From e34bcf5ed93b422e3cb4c4cf409f2c548687b115 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 28 Dec 2025 02:39:42 +0000 Subject: [PATCH 1/5] Initial plan From 48116a69c699d56b60bec23062c268ff639b59b5 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 28 Dec 2025 02:43:25 +0000 Subject: [PATCH 2/5] Add GitHub Pages deployment workflow and documentation landing page Co-authored-by: MrPiglr <31398225+MrPiglr@users.noreply.github.com> --- .github/workflows/deploy-docs.yml | 44 +++++++++++++++++++++++++++++++ docs/index.md | 37 ++++++++++++++++++++++++++ 2 files changed, 81 insertions(+) create mode 100644 .github/workflows/deploy-docs.yml create mode 100644 docs/index.md diff --git a/.github/workflows/deploy-docs.yml b/.github/workflows/deploy-docs.yml new file mode 100644 index 0000000..50430b9 --- /dev/null +++ b/.github/workflows/deploy-docs.yml @@ -0,0 +1,44 @@ +name: Deploy Documentation to GitHub Pages + +on: + push: + branches: + - main + paths: + - 'docs/**' + - '.github/workflows/deploy-docs.yml' + workflow_dispatch: + +# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages +permissions: + contents: read + pages: write + id-token: write + +# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued. +# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete. +concurrency: + group: "pages" + cancel-in-progress: false + +jobs: + deploy: + environment: + name: github-pages + url: ${{ steps.deployment.outputs.page_url }} + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup Pages + uses: actions/configure-pages@v4 + + - name: Upload artifact + uses: actions/upload-pages-artifact@v3 + with: + path: 'docs' + + - name: Deploy to GitHub Pages + id: deployment + uses: actions/deploy-pages@v4 diff --git a/docs/index.md b/docs/index.md new file mode 100644 index 0000000..c78e82d --- /dev/null +++ b/docs/index.md @@ -0,0 +1,37 @@ +# AeThex OS Documentation + +Welcome to the AeThex OS documentation portal. This documentation covers various aspects of setting up, configuring, and using the AeThex OS platform. + +## 📚 Documentation Index + +### Authentication & OAuth +- [**OAuth Quick Start Guide**](OAUTH_QUICKSTART.md) - Get OAuth working in 5 minutes with Discord, Roblox, and GitHub +- [**OAuth Setup**](OAUTH_SETUP.md) - Comprehensive OAuth configuration guide +- [**OAuth Implementation**](OAUTH_IMPLEMENTATION.md) - Technical implementation details for OAuth integration +- [**Credentials Rotation**](CREDENTIALS_ROTATION.md) - Best practices for managing and rotating API credentials + +### Platform & UI +- [**Platform UI Guide**](PLATFORM_UI_GUIDE.md) - Platform-adaptive UI for mobile, desktop, and web environments + +### Security & Access +- [**Entitlements Quick Start**](ENTITLEMENTS_QUICKSTART.md) - Guide to setting up user entitlements and permissions + +## 🚀 Getting Started + +If you're new to AeThex OS, we recommend starting with: + +1. Review the OAuth Quick Start Guide to set up authentication +2. Explore the Platform UI Guide to understand the adaptive interface +3. Configure entitlements for proper access control + +## 📖 Additional Resources + +For more information about AeThex OS, please visit the [main repository](https://github.com/AeThex-Corporation/AeThex-OS). + +## 🤝 Contributing + +If you find any issues with the documentation or would like to contribute improvements, please open an issue or pull request in the main repository. + +--- + +*Last updated: 2025-12-28* From 61d695deb704a95a71d94eb6e910a751d39f0d27 Mon Sep 17 00:00:00 2001 From: MrPiglr <31398225+MrPiglr@users.noreply.github.com> Date: Sun, 28 Dec 2025 10:02:34 -0700 Subject: [PATCH 3/5] Revise SECURITY.md to enhance security policy details Expanded the security policy to include detailed sections on purpose, organizational boundaries, reporting vulnerabilities, severity assessment, response timelines, disclosure policy, bug bounty, security best practices, and safe harbor. --- SECURITY.md | 161 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 161 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..a8b6776 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,161 @@ +# Security Policy + +## 1. Purpose and Scope + +The AeThex ecosystem takes security seriously across all repositories, including +operating systems, tooling, libraries, documentation, and standards. + +This policy defines how security vulnerabilities should be reported, assessed, +disclosed, and remediated across AeThex-managed projects. + +**Do not disclose security vulnerabilities publicly.** +Public GitHub issues, pull requests, or discussions are not appropriate channels +for reporting security issues. + +--- + +## 2. Organizational Boundaries + +AeThex operates through distinct but coordinated entities. Security handling +respects these boundaries: + +### AeThex Foundation +- Owns standards, specifications, and certification criteria +- Handles vulnerabilities in **published standards**, reference specs, and audits +- Does **not** deploy production systems + +### AeThex Labs +- Owns experimental software, research prototypes, and educational tooling +- Handles vulnerabilities in **non-production** and experimental code +- May deprecate or archive vulnerable experiments rather than patch them + +### AeThex Corporation +- Owns production software, infrastructure, and commercial distributions +- Handles vulnerabilities with **operational, customer, or commercial impact** +- Responsible for patch releases, advisories, and mitigations + +The appropriate entity will triage the report internally if scope is unclear. + +--- + +## 3. Supported Versions + +Security updates are provided only for supported versions listed below. + +| Version | Supported | +|-------|-----------| +| 5.1.x | ✅ Yes | +| 5.0.x | ❌ No | +| 4.0.x | ✅ Yes | +| < 4.0 | ❌ No | + +If you are using an unsupported version, upgrade before reporting unless the +issue demonstrates systemic risk. + +--- + +## 4. Reporting a Vulnerability + +### Primary Reporting Channel + +**Email:** `security@aethex.foundation` +**Subject:** `Security Vulnerability Report – ` + +If email is not feasible, GitHub **Private Vulnerability Reporting** may be used +where enabled. + +### Encryption + +PGP-encrypted submissions are encouraged when practical. +(See PGP section below.) + +--- + +## 5. What to Include + +Please provide as much of the following as possible: + +- Clear description of the vulnerability +- Affected repository, component, and versions +- Steps to reproduce (proof-of-concept preferred) +- Impact assessment (confidentiality, integrity, availability) +- Environment details (OS, architecture, configuration) +- Any relevant logs, traces, or artifacts + +Incomplete reports may delay triage. + +--- + +## 6. Severity Assessment (CVSS) + +AeThex uses **CVSS v3.1** as a baseline for severity classification: + +- **Critical (9.0–10.0):** Immediate action, coordinated fix +- **High (7.0–8.9):** Expedited remediation +- **Medium (4.0–6.9):** Scheduled fix +- **Low (0.1–3.9):** May be deferred or documented only + +Final severity is determined internally and may differ from reporter estimates. + +--- + +## 7. Response Timeline + +You can expect the following process: + +- **Acknowledgement:** within 72 hours +- **Initial triage:** within 5 business days +- **Status updates:** at least every 7 days while open + +Complex issues or multi-repository impact may extend timelines. + +--- + +## 8. Disclosure Policy + +AeThex follows a **coordinated disclosure model**: + +- Accepted vulnerabilities are patched or mitigated before public disclosure +- Reporters will be notified prior to public advisories when feasible +- Declined reports will receive a brief explanation +- Public disclosure without coordination may affect future participation + +--- + +## 9. Bug Bounty (Discretionary) + +AeThex **may**, at its discretion: + +- Acknowledge reporters in advisories or release notes +- Provide monetary or non-monetary rewards for high-impact findings + +There is **no guaranteed bounty**, and participation does not create any legal +or contractual obligation. + +--- + +## 10. Security Best Practices + +Contributors and users are expected to: + +- Avoid committing secrets or credentials +- Use least-privilege principles +- Keep dependencies updated +- Treat security-sensitive changes with heightened review + +Repositories may enforce additional controls. + +--- + +## 11. Safe Harbor + +Security research conducted in good faith, without data exfiltration, +service disruption, or privacy violation, will not be considered a violation +of AeThex policy. + +--- + +## 12. PGP Key + +For encrypted communication, use the following PGP key: + From de8ed76e57a6d10f497b2fef33d12846c42a0896 Mon Sep 17 00:00:00 2001 From: MrPiglr Date: Sun, 28 Dec 2025 10:07:32 -0700 Subject: [PATCH 4/5] feat: Full layered OS architecture - Wine + Docker + Dev Tools --- os/base/README.md | 13 + os/runtimes/linux-dev/README.md | 15 + os/runtimes/linux-dev/dev-launcher.sh | 21 + os/runtimes/windows/README.md | 17 + os/runtimes/windows/wine-launcher.sh | 25 + os/shell/bin/runtime-selector.sh | 20 + .../systemd/aethex-runtime-selector.service | 12 + script/build-linux-iso-full.sh | 449 ++++++++++++++++++ 8 files changed, 572 insertions(+) create mode 100644 os/base/README.md create mode 100644 os/runtimes/linux-dev/README.md create mode 100644 os/runtimes/linux-dev/dev-launcher.sh create mode 100644 os/runtimes/windows/README.md create mode 100644 os/runtimes/windows/wine-launcher.sh create mode 100644 os/shell/bin/runtime-selector.sh create mode 100644 os/shell/systemd/aethex-runtime-selector.service create mode 100644 script/build-linux-iso-full.sh diff --git a/os/base/README.md b/os/base/README.md new file mode 100644 index 0000000..cc36cd9 --- /dev/null +++ b/os/base/README.md @@ -0,0 +1,13 @@ +# AeThex OS - Base Layer + +Immutable system core - minimal Ubuntu 24.04 with essential services. + +## Components +- Linux kernel 6.8+ +- Systemd init +- NetworkManager +- PipeWire audio +- Basic filesystem utilities + +## Stability Promise +5-6 year LTS support. Base layer changes only for security patches. diff --git a/os/runtimes/linux-dev/README.md b/os/runtimes/linux-dev/README.md new file mode 100644 index 0000000..30ecb4d --- /dev/null +++ b/os/runtimes/linux-dev/README.md @@ -0,0 +1,15 @@ +# Linux Development Runtime + +Tools for running Linux development tasks without polluting base OS. + +## Components +- Docker CE +- VSCode (or VSCodium) +- Git +- Build tools (gcc, make, cmake) +- Node.js, Python, Rust +- Podman (alternative to Docker) + +## Isolation Strategy +Dev workspace runs in containers, pinned to specific Gen-1 version. +Base OS stays clean and stable. diff --git a/os/runtimes/linux-dev/dev-launcher.sh b/os/runtimes/linux-dev/dev-launcher.sh new file mode 100644 index 0000000..555b12c --- /dev/null +++ b/os/runtimes/linux-dev/dev-launcher.sh @@ -0,0 +1,21 @@ +#!/bin/bash +# Dev Launcher - runs dev tools in isolated container + +FILE="$1" +EXT="${FILE##*.}" + +case "$EXT" in + py) + docker run -it --rm -v "$(pwd):/workspace" python:3.11 python "/workspace/$FILE" + ;; + js) + docker run -it --rm -v "$(pwd):/workspace" node:20 node "/workspace/$FILE" + ;; + rs) + docker run -it --rm -v "$(pwd):/workspace" rust:latest cargo run --manifest-path "/workspace/$FILE" + ;; + *) + echo "Unknown dev file type: $EXT" + exit 1 + ;; +esac diff --git a/os/runtimes/windows/README.md b/os/runtimes/windows/README.md new file mode 100644 index 0000000..47248d5 --- /dev/null +++ b/os/runtimes/windows/README.md @@ -0,0 +1,17 @@ +# Windows Runtime + +Compatibility layer for running Windows .exe applications. + +## Components +- Wine 9.0+ (stable) +- Proton (for games) +- DXVK (DirectX to Vulkan) +- Windows fonts (Arial, Times New Roman, etc.) + +## Execution Policy +1. Try Wine (fast, no Windows license) +2. Fall back to VM if needed (QEMU/KVM) +3. Remote host as last resort + +## File Associations +.exe, .msi, .bat → wine-launcher diff --git a/os/runtimes/windows/wine-launcher.sh b/os/runtimes/windows/wine-launcher.sh new file mode 100644 index 0000000..c405fa4 --- /dev/null +++ b/os/runtimes/windows/wine-launcher.sh @@ -0,0 +1,25 @@ +#!/bin/bash +# Wine Launcher - executes Windows .exe files + +EXE_FILE="$1" + +# Check if Wine is installed +if ! command -v wine &> /dev/null; then + zenity --error --text="Wine not installed. Install Windows runtime?" + exit 1 +fi + +# Set Wine prefix +export WINEPREFIX="$HOME/.wine-aethex" + +# Try to run with Wine +wine "$EXE_FILE" 2>&1 | tee /tmp/wine-debug.log + +# If Wine fails, offer VM fallback +if [ $? -ne 0 ]; then + zenity --question --text="Wine failed. Use Windows VM instead?" + if [ $? -eq 0 ]; then + # Launch QEMU/KVM Windows VM (TODO: implement) + notify-send "VM launcher not implemented yet" + fi +fi diff --git a/os/shell/bin/runtime-selector.sh b/os/shell/bin/runtime-selector.sh new file mode 100644 index 0000000..a43d5c3 --- /dev/null +++ b/os/shell/bin/runtime-selector.sh @@ -0,0 +1,20 @@ +#!/bin/bash +# AeThex Runtime Selector - determines which runtime to use for a file + +FILE="$1" +EXT="${FILE##*.}" + +case "$EXT" in + exe|msi|bat) + # Windows executable + /opt/aethex/runtimes/windows/wine-launcher.sh "$FILE" + ;; + py|js|rs|go) + # Dev file - run in container + /opt/aethex/runtimes/linux-dev/dev-launcher.sh "$FILE" + ;; + *) + # Native Linux + xdg-open "$FILE" + ;; +esac diff --git a/os/shell/systemd/aethex-runtime-selector.service b/os/shell/systemd/aethex-runtime-selector.service new file mode 100644 index 0000000..43605c8 --- /dev/null +++ b/os/shell/systemd/aethex-runtime-selector.service @@ -0,0 +1,12 @@ +[Unit] +Description=AeThex Runtime Selector +After=graphical.target +Wants=aethex-desktop.service + +[Service] +Type=oneshot +ExecStart=/opt/aethex/shell/bin/runtime-selector.sh +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target diff --git a/script/build-linux-iso-full.sh b/script/build-linux-iso-full.sh new file mode 100644 index 0000000..803cc3f --- /dev/null +++ b/script/build-linux-iso-full.sh @@ -0,0 +1,449 @@ +#!/bin/bash +set -e + +# AeThex OS - Full Layered Architecture Builder +# Includes: Base OS + Wine Runtime + Linux Dev Tools + Mode Switching + +WORK_DIR="${1:-.}" +BUILD_DIR="$WORK_DIR/aethex-linux-build" +ROOTFS_DIR="$BUILD_DIR/rootfs" +ISO_DIR="$BUILD_DIR/iso" +ISO_NAME="AeThex-OS-Full-amd64.iso" + +echo "═══════════════════════════════════════════════════════════════" +echo " AeThex OS - Full Build" +echo " Layered Architecture: Base + Runtimes + Shell" +echo "═══════════════════════════════════════════════════════════════" +echo "" +echo "[*] Build directory: $BUILD_DIR" +echo "[*] Target ISO: $ISO_NAME" +echo "" + +# Clean and prepare +rm -rf "$BUILD_DIR" +mkdir -p "$ROOTFS_DIR" "$ISO_DIR"/{casper,isolinux,boot/grub} + +# Check dependencies +echo "[*] Checking dependencies..." +for cmd in debootstrap xorriso genisoimage mksquashfs grub-mkrescue; do + if ! command -v "$cmd" &> /dev/null; then + echo "[!] Missing: $cmd - installing..." + apt-get update -qq + apt-get install -y -qq "$cmd" 2>&1 | tail -5 + fi +done + +echo "" +echo "┌─────────────────────────────────────────────────────────────┐" +echo "│ LAYER 1: Base OS (Ubuntu 24.04 LTS) │" +echo "└─────────────────────────────────────────────────────────────┘" +echo "" + +echo "[+] Bootstrapping Ubuntu 24.04 base system..." +echo " (debootstrap takes ~10-15 minutes...)" +debootstrap --arch=amd64 --variant=minbase noble "$ROOTFS_DIR" http://archive.ubuntu.com/ubuntu/ 2>&1 | tail -20 + +echo "[+] Configuring base system..." +echo "aethex-os" > "$ROOTFS_DIR/etc/hostname" +cat > "$ROOTFS_DIR/etc/hosts" << 'EOF' +127.0.0.1 localhost +127.0.1.1 aethex-os +::1 localhost ip6-localhost ip6-loopback +EOF + +# Mount filesystems for chroot +mount -t proc /proc "$ROOTFS_DIR/proc" +mount -t sysfs /sys "$ROOTFS_DIR/sys" +mount --bind /dev "$ROOTFS_DIR/dev" +mount -t devpts devpts "$ROOTFS_DIR/dev/pts" + +echo "[+] Installing base packages..." +chroot "$ROOTFS_DIR" bash -c ' + export DEBIAN_FRONTEND=noninteractive + + # Add universe repository + echo "deb http://archive.ubuntu.com/ubuntu noble main restricted universe multiverse" > /etc/apt/sources.list + echo "deb http://archive.ubuntu.com/ubuntu noble-updates main restricted universe multiverse" >> /etc/apt/sources.list + echo "deb http://archive.ubuntu.com/ubuntu noble-security main restricted universe multiverse" >> /etc/apt/sources.list + + apt-get update + apt-get install -y \ + linux-image-generic linux-headers-generic \ + grub-pc-bin grub-efi-amd64-bin grub-common xorriso \ + systemd-sysv dbus \ + network-manager wpasupplicant \ + sudo curl wget git ca-certificates gnupg \ + pipewire-audio wireplumber \ + xorg xserver-xorg-video-all \ + xfce4 xfce4-goodies lightdm \ + firefox thunar xfce4-terminal \ + file-roller mousepad ristretto \ + zenity notify-osd \ + vim nano + + apt-get clean +' 2>&1 | tail -50 + +echo "" +echo "┌─────────────────────────────────────────────────────────────┐" +echo "│ LAYER 2a: Windows Runtime (Wine 9.0) │" +echo "└─────────────────────────────────────────────────────────────┘" +echo "" + +echo "[+] Adding WineHQ repository..." +chroot "$ROOTFS_DIR" bash -c ' + export DEBIAN_FRONTEND=noninteractive + + # Enable 32-bit architecture for Wine + dpkg --add-architecture i386 + + # Add WineHQ repository + mkdir -pm755 /etc/apt/keyrings + wget -O /etc/apt/keyrings/winehq-archive.key https://dl.winehq.org/wine-builds/winehq.key + wget -NP /etc/apt/sources.list.d/ https://dl.winehq.org/wine-builds/ubuntu/dists/noble/winehq-noble.sources + + apt-get update + apt-get install -y --install-recommends winehq-stable winetricks + + # Install Windows fonts + apt-get install -y ttf-mscorefonts-installer + + # Install DXVK for DirectX support + apt-get install -y dxvk + + apt-get clean +' 2>&1 | tail -30 + +echo "[+] Setting up Wine runtime environment..." +mkdir -p "$ROOTFS_DIR/opt/aethex/runtimes/windows" +cp os/runtimes/windows/wine-launcher.sh "$ROOTFS_DIR/opt/aethex/runtimes/windows/" +chmod +x "$ROOTFS_DIR/opt/aethex/runtimes/windows/wine-launcher.sh" + +# Create Wine file associations +cat > "$ROOTFS_DIR/usr/share/applications/wine-aethex.desktop" << 'EOF' +[Desktop Entry] +Name=Windows Application (Wine) +Comment=Run Windows .exe files +Exec=/opt/aethex/runtimes/windows/wine-launcher.sh %f +Type=Application +MimeType=application/x-ms-dos-executable;application/x-msi;application/x-msdownload; +Icon=wine +Categories=Wine; +NoDisplay=false +EOF + +chroot "$ROOTFS_DIR" update-desktop-database /usr/share/applications/ 2>/dev/null || true + +echo "" +echo "┌─────────────────────────────────────────────────────────────┐" +echo "│ LAYER 2b: Linux Dev Runtime (Docker + Tools) │" +echo "└─────────────────────────────────────────────────────────────┘" +echo "" + +echo "[+] Installing Docker CE..." +chroot "$ROOTFS_DIR" bash -c ' + export DEBIAN_FRONTEND=noninteractive + + # Add Docker repository + install -m 0755 -d /etc/apt/keyrings + curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg + chmod a+r /etc/apt/keyrings/docker.gpg + + echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu noble stable" > /etc/apt/sources.list.d/docker.list + + apt-get update + apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin + + systemctl enable docker + + apt-get clean +' 2>&1 | tail -20 + +echo "[+] Installing development tools..." +chroot "$ROOTFS_DIR" bash -c ' + export DEBIAN_FRONTEND=noninteractive + + # Build essentials + apt-get install -y build-essential gcc g++ make cmake autoconf automake + + # Version control + apt-get install -y git git-lfs + + # Node.js 20.x + mkdir -p /etc/apt/keyrings + curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg + echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_20.x nodistro main" > /etc/apt/sources.list.d/nodesource.list + apt-get update + apt-get install -y nodejs + + # Python + apt-get install -y python3 python3-pip python3-venv + + # Rust + curl --proto "=https" --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y + + # VSCode + wget -qO- https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > /etc/apt/keyrings/packages.microsoft.gpg + echo "deb [arch=amd64,arm64,armhf signed-by=/etc/apt/keyrings/packages.microsoft.gpg] https://packages.microsoft.com/repos/code stable main" > /etc/apt/sources.list.d/vscode.list + apt-get update + apt-get install -y code + + apt-get clean +' 2>&1 | tail -30 + +echo "[+] Setting up dev runtime launchers..." +mkdir -p "$ROOTFS_DIR/opt/aethex/runtimes/linux-dev" +cp os/runtimes/linux-dev/dev-launcher.sh "$ROOTFS_DIR/opt/aethex/runtimes/linux-dev/" +chmod +x "$ROOTFS_DIR/opt/aethex/runtimes/linux-dev/dev-launcher.sh" + +echo "" +echo "┌─────────────────────────────────────────────────────────────┐" +echo "│ LAYER 3: Shell & Mode Switching │" +echo "└─────────────────────────────────────────────────────────────┘" +echo "" + +echo "[+] Installing runtime selector..." +mkdir -p "$ROOTFS_DIR/opt/aethex/shell/bin" +cp os/shell/bin/runtime-selector.sh "$ROOTFS_DIR/opt/aethex/shell/bin/" +chmod +x "$ROOTFS_DIR/opt/aethex/shell/bin/runtime-selector.sh" + +# Install systemd service +cp os/shell/systemd/aethex-runtime-selector.service "$ROOTFS_DIR/etc/systemd/system/" +chroot "$ROOTFS_DIR" systemctl enable aethex-runtime-selector.service 2>/dev/null || true + +echo "[+] Installing Node.js for AeThex Mobile UI..." +# Already installed in dev tools section + +echo "" +echo "┌─────────────────────────────────────────────────────────────┐" +echo "│ AeThex Mobile App Integration │" +echo "└─────────────────────────────────────────────────────────────┘" +echo "" + +echo "[+] Setting up AeThex Desktop application..." + +# Build mobile app if possible +if [ -f "package.json" ]; then + echo " Building AeThex mobile app..." + npm run build 2>&1 | tail -5 || echo " Build skipped" +fi + +# Copy app files +if [ -d "client" ] && [ -d "server" ]; then + echo " Copying AeThex Desktop files..." + mkdir -p "$ROOTFS_DIR/opt/aethex-desktop" + + cp -r client "$ROOTFS_DIR/opt/aethex-desktop/" + cp -r server "$ROOTFS_DIR/opt/aethex-desktop/" + cp -r shared "$ROOTFS_DIR/opt/aethex-desktop/" 2>/dev/null || true + cp package*.json "$ROOTFS_DIR/opt/aethex-desktop/" 2>/dev/null || true + cp tsconfig.json "$ROOTFS_DIR/opt/aethex-desktop/" 2>/dev/null || true + cp vite.config.ts "$ROOTFS_DIR/opt/aethex-desktop/" 2>/dev/null || true + + # Copy built assets + if [ -d "dist" ]; then + cp -r dist "$ROOTFS_DIR/opt/aethex-desktop/" + fi + + echo " Installing dependencies..." + chroot "$ROOTFS_DIR" bash -c 'cd /opt/aethex-desktop && npm install --production --legacy-peer-deps' 2>&1 | tail -10 || true +else + echo " (client/server not found; skipping)" +fi + +# Create systemd service +cat > "$ROOTFS_DIR/etc/systemd/system/aethex-mobile-server.service" << 'EOF' +[Unit] +Description=AeThex Mobile Server +After=network-online.target docker.service +Wants=network-online.target + +[Service] +Type=simple +User=aethex +WorkingDirectory=/opt/aethex-desktop +Environment="NODE_ENV=production" +Environment="PORT=5000" +ExecStart=/usr/bin/npm start +Restart=always +RestartSec=10 +StandardOutput=journal +StandardError=journal + +[Install] +WantedBy=multi-user.target +EOF + +chroot "$ROOTFS_DIR" systemctl enable aethex-mobile-server.service 2>/dev/null || true + +echo "" +echo "┌─────────────────────────────────────────────────────────────┐" +echo "│ User Configuration │" +echo "└─────────────────────────────────────────────────────────────┘" +echo "" + +echo "[+] Creating aethex user..." +chroot "$ROOTFS_DIR" bash -c ' + useradd -m -s /bin/bash -G sudo,docker aethex + echo "aethex:aethex" | chpasswd + echo "aethex ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers +' + +# Configure LightDM auto-login +mkdir -p "$ROOTFS_DIR/etc/lightdm" +cat > "$ROOTFS_DIR/etc/lightdm/lightdm.conf" << 'EOF' +[Seat:*] +autologin-user=aethex +autologin-user-timeout=0 +user-session=xfce +EOF + +# Auto-start Firefox kiosk +mkdir -p "$ROOTFS_DIR/home/aethex/.config/autostart" +cat > "$ROOTFS_DIR/home/aethex/.config/autostart/aethex-kiosk.desktop" << 'EOF' +[Desktop Entry] +Type=Application +Name=AeThex Mobile UI +Exec=sh -c "sleep 5 && firefox --kiosk http://localhost:5000" +Hidden=false +NoDisplay=false +X-GNOME-Autostart-enabled=true +Comment=Launch AeThex mobile interface in fullscreen +EOF + +chroot "$ROOTFS_DIR" chown -R aethex:aethex /home/aethex /opt/aethex-desktop 2>/dev/null || true + +echo "" +echo "┌─────────────────────────────────────────────────────────────┐" +echo "│ ISO Packaging │" +echo "└─────────────────────────────────────────────────────────────┘" +echo "" + +echo "[+] Extracting kernel and initrd..." +KERNEL="$(ls -1 $ROOTFS_DIR/boot/vmlinuz-* 2>/dev/null | head -n 1)" +INITRD="$(ls -1 $ROOTFS_DIR/boot/initrd.img-* 2>/dev/null | head -n 1)" + +if [ -z "$KERNEL" ] || [ -z "$INITRD" ]; then + echo "[!] Kernel or initrd not found." + ls -la "$ROOTFS_DIR/boot/" || true + exit 1 +fi + +cp "$KERNEL" "$ISO_DIR/casper/vmlinuz" +cp "$INITRD" "$ISO_DIR/casper/initrd.img" +echo "[✓] Kernel: $(basename "$KERNEL")" +echo "[✓] Initrd: $(basename "$INITRD")" + +# Unmount chroot filesystems +echo "[+] Unmounting chroot..." +umount -lf "$ROOTFS_DIR/dev/pts" 2>/dev/null || true +umount -lf "$ROOTFS_DIR/proc" 2>/dev/null || true +umount -lf "$ROOTFS_DIR/sys" 2>/dev/null || true +umount -lf "$ROOTFS_DIR/dev" 2>/dev/null || true + +echo "[+] Creating SquashFS filesystem..." +echo " (compressing ~4-5GB system, takes 15-20 minutes...)" +mksquashfs "$ROOTFS_DIR" "$ISO_DIR/casper/filesystem.squashfs" -b 1048576 -comp xz -Xdict-size 100% 2>&1 | tail -5 + +echo "[+] Setting up BIOS boot (isolinux)..." +cat > "$ISO_DIR/isolinux/isolinux.cfg" << 'EOF' +PROMPT 0 +TIMEOUT 50 +DEFAULT linux + +LABEL linux + MENU LABEL AeThex OS - Full Stack + KERNEL /casper/vmlinuz + APPEND initrd=/casper/initrd.img boot=casper quiet splash +EOF + +cp /usr/lib/syslinux/isolinux.bin "$ISO_DIR/isolinux/" 2>/dev/null || \ +cp /usr/share/syslinux/isolinux.bin "$ISO_DIR/isolinux/" 2>/dev/null || true +cp /usr/lib/syslinux/ldlinux.c32 "$ISO_DIR/isolinux/" 2>/dev/null || \ +cp /usr/share/syslinux/ldlinux.c32 "$ISO_DIR/isolinux/" 2>/dev/null || true + +echo "[+] Setting up UEFI boot (GRUB)..." +cat > "$ISO_DIR/boot/grub/grub.cfg" << 'EOF' +set timeout=10 +set default=0 + +menuentry "AeThex OS - Full Stack" { + linux /casper/vmlinuz boot=casper quiet splash + initrd /casper/initrd.img +} + +menuentry "AeThex OS - Safe Mode" { + linux /casper/vmlinuz boot=casper nomodeset + initrd /casper/initrd.img +} +EOF + +echo "[+] Creating hybrid ISO..." +grub-mkrescue -o "$BUILD_DIR/$ISO_NAME" "$ISO_DIR" --verbose 2>&1 | tail -20 + +echo "[+] Computing SHA256 checksum..." +if [ -f "$BUILD_DIR/$ISO_NAME" ]; then + cd "$BUILD_DIR" + sha256sum "$ISO_NAME" > "$ISO_NAME.sha256" + echo "" + echo "═══════════════════════════════════════════════════════════════" + echo " ✓ ISO Build Complete!" + echo "═══════════════════════════════════════════════════════════════" + echo "" + ls -lh "$ISO_NAME" | awk '{print " Size: " $5}' + cat "$ISO_NAME.sha256" | awk '{print " SHA256: " $1}' + echo " Location: $BUILD_DIR/$ISO_NAME" + echo "" +else + echo "[!] ISO creation failed." + exit 1 +fi + +echo "[*] Cleaning up rootfs..." +rm -rf "$ROOTFS_DIR" + +echo "" +echo "┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓" +echo "┃ AeThex OS - Full Stack Edition ┃" +echo "┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┛" +echo "" +echo "ARCHITECTURE:" +echo " ├── Base OS: Ubuntu 24.04 LTS (5-year support)" +echo " ├── Runtime: Windows (Wine 9.0 + DXVK)" +echo " ├── Runtime: Linux Dev (Docker + VSCode + Node + Python + Rust)" +echo " └── Shell: Mode switching + file associations" +echo "" +echo "INSTALLED RUNTIMES:" +echo " • Wine 9.0 (run .exe files)" +echo " • Docker CE (containerized development)" +echo " • Node.js 20.x + npm" +echo " • Python 3 + pip" +echo " • Rust + Cargo" +echo " • VSCode" +echo " • Git + build tools" +echo "" +echo "DESKTOP ENVIRONMENT:" +echo " • Xfce 4.18 (lightweight, customizable)" +echo " • LightDM (auto-login as 'aethex')" +echo " • Firefox (kiosk mode for mobile UI)" +echo " • NetworkManager (WiFi/Ethernet)" +echo " • PipeWire (modern audio)" +echo "" +echo "AETHEX MOBILE APP:" +echo " • Server: http://localhost:5000" +echo " • Ingress-style hexagonal UI" +echo " • 18 Capacitor plugins" +echo " • Auto-launches on boot" +echo "" +echo "CREDENTIALS:" +echo " Username: aethex" +echo " Password: aethex" +echo " Sudo: passwordless" +echo "" +echo "FLASH TO USB:" +echo " sudo dd if=$BUILD_DIR/$ISO_NAME of=/dev/sdX bs=4M status=progress" +echo " (or use Rufus on Windows)" +echo "" +echo "[✓] Build complete! Flash to USB and boot." +echo "" + From 5a645f23feaa8d3675b161b0152a70b77182a154 Mon Sep 17 00:00:00 2001 From: MrPiglr Date: Sun, 28 Dec 2025 10:08:03 -0700 Subject: [PATCH 5/5] ci: Use full OS build script with Wine + Docker --- .gitlab-ci.yml | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index da5cb7d..7b75cba 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -14,10 +14,12 @@ build_iso: - aethex-linux-build/ - artifacts/local/ expire_in: 90 days + tags: + - docker script: - # Install minimal dependencies + # Install full dependencies for layered OS build - apt-get update -qq - - apt-get install -y -qq xorriso genisoimage syslinux syslinux-common isolinux wget curl nodejs npm + - apt-get install -y -qq debootstrap xorriso genisoimage syslinux syslinux-common isolinux squashfs-tools grub-pc-bin grub-efi-amd64-bin wget curl nodejs npm git ca-certificates gnupg # Install Node dependencies - npm install @@ -25,14 +27,14 @@ build_iso: # Build client - npm run build || echo "Build failed but continuing" - # Build ISO using full method (requires privileged mode) + # Build full ISO with Wine + Docker + Dev Tools (requires privileged mode) - mkdir -p aethex-linux-build - - chmod +x script/build-linux-iso.sh - - bash script/build-linux-iso.sh + - chmod +x script/build-linux-iso-full.sh + - bash script/build-linux-iso-full.sh # Verify ISO exists (fail the build if not) - | - ISO_PATH=$(ls aethex-linux-build/AeThex-Linux-*.iso 2>/dev/null | head -n 1) + ISO_PATH=$(ls aethex-linux-build/AeThex-OS-Full-*.iso 2>/dev/null | head -n 1) if [ -n "$ISO_PATH" ]; then echo "✅ ISO built successfully: $ISO_PATH" ls -lh "$ISO_PATH"