Files
bee/iso
Michael Chus d52ec67f8f Stability hardening, build script fixes, GRUB bee logo
Stability hardening (webui/app):
- readFileLimited(): защита от OOM при чтении audit JSON (100 MB),
  component-status DB (10 MB) и лога задачи (50 MB)
- jobs.go: буферизованный лог задачи — один открытый fd на задачу
  вместо open/write/close на каждую строку (устраняет тысячи syscall/сек
  при GPU стресс-тестах)
- stability.go: экспоненциальный backoff в goRecoverLoop (2s→4s→…→60s),
  сброс при успешном прогоне >30s, счётчик перезапусков в slog
- kill_workers.go: таймаут 5s на скан /proc, warn при срабатывании
- bee-web.service: MemoryMax=3G — OOM killer защищён

Build script:
- build.sh: удалён блок генерации grub-pc/grub.cfg + live.cfg.in —
  мёртвый код с v8.25; grub-pc игнорируется live-build, а генерируемый
  live.cfg.in перезаписывал правильный статический файл устаревшей
  версией без tuning-параметров ядра и пунктов gsp-off/kms+gsp-off
- build.sh: dump_memtest_debug теперь логирует grub-efi/grub.cfg
  вместо grub-pc/grub.cfg (было всегда "missing")

GRUB:
- live-theme/bee-logo.png: логотип пчелы 400×400px на чёрном фоне
- live-theme/theme.txt: + image компонент по центру в верхней трети
  экрана; меню сдвинуто с 62% до 65%

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-19 13:08:31 +03:00
..

ISO Build

bee ISO is built inside a Debian 12 builder container via iso/builder/build-in-container.sh.

Requirements

  • Docker Desktop or another Docker-compatible container runtime
  • Privileged containers enabled
  • Enough free disk space for builder cache, Debian live-build artifacts, NVIDIA driver cache, and CUDA userspace packages

Build On macOS

From the repository root:

sh iso/builder/build-in-container.sh

The script defaults to linux/amd64 builder containers, so it works on:

  • Intel Mac
  • Apple Silicon (M1 / M2 / M3 / M4) via Docker Desktop's Linux VM

You do not need to pass --platform manually for normal ISO builds.

Useful Options

Build with explicit SSH keys baked into the ISO:

sh iso/builder/build-in-container.sh --authorized-keys ~/.ssh/id_ed25519.pub

Rebuild the builder image:

sh iso/builder/build-in-container.sh --rebuild-image

Use a custom cache directory:

sh iso/builder/build-in-container.sh --cache-dir /path/to/cache

Notes

  • The builder image is automatically rebuilt if the local tag exists for the wrong architecture.
  • The live ISO boots with Debian live-boot toram, so the read-only medium is copied into RAM during boot and the runtime no longer depends on the original USB/BMC virtual media staying present.
  • Target systems need enough RAM for the full compressed live medium plus normal runtime overhead, or boot may fail before reaching the TUI.
  • The NVIDIA variant installs DCGM 4 packages matched to the CUDA user-mode driver major version. For driver branch 590 / CUDA 13.x, the package family is datacenter-gpu-manager-4-cuda13 rather than legacy datacenter-gpu-manager.
  • Override the container platform only if you know why:
BEE_BUILDER_PLATFORM=linux/amd64 sh iso/builder/build-in-container.sh
  • The shipped ISO is still amd64.
  • Output ISO artifacts are written under dist/.