[ka:cli-build-out] Implement ka-promote / ka-build / ka-install — close the Phase-8 gap #21

New Issue

2026-05-18T07:55:16Z

marfrit commented

2026-05-18 07:55:16 +00:00

Phase 8 — package the verbs

bin/ka-status is the only implemented verb. Everything else (ka-promote, ka-build, ka-install) is README-spec + a documented "manual substitute" recipe (fresnel bootstrap 2026-05-09 in README.md:227). The 9(+1)-phase loop close-clause says full ships — half-implemented tooling with manual fallback as the operational mode is exactly the kind of drift kernel-agent exists to abolish; running it on itself is a Phase-8 violation.

Each new fleet host (ohm via BESser, ampere, future) currently re-cements the hand-managed flow. Closing this issue means new-host onboarding goes through the verbs as the only path.

Verbs to implement

Verb	Depends on	What it does
`ka-promote`	—	Read manifest `includes[]` + `apply_order`, concat scope-tagged series into one cumulative `.patch`, validate it applies on `baseline.ref`, compute b2sum
`ka-build`	`ka-promote`	Wrap `makepkg` on `boltzmann` (primary) / `fermi` (fallback). Render PKGBUILD template (b2sum, pkgrel, _srctag from manifest). Sign + push to `packages.reauktion.de`
`ka-install`	`ka-build`	scp + `pacman -U` (or apt equivalent), backup vmlinuz, extlinux/mkinitcpio post-trigger, ssh-heartbeat as consent-via-action

Order + per-verb issues

ka-promote first — it is the blocker; ka-build/install assume promotion has run. Substrate already in place: fleet/{ampere,fresnel,ohm}.yaml manifests + patches/{soc,driver,board,module,subsystem,arch}/ tree. Phase-1 metric candidate: deterministic byte-identical cumulative patch from a manifest + reproducible b2sum.
ka-build second — fresnel bootstrap log (README.md:227) is the substrate. One concrete win: bake in the ln -sr headers-pkg fix that was discovered mid-bootstrap.
ka-install third — README.md:283 already flags the vmlinuz vs Image mkinitcpio hook gap. Bakes consent-via-action + extlinux trigger.

Each verb gets its own [ka:cli-build-out] issue + PR. This issue stays open as the umbrella, closes when all three ship.

Out of scope (separate issues if pursued)

ohm migration (#5) — paused while BESser is iterating on ohm
ka-render / ka-publish / kconfig-by-manifest — listed in README but not on the Phase-8-close critical path
Bootstrapping kernel-agent checkout on boltzmann (currently noether-only) — ka-build implementation will force this

Acceptance for closing this umbrella

ka-promote ampere (or fresnel) produces the same cumulative patch as the existing canonical PKGBUILD, byte-for-byte (parity test against boltzmann:~/src/besser/marfrit-besser/danctnix-besser-pkgbuild/kernel/0001-bes2600-besser-cumulative-series.patch — but only after the parallel ohm work in #5 lands; for Phase-1 use fresnel or ampere as the parity host)
ka-build <host> produces a signed .pkg.tar.zst / .deb identical (modulo timestamps) to the most recent hand-built package for that host
ka-install <host> reboots the host and ssh comes back; pre-install backup exists at hertz:/sparfuxdata/kernel-agent-backups/<host>/<replaced_version>/
README "Bootstrap reference build" section reframed from manual recipe → "automated by ka-* verbs, manual path retained as fallback"

## Phase 8 — package the verbs `bin/ka-status` is the only implemented verb. Everything else (`ka-promote`, `ka-build`, `ka-install`) is README-spec + a documented "manual substitute" recipe (fresnel bootstrap 2026-05-09 in README.md:227). The 9(+1)-phase loop close-clause says **full ships** — half-implemented tooling with manual fallback as the operational mode is exactly the kind of drift kernel-agent exists to abolish; running it on itself is a Phase-8 violation. Each new fleet host (ohm via BESser, ampere, future) currently re-cements the hand-managed flow. Closing this issue means new-host onboarding goes through the verbs as the only path. ## Verbs to implement | Verb | Depends on | What it does | |---|---|---| | `ka-promote` | — | Read manifest `includes[]` + `apply_order`, concat scope-tagged series into one cumulative `.patch`, validate it applies on `baseline.ref`, compute b2sum | | `ka-build` | `ka-promote` | Wrap `makepkg` on `boltzmann` (primary) / `fermi` (fallback). Render PKGBUILD template (b2sum, pkgrel, _srctag from manifest). Sign + push to `packages.reauktion.de` | | `ka-install` | `ka-build` | scp + `pacman -U` (or apt equivalent), backup vmlinuz, extlinux/mkinitcpio post-trigger, ssh-heartbeat as consent-via-action | ## Order + per-verb issues 1. **ka-promote** first — it is the blocker; ka-build/install assume promotion has run. Substrate already in place: `fleet/{ampere,fresnel,ohm}.yaml` manifests + `patches/{soc,driver,board,module,subsystem,arch}/` tree. Phase-1 metric candidate: deterministic byte-identical cumulative patch from a manifest + reproducible b2sum. 2. **ka-build** second — fresnel bootstrap log (README.md:227) is the substrate. One concrete win: bake in the `ln -sr` headers-pkg fix that was discovered mid-bootstrap. 3. **ka-install** third — README.md:283 already flags the `vmlinuz` vs `Image` mkinitcpio hook gap. Bakes consent-via-action + extlinux trigger. Each verb gets its own `[ka:cli-build-out]` issue + PR. This issue stays open as the umbrella, closes when all three ship. ## Out of scope (separate issues if pursued) - ohm migration (#5) — paused while BESser is iterating on ohm - `ka-render` / `ka-publish` / kconfig-by-manifest — listed in README but not on the Phase-8-close critical path - Bootstrapping kernel-agent checkout on boltzmann (currently noether-only) — `ka-build` implementation will force this ## Acceptance for closing this umbrella - [ ] `ka-promote ampere` (or fresnel) produces the same cumulative patch as the existing canonical PKGBUILD, byte-for-byte (parity test against `boltzmann:~/src/besser/marfrit-besser/danctnix-besser-pkgbuild/kernel/0001-bes2600-besser-cumulative-series.patch` — but only after the parallel ohm work in #5 lands; for Phase-1 use fresnel or ampere as the parity host) - [ ] `ka-build <host>` produces a signed .pkg.tar.zst / .deb identical (modulo timestamps) to the most recent hand-built package for that host - [ ] `ka-install <host>` reboots the host and ssh comes back; pre-install backup exists at `hertz:/sparfuxdata/kernel-agent-backups/<host>/<replaced_version>/` - [ ] README "Bootstrap reference build" section reframed from manual recipe → "automated by ka-* verbs, manual path retained as fallback"

marfrit referenced this issue

2026-05-18 07:59:12 +00:00

[ka:cli-build-out] ka-promote: resolve manifest + concat scope-tagged series into cumulative patch #22

marfrit commented

2026-05-18 07:59:16 +00:00

Tracking child: #22 (ka-promote). ka-build / ka-install issues come when ka-promote phase-3 baseline lands.

marfrit referenced this issue

2026-05-18 08:54:46 +00:00

[ka:cli-build-out] ka-promote: implement resolver + cumulative + manifest.lock (closes #22) #23

marfrit commented

2026-05-18 08:54:55 +00:00

ka-promote PR opened: #23. README + tests + fresnel manifest fix bundled. ka-build + ka-install issues to follow once the umbrella is at the right rhythm — no rush, but the Phase-8 close-discipline applies to them too once started.

marfrit referenced this issue from a commit

2026-05-18 08:57:16 +00:00

bin/ka-promote: implement resolver + cumulative + manifest.lock (Phase 6 of #22)

marfrit referenced this issue

2026-05-19 07:01:21 +00:00

[ka:cli-build-out] ka-build: arch makepkg wrapper + sign + publish #34

marfrit referenced this issue from a commit

2026-05-19 07:24:34 +00:00

ka-build: arch makepkg wrapper + sign + publish (closes #34)

marfrit referenced this issue

2026-05-19 07:24:58 +00:00

ka-build: arch makepkg wrapper + sign + publish (closes #34) #35