maemachinebroke/hakurei
1
0
Fork 0
forked from rosa/hakurei
Code Pull Requests Activity
2,461 Commits 7 Branches 12 Tags
b18ecf58326f9048afca885e2bf56d516578b1e4
Commit Graph

2461 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
cat 4f4c690d38 fortify: move json indent call 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-21 19:06:25 +09:00
cat df7f692e61 fortify: move show formatting out of main 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-21 18:33:30 +09:00
cat 7a8b625a57 app: rename /fortify to /.fortify 
Also removed the inner share tmpfs mount.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-21 18:11:32 +09:00
cat 8bf12bbe68 nix: clear terminal prior to screenshot 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-21 18:04:17 +09:00
cat f8c3d53327 nix: test pulseaudio pass through 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-21 17:58:14 +09:00
cat 74fe74e6b5 app: do not fail on missing cookie 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-21 17:56:21 +09:00
cat ed8ee5eb4b nix: filter nix files from src 
This prevents constant rebuilds when debugging integration tests.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-21 17:39:42 +09:00
cat af4d92b785 nix: test dbus proxy 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-21 14:19:50 +09:00
cat ce04dd52ca nix: background go test 
Go test takes significant time.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-21 13:58:57 +09:00
cat 3d042f4992 nix: remove workspace switching 
Switching workspaces does not test anything and introduces unnecessary wait time.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-21 13:52:05 +09:00
cat 68660a2ad4 fortify: config/state pretty-print subcommand 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-21 12:29:04 +09:00
cat b9cc318314 system: implement Enablements String method 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-20 23:21:19 +09:00
cat ed10574dea state: store join util 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-20 19:05:39 +09:00
cat 195b717e01 release: 0.2.5 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-20 00:28:48 +09:00
cat df6fc298f6 migrate to git.gensokyo.uk/security/fortify 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-20 00:20:02 +09:00
cat eae3034260 state: expose aids and use instance id as key 
Fortify state store instances was specific to aids due to outdated design decisions carried over from the ego rewrite. That no longer makes sense in the current application, so the interface now enables a single store object to manage all transient state.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-19 21:36:17 +09:00
cat 5ea7333431 fst: implement app id parser 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-19 18:19:47 +09:00
cat f796622c35 state: rename simple store implementation 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-19 11:48:48 +09:00
cat 5d25bee786 fortify: remove systemd check 
This is no longer necessary as fortify no longer integrates with external user switchers.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-19 11:14:31 +09:00
cat b48ece3bb0 acl: use test-managed tmpdir 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-19 11:08:13 +09:00
cat 9f95f60400 release: 0.2.4 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-18 23:52:52 +09:00
cat 90dd57f75d workflows: cache nix store 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-18 23:38:39 +09:00
cat 141f2e3685 workflows: cache apt packages 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-18 23:05:28 +09:00
cat 73aa285e8f workflows: upload nixos test output 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-18 20:32:40 +09:00
cat 6e87fc02dd workflows: build and upload test distribution 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-18 20:28:35 +09:00
cat 52f21a19f3 cmd/fshim: switch to setup pipe 
The socket-based approach is no longer necessary as fsu allows extra files and sudo compatibility is no longer relevant.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-18 19:39:25 +09:00
cat 7be53a2438 cmd/fshim: switch to generic setup func 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-18 17:20:31 +09:00
cat 7f29b37a32 proc: setup payload send 
Generic setup payload encoder adapted from fshim.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-18 17:20:01 +09:00
cat f69e8e753e cmd/finit: switch to generic receive func 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-18 16:49:19 +09:00
cat ef8fd37e9d proc: setup payload receive 
Generic implementation of setup payload receiver adapted from finit.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-18 16:48:41 +09:00
cat 2f676c9d6e fst: rename from fipc 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-18 15:50:46 +09:00
cat bbace8f84b nix: increase cpu count 
This improves performance, especially when kvm is inaccessible.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-18 15:32:52 +09:00
cat 2efedf56c0 nix: collect fortify ps output 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-18 13:48:39 +09:00
cat b752ec4468 fipc: export config struct 
Also store full config as part of state.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-18 13:45:55 +09:00
cat 5d00805a7c nix: check acl rollback 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-18 12:49:32 +09:00
cat 7b6052a473 nix: run Go tests in nixos 
Nix build environment does not support ACLs in any filesystem. This allows acl tests to run.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-17 21:16:55 +09:00
cat 38653c6ab5 release: 0.2.3 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-17 14:06:17 +09:00
cat b5cbbeab90 dist: generate distribution tarball 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-17 14:02:54 +09:00
cat c3ba0c3cce nix: rename nixos test 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-17 13:02:12 +09:00
cat b453f70ca2 cmd/fsu: check uid range before syscall 
This limits potential exploits to the fortify uid range.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-17 13:01:36 +09:00
cat c2b178e626 xcb: refactor and clean up 
No clean way to write Go tests for this package. Will rely on NixOS tests for now.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-17 12:46:36 +09:00
cat aeda40fc92 nix: test x11 permissive defaults 
Also invoke glinfo/wayland-info as part of tests.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-17 12:40:29 +09:00
cat 65dc39956f workflows: set action names 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-17 11:12:39 +09:00
cat 35505c8a26 workflows: invoke nix flake checks 
Integration tests are implemented as nix flake checks.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-17 10:49:43 +09:00
cat 3f993021f8 nix: permissive defaults nixos test 
Adapted from nixos sway integration tests.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-16 22:56:10 +09:00
cat 4d3bd5338f nix: implement flake checks 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-16 20:54:28 +09:00
cat 138666d753 nix: skip acl test 
The nix build environment does not support ACLs.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-16 19:29:01 +09:00
cat f4628e181b acl: create test file in tmpdir 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-16 18:58:09 +09:00
cat c8a90666c5 acl: refactor and clean up 
Move all C code to c.go, switch to pkg-config, set up finalizer for acl.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-16 18:27:19 +09:00
cat ee41b37606 acl: add tests 
These tests test UpdatePerm correctness by parsing getfacl output.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-16 16:00:31 +09:00