Prototype FreeBSD store management

docs/PROGRESS.md

@@ -972,3 +972,110 @@ Next recommended step:
 2. if possible, use outputs or dependency relationships realistic enough to model how a future FreeBSD Guix daemon would retain referenced store items
 3. continue carrying the separate Guix checkout runtime blocker:
   - investigate the `leave-on-EPIPE` failure in `./pre-inst-env guix --version`
+
+## 2026-04-01 — Phase 2.3 completed: `/frx/store` prototype validated on FreeBSD
+
+Completed work:
+
+- added a runnable `/frx/store` prototype harness:
+  - `tests/store/run-freebsd-store-prototype.sh`
+- wrote the Phase 2.3 report:
+  - `docs/reports/phase2-freebsd-store-prototype.md`
+- created and exercised the operator-requested `/frx` layout on-host:
+  - `/frx/store`
+  - `/frx/var`
+  - `/frx/etc`
+  - `/frx/var/fruix/gcroots`
+- created a store group for the prototype path:
+  - `fruixbuild`
+- ran the store prototype successfully and captured metadata under:
+  - `/tmp/freebsd-store-prototype-metadata.txt`
+
+Important findings:
+
+- the current host now has a working `/frx/store` prototype owned as:
+  - `root:fruixbuild`
+  with mode:
+  - `drwxrwxr-t`
+- the prototype successfully created content-addressed demo store items under `/frx/store` using hash-based names
+- the demo item set included:
+  - rooted greeting data
+  - a rooted app referencing that data through an absolute store path
+  - an unrooted orphan item intended for collection
+- an unprivileged user (`nobody`) could:
+  - read store data
+  - execute the demo app from the store
+- the same unprivileged user could not:
+  - create files directly in `/frx/store`
+  and the observed failure was:
+  - `Permission denied`
+- the prototype GC logic followed rooted references successfully:
+  - with a GC root present, the app and its referenced data survived while the orphan item was collected
+  - after removing the GC root, the remaining demo items were collected as well
+- the demo store returned to an empty state after the second GC pass, so the host is left with the `/frx` skeleton but without lingering prototype payloads
+
+Current assessment:
+
+- Phase 2.3 is now satisfied on the current FreeBSD prototype track
+- the core store assumptions needed for a FreeBSD Guix-daemon design have practical validation now:
+  - `/frx/store` path viability
+  - root-controlled mutation
+  - unprivileged read access
+  - immutable absolute store references
+  - root-managed GC roots and mark/sweep retention behavior
+- remaining gaps are now above this architectural layer rather than below it:
+  - real derivation registration
+  - SQLite-backed store metadata
+  - daemon RPC integration
+  - actual package lowering/build submission using these mechanisms
+
+## 2026-04-01 — Phase 2 completed on the current FreeBSD prototype track
+
+Phase 2 is now considered complete for the active FreeBSD amd64 prototype path.
+
+Why this milestone is satisfied:
+
+- **Phase 2.1** success criteria were met:
+  - a detailed jail-first build-isolation design was produced
+  - a runnable prototype successfully executed a build command in a restricted FreeBSD jail
+- **Phase 2.2** success criteria were met:
+  - a concrete C privilege-dropping implementation was added
+  - build-user credential drop, inability to regain root, and concurrent cross-build isolation were demonstrated
+- **Phase 2.3** success criteria were met on the prototype track:
+  - a working `/frx/store` equivalent was established
+  - content-addressed demo store items were created and consumed
+  - unprivileged read vs. privileged write behavior was validated
+  - garbage-collection behavior over rooted references was demonstrated
+
+Important scope note:
+
+- this completes the **core daemon architecture adaptation** milestone, not a full Guix-daemon port
+- the separate real-checkout blocker from Phase 1 remains relevant for later integration work:
+  - `./pre-inst-env guix --version` still fails with `Wrong type to apply: #<syntax-transformer leave-on-EPIPE>`
+- however, that runtime issue no longer blocks the specific Phase 2 architectural deliverables because the jail, privilege, and store assumptions have now been validated independently on FreeBSD
+
+Recent commits:
+
+- `e380e88` — `Add FreeBSD Guile verification harness`
+- `cd721b1` — `Update progress after Guile verification`
+- `27916cb` — `Diagnose Guile subprocess crash on FreeBSD`
+- `02f7a7f` — `Validate local Guile fix on FreeBSD`
+- `4aebea4` — `Add native GNU Hello FreeBSD build harness`
+- `c944cdb` — `Validate Guix builder phases on FreeBSD`
+- `0a2e48e` — `Validate GNU which builder phases on FreeBSD`
+- `245a47d` — `Document gaps to real Guix FreeBSD builds`
+- `d62e9b0` — `Investigate Guix derivation generation on FreeBSD`
+- `c0a85ed` — `Build local Guile-GnuTLS on FreeBSD`
+- `15b9037` — `Build local Guile-Git on FreeBSD`
+- `47d31e8` — `Build local Guile-JSON on FreeBSD`
+- `d82195b` — `Advance Guix checkout on FreeBSD`
+- `9bf3d30` — `Document FreeBSD syscall mapping`
+- `7621798` — `Prototype FreeBSD jail build isolation`
+- `d65b2af` — `Prototype FreeBSD build user isolation`
+
+Next recommended step:
+
+1. begin Phase 3.1 by adapting Guix build-system expectations to the now-validated jail/privilege/store model on FreeBSD
+2. carry forward the concrete real-checkout runtime blocker for later integration work:
+  - investigate the `leave-on-EPIPE` failure in `./pre-inst-env guix --version`
+3. continue using `/frx/store` rather than `/gnu/store` for FreeBSD store experiments