kat/hakurei
1
0
Fork 0
forked from rosa/hakurei
Code Pull Requests Activity
2,062 Commits 2 Branches 14 Tags
b80ea91a42c994b1bcb74d8bcecefc150b899136
Commit Graph

2062 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
cat d8e9d71f87 test/sandbox: check mount outcome 
Do this at the beginning of the test for early failure.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-28 15:56:15 +09:00
cat 558974b996 test/sandbox: assert mntent json 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-28 15:40:58 +09:00
cat 4de4049713 test/sandbox: wrap libc getmntent 
For checking mounts outcome.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-28 14:56:08 +09:00
cat 2d4cabe786 nix: increase nixfmt max width 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-28 14:43:46 +09:00
cat 80f9b62d25 app: print comp values early 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-26 22:27:55 +09:00
cat 673b648bd3 cmd/fpkg: call app in-process 
Wrapping fortify is slow, painful and error-prone. Start apps in-process instead.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-26 19:51:44 +09:00
cat 45ad788c6d cmd/fsu: allow switch from fpkg 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-26 19:42:28 +09:00
cat 56539d8db5 fortify: move internal commands up 
This improves readability.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-26 18:02:11 +09:00
cat 840ceb615a app: handle RunState errors 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-26 17:36:14 +09:00
cat 741d011543 fortify: configure seccomp logger early 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-26 17:19:36 +09:00
cat d050b3de25 app: define errors in a separate file 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-26 17:12:02 +09:00
cat 5de28800ad test: verify fsu ppid check 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-26 16:51:57 +09:00
cat 8e50293ab7 test: remove sway process check 
This eliminates the race where systemd restarts sway too quick.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-26 13:52:44 +09:00
cat 12c6d66bfd cmd/fpkg/test: nixos test fpkg install/start 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-26 13:12:16 +09:00
cat d7d2bd33ed cmd/fpkg/build: expose nixos configuration 
This should be used sparingly as the NixOS closure is in the bootstrap store which compresses rather poorly.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-26 12:31:18 +09:00
cat c21a4cff14 nix: wrap fpkg 
This is usable on nixos now due to the static build.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-26 12:24:04 +09:00
cat 4fa38d6063 cmd/fpkg: use fortify path from internal 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-26 12:16:35 +09:00
cat 6d4ac3d9fd internal: store fortify path in internal 
This now makes more sense due to the changes in build system.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-26 12:03:25 +09:00
cat a5d2f040fb cmd/fpkg/build: run final build step in nix 
This used to be a script that had to be run outside of nix because the sandbox disallows access to nix store state. Turns out closureInfo is the proper way to do that.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-25 23:53:18 +09:00
cat c62689e17f nix: interrupt via tty 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-25 18:20:47 +09:00
cat 39dc8e7bd8 dbus: set process group id 
This stops signals sent by the TTY driver from propagating to the xdg-dbus-proxy process.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-25 18:12:41 +09:00
cat 5a732d153e nix: include fsu sources in dist build 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-25 01:32:47 +09:00
cat b4549c72be nix: verify silent signal exit 
This catches errors in the cleanup process initiated by a signal.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-25 01:22:16 +09:00
cat 1818dc3a4c system/acl: do not fail gone revert target 
A removed file effectively already has its ACLs stripped, so failing this makes no sense. Still print a message to warn about it.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-25 01:11:05 +09:00
cat 65094b63cd system/dbus: filter context cancellation error 
This message would otherwise show up when alternative exit path is taken due to a signal.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-25 00:57:35 +09:00
cat f0a082ec84 fortify: improve handling of RevertErr 
All this error wrapping is getting a bit ridiculous and I might want to do something about that somewhere down the line.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-25 00:45:00 +09:00
cat 751aa350ee nix: exclude files ending in ".py" 
This reduces rebuilds when debugging nixos tests.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-24 17:41:56 +09:00
cat e6cd2bb2a8 cmd/fpkg: integrate command handler 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-23 23:25:12 +09:00
cat 0fb72e5d99 cmd/fpkg/build: prepend extra nix flags 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-23 20:21:09 +09:00
cat 71135f339a release: 0.2.18 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-23 18:52:33 +09:00
cat b6af8caffe nix: clean up directory structure 
Tests for fpkg is going to be in ./cmd/fpkg, so this central tests directory is no longer necessary.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-23 18:48:01 +09:00
cat e1a3549ea0 workflows: separate nixos tests from flake check 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-23 18:34:42 +09:00
cat 8bf162820b nix: separate fsu from package 
This appears to be the only way to build them with different configuration. This enables static linking in the main package.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-23 18:13:37 +09:00
cat dccb366608 ldd: handle behaviour on static executable 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-23 18:02:33 +09:00
cat 83c8f0488b ldd: pass absolute path to bwrap 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-23 17:46:22 +09:00
cat 478b27922c fortify: handle errors via MustParse 
The errSuccess behaviour is kept for beforeExit.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-23 12:57:59 +09:00
cat ba1498cd18 command: filter parse errors 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-23 12:55:10 +09:00
cat eda4d612c2 fortify: keep external files alive 
This should eliminate sporadic failures, like the known double close in "seccomp".

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-23 03:24:37 +09:00
cat 2e7e160683 release: 0.2.17 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-23 02:59:31 +09:00
cat 79957f8ea7 fortify: test help message 
This helps catch regressions in "command".

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-23 02:51:35 +09:00
cat 7e52463445 fortify: integrate command handler 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-23 02:35:02 +09:00
cat 89970f5197 command/flag: implement repeatable flag 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-23 02:25:31 +09:00
cat 35037705a9 command/flag: implement integer flag 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-23 02:02:01 +09:00
cat 647c6ea21b command: hide internal commands 
This marks commands as internal via a magic usage string.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-23 01:36:48 +09:00
cat 416d93e880 command: expose print help 
This is useful for custom help commands.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-23 01:17:57 +09:00
cat 312753924b command: root early handler func special case 
This allows for early initialisation with access to flags on the root node. This can be useful for configuring global state used by subcommands.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-23 00:55:18 +09:00
cat 54308f79d2 command: expose command with direct handling 
This exposes flag set on commands with direct handling.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-23 00:24:03 +09:00
cat dfa3217037 command: implement builder and parser 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-22 23:11:17 +09:00
cat 8000a2febb command: implement help builder 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-22 22:43:37 +09:00
cat 7bd48d3489 command: implement node structure 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-22 20:30:49 +09:00