feat(tools): add build-iiab-rootfs.sh (IIAB-oA rootfs builder)#24
Merged
Conversation
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
There was a problem hiding this comment.
Claude Code Review
This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.
Tip: disable this comment in your organization's Code Review settings.
proot repeatedly printed 'please set PROOT_TMP_DIR to a writable location'
during the install. PROOT_TMP_DIR was set INSIDE the 'env -i' guest env to
${PROOT_TMP} (a HOST absolute path) which does not exist inside the rootfs,
so any nested proot the IIAB installer spawns in the guest inherited a
non-writable PROOT_TMP_DIR. Meanwhile the OUTER proot had no PROOT_TMP_DIR
in its host env at all.
Fix:
- Set PROOT_TMP_DIR=${PROOT_TMP} on the HOST side (prefix the outer proot
command) so the outer proot writes its temp to the writable host dir.
- In the guest env set PROOT_TMP_DIR=/tmp — a guest-valid path bound to
${PROOT_TMP} (writable, chmod 1777) — so nested guest proot works and the
message stops. Also more device-faithful (a guest path, not a host path).
…uilds) Two fixes needed when BUILDING the rootfs on an SBC (proot on a 64-bit kernel), which do not arise in the on-device APK build: 1) pid_max: glibc's 32-bit pthread_mutex_t aborts when a process PID > 65535. The host PID counter climbs with uptime, so the armeabi-v7a build failed intermittently (e.g. RPi5 at pid 114831 -> core dump, rc=134) while passing on freshly-booted hosts. For armeabi-v7a on an aarch64 host, cap kernel.pid_max to 65536 before launching proot and restore it on exit (trap). No effect on arm64. 2) flatten .l2s: proot --link2symlink rewrites hardlinks as ABSOLUTE symlinks to .l2s.<name>NNNN files under the build path; they dangle once the rootfs is restored at another path on the device (e.g. better_sqlite3.node), breaking the dashboard. Materialize every .l2s symlink into a real file before packaging so the tarball is relocatable.
luisguzman-adfa
force-pushed
the
tools/add-rootfs-builder
branch
from
0ab3b03 to
7127e70
Compare
added 2 commits
June 23, 2026 04:30
In --all-arch/--all-tier mode the script re-invokes itself per (arch,tier). It used "$0", which is just the basename when launched as 'bash build-iiab-rootfs.sh' (no ./ , not on PATH) -> 'command not found' and every combo failed instantly. Resolve an absolute SELF once (readlink -f $0) and dispatch with 'bash "$SELF"', so it works regardless of how it's launched (bash NAME, ./NAME, or abs path).
Emit two members inside the tree: identity (.iiab-rootfs.json, packed first) and integrity (.iiab-rootfs.integrity.json, packed last, excluded from its own hash), carrying an iiab-tree-sha256-v1 streaming tree digest. Build self-verifies the finished artifact before shipping. Lets a manually-imported rootfs (no sidecar .meta4) detect corruption on its own. Frozen spec + recipe: docs/ROOTFS_MANIFEST.md Reference recipe: tools/iiab_tree_hash.py
luisguzman-adfa
added a commit
that referenced
this pull request
Jun 23, 2026
…ft + alert) Builds on the import/restore validation: now reads the build's identity manifest `installed-rootfs/iiab/.iiab-rootfs.json` (canonical contract: docs/ROOTFS_MANIFEST.md), which the rootfs builder (PR #24) emits as the first tar member. - New deploy/data/RootfsManifest: a dependency-free reader that parses only the first few 512-byte tar headers (the identity member is packed first) to get {kind, arch} — no reliance on libtar `--occurrence`, fast (a few KB). - RootfsArchiveValidator: when the manifest is present it authoritatively gates `kind` (must be "iiab-rootfs") and `arch` (must equal this app's ABI); the ELF probe is skipped. When absent it returns OK_NO_MANIFEST and falls back to the existing ELF/structure heuristic. - Soft phase (this version): a missing manifest does NOT block — import shows a non-blocking "manifest not found" warning and proceeds; a later version will validate silently / then strictly. Wrong kind/arch is still hard-blocked. - New string install_warn_manifest_missing (en + es). Next (separate PR): the integrity check (iiab-tree-sha256-v1 -> Result.CORRUPT, a Java ustar/pax reader mirroring tools/iiab_tree_hash.py) and the in-app backup-writer emitting both members.
luisguzman-adfa
added a commit
that referenced
this pull request
Jun 23, 2026
…ft + alert) Builds on the import/restore validation: now reads the build's identity manifest `installed-rootfs/iiab/.iiab-rootfs.json` (canonical contract: docs/ROOTFS_MANIFEST.md), which the rootfs builder (PR #24) emits as the first tar member. - New deploy/data/RootfsManifest: a dependency-free reader that parses only the first few 512-byte tar headers (the identity member is packed first) to get {kind, arch} — no reliance on libtar `--occurrence`, fast (a few KB). - RootfsArchiveValidator: when the manifest is present it authoritatively gates `kind` (must be "iiab-rootfs") and `arch` (must equal this app's ABI); the ELF probe is skipped. When absent it returns OK_NO_MANIFEST and falls back to the existing ELF/structure heuristic. - Soft phase (this version): a missing manifest does NOT block — import shows a non-blocking "manifest not found" warning and proceeds; a later version will validate silently / then strictly. Wrong kind/arch is still hard-blocked. - New string install_warn_manifest_missing (en + es). Next (separate PR): the integrity check (iiab-tree-sha256-v1 -> Result.CORRUPT, a Java ustar/pax reader mirroring tools/iiab_tree_hash.py) and the in-app backup-writer emitting both members.
luisguzman-adfa
added a commit
that referenced
this pull request
Jun 23, 2026
…ft + alert) Builds on the import/restore validation: now reads the build's identity manifest `installed-rootfs/iiab/.iiab-rootfs.json` (canonical contract: docs/ROOTFS_MANIFEST.md), which the rootfs builder (PR #24) emits as the first tar member. - New deploy/data/RootfsManifest: a dependency-free reader that parses only the first few 512-byte tar headers (the identity member is packed first) to get {kind, arch} — no reliance on libtar `--occurrence`, fast (a few KB). - RootfsArchiveValidator: when the manifest is present it authoritatively gates `kind` (must be "iiab-rootfs") and `arch` (must equal this app's ABI); the ELF probe is skipped. When absent it returns OK_NO_MANIFEST and falls back to the existing ELF/structure heuristic. - Soft phase (this version): a missing manifest does NOT block — import shows a non-blocking "manifest not found" warning and proceeds; a later version will validate silently / then strictly. Wrong kind/arch is still hard-blocked. - New string install_warn_manifest_missing (en + es). Next (separate PR): the integrity check (iiab-tree-sha256-v1 -> Result.CORRUPT, a Java ustar/pax reader mirroring tools/iiab_tree_hash.py) and the in-app backup-writer emitting both members.
luisguzman-adfa
added a commit
that referenced
this pull request
Jun 24, 2026
…ft + alert) Builds on the import/restore validation: now reads the build's identity manifest `installed-rootfs/iiab/.iiab-rootfs.json` (canonical contract: docs/ROOTFS_MANIFEST.md), which the rootfs builder (PR #24) emits as the first tar member. - New deploy/data/RootfsManifest: a dependency-free reader that parses only the first few 512-byte tar headers (the identity member is packed first) to get {kind, arch} — no reliance on libtar `--occurrence`, fast (a few KB). - RootfsArchiveValidator: when the manifest is present it authoritatively gates `kind` (must be "iiab-rootfs") and `arch` (must equal this app's ABI); the ELF probe is skipped. When absent it returns OK_NO_MANIFEST and falls back to the existing ELF/structure heuristic. - Soft phase (this version): a missing manifest does NOT block — import shows a non-blocking "manifest not found" warning and proceeds; a later version will validate silently / then strictly. Wrong kind/arch is still hard-blocked. - New string install_warn_manifest_missing (en + es). Next (separate PR): the integrity check (iiab-tree-sha256-v1 -> Result.CORRUPT, a Java ustar/pax reader mirroring tools/iiab_tree_hash.py) and the in-app backup-writer emitting both members.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds
tools/build-iiab-rootfs.sh— builds an IIAB-oA rootfs natively under proot (same libproot + flags asPRootEngine.java), alongsidetools/proot-builder.Highlights:
/opt/iiab/iiabfor the artifact id (provenance).installed-rootfs/iiab/— what the app extracts intorootfs/and detects (fixes the layout mismatch)..meta4via mkmetalink (bootstraps Go >= 1.25.1), primary + mirror (priority 10/11).--all-arch/--all-tier;--scratch-build(double-gated); native-first with QEMU fallback (--accept-force-emulate-qemu); start-clean + housekeeping; timing.dist/+PUBLISH_QUEUE.tsv, never uploads.Verified: arm64
fullbuilds CLEAN (~30 min);bash -npasses.Note: tooling-only; skipped by CI once #23 merges. Future: wire into
bake-rootfs.yml.