robin/src-tauri/patterns/dualboot-macos.toml

[meta]
source_os = "supplement"
target_distro_family = "any"

# Supplementary patterns for users dual-booting macOS alongside any Linux distro.
# These patterns cover coexistence-specific issues unique to Apple hardware.
# This file is merged on top of the primary migration pattern file.

[log_paths]

# ── Apple T2 / Secure Boot ────────────────────────────────────────────────────

[[patterns]]
id       = "t2-secure-boot"
sources  = ["kmsg", "journald"]
match_text = "Secure Boot"
severity = "warn"
title    = "Apple T2 Secure Boot blocking Linux"
body     = "Intel Macs with a T2 chip require Secure Boot to be disabled before Linux can boot. Boot into macOS Recovery (hold Cmd+R at startup) -> Utilities -> Startup Security Utility -> set Secure Boot to 'No Security' and allow booting from external media. Apple Silicon (M1/M2) Macs cannot dual-boot Linux at all — see Asahi Linux for the current state."

[[patterns]]
id       = "apple-wifi-firmware"
sources  = ["kmsg"]
match_text = "brcmfmac: brcmf_fw_alloc_request"
severity = "warn"
title    = "Apple WiFi firmware not loading"
body     = "Broadcom WiFi chips in Macs need proprietary firmware. Extract it from the macOS partition: mount your macOS partition and copy from /Volumes/Macintosh HD/usr/share/firmware/wifi/ — or install apple-firmware-wifi (check your distro's AUR or repos)."

# ── HFS+ / APFS ───────────────────────────────────────────────────────────────

[[patterns]]
id       = "apfs-not-mounted"
sources  = ["journald"]
match_text = "apfs: module not found"
severity = "info"
title    = "macOS APFS partition not readable"
body     = "Linux can't read APFS (macOS's filesystem) natively. To access files: sudo apt install apfs-fuse (Debian) or paru -S apfs-fuse-git (Arch). Mount: apfs-fuse /dev/sdXN /mnt/mac — read-only access only."

[[patterns]]
id       = "hfsplus-not-mounted"
sources  = ["journald"]
match_text = "hfsplus: Journal not clean"
severity = "warn"
title    = "HFS+ partition not cleanly unmounted"
body     = "The macOS HFS+ partition (older Macs) wasn't unmounted cleanly. Mount in macOS and run Disk Utility -> First Aid to fix it. Or force Linux mount: sudo mount -o force /dev/sdXN /mnt/mac"

# ── rEFInd / boot manager ────────────────────────────────────────────────────

[[patterns]]
id       = "refind-missing"
sources  = ["journald"]
match_text = "Boot0001"
severity = "info"
title    = "EFI boot entry may be missing"
body     = "macOS may have reset the EFI boot order after an update, removing the Linux entry. rEFInd is the recommended boot manager for Mac dual-boot: it auto-detects both macOS and Linux. Install: sudo refind-install — or reinstall GRUB EFI and re-add it with efibootmgr."

# ── Clock skew ────────────────────────────────────────────────────────────────

[[patterns]]
id       = "rtc-time-wrong"
sources  = ["journald"]
match_text = "RTC time"
severity = "info"
title    = "System clock drifted after macOS boot"
body     = "macOS stores the hardware clock in local time; Linux stores it in UTC. This causes clock drift in dual-boot. Fix in Linux: timedatectl set-local-rtc 0 — then set macOS to UTC by running in Terminal: sudo systemsetup -setusingnetworktime off && sudo systemsetup -settime $(date -u +%H:%M:%S)"

[[patterns]]
id       = "slow-boot-network-wait"
sources  = ["journald"]
match_text = "Failed to start Network Wait Online"
severity = "warn"
title    = "Boot is slow: waiting for network"
body     = "systemd is waiting for a full network connection before finishing boot. This is almost never needed on a desktop or laptop. Disable it: sudo systemctl disable systemd-networkd-wait-online.service NetworkManager-wait-online.service — then reboot. Unlike Windows, Linux lets you disable any boot step that isn't relevant to your setup."

[[patterns]]
id       = "slow-boot-device-timeout"
sources  = ["journald"]
match_text = "Timed out waiting for device"
severity = "warn"
title    = "Boot is slow: a device that no longer exists"
body     = "systemd is waiting for a disk, partition, or device that isn't connected. Common cause: /etc/fstab has an entry for an external drive or old partition. Check: cat /etc/fstab — look for lines pointing to drives that aren't always connected. Add the 'nofail' option to make them optional: UUID=xxx /mnt/point type defaults,nofail 0 0. Or comment the line out with #."

[[patterns]]
id       = "slow-boot-long-running-job"
sources  = ["journald"]
match_text = "A start job is running for"
severity = "info"
title    = "A service is taking a long time to start"
body     = "A background service is taking longer than expected during boot. To find what's slowing your startup: open a terminal after booting and run: systemd-analyze blame — the top entries are the biggest contributors. For a visual timeline saved to a file: systemd-analyze plot > ~/boot-profile.svg — then open the SVG in a browser."

# ── SSH / remote access ───────────────────────────────────────────────────────

[[patterns]]
id       = "ssh-permissions-key"
sources  = ["journald"]
match_text = "WARNING: UNPROTECTED PRIVATE KEY FILE"
severity = "warn"
title    = "SSH key permissions are too open"
body     = "Your SSH private key is readable by other users on this system — SSH refuses to use it as a security measure. Fix: chmod 600 ~/.ssh/id_rsa (replace id_rsa with the key filename shown in the error). Also lock the directory: chmod 700 ~/.ssh. This is different from Windows where file permissions are mostly advisory."

# ── Flatpak ───────────────────────────────────────────────────────────────────

[[patterns]]
id       = "flatpak-missing-runtime"
sources  = ["journald"]
match_text = "error: runtime/org."
severity = "warn"
title    = "Flatpak app is missing a runtime"
body     = "A Flatpak app can't find a required runtime (a shared set of libraries). Update all runtimes first: flatpak update — if that doesn't fix it, reinstall the app: flatpak install flathub com.example.AppName. Flatpak runtimes are like Windows runtime packages (VC++ Redistributable) but for Linux apps."