initramfs+modules: robust copy aliasing, curated stage1 + PHYs, firmware policy via firmware.conf, runtime readiness, build ID; docs sync

Summary of changes (with references):\n\nModules + PHY coverage\n- Curated and normalized stage1 list in [config.modules.conf](config/modules.conf:1):\n  - Boot-critical storage, core virtio, common NICs (Intel/Realtek/Broadcom), overlay/fuse, USB HCD/HID.\n  - Added PHY drivers required by NIC MACs:\n    * realtek (for r8169, etc.)\n    * broadcom families: broadcom, bcm7xxx, bcm87xx, bcm_phy_lib, bcm_phy_ptp\n- Robust underscore↔hyphen aliasing during copy so e.g. xhci_pci → xhci-pci.ko, hid_generic → hid-generic.ko:\n  - [bash.initramfs_copy_resolved_modules()](scripts/lib/initramfs.sh:990)\n\nFirmware policy and coverage\n- Firmware selection now authoritative via [config/firmware.conf](config/firmware.conf:1); ignore modules.conf firmware hints:\n  - [bash.initramfs_setup_modules()](scripts/lib/initramfs.sh:229)\n  - Count from firmware.conf for reporting; remove stale required-firmware.list.\n- Expanded NIC firmware set (bnx2, bnx2x, tigon, intel, realtek, rtl_nic, qlogic, e100) in [config.firmware.conf](config/firmware.conf:1).\n- Installer enforces firmware.conf source-of-truth in [bash.alpine_install_firmware()](scripts/lib/alpine.sh:392).\n\nEarly input & build freshness\n- Write a runtime build stamp to /etc/zero-os-build-id for embedded initramfs verification:\n  - [bash.initramfs_finalize_customization()](scripts/lib/initramfs.sh:568)\n- Minor init refinements in [config.init](config/init:1) (ensures /home, consistent depmod path).\n\nRebuild helper improvements\n- [scripts/rebuild-after-zinit.sh](scripts/rebuild-after-zinit.sh:1):\n  - Added --verify-only; container-aware execution; selective marker clears only.\n  - Prints stage status before/after; avoids --rebuild-from; resolves full kernel version for diagnostics.\n\nRemote flist readiness + zinit\n- Init scripts now probe BASE_URL readiness and accept FLISTS_BASE_URL/FLIST_BASE_URL; firmware target is /lib/firmware:\n  - [sh.firmware.sh](config/zinit/init/firmware.sh:1)\n  - [sh.modules.sh](config/zinit/init/modules.sh:1)\n\nContainer, docs, and utilities\n- Stream container build logs by calling runtime build directly in [bash.docker_build_container()](scripts/lib/docker.sh:56).\n- Docs updated to reflect firmware policy, runtime readiness, rebuild helper, early input, and GRUB USB:\n  - [docs.NOTES.md](docs/NOTES.md)\n  - [docs.PROMPT.md](docs/PROMPT.md)\n  - [docs.review-rfs-integration.md](docs/review-rfs-integration.md)\n- Added GRUB USB creator (referenced in docs): [scripts/make-grub-usb.sh](scripts/make-grub-usb.sh)\n\nCleanup\n- Removed legacy/duplicated config trees under configs/ and config/zinit.old/.\n- Minor newline and ignore fixes: [.gitignore](.gitignore:1)\n\nNet effect\n- Runtime now has correct USB HCDs/HID-generic and NIC+PHY coverage (Realtek/Broadcom), with matching firmware installed in initramfs.\n- Rebuild workflow is minimal and host/container-aware; docs are aligned with implemented behavior.\n

config/firmware.conf

@@ -2,12 +2,15 @@
 # Alpine Linux provides separate firmware packages for hardware support
 # Format: FIRMWARE_PACKAGE:DESCRIPTION
 
-# Essential network firmware packages
-linux-firmware-bnx2:Broadcom NetXtreme firmware
+# Essential network firmware packages (wired NICs matching stage1 drivers)
+linux-firmware-bnx2:Broadcom NetXtreme (bnx2) firmware
+linux-firmware-bnx2x:Broadcom NetXtreme II (bnx2x) firmware
+linux-firmware-tigon:Broadcom tg3 (Tigon) firmware
 linux-firmware-e100:Intel PRO/100 firmware
-linux-firmware-intel:Intel network and WiFi firmware (includes e1000e, igb, ixgbe, i40e, ice)
-linux-firmware-realtek:Realtek network firmware (r8169, etc.)
-linux-firmware-qlogic:QLogic network firmware
+linux-firmware-intel:Intel NIC firmware (covers e1000e, igb, ixgbe, i40e, ice)
+linux-firmware-rtl_nic:Realtek NIC firmware (r8169, etc.)
+linux-firmware-realtek:Realtek NIC firmware (meta)
+linux-firmware-qlogic:QLogic NIC firmware
 
 # Storage firmware (if needed)
 # linux-firmware-marvell:Marvell storage/network firmware (not available in Alpine 3.22)

config/init

@@ -1,4 +1,4 @@
-#!/bin/sh -x
+#!/bin/sh
 # Alpine-based Zero-OS Init Script
 # Maintains identical flow to original busybox version
 
@@ -24,11 +24,8 @@ mount -t devtmpfs devtmpfs /dev
 mkdir -p /dev/pts
 mount -t devpts devpts /dev/pts
 
-# Early debug shell if kernel parameter initdebug=true is present
-if grep -qw "initdebug=true" /proc/cmdline; then
-    echo "[+] initdebug=true detected; starting emergency shell. Type 'exit' to continue boot."
-    /bin/sh -l
-fi
+# Re-initialize modules dependencies for basic init
+depmod -a
 
 echo "[+] building ram filesystem"
 
@@ -52,6 +49,8 @@ echo "  copying /var..."
 cp -ar /var $target
 echo "  copying /run..."
 cp -ar /run $target
+echo "  creating /home"
+mkdir $target/home
 
 # Create essential directories
 mkdir -p $target/dev
@@ -77,45 +76,41 @@ if [ -x /sbin/udevd ]; then
     echo "  starting udevd..."
     udevd --daemon
     
+    # Preload keyboard input modules early so console works before zinit and rfs mounts
+    echo "[+] preloading keyboard input modules"
+    for m in i8042 atkbd usbhid hid hid_generic evdev xhci_pci xhci_hcd ehci_pci ehci_hcd ohci_pci ohci_hcd uhci_hcd; do
+        modprobe "$m" 
+    done
+    echo "[+] loading essential drivers"
+    # Load core drivers for storage and network
+    /bin/busybox sh -l
+    modprobe btrfs 2>/dev/null || true
+    modprobe fuse 2>/dev/null || true
+    modprobe overlay 2>/dev/null || true
+
+    # Load storage drivers
+    modprobe ahci 2>/dev/null || true
+    modprobe nvme 2>/dev/null || true
+    modprobe virtio_blk 2>/dev/null || true
+    modprobe virtio_scsi 2>/dev/null || true
+    modprobe virtio_pci 2>/dev/null || true
+
+    # Load network drivers  
+    modprobe virtio_net 2>/dev/null || true
+        
     echo "  triggering device discovery..."
     udevadm trigger --action=add --type=subsystems
     udevadm trigger --action=add --type=devices
+    udevadm trigger --action=add
     udevadm settle
     
     echo "  stopping udevd..."
+    
     kill $(pidof udevd) || true
 else
     echo "  warning: udevd not found, skipping hardware detection"
 fi
 
-echo "[+] loading essential drivers"
-# Load core drivers for storage and network
-modprobe btrfs 2>/dev/null || true
-modprobe fuse 2>/dev/null || true
-modprobe overlay 2>/dev/null || true
-
-# Load storage drivers
-modprobe ahci 2>/dev/null || true
-modprobe nvme 2>/dev/null || true
-modprobe virtio_blk 2>/dev/null || true
-modprobe virtio_scsi 2>/dev/null || true
-modprobe virtio_pci 2>/dev/null || true
-
-# Load network drivers  
-modprobe virtio_net 2>/dev/null || true
-modprobe e1000 2>/dev/null || true
-modprobe e1000e 2>/dev/null || true
-
-echo "[+] loading USB keyboard support"
-modprobe usbcore
-modprobe ehci-hcd
-modprobe xhci-hcd
-modprobe usbhid
-modprobe evdev
-
-# Unmount init filesystems
-umount /proc 2>/dev/null || true
-umount /sys 2>/dev/null || true
 
 echo "[+] debug hook: initdebug=true or /init-debug"
 if grep -qw "initdebug=true" /proc/cmdline; then
@@ -124,16 +119,23 @@ if grep -qw "initdebug=true" /proc/cmdline; then
         sh /init-debug
     else
         echo "  initdebug=true: starting interactive shell (no /init-debug). Type 'exit' to continue."
-        /bin/sh -l
+        debug="-d"
+        /bin/busybox sh
     fi
 elif [ -x /init-debug ]; then
     echo "  executing /init-debug ..."
     sh /init-debug
 fi
 
-echo "[+] switching root"
-mkdir /root/home
-echo "  exec switch_root /mnt/root /sbin/zinit init"
-exec switch_root /mnt/root /sbin/zinit -d init
+# Unmount init filesystems
+umount /proc 2>/dev/null || true
+umount /sys 2>/dev/null || true
 
+
+echo "[+] switching root"
+echo "  exec switch_root /mnt/root /sbin/zinit init"
+exec switch_root /mnt/root /sbin/zinit ${debug} init
+
+# switch_root failed, drop into shell
+/bin/busybox sh
 ##

config/kernel.config

@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 6.12.42 Kernel Configuration
+# Linux/x86 6.12.44 Kernel Configuration
 #
 CONFIG_CC_VERSION_TEXT="gcc (Alpine 14.2.0) 14.2.0"
 CONFIG_CC_IS_GCC=y
@@ -11,8 +11,8 @@ CONFIG_AS_VERSION=24400
 CONFIG_LD_IS_BFD=y
 CONFIG_LD_VERSION=24400
 CONFIG_LLD_VERSION=0
-CONFIG_RUSTC_VERSION=108900
-CONFIG_RUSTC_LLVM_VERSION=200107
+CONFIG_RUSTC_VERSION=109000
+CONFIG_RUSTC_LLVM_VERSION=200108
 CONFIG_CC_CAN_LINK=y
 CONFIG_CC_CAN_LINK_STATIC=y
 CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y
@@ -22,7 +22,7 @@ CONFIG_CC_HAS_ASM_INLINE=y
 CONFIG_CC_HAS_NO_PROFILE_FN_ATTR=y
 CONFIG_LD_CAN_USE_KEEP_IN_OVERLAY=y
 CONFIG_RUSTC_HAS_UNNECESSARY_TRANSMUTES=y
-CONFIG_PAHOLE_VERSION=0
+CONFIG_PAHOLE_VERSION=130
 CONFIG_IRQ_WORK=y
 CONFIG_BUILDTIME_TABLE_SORT=y
 CONFIG_THREAD_INFO_IN_TASK=y
@@ -235,7 +235,7 @@ CONFIG_CHECKPOINT_RESTORE=y
 CONFIG_SCHED_AUTOGROUP=y
 CONFIG_RELAY=y
 CONFIG_BLK_DEV_INITRD=y
-CONFIG_INITRAMFS_SOURCE="../../root"
+CONFIG_INITRAMFS_SOURCE="/workspace/dist/initramfs.cpio.xz"
 CONFIG_INITRAMFS_ROOT_UID=0
 CONFIG_INITRAMFS_ROOT_GID=0
 # CONFIG_RD_GZIP is not set
@@ -2142,7 +2142,9 @@ CONFIG_FW_LOADER_SYSFS=y
 CONFIG_EXTRA_FIRMWARE=""
 CONFIG_FW_LOADER_USER_HELPER=y
 # CONFIG_FW_LOADER_USER_HELPER_FALLBACK is not set
-# CONFIG_FW_LOADER_COMPRESS is not set
+CONFIG_FW_LOADER_COMPRESS=y
+CONFIG_FW_LOADER_COMPRESS_XZ=y
+CONFIG_FW_LOADER_COMPRESS_ZSTD=y
 CONFIG_FW_CACHE=y
 # CONFIG_FW_UPLOAD is not set
 # end of Firmware loader

config/modules.conf

@@ -1,57 +1,74 @@
 # Module loading specification for Zero-OS Alpine initramfs
-# Format: STAGE:MODULE_NAME:FIRMWARE_PACKAGE (optional)
-# Focus on most common NIC modules to ensure networking works on most hardware
+# Format: STAGE:MODULE
+# Firmware selection is authoritative in config/firmware.conf; do not add firmware hints here.
 
-# Stage 1: Core subsystems + networking and essential boot modules
-# All core subsystems and NICs must be loaded BEFORE network can come up
-stage1:virtio:none                      # Core virtio subsystem (REQUIRED)
-stage1:virtio_ring:none                 # Virtio ring buffer (REQUIRED)
-stage1:virtio_pci:none                  # Virtio PCI bus
-stage1:virtio_net:none                  # Virtio network (VMs, cloud)
-stage1:virtio_scsi:none                 # Virtio SCSI (VMs, cloud)
-stage1:virtio_blk:none                  # Virtio block (VMs, cloud)
-stage1:e1000:linux-firmware-intel       # Intel E1000 (very common)
-stage1:e1000e:linux-firmware-intel      # Intel E1000E (very common)
-stage1:r8169:linux-firmware-realtek     # Realtek (most common desktop/server)
-stage1:realtek:linux-firmware-realtek     # Realtek (most common desktop/server)
-stage1:igb:linux-firmware-intel         # Intel Gigabit (servers)
-stage1:ixgbe:linux-firmware-intel       # Intel 10GbE (servers)
-stage1:i40e:linux-firmware-intel        # Intel 40GbE (modern servers)
-stage1:ice:linux-firmware-intel         # Intel E800 series (latest)
-stage1:8139too:none                     # Realtek 8139 (legacy)
-stage1:8139cp:none                      # Realtek 8139C+ (legacy)
-stage1:bnx2:linux-firmware-bnx2         # Broadcom NetXtreme
-stage1:bnx2x:linux-firmware-bnx2        # Broadcom NetXtreme II
-stage1:tg3:none                         # Broadcom Tigon3
-stage1:b44:none                         # Broadcom 44xx
-stage1:atl1:none                        # Atheros L1
-stage1:atl1e:none                       # Atheros L1E
-stage1:atl1c:none                       # Atheros L1C
-stage1:alx:none                         # Atheros Alx
-stage1:libata:none                      # Core ATA subsystem (REQUIRED)
-stage1:scsi_mod:none                    # SCSI subsystem
-stage1:sd_mod:none                      # SCSI disk support
-stage1:ahci:none                        # SATA AHCI
-stage1:nvme_core:none                   # Core NVMe subsystem (REQUIRED)
-stage1:nvme:none                        # NVMe storage
-stage1:tun:none                         # TUN/TAP for networking
-stage1:overlay:none                     # OverlayFS for containers
-stage1:fuse:none                        # OverlayFS for containers
+# Stage 1: boot-critical storage, core virtio, networking, overlay, and input (USB/HID/keyboard)
 
-# Stage 1: USB keyboard support (host controllers + HID)
-stage1:xhci_pci:none
-stage1:xhci_hcd:none
-stage1:ehci_pci:none
-stage1:ehci_hcd:none
-stage1:ohci_pci:none
-stage1:ohci_hcd:none
-stage1:uhci_hcd:none
-stage1:usbhid:none
-stage1:hid_generic:none
-stage1:hid:none
-stage1:atkbd:none
-stage1:libps2:none
-stage1:i2c_smbus:none
-stage1:serio:none
-stage1:i8042i:none
+# Storage
+stage1:libata
+stage1:libahci
+stage1:ahci
+stage1:scsi_mod
+stage1:sd_mod
+stage1:nvme_core
+stage1:nvme
+stage1:virtio_blk
+stage1:virtio_scsi
 
+# Core virtio
+stage1:virtio
+stage1:virtio_ring
+stage1:virtio_pci
+stage1:virtio_pci_legacy_dev
+stage1:virtio_pci_modern_dev
+
+# Networking (common NICs)
+stage1:virtio_net
+stage1:e1000
+stage1:e1000e
+stage1:igb
+stage1:ixgbe
+stage1:igc
+stage1:i40e
+stage1:ice
+stage1:r8169
+stage1:8139too
+stage1:8139cp
+stage1:bnx2
+stage1:bnx2x
+stage1:tg3
+stage1:tun
+
+# PHY drivers
+stage1:realtek
+# Broadcom PHY families (required for many Broadcom NICs)
+stage1:broadcom
+stage1:bcm7xxx
+stage1:bcm87xx
+stage1:bcm_phy_lib
+stage1:bcm_phy_ptp
+
+# Filesystems / overlay
+stage1:overlay
+stage1:fuse
+
+# USB host controllers and HID/keyboard input
+stage1:xhci_pci
+stage1:xhci_hcd
+stage1:ehci_pci
+stage1:ehci_hcd
+stage1:ohci_pci
+stage1:ohci_hcd
+stage1:uhci_hcd
+stage1:usbhid
+stage1:hid_generic
+stage1:hid
+stage1:atkbd
+stage1:libps2
+stage1:i8042
+stage1:evdev
+stage1:serio_raw
+stage1:serio
+
+# Keep stage2 empty; we only use stage1 in this build
+# stage2: (intentionally unused)

config/zinit.old/cgroup.yaml

@@ -1,2 +0,0 @@
-exec: sh /etc/zinit/init/cgroup.sh
-oneshot: true

config/zinit.old/depmod.yaml

@@ -1 +0,0 @@
-exec: depmod -a

config/zinit.old/getty.yaml

@@ -1,2 +0,0 @@
-exec: /sbin/getty -L 115200 ttyS0 vt100
-restart: always

config/zinit.old/gettyconsole.yaml

@@ -1,2 +0,0 @@
-exec: /sbin/getty console linux
-restart: always

config/zinit.old/haveged.yaml

@@ -1,2 +0,0 @@
-exec: haveged -w 1024 -d 32 -i 32 -v 1
-oneshot: true

config/zinit.old/init/ashloging.sh

@@ -1,6 +0,0 @@
-#!/bin/bash
-
-echo "start ash terminal"
-while true; do
-    getty -l /bin/ash -n 19200 tty2
-done

config/zinit.old/init/cgroup.sh

@@ -1,10 +0,0 @@
-set -x
-
-mount -t tmpfs cgroup_root /sys/fs/cgroup
-
-subsys="pids cpuset cpu cpuacct blkio memory devices freezer net_cls perf_event net_prio hugetlb"
-
-for sys in $subsys; do
-    mkdir -p /sys/fs/cgroup/$sys
-    mount -t cgroup $sys -o $sys /sys/fs/cgroup/$sys/
-done

config/zinit.old/init/modprobe.sh

@@ -1,10 +0,0 @@
-#!/bin/bash
-
-modprobe fuse
-modprobe btrfs
-modprobe tun
-modprobe br_netfilter
-
-echo never > /sys/kernel/mm/transparent_hugepage/enabled
-
-ulimit -n 524288

config/zinit.old/init/ntpd.sh

@@ -1,10 +0,0 @@
-#!/bin/sh
-
-ntp_flags=$(grep -o 'ntp=.*' /proc/cmdline | sed 's/^ntp=//')
-
-params=""
-if [ -n "$ntp_flags" ]; then
-  params=$(echo "-p $ntp_flags" | sed s/,/' -p '/g)
-fi
-
-exec ntpd -n $params

config/zinit.old/init/routing.sh

@@ -1,4 +0,0 @@
-#!/bin/bash
-
-echo "Enable ip forwarding"
-echo 1 > /proc/sys/net/ipv4/ip_forward

config/zinit.old/init/shm.sh

@@ -1,3 +0,0 @@
-#!/bin/sh
-mkdir /dev/shm
-mount -t tmpfs shm /dev/shm 

config/zinit.old/init/sshd-setup.sh

@@ -1,15 +0,0 @@
-#!/bin/ash
-if [ -f /etc/ssh/ssh_host_rsa_key ]; then
-    # ensure existing file permissions
-    chown root:root /etc/ssh/ssh_host_*
-    chmod 600 /etc/ssh/ssh_host_*
-    exit 0
-fi
-
-echo "Setting up sshd"
-mkdir -p /run/sshd
-
-ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa
-ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa
-ssh-keygen -f /etc/ssh/ssh_host_ecdsa_key -N '' -t ecdsa -b 521
-ssh-keygen -f /etc/ssh/ssh_host_ed25519_key -N '' -t ed25519

config/zinit.old/init/udev.sh

@@ -1,4 +0,0 @@
-#!/bin/sh
-
-udevadm trigger --action=add
-udevadm settle

config/zinit.old/lo.yaml

@@ -1,2 +0,0 @@
-exec: ip l set lo up
-oneshot: true

config/zinit.old/local-modprobe.yaml

@@ -1,2 +0,0 @@
-exec: sh /etc/zinit/init/modprobe.sh
-oneshot: true

config/zinit.old/mycelium.yaml

@@ -1,6 +0,0 @@
-exec: /usr/bin/mycelium --key-file /tmp/mycelium_priv_key.bin
-  --tun-name my0 --silent --peers tcp://188.40.132.242:9651 tcp://136.243.47.186:9651
-  tcp://185.69.166.7:9651 tcp://185.69.166.8:9651 tcp://65.21.231.58:9651 tcp://65.109.18.113:9651
-  tcp://209.159.146.190:9651 tcp://5.78.122.16:9651 tcp://5.223.43.251:9651 tcp://142.93.217.194:9651
-after:
-  - network

config/zinit.old/network.yaml

@@ -1,5 +0,0 @@
-exec: dhcpcd eth0
-after:
-  - depmod
-  - udevd
-  - udev-trigger

config/zinit.old/ntp.yaml

@@ -1,3 +0,0 @@
-exec: sh /etc/zinit/init/ntpd.sh
-after:
-  - network

config/zinit.old/routing.yaml

@@ -1,2 +0,0 @@
-exec: sh /etc/zinit/init/routing.sh
-oneshot: true

config/zinit.old/shm.yaml

@@ -1,2 +0,0 @@
-exec: /etc/zinit/init/shm.sh
-oneshot: true

config/zinit.old/sshd-setup.yaml

@@ -1,2 +0,0 @@
-exec: sh /etc/zinit/init/sshd-setup.sh
-oneshot: true

config/zinit.old/sshd.yaml

@@ -1,3 +0,0 @@
-exec: /usr/sbin/sshd -D -e
-after:
-    - sshd-setup

config/zinit.old/udev-trigger.yaml

@@ -1,6 +0,0 @@
-exec: sh /etc/zinit/init/udev.sh
-oneshot: true
-after:
-  - depmod
-  - udevmon
-  - udevd

config/zinit.old/udevd.yaml

@@ -1 +0,0 @@
-exec: udevd

config/zinit.old/udevmon.yaml

@@ -1 +0,0 @@
-exec: udevadm monitor

config/zinit.old/zinit.conf

@@ -1,33 +0,0 @@
-# Main zinit configuration for Zero OS Alpine
-# This replaces OpenRC completely
-
-# Logging configuration
-log_level: debug
-log_file: /var/log/zinit/zinit.log
-
-# Initialization phases
-init:
-  # Phase 1: Critical system setup
-  - stage1-modules
-  - udevd
-  - depmod
-  
-  # Phase 2: Extended hardware and networking
-  - stage2-modules
-  - network
-  - lo
-  
-  # Phase 3: System services
-  - routing
-  - ntp
-  - haveged
-  
-  # Phase 4: User services
-  - sshd-setup
-  - sshd
-  - getty
-  - console
-  - gettyconsole
-
-# Service dependencies and ordering managed by individual service files
-# All services are defined in the services/ subdirectory

config/zinit/console.yaml

@@ -1,2 +0,0 @@
-exec: /sbin/getty -L 9600 console
-restart: always

config/zinit/getty-console.yaml

@@ -1,2 +1,2 @@
-exec: /sbin/agetty --noclear -a root tty1  linux
+exec: /sbin/agetty --noclear -a root console  linux
 restart: always

config/zinit/getty-tty2.yaml

@@ -0,0 +1,2 @@
+exec: /sbin/agetty --noclear -a root tty2  vt100
+restart: always

config/zinit/haveged.yaml

@@ -1,2 +1,5 @@
 exec: haveged -w 1024 -d 32 -i 32 -v 1
-oneshot: true
+oneshot: true
+after: 
+  - shm
+  

config/zinit/init/firmware.sh

@@ -8,7 +8,38 @@ log() { echo "[rfs-firmware] $*"; }
 
 RFS_BIN="${RFS_BIN:-rfs}"
 TARGET="/lib/firmware"
-BASE_URL="${FLISTS_BASE_URL:-https://zos.grid.tf/store/flists}"
+
+# Accept both FLISTS_BASE_URL and FLIST_BASE_URL (alias); prefer FLISTS_BASE_URL
+if [ -n "${FLISTS_BASE_URL:-}" ]; then
+  BASE_URL="${FLISTS_BASE_URL}"
+elif [ -n "${FLIST_BASE_URL:-}" ]; then
+  BASE_URL="${FLIST_BASE_URL}"
+else
+  BASE_URL="https://zos.grid.tf/store/flists"
+fi
+
+# HTTP readiness helper: wait until BASE_URL responds to HTTP(S)
+wait_for_http() {
+  url="$1"
+  tries="${2:-60}"
+  delay="${3:-2}"
+  i=0
+  while [ "$i" -lt "$tries" ]; do
+    if command -v wget >/dev/null 2>&1; then
+      if wget -q --spider "$url"; then
+        return 0
+      fi
+    elif command -v busybox >/dev/null 2>&1; then
+      if busybox wget -q --spider "$url"; then
+        return 0
+      fi
+    fi
+    i=$((i+1))
+    log "waiting for $url (attempt $i/$tries)"
+    sleep "$delay"
+  done
+  return 1
+}
 
 # Allow override via env
 if [ -n "${FIRMWARE_FLIST:-}" ] && [ -f "${FIRMWARE_FLIST}" ]; then
@@ -29,11 +60,18 @@ else
 fi
 
 if [ -z "${FL:-}" ]; then
-  # Try remote fetch as a fallback
+  # Try remote fetch as a fallback (but first ensure BASE_URL is reachable)
   mkdir -p /etc/rfs
   FL="/etc/rfs/firmware-latest.fl"
-  URL="${BASE_URL}/firmware-latest.fl"
-  log "firmware-latest.fl not found locally; fetching ${URL}"
+  URL="${BASE_URL%/}/firmware-latest.fl"
+  log "firmware-latest.fl not found locally; will fetch ${URL}"
+
+  # Probe BASE_URL root so DNS/HTTP are ready before fetch
+  ROOT_URL="${BASE_URL%/}/"
+  if ! wait_for_http "$ROOT_URL" 60 2; then
+    log "BASE_URL not reachable yet: ${ROOT_URL}; continuing to attempt fetch anyway"
+  fi
+  log "fetching ${URL}"
 
   if command -v wget >/dev/null 2>&1; then
     wget -q -O "${FL}" "${URL}" || true

config/zinit/init/modprobe.sh

@@ -3,7 +3,17 @@
 modprobe fuse
 modprobe btrfs
 modprobe tun
-modprobe br_netfilter
+modprobe 
+
+modprobe usbhid
+modprobe hid_generic
+modprobe hid
+modprobe atkbd
+modprobe libps2
+modprobe i2c_smbus
+modprobe serio
+modprobe i8042i
+
 
 echo never > /sys/kernel/mm/transparent_hugepage/enabled
 

config/zinit/init/modules.sh

@@ -9,7 +9,37 @@ log() { echo "[rfs-modules] $*"; }
 RFS_BIN="${RFS_BIN:-rfs}"
 KVER="$(uname -r)"
 TARGET="/lib/modules/${KVER}"
-BASE_URL="${FLISTS_BASE_URL:-https://zos.grid.tf/store/flists}"
+# Accept both FLISTS_BASE_URL and FLIST_BASE_URL (alias); prefer FLISTS_BASE_URL
+if [ -n "${FLISTS_BASE_URL:-}" ]; then
+  BASE_URL="${FLISTS_BASE_URL}"
+elif [ -n "${FLIST_BASE_URL:-}" ]; then
+  BASE_URL="${FLIST_BASE_URL}"
+else
+  BASE_URL="https://zos.grid.tf/store/flists"
+fi
+
+# HTTP readiness helper: wait until BASE_URL responds to HTTP(S)
+wait_for_http() {
+  url="$1"
+  tries="${2:-60}"
+  delay="${3:-2}"
+  i=0
+  while [ "$i" -lt "$tries" ]; do
+    if command -v wget >/dev/null 2>&1; then
+      if wget -q --spider "$url"; then
+        return 0
+      fi
+    elif command -v busybox >/dev/null 2>&1; then
+      if busybox wget -q --spider "$url"; then
+        return 0
+      fi
+    fi
+    i=$((i+1))
+    log "waiting for $url (attempt $i/$tries)"
+    sleep "$delay"
+  done
+  return 1
+}
 
 # Allow override via env
 if [ -n "${MODULES_FLIST:-}" ] && [ -f "${MODULES_FLIST}" ]; then
@@ -33,8 +63,15 @@ if [ -z "${FL:-}" ]; then
   # Try remote fetch as a fallback (modules-<uname -r>-Zero-OS.fl)
   mkdir -p /etc/rfs
   FL="/etc/rfs/modules-${KVER}.fl"
-  URL="${BASE_URL}/modules-${KVER}-Zero-OS.fl"
-  log "modules-${KVER}.fl not found locally; fetching ${URL}"
+  URL="${BASE_URL%/}/modules-${KVER}-Zero-OS.fl"
+  log "modules-${KVER}.fl not found locally; will fetch ${URL}"
+
+  # Probe BASE_URL root so DNS/HTTP are ready before fetch
+  ROOT_URL="${BASE_URL%/}/"
+  if ! wait_for_http "$ROOT_URL" 60 2; then
+    log "BASE_URL not reachable yet: ${ROOT_URL}; continuing to attempt fetch anyway"
+  fi
+  log "fetching ${URL}"
 
   if command -v wget >/dev/null 2>&1; then
     wget -q -O "${FL}" "${URL}" || true

config/zinit/rfs-modules.yaml

@@ -1,4 +1,4 @@
 exec: sh /etc/zinit/init/modules.sh
 restart: always
 after:
-  - network
+  - rfs-modules

config/zinit/shm.yaml

@@ -1,5 +1,5 @@
 exec: /etc/zinit/init/shm.sh
 oneshot: true
 after:
-  - firmware
-  - modules
+  - rfs-modules
+  - rfs-firmware

config/zinit/sshd.yaml

@@ -1,3 +1,4 @@
 exec: /usr/sbin/sshd -D -e
 after:
     - sshd-setup
+    - shm

config/zinit/udev-rfs.yaml

@@ -1,5 +1,4 @@
-exec: /bin/sh -c "udevadm control --reload; udevadm trigger --action=add --type=subsystems; udevadm trigger --action=add --type=devices; udevadm settle"
+exec: sh -c "sleep 3 ; /etc/zinit/init/udev.sh"
 oneshot: true
 after:
   - rfs-modules
-  - rfs-firmware