From ae8c365c0f474b5c678701c95795677c20dc22b7 Mon Sep 17 00:00:00 2001
From: Ophestra <cat@gensokyo.uk>
Date: Mon, 23 Feb 2026 15:16:51 +0900
Subject: [PATCH] internal/rosa/hakurei: optionally use embedded source

This builds hakurei in Rosa OS between releases.

Signed-off-by: Ophestra <cat@gensokyo.uk>
---
 .gitignore                       |  1 +
 internal/rosa/hakurei.go         | 50 +++----------------------------
 internal/rosa/hakurei_current.go | 26 ++++++++++++++++
 internal/rosa/hakurei_release.go | 51 ++++++++++++++++++++++++++++++++
 4 files changed, 82 insertions(+), 46 deletions(-)
 create mode 100644 internal/rosa/hakurei_current.go
 create mode 100644 internal/rosa/hakurei_release.go

diff --git a/.gitignore b/.gitignore
index b453a2a..ed10d54 100644
--- a/.gitignore
+++ b/.gitignore
@@ -28,6 +28,7 @@ go.work.sum
 # go generate
 /cmd/hakurei/LICENSE
 /internal/pkg/testdata/testtool
+/internal/rosa/hakurei_current.tar.gz
 
 # release
 /dist/hakurei-*
diff --git a/internal/rosa/hakurei.go b/internal/rosa/hakurei.go
index be18430..0287917 100644
--- a/internal/rosa/hakurei.go
+++ b/internal/rosa/hakurei.go
@@ -1,15 +1,9 @@
 package rosa
 
-import (
-	"hakurei.app/internal/pkg"
-)
+import "hakurei.app/internal/pkg"
 
 func (t Toolchain) newHakurei(suffix, script string) pkg.Artifact {
-	const (
-		version  = "0.3.5"
-		checksum = "6Tn38NLezRD2d3aGdFg5qFfqn8_KvC6HwMKwJMPvaHmVw8xRgxn8B0PObswl2mOk"
-	)
-	return t.New("hakurei"+suffix+"-"+version, 0, []pkg.Artifact{
+	return t.New("hakurei"+suffix+"-"+hakureiVersion, 0, []pkg.Artifact{
 		t.Load(Go),
 
 		t.Load(Gzip),
@@ -43,45 +37,9 @@ echo
 chmod -R +w /usr/src/hakurei
 cd /usr/src/hakurei
 
-HAKUREI_VERSION='v`+version+`'
+HAKUREI_VERSION='v`+hakureiVersion+`'
 `+script, pkg.Path(AbsUsrSrc.Append("hakurei"), true, t.NewPatchedSource(
-		"hakurei", version, pkg.NewHTTPGetTar(
-			nil, "https://git.gensokyo.uk/security/hakurei/archive/"+
-				"v"+version+".tar.gz",
-			mustDecode(checksum),
-			pkg.TarGzip,
-		), true, [2]string{"createTemp-error-injection", `diff --git a/container/dispatcher_test.go b/container/dispatcher_test.go
-index 5de37fc..fe0c4db 100644
---- a/container/dispatcher_test.go
-+++ b/container/dispatcher_test.go
-@@ -238,8 +238,11 @@ func sliceAddr[S any](s []S) *[]S { return &s }
-
- func newCheckedFile(t *testing.T, name, wantData string, closeErr error) osFile {
-        f := &checkedOsFile{t: t, name: name, want: wantData, closeErr: closeErr}
--       // check happens in Close, and cleanup is not guaranteed to run, so relying on it for sloppy implementations will cause sporadic test results
--       f.cleanup = runtime.AddCleanup(f, func(name string) { f.t.Fatalf("checkedOsFile %s became unreachable without a call to Close", name) }, f.name)
-+       // check happens in Close, and cleanup is not guaranteed to run, so relying
-+       // on it for sloppy implementations will cause sporadic test results
-+       f.cleanup = runtime.AddCleanup(f, func(name string) {
-+               panic("checkedOsFile " + name + " became unreachable without a call to Close")
-+       }, name)
-        return f
- }
-
-diff --git a/container/initplace_test.go b/container/initplace_test.go
-index afeddbe..1c2f20b 100644
---- a/container/initplace_test.go
-+++ b/container/initplace_test.go
-@@ -21,7 +21,7 @@ func TestTmpfileOp(t *testing.T) {
-                        Path: samplePath,
-                        Data: sampleData,
-                }, nil, nil, []stub.Call{
--                       call("createTemp", stub.ExpectArgs{"/", "tmp.*"}, newCheckedFile(t, "tmp.32768", sampleDataString, nil), stub.UniqueError(5)),
-+                       call("createTemp", stub.ExpectArgs{"/", "tmp.*"}, (*checkedOsFile)(nil), stub.UniqueError(5)),
-                }, stub.UniqueError(5)},
-
-                {"Write", &Params{ParentPerm: 0700}, &TmpfileOp{
-`},
+		"hakurei", hakureiVersion, hakureiSource, true, hakureiPatches...,
 	)), pkg.Path(AbsUsrSrc.Append("hostname", "main.go"), false, pkg.NewFile(
 		"hostname.go",
 		[]byte(`
diff --git a/internal/rosa/hakurei_current.go b/internal/rosa/hakurei_current.go
new file mode 100644
index 0000000..a6eec7f
--- /dev/null
+++ b/internal/rosa/hakurei_current.go
@@ -0,0 +1,26 @@
+//go:build current
+
+package rosa
+
+import (
+	_ "embed"
+
+	"hakurei.app/internal/pkg"
+)
+
+const hakureiVersion = "1.0-current"
+
+// hakureiSourceTarball is a compressed tarball of the hakurei source code.
+//
+//go:generate tar -zc -C ../.. --exclude .git --exclude *.tar.gz -f hakurei_current.tar.gz .
+//go:embed hakurei_current.tar.gz
+var hakureiSourceTarball []byte
+
+// hakureiSource is the source code at the time this package is compiled.
+var hakureiSource = pkg.NewTar(pkg.NewFile(
+	"hakurei-current.tar.gz",
+	hakureiSourceTarball,
+), pkg.TarGzip)
+
+// hakureiPatches are patches applied against the compile-time source tree.
+var hakureiPatches [][2]string
diff --git a/internal/rosa/hakurei_release.go b/internal/rosa/hakurei_release.go
new file mode 100644
index 0000000..d5af4d0
--- /dev/null
+++ b/internal/rosa/hakurei_release.go
@@ -0,0 +1,51 @@
+//go:build !current
+
+package rosa
+
+import "hakurei.app/internal/pkg"
+
+const hakureiVersion = "0.3.5"
+
+// hakureiSource is the source code of a hakurei release.
+var hakureiSource = pkg.NewHTTPGetTar(
+	nil, "https://git.gensokyo.uk/security/hakurei/archive/"+
+		"v"+hakureiVersion+".tar.gz",
+	mustDecode("6Tn38NLezRD2d3aGdFg5qFfqn8_KvC6HwMKwJMPvaHmVw8xRgxn8B0PObswl2mOk"),
+	pkg.TarGzip,
+)
+
+// hakureiPatches are patches applied against a hakurei release.
+var hakureiPatches = [][2]string{
+	{"createTemp-error-injection", `diff --git a/container/dispatcher_test.go b/container/dispatcher_test.go
+index 5de37fc..fe0c4db 100644
+--- a/container/dispatcher_test.go
++++ b/container/dispatcher_test.go
+@@ -238,8 +238,11 @@ func sliceAddr[S any](s []S) *[]S { return &s }
+
+ func newCheckedFile(t *testing.T, name, wantData string, closeErr error) osFile {
+        f := &checkedOsFile{t: t, name: name, want: wantData, closeErr: closeErr}
+-       // check happens in Close, and cleanup is not guaranteed to run, so relying on it for sloppy implementations will cause sporadic test results
+-       f.cleanup = runtime.AddCleanup(f, func(name string) { f.t.Fatalf("checkedOsFile %s became unreachable without a call to Close", name) }, f.name)
++       // check happens in Close, and cleanup is not guaranteed to run, so relying
++       // on it for sloppy implementations will cause sporadic test results
++       f.cleanup = runtime.AddCleanup(f, func(name string) {
++               panic("checkedOsFile " + name + " became unreachable without a call to Close")
++       }, name)
+        return f
+ }
+
+diff --git a/container/initplace_test.go b/container/initplace_test.go
+index afeddbe..1c2f20b 100644
+--- a/container/initplace_test.go
++++ b/container/initplace_test.go
+@@ -21,7 +21,7 @@ func TestTmpfileOp(t *testing.T) {
+                        Path: samplePath,
+                        Data: sampleData,
+                }, nil, nil, []stub.Call{
+-                       call("createTemp", stub.ExpectArgs{"/", "tmp.*"}, newCheckedFile(t, "tmp.32768", sampleDataString, nil), stub.UniqueError(5)),
++                       call("createTemp", stub.ExpectArgs{"/", "tmp.*"}, (*checkedOsFile)(nil), stub.UniqueError(5)),
+                }, stub.UniqueError(5)},
+
+                {"Write", &Params{ParentPerm: 0700}, &TmpfileOp{
+`},
+}