maemachinebroke/hakurei
1
0
Fork 0
forked from security/hakurei
Code Pull Requests Activity
1,568 Commits 1 Branch 12 Tags
1ac8ca7a80527645000f22a193b4278a12a654c0
Commit Graph

31 Commits

Author SHA1 Message Date
Ophestra
67e453f5c4 dist: run tests 
This used to be impossible due to nix jank which has been addressed.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-01-27 07:00:39 +09:00
Ophestra
d61faa09eb release: 0.3.4 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-01-27 03:56:06 +09:00
Ophestra
993afde840 dist: install sharefs 
This also removes the deprecated hpkg program.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-01-02 00:57:51 +09:00
Ophestra
104eeecf65 cmd/hakurei: add pipewire flag 
This is for "run" command, formerly permissive defaults behaviour.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-12-08 02:39:55 +09:00
Ophestra
be0e387ab0 internal/info: relocate from internal 
This is cleaner and makes more sense. The longer LDFLAGS was never a valid concern since it is always inserted by a script.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-13 07:29:46 +09:00
Ophestra
766dd89ffa internal: clean up build strings 
These names are less ambiguous and should be understandable without reading the source code.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-21 01:49:36 +09:00
Ophestra
699c19e972 hst/container: optional runtime and tmpdir sharing 
Sharing and persisting these directories do not always make sense. Make it optional here.

Closes #16.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-19 04:11:38 +09:00
Ophestra
5bf28901a4 cmd/hsu: check against setgid bit 
The getgroups behaviour is already checked for, but it never hurts to be more careful in a setuid program.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-08 18:22:24 +09:00
Ophestra
ae7b343cde hst: reword and move constants 
These values are considered part of the stable, exported API, so move them to hst.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-05 17:40:32 +09:00
Ophestra
a8a79a8664 cmd/hpkg: rename from planterette 
Planterette is now developed in another repository, so rename this proof of concept to avoid confusion.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-31 23:57:11 +09:00
Ophestra
d2f9a9b83b treewide: migrate to hakurei.app 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-03 03:30:39 +09:00
Ophestra
a1d98823f8 hakurei: move container toplevel 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-02 21:23:55 +09:00
Ophestra
aa454b158f cmd/planterette: remove hsu special case 
Remove special case and invoke hakurei out of process.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-06-25 20:50:24 +09:00
Ophestra
87e008d56d treewide: rename to hakurei 
Fortify makes little sense for a container tool.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-06-25 04:57:41 +09:00
Ophestra
3992073212 dist: move comp to dist 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-06-18 17:01:16 +09:00
Ophestra
673b648bd3 cmd/fpkg: call app in-process 
Wrapping fortify is slow, painful and error-prone. Start apps in-process instead.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-26 19:51:44 +09:00
Ophestra
6d4ac3d9fd internal: store fortify path in internal 
This now makes more sense due to the changes in build system.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-26 12:03:25 +09:00
Ophestra
134247b57d nix: configure target users via nixos 
This makes patching home-manager no longer necessary.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-23 17:04:19 +09:00
Ophestra
7baca66a56 proc: remove duplicate compile-time fortify reference 
This is no longer needed since shim and init are now part of the main program.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-18 11:59:33 +09:00
Ophestra
27d2914286 proc/priv/init: merge init into main program 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-18 11:47:01 +09:00
Ophestra
ea8f228af3 proc/priv/shim: merge shim into main program 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-17 23:43:32 +09:00
Ophestra
b60c01f440 fortify: switch to static linking 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-16 17:32:52 +09:00
Ophestra
ab48706ebe dist: install fpkg to /usr/bin 
This is a high level user-facing tool.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-29 01:04:53 +09:00
Ophestra
e0e2f40e84 cmd/fpkg: app bundle helper 
This helper program creates fortify configuration for running an application bundle. The activate action wraps a home-manager activation package and ensures each generation gets activated once.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-26 13:21:49 +09:00
Ophestra
bf8094c6ca internal: include path to fortify main program 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-26 12:48:48 +09:00
Ophestra
66ec0d882f dist: build with -trimpath 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-28 13:44:05 +09:00
Ophestra
831dc6a181 dist: create checksum in dist directory 
This makes verification easier.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-26 15:14:35 +09:00
Ophestra
7c5aaa38e2 dist: include zsh completion 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-25 23:41:54 +09:00
Ophestra
b52b1a5f90 dist/install: do not replace existing fsurc 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-25 23:37:15 +09:00
Ophestra Umiker
df6fc298f6 migrate to git.gensokyo.uk/security/fortify 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-20 00:20:02 +09:00
Ophestra Umiker
b5cbbeab90 dist: generate distribution tarball 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-17 14:02:54 +09:00