maemachinebroke/hakurei
1
0
Fork 0
forked from rosa/hakurei
Code Pull Requests Activity
2,475 Commits 7 Branches 12 Tags
c661a3b63a6ec6a680338879dccbcb0b6285f6c6
Commit Graph

2475 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
cat ac543a1ce8 dbus: rename makeTestCases 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-12 23:21:28 +09:00
cat e2489059c1 helper/bwrap: implement overlayfs builder 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-05 20:09:35 +09:00
cat 2e3f6a4c51 helper/bwrap: move test out of bwrap package 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-05 19:45:24 +09:00
cat 2162029f46 helper/bwrap: add json struct tag to filesystem 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-05 19:41:04 +09:00
cat a1148edd00 fst/config: allocate filesystem slice 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-04 00:16:41 +09:00
cat 6acd0d4e88 linux/std: handle fsu exit status 1 
Printing "exit status 1" is confusing. This handles the ExitError and returns EACCES instead.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-01 21:34:57 +09:00
cat 35b7142317 fortify: show system info when instance is not specified 
This contains useful information not obtainable by external tools.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-01 19:35:50 +09:00
cat c4d6651cae update reverse-DNS style identifiers 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-31 16:16:38 +09:00
cat 22a4b99674 cmd/fpkg/install: deduplicate nix store 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-30 02:25:04 +09:00
cat 1464ef774b cmd/fpkg: expose nixGL wrappers 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-30 02:02:20 +09:00
cat 66ba4cea5c cmd/fpkg: remove workDir acl from activation 
Activation does not require access to workDir, and by this point all information is available in dataHome.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-29 23:48:45 +09:00
cat f8d0786509 cmd/fpkg: include nixGL source in inner store 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-29 23:37:11 +09:00
cat 56a73bb019 nix: create nixpkgs symlink 
This is included as part of the system as nixGL needs to be built somewhere between activation and start.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-29 23:23:11 +09:00
cat fb8abf63db nix: update flake lock 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-29 23:14:16 +09:00
cat 63802c5f0d nix: nixos test create parent directory 
This tests directory creation in shim.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-29 22:36:53 +09:00
cat aff80b6b00 cmd/fpkg: optional network access when invoking with nix daemon 
This is useful for building nixGL.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-29 18:32:44 +09:00
cat a98a176907 cmd/fpkg: bind and document more gpu devices 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-29 18:25:26 +09:00
cat 5302879b88 cmd/fpkg: improve readability of fortify invocations 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-29 17:55:56 +09:00
cat 891b3cbde7 cmd/fpkg: compare all three store paths 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-29 17:10:41 +09:00
cat c795293f36 cmd/fpkg: clean up broken links before activation 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-29 15:21:40 +09:00
cat 42e1043300 nix: set home-manager user information 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-29 15:11:36 +09:00
cat 5416b07daa nix: remove unused argument 'self' 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-29 14:49:55 +09:00
cat e57a0e9bf2 nix: rename fortifyBundle to buildPackage 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-29 14:35:37 +09:00
cat ab48706ebe dist: install fpkg to /usr/bin 
This is a high level user-facing tool.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-29 01:04:53 +09:00
cat c1a459a0b1 cmd/fpkg/start: correct drop to shell wording 
Activation no longer happens during application startup.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-29 00:56:14 +09:00
cat 5125e96ecf nix: generate application package build script 
This takes some metadata, sandbox options, a launch script and a list of home-manager modules. The result needs to be executed in an environment with nix daemon access, and it produces the final package file.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-29 00:42:21 +09:00
cat e0e2f40e84 cmd/fpkg: app bundle helper 
This helper program creates fortify configuration for running an application bundle. The activate action wraps a home-manager activation package and ensures each generation gets activated once.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-26 13:21:49 +09:00
cat bf8094c6ca internal: include path to fortify main program 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-26 12:48:48 +09:00
cat 2e3bb1893e release: 0.2.8 
This release mostly fixes bugs uncovered when running fortify on a generic linux distribution.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-29 01:09:47 +09:00
cat 9b206072fa cmd/fshim: ensure data directory 
Ensuring home directory in shim causes the directory to be owned by the target user.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-28 14:39:01 +09:00
cat b9e2003d5b app: ensure extra paths 
The primary use case for extra perms is app-specific state directories, which may or may not exist (first run of any app).

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-28 14:07:49 +09:00
cat 66ec0d882f dist: build with -trimpath 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-28 13:44:05 +09:00
cat 847b667489 app: extra acl entries from configuration 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-28 13:23:27 +09:00
cat c70f0612ad fortify/print: skip nil filesystem entries 
This fixes a panic when displaying configurations with nil filesystem entries.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-28 12:14:42 +09:00
cat 85e5b097fd fst/config: add template etc entry 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-28 12:05:32 +09:00
cat 0107620d8c app: merge share methods 
This significantly increases readability and makes order of ops more obvious.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-28 11:12:35 +09:00
cat fc26659ea1 fst/config: autoetc read custom path 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-27 18:57:44 +09:00
cat 1f173a469c system/dbus: fix inverted system bus state 
Debug message and socket cleanup gets missed due to this value being inverted.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-27 18:38:11 +09:00
cat 2fdbd6a4dd fst/config: alternative /etc directory 
This is useful for static /etc directories provided by self-contained application packages, or in cases where autoetc is useful for paths other than /etc.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-27 18:06:26 +09:00
cat aef847b5ae helper/bwrap: fix typo in --dir config builder 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-27 15:34:43 +09:00
cat 0a2aa5823b cmd/fshim: bind finit inside sandbox 
The outer finit executable is normally inaccessible inside the sandbox. This was obscured by the current Nix-based setup exposing /nix/store to the sandbox.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-27 14:44:57 +09:00
cat b956ce4052 ldd: trim leading and trailing white spaces from name 
Glibc emits ldd output with \t prefix for formatting. Remove that here.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-26 16:53:01 +09:00
cat dc579dc610 dbus/run: bind ldd entry absolute name 
The ld.so entry has an absolute name. They are usually symlinks so binding path does not guarantee ld.so availability under its expected path in the mount namespace.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-26 16:36:03 +09:00
cat ade57c39af ldd: add fhs glibc test case 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-26 16:33:02 +09:00
cat 614ad86a5b dbus: fail on LookPath error 
An absolute path to xdg-dbus-proxy is required.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-26 16:08:48 +09:00
cat 831dc6a181 dist: create checksum in dist directory 
This makes verification easier.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-26 15:14:35 +09:00
cat c67b8ab9ac fst/config: improve correctness of comments 
The meanings of many of these fields have changed since they were added.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-26 00:45:29 +09:00
cat 7c5aaa38e2 dist: include zsh completion 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-25 23:41:54 +09:00
cat b52b1a5f90 dist/install: do not replace existing fsurc 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-25 23:37:15 +09:00
cat 9fc82d67b7 fortify/parse: accept config stream fd 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-23 20:09:07 +09:00