This change adds a method to check on-disk cache consistency and destroy inconsistent entries as they are encountered. This primarily helps verify artifact implementation correctness, but can also repair a cache that got into an inconsistent state from curing a misbehaving artifact, without having to destroy the entire cache.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This makes the checksum consistent with the final resting state of artifact directories without incurring the cost of an extra pair of chown syscalls.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This allows for more flexibility during implementation. The use case that required this was for expanding single directory tarballs.
Signed-off-by: Ophestra <cat@gensokyo.uk>
The previous implementation exposes arbitrary user input to the cache as an identifier, which is highly error-prone and can cause the cache to enter an inconsistent state if the user is not careful. This change replaces the implementation to compute identifier late, using url string as params.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This moves all cache I/O code to Cache. Artifact now only contains methods for constructing their actual contents.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This must be writable to enable renaming, and the final result is conventionally read-only alongside the entire directory contents. This change overrides the permission bits as part of Store.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This is still not ideal as it makes entry into Store sequential. This will be improved after more usage code is written.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This works on any directories and should be robust against any bad state the artifact curing process might have failed at.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This provides infrastructure for computing a deterministic identifier based on current artifact kind, opaque parameters data, and optional dependency kind and identifiers.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This makes the decoder safe against untrusted input without hurting performance for a trusted stream. This should still not be called against untrusted input though.
Signed-off-by: Ophestra <cat@gensokyo.uk>
The fact that Gob serialisation is deterministic is an implementation detail. This change replaces Gob with a simple custom format.
Signed-off-by: Ophestra <cat@gensokyo.uk>
The interface provided by net is not used here and is a leftover from a previous implementation. This change removes it.
Signed-off-by: Ophestra <cat@gensokyo.uk>
The interface does not expose underlying kernel notification mechanisms. This change removes the need to poll in situations were the next call might block.
This is made cumbersome by the SyscallConn interface left over from a previous implementation, it will be replaced in a later commit as the current implementation does not make use of any net.Conn methods other than Close.
Signed-off-by: Ophestra <cat@gensokyo.uk>
When returned wrapped as a syscall error, these are impossible to recover from, so wrap them as a fatal error.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This no longer exposes the pipewire socket to the container, and instead mediates access via pipewire-pulse. This makes insecure parts of the protocol inaccessible as explained in the doc comment in hst.
Closes#29.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This is a private work directory owned by the specific shim. Useful for sockets owned by this instance of the shim and requires no direct assistance from the priv-side process.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This method can result in an error targeting it, so it is handled here. This change also causes a call to Create to also Core::Sync, as it should have done.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This proxy can be destroyed by sending a Core::Destroy targeting it. This change implements the Destroy method by embedding destructible.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This change reorders and groups struct elements. This improves readability since this struct holds a lot of state loosely related to each other.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This change also implements pending destructible check on Sync. Destruction method should always be implemented as a wrapper of destructible.destroy.
Signed-off-by: Ophestra <cat@gensokyo.uk>
Nothing uses this right now, this would have to be called by wrapper methods on Registry that would search the objects
Signed-off-by: Ophestra <cat@gensokyo.uk>
This now calls unmarshalCheckTypeBounds to advance to the next message. Additionally, handling for None value is relocated to a function for reuse by other types.
Signed-off-by: Ophestra <cat@gensokyo.uk>
Receiving this event indicates something has gone terribly wrong somehow, and ignoring Core::BoundProps causes inconsistent state anyway.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This is emitted by the server when a proxy id is removed for any reason. Currently, the only path for this to be emitted is when a global object is destroyed while some proxy is still bound to it.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This flushes message buffer before queueing the event expecting the error. Since this is quite useful and relatively complex, it is relocated to a method of Context.
Signed-off-by: Ophestra <cat@gensokyo.uk>
