chore: bump --version to 1.1.15 + TODO audit (retire shipped entries)#216
Merged
Conversation
cli/args.cpp's two --version / -V branches still printed "crate 1.1.11" even after the 1.1.12 (compositor) / 1.1.13 (jid-name authz) / 1.1.14 (path-scoped authz) / 1.1.15 (create_jail path-prefix authz) releases all landed in CHANGELOG.md. The convention in this codebase has been to bump the literal at release-cut time rather than per-feature PR (privops authz #208 tagged 1.1.12 in comments but left the literal at 1.1.11), so the gap accumulated over the series. Bump to match the current head of CHANGELOG. While here, refresh the two "Applies to: 1.1.11" / "Reasoning about isolation on 1.1.11" sentences in docs/trust-model.{md,uk.md} that pinned the doc to the pre-series snapshot — the body has been updated throughout the series to describe the 1.1.12 -> 1.1.15 gate. The opening sentence now reads "1.1.15 (rootless model + per-tenant authz series 1.1.12 -> 1.1.15 ...)", consistent with the rest of the doc. Code comments like "// 1.1.11: send a signal to all processes" stay unchanged — those are historical landed-in markers, not the current version literal. https://claude.ai/code/session_01X6t6tzVypHye5bDGLxzmZK
…only update
A TODO audit against main (1.1.15) found three entries describing
already-shipped work as open or in-progress:
- "Rootless containers (in progress on 0.9.x)" — the entire planned
arc shipped: verb taxonomy (0.9.0) -> wire format (0.9.1) ->
handlers (0.9.2-0.9.7) -> per-user namespacing (0.9.8) -> flag
flip (0.9.9) -> setuid removal (1.0.0). The 80-line planning block
("What the refactor needs: ... ~3-5 days / ~1 week ...") described
work that has existed in tree for months and was actively
misleading about project state. Replaced with a Done entry that
also records the 1.1.12-1.1.15 authorize-before-dispatch extension
(dataset/loginclass, jid/name registry, path-scoped verbs,
create_jail path-prefix) and points at docs/trust-model.md.
- "Hub scheduling" sat in the open Medium-priority section while its
own text said *Shipped end-to-end* (0.8.40 + 0.8.43). Moved to Done.
- "crate update --pkg-only (partial)" conflated the shipped pkg path
(0.8.41) with the open base-system update. Split: the shipped half
goes to Done; the open half becomes its own Medium-priority entry
with the snapshot-and-rollback shape sketched (clone, verify,
promote-or-rollback; interactions with warm-template cache and
restart policy noted).
Also backfilled the Done list, which stopped at 0.8.21/0.8.37, with
the 1.1.10-1.1.15 arrivals: devfs/signal_jail privops verbs, the
in-jail Wayland compositor (gui.mode: compositor), the on-hardware
validation runbook, and the -lnv link fix + lite-CI link smoke.
Net effect: every remaining open entry in TODO (full base-system
update, layered images, getpeereid full refactor) and TODO2 (bhyve
backend A) describes genuinely-open work. TODO2 needed no changes —
its statuses were accurate.
https://claude.ai/code/session_01X6t6tzVypHye5bDGLxzmZK
click0
changed the title
The user's "full FreeBSD tests are failing" report decoded to two separate facts: 1. The pasted link failure (undefined symbol: FreeBSD_nvlist_*) is the already-fixed -lnv miss. The pasted link line has no -lnv while libcrate.a already contains jid_owner_registry.o — that combination only exists in commits between #211 and #214, i.e. the weekly cron run's pinned commit (9bdcf87) or a re-run of it (re-runs always reuse the original commit). Current main (34ff761) links with -lnv; the lite workflow's new link-smoke step proved it green on FreeBSD 14.2. 2. WHY did only the weekly cron ever exercise the full build? Because freebsd-build.yml's push/pull_request triggers point at `master`, but the repository's default branch is `main`. Those triggers have been dead the whole time: no merge to main ever ran the full workflow, leaving exactly one full run per week (the cron), which additionally kept dying on the SSH-to-VM phase before reaching the build. Meanwhile freebsd-build-lite's `branches-ignore: [master]` meant lite DID run on main pushes — the only reason merges had any FreeBSD coverage at all. Fix both sides: - freebsd-build.yml: push/pull_request branches [master] -> [main]. Merges to main now gate on the full build + kyua + ci-verify. - freebsd-build-lite.yml: branches-ignore [master] -> [main]. Feature branches keep the fast lite loop; main hands off to full (no more duplicate lite run on main pushes). The weekly cron + workflow_dispatch triggers are unchanged. The SSH-to-VM flakiness seen in the cron runs is a separate cross-platform-actions infra issue and is NOT addressed here — but with push-to-main now triggering full, each merge gets a fresh attempt instead of waiting a week. https://claude.ai/code/session_01X6t6tzVypHye5bDGLxzmZK
With the dead push trigger fixed (previous commit), every merge to main now runs the full FreeBSD build — the cron is no longer the only coverage, just a bit-rot safety net for quiet periods with no commits. Weekly scheduled runs of two heavy FreeBSD VMs (14.2 + 15.0, ~25 min each) are wasteful in that role; monthly (1st of the month, 04:00 UTC) is enough to catch pkg/OS-update regressions between merges. https://claude.ai/code/session_01X6t6tzVypHye5bDGLxzmZK
This was referenced Jun 10, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Two housekeeping commits on the designated branch (no production code):
chore(version): bump --version string to 1.1.15(5d60cdd)docs(TODO): retire completed entries — rootless, hub scheduling, pkg-only update(0c1ab79)Both bring project metadata in line with what has actually shipped through the 1.1.12 → 1.1.15 series.
1. Version bump (
5d60cdd)cli/args.cpp:756, 767still printedcrate 1.1.11whileCHANGELOG.mdheads at[1.1.15]. The convention here is to bump the literal at release-cut time rather than per-feature PR, so the gap accumulated across the series. Bumped both--version/-Vbranches tocrate 1.1.15.Also refreshed the two stale "Applies to: 1.1.11" / "Reasoning about isolation on 1.1.11" sentences in
docs/trust-model.{md,uk.md}— the doc body was updated throughout the series to describe the 1.1.12 → 1.1.15 gates, so the opening line now matches:1.1.15 (rootless model + per-tenant authz series 1.1.12 → 1.1.15 …).Code comments like
// 1.1.11: send a signal …stay — those are historical landed-in markers, not the current version literal.2. TODO audit (
0c1ab79)An audit of
TODO/TODO2againstmainfound three entries describing already-shipped work as open or in-progress:docs/trust-model.md.Also backfilled the Done list (which stopped at 0.8.21/0.8.37) with the 1.1.10–1.1.15 arrivals: devfs/signal_jail privops verbs, the in-jail Wayland compositor, the on-hardware validation runbook, and the
-lnvlink fix + lite-CI link smoke.Net effect: every remaining open entry in
TODO(full base-system update, layered images, getpeereid full refactor) andTODO2(bhyve backend A) describes genuinely-open work.TODO2needed no changes — its statuses were accurate.Test plan
grep "crate 1\.1\." cli/args.cpp→ both branches printcrate 1.1.15.crate(1)(the fix(build): -lnv for FreeBSD nvpair API + lite CI link smoke + getpeereid design notes #215 smoke step) — the version-string change is a pure literal; TODO/docs changes don't reach the compiler.https://claude.ai/code/session_01X6t6tzVypHye5bDGLxzmZK