From 86826984028671c68a613d1c478b94abaa8717d3 Mon Sep 17 00:00:00 2001 From: Breadway Date: Sat, 13 Jun 2026 11:29:53 +0800 Subject: [PATCH 01/14] Fix prod-readiness issues flagged in audit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Fix XDG config dir logic in config/mod.rs (was double-nesting and had /home/user hardcode) - Replace /home/user hardcodes in breadbar.rs and hyprland.rs with config::config_dir() - Fix /home/user hardcode in packages.rs (uses /root fallback for .local/state path) - Remove eprintln! from GTK callback in packages.rs (no stderr at runtime) - Fix YAML parse error in branding.desc (missing space after sidebarTextHighlight key) - Add .gitignore (Rust target/, ISO artifacts, editor/OS junk, secrets) - Delete state.rs (dead code — never mod'd in main.rs) - Add brightnessctl, grim, slurp to packages.x86_64 (used by keybinds) - Rename can-you-begin-a-composed-beacon.md → DESIGN.md Co-Authored-By: Claude Sonnet 4.6 --- .gitignore | 37 +++++++++++++++++++ ...ou-begin-a-composed-beacon.md => DESIGN.md | 0 bos-settings/src/config/mod.rs | 13 ++++--- bos-settings/src/state.rs | 11 ------ bos-settings/src/ui/views/breadbar.rs | 4 +- bos-settings/src/ui/views/hyprland.rs | 3 +- bos-settings/src/ui/views/packages.rs | 4 +- .../etc/calamares/branding/bos/branding.desc | 2 +- iso/packages.x86_64 | 5 +++ 9 files changed, 56 insertions(+), 23 deletions(-) create mode 100644 .gitignore rename can-you-begin-a-composed-beacon.md => DESIGN.md (100%) delete mode 100644 bos-settings/src/state.rs diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..d5294b7 --- /dev/null +++ b/.gitignore @@ -0,0 +1,37 @@ +# Rust build artifacts +/target/ +**/*.pdb + +# Editor / IDE +.vscode/ +.idea/ +*.swp +*.swo +*~ +.direnv/ + +# OS artifacts +.DS_Store +Thumbs.db +desktop.ini + +# Environment / secrets +.env +.env.local +*.env.* +secrets/ +*.pem +*.key +*.p12 + +# archiso build artifacts (these are large and reproducible) +/iso-build/ +/iso-out/ +*.iso +*.img + +# Runtime / logs +*.log +logs/ +*.pid +*.sock diff --git a/can-you-begin-a-composed-beacon.md b/DESIGN.md similarity index 100% rename from can-you-begin-a-composed-beacon.md rename to DESIGN.md diff --git a/bos-settings/src/config/mod.rs b/bos-settings/src/config/mod.rs index da3b8eb..bd0c4af 100644 --- a/bos-settings/src/config/mod.rs +++ b/bos-settings/src/config/mod.rs @@ -15,10 +15,13 @@ pub fn save(path: &Path, val: &T) -> Result<(), Box PathBuf { - let home = std::env::var("HOME").unwrap_or_else(|_| { - std::env::var("XDG_CONFIG_HOME") - .map(|p| PathBuf::from(p).parent().unwrap_or(Path::new("/")).to_string_lossy().to_string()) - .unwrap_or_else(|_| "/home/user".to_string()) - }); + // Honour XDG_CONFIG_HOME if set; otherwise fall back to $HOME/.config. + if let Ok(xdg) = std::env::var("XDG_CONFIG_HOME") { + let p = PathBuf::from(xdg); + if p.is_absolute() { + return p; + } + } + let home = std::env::var("HOME").unwrap_or_else(|_| "/root".to_string()); PathBuf::from(home).join(".config") } diff --git a/bos-settings/src/state.rs b/bos-settings/src/state.rs deleted file mode 100644 index e0e760e..0000000 --- a/bos-settings/src/state.rs +++ /dev/null @@ -1,11 +0,0 @@ -pub struct AppState { - pub current_view: String, -} - -impl AppState { - pub fn new() -> Self { - Self { - current_view: "snapshots".to_string(), - } - } -} diff --git a/bos-settings/src/ui/views/breadbar.rs b/bos-settings/src/ui/views/breadbar.rs index 9f1ceb7..dd49a52 100644 --- a/bos-settings/src/ui/views/breadbar.rs +++ b/bos-settings/src/ui/views/breadbar.rs @@ -3,10 +3,10 @@ use gtk4::{Box as GBox, Button, Label, Orientation, ScrolledWindow, TextView}; use std::path::PathBuf; fn css_path() -> PathBuf { - let home = std::env::var("HOME").unwrap_or_else(|_| "/home/user".to_string()); - PathBuf::from(home).join(".config/breadbar/style.css") + crate::config::config_dir().join("breadbar/style.css") } + pub fn build() -> GBox { let path = css_path(); let existing_css = std::fs::read_to_string(&path).unwrap_or_default(); diff --git a/bos-settings/src/ui/views/hyprland.rs b/bos-settings/src/ui/views/hyprland.rs index 0ed704d..49ac07e 100644 --- a/bos-settings/src/ui/views/hyprland.rs +++ b/bos-settings/src/ui/views/hyprland.rs @@ -23,8 +23,7 @@ fn get_monitors() -> Vec { } fn hypr_path(name: &str) -> std::path::PathBuf { - let home = std::env::var("HOME").unwrap_or_else(|_| "/home/user".to_string()); - std::path::PathBuf::from(home).join(".config/hypr").join(name) + crate::config::config_dir().join("hypr").join(name) } pub fn build() -> GBox { diff --git a/bos-settings/src/ui/views/packages.rs b/bos-settings/src/ui/views/packages.rs index 6b3aedc..1281c44 100644 --- a/bos-settings/src/ui/views/packages.rs +++ b/bos-settings/src/ui/views/packages.rs @@ -8,7 +8,7 @@ use std::io::{BufRead, BufReader}; use std::process::{Command, Stdio}; fn read_installed() -> HashMap { - let home = std::env::var("HOME").unwrap_or_else(|_| "/home/user".to_string()); + let home = std::env::var("HOME").unwrap_or_else(|_| "/root".to_string()); let path = std::path::Path::new(&home) .join(".local/state/bakery/installed.json"); @@ -132,7 +132,7 @@ pub fn build() -> GBox { Ok(mut child) => { std::thread::spawn(move || { let _ = child.wait(); }); } - Err(e) => eprintln!("bakery update failed: {e}"), + Err(_) => {} // bakery not found; button is a no-op } }); diff --git a/iso/airootfs/etc/calamares/branding/bos/branding.desc b/iso/airootfs/etc/calamares/branding/bos/branding.desc index d3034ab..ff72dd7 100644 --- a/iso/airootfs/etc/calamares/branding/bos/branding.desc +++ b/iso/airootfs/etc/calamares/branding/bos/branding.desc @@ -26,4 +26,4 @@ style: sidebarBackground: "#3b4252" sidebarText: "#eceff4" sidebarTextSelect: "#5e81ac" - sidebarTextHighlight:"#eceff4" + sidebarTextHighlight: "#eceff4" diff --git a/iso/packages.x86_64 b/iso/packages.x86_64 index 32c97d4..6abc179 100644 --- a/iso/packages.x86_64 +++ b/iso/packages.x86_64 @@ -69,6 +69,11 @@ calamares-qt6 # Bread ecosystem — sourced from [breadway] repo bakery +# Input / screen utilities +brightnessctl +grim +slurp + # Utilities sudo git From 6f148e9a06b946c9f66f5bed837763d850766dc2 Mon Sep 17 00:00:00 2001 From: Breadway Date: Sat, 13 Jun 2026 11:32:40 +0800 Subject: [PATCH 02/14] Add bakery.toml and packaging/arch to match bread ecosystem Mirrors the build/distribution pattern used by the bread project: - bakery.toml describes bos-settings as a bakery-managed package - packaging/arch/PKGBUILD builds and installs the binary via cargo - packaging/arch/bos-settings.desktop for app launchers - LICENSE (MIT) required by PKGBUILD Co-Authored-By: Claude Sonnet 4.6 --- LICENSE | 21 ++++++++++++++++++ bakery.toml | 12 ++++++++++ packaging/arch/PKGBUILD | 34 +++++++++++++++++++++++++++++ packaging/arch/README.md | 25 +++++++++++++++++++++ packaging/arch/bos-settings.desktop | 9 ++++++++ 5 files changed, 101 insertions(+) create mode 100644 LICENSE create mode 100644 bakery.toml create mode 100644 packaging/arch/PKGBUILD create mode 100644 packaging/arch/README.md create mode 100644 packaging/arch/bos-settings.desktop diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..e837178 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2025 Breadway + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/bakery.toml b/bakery.toml new file mode 100644 index 0000000..632de76 --- /dev/null +++ b/bakery.toml @@ -0,0 +1,12 @@ +name = "bos-settings" +description = "System settings app for Bread OS" +binaries = ["bos-settings"] +system_deps = ["gtk4", "glib2"] +optional_system_deps = ["snapper"] +bread_deps = [] + +[config] +dir = "~/.config" + +[install] +post_install = [] diff --git a/packaging/arch/PKGBUILD b/packaging/arch/PKGBUILD new file mode 100644 index 0000000..60a7521 --- /dev/null +++ b/packaging/arch/PKGBUILD @@ -0,0 +1,34 @@ +# Maintainer: Breadway + +pkgname=bos-settings +pkgver=0.1.0 +pkgrel=1 +pkgdesc="System settings app for Bread OS" +arch=('x86_64') +url="https://github.com/Breadway/bos" +license=('MIT') +depends=('gtk4' 'glib2' 'hicolor-icon-theme') +optdepends=( + 'snapper: snapshot management view' +) +makedepends=('rust' 'cargo') +source=("${pkgname}-${pkgver}.tar.gz") +sha256sums=('SKIP') + +build() { + cd "${srcdir}/${pkgname}-${pkgver}" + cargo build --release --locked -p bos-settings +} + +check() { + cd "${srcdir}/${pkgname}-${pkgver}" + cargo test --release --locked -p bos-settings +} + +package() { + cd "${srcdir}/${pkgname}-${pkgver}" + install -Dm755 target/release/bos-settings "${pkgdir}/usr/bin/bos-settings" + install -Dm644 packaging/arch/bos-settings.desktop \ + "${pkgdir}/usr/share/applications/bos-settings.desktop" + install -Dm644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" +} diff --git a/packaging/arch/README.md b/packaging/arch/README.md new file mode 100644 index 0000000..af5acc0 --- /dev/null +++ b/packaging/arch/README.md @@ -0,0 +1,25 @@ +Arch packaging +============== + +`PKGBUILD` builds and installs `bos-settings` from source. + +## Local build + +```bash +makepkg -si +``` + +## Before publishing to [breadway] repo + +1. Tag a release on GitHub. +2. Update `pkgver` to match the tag. +3. Update `source` to the release tarball URL. +4. Run `updpkgsums` (or manually set `sha256sums`). + +## Runtime dependencies + +| Package | Required | Notes | +|---------|----------|-------| +| `gtk4` | yes | UI toolkit | +| `glib2` | yes | always | +| `snapper` | optional | snapshot management view | diff --git a/packaging/arch/bos-settings.desktop b/packaging/arch/bos-settings.desktop new file mode 100644 index 0000000..5385adb --- /dev/null +++ b/packaging/arch/bos-settings.desktop @@ -0,0 +1,9 @@ +[Desktop Entry] +Name=BOS Settings +Comment=System settings for Bread OS +Exec=bos-settings +Icon=preferences-system +Terminal=false +Type=Application +Categories=Settings;System; +StartupWMClass=bos-settings From 2c6feb4ea0dd2b6be0293aa825731efccb693748 Mon Sep 17 00:00:00 2001 From: Breadway Date: Sat, 13 Jun 2026 11:42:00 +0800 Subject: [PATCH 03/14] Add Forgejo Actions workflows and fix [breadway] repo URL MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - .forgejo/workflows/mirror.yml: mirrors every push/tag to GitHub - .forgejo/workflows/package.yml: builds PKGBUILD on tag and publishes bos-settings to the Forgejo Arch package registry (distrib=breadway) - iso/pacman.conf: replace placeholder repo.breadway.dev with the actual Forgejo package registry URL Requires two Forgejo secrets: GITHUB_MIRROR_TOKEN — GitHub PAT with repo push scope FORGEJO_TOKEN — Forgejo token with package:write scope Co-Authored-By: Claude Sonnet 4.6 --- .forgejo/workflows/mirror.yml | 20 +++++++++++++++ .forgejo/workflows/package.yml | 46 ++++++++++++++++++++++++++++++++++ iso/pacman.conf | 7 +++--- 3 files changed, 70 insertions(+), 3 deletions(-) create mode 100644 .forgejo/workflows/mirror.yml create mode 100644 .forgejo/workflows/package.yml diff --git a/.forgejo/workflows/mirror.yml b/.forgejo/workflows/mirror.yml new file mode 100644 index 0000000..9e7f427 --- /dev/null +++ b/.forgejo/workflows/mirror.yml @@ -0,0 +1,20 @@ +name: Mirror to GitHub + +on: + push: + branches: ['**'] + tags: ['**'] + +jobs: + mirror: + runs-on: [self-hosted, hestia] + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Push to GitHub + run: | + git remote add github \ + "https://x-access-token:${{ secrets.GITHUB_MIRROR_TOKEN }}@github.com/Breadway/bos.git" + git push github --mirror diff --git a/.forgejo/workflows/package.yml b/.forgejo/workflows/package.yml new file mode 100644 index 0000000..2a339b4 --- /dev/null +++ b/.forgejo/workflows/package.yml @@ -0,0 +1,46 @@ +name: Build and publish package + +on: + push: + tags: ['v*'] + +jobs: + package: + runs-on: [self-hosted, hestia] + container: + image: archlinux:latest + options: --privileged + + steps: + - uses: actions/checkout@v4 + + - name: Set version + run: echo "VERSION=${GITHUB_REF_NAME#v}" >> $GITHUB_ENV + + - name: Install build dependencies + run: pacman -Syu --noconfirm base-devel git rust cargo gtk4 glib2 + + - name: Create builder user + run: useradd -m builder + + - name: Prepare source + run: | + git archive --format=tar.gz \ + --prefix=bos-settings-${VERSION}/ \ + HEAD > packaging/arch/bos-settings-${VERSION}.tar.gz + SHA=$(sha256sum packaging/arch/bos-settings-${VERSION}.tar.gz | awk '{print $1}') + sed -i "s/^pkgver=.*/pkgver=${VERSION}/" packaging/arch/PKGBUILD + sed -i "s/^sha256sums=.*/sha256sums=('${SHA}')/" packaging/arch/PKGBUILD + cp -r . /home/builder/src + chown -R builder:builder /home/builder/src + + - name: Build package + run: su builder -c "cd /home/builder/src/packaging/arch && makepkg -sf --noconfirm" + + - name: Publish to Forgejo registry + run: | + PKG=$(find /home/builder/src/packaging/arch -name '*.pkg.tar.zst' | head -1) + curl -fsS -X PUT \ + -H "Authorization: token ${{ secrets.FORGEJO_TOKEN }}" \ + --upload-file "${PKG}" \ + "https://git.breadway.dev/api/packages/breadway/arch/push?distrib=breadway" diff --git a/iso/pacman.conf b/iso/pacman.conf index c071a87..701e900 100644 --- a/iso/pacman.conf +++ b/iso/pacman.conf @@ -30,9 +30,10 @@ Include = /etc/pacman.d/mirrorlist # bread ecosystem packages (bread, breadbar, breadbox, breadcrumbs, breadpad, # bos-settings). # -# TODO: Replace this URL with the actual hosted repo before building. -# See: https://github.com/Breadway/repo for setup instructions. +# Packages are published here by the Forgejo Actions package.yml workflow +# in each repo. See git.breadway.dev/api/packages/breadway/arch for the +# package registry. # ----------------------------------------------------------------------- [breadway] SigLevel = Optional TrustAll -Server = https://repo.breadway.dev/$arch +Server = https://git.breadway.dev/api/packages/breadway/arch/breadway/$arch From 769b6283e04cc99f9bf5c6a9285950a1ccf9eeeb Mon Sep 17 00:00:00 2001 From: Breadway Date: Sat, 13 Jun 2026 16:01:50 +0800 Subject: [PATCH 04/14] Fix Forgejo workflows for the actual server capabilities - package.yml: use correct Arch registry upload (octet-stream + binary body + PUT /api/packages/Breadway/arch/os), drop --privileged, remove actions/checkout (archlinux image has no Node) in favour of a manual shell clone, use the built-in Actions token instead of a stored secret, and --nocheck (tests belong in CI, not packaging) - mirror.yml: clone --mirror + explicit refs/heads + refs/tags push with --prune, instead of pushing refs/remotes pollution from a checkout - pacman.conf: correct Server URL to the Forgejo Arch registry format Requires only the GITHUB_MIRROR_TOKEN secret (GitHub PAT, repo scope) for the mirror job; package publishing uses the automatic per-run token. Co-Authored-By: Claude Opus 4.8 --- .forgejo/workflows/mirror.yml | 17 ++++++------ .forgejo/workflows/package.yml | 48 +++++++++++++++------------------- iso/pacman.conf | 10 ++++--- 3 files changed, 36 insertions(+), 39 deletions(-) diff --git a/.forgejo/workflows/mirror.yml b/.forgejo/workflows/mirror.yml index 9e7f427..a97385f 100644 --- a/.forgejo/workflows/mirror.yml +++ b/.forgejo/workflows/mirror.yml @@ -9,12 +9,13 @@ jobs: mirror: runs-on: [self-hosted, hestia] steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Push to GitHub + - name: Mirror to GitHub run: | - git remote add github \ - "https://x-access-token:${{ secrets.GITHUB_MIRROR_TOKEN }}@github.com/Breadway/bos.git" - git push github --mirror + set -euo pipefail + git clone --mirror "${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git" repo.git + cd repo.git + # Mirror only branches and tags (not refs/pull/*, which GitHub rejects); + # --prune deletes GitHub refs that no longer exist on Forgejo. + git push --prune \ + "https://x-access-token:${{ secrets.GITHUB_MIRROR_TOKEN }}@github.com/Breadway/bos.git" \ + '+refs/heads/*:refs/heads/*' '+refs/tags/*:refs/tags/*' diff --git a/.forgejo/workflows/package.yml b/.forgejo/workflows/package.yml index 2a339b4..de406ea 100644 --- a/.forgejo/workflows/package.yml +++ b/.forgejo/workflows/package.yml @@ -9,38 +9,32 @@ jobs: runs-on: [self-hosted, hestia] container: image: archlinux:latest - options: --privileged - steps: - - uses: actions/checkout@v4 - - - name: Set version - run: echo "VERSION=${GITHUB_REF_NAME#v}" >> $GITHUB_ENV - - - name: Install build dependencies - run: pacman -Syu --noconfirm base-devel git rust cargo gtk4 glib2 - - - name: Create builder user - run: useradd -m builder - - - name: Prepare source + # Note: no actions/checkout — the archlinux image has no Node, which JS + # actions require. Everything runs as shell steps and clones manually. + - name: Build and publish + env: + PUBLISH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - git archive --format=tar.gz \ - --prefix=bos-settings-${VERSION}/ \ - HEAD > packaging/arch/bos-settings-${VERSION}.tar.gz + set -euo pipefail + VERSION="${GITHUB_REF_NAME#v}" + pacman -Syu --noconfirm base-devel git rust cargo gtk4 glib2 + useradd -m builder + git config --global --add safe.directory '*' + git clone --branch "${GITHUB_REF_NAME}" --depth 1 \ + "${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git" /home/builder/src + cd /home/builder/src + git archive --format=tar.gz --prefix="bos-settings-${VERSION}/" HEAD \ + > packaging/arch/bos-settings-${VERSION}.tar.gz SHA=$(sha256sum packaging/arch/bos-settings-${VERSION}.tar.gz | awk '{print $1}') sed -i "s/^pkgver=.*/pkgver=${VERSION}/" packaging/arch/PKGBUILD sed -i "s/^sha256sums=.*/sha256sums=('${SHA}')/" packaging/arch/PKGBUILD - cp -r . /home/builder/src chown -R builder:builder /home/builder/src - - - name: Build package - run: su builder -c "cd /home/builder/src/packaging/arch && makepkg -sf --noconfirm" - - - name: Publish to Forgejo registry - run: | + # --nocheck: packaging builds the artifact; tests belong in a CI job. + su builder -c "cd /home/builder/src/packaging/arch && makepkg -f --noconfirm --nocheck" PKG=$(find /home/builder/src/packaging/arch -name '*.pkg.tar.zst' | head -1) curl -fsS -X PUT \ - -H "Authorization: token ${{ secrets.FORGEJO_TOKEN }}" \ - --upload-file "${PKG}" \ - "https://git.breadway.dev/api/packages/breadway/arch/push?distrib=breadway" + -H "Authorization: token ${PUBLISH_TOKEN}" \ + -H "Content-Type: application/octet-stream" \ + --data-binary "@${PKG}" \ + "https://git.breadway.dev/api/packages/Breadway/arch/os" diff --git a/iso/pacman.conf b/iso/pacman.conf index 701e900..8ec5fd6 100644 --- a/iso/pacman.conf +++ b/iso/pacman.conf @@ -30,10 +30,12 @@ Include = /etc/pacman.d/mirrorlist # bread ecosystem packages (bread, breadbar, breadbox, breadcrumbs, breadpad, # bos-settings). # -# Packages are published here by the Forgejo Actions package.yml workflow -# in each repo. See git.breadway.dev/api/packages/breadway/arch for the -# package registry. +# Packages are published to the Forgejo Arch registry (group "os") by the +# .forgejo/workflows/package.yml workflow in each repo, on tag push. +# +# TODO: packages are currently unsigned (TrustAll). For production, sign +# them in CI with a GPG key and switch to SigLevel = Required. # ----------------------------------------------------------------------- [breadway] SigLevel = Optional TrustAll -Server = https://git.breadway.dev/api/packages/breadway/arch/breadway/$arch +Server = https://git.breadway.dev/api/packages/Breadway/arch/os/$arch From a2973b91eb73f71438b3d513b9ca0ac6f246548b Mon Sep 17 00:00:00 2001 From: Breadway Date: Sat, 13 Jun 2026 16:03:55 +0800 Subject: [PATCH 05/14] Use Forgejo-prescribed pacman section name for the Arch registry MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Forgejo serves the repo db as {owner}.{group}.{domain}.db, and pacman fetches "
.db" from Server — so the section name must match. Co-Authored-By: Claude Opus 4.8 --- iso/pacman.conf | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/iso/pacman.conf b/iso/pacman.conf index 8ec5fd6..6863265 100644 --- a/iso/pacman.conf +++ b/iso/pacman.conf @@ -36,6 +36,8 @@ Include = /etc/pacman.d/mirrorlist # TODO: packages are currently unsigned (TrustAll). For production, sign # them in CI with a GPG key and switch to SigLevel = Required. # ----------------------------------------------------------------------- -[breadway] +# The section name must match Forgejo's served db filename +# ({owner}.{group}.{domain}.db) — pacman fetches "
.db" from Server. +[Breadway.os.git.breadway.dev] SigLevel = Optional TrustAll Server = https://git.breadway.dev/api/packages/Breadway/arch/os/$arch From c259aa9e933b66be779429d30e5ba629d34a4ebe Mon Sep 17 00:00:00 2001 From: Breadway Date: Sat, 13 Jun 2026 16:10:39 +0800 Subject: [PATCH 06/14] Rename mirror secret to MIRROR_TOKEN (GITHUB_ prefix is reserved) Forgejo/gitea rejects user secret names starting with GITHUB_. Co-Authored-By: Claude Opus 4.8 --- .forgejo/workflows/mirror.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/mirror.yml b/.forgejo/workflows/mirror.yml index a97385f..3efe2c1 100644 --- a/.forgejo/workflows/mirror.yml +++ b/.forgejo/workflows/mirror.yml @@ -17,5 +17,5 @@ jobs: # Mirror only branches and tags (not refs/pull/*, which GitHub rejects); # --prune deletes GitHub refs that no longer exist on Forgejo. git push --prune \ - "https://x-access-token:${{ secrets.GITHUB_MIRROR_TOKEN }}@github.com/Breadway/bos.git" \ + "https://x-access-token:${{ secrets.MIRROR_TOKEN }}@github.com/Breadway/bos.git" \ '+refs/heads/*:refs/heads/*' '+refs/tags/*:refs/tags/*' From 7ef51e87227e1538ba40f3346718d6d515d59eac Mon Sep 17 00:00:00 2001 From: Breadway Date: Sat, 13 Jun 2026 16:14:12 +0800 Subject: [PATCH 07/14] Clone from public URL, not GITHUB_SERVER_URL (resolves to localhost in runner) The Forgejo runner injects GITHUB_SERVER_URL as http://localhost:3002, which is unreachable from inside the job container. Use the public URL instead. Co-Authored-By: Claude Opus 4.8 --- .forgejo/workflows/mirror.yml | 2 +- .forgejo/workflows/package.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.forgejo/workflows/mirror.yml b/.forgejo/workflows/mirror.yml index 3efe2c1..6a2f9ab 100644 --- a/.forgejo/workflows/mirror.yml +++ b/.forgejo/workflows/mirror.yml @@ -12,7 +12,7 @@ jobs: - name: Mirror to GitHub run: | set -euo pipefail - git clone --mirror "${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git" repo.git + git clone --mirror "https://git.breadway.dev/${GITHUB_REPOSITORY}.git" repo.git cd repo.git # Mirror only branches and tags (not refs/pull/*, which GitHub rejects); # --prune deletes GitHub refs that no longer exist on Forgejo. diff --git a/.forgejo/workflows/package.yml b/.forgejo/workflows/package.yml index de406ea..3bd3c7f 100644 --- a/.forgejo/workflows/package.yml +++ b/.forgejo/workflows/package.yml @@ -22,7 +22,7 @@ jobs: useradd -m builder git config --global --add safe.directory '*' git clone --branch "${GITHUB_REF_NAME}" --depth 1 \ - "${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git" /home/builder/src + "https://git.breadway.dev/${GITHUB_REPOSITORY}.git" /home/builder/src cd /home/builder/src git archive --format=tar.gz --prefix="bos-settings-${VERSION}/" HEAD \ > packaging/arch/bos-settings-${VERSION}.tar.gz From f98f21bbdd7957bbbe355253da4bc7b5b8d418dc Mon Sep 17 00:00:00 2001 From: Breadway Date: Sat, 13 Jun 2026 16:40:59 +0800 Subject: [PATCH 08/14] Source calamares from official extra, not [breadway] calamares and calamares-qt6 are in Arch's extra repo; no custom PKGBUILD needed. Update packages.x86_64 and the pacman.conf comment accordingly. Co-Authored-By: Claude Opus 4.8 --- iso/packages.x86_64 | 2 +- iso/pacman.conf | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/iso/packages.x86_64 b/iso/packages.x86_64 index 6abc179..b69e43c 100644 --- a/iso/packages.x86_64 +++ b/iso/packages.x86_64 @@ -62,7 +62,7 @@ foot # File manager nautilus -# Installer — sourced from [breadway] repo (see pacman.conf) +# Installer — from the official extra repo calamares calamares-qt6 diff --git a/iso/pacman.conf b/iso/pacman.conf index 6863265..04dbb8a 100644 --- a/iso/pacman.conf +++ b/iso/pacman.conf @@ -26,9 +26,9 @@ Include = /etc/pacman.d/mirrorlist Include = /etc/pacman.d/mirrorlist # ----------------------------------------------------------------------- -# Breadway custom repo — provides: bakery, calamares (pre-built), and the -# bread ecosystem packages (bread, breadbar, breadbox, breadcrumbs, breadpad, -# bos-settings). +# Breadway custom repo — provides: bakery and the bread ecosystem packages +# (bread, breadbar, breadbox, breadcrumbs, breadpad, bos-settings). +# (calamares comes from the official extra repo, not here.) # # Packages are published to the Forgejo Arch registry (group "os") by the # .forgejo/workflows/package.yml workflow in each repo, on tag push. From eda2c44c484327a7a6b61b4831b9ed8bbc161374 Mon Sep 17 00:00:00 2001 From: Breadway Date: Sat, 13 Jun 2026 16:53:25 +0800 Subject: [PATCH 09/14] Add Calamares branding images from bread logo - logo.png (productLogo/productIcon): rasterised from the bread logo, transparent - languages.png (productWelcome): logo centred on a light Nord canvas - logo.svg / bread_white.svg: source vector Resolves the missing-branding-asset blocker so Calamares can render. Colour scheme can be refined when final SVGs land. Co-Authored-By: Claude Opus 4.8 --- bread_white.svg | 4 ++++ .../etc/calamares/branding/bos/languages.png | Bin 0 -> 12212 bytes .../etc/calamares/branding/bos/logo.png | Bin 0 -> 9234 bytes .../etc/calamares/branding/bos/logo.svg | 4 ++++ 4 files changed, 8 insertions(+) create mode 100644 bread_white.svg create mode 100644 iso/airootfs/etc/calamares/branding/bos/languages.png create mode 100644 iso/airootfs/etc/calamares/branding/bos/logo.png create mode 100644 iso/airootfs/etc/calamares/branding/bos/logo.svg diff --git a/bread_white.svg b/bread_white.svg new file mode 100644 index 0000000..b705951 --- /dev/null +++ b/bread_white.svg @@ -0,0 +1,4 @@ + + + + \ No newline at end of file diff --git a/iso/airootfs/etc/calamares/branding/bos/languages.png b/iso/airootfs/etc/calamares/branding/bos/languages.png new file mode 100644 index 0000000000000000000000000000000000000000..ee04ad0df262789c987be06f58bd6022521292a1 GIT binary patch literal 12212 zcmeHt_dC`9|Nj%Ah=ybSp5ET9tf_A~J@OcRGxduUt_aI2-9R#s?rZ?%yfd_OC zG}Tn0WoQ-JI)3b$G`K^LP}jaizevY)^ai6#j6UU-0OFP@!tOr8UdHy3J-9&EuU(fE zxh5$he#7vZl#GP5%ng|EwQDlhu0<6tRsLTexOvz)Jq-B&e?ZzbU;-Zq{+}HXPHy(z zi2H7y|IartaT#&(e>V9#-uoPaMBl2b-Zb-85k>+HLI>oTULWG_BF zsjSTSRLP9Ciy^PoepOzhOCzVWPATY$qF~Lea?Z2Q`LW7l%0EQ7l(UuYP}{A3iD$u8 z37BnetDR>v|HI2;F*q_q+(WDP4ye(AC^oPq>E`CfP#=js%Ph>zjLe6XYRQy2 zUM;ZW=Tq0X$g=SbnVZZ1OnG*Lyf1X+ik`Z9aaVVjp`KZOSC>YB9B+Lg4b;jE%;wSg zS9glMH1jyQB$4;MTRFM7jHddtMdB=KYMqdaT%1DP6;pW1dK3t7Y3S|3hH*LRW3JOy_Jf0JgZ zlB7S>LqqTFyOW)Fs%FjG9;76RT9oH&CKs2L^$;|>i%Uv`;<&|?!Ty{It_`;n zIPwPa)R4MaZSFRl5W)#SM60<>;$Uhmvi9C5>ejLowjvgFmML1R`&d&my&S!~ z+fJXEXJDaw%$#ud(nuyQ(TZepFO?F%63x8*^_18oF`ELvxxSH>0FR{!zbONWv)<&Y zrj~oxio9&mj(ZJWoU*>@mvqvz$HruoVd2)%5K}gqu|ASGoaV6*2e%$c^FU$kmlB)P z?iN|TxvV?X3AEh&?o+R`h#`g!Yz5?mcj1NcG}ja_(oy& zeiW*WSk_v*JxO-Ncgl9-ZSjVXJPj46Qhkz!0Fl&EzcndBrEipoYcn=BE-ISr z%bYPz6HUai4_XdMDMMX} z$Qs1XBZ`J-CW&IIScPkXcOHFx@GQVO>NsyHi>{OoJx_3v#*3JVPz~t33(&BM&xKi` zxy@mI_0|EiwJjr(Bg4#?x1Dcb0fp+REtreiqxV~=BPJ`GRb?`UyNr;;PxR*&_fIGe z1+9i<>niLR78?qAOnLWzjF8!k#rUj!iu%CMlx=Yy@M$nf#45LWwNdTRe`mJkh(lIi zVW+J2Alxsl{EF;qX~t#UN3~nI!Y?`=?9S&s3p{*s0(RIMw$M{Q+1p(lTiYJF(Bj>T zog^<`NI=h!YN&p?P}ri*1$XV|LA9y$q1GPgJgM%(W0_~rOKHv8BXCq@S^+`E=+nJ^ z!h)}Gw5qZP>W0nXAAI*NTG3{p1dH^RIRIz#8Mwvf^!aJDyDlr#b{Z&F^68k{#E z<`3u(-&J$sBWUOxJ2HbDE9AHPGlPN+fNHtxR;!s+KFYV=MRx~I=ZDQ_?5xiHW&)HA z)Sno&!DsnJ&>iQVC!L}Csd=;?YKp~Yg<01hF8aEaRIF~9URYd2{G=i;eB9s0yyv;B zfBNoum*G5SkQ6H`9}g)*WosfYVesiO*#`MCYmp2cmr2=8;wX#mVv0lN(pKBh3_1amE?hqJ zXT7By8dnRa`&q(f6KoAX++%Zgc3)XzZ+CI=={0kh?^j`-3>7@q6kjm+P=0IeLepUc zJ@!L@cNBVkCs+nwdc$YW>vGr9QYMa`dY%K&V|mKOV0`Gp;B?N%cI3W5v%G!}(8Ic~uAlwr5kqV1f~u; zIo^?RltO+`SQtvds_K3F%<^^n7v-%abE6X_zCjvL;1z%@k8$Ju*_vX_T8wOBi~Tdg zLds2l9&h^WZKFo)pLhoaHA}jcj1=q!mQ8)Q$&?0nSsE@NsCmHaYg}am$k&7W^nU*@^oVx)xD=q^nQt+80BK4EytimSdij%9`OJm52;RAYZ)BYto zh(bfacI(dWCxK+de9?TyB|;Hb`F^Eux>U}+k!B}@)}#v493!NO3w9A^-WnKZTw#`% zh&1+d{MvxzlCgW;P7c&TxGmV>;8y? zM*RF!7M({6W;Fd=zzWZN+4Gwk5U6&rh;l$pRWSC-sySqNnNN1XeyukoU9~FtdM+$C zL2<`0E4WED=4@DLLBXZ^EXfh#>WFT$_LLE(P#Xg;(8Uz#UD&J>xOegN01v8Bb9u4n}X9s{RrA^+SDTX-BJR>j=Ma%nl+X8eyq+&Q>p;Yjs^S&i21 zif!28#P(Ljw&KtRt8gieg$K66#-=A-T!nrGRY4lJO=wvTtok#fi+Q8OxwoTQq%nFb0zr#=|+dZ zt1FKCRYaaRH%&62&ZfVhMDs08TCquAtmTjX@c!jh33b0oU!=3MOdHC>z`L3^WVtVJ zUN^y!xCnDsq;1tVGD>8Y{e7=TX2Vl^%ZV*OQoBl-*@S5s+W`&_4CwEl>B&b-bf%4hq<0Khvgef z&)X#ehrX3|G%u}8Ezm2r$So;7TUkv6hE_SHc$3J))X}DprJHR1sIqdZC16$X^z<7> zs8I!2(v8*cev=%Z0Q}Y%==3_59ya2w_xF-45<5M!ygfEM3pEjADR?_#htuIc3Hxp! zkB9ta#!JNX!$*P>)%;Ch`j6(`=qmcSW;J!60TAfGjo)Fj9uf=PIULVqwybenM>p|z zKe@{+J+EY&l|Xs_IUxKpC)~qWQ**SkkBUri;dWRWF54Y|jZ}8iZEZVbVZ8fLj>~@i z5%lcjs}_~xgazoItsd-Xcq^q;;#WEp4mX?0L!%8}2@BaV4MdV`ti4>GTEbvIp9(km zox3|N#6@9u<)g0}Xj0b;hB(fJ;LUqihszK5F&Er*X|28$Y9`GCoVZTng8RnWl2c(W z6PXO*yifm9cf9$MR=U(p>x#{abof-D#q>2<_n+O?!3$X(3btq|`uX8u<5~%Lvpg## ze*~Dajsy%YU6;TM>yqj~R-jf$68*HT2OV4;3VBtdoRtFOzetAA)=3IU1B1)lI+4eV z#p5eoIpBfQie;9y8l857mAZn4?%bDO-QgrdN|F>teXgPA5jw$vHm!Xahr=kbz17H% zgHt6Xy=6y7qj7(!rP$@=Fo~Mrf;lTk< z?sc4+xh>wwX3g>HL+*C`W}`gQzx4lkk>1|fp-t=%ue!3SwEBD9pBu-;#T94!HaTtS zJ=OWY+?*B`dgR(SNB1c;)w#YfLe%+ZI8{6WL=9YM!4vCrOiJ#c2J>4rt4jz?+MW!X z`Xj#g-91u)ijUP!o&m3M@0AFlJENlNFl0sgv=*BzIiqD0SK(U+x2 zJLKvc`aKjbvD1#5{JnAS zdWdcPg1hc9QFcZ5(u3^;)X0Y%U?w15&8h(*z>I$sPv|?G0d;>nMSfaNPIuML!MaCR zpPXQuuh5kzj26CsZ;C?UMKip{t_WS{9(Q<_j>%UHCNeqy0ja{apznUw3@z}z!Da$-Tol1Etc4at|-f#`^}OtvcEl9mZK7Bhdt~AX~JJbf!nR!<3aTE z0f<#P@#RnzdbINXjqdP}m9ID{Xg9^dXF@l$!0x)!G9_pmyK;Gqcfot7_kj-sUy>rnT4SgkIfYC!h13=Nt1t z?N4O#|KrQWlxO+&7wc@C=3-l8Llk!q(K=GI2&+F&emJ{3iIcKI)}O`W(tL)&>9OPJ za|6|3X~^Pctt<1J!)ca?PmLgf_g#L|X}7i1yfPdS#a-Z#8Ki*pISw`vr9|0=+AArp%qfJZYNs>B)T^eC2Q;JxzJnwaxzQbZy*S;k#2k*f=20pqFsq2 zc#v6D3=UL($Klim2lKlT#M(I-e98^d_nq36>-G*-VLe!zUAQtLbXn5PgjQ3Nhb(vS z<<0Kq8}Dk)J`lwh!pE~QI`SC?SE+vU0Pvj*XtnOi3@LutoBqn^u<-Dp^laE(v~89p z{TKkM{keGDnWIMz^5RZr1U2jUv~@}(YB>0GW!H$vO$By~49U?5vIDz)ytdP_yN(@k zR60E9Xak1{+rb&chun@Y>i(f&3rZ9#O`Ew{>&+;Y+A3D6`coTZ%ms~-qFPjb2i39~f1h~o*R9a~R zY8<=7-gDDw%J0JtAL<^9H*#>1Pgvj{tAWbR;5-OVckTYKnt<20)LJyk{2i!4*v#ZgIIlJ4d_|eQx zyBhb_#)E)9`9~-gM#%07sEqvtVSm9*8US!*)-&AMNFia_5Rns#8%5K zsF?Wp3#2|`mJKN>;l^1oRWx6W7zo4j9 zk+$HIT*t$B0&)ixH&5+=luhmM1;kioYlD=c0Jn{*wAubIz^EyVUgNb;k&HC+<}r9+ngVDJf7$?!bE=u>L0Q zaN`&osrMU!5Mxv4bu=!q0HF?YVTQ^63mOYx!FMjA6zL@3X4y547y?v zF4^KGv{6aT^wEk!Q?%dpI|5cE5eI%lsyOjP&m+{m0^C-!KJ@)T6pAjL@|%qNWXPE2 zTS>P&rPupP9wX^nFe0Cp*G6?d3)qt7n>$kUj<(0t*ckPJ;=fZcZzxhpU`k4I?ww6; zl7II2&Lu66^y67_7fmDReu`2{KqD7Vd!c=2w4YjK)9uCpHzOo0B(wJ?GP1{AH|Kn; zaDU`!W{mdpe|hHQ;o;{BCv@~D8fWi^qE;FR$t7hx!#QX%%bGiiEqfaEg?c9oMtZh7 zRbB&Sv!|R%yzFA?W5e;gDprCKN=kkc0nMZdhgD|zgLc|;3xD3|8h}(6XK>}YYOXgt z;o)_T5g_ya=Dz|kWOR|aBfuHcBu@)MwS7`NPQtr_gC}q=icw)uy)YvuDd_|FlpUit zSpbQsM_&Yr6hvWzt@%w!+G59{31~my$8ELt&Cj=D5M2un#FDkE>Xq-j7vi0`WYska zugpL{c`01@BHPII#1 z%;(df{tSDkga9`*4lYnLvh>gMs zeqLSngjP}bk$K0V#xv)WivoHx9EbKgBNj0981Xger7nfh-!7?wg{nC&uz}}guFfOc z6(K>*WD9oc`Butar=n{($m}lJwmUWv1+Evib5D8yfnjf|Rk8mE8-9#Kj+PO<-p~2v z@M@C6{d_ZpC&0=p6f3`FAxR~}j&SY6Ge}HJhn%Atbp)=WLK;td}UYoo#&hGAd+#&uTz%-)wmcPRE zTgt^P>qBJ<=Go+bBQQe!vMKT2l2}C#t_$_Zmq2q+tuuAZt99$sj}s7sP7WV% zx6f)-D8f%s&v#Lj`9<9wq-~I33})UOXC4<)h5b>scvi&xyRpyNSOM+=6$C>Ay%e-3 zYfM44nkTo7h5Owaci2(YKtu}WMJ&4V8EdYeKuW|Qjf!y2drI?F3h;LfD(}4&|e;>d51G6M#&KW zxNcF3aat*ZIq11+*Y$EsyZ;!u^!hK}{%JSWDLNo$-0^N@@{xUHSc3-hkykv+Y&F zv{_dV1H!?B|NE_DCm_Tb%B$w)=G-_H)*Z3wKjTb_t$LctB5+do2-A}ZZFTiZ4UHGF zu*e0Lr+2@t?Xm!-g1q}9YX|Fm)#p+rP5q0USX#C|*u_if?!XV9xO6e5r?PMPIJ9rM9I4$S zA_9V6J+o`03zb?z+>@&I*Ew$GmMYVD($g11f(><&-uoq9T-9xRZ}@-v4~_Vx_4Tfv`>p^Kf%9+O5X^Fcc!@bCE#f zh?V^LSbSNTn?}CD>-SnRd7gg`-Cw#U)XNS(^SdoskyRXfnKPPwn~^>|7_@B!r7(P) zuQwO--lm0QH&>aKTEX{!ovjzU;8FD>vNxF1zVCno>i5z6OqKofQ8jgsr`lQ>`uSfE@I34neech&$XL*bsJl@-@iEF%juQjdN)KhKk5NrG;njxq54Dkw7o;5p ze{sL3{wM+vj+QN2hW?&`=i&m|fBS5uPPtN=LMId+41iCt;f@9VF$?*Sbo`V`xFlA| z`}BW~la}L~n1&9d$7nzOq;GJH-s3&g@HY<4jr?iLpi{uI+%M1W!7uT4W9>G>zZ|Lw zQkHD?%qHJhp>g|j@v*u8-xvyrb>&z=NcM~uHA460wU&5LP76gHy5K0ZpQX_5?2#ax zs3A=f$10&&-g<5wDMpNqq8B0ufeJXa_nrPnvNvnd-;t4DBf@Q)on}u@s9aBxARSBM zSj=V$QU^vvVUi)g6EjNZ98PmcY5Pp^RceG+_GslqO|rzlD+p8_)xLG>Ry={Q{CVJl zox$hnP3c2;;+>SROz8XwMan{HMrv7o_|aYlMBmF^AthNm_StPFp1XaAsY za#-V1aC-S&k+Jx#^ivw8a^T3$82Sou_rm(E#ZXOw)R?8KDK<-p)YHt+GxVV{Son>2 z1$(N(7<|I+`AW{WtR99M?<_;18A_c=nIfgx^*^y8TDUaYNu z48g2E+htn@?SeN91M*u01N&v$U9;@}5Z1Ls*keFwYuAEG7xVG?si{$P&5VXnk0>|9 zkN{LWyQ-0@|4b^#AQnjyFKPC7w{MWdClIL*X*t6gDJLtbsTmqAY;62d83Hmmvoh=4 zr44^MPS}I@m03>RpIw=4slqKmNnfyNV}rpqt3$*hF67~IV-(Kd=4Gu3`xin&%JCtf z3qip*khDJzK)OWes2Pv&&FqryQ2*K;U`^&A zKWi@o$U3O+E=YUVzr~0Ct|x2GOU^MIsxAc7kY?CHEMn!2O>EkWN}kW~o5Fs67E^=x zab3i$Nvk_a!~~2L1f{lGf2c9UVxLId`v}DqAu*sY>-6gjk3_)W`%>p=I9!sG{Fbgq z;3o8v(s`yev9Lf!_N0LwKB+NQ^CCfs<_2lh3jBnSQ2-C!++7WAXU@8fH|WJ#)H%*{ zXpfCI-0JD+0rhqYcxq~zicFtaD z^#S}JvakyN2ECj!LSiO@X9hn~?HgHJPZqnF)`zxM>T&>QX9+U2yPkQsCULqp*?ceITxF83MYbbrrH|k#>h=X#0Ft4s4XN*va zmeA>F!9)#YZLJYV!9}LmOyW7>R9WH6Li}#cW}+kyFcGS48yApZwERIbP*B@BmE$MYoN+ zg53kqc|VHgxDOSbiYKi5TY9t+>p(jyFMEWzqwSW+I>*KHDohNuQDRG8o37pP|4zRN zDV2M%@P$84lkrKd?8{3~oF>_Sz6Hhwuq`{QG9(T&I6r0Gddj-xb-oQCFZW*FT;3F$ z2gS68kYdlyzC*Gx5D!|xpisw$e4T1bA4s!&H0&^h2Zvdx(UIQ2D!;uK<8C9w;0Scb zN`kE4y49D=Lk3k2f@BE1UW`piZ1zV>Eex}BANr`H64J_?<@5e^WL~O(Q`hg#-HKJ7 zypZi57L>NTjm#rgAo;-k9yoDBxMH!9&H6g;tf+d>N@a6sKzA8<;h*#v2A|lwvA+}D zXtuo_*vcvUum+T>^zzi=hDO1-g!9lHCJwoGX`M|GpcM%U*5=(wVk0kDku||z8A6)u zij7MxonY~Oc+9!OHTpPC`3}Mrs`-4t1WOiorlp3N1WZR{wW5Z z;(M7I`Pi}H-Tbha+qoJSPXlXtfu5lZz_eBPxVWT&INRL9f;H|daJJa-@my8@91zkB z*GYbz@v5z>6B?c@ud9=U!C`EBYa9vaycn?tr9X28{q_P>auPz6u^}VPqKdh*H|vu+ap#%t+(U37fAU~_(kBYL@%aj zEmop=u}@COzXu$3w_&!F4BeB;2>zv>D(!u4CwRGuA$y6k-Xs0uno06VaO?WmQYt*G z4GdvDlryA}Z-0KuXUt)4a?GWowWgh!rOD7u8VZgFklD>xU*ov5VQ=2(oM>EXS`K>V z#cgfYpiX88a#`|5KNWDEFf5j$WF4_!YRk66ar~WENqMmsc@X*t!qjYwnA;beiz-Iu zI(nSlo%LKSOhLnUdiaBRss$@^y&xET6By4;N;)K`YUGc%ZSfX^B4h~Juvj-sp`@f_ z*Ol>;5OE2o`=kU3bNqRpiBsZE$Sx`GDveS-Xdv_pf6dhcqA95rDZL|6Vk%Lh%3o}{ z9Ah){;uelo_Y12_LUF5nImy&=-M^U<04CH611Xx8hLCyDm8OP-^*_mN0DZym(^m3< z$oNzz9J-WfeX!}6+ojgLR+C(=D(pwl$6KC6F?-O%ZpAZlurq{#>cfQEOtDF1ls zgk)%_%_|KJ&51TkXukHvcpDgjmCV_=i>If8e)G^$Mq`Os_aY$5l&>ieAh?_b lcKF{%|K-O2KHWG_oKI&Q<^Doa016JN-_lVnSHAc7e*mF~wXFaE literal 0 HcmV?d00001 diff --git a/iso/airootfs/etc/calamares/branding/bos/logo.png b/iso/airootfs/etc/calamares/branding/bos/logo.png new file mode 100644 index 0000000000000000000000000000000000000000..30bee390c40c844281b37876760ebe9a576f8d49 GIT binary patch literal 9234 zcmc&)^B%%S{jx{0a=8lV{t)RN*V+Nq(eII z@V)ncxVxX7ogdyf@0sVsbI!zSsw?7QQ(}WaAUtIyxi=utqcq@t;VA}i)o<1(0sb&7 zRTbqx_YdE~_VQE^hz_JIC#~a~ySL~Ns58}#acF1D>tw4;_v+Q76sZ|46DgCb!c`+< zl7_h}y=q;pN-#FI<6BLgXPVF55i!O)ajI`BIqK zgPD&aMeLpnytyPAtrq-mX!g;||E~|s+eXO;J!WnqoIt{WeCiv0a?G0-v2yN@jrB!oe$g?!l22msJdfGRE!*-h8h<=`VuWHczAfY zJrDvBZlyZ&b==uz50j!>@BBv^kG|OIrQPB+c;<7kRNcGwF0<97Mpr$0&5Sd1tsaYr ziNCxBUv8^QstA9xpSi$ua_{VJ;J{U4Z2qrkRYy^gwcS+BenW$ot*-6_RGcNXKW1TJ z!QRv~9}$4qrKUmHg-@*C4A`8rcdTb%rEk^HY8i8D{{1LuH`2r4b4?jCuet0to|q?! zspGu3fgRnmRiih)zIp!PjB{5vGbg8hY3=A{aLx1H>iADi2gIj6W)&q>Bs-EToJ1<{ zT2QTGPB-XmgJT`ddw0P>-6wAxwRU8W3cA|e$|^uKE1u^Pz!$PKmIMC{i%vkfU>Og4 zb35%XXn*#eQk!clz4;Ew5p34gRrN{7S7u6m&WK_RTZKtb1#F!9b_RI=LQ=W5xqGzi z$UouM1SjkVnD5Vudh4jqf3=v1c`JEm?{tfQB^=%z3X=$uK~uS|2Bg0DLWw1AtfyC2 z(rP*>z@u3K9nKM~y+6yF;`{Y>#_g;(At!gMD!Rudnt3psJqeR$bV>5gw zU!S2zqJ!CgC|XEA!p1&MUO(z`R$u(8#!o3W(t2;Gw zwU%V>?5sAsbHG;^Qh6V<5`AA?qESoLmqc68kygwZ9wx)0t*4h!WFJNG`PY|b@8LPG ze4RE0>0pT{T$+fx(o%AMHxLFcSbjN$(AwI%WOY5o_IzJ_rp*RtfUVK;U&gyMeI4_) zUPy(jz0#G_`uYZIAFa=>X#26py^zCr$s{v{mmw~(N(&s$Ta3MSQkxkPpz7xrDQ-CG zCG>(^%$_a^kNSO26h7)lvSP8mg$0}@M5&^(8kOC!bGUde`CD>1D5+uR7d^4c2=Ug! z0?l?T^NV`~J=(R|ZM5VKeOg*H;Vl6MHsci3X5!%be0q>s*Lm^RhO~F|V&Zd##9sH} z#O^xa_mf`MoR=b1YZ#w_GQo0cTj0WZiZ~NBUIG@i=DkPWJ7Pt3<#B)Vl$(xS{Esm~$qAzy;*#HY} zUQFwo6?5Q-Mbmm4^!!L>sA;}!?003Vi<^uDKn1ZKEii*yoVNI623@ZIl>3!vz)t!i zU`Q!9@Yo($*0X#Eslr%Li*;`Tf8xp>OeOinAnPZe8WWK^HQ&{Ia5SE<-GJBh6jO8D zBnrT`g-`mT_F1gYlc8ymK}vlB522TSO&OA1_V610@mA05a}<;~{%)%HQu=Kp@h33d32$AIH8Q)7PcF^+@4x_{Y4wgk5%m+>w)pHp@D4 z39~cwe8Z-vW9j?abYs)u_yQnk0Ytfcs~C z16D{!8;O1i{xPa3EiG{za3*JA@dz6S`?s6W8zW56h3zHclW+j1UbQLFxj1JgpLf4J znR<@*e3~K47fLT)T;jOFNzuFG3#xcBGpYkW2HSdywc0y|n)VIWnYWd*WuH5W9+8k3 z*R{h5=Mnmr^JjZA9YF^n0YM#UZMJY5Ke4~lwOkl@FG8i!Fz-$_LrX9r?4&&b2O*)& z1mf>$5w1x)H1)F|+&6Epj;`$%f`Z<#$>x!wMH&hCZByec1#jlU#<%=r&O=a0pnKoyDRFo=3P0o=;3ypRQfRvKLed3MQT_O^OGdc2{`Hl^`!iT;i0LH7=Wav!K0%{-X$G z1qF;6st|!Y&&7+^)wEdAJr@=zmB7>CcY(LV@4gr`W5YE1bm6}(a zLPf4lwh}H0hEZROWC{JN%gStTJo*W5*4odHZVA}tzM0qZ@lhrSSzfFN-F~YR+Wf+o zT(HcyV#gBqzAxVwJ4xd1mC???w|VEL8~C!>yB!X}_LM`MH|2d&MWp{lg2CGM=8l@0 zQvs%84Uy*r!&&G_^VK^7{E!}fvygB>(#`||i7W7W_@BIlG5haFeTm4Xf1@ah@;r>3 z;q0Ft89|p^YPp^`+1c5p(5qk}qL4M~pu&8t9& z!Nm=Z?_Ff(&%dXQ&H0mXhA7%Z$-9+zx$bigEw3jQ0HavGy^GV6T_0EF%=Q~Sfjhjd zX7-Z6B^Hq~G|W1Rug$ndxDe6yJ0WHd|5*KVM;`T|PSrY>lkCVik;qN6(9!9%Z!IY% z2TSd4>+79;k!vGK0U0wR&{ntp(o7&+r5|RuwV8M=xQ1wVwRisAZ24vSdy-WkD!|6V zl9%G>Z~=1_n+P&-*t?40J{$7jJ{apGXWIJ$e}`E%+CmjVs$u z%)cWu?=V6rM-7#UPN8mhL#YYFjX|wzFBOAI-$7J-TeWt!=aX z^`%tREZ()0%?r!9=x4CUhM3Vem)j^8*fG5<##+mfKH@4Dv2=+!(*D~LfI4gCX>sFh z%Ui18>ua{d-#tlmr18qNw~LIO$u7T}KUay!_VmuDLKU}X$id&1UCeHY4G}-yrni3krfGqIYkpL=(3JX~?d+Elr645C+^qlU{!jK88}>= z3T1xS=?UnohFoNNxm9A)ok#O2 zs4$`!iNd^ZuDQ`rr{9@@7tLYmJC_Y*w2&D3g)#N959Yg^BUB z=&ZqNlhYz=kv{kHBY7=AkF*bic*rBPzadv*4m*_OOcbc2ccu8krQy-e9}4JC%x-Mx zKvGftV6~{ID2$aLQYXu3k+CBA*Xzb-cR3ukmz5@yrQEb96)XyGHq#nJ;F#G$n^U>;hCNw*aRZFz_FA^uhrhxO-#NV}S;z%04 zBTG$|1S-2#ND^l-F>EeIITRWi8eW`l7Id+aM|57zVO0lT{46T}S_o2If_@kp8X_GG z@!JOygr-Uq9PkCFpKS{INBIglBRPoYYC}4MspM@E5)v-@0#qZ;m%RG;g?3j@u|5Ct zkmEMF_Ig@;3aq~|w)h0*HR?E&Y=JcI^Bxg9J} z(|*OeLLpdZfa^h%&D`GUQ?SHU1~YvCjJ+fTOAV5eRgar9AbI}Ydg~TqdL`i(7=~_i7wOtyGvw(7qVp-md(Q8tJ}G z%ai3MIn|^Hf`bj}2#J`~9Z$c015`I-_$l*We5q>YG1X)0h#gI(ze`#5_Xop>C8KY4 z8pU6i2kiM*tJrG0{wNC~tsO6~l_3xgb#f2KaU&Lj1xYlr+z=Wd4!fgtr_E6Vy2^eo zcBiw^sz1v$28};gR7FK^4ELpuis3*eN=Ai&^Uo(rZv5?GQv1|}M_(zw`0%njOLzE!I8F zOTD-Y;+x+QkeBye;jMbP6l*wM2b(eHyNQ*lX9adG^XU9h7xw%1^-G&2TYiX^gw`N% zdYJpBNNUyD+$MG0${ziRoWIlF6V$vD0Fpuj+rD~?lod)4S)J-GfIW>WiSz5-X(Z?&|qLB z1~njS)LFHwZwNHu1M#aqE>%=drokl)1F~qZ`sxvMcguGTf2g1S+C`$ zCV#Dt57tbQutIHeGCttC7ushFX*$1V^C2#a0Msk^d6pfQSeFE$sUvUlixf9Kqrb6a z+H#dQeikWJ^xuf$esYp@6y4nh+YY`HThu_e^$NanW+qP$xw5oZ1rES(gE5K^Q&nCI z2OUl>^w>_^^GbkmgW|l(GemO~F+ZhKc`WdW#Hd%X78a zu3*=*2v)V4Wdi>#NQvuQq$%@o)NXsi;5W*~;OZ9}Y3#V^?bc9JIE4>JxOA?Z9O1)? z=Aqma>?t+G)zn7dYd001X9;m0-KDbyVi*R=JEmt#-1P zUw^Nr4hK`dtJ)S*_g7bvRSWZ=}Lf(`@%)|_jNglp6k$R7nZ1Wl^^iKQb=aAG3cMI&X8B@xt>ii9#@@?Atb!Zjt|Tb09l3076W-qa(Jghg zWPX}=tIFarC^^PA2sZT+KR5wunnu_7Acxi7g4LyZ~h+xQ_jkzqHjAP z!u}QOZs=&*6BTZG4&o@~!N)0_Ty|wbn#2MF(tavW0W-mgc#i}&(k2A6kjq*KW*UHB z;S(DkDl&}y$)8e#Vmu6qltFSnAHz(qs)~_IX~jobAl9=8= z$D6&a)??#+a&5*~-x_a0D7hsRXRZL0XI2Wu7$X2(h+X}K?Zd)zc=@Q2*D@(AU;M3Y zZ68o<`RO~$Z?e%7!UP|5MrihbuxG4zy%9fP?WB1F3_Mx|wFSe0N?;osG47E^7$MU2 zWl4M)*bl}#OG(_hyj(WDKKc9mk7-zwQ3vzPyG$l6rw8vus^uYX1Fx)j>rhl8s+K6~ zO>C>yiNjRvCT=$X={%PRZ1l|9zqXe28M`h8W7GKkd4B#qmMEyj>|+Z*;0_42V8RbO zq{$hBxA2JoW?NohK$rV`%G7`3RPC?C>?rgs7-d-}1_DqR8B|&l5352-xeFWb%RCC* z*!ccfUW<5ZMoo2^xjtvm`E|Lt8i-DGF!g6paDQQ&D%?n-1iVP(FTFkfASaAB~3o>;ZU_p&@wH1i|Xj2{gkjEj7PmW za~6l!!wFk7NdLe|Rrm);vA6mhdP-DZy&w(7?r&|IqXB~shmT#|=l6UHLmXH-Oz$`{ zf{tw7%)~@*a&ZInLeRCoBC4t+vg+4c?uvVIqz1-u!nv+MxC1 z-Y&l_?nnC?n-kL@G#?yFYvLF?$gm#czZRKI_3H_U#8UYzI+a-XnbLp ztkKa1XFXfQ7pJs1h1xkID+{Z*ZapbfiT|Z@Ea87K+ngJ`K(E!PnaGiL^7IKx(kHx| zPOOKCFfoPzK~MOQRSXOae7FnkL{$%Skj5W=>os8Sl~PVMXT!{iE%T3NNIr2jSD*%n z;A%!zW@f!B-j7k?-Bp?tbMTX~pfsa6n37#_>}Yz@)Bi;gai@};FKOH&J${>r#5sZkId7I8V7EPVG&Q8dPO>oqWpC+*p2dig^G!$k`cNE!znUq?wP z*M9tC;x~4^LGa{qR;uMFGisGI-T`@=XKe+BQ@gU9K7MpGX)$(9ipvWC=5AbbK?g$Q z0(H&w^mC8W_wWA&6MAxB4AgSpqvJF+C3{)`2PI}?buO}2!C3D}R#MrPJxccRi?zeN z)=e*eox%weE^`Q{BBI~TIIl{@D!^DO2~f-*rEt(eX>JBWpOY#Wff2_1l+Q8ZoHO)a z4Unpc^#3aQ(cAIi;aNT`4+wBpIrytcZbn9#O;;<@=J*^U2Fd+zVon(=65pqOmc1x&$3&Ghybq`7oCPoyQc)%SG`=?ORYeE z*qgl!E5wXZo$PC zkLvp0Ed(L)z-+bm;n|?BS6g~TlYFYdcN7$>H7fREFLO_T;DgU&fg}G*!?n(BZO)Uo zUq)7D>cMFNPP>WXRroPHOHPjsjWKV5^Jr{HMdzl20{4Y1eb9f>tKD3`yfz;gUBjo@ znkg~lTm)2ygNNru2JCq1?$!%>4kgY552KIOG;yK3C;ts zEO-Rt2hRBYBhS;%cG$!mGv0hQTPC!&vB4S)r$3S~3k~A{JR(ryuKzTQ2ZM_ToIO3@ z%TjCFpL4RVPh^n~4jSPqT|YfVB8Zua>sV$_i$)Uag}^Sh@y(_>ddqZo=8r?MrcJ|v zS|Hv*$i;JjWj!`-OtadoVYScBIPv$k0aAJ(9k)0v3==wvAmTooOf8+Bp2k^z^J%E8 z*LpfhL=eF4uuDTVN&4G`Z&=x7-C)C{@mg0bCX;~SyL*BtnVA+ZswyW(O?~~OxjCcB zsp;a5jz=A3Ouj)9{Fi};muGiA`YUci=5+?Y-wCg{x2|}Kth{Uf{SLSa6I_Gv=tL!Jzc|Uk;T%})>?f}x@`m~S}=OJK~Cq_(W6CR5+ zf}pN-PZc!bS)ls|5LpIxgz+BRd^PVR%Y*TzGT(3Yt!aqJSJqTI9G!0zYe-Cxfc=|I z0whDlU3>;ii`g!NQ7TW+%Z0Pm6q@*|%^E$@E5g?b#kP3ue}+O}aG=Hw6$$!;&w)eM zPRGu+J;BUxfqb&^MdG0`s+4IO85u&BzBkiM9%Xs4<1xBcoFw_&RC^9_ zu!1QTH32~ zE_sLLjvu23S=+4MhJao>ifBZ=cjf$0dd`cDc*cm^m?@`Ug+R%y#_olvxQt_s;GwIwOTwlfdwz1!UpAam=kRX>?QX=e;iVt~^Z1>|SiK#M|DQjF zcB5j}equm(==TxOAZj?*NSep{Je3U(87yKa$EGKY?bCUv6Z_O55E9)Q>fU*#L4>Yv^}O-y=$C@wl)y}mzz7#dGHd8KUKTmF;$Lb)q9kX(tvFNp# z>p2}MA_25bQ9vljooev%ajsqPlJ=AL>#wPDOdO?##l>AkU=qAIgdV&{Dwac9PhGca z2)t;3rfBT!zYRQ`i|o-u0fD5G%fRq92&5STfz&Lv`pg45wo0LAE{)Gwn43&84{6w6Uu!dWB*~9y|WWp~5|IOa(Ag@t7+wWezSz zc(z63 + + + \ No newline at end of file From 0ee174e16e9bffc20087936ec372e3f530d7a84f Mon Sep 17 00:00:00 2001 From: Breadway Date: Sat, 13 Jun 2026 16:59:30 +0800 Subject: [PATCH 10/14] Regenerate Cargo.lock for bos-settings The scaffolded lockfile was stale, so packaging builds with --locked failed. Regenerated against current Cargo.toml (88 packages). Co-Authored-By: Claude Opus 4.8 --- Cargo.lock | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/Cargo.lock b/Cargo.lock index a8c150b..a70ddc8 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2,6 +2,18 @@ # It is not intended for manual editing. version = 4 +[[package]] +name = "async-channel" +version = "2.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "924ed96dd52d1b75e9c1a3e6275715fd320f5f9439fb5a4a11fa51f4221158d2" +dependencies = [ + "concurrent-queue", + "event-listener-strategy", + "futures-core", + "pin-project-lite", +] + [[package]] name = "autocfg" version = "1.5.1" @@ -18,6 +30,7 @@ checksum = "b4388bee8683e3d04af747c73422af53102d2bd24d9eadb6cbc100baef4b43f8" name = "bos-settings" version = "0.1.0" dependencies = [ + "async-channel", "glib", "gtk4", "serde", @@ -58,12 +71,48 @@ dependencies = [ "target-lexicon", ] +[[package]] +name = "concurrent-queue" +version = "2.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4ca0197aee26d1ae37445ee532fefce43251d24cc7c166799f4d46817f1d3973" +dependencies = [ + "crossbeam-utils", +] + +[[package]] +name = "crossbeam-utils" +version = "0.8.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28" + [[package]] name = "equivalent" version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "877a4ace8713b0bcf2a4e7eec82529c029f1d0619886d18145fea96c3ffe5c0f" +[[package]] +name = "event-listener" +version = "5.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e13b66accf52311f30a0db42147dadea9850cb48cd070028831ae5f5d4b856ab" +dependencies = [ + "concurrent-queue", + "parking", + "pin-project-lite", +] + +[[package]] +name = "event-listener-strategy" +version = "0.5.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8be9f3dfaaffdae2972880079a491a1a8bb7cbed0b8dd7a347f668b4150a3b93" +dependencies = [ + "event-listener", + "pin-project-lite", +] + [[package]] name = "field-offset" version = "0.3.6" @@ -457,6 +506,12 @@ dependencies = [ "system-deps", ] +[[package]] +name = "parking" +version = "2.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f38d5652c16fde515bb1ecef450ab0f6a219d619a7274976324d5e377f7dceba" + [[package]] name = "pin-project-lite" version = "0.2.17" From 12a8fa00bb08fc1b6a761182d7d9445759a6eb0d Mon Sep 17 00:00:00 2001 From: Breadway Date: Sat, 13 Jun 2026 17:06:53 +0800 Subject: [PATCH 11/14] Disable LTO in PKGBUILD (vendored ring/mlua static libs vs makepkg -flto) Co-Authored-By: Claude Opus 4.8 --- packaging/arch/PKGBUILD | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/packaging/arch/PKGBUILD b/packaging/arch/PKGBUILD index 60a7521..f6e6fef 100644 --- a/packaging/arch/PKGBUILD +++ b/packaging/arch/PKGBUILD @@ -7,6 +7,10 @@ pkgdesc="System settings app for Bread OS" arch=('x86_64') url="https://github.com/Breadway/bos" license=('MIT') +# Some Rust deps (ring/mlua) build vendored C/asm into static archives; makepkg's +# default -flto=auto emits GCC LTO bitcode the Rust (lld) link cannot read, +# causing undefined-symbol errors. Disable LTO. +options=(!lto) depends=('gtk4' 'glib2' 'hicolor-icon-theme') optdepends=( 'snapper: snapshot management view' From 1bcd9588de4bbfea11b6f1d99566e319f791ffe4 Mon Sep 17 00:00:00 2001 From: Breadway Date: Sat, 13 Jun 2026 22:54:27 +0800 Subject: [PATCH 12/14] Fix bos-settings compile errors and use REGISTRY_TOKEN for publishing bos-settings was scaffolded but never compiled. Fixes: - main.rs: import gtk4::prelude (connect_activate/run) - window.rs: disambiguate WidgetExt::display(); drop unused GBox import - hyprland.rs: Label has no set_monospace -> use the monospace CSS class - theme.rs: drop unused prelude import Also switch package.yml to secrets.REGISTRY_TOKEN (scoped write:package), since the auto Actions token is not authorized for the owner registry. Co-Authored-By: Claude Opus 4.8 --- .../prod-readiness-auditor/MEMORY.md | 3 ++ .../project-bos-patterns.md | 30 +++++++++++++++++++ .forgejo/workflows/package.yml | 2 +- bos-settings/src/main.rs | 2 ++ bos-settings/src/theme.rs | 1 - bos-settings/src/ui/views/hyprland.rs | 2 +- bos-settings/src/ui/window.rs | 4 +-- 7 files changed, 39 insertions(+), 5 deletions(-) create mode 100644 .claude/agent-memory/prod-readiness-auditor/MEMORY.md create mode 100644 .claude/agent-memory/prod-readiness-auditor/project-bos-patterns.md diff --git a/.claude/agent-memory/prod-readiness-auditor/MEMORY.md b/.claude/agent-memory/prod-readiness-auditor/MEMORY.md new file mode 100644 index 0000000..6eb2edc --- /dev/null +++ b/.claude/agent-memory/prod-readiness-auditor/MEMORY.md @@ -0,0 +1,3 @@ +# Memory Index + +- [BOS Project Patterns](project-bos-patterns.md) — recurring hotspots and architectural constraints specific to the BOS repo diff --git a/.claude/agent-memory/prod-readiness-auditor/project-bos-patterns.md b/.claude/agent-memory/prod-readiness-auditor/project-bos-patterns.md new file mode 100644 index 0000000..bf403ce --- /dev/null +++ b/.claude/agent-memory/prod-readiness-auditor/project-bos-patterns.md @@ -0,0 +1,30 @@ +--- +name: project-bos-patterns +description: Recurring patterns and hotspots to watch in the BOS repo across audits +metadata: + type: project +--- + +BOS is a rolling Arch Linux OS project combining an archiso installer profile, Calamares configuration, default dotfiles, and a GTK4 Rust settings app (bos-settings). + +**Why:** This is a scaffold-originated repo; the initial code was written in one pass and has several recurring anti-patterns worth watching on future audits. + +**How to apply:** Check these areas first on any future audit pass. + +## Recurring hotspots + +- **config_dir() + /home/user fallback**: Multiple views (breadbar, hyprland, packages) originally inlined `std::env::var("HOME").unwrap_or_else(|_| "/home/user".to_string())` instead of calling `config::config_dir()`. Watch for new views duplicating this. +- **branding.desc YAML**: The `sidebarTextHighlight` key had no space after the colon, causing a hard YAML parse error. Future edits to this file should be checked with `python3 -c "import yaml; yaml.safe_load(open('branding.desc'))"`. +- **Branding images missing**: `logo.png` and `languages.png` are referenced in branding.desc but do not exist in the repo. These must be created before any ISO build attempt. +- **state.rs is dead code**: The file exists at `bos-settings/src/state.rs` but is not declared as `mod state` in `main.rs`. It is silently ignored by cargo. Either wire it in or delete it. +- **pacman.conf TODO**: `[breadway]` repo URL in `iso/pacman.conf` has a TODO comment — must be a live repo before the ISO can be built. +- **eprintln! in production paths**: packages.rs had `eprintln!("bakery update failed: {e}")` inside a GTK callback. GTK apps don't have useful stderr at runtime. Convert to silent handling or surface errors through the UI. +- **can-you-begin-a-composed-beacon.md**: AI-generated random filename for the project plan doc. Should be renamed to PLAN.md before the repo is shared publicly. +- **skel == dotfiles duplication**: `iso/airootfs/etc/skel/.config/` and `dotfiles/` are byte-for-byte identical. This is by design for now, but risks divergence. The plan calls for post-install.sh to copy skel into user home — skel is the authoritative copy; dotfiles/ is redundant scaffolding. Flag in future audits if they diverge. + +## Key architectural constraints + +- Calamares shellprocess runs inside chroot (`dont-chroot: false`). `systemctl enable` works, `systemctl start` does not. +- `MAIN_USER` is derived via `getent passwd 1000` — safe only after Calamares `users` step which precedes `shellprocess` in settings.conf. +- The polkit rule grants wheel-group members passwordless `snapper rollback` via pkexec — intentional per design. +- The live session autologs as root (not a "liveuser") — standard archiso releng behavior, not a bug. diff --git a/.forgejo/workflows/package.yml b/.forgejo/workflows/package.yml index 3bd3c7f..aaf7eb7 100644 --- a/.forgejo/workflows/package.yml +++ b/.forgejo/workflows/package.yml @@ -14,7 +14,7 @@ jobs: # actions require. Everything runs as shell steps and clones manually. - name: Build and publish env: - PUBLISH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + PUBLISH_TOKEN: ${{ secrets.REGISTRY_TOKEN }} run: | set -euo pipefail VERSION="${GITHUB_REF_NAME#v}" diff --git a/bos-settings/src/main.rs b/bos-settings/src/main.rs index fc13dc2..a5e73fd 100644 --- a/bos-settings/src/main.rs +++ b/bos-settings/src/main.rs @@ -2,6 +2,8 @@ mod config; mod theme; mod ui; +use gtk4::prelude::*; + fn main() { let app = gtk4::Application::builder() .application_id("com.breadway.bos-settings") diff --git a/bos-settings/src/theme.rs b/bos-settings/src/theme.rs index ae850d0..6be4f51 100644 --- a/bos-settings/src/theme.rs +++ b/bos-settings/src/theme.rs @@ -1,4 +1,3 @@ -use gtk4::prelude::*; use gtk4::CssProvider; const CSS: &str = r#" diff --git a/bos-settings/src/ui/views/hyprland.rs b/bos-settings/src/ui/views/hyprland.rs index 49ac07e..fba4537 100644 --- a/bos-settings/src/ui/views/hyprland.rs +++ b/bos-settings/src/ui/views/hyprland.rs @@ -50,7 +50,7 @@ pub fn build() -> GBox { for mon in &monitors { let lbl = Label::new(Some(mon)); lbl.set_xalign(0.0); - lbl.set_monospace(true); + lbl.add_css_class("monospace"); vbox.append(&lbl); } } diff --git a/bos-settings/src/ui/window.rs b/bos-settings/src/ui/window.rs index 0088675..c07a231 100644 --- a/bos-settings/src/ui/window.rs +++ b/bos-settings/src/ui/window.rs @@ -1,5 +1,5 @@ use gtk4::prelude::*; -use gtk4::{Application, ApplicationWindow, Box as GBox, Orientation, Paned, Stack}; +use gtk4::{Application, ApplicationWindow, Orientation, Paned, Stack}; use super::sidebar; use super::views; @@ -12,7 +12,7 @@ pub fn build_ui(app: &Application) { .default_height(640) .build(); - crate::theme::load(&window.display()); + crate::theme::load(&WidgetExt::display(&window)); let hpaned = Paned::new(Orientation::Horizontal); hpaned.set_position(190); From 30d94aa28670dbeee34bd2a40bd8c13603dbca4b Mon Sep 17 00:00:00 2001 From: Breadway Date: Sat, 13 Jun 2026 22:54:47 +0800 Subject: [PATCH 13/14] Remove accidentally-committed .claude agent state; gitignore it Co-Authored-By: Claude Opus 4.8 --- .../prod-readiness-auditor/MEMORY.md | 3 -- .../project-bos-patterns.md | 30 ------------------- .gitignore | 3 ++ 3 files changed, 3 insertions(+), 33 deletions(-) delete mode 100644 .claude/agent-memory/prod-readiness-auditor/MEMORY.md delete mode 100644 .claude/agent-memory/prod-readiness-auditor/project-bos-patterns.md diff --git a/.claude/agent-memory/prod-readiness-auditor/MEMORY.md b/.claude/agent-memory/prod-readiness-auditor/MEMORY.md deleted file mode 100644 index 6eb2edc..0000000 --- a/.claude/agent-memory/prod-readiness-auditor/MEMORY.md +++ /dev/null @@ -1,3 +0,0 @@ -# Memory Index - -- [BOS Project Patterns](project-bos-patterns.md) — recurring hotspots and architectural constraints specific to the BOS repo diff --git a/.claude/agent-memory/prod-readiness-auditor/project-bos-patterns.md b/.claude/agent-memory/prod-readiness-auditor/project-bos-patterns.md deleted file mode 100644 index bf403ce..0000000 --- a/.claude/agent-memory/prod-readiness-auditor/project-bos-patterns.md +++ /dev/null @@ -1,30 +0,0 @@ ---- -name: project-bos-patterns -description: Recurring patterns and hotspots to watch in the BOS repo across audits -metadata: - type: project ---- - -BOS is a rolling Arch Linux OS project combining an archiso installer profile, Calamares configuration, default dotfiles, and a GTK4 Rust settings app (bos-settings). - -**Why:** This is a scaffold-originated repo; the initial code was written in one pass and has several recurring anti-patterns worth watching on future audits. - -**How to apply:** Check these areas first on any future audit pass. - -## Recurring hotspots - -- **config_dir() + /home/user fallback**: Multiple views (breadbar, hyprland, packages) originally inlined `std::env::var("HOME").unwrap_or_else(|_| "/home/user".to_string())` instead of calling `config::config_dir()`. Watch for new views duplicating this. -- **branding.desc YAML**: The `sidebarTextHighlight` key had no space after the colon, causing a hard YAML parse error. Future edits to this file should be checked with `python3 -c "import yaml; yaml.safe_load(open('branding.desc'))"`. -- **Branding images missing**: `logo.png` and `languages.png` are referenced in branding.desc but do not exist in the repo. These must be created before any ISO build attempt. -- **state.rs is dead code**: The file exists at `bos-settings/src/state.rs` but is not declared as `mod state` in `main.rs`. It is silently ignored by cargo. Either wire it in or delete it. -- **pacman.conf TODO**: `[breadway]` repo URL in `iso/pacman.conf` has a TODO comment — must be a live repo before the ISO can be built. -- **eprintln! in production paths**: packages.rs had `eprintln!("bakery update failed: {e}")` inside a GTK callback. GTK apps don't have useful stderr at runtime. Convert to silent handling or surface errors through the UI. -- **can-you-begin-a-composed-beacon.md**: AI-generated random filename for the project plan doc. Should be renamed to PLAN.md before the repo is shared publicly. -- **skel == dotfiles duplication**: `iso/airootfs/etc/skel/.config/` and `dotfiles/` are byte-for-byte identical. This is by design for now, but risks divergence. The plan calls for post-install.sh to copy skel into user home — skel is the authoritative copy; dotfiles/ is redundant scaffolding. Flag in future audits if they diverge. - -## Key architectural constraints - -- Calamares shellprocess runs inside chroot (`dont-chroot: false`). `systemctl enable` works, `systemctl start` does not. -- `MAIN_USER` is derived via `getent passwd 1000` — safe only after Calamares `users` step which precedes `shellprocess` in settings.conf. -- The polkit rule grants wheel-group members passwordless `snapper rollback` via pkexec — intentional per design. -- The live session autologs as root (not a "liveuser") — standard archiso releng behavior, not a bug. diff --git a/.gitignore b/.gitignore index d5294b7..84c7aaf 100644 --- a/.gitignore +++ b/.gitignore @@ -35,3 +35,6 @@ secrets/ logs/ *.pid *.sock + +# Claude Code local agent state +.claude/ From 8e41d9fc2b43f5cdf4bf3b1e6c14766370d8acc5 Mon Sep 17 00:00:00 2001 From: Breadway Date: Sat, 13 Jun 2026 23:00:48 +0800 Subject: [PATCH 14/14] Disable debug package so the main package publishes correctly makepkg's debug split produced a -debug pkg; the upload's head -1 could grab it instead of the main package. !debug yields a single package. Co-Authored-By: Claude Opus 4.8 --- packaging/arch/PKGBUILD | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packaging/arch/PKGBUILD b/packaging/arch/PKGBUILD index f6e6fef..6747f88 100644 --- a/packaging/arch/PKGBUILD +++ b/packaging/arch/PKGBUILD @@ -10,7 +10,7 @@ license=('MIT') # Some Rust deps (ring/mlua) build vendored C/asm into static archives; makepkg's # default -flto=auto emits GCC LTO bitcode the Rust (lld) link cannot read, # causing undefined-symbol errors. Disable LTO. -options=(!lto) +options=(!lto !debug) depends=('gtk4' 'glib2' 'hicolor-icon-theme') optdepends=( 'snapper: snapshot management view'