refraction-forger

CloudNebulaProject/refraction-forger

Fork 0

mirror of https://github.com/CloudNebulaProject/refraction-forger.git synced 2026-04-10 13:20:40 +00:00

Commit graph

Author	SHA1	Message	Date
Till Wegmueller	0510c8f31f	Fix 8 bugs: include merging, UID collision, shell injection, OCI compliance - spec-parser: merge_include now merges repos, variants, certs, incorporation - forge-engine: auto-increment UID/GID from existing passwd/group files - forge-engine: replace shell-based APT source addition with direct file write - forge-engine/forge-oci: OS field is now distro-aware (solaris vs linux) - forge-engine: apply owner/group via lchown on file/dir/symlink overlays - forge-oci: diff_ids now use uncompressed tar digests per OCI image spec - forge-oci: track real uncompressed_size instead of hardcoded 0 - forge-engine/forge-builder: use spec metadata version instead of "latest"	2026-04-09 22:45:42 +02:00
Till Wegmueller	19c8379fc6	Add builder VM support for cross-platform and unprivileged builds Introduce the forge-builder crate that automatically delegates builds to an ephemeral VM when the host can't build locally (e.g., QCOW2 targets without root, or OmniOS images on Linux). The builder detects these conditions, spins up a VM via vm-manager with user-mode networking, uploads inputs, streams the remote build output, and retrieves artifacts. Key changes: - New forge-builder crate with detection, binary resolution, VM lifecycle management, file transfer, and miette diagnostic errors - BuilderNode added to spec-parser schema for per-spec VM config - --local and --use-builder CLI flags on the build command - Feature-gated (default on) integration in forger CLI - Fix ext4 QCOW2 grub-install failure by using absolute paths in chroot - Improve debootstrap to pass --components and write full sources.list Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-15 17:17:30 +01:00
Till Wegmueller	48f8db1236	Initial implementation of refraction-forger Standalone workspace with 4 crates for building optimized OS images and publishing to OCI registries: - spec-parser: KDL image spec parsing with include resolution and profile-based conditional filtering - forge-oci: OCI image creation (tar layers, manifests, Image Layout) and registry push via oci-client - forge-engine: Build pipeline with Phase 1 (rootfs assembly via native package managers with -R) and Phase 2 (QCOW2/OCI/artifact targets), plus dyn-compatible ToolRunner trait for external tool execution - forger: CLI binary with build, validate, inspect, push, and targets commands Ported KDL specs and overlay files from the vm-manager prototype. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-15 15:30:22 +01:00

Author

SHA1

Message

Date

Till Wegmueller

0510c8f31f

Fix 8 bugs: include merging, UID collision, shell injection, OCI compliance

- spec-parser: merge_include now merges repos, variants, certs, incorporation
- forge-engine: auto-increment UID/GID from existing passwd/group files
- forge-engine: replace shell-based APT source addition with direct file write
- forge-engine/forge-oci: OS field is now distro-aware (solaris vs linux)
- forge-engine: apply owner/group via lchown on file/dir/symlink overlays
- forge-oci: diff_ids now use uncompressed tar digests per OCI image spec
- forge-oci: track real uncompressed_size instead of hardcoded 0
- forge-engine/forge-builder: use spec metadata version instead of "latest"

2026-04-09 22:45:42 +02:00

Till Wegmueller

19c8379fc6

Add builder VM support for cross-platform and unprivileged builds

Introduce the forge-builder crate that automatically delegates builds to
an ephemeral VM when the host can't build locally (e.g., QCOW2 targets
without root, or OmniOS images on Linux). The builder detects these
conditions, spins up a VM via vm-manager with user-mode networking,
uploads inputs, streams the remote build output, and retrieves artifacts.

Key changes:
- New forge-builder crate with detection, binary resolution, VM lifecycle
  management, file transfer, and miette diagnostic errors
- BuilderNode added to spec-parser schema for per-spec VM config
- --local and --use-builder CLI flags on the build command
- Feature-gated (default on) integration in forger CLI
- Fix ext4 QCOW2 grub-install failure by using absolute paths in chroot
- Improve debootstrap to pass --components and write full sources.list

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-15 17:17:30 +01:00

Till Wegmueller

48f8db1236

Initial implementation of refraction-forger

Standalone workspace with 4 crates for building optimized OS images
and publishing to OCI registries:

- spec-parser: KDL image spec parsing with include resolution and
  profile-based conditional filtering
- forge-oci: OCI image creation (tar layers, manifests, Image Layout)
  and registry push via oci-client
- forge-engine: Build pipeline with Phase 1 (rootfs assembly via native
  package managers with -R) and Phase 2 (QCOW2/OCI/artifact targets),
  plus dyn-compatible ToolRunner trait for external tool execution
- forger: CLI binary with build, validate, inspect, push, and targets
  commands

Ported KDL specs and overlay files from the vm-manager prototype.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-15 15:30:22 +01:00

3 commits