kernel-agent

Author SHA1 Message Date

Author	SHA1	Message	Date
test0r	dd631fd3c7	ka-build: arch makepkg wrapper + sign + publish (closes #34 ) Phase-1 ka-build per umbrella #21: 1. Read manifest.lock from ka-promote output. Refuse if missing. 2. Verify each PKGBUILD-side patch in marfrit-packages still matches the kernel-agent-side patch by sha256 (manifest.lock is authoritative). 3. ssh-dispatch makepkg --syncdeps --noconfirm --cleanbuild to the manifest's build_host.primary. Native build only — no distcc (feedback_kernel_agent_no_distcc). 4. Pull the resulting .pkg.tar.zst back; scp to hertz and run /opt/herding/bin/marfrit-publish-arch aarch64 <pkg>. 5. Append a `build:` block to manifest.lock with built_at, host, per-package b2sum + size. Flags: --dry-run (stop before makepkg), --skip-publish (build only), --packages-repo (override default ~/src/marfrit-packages). Out of scope (separate followups): - Debian .deb path - PKGBUILD template generation* (current PKGBUILDs are hand-authored; ka-build verifies + stamps, doesn't author) - distcc routing (explicitly NOT in kernel-agent flow) - ka-build --validate-against (apply-check harness) Tests: 6/6 pass (arg parsing, missing manifest.lock, missing PKGBUILD, patch drift via sha256 mismatch, happy-path dry-run on fresnel). Full-build path manually exercisable; CI integration deferred until the sandbox supports mock build-host + mock marfrit-publish-arch.	2026-05-19 09:24:23 +02:00
test0r	2f119a3fb7	ka-promote: auto-normalise git format-patch trailers (closes #31 ) write_cumulative() now strips any "-- \n<MAJOR>.<MINOR>(.<PATCH>)?\n" sentinel from each input patch and emits a single canonical separator between, but not after, concatenated patches. Source patches in patches/<scope>/ can therefore keep their original git format-patch shape regardless of their position in fleet/<host>.yaml — the brittle "trailer flip-flop on include reorder" mode from PR #28 (commits `84734ba` ↔ ceec602) is gone. Tests: - new unit covers strip_trailer + write_cumulative shape with mixed trailer states + asserts no orphan trailer leaks at EOF - fresnel parity b2sum re-recorded after the shape change (4d9d93c6... -> 9c21751c...) — the cumulative is byte-identical modulo per-patch trailer normalisation; git apply --check on the v7.0 baseline still passes - existing series-dir, bad-include, missing-patch, duplicate-include rejections unchanged	2026-05-19 06:30:38 +02:00
claude-noether	91fe815c4c	bin/ka-promote: implement resolver + cumulative + manifest.lock (Phase 6 of #22 ) First of the three [ka:cli-build-out] verbs (umbrella #21). Reads fleet/<host>.yaml, resolves includes[] (single-file + series-dir), concatenates in apply order, emits build/<host>/<ref>/{cumulative.patch, manifest.lock}. Phase-3 ground truth on fresnel parity: b2sum 4d9d93c655ea701b… matches bit-for-bit. Five tests in tests/ka-promote/ (fresnel parity, series-dir resolver, bad-include, missing-patch, dup-include) all pass. Validator (--validate-against <linux-checkout>) hard-fails on: missing .git, baseline.ref not in checkout, HEAD-tree != baseline.ref tree, or uncommitted/untracked changes. Verified on boltzmann against the torvalds v7.0 worktree (all 3 negative paths exit 3 with clear errors). Side fix: fleet/fresnel.yaml baseline.tree mmind/linux-rockchip → torvalds/linux. mmind doesn't ship a plain v7.0 tag; baseline was actually torvalds the whole time. mmind kept as informational patch_authoring_context. Phase-5 reviewer (sonnet outside-look, #22 comment 1135) followups addressed: series-dir fixture count 7 (not 6), divergence = hard error, raw-bytes manifest hash, duplicate-include pre-flight check, explicit yaml.dump(sort_keys=True). Language choice (vs ka-status's bash): pure python3 — YAML round-trip, dict construction, and per-file hashing made bash+heredoc python quoting hell with no readability gain. Phase 7 (verify on ampere parity) + Phase 8 (close + README rewrite + PR) to follow. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-18 08:52:42 +00:00

dd631fd3c7

ka-build: arch makepkg wrapper + sign + publish (closes #34 )

Phase-1 ka-build per umbrella #21:

1. Read manifest.lock from ka-promote output. Refuse if missing.
2. Verify each PKGBUILD-side patch in marfrit-packages still matches
   the kernel-agent-side patch by sha256 (manifest.lock is authoritative).
3. ssh-dispatch makepkg --syncdeps --noconfirm --cleanbuild to the
   manifest's build_host.primary. Native build only — no distcc
   (feedback_kernel_agent_no_distcc).
4. Pull the resulting *.pkg.tar.zst back; scp to hertz and run
   /opt/herding/bin/marfrit-publish-arch aarch64 <pkg>.
5. Append a `build:` block to manifest.lock with built_at, host,
   per-package b2sum + size.

Flags: --dry-run (stop before makepkg), --skip-publish (build only),
--packages-repo (override default ~/src/marfrit-packages).

Out of scope (separate followups):
- Debian .deb path
- PKGBUILD template *generation* (current PKGBUILDs are hand-authored;
  ka-build verifies + stamps, doesn't author)
- distcc routing (explicitly NOT in kernel-agent flow)
- ka-build --validate-against (apply-check harness)

Tests: 6/6 pass (arg parsing, missing manifest.lock, missing PKGBUILD,
patch drift via sha256 mismatch, happy-path dry-run on fresnel).
Full-build path manually exercisable; CI integration deferred until
the sandbox supports mock build-host + mock marfrit-publish-arch.

2026-05-19 09:24:23 +02:00

test0r

2f119a3fb7

ka-promote: auto-normalise git format-patch trailers (closes #31 )

write_cumulative() now strips any "-- \n<MAJOR>.<MINOR>(.<PATCH>)?\n" sentinel
from each input patch and emits a single canonical separator between, but not
after, concatenated patches. Source patches in patches/<scope>/ can therefore
keep their original git format-patch shape regardless of their position in
fleet/<host>.yaml — the brittle "trailer flip-flop on include reorder" mode
from PR #28 (commits 84734ba ↔ ceec602) is gone.

Tests:
- new unit covers strip_trailer + write_cumulative shape with mixed
  trailer states + asserts no orphan trailer leaks at EOF
- fresnel parity b2sum re-recorded after the shape change
  (4d9d93c6... -> 9c21751c...) — the cumulative is byte-identical
  modulo per-patch trailer normalisation; git apply --check on the
  v7.0 baseline still passes
- existing series-dir, bad-include, missing-patch, duplicate-include
  rejections unchanged

2026-05-19 06:30:38 +02:00

claude-noether

91fe815c4c

bin/ka-promote: implement resolver + cumulative + manifest.lock (Phase 6 of #22 )

First of the three [ka:cli-build-out] verbs (umbrella #21). Reads
fleet/<host>.yaml, resolves includes[] (single-file + series-dir),
concatenates in apply order, emits build/<host>/<ref>/{cumulative.patch,
manifest.lock}. Phase-3 ground truth on fresnel parity: b2sum
4d9d93c655ea701b… matches bit-for-bit.

Five tests in tests/ka-promote/ (fresnel parity, series-dir resolver,
bad-include, missing-patch, dup-include) all pass.

Validator (--validate-against <linux-checkout>) hard-fails on: missing
.git, baseline.ref not in checkout, HEAD-tree != baseline.ref tree,
or uncommitted/untracked changes. Verified on boltzmann against the
torvalds v7.0 worktree (all 3 negative paths exit 3 with clear errors).

Side fix: fleet/fresnel.yaml baseline.tree mmind/linux-rockchip → torvalds/linux.
mmind doesn't ship a plain v7.0 tag; baseline was actually torvalds the
whole time. mmind kept as informational patch_authoring_context.

Phase-5 reviewer (sonnet outside-look, #22 comment 1135) followups
addressed: series-dir fixture count 7 (not 6), divergence = hard error,
raw-bytes manifest hash, duplicate-include pre-flight check, explicit
yaml.dump(sort_keys=True).

Language choice (vs ka-status's bash): pure python3 — YAML round-trip,
dict construction, and per-file hashing made bash+heredoc python quoting
hell with no readability gain.

Phase 7 (verify on ampere parity) + Phase 8 (close + README rewrite +
PR) to follow.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-18 08:52:42 +00:00

3 Commits