Summary of changes (with references):\n\nModules + PHY coverage\n- Curated and normalized stage1 list in [config.modules.conf](config/modules.conf:1):\n - Boot-critical storage, core virtio, common NICs (Intel/Realtek/Broadcom), overlay/fuse, USB HCD/HID.\n - Added PHY drivers required by NIC MACs:\n * realtek (for r8169, etc.)\n * broadcom families: broadcom, bcm7xxx, bcm87xx, bcm_phy_lib, bcm_phy_ptp\n- Robust underscore↔hyphen aliasing during copy so e.g. xhci_pci → xhci-pci.ko, hid_generic → hid-generic.ko:\n - [bash.initramfs_copy_resolved_modules()](scripts/lib/initramfs.sh:990)\n\nFirmware policy and coverage\n- Firmware selection now authoritative via [config/firmware.conf](config/firmware.conf:1); ignore modules.conf firmware hints:\n - [bash.initramfs_setup_modules()](scripts/lib/initramfs.sh:229)\n - Count from firmware.conf for reporting; remove stale required-firmware.list.\n- Expanded NIC firmware set (bnx2, bnx2x, tigon, intel, realtek, rtl_nic, qlogic, e100) in [config.firmware.conf](config/firmware.conf:1).\n- Installer enforces firmware.conf source-of-truth in [bash.alpine_install_firmware()](scripts/lib/alpine.sh:392).\n\nEarly input & build freshness\n- Write a runtime build stamp to /etc/zero-os-build-id for embedded initramfs verification:\n - [bash.initramfs_finalize_customization()](scripts/lib/initramfs.sh:568)\n- Minor init refinements in [config.init](config/init:1) (ensures /home, consistent depmod path).\n\nRebuild helper improvements\n- [scripts/rebuild-after-zinit.sh](scripts/rebuild-after-zinit.sh:1):\n - Added --verify-only; container-aware execution; selective marker clears only.\n - Prints stage status before/after; avoids --rebuild-from; resolves full kernel version for diagnostics.\n\nRemote flist readiness + zinit\n- Init scripts now probe BASE_URL readiness and accept FLISTS_BASE_URL/FLIST_BASE_URL; firmware target is /lib/firmware:\n - [sh.firmware.sh](config/zinit/init/firmware.sh:1)\n - [sh.modules.sh](config/zinit/init/modules.sh:1)\n\nContainer, docs, and utilities\n- Stream container build logs by calling runtime build directly in [bash.docker_build_container()](scripts/lib/docker.sh:56).\n- Docs updated to reflect firmware policy, runtime readiness, rebuild helper, early input, and GRUB USB:\n - [docs.NOTES.md](docs/NOTES.md)\n - [docs.PROMPT.md](docs/PROMPT.md)\n - [docs.review-rfs-integration.md](docs/review-rfs-integration.md)\n- Added GRUB USB creator (referenced in docs): [scripts/make-grub-usb.sh](scripts/make-grub-usb.sh)\n\nCleanup\n- Removed legacy/duplicated config trees under configs/ and config/zinit.old/.\n- Minor newline and ignore fixes: [.gitignore](.gitignore:1)\n\nNet effect\n- Runtime now has correct USB HCDs/HID-generic and NIC+PHY coverage (Realtek/Broadcom), with matching firmware installed in initramfs.\n- Rebuild workflow is minimal and host/container-aware; docs are aligned with implemented behavior.\n
initramfs: anchor relative paths to PROJECT_ROOT in [bash.initramfs_validate()](scripts/lib/initramfs.sh:799) and [bash.initramfs_create_cpio()](scripts/lib/initramfs.sh:688) to avoid CWD drift. Add diagnostics logs.
kernel: anchor kernel output path to PROJECT_ROOT in [bash.kernel_build_with_initramfs()](scripts/lib/kernel.sh:174) to ensure dist/vmlinuz.efi is under PROJECT_ROOT/dist.
helper: add [scripts/rebuild-after-zinit.sh](scripts/rebuild-after-zinit.sh) to incrementally rebuild after zinit/modules.conf/init changes. Default: initramfs-only (recreates cpio). Flags: --with-kernel, --refresh-container-mods, --run-tests. Uses --rebuild-from=initramfs_create when rebuilding kernel.
init: add early debug shell on kernel param initdebug=true; prefer /init-debug when present else spawn /bin/sh -l. See [config/init](config/init:1).
modules(stage1): add USB keyboard support (HID + host controllers) in [config/modules.conf](config/modules.conf:1): usbhid, hid_generic, hid, xhci/ehci/ohci/uhci.
initramfs: switch to passwd -d -R in scripts/lib/initramfs.sh:initramfs_finalize_customization() for shadow-aware passwordless root (aligned with 9423b708 intent), drop sed and chpasswd paths, and add validation diagnostics. common: normalize INSTALL_DIR/COMPONENTS_DIR/KERNEL_DIR/DIST_DIR to absolute paths after sourcing config to prevent validation resolving under kernel/current. Dockerfile: include shadow (for passwd/chpasswd), ensure openssl and openssl-dev present; remove perl. config: introduce ZEROOS_PASSWORDLESS_ROOT default true and comment password vars. docs: NOTES.md updated with diagnostics and flow.
• Resolve input dir to absolute with resolve_path and perform early -d check in [bash.initramfs_validate()](scripts/lib/initramfs.sh:774) to avoid safe_execute aborts on missing paths
• Use plain ls/find logging for sanity snapshot (not safe_execute) so validation reports context even if directory is absent
• Ensure host/rootless traversal for zinit configs: make etc/zinit and etc/zinit/init 755 prior to recursive normalization; then set dirs=755, files=644, and mark *.sh executable in [bash.initramfs_setup_zinit()](scripts/lib/initramfs.sh:12)
• Add pre-CPIO sanity logs to catch empty/mis-scoped archives: top-level ls, file count, and essential presence checks in [bash.initramfs_create_cpio()](scripts/lib/initramfs.sh:658)
• Add validation-time sanity snapshot of top-level and entry count in [bash.initramfs_validate()](scripts/lib/initramfs.sh:754)
• scripts/lib/initramfs.sh: write /etc/ntp.conf, symlink ntpd.conf if absent; compute absolute output path before cd so cpio|xz redirection works; emit verification logs around initramfs_finalize_customization()
• config/zinit/init/ntpd.sh: robust parsing of kernel ntp=, safe defaults, and launch BusyBox ntpd with -p servers
- Use container modules from kernel_modules stage for dependency resolution
- Remove dependency on initramfs modules that haven't been copied yet
- Fixes regression where clean builds had empty stage1.list
- Dependency resolution now works correctly in clean build scenarios
- zinit uses YAML configuration files, not zinit.conf
- Update validation to check for *.yaml files in /etc/zinit directory
- Fixes false validation error when zinit configuration is properly present
- Use config/init instead of configs/init path
- Simplify /sbin/init validation to just check if it's an executable script
- Component copying with strip + UPX optimization working: 46.1M → 13M (68% reduction)
- Remove component copying from build functions (build_zinit, build_rfs, etc)
- Add initramfs_copy_components() function to copy built components to initramfs
- Add components_copy stage between init_script and modules_setup
- Fix components_verify to check built components (not initramfs locations)
- Now supports partial builds: build components separately, copy later
- All 4 components (zinit 8.1M, rfs 13M, mycelium 21M, corex 4.0M) working
- Copy configs/init as /sbin/init instead of creating symlink to zinit
- Remove automatic cleanup of build artifacts - always preserve for incremental builds
- Allows rebuilding initramfs with existing components
- Use ./scripts/clean.sh to manually clean when needed
- Use depmod -av + modinfo -k approach for accurate dependency detection
- Copy modules to container /lib/modules for proper modinfo -k usage
- Recursive resolution until no more dependencies found
- Copy resolved modules to initramfs + run final depmod in chroot context
- Now properly finds missing core modules like virtio.ko, virtio_ring.ko
- Validates symbol dependencies with proper module database
- Fixed KERNEL_OUTPUT variable binding in build summary
- Fix dependency resolution to use built modules from /lib/modules/6.12.44-Zero-OS instead of fresh container
- Fix stage1/stage2 configuration mismatch (only using stage1 modules as intended)
- Fix firmware parsing to ignore comments in modules.conf
- Fix variable binding issues for incremental builds (FULL_KERNEL_VERSION, KERNEL_OUTPUT)
- Module resolution now properly expands 31 → 48 modules with dependencies
- Firmware requirements reduced from 157 bogus → 3 correct packages
- All 48/48 resolved modules validated as available .ko files
- Fix container output visibility with proper TTY handling and debug mode
- Fix build order: kernel modules built before initramfs creation
- Implement two-stage kernel build to resolve chicken-and-egg dependency
- Fix sed command issues in kernel configuration with direct execution
- Add diffutils package to container for proper kernel build support
- Enhance NIC module/firmware correlation with intelligent selection
- Fix module staging logic: all NICs loaded in stage1 before network up
- Add smart firmware installation based on module requirements
- Create comprehensive function documentation (scripts/functionlist.md)
- Add debug container script for troubleshooting
Major fixes:
* Container builds now show real-time output
* Kernel builds work with proper GNU diff support
* Module/firmware selection optimized for common hardware
* Build process handles dependencies correctly
* Documentation provides complete function reference
- Add Alpine firmware package installation support
- Implement recursive module dependency resolution using modinfo
- Add config/firmware.conf for NIC firmware selection
- Enhanced initramfs_setup_modules with dependency tracking
- Firmware installation integrated into main build process
Features:
- Automatic dependency resolution for kernel modules
- Alpine's separate firmware APK packages for optimal size
- Stage1/Stage2 module loading with complete dependencies
- No duplicate modules between stages
