hakurei

Author	SHA1	Message	Date
cat	195b717e01	release: 0.2.5 Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-20 00:28:48 +09:00
cat	df6fc298f6	migrate to git.gensokyo.uk/security/fortify Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-20 00:20:02 +09:00
cat	eae3034260	state: expose aids and use instance id as key Fortify state store instances was specific to aids due to outdated design decisions carried over from the ego rewrite. That no longer makes sense in the current application, so the interface now enables a single store object to manage all transient state. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-19 21:36:17 +09:00
cat	5ea7333431	fst: implement app id parser Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-19 18:19:47 +09:00
cat	f796622c35	state: rename simple store implementation Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-19 11:48:48 +09:00
cat	5d25bee786	fortify: remove systemd check This is no longer necessary as fortify no longer integrates with external user switchers. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-19 11:14:31 +09:00
cat	b48ece3bb0	acl: use test-managed tmpdir Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-19 11:08:13 +09:00
cat	9f95f60400	release: 0.2.4 Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 23:52:52 +09:00
cat	90dd57f75d	workflows: cache nix store Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 23:38:39 +09:00
cat	141f2e3685	workflows: cache apt packages Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 23:05:28 +09:00
cat	73aa285e8f	workflows: upload nixos test output Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 20:32:40 +09:00
cat	6e87fc02dd	workflows: build and upload test distribution Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 20:28:35 +09:00
cat	52f21a19f3	cmd/fshim: switch to setup pipe The socket-based approach is no longer necessary as fsu allows extra files and sudo compatibility is no longer relevant. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 19:39:25 +09:00
cat	7be53a2438	cmd/fshim: switch to generic setup func Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 17:20:31 +09:00
cat	7f29b37a32	proc: setup payload send Generic setup payload encoder adapted from fshim. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 17:20:01 +09:00
cat	f69e8e753e	cmd/finit: switch to generic receive func Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 16:49:19 +09:00
cat	ef8fd37e9d	proc: setup payload receive Generic implementation of setup payload receiver adapted from finit. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 16:48:41 +09:00
cat	2f676c9d6e	fst: rename from fipc Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 15:50:46 +09:00
cat	bbace8f84b	nix: increase cpu count This improves performance, especially when kvm is inaccessible. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 15:32:52 +09:00
cat	2efedf56c0	nix: collect fortify ps output Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 13:48:39 +09:00
cat	b752ec4468	fipc: export config struct Also store full config as part of state. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 13:45:55 +09:00
cat	5d00805a7c	nix: check acl rollback Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 12:49:32 +09:00
cat	7b6052a473	nix: run Go tests in nixos Nix build environment does not support ACLs in any filesystem. This allows acl tests to run. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-17 21:16:55 +09:00
cat	38653c6ab5	release: 0.2.3 Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-17 14:06:17 +09:00
cat	b5cbbeab90	dist: generate distribution tarball Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-17 14:02:54 +09:00
cat	c3ba0c3cce	nix: rename nixos test Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-17 13:02:12 +09:00
cat	b453f70ca2	cmd/fsu: check uid range before syscall This limits potential exploits to the fortify uid range. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-17 13:01:36 +09:00
cat	c2b178e626	xcb: refactor and clean up No clean way to write Go tests for this package. Will rely on NixOS tests for now. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-17 12:46:36 +09:00
cat	aeda40fc92	nix: test x11 permissive defaults Also invoke glinfo/wayland-info as part of tests. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-17 12:40:29 +09:00
cat	65dc39956f	workflows: set action names Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-17 11:12:39 +09:00
cat	35505c8a26	workflows: invoke nix flake checks Integration tests are implemented as nix flake checks. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-17 10:49:43 +09:00
cat	3f993021f8	nix: permissive defaults nixos test Adapted from nixos sway integration tests. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-16 22:56:10 +09:00
cat	4d3bd5338f	nix: implement flake checks Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-16 20:54:28 +09:00
cat	138666d753	nix: skip acl test The nix build environment does not support ACLs. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-16 19:29:01 +09:00
cat	f4628e181b	acl: create test file in tmpdir Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-16 18:58:09 +09:00
cat	c8a90666c5	acl: refactor and clean up Move all C code to c.go, switch to pkg-config, set up finalizer for acl. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-16 18:27:19 +09:00
cat	ee41b37606	acl: add tests These tests test UpdatePerm correctness by parsing getfacl output. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-16 16:00:31 +09:00
cat	e3f1d7ba60	release: 0.2.2 Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-07 21:47:22 +09:00
cat	39e3ac3ccd	nix: require /etc/userdb nix-daemon There seems to be some kind of credential caching in nix-daemon. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-07 21:07:57 +09:00
cat	33c95b80ca	cmd/fuserdb: rename home directories Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-07 20:23:46 +09:00
cat	40cc8a68d1	nix: rename home directories Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-07 20:15:37 +09:00
cat	f773c92411	system: prevent duplicate Wayland op Wayland is implemented as an Op to enforce dependency and cleanup, its implementation does not allow multiple instances on a single sys object, nor would doing that make any sense. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-07 19:45:37 +09:00
cat	16ab734fcd	update README document A lot of this information is no longer true since fsu. Remove them for now and write up proper documentation later. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-06 17:04:36 +09:00
cat	cc816a1aaa	proc: cleaner extra files Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-06 16:05:04 +09:00
cat	b3ef53b193	app: integrate security-context-v1 Should be able to get rid of XDG_RUNTIME_DIR share after this. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-06 04:25:33 +09:00
cat	8d0573405a	helper/bwrap: implement sync fd This is required by wayland security-context-v1. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-06 04:21:37 +09:00
cat	38e92edb8e	system/wayland: integrate security-context-v1 Had to pass the sync fd through sys. The rest are just part of a standard Op. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-06 04:20:15 +09:00
cat	2d606b1f4b	wl: implement security-context-v1 Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-06 04:15:13 +09:00
cat	1b5b089c78	fortify: rename --dbus-id to --id This value is no longer specific to D-Bus defaults. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-06 03:26:09 +09:00
cat	6b8ddca7b4	nix: track nixos stable 24.11 Reduce rebuilds during development on my system. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-06 00:44:04 +09:00

... 42 43 44 45 46 ...

2448 Commits