but a degraded build.

  • local/recipes/kde/sddm/recipe.toml:48-71 — the build script uses sed to remove required find_package calls (XCB, XKB, LIBXAU) and removes XAuth.cpp from the build. This is functional (SDDM ships without X11) but it relies on remove-x11user-helper.py and wayland-patch.sh to keep the build from failing. Acceptable for a Wayland-only build, but couples the recipe tightly to upstream SDDM's code layout.

4. Installer File Layering

Layer order in install_dir

Per local/sources/installer/src/installer.rs:230-270:

Layer 1: config [[files]] with !postinstall (pre-install, e.g. /etc/skel)
Layer 2: package staging (cookbook repo apply)
Layer 3: config [[files]] with postinstall = true (post-install)
Layer 4: user/group creation (passwd, shadow, group)

The collision tracker at local/sources/installer/src/collision.rs:132-171 detects when package staging overwrites a Layer 1 file with different content. Init-service collisions are always errors; other collisions warn by default.

Silent overwrites (Layer 2 overwrites Layer 1)

Config Layer 1 path Package Layer 2 file Action
/etc/init.d/00_base.service (redbear-legacy-base.toml:14) base /usr/lib/init.d/00_base.service (not the same path) OK — different paths, both readable by init
/etc/init.d/12_dbus.service (redbear-full.toml:300, redbear-mini.toml:373) base /usr/lib/init.d/12_dbus.service OK — different paths
/etc/init.d/13_seatd.service (redbear-full.toml:330, redbear-mini.toml:388) base /usr/lib/init.d/13_seatd.service OK — different paths
/etc/init.d/10_smolnetd.service (redbear-mini.toml:120) base /usr/lib/init.d/10_smolnetd.service OK — different paths
/etc/init.d/10_dhcpd.service (redbear-mini.toml:134) base /usr/lib/init.d/10_dhcpd.service OK — different paths
/etc/init.d/30_console.service (redbear-full.toml:470, redbear-mini.toml:512) base /usr/lib/init.d/30_console.service OK — different paths
/etc/init.d/31_debug_console.service (redbear-full.toml:485, redbear-mini.toml:526) base /usr/lib/init.d/31_debug_console.service OK — different paths
/etc/init.d/29_activate_console.service (redbear-mini.toml:497) base /usr/lib/init.d/29_activate_console.service OK — different paths
/etc/init.d/20_audiod.service (redbear-legacy-base.toml:25-35) base /usr/lib/init.d/20_audiod.service OK — different paths

All init.d overrides are at /etc/init.d/ and the base recipe stages at /usr/lib/init.d/. The init system reads both directories and /etc/init.d/ takes precedence (per local/sources/base/config/src/lib.rs:31-36). No silent overwrites for init services.

However, the base services still load from /usr/lib/init.d/ because both directories are read. This is by design but causes the dual-pcid-spawner/driver-manager issue (Section 2, Issue H-2).

Init service collisions

None. The CollisionTracker::is_init_service_path (collision.rs:73-77) returns true for any path containing /init.d/ with .service or .target extension. Since the config paths are /etc/init.d/ and package paths are /usr/lib/init.d/, no path collision occurs (different prefixes).

Recommendations

  1. Remove the base /usr/lib/init.d/00_pcid-spawner.service and 10_smolnetd.service from being staged. Since the redbear configs override both with 00_driver-manager.service and 10_smolnetd.service (driver-manager dep), the base versions are dead code that wastes init cycles and risks PCI scheme double-registration. This requires either editing the base recipe's recipe.toml to remove those two paths from the installs list (lines 39-77), or adding /etc/init.d/00_pcid-spawner.service as a no-op echo (overrides the base version with an inert service).
  2. Same recommendation for 13_seatd.service in redbear-mini — the no-op echo at redbear-mini.toml:388-397 correctly overrides, but the base staged service still loads first per init.d scan order — actually no, per the comment in collision.rs, /etc/init.d/ wins because it's listed second in init/src/main.rs:66. Verified.
  3. Convert all base /usr/lib/init.d/ to /etc/init.d/ no-op overrides for redbear-full. Less confusing, smaller collision surface.

5. Mounts and Directories

Sysroot mount

The installer reads the config and stages all files into a single output directory, then assembles it into a redoxfs or ext4 image. There is no runtime mount — the initrd/initfs loads the rootfs and switches to it via init (local/sources/base/init/src/main.rs:51-66).

  • Initfs is staged at /scheme/initfs/ (the prefix argument to switch_root).
  • Rootfs is at /scheme/redox/ (mounted by redoxfs started by local/sources/base/init.initfs.d/50_rootfs.service).
  • After switchroot, init reads from /usr/lib/init.d/ and /etc/init.d/.

/etc/passwd, /etc/shadow, /etc/group generation

Per local/sources/installer/src/installer.rs:329-373:

  • Users are formatted as username;uid;gid;name;home;shell\n and written to /etc/passwd (no mode set, defaults to whatever the FS defaults are).
  • Shadow entries are username;password_hash\n to /etc/shadow with mode = 0o0600.
  • Group entries are name;x;gid;members\n to /etc/group with mode = 0o0600.

Issue M-4 (medium): /etc/passwd is created with default file mode (typically 0o644), not 0o0644. While shadow and group are restricted, passwd is world-readable by default. Acceptable on Redox (no multi-user), but standard practice is 0o0644.

Issue M-5 (medium): The prepare_user_home function (installer.rs:378-425) only runs for users with uid >= 1000. The greeter and sddm users (uid 101, 102) will NOT get their home directory created. SDDM expects /var/lib/sddm to exist before it starts. Currently relies on SDDM's first-boot behavior, but this is fragile.

Issue M-6 (medium): [users.greeter] has home = "/var/lib/sddm" and [users.sddm] has home = "/var/lib/sddm" — two different users pointing to the same home directory. The greeter user's home is /var/lib/sddm but the greeter user runs as greeter:greeter (uid 101, gid 101), while sddm user owns the directory (uid 102, gid 102). Permission conflict likely.

/var/log permissions

  • Base config config/base.toml:246-251: /var/log mode = 0o755.
  • Override config/redbear-legacy-base.toml:40-44: /var/log mode = 0o1777 (sticky bit, world-writable). This is correct for a multi-user system where logd runs as root but other daemons may need to write to it.
  • redbear-full.toml does not override this, so redbear-legacy-base's 0o1777 is inherited. OK.

/var/run permissions

  • Base config config/base.toml:252-256: /var/run mode = 0o755.
  • Override config/redbear-legacy-base.toml:46-50: /var/run mode = 0o1777.
  • Same pattern as /var/log. OK.

/run/dbus and /var/lib/dbus

  • redbear-mini.toml:471-481 creates /var/lib/dbus and /run/dbus with mode = 0o755. These are needed for D-Bus to write its machine-id and socket.
  • redbear-full.toml does NOT redeclare these — relies on redbear-mini inheritance. OK.

/var/lib/sddm

Not pre-created by any config. The sddm user and greeter user expect to write to /var/lib/sddm (greeter's home). SDDM's first-boot must create this.

Issue H-4 (high): The redbear-greeter script in local/recipes/system/redbear-greeter/source/ installs to /usr/share/redbear/greeter/, not /var/lib/sddm/. SDDM's first run will create /var/lib/sddm/.config/sddm.conf.d/, but the redbear-greeter assets (background, icon) live elsewhere. SDDM will need a custom theme installed to /usr/share/sddm/themes/ (or similar).

6. D-Bus Configuration

/etc/dbus-1/system.conf and session.conf

These are NOT installed by any of the redbear configs. D-Bus is built from local/recipes/system/dbus/recipe.toml (1.16.2 with the redox.patch). The meson build installs default config to /etc/dbus-1/system.conf and /etc/dbus-1/session.conf as part of the meson install step.

Issue M-7 (medium): redbear-full.toml:300-313 invokes dbus-daemon --system --nopidfile but the default system.conf is installed by the dbus package itself. There's no redbear- override for /etc/dbus-1/system.conf in any config. The package-staged version wins. The default dbus config points at the system bus socket /run/dbus/system_bus_socket and /var/run/dbus/system_bus_socket — Redox uses /run/dbus/system_bus_socket (the env var is set in redbear-full.toml:647-651).

/usr/share/dbus-1/system-services/

Installed by the redbear-dbus-services package at local/recipes/system/redbear-dbus-services/recipe.toml:5-16:

  • org.freedesktop.login1.service/usr/bin/redbear-sessiond (line 1 of file)
  • org.freedesktop.UPower.service/usr/bin/redbear-upower
  • org.freedesktop.PolicyKit1.service/usr/bin/redbear-polkit
  • org.freedesktop.UDisks2.service/usr/bin/redbear-udisks

/usr/share/dbus-1/session-services/

Installed by the same recipe:

  • org.kde.kded6.service/usr/bin/kded6 (note the TODO comment — kded6 is not built; the binary is staged by kf6-kded6 recipe)
  • org.kde.kglobalaccel.service/usr/bin/kglobalaccel
  • org.kde.JobViewServer.service → not present in local/recipes/system/redbear-dbus-services/files/session-services/
  • org.kde.ksmserver.service → not present
  • org.kde.ActivityManager.service → not present
  • org.freedesktop.Notifications.service/usr/bin/redbear-notifications
  • org.freedesktop.StatusNotifierWatcher.service/usr/bin/redbear-statusnotifierwatcher

Issue M-8 (medium): 3 of the 7 expected session service files are missing (JobViewServer, ksmserver, ActivityManager). The KDE session depends on org.kde.ksmserver.service for session management. Without it, KWin can start but the KDE session cannot.

/etc/dbus-1/system.d/

Installed by redbear-dbus-services:

  • org.freedesktop.PolicyKit1.conf
  • org.freedesktop.UDisks2.conf
  • org.freedesktop.login1.conf (allows root + introspectable/properties/Manager/Session/Seat)
  • org.freedesktop.UPower.conf

These are the policy files that allow users to talk to the system bus services. The D-Bus activation will refuse connections to these names without these files.

7. Boot Logs and Crash Recovery

logd configuration

logd runs in initfs (local/sources/base/init.initfs.d/00_logd.service). It serves /scheme/log — every daemon's stdout/stderr is mirrored to it. Logs are buffered in memory and written to /scheme/log (a virtual scheme that the kernel can read).

Issue H-5 (high): The base initfs is loaded into ramfs. Logs from initfs daemons are lost when initfs unmounts (during switch_root). The redox-logd is a ring buffer in /scheme/log; when the system transitions to rootfs, the logd instance is re-started (per local/sources/base/init/src/main.rs:128-129: "Start logd first such that we can pass /scheme/log as stdio to all other services"). The new logd starts fresh. Logs from initfs boot are not preserved to rootfs.

This is by design (initfs is small) but the 99_diag_serial.service (line 499-514) is the workaround — it echoes a "BOOT_COMPLETE_SERIAL_MARKER" after 30_console.service and 31_debug_console.service start. Useful for QEMU with -serial stdio, but not on bare metal without serial.

Console output during boot

  • 20_vesad.service (in initfs) — boots a VESA framebuffer for early text.
  • 20_fbcond.service (initfs) — sets up the framebuffer console.
  • 30_console.service (rootfs) — runs getty 2 on VT2.
  • 31_debug_console.service (rootfs) — runs getty on the debug scheme.

The chain works, but 30_console.service (rootfs, redbear-full.toml:469-482) runs sh -c "sleep 0.2; exec getty 2". The 0.2-second sleep is a magic number — likely to let the previous init services settle.

Crash recovery

  • No /etc/issue or /etc/motd defined in redbear-full.toml (those are in redbear-mini.toml:148-176, postinstall).
  • No core_pattern is set. The kernel's redoxfs does not have a core dump facility (per the kernel fork in local/sources/kernel/).
  • redbear-crash-recovery does not exist as a recipe.

Issue M-9 (medium): No crash recovery infrastructure. KWin crashing means the user sees a black screen with no log path. The 99_kwin_test.service is the only diagnostic surface, and it requires manual inspection of the serial output.

8. Quirk Files

TOML quirk files installed

redbear-quirks recipe at local/recipes/system/redbear-quirks/recipe.toml:1-15 copies *.toml from quirks.d/ to ${COOKBOOK_STAGE}/etc/quirks.d/. 30 TOML files are present (per find output, 30 files in quirks.d/). The recipe's glob ("${COOKBOOK_SOURCE}/quirks.d/"*.toml) catches all of them.

Issue L-3 (low): The redbear-quirks recipe does NOT have a [package.files] section declaring the install path. The build script does cp to ${COOKBOOK_STAGE}/etc/quirks.d/ which puts them in the sysroot. The recipe does not declare any installs = [...] entries, so validate-file-ownership.sh won't see the declarations. Per the AGENTS.md note: "No recipes declare installs yet."

Default quirk set

The 30 TOML files in local/recipes/system/redbear-quirks/source/quirks.d/ cover:

  • 00-core.toml — base quirks
  • 05-pcie-quirks.toml, 06-pci-header-quirks.toml, 07-pci-final-quirks.toml — PCIe/PCI
  • 10-gpu.toml — GPU quirks
  • 15-audio.toml — audio
  • 20-usb.toml, 25-xhci.toml — USB
  • 30-net.toml, 30-storage.toml — networking, storage
  • 35-clocksource.toml, 35-storage-extended.toml — clocksource, storage
  • 40-hid.toml, 40-storage.toml — input, storage
  • 45-acpi-osi.toml, 46-acpi-sleep.toml, 47-acpi-button.toml, 48-acpi-battery.toml — ACPI
  • 50-drm-panel.toml, 50-system.toml — DRM panel
  • 55-chipset-early.toml, 55-network.toml — chipset, network
  • 60-i2c-hid.toml, 60-usb-audio.toml — I2C HID, USB audio
  • 65-iommu-amd.toml — AMD IOMMU
  • 70-ucsi.toml — UCSI (USB-C)
  • 80-platform-x86.toml — platform x86
  • 90-cpu-bugs.toml — CPU bugs
  • 95-mtrr-deferred.toml, 99-bootparams-deferred.toml — MTRR, boot params

These are loaded by redox-driver-sys (per the redox-driver-sys recipe's source src/quirks/). No init.d service is required — the driver infrastructure reads them at driver load time.

Loading at startup

Quirks are loaded by the driver daemons, not by init. No init.d entry is needed. OK.

Cross-Cutting Issues

Service Order for KDE Wayland Login

For Wayland/SDDM/KDE to work, services must start in this order:

Phase 1 (initfs):
  00_logd.service           ← base/init.initfs.d
  00_clock.service          ← base/init.initfs.d
  00_zerod.service          ← base/init.initfs.d
  00_nulld.service          ← base/init.initfs.d
  00_randd.service          ← base/init.initfs.d
  10_inputd.service         ← base/init.initfs.d
  10_lived.service          ← base/init.initfs.d
  20_vesad.service          ← base/init.initfs.d
  20_fbcond.service         ← base/init.initfs.d
  20_fbbootlogd.service     ← base/init.initfs.d
  20_graphics.target        ← base/init.initfs.d
  30_acpid.service          ← base/init.initfs.d
  40_ps2d.service           ← base/init.initfs.d
  40_bcm2835-sdhcid.service ← base/init.initfs.d (only on aarch64 raspi3b)
  40_hwd.service            ← base/init.initfs.d
  40_pcid-spawner-initfs.service ← base/init.initfs.d
  40_drivers.target         ← base/init.initfs.d
  50_rootfs.service         ← base/init.initfs.d
  90_initfs.target          ← base/init.initfs.d

Phase 2 (rootfs):
  00_base.service           ← redbear-legacy-base.toml (Layer 1 pre-install)
  00_base.target            ← base/init.d (already started)
  00_ipcd.service           ← base/init.d
  00_ptyd.service           ← base/init.d
  00_acpid.service          ← redbear-device-services.toml
  00_sudo.service           ← base/init.d
  00_rtcd.service           ← redbear-device-services.toml
  00_driver-manager.service ← redbear-device-services.toml
  02_early_hw.target        ← redbear-boot-stages.toml
  04_drivers.target         ← redbear-boot-stages.toml
  00_firmware-loader.service ← redbear-full.toml (early)
  00_gpiod.service          ← redbear-mini.toml
  00_i2cd.service           ← redbear-mini.toml
  00_ucsid.service          ← redbear-mini.toml
  02_serial_early_hw.service ← redbear-boot-stages.toml (serial marker)
  04_serial_drivers.service ← redbear-boot-stages.toml
  05_boot-essential.target  ← redbear-full.toml
  10_evdevd.service         ← redbear-mini.toml
  10_redox-drm.service      ← redbear-full.toml
  10_smolnetd.service       ← redbear-mini.toml (driver-manager dep)
  10_dhcpd.service          ← redbear-mini.toml
  10_ps2d.service           ← redbear-device-services.toml
  10_i2c-hidd.service       ← redbear-device-services.toml
  11_udev.service           ← redbear-mini.toml
  11_wifictl.service        ← redbear-mini.toml
  11_redbear-authd.service  ← redbear-full.toml
  12_boot-late.target       ← redbear-mini.toml
  12_dbus.service           ← redbear-full.toml
  12_sddm.service           ← redbear-full.toml (depends on drm, evdevd, dbus, sessiond, seatd, authd)
  13_seatd.service          ← redbear-full.toml
  13_redbear-sessiond.service ← redbear-full.toml
  13_iommu.service          ← redbear-full.toml
  13_redbear-keymapd.service ← redbear-full.toml
  13_redbear-ime.service    ← redbear-full.toml
  13_redbear-accessibility.service ← redbear-full.toml
  14_redbear-upower.service ← redbear-full.toml
  14_redbear-udisks.service ← redbear-full.toml
  14_redbear-polkit.service ← redbear-full.toml
  06_services.target        ← redbear-boot-stages.toml
  06_serial_services.service ← redbear-boot-stages.toml
  08_userland.target        ← redbear-mini.toml
  08_serial_userland.service ← redbear-boot-stages.toml
  20_audiod.service         ← redbear-legacy-base.toml
  29_activate_console.service ← redbear-mini.toml
  30_console.service        ← redbear-full.toml
  31_debug_console.service  ← redbear-full.toml
  99_diag_serial.service    ← redbear-full.toml
  99_kwin_test.service      ← redbear-full.toml (DEBUG ONLY)

For each step in the SDDM-activating chain:

  1. logd ✓ (in initfs)
  2. pcid/driver-manager ✓ (Phase 2, rootfs)
  3. D-Bus system bus ✓ (Phase 2)
  4. seatd ✓ (Phase 2)
  5. redbear-sessiond ✓ (Phase 2)
  6. redbear-authd ✓ (Phase 2)
  7. evdevd, redox-drm, dbus, sessiond, seatd, authd all up ✓
  8. SDDM (12_sddm.service) ✓ — requires 13_seatd and 11_redbear-authd
  9. SDDM activates KDE via the user session

The chain is structurally correct. All service files exist; all binaries are built by their recipes. The risk is:

  • redox-drm failing to register scheme:drm/card0 because driver-manager started it first (per the lib/drivers.d/30-graphics.toml rule in redbear-device-services.toml:218-229).
  • KWin failing to find XKB data because libxkbcommon and xkeyboard-config are not in the build.
  • SDDM failing to find PAM modules because pam-redbear may not be in the build (verify: not referenced in redbear-full.toml).
  • D-Bus activation failing for org.kde.ksmserver.service (file is missing per Section 6).

Initfs vs Rootfs

What runs in initfs (per local/sources/base/init.initfs.d/):

  • 00_clock, 00_logd, 00_nulld, 00_randd, 00_zerod — system scheme daemons
  • 10_inputd, 10_lived — input daemon, lived (storage)
  • 20_vesad, 20_fbcond, 20_fbbootlogd — framebuffer + early console
  • 30_acpid — ACPI daemon
  • 40_bcm2835-sdhcid, 40_ps2d, 40_hwd — hardware detection
  • 40_pcid-spawner-initfs — PCI bus enumeration (initfs phase)
  • 50_rootfs — mounts rootfs
  • 90_initfs.target — final initfs target

What runs in rootfs:

  • All services in /etc/init.d/ and /usr/lib/init.d/.

Where the handoff happens:

  • 50_rootfs.service (initfs) runs redoxfs to mount the root filesystem.
  • After rootfs is mounted, init switches to root (switch_root in local/sources/base/init/src/main.rs:51-66).
  • The initfs becomes a memory-backed ramfs at /scheme/initfs/.

Is the handoff clean?

  • The ramfs at /scheme/initfs/ is mounted on the same root path, so logd can still write to /scheme/log after switchroot.
  • The init process is the same binary; it just changes its prefix.
  • All initfs services are NOT restarted — only rootfs services load.

Issue M-10 (medium): The initfs runs pcid-spawner (initfs variant) to bind PCI drivers. The rootfs then runs 00_pcid-spawner.service (or 00_driver-manager.service). The rootfs version re-runs the same PCI enumeration work. This is a known pattern (per the P26-driver-manager-initfs-conversion.patch in recipes/core/base/) but it means PCI devices are bound twice.

Implementation Roadmap

Phase 1: Fix Config Issues (12 days)

  1. Add libxkbcommon and xkeyboard-config recipes. Move them from recipes/wip/ to a new local/recipes/libs/ path. The wip recipes are already mostly complete; they need only to be linked from recipes/libs/libxkbcommon and recipes/libs/xkeyboard-config and tested in redbear-mini first. (Estimated: 1 day)

  2. Add [[files]] entries to redbear-full.toml for /var/lib/sddm directory creation with proper ownership (sddm:sddm, mode 0o755). (Estimated: 1 hour)

  3. Remove 99_kwin_test.service from redbear-full.toml or move it to a redbear-debug.toml fragment included only when DEBUG=1 is set. (Estimated: 1 hour)

  4. Add [users.greeter] home creation — modify the installer's prepare_user_home or add a config-driven home directory entry. (Estimated: 4 hours)

  5. Fix the redbear-meta source — the recipe is empty (only .gitkeep). Either delete the path = "source" line and make it a true meta-package with no source, or add a README + dependency manifest in source/. (Estimated: 2 hours)

Phase 2: Fix Init Sequence (1 week)

  1. Resolve the dual pcid-spawner / driver-manager issue.

    • Option A: Add a /etc/init.d/00_pcid-spawner.service no-op override in redbear-device-services.toml that echoes "pcid-spawner replaced by driver-manager" instead of starting pcid-spawner.
    • Option B: Edit the base recipe to NOT install 00_pcid-spawner.service to /usr/lib/init.d/ when building for redbear targets.
    • Recommended: Option B (less runtime confusion, smaller init.d scan).
    • (Estimated: 1 day)
  2. Same for 10_smolnetd.service and 10_dhcpd.service — the base versions in /usr/lib/init.d/ should not be staged. The redbear-mini /etc/init.d/ versions already use 00_driver-manager.service as the dep. (Estimated: 1 day)

  3. Add init.d entries for the redbear-notifications daemon that redbear-full.toml declares in the package list (line 81). The D-Bus activation file exists in redbear-dbus-services/files/session-services/, but it needs to be activated after 12_dbus.service and before any KDE session starts. (Estimated: 4 hours)

  4. Audit the init.d 11_redbear-authd.service and 13_redbear-sessiond.service ordering — authd currently depends only on 12_dbus.service, but it should also depend on 00_ipcd.service (PAM and credentials use IPC). The base 12_dbus.service already has requires_weak = ["00_ipcd.service"], so the chain works transitively, but it would be cleaner to be explicit. (Estimated: 1 hour)

  5. Add a redbear-validation-session init.d entry that runs after 12_sddm.service and logs KWin's first output to the serial console. (Estimated: 4 hours)

  6. Add 00_pci-spawner.service and 00_pcid-spawner.service removal in initfs — the initfs's 40_pcid-spawner-initfs.service is fine, but the rootfs 00_pcid-spawner.service should not be in the base install for redbear targets. (Estimated: 4 hours)

Phase 3: Fix Recipe Integration (12 weeks)

  1. Resolve the KWin qt5compat dependency — add a qt5compat recipe (likely from Qt6's compat module) or remove the dep from kwin's recipe if it's actually optional. (Estimated: 1 day)

  2. Convert the redbear-firmware recipe from a wget-based build to a manual fetch script. Either:

    • Bundle a small firmware subset (e.g. just amdgpu + i915) in local/recipes/system/redbear-firmware/source/, or
    • Use local/scripts/fetch-firmware.sh (manual) to populate local/firmware/ and have the recipe copy from there.
    • Per the AGENTS.md policy, this is a policy violation as it stands.
    • (Estimated: 2 days)
  3. Move the redbear-sessiond P4-signal-implementations.patch from local/patches/ to a direct commit in local/sources/redbear-sessiond/. The AGENTS.md says patches in local/patches/ are historical only. (Estimated: 2 hours)

  4. Re-enable KWin's disabled features in local/recipes/kde/kwin/recipe.toml one at a time, as the underlying dependencies (Canberra, kcms, etc.) are made available. Currently 11 of 12 features are disabled. The disabled features include:

    • KWIN_BUILD_KCMS=OFF — disables System Settings KCMs
    • KWIN_BUILD_SCREENLOCKER=OFF — disables screen locker
    • KWIN_BUILD_TABBOX=OFF — disables alt-tab switcher
    • KWIN_BUILD_GLOBALSHORTCUTS=OFF — disables kglobalacceld integration
    • KWIN_BUILD_RUNNERS=OFF — disables KRunner
    • KWIN_BUILD_NOTIFICATIONS=OFF — disables notification popups
    • KWIN_BUILD_ACTIVITIES=OFF — disables activities
    • KWIN_BUILD_EIS=OFF — disables input synthesis
    • KWIN_BUILD_AUTO_ROTATION=OFF — disables tablet auto-rotation
    • KWIN_BUILD_X11=OFF — X11 backend disabled (correct for Wayland-only)
    • KWIN_BUILD_X11_BACKEND=OFF — same (Estimated: 23 weeks, depending on deps)
  5. Add D-Bus session service files for org.kde.ksmserver, org.kde.JobViewServer, org.kde.ActivityManager. These are part of KDE Plasma and require the corresponding binaries (ksmserver, kuiserver, kactivitymanagerd). (Estimated: 1 day)

  6. Add pam-redbear to redbear-full.toml. Currently the SDDM recipe depends on it (line 27 of local/recipes/kde/sddm/recipe.toml), but the package is not in the active package list. (Estimated: 30 minutes if the recipe exists, longer if the recipe needs work.)

Testing Strategy

For each area, the following tests should be added to local/scripts/:

  1. Config validation:

    • Walk all config/redbear-*.toml files and confirm every include resolves.
    • Confirm every package in [packages] has a recipe under recipes/ or local/recipes/.
    • Confirm every user in [users] has a unique uid.
    • Confirm every service file in [[files]] at /etc/init.d/ has a binary that the recipe installs at the expected path.
    • Test: make lint-config CONFIG_NAME=redbear-full (already exists).
  2. Init sequence validation:

    • Walk all service files in /etc/init.d/ and /usr/lib/init.d/.
    • For each requires_weak, confirm the dependency service exists.
    • Detect cycles in the dependency graph.
    • Detect init services that exist in /usr/lib/init.d/ (base) but are overridden by config — print a warning so the conflict is intentional.
    • Test: make validate-init-services CONFIG_NAME=redbear-full (already exists).
  3. Recipe validation:

    • For each recipe in redbear-full.toml, run repo find <package> to confirm the build artifact exists in repo/.
    • Confirm cascade rebuild works for relibc, base, kernel.
    • Test: make validate-config CONFIG_NAME=redbear-full (already exists).
  4. D-Bus validation:

    • Boot redbear-full in QEMU, log in as root.
    • Run dbus-send --system --dest=org.freedesktop.DBus --type=method_call --print-reply /org/freedesktop/DBus org.freedesktop.DBus.ListNames.
    • Confirm org.freedesktop.login1, org.freedesktop.UPower, org.freedesktop.PolicyKit1, org.freedesktop.UDisks2 are in the list.
  5. Boot in QEMU:

    • make qemu CONFIG_NAME=redbear-full
    • Watch serial console for RB_STAGE_* markers (RB_STAGE_02_EARLY_HW, RB_STAGE_04_DRIVERS, RB_STAGE_06_SERVICES, RB_STAGE_08_USERLAND)
    • Confirm /scheme/drm/card0 is readable after 10_redox-drm.service runs.
    • Confirm dbus-send --system --print-reply ... ListNames returns the expected services.
    • Confirm seatd-cli -l info works.
    • Confirm SDDM greeter appears (if QEMU has a display).

Risk Assessment

Impact of shipping as-is

  • redbear-mini: Will boot to a text console login. Some base services (pcid-spawner, smolnetd, dhcpd) will load from /usr/lib/init.d/ with the base config (which uses 00_pcid-spawner.service as a dep). The redbear override also loads, so both versions of smolnetd and dhcpd are started. Likely a no-op (the second one finds the first's scheme already registered and exits). Some daemons in the base service list are unnecessary for mini (e.g. 00_ucsid.service requires USB-C hardware).
  • redbear-full: Will boot to a text console. SDDM and KWin will fail to start because libxkbcommon and xkeyboard-config are missing. Even if those were added, KWin is built with 11/12 features disabled, so the resulting desktop is minimal.
  • redbear-grub: Identical to redbear-mini but with GRUB bootloader. Same risks.

Minimum to make redbear-full boot to text login

  • Same as redbear-mini today. Already works (per the project status).

Minimum to make redbear-full boot to Wayland login

Required changes (in order):

  1. Add libxkbcommon and xkeyboard-config recipes (Phase 1, item 1).
  2. Add the recipes to the redbear-full package list (lines 78-79 already reference them; they just need to exist).
  3. Ensure pam-redbear is in the package list (currently not in redbear-full.toml).
  4. Ensure /var/lib/sddm is pre-created (Phase 1, item 2).
  5. Add org.kde.ksmserver.service and org.kde.JobViewServer.service to redbear-dbus-services/files/session-services/.
  6. Verify the SDDM greeter theme (mayagrid) is installed at /usr/share/sddm/themes/mayagrid/.
  7. Verify kwin_wayland exists in the image (built by the kwin recipe).
  8. Verify LIBSEAT_BACKEND=seatd is in the SDDM environment (currently set in 12_sddm.service envs block at line 465, but not propagated to the user session).
  9. Test in QEMU with -display gtk to see if Wayland renders.

Estimated: 1 week with 1 developer.

Appendix A: Grep Results

All init.d paths in redbear configs

$ grep -E 'init\.d' config/redbear-*.toml
config/redbear-full.toml:path = "/etc/init.d/00_firmware-loader.service"
config/redbear-full.toml:path = "/etc/init.d/05_boot-essential.target"
config/redbear-full.toml:path = "/etc/init.d/13_iommu.service"
config/redbear-full.toml:path = "/etc/init.d/10_redox-drm.service"
config/redbear-full.toml:path = "/etc/init.d/12_dbus.service"
config/redbear-full.toml:path = "/etc/init.d/13_redbear-sessiond.service"
config/redbear-full.toml:path = "/etc/init.d/13_seatd.service"
config/redbear-full.toml:path = "/etc/init.d/13_redbear-keymapd.service"
config/redbear-full.toml:path = "/etc/init.d/13_redbear-ime.service"
config/redbear-full.toml:path = "/etc/init.d/13_redbear-accessibility.service"
config/redbear-full.toml:path = "/etc/init.d/14_redbear-upower.service"
config/redbear-full.toml:path = "/etc/init.d/14_redbear-udisks.service"
config/redbear-full.toml:path = "/etc/init.d/14_redbear-polkit.service"
config/redbear-full.toml:path = "/etc/init.d/11_redbear-authd.service"
config/redbear-full.toml:path = "/etc/init.d/12_sddm.service"
config/redbear-full.toml:path = "/etc/init.d/30_console.service"
config/redbear-full.toml:path = "/etc/init.d/31_debug_console.service"
config/redbear-full.toml:path = "/etc/init.d/99_diag_serial.service"
config/redbear-full.toml:path = "/etc/init.d/99_kwin_test.service"

All init.d paths staged by base recipe

$ find recipes/core/base/init.d -type f
recipes/core/base/init.d/00_base.service  (config override target)
recipes/core/base/init.d/00_ipcd.service
recipes/core/base/init.d/00_pcid-spawner.service  (deprecated)
recipes/core/base/init.d/00_ptyd.service
recipes/core/base/init.d/00_sudo.service
recipes/core/base/init.d/00_tmp
recipes/core/base/init.d/10_dhcpd.service
recipes/core/base/init.d/10_net.target
recipes/core/base/init.d/10_smolnetd.service
recipes/core/base/init.d/12_dbus.service  (overridden in redbear-*)
recipes/core/base/init.d/12_sudo.service
recipes/core/base/init.d/13_seatd.service  (overridden in redbear-*)
recipes/core/base/init.d/20_audiod.service
recipes/core/base/init.d/29_activate_console.service
recipes/core/base/init.d/30_console.service
recipes/core/base/init.d/30_thermald.service
recipes/core/base/init.d/31_debug_console.service

requires_weak dependency graph (sample)

$ grep -h "requires_weak" config/redbear-full.toml | head -30

(Each service file is structured as [unit] description = ... requires_weak = [...].)

pcid-spawner vs driver-manager references

$ grep -n "00_driver-manager\|00_pcid-spawner" config/redbear-*.toml
config/redbear-device-services.toml:443:path = "/etc/init.d/00_driver-manager.service"
config/redbear-device-services.toml:525:requires_weak = ["00_driver-manager.service"]
config/redbear-device-services.toml:573:requires_weak = ["00_driver-manager.service"]
config/redbear-device-services.toml:585:requires_weak = ["00_driver-manager.service"]
config/redbear-device-services.toml:597:requires_weak = ["00_driver-manager.service"]
config/redbear-full.toml:290:    "00_driver-manager.service",
config/redbear-full.toml:454:    "00_driver-manager.service",
config/redbear-greeter-services.toml:71:    "00_driver-manager.service",
config/redbear-legacy-base.toml:6:# 00_pcid-spawner.service has been fully replaced by 00_driver-manager.service
config/redbear-mini.toml:31:# 00_driver-manager.service is defined in redbear-device-services.toml.
config/redbear-mini.toml:125:    "00_driver-manager.service",
config/redbear-mini.toml:334:    "00_driver-manager.service",
config/redbear-mini.toml:349:    "00_driver-manager.service",
config/redbear-mini.toml:364:    "00_driver-manager.service",
config/redbear-mini.toml:420:    "00_driver-manager.service",

Appendix B: File-by-file Line Counts

Config files

File Lines
config/redbear-full.toml 663
config/redbear-mini.toml 550
config/redbear-grub.toml 16
config/redbear-legacy-base.toml 49
config/redbear-netctl.toml 106
config/redbear-greeter-services.toml 129
config/redbear-grub-policy.toml 9
config/redbear-device-services.toml 602
config/redbear-boot-stages.toml 109
config/base.toml 319
config/minimal.toml 56
Total 2608

Recipe source fork files

File Lines
local/sources/installer/src/collision.rs 267
local/sources/installer/src/installer.rs 1460
local/sources/base/init/src/main.rs 184
local/sources/base/config/src/lib.rs 40
Total 1951

Init.d service files staged

Source Files
local/sources/base/init.initfs.d 21 (incl. ramfs@.service)
local/sources/base/init.d 10 (rootfs)
recipes/core/base/init.d 17 (rootfs, mainline)
recipes/core/base/init.initfs.d 21 (incl. 30_redox-drm.service, 45_usbscsid.service)
Total ~70 .service/.target files

Quirk files

File count 30 TOML files in local/recipes/system/redbear-quirks/source/quirks.d/

Recipe counts (3-level structure, recipe.toml at recipes/<cat>/<name>/recipe.toml)

Location Unique recipes
recipes/ (mainline) 241
local/recipes/ (Red Bear) 116
recipes/wip/ (WIP, NOT in redbear include chain) many
Total active ~357

KWin build features disabled (per local/recipes/kde/kwin/recipe.toml:154-165)

CMake variable Value Effect
KWIN_BUILD_AUTO_ROTATION OFF No tablet auto-rotation
KWIN_BUILD_X11 OFF No X11 backend (correct for Wayland)
KWIN_BUILD_X11_BACKEND OFF Same
KWIN_BUILD_KCMS OFF No KCM (System Settings) integration
KWIN_BUILD_SCREENLOCKER OFF No screen locker
KWIN_BUILD_TABBOX OFF No alt-tab switcher
KWIN_BUILD_GLOBALSHORTCUTS OFF No kglobalacceld integration
KWIN_BUILD_RUNNERS OFF No KRunner
KWIN_BUILD_NOTIFICATIONS OFF No notification popups
KWIN_BUILD_ACTIVITIES OFF No activities
KWIN_BUILD_EIS OFF No input synthesis
KWIN_BUILD_QCH OFF No API docs

11 of 12 features disabled. The 1 enabled is the core compositor.

D-Bus service files

Location Files
local/recipes/system/redbear-dbus-services/files/system-services 4 (login1, UPower, PolicyKit1, UDisks2)
local/recipes/system/redbear-dbus-services/files/system.d 4 (PolicyKit1, UDisks2, login1, UPower)
local/recipes/system/redbear-dbus-services/files/session-services 7 (kded6, kglobalaccel, JobViewServer, ksmserver, ActivityManager, Notifications, StatusNotifierWatcher)
local/recipes/system/redbear-dbus-services/files/session.d 1 (org.redbear.session.conf)

Missing critical session services for KDE Plasma: ksmserver, JobViewServer, ActivityManager (3 of 7 session services are placeholders; the binary is not built).