kat/hakurei
1
0
Fork 0
forked from rosa/hakurei
Code Pull Requests Activity
2,021 Commits 6 Branches 14 Tags
b587caf2e863902eb04a6540462db5852fd1a0b5
Commit Graph

2021 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ophestra
b587caf2e8 internal/rosa: assume file source is xz-compressed 
XZ happens to be the only widely-used format that is awful to deal with, everything else is natively supported.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-13 15:07:30 +09:00
Ophestra
f1c2ca4928 internal/rosa/mesa: libdrm artifact 
Required by mesa.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-13 03:27:09 +09:00
Ophestra
0ca301219f internal/rosa/python: pyyaml artifact 
Mesa unfortunately requires this horrible format.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-13 03:18:47 +09:00
Ophestra
e2199e1276 internal/rosa/python: mako artifact 
This unfortunately pulls in platform-specific package.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-13 03:11:38 +09:00
Ophestra
86eacb3208 cmd/mbf: checksum command 
This computes and encodes sha384 checksum of data streamed from standard input.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-13 03:09:21 +09:00
Ophestra
8541bdd858 internal/rosa: wrap per-arch values 
This is cleaner syntax in some specific cases.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-13 02:59:55 +09:00
Ophestra
46be0b0dc8 internal/rosa/nss: buildcatrust 0.4.0 to 0.5.1 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-13 02:18:21 +09:00
Ophestra
cbe37e87e7 internal/rosa/python: pytest 9.0.2 to 9.0.3 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-13 02:18:02 +09:00
Ophestra
66d741fb07 internal/rosa/python: pygments 2.19.2 to 2.20.0 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-13 02:13:04 +09:00
Ophestra
0d449011f6 internal/rosa/python: use predictable URLs 
This is much cleaner and more maintainable than specifying URL prefix manually. This change also populates Anitya project identifiers.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-13 02:08:22 +09:00
Ophestra
46428ed85d internal/rosa/python: url pip wheel helper 
This enables a cleaner higher-level helper.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-13 01:59:28 +09:00
Ophestra
081d6b463c internal/rosa/llvm: libclc artifact 
This is built independently of llvm build system to avoid having to build llvm again.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-12 22:57:04 +09:00
Ophestra
11b3171180 internal/rosa/glslang: glslang artifact 
Required by mesa.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-12 22:34:17 +09:00
Ophestra
adbb84c3dd internal/rosa/glslang: spirv-tools artifact 
Required by glslang.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-12 22:27:49 +09:00
Ophestra
1084e31d95 internal/rosa/glslang: spirv-headers artifact 
Required by spirv-tools.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-12 22:16:29 +09:00
Ophestra
27a1b8fe0a internal/rosa/mesa: libglvnd artifact 
Required by mesa.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-12 21:27:30 +09:00
Ophestra
b2141a41d7 internal/rosa/dbus: xdg-dbus-proxy artifact 
This is currently a hakurei runtime dependency, but will eventually be removed.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-12 19:41:49 +09:00
Ophestra
c0dff5bc87 internal/rosa/gnu: gcc set with-multilib-list as needed 
This breaks riscv64.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-12 18:03:45 +09:00
Ophestra
04513c0510 internal/rosa/gnu: gmp explicit CC 
The configure script is hard coded to use gcc without fallback on riscv64.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-12 17:25:15 +09:00
Ophestra
28ebf973d6 nix: add sharefs supplementary group 
This works around vfs inode file attribute race.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-11 23:28:18 +09:00
Ophestra
41aeb404ec internal/rosa/hakurei: 0.3.7 to 0.4.0 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-11 10:53:29 +09:00
Ophestra
0b1009786f release: 0.4.0 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-11 10:49:43 +09:00
Ophestra
b390640376 internal/landlock: relocate from package container 
This is not possible to use directly, so remove it from the public API.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-10 23:56:45 +09:00
Ophestra
ad2c9f36cd container: unexport PR_SET_NO_NEW_PRIVS wrapper 
This is subtle to use correctly. It also does not make sense as part of the container API.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-10 23:45:51 +09:00
Ophestra
67db3fbb8d check: use encoding interfaces 
This turned out not to require specific treatment, so the shared interfaces are cleaner.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-10 22:11:53 +09:00
Ophestra
560cb626a1 hst: remove enablement json adapter 
The go116 behaviour of built-in new function makes this cleaner.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-10 20:47:30 +09:00
Ophestra
c33a6a5b7e hst: optionally reject insecure options 
This prevents inadvertent use of insecure compatibility features.

Closes #30.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-10 19:34:02 +09:00
Ophestra
952082bd9b internal/rosa/python: 3.14.3 to 3.14.4 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-10 02:38:22 +09:00
Ophestra
24a9b24823 internal/rosa/openssl: 3.6.1 to 3.6.2 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-10 02:38:02 +09:00
Ophestra
c2e61e7987 internal/rosa/libcap: 2.77 to 2.78 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-10 02:37:04 +09:00
Ophestra
86787b3bc5 internal/rosa/tamago: 1.26.1 to 1.26.2 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-10 02:31:57 +09:00
Ophestra
cdfcfe6ce0 internal/rosa/go: 1.26.1 to 1.26.2 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-10 02:18:27 +09:00
Ophestra
68a2f0c240 internal/rosa/llvm: remove unused field 
This change also renames confusingly named flags field and corrects its doc comment.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-10 02:13:26 +09:00
Ophestra
7319c7adf9 internal/rosa/llvm: use latest version on arm64 
This also removes arch-specific patches because they were not useful.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-10 01:07:25 +09:00
Ophestra
e9c890cbb2 internal/rosa/llvm: enable cross compilation 
This now passes the test suite.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-10 00:59:14 +09:00
Ophestra
6f924336fc internal/rosa/llvm: increase stack size 
Some aarch64 regression tests fail intermittently on the default size.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-10 00:56:51 +09:00
Ophestra
bd88f10524 internal/rosa/llvm: 22.1.2 to 22.1.3 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-09 17:36:23 +09:00
Ophestra
e34e3b917e internal/kobject: process uevent message 
This deals with environment variables generally present in every message.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-08 18:00:04 +09:00
Ophestra
b0ba165107 cmd/sharefs: group-accessible permission bits 
This works around the race in vfs via supplementary group.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-08 16:14:47 +09:00
Ophestra
351d6c5a35 cmd/sharefs: reproduce vfs inode file attribute race 
This happens in the vfs permissions check only and stale data appears to never reach userspace.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-08 15:51:36 +09:00
Ophestra
f23f73701c cmd/mbf: optional host abstract 
This works around kernels with Landlock LSM disabled. Does not affect cure outcome.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-07 18:15:49 +09:00
Ophestra
876917229a internal/rosa/go: enable riscv64 bootstrap path 
This is quite expensive, but no other option, unfortunately.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-07 18:11:42 +09:00
Ophestra
0558032c2d container: do not set static deadline 
This usually ends up in the buffer, or completes well before the deadline, however this can still timeout on a very slow system.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-07 17:00:20 +09:00
Ophestra
c61cdc505f internal/params: relocate from package container 
This does not make sense as part of the public API, so make it internal.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-07 16:37:44 +09:00
Ophestra
062edb3487 container: remove setup pipe helper 
The API forces use of finalizer to close the read end of the setup pipe, which is no longer considered acceptable. Exporting this as part of package container also imposes unnecessary maintenance burden.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-07 16:05:33 +09:00
Ophestra
e4355279a1 all: optionally forbid degrading in tests 
This enables transparently degradable tests to be forced on in environments known to support them.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-07 15:22:52 +09:00
Ophestra
289fdebead container: transparently degrade landlock in tests 
Explicitly requiring landlock in tests will be supported in a future change.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-07 15:03:48 +09:00
Ophestra
9c9e190db9 ldd: remove timeout 
The program generally never blocks, and it is more flexible to leave it up to the caller to set a timeout.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-07 14:49:20 +09:00
Ophestra
d7d42c69a1 internal/pkg: transparently degrade landlock in tests 
This does not test package container, so should transparently cope with Landlock LSM being unavailable.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-07 14:44:34 +09:00
Ophestra
c758e762bd container: skip landlock on hostnet 
This overlaps with net namespace, so can be skipped without degrading security.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-07 14:36:44 +09:00