reanimator/bee
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Fix critical ISO build bugs: kernel pinning, service registration, PATH, audit checks

Browse Source 
- Pin linux-lts to exact KERNEL_PKG_VERSION=6.12.76-r0 in build and ISO package list
- Add build-time verification that compiled kernel version matches pin (fails loudly)
- Fix bee-audit-debug → bee-audit in genapkovl OpenRC registration (service was never starting)
- Add AUDIT_VERSION=0.1.0 to VERSIONS (was undefined, bee-release had empty fields)
- Pin linux-lts-dev version in second apk add in build-nvidia-module.sh
- Add /root/.profile to overlay so /usr/local/bin is in PATH for SSH sessions
- Remove "DEBUG MODE" from motd
- Fix smoketest: grep for slog "audit output written" instead of non-existent "audit completed"
- Document no-internet constraint in system-overview and runtime-flows
- Remove redundant genapkovl copy to /var/tmp (now found via ~/.mkimage/)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Mikhail Chusavitin
2026-03-07 10:52:54 +03:00
parent 493ccea415
commit ffc7e5c71a
10 changed files with 73 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
iso/builder/build-nvidia-module.sh
View File

@@ -16,14 +16,16 @@ set -e
NVIDIA_VERSION="$1"
DIST_DIR="$2"
KERNEL_PKG_VERSION="$3"
[ -n "$NVIDIA_VERSION" ] || { echo "usage: $0 <nvidia-version> <dist-dir>"; exit 1; }
[ -n "$DIST_DIR" ] || { echo "usage: $0 <nvidia-version> <dist-dir>"; exit 1; }
[ -n "$NVIDIA_VERSION" ] || { echo "usage: $0 <nvidia-version> <dist-dir> <kernel-pkg-version>"; exit 1; }
[ -n "$DIST_DIR" ] || { echo "usage: $0 <nvidia-version> <dist-dir> <kernel-pkg-version>"; exit 1; }
[ -n "$KERNEL_PKG_VERSION" ] || { echo "usage: $0 <nvidia-version> <dist-dir> <kernel-pkg-version>"; exit 1; }
# Always install linux-lts-dev to ensure headers match the ISO's kernel (Alpine 3.21 = 6.12.x).
# Without this, a builder with stale 6.6.x headers produces modules for the wrong kernel version.
echo "=== installing linux-lts-dev ==="
apk add --quiet linux-lts-dev
# Install the EXACT pinned linux-lts-dev version so builder headers always match ISO kernel.
# If this version is unavailable, apk will fail loudly — do NOT use a floating version here.
echo "=== installing linux-lts-dev=${KERNEL_PKG_VERSION} ==="
apk add --quiet "linux-lts-dev=${KERNEL_PKG_VERSION}"
# Detect kernel version from installed headers (pick highest version if multiple).
detect_kver() {
@@ -46,8 +48,8 @@ if [ -d "$CACHE_DIR/modules" ] && [ -f "$CACHE_DIR/bin/nvidia-smi" ]; then
exit 0
fi
# Install build dependencies
apk add --quiet gcc make perl linux-lts-dev wget
# Install build dependencies (linux-lts-dev pinned to same version as initial install above)
apk add --quiet gcc make perl "linux-lts-dev=${KERNEL_PKG_VERSION}" wget
# Download official NVIDIA .run installer (proprietary) with sha256 verification
BASE_URL="https://download.nvidia.com/XFree86/Linux-x86_64/${NVIDIA_VERSION}"