096a25ad3a
cmd/mbf: dump IR of artifact presets
...
This exposes IR outside test cases, useful for verifying correctness of alternative IR emitters.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2026-02-07 17:21:43 +09:00
7877b4e627
cmd/mbf: print extra stage3 information
...
This includes ident of all three stages and the matching checksum if check is passing.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2026-02-02 18:33:16 +09:00
b26bc05bb0
internal/rosa: remove unused receiver
...
This returns the preset itself, it is up to the caller to load the underlying artifact.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2026-01-29 17:52:50 +09:00
e76bc6a13a
internal/rosa: resolve preset by name
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2026-01-28 20:57:51 +09:00
66118ba941
internal/rosa: gawk artifact
...
Replaces broken awk in busybox.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2026-01-28 01:22:42 +09:00
f1758a6fa8
internal/rosa: nss artifacts
...
Not used by anything for now, but will be part of Rosa OS.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2026-01-27 08:17:58 +09:00
88aaa4497c
internal/rosa/hakurei: dist tarball
...
The patch will be removed in the next release.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2026-01-27 07:34:45 +09:00
18918d9a0d
internal/rosa: fuse artifact
...
Required by hakurei for sharefs.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2026-01-27 05:34:42 +09:00
380ca4e022
internal/rosa: pytest artifact
...
Required by libfuse. This pulls in many dependencies.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2026-01-27 05:20:37 +09:00
50153788ef
internal/rosa: hakurei artifact
...
This does not yet have fuse from staging. Everything else works perfectly, though.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2026-01-27 02:24:49 +09:00
c84fe63217
internal/rosa: various X artifacts
...
Required by xcb which is required by hakurei.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2026-01-27 02:02:49 +09:00
0bd6a18326
internal/rosa: acl artifact
...
Required by hakurei.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2026-01-26 07:38:56 +09:00
504f5d28fe
internal/rosa: libseccomp artifact
...
Required by hakurei.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2026-01-26 05:28:36 +09:00
3eadd5c580
internal/rosa: gperf artifact
...
Required by libseccomp.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2026-01-26 05:25:39 +09:00
4d29333807
internal/rosa: wayland-protocols artifact
...
Required by hakurei.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2026-01-26 05:13:30 +09:00
e1533fa4c6
internal/rosa: wayland artifact
...
Required by hakurei.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2026-01-26 05:10:35 +09:00
9a74d5273d
internal/rosa: libgd artifact
...
Required by graphviz which is required by wayland.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2026-01-26 04:20:11 +09:00
fecb963e85
internal/rosa: libxml2 artifact
...
Required by wayland. Release tarball is xz only, unfortunately.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2026-01-26 03:47:42 +09:00
cd9da57f20
internal/rosa: libexpat artifact
...
Required by wayland.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2026-01-26 03:15:25 +09:00
c6a95f5a6a
internal/rosa: meson artifact
...
Required by wayland and pipewire.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2026-01-26 03:03:21 +09:00
228489371d
internal/rosa: setuptools artifact
...
Apparently the only way to install python stuff offline.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2026-01-26 02:28:47 +09:00
490471d22b
cmd/mbf: verbose by default
...
It usually does not make sense to use this without verbose.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2026-01-26 02:12:56 +09:00
763d2572fe
internal/rosa: pkg-config artifact
...
Used by hakurei and many other programs.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2026-01-26 01:26:54 +09:00
3224a7da63
cmd/mbf: disable threshold by default
...
This is not very useful.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2026-01-26 00:05:59 +09:00
20790af71e
internal/rosa: lazy initialise all artifacts
...
This improves performance, though not as drastically as lazy initialising llvm.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2026-01-25 01:43:18 +09:00
b6a66acfe4
internal/rosa: git artifact
...
This is required by the clang unit and regression tests.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2026-01-21 07:00:14 +09:00
f06d7fd387
cmd/mbf: expose some artifacts for curing
...
This will remain until dist is successfully bootstrapped.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2026-01-21 05:18:08 +09:00
d933234784
internal/pkg: make checksum available to cure
...
This enables deduplication by value as implemented in execArtifact.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2026-01-19 21:29:56 +09:00
1c49c75f95
cmd/mbf: toolchain 3-stage non-determinism check
...
This unfortunately fails right now. Requires further investigation.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2026-01-19 04:40:44 +09:00
2a9525c77a
cmd/mbf: command handling
...
This tool is a frontend for bootstrapping hakurei via internal/pkg. Named mbf for now for "maiden's best friend" as a tribute to the DOOM source port.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2026-01-18 22:19:19 +09:00
c9cd16fd2a
cmd/sharefs: prepare directory early
...
This change also checks against filesystem daemon running as root early.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-12-27 23:17:02 +09:00
e42ea32dbe
nix: configure sharefs via fileSystems
...
Turns out this did not work because in the vm test harness, virtualisation.fileSystems completely and silently overrides fileSystems, causing its contents to not even be evaluated anymore. This is not documented as far as I can tell, and is not obvious by any stretch of the imagination. The current hack is cargo culted from nix-community/impermanence and hopefully lasts until this project fully replaces nix.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-12-27 23:14:08 +09:00
e7982b4ee9
cmd/sharefs: create directory as root
...
This optional behaviour is required on NixOS as it is otherwise impossible to set this up: systemd.mounts breaks startup order somehow even though my unit looks identical to generated ones, fileSystems does not support any kind of initialisation or ordering other than against other mount points.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-12-27 22:14:33 +09:00
ef1ebf12d9
cmd/sharefs: handle mount -t fuse.sharefs
...
This should have been handled in a custom option parsing function, but that much extra complexity is unnecessary for this edge case. Honestly I do not know why libfuse does not handle this itself.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-12-27 20:49:27 +09:00
775a9f57c9
cmd/sharefs: check option parsing behaviour
...
This change makes it possible to check parseOpts behaviour as part of Go tests.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-12-27 17:33:12 +09:00
2f8ca83376
cmd/sharefs: containerise filesystem daemon
...
This replaces the forking daemonise libfuse function which prevents Go callbacks from calling into the runtime. This also enforces least privilege on the daemon process.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-12-27 10:16:35 +09:00
2e5362e536
cmd/sharefs: opaque setup state
...
This allows unrestricted use of the type system and prepares setup code for cross-process initialisation.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-12-27 04:14:00 +09:00
6d3bd27220
cmd/sharefs: expand fuse_main
...
This change should not change behaviour other than making output more consistent.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-12-27 02:30:28 +09:00
a27305cb4a
cmd/sharefs: improve help message
...
This improves consistency with the fuse_main help message.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-12-27 02:20:41 +09:00
0e476c5e5b
cmd/sharefs: allocate sharefs_private early
...
This also removes global state used by sharefs_init.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-12-26 08:08:41 +09:00
b77c1ecfdb
cmd/sharefs/test: check option handling
...
This verifies behaviour related to setuid/setgid when starting as root.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-12-26 05:28:45 +09:00
d597592e1f
cmd/sharefs: rename fuse-helper to fuse-operations
...
This is not really just library wrapper functions, but instead implements the callbacks, so fuse-operations makes more sense.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-12-26 03:19:32 +09:00
056f5b12d4
cmd/sharefs: move translate_pathname body to macro wrapper
...
This is never called directly anywhere and it is simple enough to be included in the macro. This avoids passing the pointer around and dereferencing errno location, resulting in over 5% increase in throughput on the clang build. No change in the gcc build though.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-12-26 02:10:59 +09:00
da2bb546ba
cmd/sharefs: remove readlink
...
This filesystem does not support symbolic links, so readlink is not useful, and unreachable in this case because of the check in getattr.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-12-25 06:00:58 +09:00
7bfbd59810
cmd/sharefs: implement shared filesystem
...
This is for passing files between applications, similar to android /sdcard.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-12-25 05:13:02 +09:00
54610aaddc
internal/outcome: expose pipewire via pipewire-pulse
...
This no longer exposes the pipewire socket to the container, and instead mediates access via pipewire-pulse. This makes insecure parts of the protocol inaccessible as explained in the doc comment in hst.
Closes #29 .
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-12-15 12:57:06 +09:00
ebc67bb8ad
nix: update flake lock
...
NixOS 25.11 introduces a crash in cage and an intermittent crash in foot.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-12-12 08:39:55 +09:00
d5fb179012
cmd/hakurei: exec instead of fork/exec from shell
...
There is no reason to keep the shell process around.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-12-08 22:29:41 +09:00
87781c7658
treewide: include PipeWire op and enforce PulseAudio check
...
This fully replaces PulseAudio with PipeWire and enforces the PulseAudio check and error message. The pipewire-pulse daemon is handled in the NixOS module.
Closes #26 .
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-12-08 08:53:04 +09:00
422efcf258
hst: check for insecure PulseAudio enablement
...
This is currently still a noop, but required for #26 .
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-12-08 03:13:02 +09:00
