Files
RedBear-OS/scripts/patch-inclusion-gate.sh
T
vasilito 3d1dc59f4d fix: update build system tooling and configuration
Update cookbook fetch.rs for protected recipe handling and atomic
patch application. Update config.mk, device services, and legacy
base configs. Add patch-inclusion-gate script.

Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
2026-05-11 10:10:35 +01:00

30 lines
1.0 KiB
Bash
Executable File

#!/usr/bin/env bash
# patch-inclusion-gate.sh — block image creation unless Red Bear patches are auditable.
#
# Public scripts that create harddrive images or live ISOs must call this before
# invoking `make all`, `make live`, or a direct image target. The cookbook still
# applies patches from recipe.toml; this gate verifies the durable patch store is
# classified and that active ledger entries are wired into recipes.
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
cd "$PROJECT_ROOT"
if [ "${REDBEAR_SKIP_PATCH_INCLUSION_GATE:-0}" = "1" ]; then
echo "WARNING: REDBEAR_SKIP_PATCH_INCLUSION_GATE=1; patch inclusion gate bypassed" >&2
exit 0
fi
ledger_gate="local/scripts/classify-patches-ledger.py"
if [ ! -x "$ledger_gate" ]; then
echo "ERROR: missing executable patch ledger gate: $ledger_gate" >&2
exit 1
fi
echo ">>> Verifying Red Bear patch inclusion before image creation"
python3 local/scripts/ensure-patches-wired.py
python3 "$ledger_gate" --strict