Missing pieces
- Per-distro build/test/release verification recorded in manifests (
build_verified/tests_verified are false)
- Consistent release manifest entries and release verification blocks for produced MSIX artifacts
- An evidence bundle (release-evidence) per release, containing
filehash.txt and logs
- Automated reproducible-build guidance and release-note inclusion in installer output
- A centralized record of installer/MSIX SHA-256 across project manifests
Next steps
- Select one child distro and run the full conversion + packaging pipeline end-to-end, producing an MSIX
- Record SHA-256, package size, and a per-version verification block in that child's manifest
- Create a release-evidence folder for the sample release with
build.log, test.log, and filehash.txt
- Update
WSL.manifest.toml to link the verified child release(s) and reconcile legacy manifests
- Add a short reproducible-build note detailing the exact host tools/versions used for that release
Potential improvements
- Automate the import → test → package pipeline as a single PowerShell wrapper, for repeatable artifacts
- Embed source ISO and rootfs provenance (source SHA-256) into packaged metadata
- Centralize developer cert handling and signing status reporting across manifests
- Smoke-test automation that imports the tar, launches the distro, and records the window title
- A canonical
docs/ folder inclusion step so release docs travel with installers
Creative enhancements (ideas on file, not committed)
- A provenance metadata injector embedding ISO and rootfs SHA-256 into a machine-readable manifest inside the rootfs before packaging
- A "frozen-baseline catalog" — a repository of frozen working rootfs tarballs with a quick rollback launcher selecting between baselines
- A compatibility shim generator appending small wrapper binaries into a rootfs tar to provide missing common utilities
- An operator dashboard: a simple local UI listing registered WSL distros, artifacts, hashes, and last-verified dates
- An automated "repair" tool checking an imported distro's health against an integrity matrix and suggesting rootfs overrides