26 Commits

Author	SHA1	Message	Date
enricobuehler	61aa1053e7	feat(host/gamescope): headless game mode that follows the box + matches the client ... Make Steam game mode work on a display-less streaming host and stream it at the client's resolution: * Ship /etc/gamescope-session-plus/sessions.d/steam (packaging/bazzite/ gamescope-headless-session, installed by the RPM + Arch PKGBUILD): fall back to gamescope's headless backend when no display is connected, so "Switch to Game Mode" boots offscreen instead of crashing on the missing panel (and 5-striking back to desktop). No-op on display-attached boxes; only sets unset values so the host's per-client mode still wins. * Default Bazzite/SteamOS to ATTACH (PUNKTFUNK_GAMESCOPE_ATTACH=1 in host.env): the box owns its session (Desktop<->Game, persistent), the host follows + captures it and never tears it down — so switching is rock-solid and a disconnect leaves the box in its mode (reconnect returns there). * Resize-on-attach (gamescope.rs): on connect, ensure the box's own game-mode session runs at the CLIENT's resolution — reuse it when already matching (fast path, no restart), else reconfigure + restart the box's own autologin gamescope-session-plus@<client> at the client mode (cooperative: no competing unit, so no autologin-respawn fight). Detect the live gamescope's -W/-H via argv[0] in /proc (its /proc/<pid>/exe is unreadable for that process). Validated live on a headless bazzite-deck-nvidia box: game mode boots headless + stable (0 strikes); the host attaches + streams video/audio/EIS input; a 5120x1440 client reuses the matching session and streams at 5120x1440. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-28 11:09:45 +00:00
enricobuehler	8e18d01af5	fix(host/kwin): authorize Desktop-mode streaming via a shipped .desktop ... Streaming the KDE *Desktop* (KWin) session failed on a real interactive Plasma session with "KWin does not expose zkde_screencast_unstable_v1": KWin treats the screencast/virtual-output and fake_input globals as restricted and advertises them only to a client whose installed .desktop lists them under X-KDE-Wayland-Interfaces (matched by /proc/<pid>/exe -> Exec, and cached per-executable on first connect). The host shipped no .desktop, so it was permanently denied; it only ever worked on the headless dev box via KWIN_WAYLAND_NO_PERMISSION_CHECKS=1. Ship packaging/linux/io.unom.Punktfunk.Host.desktop (least-privilege: only the host, only zkde_screencast_unstable_v1 + org_kde_kwin_fake_input) and install it from the RPM/.deb/Arch host packaging so it is present before the host first connects. Drop the blunt session-wide NO_PERMISSION_CHECKS hack from kde-desktop-setup.sh (it now only seeds the RemoteDesktop input grant) and fix the now-misleading kwin.rs docs/errors. Validated live on a Bazzite Kinoite box (KWin 6.6.4): probe-compositor + spike --source kwin-virtual succeed against a KWin running WITHOUT the permission bypass. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-27 11:15:39 +00:00
enricobuehler	f6490f4c28	fix: complete the docs/→design/ and openapi→api/ rename references ... The file moves (docs/ → design/, docs/api/openapi.json → api/openapi.json) landed in d01a8fd, but the matching reference updates did not — so mgmt.rs's drift-test `include_str!("../../../docs/api/openapi.json")` pointed at a path that no longer exists and the host failed to build. This restores it and updates every reference: - mgmt.rs include_str! → ../../../api/openapi.json (fixes the build) - web/orval.config.ts codegen target, web/Dockerfile, .dockerignore - deb/rpm/Arch packaging install paths - CLAUDE.md, the .gitea CI workflows, code doc-comments, design-doc cross-links docs-site route URLs (/docs/...) untouched. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-26 11:53:02 +00:00
enricobuehler	0205c7b8d6	ci(release): split canary/stable tracks + unified Gitea Releases ... A push to main publishes canary builds to canary channels (fast iteration, unchanged); a single vX.Y.Z tag releases every platform at one version to the stable channels and attaches all artifacts (.deb/.rpm/.msix/.apk/.aab/.dmg + flatpak/decky/host-installer) to one Gitea Release. Collapses the host-v*/win-v*/host-win-v* tag namespaces into v* — the channel split makes the version-shadow bug structurally impossible (canary and stable are separate repos, never a shared version line). - scripts/ci/gitea-release.{sh,ps1}: one idempotent release helper (create-or-fetch + delete-before-upload), replacing 3 copy-pasted inline blocks and fixing their latent 409-on-reupload bug; prerelease flag auto-derived from the tag (an -rc tag won't shadow "Latest") - channels: apt canary/stable distributions; rpm *-canary/base groups; flatpak canary/stable OSTree branches + a 2nd .Canary.flatpakref; generic-registry canary/ vs latest/ aliases; Play internal/alpha; Apple TestFlight vs notarized DMG - android versionName threaded through gradle (versionCode stays run_number); Apple canary = TestFlight-only (no DMG/tvOS); canary base bumped to 0.3.0 - docs: new docs-site channels.md (subscribe table + cut-a-release runbook + box migration), refreshed ci.md workflow table + packaging READMEs Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-21 17:26:38 +00:00
enricobuehler	6922e1c467	feat(host): VAAPI codec probe + AMD/Intel packaging + neutral logs (Phase 3) ... Polish for AMD/Intel support: - GameStream serverinfo advertises only codecs the GPU can ACTUALLY encode on the VAAPI backend (probed once by opening a tiny encoder per codec). AV1 encode is narrow (Intel Arc/Xe2+, AMD RDNA3+/RDNA4) and an old iGPU may lack HEVC, so a Moonlight client never negotiates a codec the encoder can't open. NVENC/Windows keep the Moonlight-validated static mask. Validated on a Radeon 780M: h264/h265/av1 all probe true -> mask unchanged (65793). - Packaging: Recommends mesa-va-drivers + intel-media-va-driver (deb) / mesa-va-drivers + intel-media-driver (rpm) so the auto-selected VAAPI backend works out of the box on AMD/Intel; NVIDIA boxes can --no-install-recommends. (Fedora note: stock mesa-va-drivers disables HEVC/AV1 -- needs the freeworld variant from RPM Fusion.) - De-NVIDIA-fy the user-facing encoder log/context strings ("open NVENC" -> "open video encoder") now that VAAPI is a first-class backend. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-20 10:41:37 +00:00
enricobuehler	822fde1e89	fix(rpm): derive the libcuda link stub from source (fixes undefined cu* symbols) ... The Fedora RPM build linked punktfunk-host against a synthesized libcuda stub with a FROZEN symbol list baked into ci/fedora-rpm.Dockerfile. The priority- stream work added cuCtxGetStreamPriorityRange / cuStreamCreateWithPriority / cuStreamSynchronize / cuMemcpy2DAsync_v2, which weren't in that list, so the link failed with "undefined symbol". build-rpm.sh now regenerates /usr/lib64/libcuda.so.1 from every cu* symbol the host source references (grep of crates/punktfunk-host/src), before rpmbuild — so a new cu* call can never silently break the link again. Self-maintaining and needs no builder-image rebuild (it supersedes the Dockerfile's frozen stub). Verified the 23 extracted symbols compile and cover the 4 that were undefined. Also fix the bogus %changelog weekday (Sun -> Mon, Jun 15 2026 is a Monday) that rpmbuild warned on. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-19 08:29:16 +00:00
enricobuehler	1f0dc87658	feat(rpm): enable gpgcheck=1 — packages are signed + verified ... The signing rollout is confirmed end to end: the latest published RPM (0.2.0-0.ci1089) carries a header GPG signature (added by `rpm --addsign`) and passed the in-CI `rpmkeys --checksig` self-verify before publishing (a bad/unsigned build fails that gate and never reaches the registry). So flip every .repo snippet from gpgcheck=0 to gpgcheck=1 and add the package-signing public key (served from the generic registry, committed at packaging/rpm/RPM-GPG-KEY-punktfunk) to gpgkey= alongside the Gitea metadata key — dnf/rpm-ostree imports both. Covers rpm/README, packaging/README, the bootc Containerfile, and the docs-site bazzite/fedora-kde install pages; rpm/README's signing section reframed from "dormant/enabling" to active (+ key-rotation notes). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-15 15:23:57 +00:00
enricobuehler	59bcfa1a12	fix(ci): rpm signing uses rpm's default signer; flatpak installs node before checkout ... Two CI fixes: - rpm signing (2nd bug): overriding %__gpg_sign_cmd via --define reached gpg with %{__plaintext_filename}/%{__signature_filename} UNEXPANDED ("No such file or directory"). Stop overriding it — use rpm's default signer (which expands those correctly) and just set _gpg_name; a passphrase-less key + loopback in gpg.conf makes gpg sign headless. (Requires a passphrase-less signing key, as the runbook's %no-protection key is.) - flatpak: the job runs in fedora:43 which has no node, so actions/checkout (a JS action) failed with "node: not found". Install nodejs in a plain `run:` step (shell, no node needed) before checkout. Also scope the heavy flatpak-builder run to client/core/manifest changes (+ tags) so it stops rebuilding on every unrelated docs/host push (tag pushes still build — paths filters only branch pushes). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-15 13:54:43 +00:00
enricobuehler	0f17b6f864	fix(rpm): sign-rpms.sh — %{__gpg} is already the gpg binary, drop the literal gpg ... The first signed CI run failed at the Sign step: `%{__gpg} gpg ...` expands to `<gpgpath> gpg ...`, so gpg got a spurious `gpg` filename arg ("no command supplied", options "not considered"). Dropped the literal `gpg` → `%{__gpg} --batch ...`. Validated locally: the corrected invocation parses as a sign command (fails only with "No secret key", which is present in CI). The checksig gate did its job — nothing published, installs stayed safe. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-15 13:39:00 +00:00
enricobuehler	067f592615	feat(rpm): add the package-signing public key (activates the dormant signing) ... The dedicated EdDSA signing key (AF245C506F4E4763, "punktfunk packages <packages@unom.io>") whose private half is now the RPM_GPG_PRIVATE_KEY CI secret. Committing the public half so clients can fetch it (raw URL) for gpgcheck=1. This push triggers a rpm.yml run that signs 0.2.0~ciN via packaging/rpm/sign-rpms.sh (no longer a no-op); the gpgcheck=1 flip follows once that signed build is confirmed published. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-15 13:01:24 +00:00
enricobuehler	1fd4c97139	feat(rpm): wire per-package GPG signing (dormant until a key secret is set) ... The audit's signing recommendation, scoped to RPM (apt's signed Release metadata already covers .debs; bootc cosign deferred). packaging/rpm/sign-rpms.sh GPG-signs dist/*.rpm and self-verifies (rpmkeys --checksig), run from rpm.yml between build + publish. Safe to ship: the step is a NO-OP (exit 0, unsigned as today) until RPM_GPG_PRIVATE_KEY is set as a CI secret — so it can't break current CI, and when enabled a bad macro fails loudly via the in-step checksig rather than shipping bad signatures. rpm/README gains the one-time enablement runbook (generate a dedicated passphrase-less key, add the secret, publish the public key, flip gpgcheck=1 only after a signed build lands) and notes step-ca is for TLS, not OpenPGP (it can't sign RPMs). Also fixes the rpm/README version staleness the doc review caught: rolling is 0.2.0-0.ciN (outranks the stray 0.1.1, no pin needed), host releases use host-v* not the client's v*. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-15 10:46:27 +00:00
enricobuehler	837b6fabb1	feat(dist): aarch64 honesty, Debian KWin-unit parity, cargo-audit CVE scan (P1/P2) ... - spec: narrow ExclusiveArch to x86_64 — no aarch64 build is produced/published (NVENC is desktop-NVIDIA), so claiming aarch64 advertised an arch we never ship. - build-deb.sh: ship punktfunk-kde-session.service (ExecStart repointed to the packaged run-headless-kde.sh) + host.env.kde, matching the RPM/Arch — the deb README's "mirrors the Fedora RPM" claim now holds. - audit.yml: weekly + Cargo.lock-change `cargo audit` over the network-facing crypto dep tree (RustSec advisories); ignore unfixables via .cargo/audit.toml. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-15 10:34:32 +00:00
enricobuehler	fe9921cc1c	fix(dist): kill the version-shadow + add build provenance (P0) ... The stale code a default install/upgrade got was a TAG LEAK: deb.yml/rpm.yml shared `tags: ['v*']` with the Apple-client release.yml, so the v0.1.0/v0.1.1 tags cut to ship the macOS app ALSO published host packages versioned 0.1.1 — which outranks every rolling 0.0.1~ciN / 0.0.1-0.ciN build in both registries (dpkg/rpm version compares confirm), so `apt install`/`rpm-ostree install` silently fetched ~99-commits-stale code while the READMEs claimed auto-tracking. Two fixes: - Decouple host publishing from Apple `v*` tags: deb.yml/rpm.yml now trigger on `host-v*` only, so a client tag can never poison the host channel again. - Bump the rolling base 0.0.1 -> 0.2.0 (deb `0.2.0~ciN`, rpm `0.2.0-0.ciN`): sits ABOVE the stray 0.1.1 yet BELOW a future 0.2.0 tag, and still climbs monotonically by run number — so `apt upgrade`/`rpm-ostree upgrade` genuinely move forward. Spec default + build scripts + PKGBUILD pkgver bumped to match. Build provenance (so a stale/shadowed host is detectable): build.rs stamps PUNKTFUNK_BUILD_VERSION (set by CI = the full package version, e.g. 0.2.0~ci120.g802e98d; falls back to the crate version for a plain `cargo build`) into the binary via rustc-env. Surfaced in `punktfunk-host --version`, the startup log, and the mgmt /health + /host `version` field (was a hardcoded CARGO_PKG_VERSION). Deliberately env-driven, not git-derived — the RPM builds from a git-archive tarball with no .git. Version computed BEFORE the build in deb.yml; the spec %build exports it from %{version}-%{release} (and gains --locked for reproducibility parity with the .deb path). Validated: plain build reports 0.0.1, env-stamped build reports 0.2.0~ci999.gdeadbee. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-15 10:30:21 +00:00
enricobuehler	802e98d3a3	feat(packaging): bundle the web console into the RPM / Arch / bootc host packages ... The punktfunk-web management console (pairing + status) shipped only via apt. Extend it to the other HOST packaging methods, mirroring the Debian punktfunk-web .deb (flatpak is the client, correctly excluded): - rpm/punktfunk.spec: new noarch `punktfunk-web` subpackage (the .output bundle + a /usr/bin/punktfunk-web-server node launcher + both systemd --user units + web-init.sh + web.env.example), gated behind `%bcond_with web`. OFF by default because building the Nitro/Node SSR bundle needs `bun`, which a plain rpmbuild / COPR mock chroot lacks. Host package weak-Recommends punktfunk-web. - ci/fedora-rpm.Dockerfile: install bun (+ unzip) so the CI builder can build the console. - rpm.yml: build `PF_WITH_WEB=1` (Prep bootstraps bun to stay green pre-image-rebuild); the publish loop already globs the new noarch rpm into the registry. build-rpm.sh: `--with web` when PF_WITH_WEB=1. - bootc/Containerfile: install from the Gitea RPM registry (which carries punktfunk-web) instead of COPR — `dnf5 install punktfunk punktfunk-web`. - arch/PKGBUILD: opt-in `punktfunk-web` split member (PF_WITH_WEB=1 appends it + bun) so a default makepkg still builds host+client with no JS tooling — matching the spec's bcond. - docs: packaging/README, rpm/README, copr/README (the no-bun caveat), bazzite/README (Path B rewritten COPR→Gitea registry), arch/README — enable + journal-password steps. Reviewed across methods by an adversarial multi-agent pass (rpm/ci/arch/bootc/consistency lenses, each blocking finding 3x-verified); fixed the two it confirmed real — the Arch bun-mandatory regression (now opt-in) and the stale COPR wording in bazzite Path B. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-15 09:56:58 +00:00
enricobuehler	66c2bee183	feat(packaging/bazzite): one-shot KDE Desktop-mode setup for the host ... The session-aware selector drives a KWin virtual output at the client's resolution when the Bazzite box is in KDE Desktop Mode — validated live. But a normal KDE login withholds two things the headless host needs: 1. KWIN_WAYLAND_NO_PERMISSION_CHECKS=1 — so KWin exposes the privileged zkde_screencast virtual-output protocol to an external client. 2. the kde-authorized RemoteDesktop grant — so libei input auto-approves instead of popping a dialog a headless host can't answer. Add packaging/bazzite/kde-desktop-setup.sh (idempotent, no root): writes the environment.d KWIN drop-in and seeds the grant DB (shipped at /usr/share/punktfunk/headless/kde-authorized) into ~/.local/share/flatpak/db/, restarting the portal chain. Ship it via the RPM at /usr/share/punktfunk/bazzite/ and document it in the Bazzite README (new §6.5). Gaming Mode needs none of this (auto-attach). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-14 22:26:21 +00:00
enricobuehler	9f92dc505b	fix(client/pkg): ship 32MB UDP recv-buffer sysctl with the Linux client ... The client asks the kernel for a 32 MB SO_RCVBUF, but the kernel silently clamps it to net.core.rmem_max — whose default is far too small. A too-small recv buffer is the dominant client-side wall above ~1 Gbps. Measured live (Fedora host -> two clients, real 2.5G LAN, GSO off): a client capped at 4 MB rmem_max dropped 31.6% of a 2 Gbps stream at the receiver, while a 32 MB client delivered the same 2 Gbps at 0.0% loss. The host already shipped this tuning; the client packages didn't (the RPM's %post even referenced the host-only file), so a client-only install streamed lossy at high bitrate. Add scripts/99-punktfunk-client-net.conf (rmem/wmem = 32 MB, distinct filename so host+client can coexist) and ship+apply it from both the .deb (build-client-deb.sh) and the RPM client subpackage (install, %files client, %post client). For reference the full ladder (punktfunk speed-test): 0% loss to 1.5 Gbps on a 4 MB client; 31.6% at 2 Gbps on 4 MB vs 0% at 2 Gbps on 32 MB. iperf3 put the raw link at ~2.35 Gbps TCP / ~2.4 Gbps UDP, so the stack now tracks the wire given a big enough recv buffer. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-14 08:45:19 +00:00
enricobuehler	5bc257f1ae	fix(headless/kde): virtual Punktfunk speaker + restart host with the session ... Audio: a headless host has no speakers, and on a LAN with AirPlay devices PipeWire picks a random HomePod as default — so desktop audio (which the host captures from the default sink's monitor) went to a HomePod over AirPlay instead of to the client, and there was no "Punktfunk" output to select. Ship a `punktfunk-sink.conf` (a `support.null-audio-sink` adapter — NOT the non-existent module-null-sink, which makes pipewire refuse to start) with high priority.session so it's the default; run-headless-kde.sh installs it and restarts pipewire once on first install. The host then captures its monitor and streams it. (Disable AirPlay sinks out of band: `dnf remove pipewire-config-raop`.) Input: the host's libei portal D-Bus connection goes stale when the compositor session restarts the portal under it, and the in-process reopen loop can't recover it (EIS setup keeps timing out) — only a full restart does. Add PartOf=punktfunk-kde-session.service so the host restarts with the session. Both verified live on the Fedora 44 KDE box. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-13 23:30:36 +00:00
enricobuehler	e4b10f057a	fix(headless/kde): make libei input work headlessly — portal + pre-seeded RemoteDesktop grant ... On a headless KDE appliance, libei input injection silently failed: the EIS socket comes from the xdg RemoteDesktop portal, which never came up, and even up it would pop an unanswerable "Allow remote control?" dialog. Three fixes in run-headless-kde.sh, all idempotent + safe on the dev box: - Reach graphical-session.target: xdg-desktop-portal is ordered behind it and its start job fails without it, but a headless linger session never gets there and Fedora's target has RefuseManualStart=yes — drop that in once, then start the target. - Start the portal with `start` (the old `try-restart` is a no-op when inactive — the first-boot case), so it actually comes up. - Pre-seed the RemoteDesktop grant: vendor the `kde-authorized` permission-store GVariant DB and copy it to ~/.local/share/flatpak/db/ (never clobbering an existing one), so the portal grants RemoteDesktop without a dialog. Shipped by the RPM + .deb. Diagnosed + fixed live on the Fedora 44 KDE box: libei devices RESUME and emit (MouseMove/keys). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-13 21:22:20 +00:00
enricobuehler	38b7507440	packaging(rpm): Fedora 44 build + ship the KDE session unit & host.env ... Three changes to make a reproducible Fedora KDE host install: - ci/fedora-rpm.Dockerfile: parameterize the Fedora base (ARG FEDORA_VERSION, default 43) so the same builder produces the Bazzite (F43, libavcodec.so.61) and Fedora 44 (libavcodec.so.62) RPMs. A binary RPM is soname-coupled to its base, so each target Fedora needs its own build/channel. - spec: install punktfunk-kde-session.service (was in the tree but never packaged) with its ExecStart repointed from the dev source tree to the installed run-headless-kde.sh. This is the headless `kwin --virtual` session (KWIN_WAYLAND_NO_PERMISSION_CHECKS=1) the kwin backend needs — an interactive Plasma session refuses to hand its privileged zkde_screencast protocol to an external client, so a dedicated session is required. Not enabled by default (kwin hosts opt in). - ship packaging/kde/host.env as host.env.kde — the ready KWin appliance config (wayland-kde). Validated live on a Fedora 44 KDE box (RTX 4090): KWin virtual output + zero-copy dmabuf->CUDA->NVENC. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-13 16:08:10 +00:00
enricobuehler	340cbcfe22	fix(packaging): point the packaged systemd unit at /usr/bin/punktfunk-host ... scripts/punktfunk-host.service is dev-oriented — its ExecStart references the source tree (%h/punktfunk/target/release/punktfunk-host). When the deb/rpm ship it to /usr/lib/systemd/user, a fresh install with no hand-rolled unit would try to run a binary that isn't there. Rewrite the ExecStart to the installed /usr/bin/punktfunk-host during packaging (sed in build-deb.sh + the spec); the source unit stays as-is for from-source dev. Hosts with a custom ~/.config unit (which shadows the packaged one) are unaffected. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-13 10:25:30 +00:00
enricobuehler	4ff6f447a8	ci(packaging): punktfunk-client .deb + RPM subpackage ... Hook the Linux client into the existing packaging CI: - deb.yml builds both binaries and publishes punktfunk-host AND punktfunk-client to the Gitea apt registry; new packaging/debian/build-client-deb.sh mirrors the host script (shlibdeps auto-Depends — GTK4/libadwaita/SDL3/FFmpeg/PipeWire sonames; no NVIDIA filter, the client links no CUDA). Built and inspected locally on Ubuntu 26.04. - punktfunk.spec gains a "client" subpackage (binary + desktop entry + udev rule); rpm.yml's publish loop picks it up unchanged. - New shared assets: packaging/linux/io.unom.Punktfunk.desktop and scripts/70-punktfunk-client.rules — DualSense hidraw uaccess (USB + Bluetooth, steam-devices style) so SDL's HIDAPI driver gets touchpad/motion/lightbar/triggers instead of degrading to evdev. - Builder images learn the client link deps (rust-ci already had them; fedora-rpm adds gtk4/libadwaita/SDL3-devel) with idempotent install steps in deb.yml/rpm.yml since jobs run against the previous push's image. Workspace check CI (build/clippy/test) already covers the crate since f09def4. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>	2026-06-12 23:18:12 +00:00
enricobuehler	0b1322d1c6	fix(packaging): ship the UDP socket-buffer sysctl in the .deb and .rpm ... The host requests a 32 MB SO_SNDBUF, but the kernel clamps it to net.core.wmem_max (~416 KB on a stock box) — so high-bitrate frames overflow the socket buffer and the host drops a large fraction of packets on send (measured 28.5% loss / 54k dropped at 1 Gbps to a clean LAN client on a fresh Bazzite box). scripts/99-punktfunk-net.conf fixes it (32 MB caps) but the packages never installed it. Ship it to /usr/lib/sysctl.d/ (auto-applied at boot by systemd-sysctl) and apply it in the deb/rpm postinst. This is the dominant cause of the sub-Gbps ceiling on an untuned host. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-12 22:41:45 +00:00
enricobuehler	06346e5037	docs(rpm): use repo_gpgcheck for the unsigned Gitea RPMs ... Gitea GPG-signs the repo metadata but not the individual packages, while its auto-served bazzite.repo sets gpgcheck=1 — so `rpm-ostree install` fails with "could not be verified" on our unsigned RPMs. Document writing the repo explicitly with gpgcheck=0 + repo_gpgcheck=1 (verify the signed metadata, which carries each package checksum) instead of curling the served .repo. Note the TLS-only fallback and that per-package signing is future hardening. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-12 22:07:42 +00:00
enricobuehler	58cb416abb	ci(rpm): publish punktfunk-host RPM to the Gitea registry (Bazzite) ... Mirrors the apt pipeline for Fedora Atomic / Bazzite. New `rpm` workflow builds the host RPM in a Fedora 43 builder image (ci/fedora-rpm.Dockerfile — matches Bazzite's libavcodec.so.61, with a self-contained 16-symbol libcuda link stub so no NVIDIA packages are needed in CI) and uploads to Gitea's public RPM registry (group "bazzite") on every main push (rolling 0.0.1-0.ciN.<sha>) and v* tag (clean X.Y.Z-1). Bazzite hosts then track it with `rpm-ostree upgrade`. - packaging/rpm/build-rpm.sh: git-archive tarball + rpmbuild (--nodeps, since the toolchain is rustup + dnf, not RPMs); copies to dist/, asserts no cuda/nvidia leak. - punktfunk.spec: overridable pf_version/pf_release for CI snapshots; exclude libcuda.so from auto-Requires (NVENC/EGL come from the driver, out of band) — same NVIDIA filter as the .deb; fix a bogus changelog weekday. - docker.yml builds+pushes the new fedora-rpm image; packaging README + rpm/README document the rpm-ostree install/update path (recommended option). Builder image seeded to the registry so rpm.yml's first run finds it. RPM build + clean-Requires verified locally in the image (libavcodec.so.61 / libavutil.so.59, no cuda). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-12 21:32:46 +00:00
enricobuehler	136390514d	build: support FFmpeg 7.x and 8.x; fix RPM spec GPU link deps ... punktfunk-host builds unchanged against either FFmpeg 7.x (libavcodec 61) or 8.x (libavcodec 62) — ffmpeg-sys-next auto-detects the system version, and the host's ffmpeg FFI only touches long-stable APIs. Confirmed by building + running live on a Bazzite F43 box (FFmpeg 7.1.3): full gamescope capture → zero-copy dmabuf→CUDA → NVENC H.265 at 1280x720x60, p50 ~0.96 ms. Just doc/spec accuracy, no code change: - encode/linux.rs + CLAUDE.md: drop the "FFmpeg 8 only" claim; note 7.x/8.x both work. - rpm spec: add the missing zero-copy GPU build deps the link actually needs — pkgconfig(gl) + pkgconfig(gbm) (mesa) — and document that -lcuda needs libcuda.so at link time (NVIDIA host, or the CUDA toolkit stub on a headless COPR/koji builder). Tracked for a proper fix: make the cuda/gbm/GL FFI dlopen-based like khronos-egl so the RPM builds on a GPU-less host. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-11 09:12:59 +00:00
enricobuehler	23bb814bac	feat(packaging): Fedora/Bazzite packaging — COPR RPM, bootc image, gamescope-default config ... Roadmap #3 (install on other devices). Bazzite already ships gamescope + PipeWire + the NVIDIA stack, so the host slots in with minimal new deps (ffmpeg-libs from RPM Fusion + opus + libei). - packaging/rpm/punktfunk.spec — builds punktfunk-host from source (cargo), installs the binary + udev rule + systemd user unit + headless helpers; Requires/Recommends mapped from the Ubuntu bootstrap deps to Fedora. - packaging/bootc/Containerfile — layer punktfunk into a bazzite-nvidia bootc image for atomic, image-based installs. - packaging/bazzite/host.env — gamescope-default appliance config (spawned per session). - packaging/copr/ + packaging/README.md — COPR build-from-SCM settings + install docs (rpm-ostree and bootc paths), and why not Flatpak. - LICENSE-MIT + LICENSE-APACHE — materialize the declared `MIT OR Apache-2.0` (was unfiled); the RPM ships them. Not buildable on the Ubuntu dev box (no rpm tooling) — the COPR/Fedora build is operator-run; all spec-referenced files verified present and the cargo build is green. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-10 22:29:01 +00:00