From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from atuin.qyliss.net (localhost [IPv6:::1]) by atuin.qyliss.net (Postfix) with ESMTP id 8112F4BEF; Thu, 04 Sep 2025 23:47:46 +0000 (UTC) Received: by atuin.qyliss.net (Postfix, from userid 993) id 6ECB54C4F; Thu, 04 Sep 2025 23:47:44 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net X-Spam-Level: X-Spam-Status: No, score=-0.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DMARC_PASS,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=4.0.1 Received: from mail-yb1-xb34.google.com (mail-yb1-xb34.google.com [IPv6:2607:f8b0:4864:20::b34]) by atuin.qyliss.net (Postfix) with ESMTPS id B6A674BDB for ; Thu, 04 Sep 2025 23:47:42 +0000 (UTC) Received: by mail-yb1-xb34.google.com with SMTP id 3f1490d57ef6-e970599004aso1663046276.0 for ; Thu, 04 Sep 2025 16:47:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1757029661; x=1757634461; darn=spectrum-os.org; h=cc:to:content-transfer-encoding:mime-version:message-id:date :subject:from:from:to:cc:subject:date:message-id:reply-to; bh=dlSnSeQw3TfvuPSwC4S0Gf7E4CB92hyQn5OezyY8sdA=; b=kgYXypfRUC+Pr6Eqd1Z1VbVaLZchgQGVWQIbDzTvVlc7pZwTQ/LobtFyJUkD4tG7nN /Yeph/XIr/e4X5lUPHGXhueSe2YoZyOYZirYRynLXr1X/eJ/acDEWvIpHmo4vs7MR3py 4H/UnBYlGcl/fF5UCPBXhJIOFsJT5cVrpbtYuxPA5ZK7TYa+1gtLH7aCpICY8GkNO24z yJLZNlXu1MNZ7qKSxXhicoG0rEieflAuMpoQ2vyE9gccOay70qUurbXFtKBIN0Nn9+oe oBWj8W3l0KvD/PXsgWdRK6QKoQisSjcvDMWJ2aRFod9hkndUdd6m2CFtL+qIiQcEtgwh 1j5g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1757029661; x=1757634461; h=cc:to:content-transfer-encoding:mime-version:message-id:date :subject:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=dlSnSeQw3TfvuPSwC4S0Gf7E4CB92hyQn5OezyY8sdA=; b=S/43Lg8JqcttSpYTbokb1yc+k3eYGq/6OoMA3vEK9bGQSOEUyY8t/aHRRdXLuIGk6X sIxop7JYM6QG47v8AyCVlORrx8A0CHyMGwhRiXZg8rodTxh+5k79aMCTwR4AMIHjf08v Y8PCCTkW5lu3UNNmgfg/uJzYcoY11v+FmtdSS3ayJY5pbOGh7V+NwVKIp1mNgEwZZxsU Ex8yjpOI0W4+oNj0MDBC0TVOXjyaftDBuzZBWHJ/UUbdAAqpajUHXZTRorh3O1n+ciFW LfKP89mvVgR4sqzUA+4gXivKwW90LqmgexCz4L5PMrCaDHSKxb0C/4NC8opGuPnDYej8 fwpA== X-Gm-Message-State: AOJu0YwLnOYijfZCy6yYSlqO+Bfc9ZvQUp2z958EIMHeCHu1pkMwgYWc eyLvj/wqJ/pTCUCRsb1lHp5PSs3hgPzhG8a/eqjDmwql3KilW4pnZQCEzeV476f/ X-Gm-Gg: ASbGncvDb6YEadrKgmQErut9LKJNSpOjRLAaOGQflTJKVTictaOKXFjgPkC8c437SqI ZkK4NEq0izCVuQ3zMuooPKxRauud+o0zQGXMn/gXzN9DtfIKH+HKai0xEXC/VRN7JhSa5IOhuGI 84lUtgpyX7a7GsBxU1z+4REzDZ89soF2DFgB2EOUWIOsjDZyqpvTkqLhd/ZWYbl73jrIAMdXaHT H2WDtsxVgxvffVO+hVkPioYtIkOV3adiL5ZS/NFoSbmidUAXZdwmwgXi4pMleL8E/oSC9bEJ0YE VXnraVG+jeD4WPVrAf9/nFM1hmu+0wAOJpskYcPmd3myBc5K/zPFF7vSIOQeVp8WLvf2JPg7yFX ExKm+RaPdHiAVk8RFKD4+ZwnKNgEzoKpFRpt849y3l/JLUZ3KbbvlqatF8R7G40MSaPOFjkHBRg MuGjjOB/+lvA96lYkn0+BLqEFOJzY0oq5F3/EcBulf7m4= X-Google-Smtp-Source: AGHT+IGYR+1KVQP4KwtUDOrBUYETTh7lWGvHQAQi9cdJOzs38lU+DxNoMCgH8YJZf3+AcmIoE08Pcw== X-Received: by 2002:a05:6902:1002:b0:e98:a296:ecc4 with SMTP id 3f1490d57ef6-e98a5838edbmr21709935276.39.1757029661033; Thu, 04 Sep 2025 16:47:41 -0700 (PDT) Received: from localhost.localdomain (h96-60-249-169.cncrtn.broadband.dynamic.tds.net. [96.60.249.169]) by smtp.gmail.com with UTF8SMTPSA id 3f1490d57ef6-e9bbe08d6aasm2686812276.24.2025.09.04.16.47.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 Sep 2025 16:47:40 -0700 (PDT) From: Demi Marie Obenour Subject: [PATCH 00/20] Many image fixes and systemd integration Date: Thu, 04 Sep 2025 17:26:22 -0400 Message-Id: <20250904-systemd-v1-0-2a63b790a913@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-B4-Tracking: v=1; b=H4sIAP4DumgC/6tWKk4tykwtVrJSqFYqSi3LLM7MzwNyDHUUlJIzE vPSU3UzU4B8JSMDI1MDC0NT3eLK4pLU3BRdo+SUFIMkU3OLRAszJaDqgqLUtMwKsEnRsbW1AJQ 6v0dZAAAA X-Change-ID: 20250815-systemd-2cdd0b578a86 To: Spectrum OS Development X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1757021182; l=11624; i=demiobenour@gmail.com; s=20250729; h=from:subject:message-id; bh=aoCqFXoo5BeMNZkwzJ3qONhIbZ1zWRMIeUAkW1sFw18=; b=0PZt9I4CA3qPJPyobdF1PTepKqeYgPXpS5ae8oxj1R99r1CWheqXmeNS7pir2s9vRJ8sQ0R2T xq5GR5U1Zt/B/mmBxT9SXM3zL62QUWFJvOLTisIO//rHt/4hlJcSAl7 X-Developer-Key: i=demiobenour@gmail.com; a=ed25519; pk=X57Q4/YQDj9t4SBeKaDwvXYKB6quZJVx/DE2Ly2out0= Message-ID-Hash: TYZE22QKUWPPPWWK7HGD5YX7JBMTJOUQ X-Message-ID-Hash: TYZE22QKUWPPPWWK7HGD5YX7JBMTJOUQ X-MailFrom: demiobenour@gmail.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1; header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3; header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Demi Marie Obenour , Alyssa Ross X-Mailman-Version: 3.3.9 Precedence: list List-Id: Patches and low-level development discussion Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Patches 1 through 19 are all fixes or enhancements to the image build process. There are other changes that need to be done around error handling, but these are all useful regardless. See the individual commit messages for details. Notably, one of these patches standardizes file modes so that they are not dependent on the permissions in the user's git repository (except for whether the executable bit is set, which git stores). This is because that depends on things like the user's umask, and thus should have no effect on the image. Patch 20 switches from s6-linux-init to systemd. This is not intended for merging, at least not yet. However, it *is* meant to show the beginning of how Spectrum could benefit from systemd's features. Notably, this patch reduces the amount of code. This is despite all Spectrum-specific services still being managed by s6 and additional complexity in the Nix files being needed to work around nixpkgs not using standard directories to find things like systemd unit files and PAM modules. It's also worth noting that at least GNOME has a fairly hard dependency on systemd, but I doubt COSMIC will as parts of it are even used on Redox, which definitely does not run systemd! Signed-off-by: Demi Marie Obenour --- Demi Marie Obenour (20): scripts/make-erofs.sh: Ensure that / is world-readable scripts/make-erofs.sh: Do not read one byte at a time scripts/make-erofs.sh: Avoid unneeded calls to awk and chmod scripts/make-erofs.sh: Validate all paths scripts/make-erofs.sh: Avoid unneeded calls to dirname scripts/make-erofs.sh: Avoid unneeded calls to mkdir scripts/make-erofs.sh: Standardize file modes in images Standardize directories and symlinks in images Add os-release file host/rootfs: Set -eu in build Add /dev/fd and /dev/std* host/rootfs: Do not read from /dev/tty1 host/rootfs: pass API socket as fd 3, not fd 0 host/rootfs: Disable unneeded BusyBox tools host/rootfs: Use real less, not BusyBox less host/rootfs: explicitly set PATH in network add script Use /etc/s6-rc/compiled for compiled s6-rc directory host/rootfs: virtiofsd: Do not use FD 0 as the socket host/rootfs: Disable unneeded busybox stuff host/rootfs: Switch to systemd LICENSES/ISC.txt | 11 - host/initramfs/etc/init | 7 +- host/rootfs/Makefile | 186 +++++------ host/rootfs/bin | 1 - host/rootfs/default.nix | 347 +++++++++++++++------ host/rootfs/etc/group | 1 - host/rootfs/etc/init | 10 +- host/rootfs/etc/machine-id | 0 host/rootfs/etc/mdev.conf | 7 - host/rootfs/etc/mdev/listen | 11 - host/rootfs/etc/mdev/net/add | 1 + host/rootfs/etc/mdev/wait | 14 - host/rootfs/etc/os-release | 12 + host/rootfs/etc/os-release.license | 2 + host/rootfs/etc/pam.d/login | 9 + host/rootfs/etc/passwd | 1 - host/rootfs/etc/s6-linux-init/env/WAYLAND_DISPLAY | 1 - .../etc/s6-linux-init/env/WAYLAND_DISPLAY.license | 2 - host/rootfs/etc/s6-linux-init/env/XDG_RUNTIME_DIR | 1 - .../etc/s6-linux-init/env/XDG_RUNTIME_DIR.license | 2 - .../etc/s6-linux-init/run-image/opengl-driver | 1 - .../s6-linux-init/run-image/service/getty-tty1/run | 5 - .../s6-linux-init/run-image/service/getty-tty2/run | 5 - .../s6-linux-init/run-image/service/getty-tty3/run | 5 - .../s6-linux-init/run-image/service/getty-tty4/run | 5 - .../run-image/service/s6-svscan-log/run | 6 - .../run-image/service/serial-getty-generator/run | 43 --- .../run-image/service/serial-getty/template/run | 5 - .../run-image/service/vmm/template/run | 1 - .../notification-fd.license | 2 - .../service/xdg-desktop-portal-spectrum-host/run | 5 - .../template/notification-fd | 1 - host/rootfs/etc/s6-linux-init/scripts/rc.init | 10 - host/rootfs/etc/s6-rc/card0/type | 1 - host/rootfs/etc/s6-rc/card0/type.license | 2 - host/rootfs/etc/s6-rc/card0/up | 4 - host/rootfs/etc/s6-rc/core/type | 1 - host/rootfs/etc/s6-rc/core/type.license | 2 - host/rootfs/etc/s6-rc/kvm/timeout-up | 1 - host/rootfs/etc/s6-rc/kvm/timeout-up.license | 2 - host/rootfs/etc/s6-rc/kvm/type | 1 - host/rootfs/etc/s6-rc/kvm/type.license | 2 - host/rootfs/etc/s6-rc/kvm/up | 4 - host/rootfs/etc/s6-rc/mdevd-coldplug/dependencies | 4 - host/rootfs/etc/s6-rc/mdevd-coldplug/type | 1 - host/rootfs/etc/s6-rc/mdevd-coldplug/type.license | 2 - host/rootfs/etc/s6-rc/mdevd-coldplug/up | 4 - host/rootfs/etc/s6-rc/mdevd/notification-fd | 1 - .../rootfs/etc/s6-rc/mdevd/notification-fd.license | 2 - host/rootfs/etc/s6-rc/mdevd/run | 5 - host/rootfs/etc/s6-rc/mdevd/type | 1 - host/rootfs/etc/s6-rc/mdevd/type.license | 2 - host/rootfs/etc/s6-rc/ok-all/contents | 3 +- host/rootfs/etc/s6-rc/static-nodes/type | 1 - host/rootfs/etc/s6-rc/static-nodes/type.license | 2 - host/rootfs/etc/s6-rc/static-nodes/up | 26 -- host/rootfs/etc/s6-rc/sys-vmms/dependencies | 4 - host/rootfs/etc/s6-rc/vm-env/contents | 5 - host/rootfs/etc/s6-rc/vm-env/type | 1 - host/rootfs/etc/s6-rc/vm-env/type.license | 2 - host/rootfs/etc/s6-rc/vmm-env/contents | 6 - host/rootfs/etc/s6-rc/vmm-env/type | 1 - host/rootfs/etc/s6-rc/vmm-env/type.license | 2 - host/rootfs/etc/s6-rc/weston/dependencies | 4 - host/rootfs/etc/s6-rc/weston/run | 7 +- host/rootfs/etc/security/namespace.conf | 0 .../etc/{s6-rc/core/up => sysctl.d/spectrum.conf} | 3 +- .../systemd-veritysetup-generator | 1 + .../etc/systemd/system.conf.d/zspectrum.conf | 25 ++ host/rootfs/etc/systemd/system/-.slice | 5 + .../default.target.requires/s6-init-start.service | 1 + .../s6-init-start.service | 1 + .../s6-init-start.service | 1 + .../etc/systemd/system/s6-init-start.service | 25 ++ .../system/serial-getty@.service.d/90_force.conf | 6 + .../90_spectrum.conf | 4 + .../system/user@.service.d/99_spectrum-uid.conf | 4 + host/rootfs/etc/tmpfiles.d/99-spectrum.conf | 8 + host/rootfs/etc/udev/rules.d/99-spectrum-kvm.rules | 8 + host/rootfs/lib | 1 - host/rootfs/sbin | 1 - host/rootfs/shell.nix | 3 +- host/rootfs/usr/bin/run-appimage | 2 +- host/rootfs/usr/bin/run-vmm | 5 +- host/rootfs/usr/bin/vm-start | 2 +- host/rootfs/usr/lib/spectrum/s6-start | 5 + .../share/spectrum}/service/dbus/notification-fd | 0 .../spectrum}/service/dbus/notification-fd.license | 0 .../share/spectrum}/service/dbus/run | 0 .../share/spectrum/service/dbus/template/log/run | 4 + .../service/dbus/template/notification-fd | 0 .../service/dbus/template/notification-fd.license | 0 .../share/spectrum}/service/dbus/template/run | 2 +- .../service/s6-svscan-log/notification-fd | 0 .../service/s6-svscan-log/notification-fd.license | 0 .../usr/share/spectrum/service/s6-svscan-log/run | 4 + .../service/vhost-user-fs}/notification-fd | 0 .../service/vhost-user-fs}/notification-fd.license | 0 .../share/spectrum/service/vhost-user-fs}/run | 0 .../service/vhost-user-fs/template/log/run | 4 + .../vhost-user-fs/template}/notification-fd | 0 .../vhost-user-fs/template/notification-fd.license | 0 .../spectrum}/service/vhost-user-fs/template/run | 5 +- .../service/vhost-user-gpu}/notification-fd | 0 .../vhost-user-gpu}/notification-fd.license | 0 .../share/spectrum/service/vhost-user-gpu}/run | 0 .../service/vhost-user-gpu/template/data/check | 0 .../service/vhost-user-gpu/template/log/run | 4 + .../vhost-user-gpu/template}/notification-fd | 0 .../template/notification-fd.license | 0 .../spectrum}/service/vhost-user-gpu/template/run | 0 .../spectrum}/service/vhost-user-gpu/template/type | 0 .../service/vhost-user-gpu/template/type.license | 0 host/rootfs/usr/share/spectrum/service/vmm/log/run | 4 + .../share/spectrum/service/vmm}/notification-fd | 0 .../spectrum/service/vmm}/notification-fd.license | 0 .../share/spectrum/service/vmm}/run | 0 .../share/spectrum/service/vmm/template/log/run | 4 + .../spectrum/service/vmm/template}/notification-fd | 0 .../service/vmm/template}/notification-fd.license | 0 .../usr/share/spectrum/service/vmm/template/run | 1 + .../xdg-desktop-portal-spectrum-host/log/run | 4 + .../notification-fd | 0 .../notification-fd.license | 0 .../service/xdg-desktop-portal-spectrum-host}/run | 0 .../template/log/run | 4 + .../template}/notification-fd | 0 .../template/notification-fd.license | 0 .../xdg-desktop-portal-spectrum-host/template/run | 0 img/app/Makefile | 15 +- img/app/bin | 1 - img/app/default.nix | 101 +++--- img/app/etc/os-release | 12 + img/app/etc/os-release.license | 2 + img/app/etc/s6-linux-init/scripts/rc.init | 2 +- img/app/sbin | 1 - release/checks/integration/networking.c | 2 +- release/checks/integration/portal.c | 2 +- scripts/make-erofs.sh | 152 ++++++++- vm/sys/net/Makefile | 15 +- vm/sys/net/bin | 1 - vm/sys/net/default.nix | 2 + vm/sys/net/etc/os-release | 12 + vm/sys/net/etc/os-release.license | 2 + vm/sys/net/etc/s6-linux-init/scripts/rc.init | 7 +- vm/sys/net/lib | 1 - vm/sys/net/sbin | 1 - vm/sys/net/var/run | 1 - 148 files changed, 754 insertions(+), 555 deletions(-) --- base-commit: 0ac65013a1a29e91ea8476f39113e3598eb0e535 change-id: 20250815-systemd-2cdd0b578a86 -- Sincerely, Demi Marie Obenour (she/her/hers)