maemachinebroke/hakurei
1
0
Fork 0
forked from rosa/hakurei
Code Pull Requests Activity
2,436 Commits 7 Branches 12 Tags
42cea1e7c6d1ea0658e6b4d2a1f12f98b9c0dd22
Commit Graph

2436 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
cat aef847b5ae helper/bwrap: fix typo in --dir config builder 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-27 15:34:43 +09:00
cat 0a2aa5823b cmd/fshim: bind finit inside sandbox 
The outer finit executable is normally inaccessible inside the sandbox. This was obscured by the current Nix-based setup exposing /nix/store to the sandbox.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-27 14:44:57 +09:00
cat b956ce4052 ldd: trim leading and trailing white spaces from name 
Glibc emits ldd output with \t prefix for formatting. Remove that here.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-26 16:53:01 +09:00
cat dc579dc610 dbus/run: bind ldd entry absolute name 
The ld.so entry has an absolute name. They are usually symlinks so binding path does not guarantee ld.so availability under its expected path in the mount namespace.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-26 16:36:03 +09:00
cat ade57c39af ldd: add fhs glibc test case 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-26 16:33:02 +09:00
cat 614ad86a5b dbus: fail on LookPath error 
An absolute path to xdg-dbus-proxy is required.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-26 16:08:48 +09:00
cat 831dc6a181 dist: create checksum in dist directory 
This makes verification easier.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-26 15:14:35 +09:00
cat c67b8ab9ac fst/config: improve correctness of comments 
The meanings of many of these fields have changed since they were added.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-26 00:45:29 +09:00
cat 7c5aaa38e2 dist: include zsh completion 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-25 23:41:54 +09:00
cat b52b1a5f90 dist/install: do not replace existing fsurc 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-25 23:37:15 +09:00
cat 9fc82d67b7 fortify/parse: accept config stream fd 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-23 20:09:07 +09:00
cat 70bffeaa1e fortify: clean up config loading 
Move duplicate code to function. Also handle - as config from stdin.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-23 17:57:54 +09:00
cat c109ac2653 release: 0.2.7 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-22 13:34:50 +09:00
cat 58f8731b2e nix: include fortify show output 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-22 13:28:21 +09:00
cat 8a9ba5e0ad fortify: show short mode omit filesystems 
Filesystem information can be quite noisy in permissive defaults.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-22 13:20:33 +09:00
cat f608f28a6a app: mount /dev/kvm in permissive defaults 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-22 12:37:24 +09:00
cat aecfae1874 fortify: sort by time of start 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-22 12:06:54 +09:00
cat 27f2b53d18 fortify: sort ps output 
This ensures consistency between runs.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-22 11:59:53 +09:00
cat 5838963265 nix: test dbus via notify-send 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-22 11:31:12 +09:00
cat e8594cf670 fortify: print short instance id in non-json short mode 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-22 11:02:19 +09:00
cat 5c73acb56f release: 0.2.6 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-22 01:18:21 +09:00
cat 76ca2a92ee nix: check state store contents 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-22 01:10:48 +09:00
cat f2869c4235 fortify: serialise ps with string as key 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-21 23:52:48 +09:00
cat bf11241649 fortify: zsh complete show instance list 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-21 21:13:53 +09:00
cat cb98baa19d fortify: clean up ps formatting code 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-21 20:34:40 +09:00
cat 4f4c690d38 fortify: move json indent call 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-21 19:06:25 +09:00
cat df7f692e61 fortify: move show formatting out of main 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-21 18:33:30 +09:00
cat 7a8b625a57 app: rename /fortify to /.fortify 
Also removed the inner share tmpfs mount.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-21 18:11:32 +09:00
cat 8bf12bbe68 nix: clear terminal prior to screenshot 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-21 18:04:17 +09:00
cat f8c3d53327 nix: test pulseaudio pass through 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-21 17:58:14 +09:00
cat 74fe74e6b5 app: do not fail on missing cookie 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-21 17:56:21 +09:00
cat ed8ee5eb4b nix: filter nix files from src 
This prevents constant rebuilds when debugging integration tests.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-21 17:39:42 +09:00
cat af4d92b785 nix: test dbus proxy 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-21 14:19:50 +09:00
cat ce04dd52ca nix: background go test 
Go test takes significant time.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-21 13:58:57 +09:00
cat 3d042f4992 nix: remove workspace switching 
Switching workspaces does not test anything and introduces unnecessary wait time.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-21 13:52:05 +09:00
cat 68660a2ad4 fortify: config/state pretty-print subcommand 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-21 12:29:04 +09:00
cat b9cc318314 system: implement Enablements String method 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-20 23:21:19 +09:00
cat ed10574dea state: store join util 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-20 19:05:39 +09:00
cat 195b717e01 release: 0.2.5 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-20 00:28:48 +09:00
cat df6fc298f6 migrate to git.gensokyo.uk/security/fortify 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-20 00:20:02 +09:00
cat eae3034260 state: expose aids and use instance id as key 
Fortify state store instances was specific to aids due to outdated design decisions carried over from the ego rewrite. That no longer makes sense in the current application, so the interface now enables a single store object to manage all transient state.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-19 21:36:17 +09:00
cat 5ea7333431 fst: implement app id parser 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-19 18:19:47 +09:00
cat f796622c35 state: rename simple store implementation 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-19 11:48:48 +09:00
cat 5d25bee786 fortify: remove systemd check 
This is no longer necessary as fortify no longer integrates with external user switchers.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-19 11:14:31 +09:00
cat b48ece3bb0 acl: use test-managed tmpdir 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-19 11:08:13 +09:00
cat 9f95f60400 release: 0.2.4 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-18 23:52:52 +09:00
cat 90dd57f75d workflows: cache nix store 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-18 23:38:39 +09:00
cat 141f2e3685 workflows: cache apt packages 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-18 23:05:28 +09:00
cat 73aa285e8f workflows: upload nixos test output 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-18 20:32:40 +09:00
cat 6e87fc02dd workflows: build and upload test distribution 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-18 20:28:35 +09:00