Build Alpha.5 local rig profiles and flight sheets#4
Conversation
Deadbytes101
left a comment
There was a problem hiding this comment.
Static review on the pushed Alpha.5 head found three blockers before image acceptance.
-
rigos-configrevalidation callsrigos-state-init --dry-run, but layout validation still rejects every mounted non-root child. After successful state initialization partition 4 is mounted at/var/lib/rigos, so the revalidation path can fail withUnexpectedWritableMountand block config import on the exact verified USB. Add an attestation-only validation mode that explicitly permits the already verified state mount, or separate immutable identity validation from writable-mount checks. Lock this with a test where ROOT_A and RIGOS_STATE are both mounted on the same USB. -
The importer expects a flattened object. The real Hive-style Flight Sheet fixture supplied for this work stores the miner data inside
items[0]. The current synthetic fixture therefore does not prove compatibility with the target format. Add strict envelope parsing for exactly one supported XMRig item or define deterministic item selection with ambiguity rejection. Preserve the credential-free synthetic fixture but match the real nesting and member-fragment syntax. -
string_listfilters non-string pool entries andbool_listcoerces invalid or mismatched TLS entries tofalse. This violates the fail-closed import contract and can change pool ordering or TLS meaning. Reject mixed types and require either one boolean applied to all pools or an array with exactly the pool count.
Additional status
- stacked base and head are correct
- PR remains draft
- no workflow runs are currently attached to the pushed head
- GitHub reports 7 commits ahead of the Alpha.4 base, consisting of the two seed branch commits plus the five pushed implementation commits
- positive physical validation remains blocked by Issue #3
Do not merge or mark ready until these blockers and the image gates pass.
Deadbytes101
left a comment
There was a problem hiding this comment.
Review of 24c62ba181abd2f1aaa0bf6c989dd57d47701bcb
Accepted fixes
- exact verified state mount is now permitted only in the attestation-only path while the normal layout validator still rejects it
- the importer now rejects empty or ambiguous
items, mixed pool URL types, non-boolean TLS values, TLS array length mismatch, and URL scheme conflicts - the synthetic fixture now has a one-item envelope
One original compatibility blocker remains incomplete
The real Hive-style input places algo, url, pass, template, cpu_config, and user_config inside items[0].miner_config. The importer currently reads those keys from items[0] itself. That silently falls back to algorithm auto, worker template {node_name}, and default CPU policy for the target fixture. Add strict parsing of exactly one miner_config object and lock these semantics
urlmust be%URL%templatemust be%WAL%passmay map%WORKER_NAME%to the RIGOS worker templatealgo,cpu_config, anduser_configcome fromminer_config- nested keys must use an explicit allowlist and dangerous nested fields must fail
- the synthetic fixture must preserve the same nesting as the compatibility target
Additional firstboot blockers found during the follow-up review
-
rigos-firstbootchecks for statereadyorgrownbefore runningpasswd. The image build locksrigosadmininitially. On the knownlimited_capacitypath the operator sees the negative gate and is then left without a usable local administrator login for Issue #3 diagnostics. Keep configuration and mining blocked, but establish the local administrator password before the state-dependent config flow or provide an explicit local recovery path. -
External identity mapping is written but not read by firstboot.
resolve_identityscans only identity files, so confirmedwal_idmappings are never reused. Also, selecting an existing identity whose alias differs from a native sheet reference returns that record without updating the proposal reference, causingbuild_runtimeto reject the transaction. Add the confirmed mapping lookup and update the in-memory proposal only after explicit operator confirmation.
PR should remain draft. No review thread was replied to or resolved, and no PR status was changed.
|
Direct GitHub update applied without requiring a local patch download. Current head Changes since
The PR remains open and draft. No review thread was resolved and no PR status was changed. Remote CI is not configured on this head, so build authorization still requires a fresh local pull followed by fmt, clippy, workspace tests, Linux-target check, schema verification, and |
|
Applied the rustfmt-only follow-up directly on GitHub after the Windows verification exposed formatting drift. Current head The PR remains open and draft. No review thread was replied to or resolved and no PR status was changed. Local Windows results already show clippy and workspace tests passing, including all five Hive compatibility tests. Final verification should now be rerun after pull, with |
|
Local WSL verification status correction for head The run did not complete successfully. Workspace checks and the new Hive compatibility tests passed, but This is an environment artifact-cache contamination issue, not a reported source-test failure. Re-run with an isolated WSL PR remains open and draft. No review thread or PR status was changed. |
|
Latest local WSL verification update for head The isolated WSL target directory fixed the previous GLIBC contamination. Workspace clippy and tests now pass, including the complete Hive compatibility suite. The full verification still stopped in Install |
|
Alpha.5 source verification passed on head Verified in WSL with an isolated Linux
Source gate is closed and the Alpha.5 image build is authorized. Next gates remain image build, appliance verifier, QEMU SeaBIOS, QEMU OVMF, and physical negative state gate. PR remains open and draft. No review thread or PR status was changed. |
|
Alpha.5 image build was not started in the latest local attempt. Linux build commands were entered directly in Windows PowerShell, and Podman is not installed in that shell. No repository or source failure was observed. Next action is to install Podman inside WSL and run the documented builder from WSL against verified head PR remains open and draft. Build gate is still pending. |
|
Fixed the Podman short-name build failure directly on the branch. New head Change
This removes dependence on host The previous build did not start and exited 125 before creating the builder container. Pull the new head, rerun source verification for the new commit, then rerun the image build. PR remains open and draft. |
|
The latest run reached image assembly but did not close the build gate. Observed result
Fixed directly on the branch in
Pull the new head, reverify it, and rerun the image build. PR remains open and draft. |
|
Alpha.5 build update for head Passed
The last checksum command was run from the wrong directory. Run it from |
|
Physical flash preflight evidence captured with Rufus for the Alpha.5 raw image. Observed on the 28.7 GB removable USB target
This matches the Alpha.5 image layout contract. This evidence confirms image recognition and target layout, but does not by itself close BIOS, UEFI, firstboot, state, or internal-disk safety gates. PR remains open and draft. |
|
Physical boot evidence captured for Alpha.5. Observed on hardware
This closes the physical negative state gate. The result also confirms the firstboot screen path is visible on hardware. It does not close the positive configuration, reboot persistence, accepted-share, internal-disk safety, or exact firmware-mode gates. Issue #3 remains the blocker for positive physical Alpha.5 validation. PR remains open and draft. |
|
Fixed the physical tty1 handoff bug observed after the Root cause
Fix
Commits
The current Alpha.5 image predates this fix and must not be treated as the final physical-validation image. Pull the new head, run source verification, rebuild, verify the image, and reflash before retesting tty1. PR remains draft. |
|
TTY1 handoff fix source verification passed on head |
|
TTY1-fix rebuild reached successful artifact generation on head Passed
The wrapper then exited 127 because |
|
Physical tty1 handoff retest passed on head Observed on hardware
This closes the physical tty1 handoff bug and its regression gate. Issue #3 remains open because persistent state still reports |
Summary
Adds the Alpha.5 local rig profile and Flight Sheet engine on top of the immutable Alpha.4 MBR appliance work.
This remains a stacked draft PR with base
rigos-alpha2-mbr. It must remain draft until image and physical gates are complete.Scope
rig.confmachine profilerigos.nomine=1safety gateProduct contract
Source gate
Passed on head
c772bcc26279e9becafe3ae2f1561eba289c2f16in WSL with an isolated LinuxCARGO_TARGET_DIR.Current head
0288897ec0f8ae360214618c3c3f4af351677b1fcontains one build-only follow-up that qualifies the Rust container image asdocker.io/library/rust:1.85.1-bookwormfor deterministic Podman resolution. Reverification is required before the image build continues.Previous passing evidence
scripts/verify.shreportedRIGOS verification passedRIGOS_ALPHA5_VERIFY_OK0Alpha.4 artifact SHA-256 remains immutable at
25b275b267c7917e5f27bbe5a72681b108a3bb574556d80d5c4053e5fcefd2d3.Image build
Build only from a verified head and a tracked-clean commit.
Expected authoritative artifact
dist/usb/rigos-usb-amd64-0.0.4-alpha.5.imgDependencies
readyorgrownGates still pending
Do not merge or mark ready yet.