cat
847b667489
app: extra acl entries from configuration
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-28 13:23:27 +09:00
cat
c70f0612ad
fortify/print: skip nil filesystem entries
...
Tests / Go tests (push) Successful in 31s
Nix / NixOS tests (push) Successful in 3m24s
This fixes a panic when displaying configurations with nil filesystem entries.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-28 12:14:42 +09:00
cat
85e5b097fd
fst/config: add template etc entry
...
Tests / Go tests (push) Successful in 31s
Nix / NixOS tests (push) Successful in 3m21s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-28 12:05:32 +09:00
cat
0107620d8c
app: merge share methods
...
Tests / Go tests (push) Successful in 32s
Nix / NixOS tests (push) Successful in 3m25s
This significantly increases readability and makes order of ops more obvious.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-28 11:12:35 +09:00
cat
fc26659ea1
fst/config: autoetc read custom path
...
Tests / Go tests (push) Successful in 43s
Nix / NixOS tests (push) Successful in 3m40s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-27 18:57:44 +09:00
cat
1f173a469c
system/dbus: fix inverted system bus state
...
Tests / Go tests (push) Successful in 33s
Nix / NixOS tests (push) Successful in 3m38s
Debug message and socket cleanup gets missed due to this value being inverted.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-27 18:38:11 +09:00
cat
2fdbd6a4dd
fst/config: alternative /etc directory
...
Tests / Go tests (push) Successful in 32s
Nix / NixOS tests (push) Successful in 3m41s
This is useful for static /etc directories provided by self-contained application packages, or in cases where autoetc is useful for paths other than /etc.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-27 18:06:26 +09:00
cat
aef847b5ae
helper/bwrap: fix typo in --dir config builder
...
Tests / Go tests (push) Successful in 32s
Nix / NixOS tests (push) Successful in 3m33s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-27 15:34:43 +09:00
cat
0a2aa5823b
cmd/fshim: bind finit inside sandbox
...
Tests / Go tests (push) Successful in 34s
Nix / NixOS tests (push) Successful in 3m32s
The outer finit executable is normally inaccessible inside the sandbox. This was obscured by the current Nix-based setup exposing /nix/store to the sandbox.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-27 14:44:57 +09:00
cat
b956ce4052
ldd: trim leading and trailing white spaces from name
...
Tests / Go tests (push) Successful in 33s
Nix / NixOS tests (push) Successful in 3m31s
Glibc emits ldd output with \t prefix for formatting. Remove that here.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-26 16:53:01 +09:00
cat
dc579dc610
dbus/run: bind ldd entry absolute name
...
Tests / Go tests (push) Successful in 32s
Nix / NixOS tests (push) Successful in 3m35s
The ld.so entry has an absolute name. They are usually symlinks so binding path does not guarantee ld.so availability under its expected path in the mount namespace.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-26 16:36:03 +09:00
cat
ade57c39af
ldd: add fhs glibc test case
...
Tests / Go tests (push) Successful in 33s
Nix / NixOS tests (push) Successful in 3m34s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-26 16:33:02 +09:00
cat
614ad86a5b
dbus: fail on LookPath error
...
Tests / Go tests (push) Successful in 35s
Nix / NixOS tests (push) Successful in 3m24s
An absolute path to xdg-dbus-proxy is required.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-26 16:08:48 +09:00
cat
831dc6a181
dist: create checksum in dist directory
...
Tests / Go tests (push) Successful in 35s
Nix / NixOS tests (push) Successful in 3m38s
This makes verification easier.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-26 15:14:35 +09:00
cat
c67b8ab9ac
fst/config: improve correctness of comments
...
Tests / Go tests (push) Successful in 33s
Nix / NixOS tests (push) Successful in 3m26s
The meanings of many of these fields have changed since they were added.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-26 00:45:29 +09:00
cat
7c5aaa38e2
dist: include zsh completion
...
Tests / Go tests (push) Successful in 33s
Nix / NixOS tests (push) Successful in 3m26s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-25 23:41:54 +09:00
cat
b52b1a5f90
dist/install: do not replace existing fsurc
...
Tests / Go tests (push) Successful in 38s
Nix / NixOS tests (push) Successful in 3m28s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-25 23:37:15 +09:00
cat
9fc82d67b7
fortify/parse: accept config stream fd
...
Tests / Go tests (push) Successful in 36s
Nix / NixOS tests (push) Successful in 3m29s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-23 20:09:07 +09:00
cat
70bffeaa1e
fortify: clean up config loading
...
Tests / Go tests (push) Successful in 40s
Nix / NixOS tests (push) Successful in 3m28s
Move duplicate code to function. Also handle - as config from stdin.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-23 17:57:54 +09:00
cat
c109ac2653
release: 0.2.7
...
Tests / Go tests (push) Successful in 47s
Create distribution / Release (push) Successful in 1m5s
Nix / NixOS tests (push) Successful in 4m40s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-22 13:34:50 +09:00
cat
58f8731b2e
nix: include fortify show output
...
Tests / Go tests (push) Successful in 35s
Nix / NixOS tests (push) Successful in 3m40s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-22 13:28:21 +09:00
cat
8a9ba5e0ad
fortify: show short mode omit filesystems
...
Tests / Go tests (push) Successful in 36s
Nix / NixOS tests (push) Successful in 3m19s
Filesystem information can be quite noisy in permissive defaults.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-22 13:20:33 +09:00
cat
f608f28a6a
app: mount /dev/kvm in permissive defaults
...
Tests / Go tests (push) Successful in 35s
Nix / NixOS tests (push) Successful in 3m21s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-22 12:37:24 +09:00
cat
aecfae1874
fortify: sort by time of start
...
Tests / Go tests (push) Successful in 35s
Nix / NixOS tests (push) Successful in 3m14s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-22 12:06:54 +09:00
cat
27f2b53d18
fortify: sort ps output
...
Tests / Go tests (push) Successful in 37s
Nix / NixOS tests (push) Successful in 3m20s
This ensures consistency between runs.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-22 11:59:53 +09:00
cat
5838963265
nix: test dbus via notify-send
...
Tests / Go tests (push) Successful in 1m28s
Nix / NixOS tests (push) Successful in 4m0s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-22 11:31:12 +09:00
cat
e8594cf670
fortify: print short instance id in non-json short mode
...
Tests / Go tests (push) Successful in 1m23s
Nix / NixOS tests (push) Successful in 3m28s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-22 11:02:19 +09:00
cat
5c73acb56f
release: 0.2.6
...
Tests / Go tests (push) Successful in 48s
Create distribution / Release (push) Successful in 1m12s
Nix / NixOS tests (push) Successful in 3m59s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-22 01:18:21 +09:00
cat
76ca2a92ee
nix: check state store contents
...
Tests / Go tests (push) Successful in 39s
Nix / NixOS tests (push) Successful in 3m27s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-22 01:10:48 +09:00
cat
f2869c4235
fortify: serialise ps with string as key
...
Tests / Go tests (push) Successful in 40s
Nix / NixOS tests (push) Successful in 2m59s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-21 23:52:48 +09:00
cat
bf11241649
fortify: zsh complete show instance list
...
Tests / Go tests (push) Successful in 37s
Nix / NixOS tests (push) Successful in 2m59s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-21 21:13:53 +09:00
cat
cb98baa19d
fortify: clean up ps formatting code
...
Tests / Go tests (push) Successful in 38s
Nix / NixOS tests (push) Successful in 3m1s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-21 20:34:40 +09:00
cat
4f4c690d38
fortify: move json indent call
...
Tests / Go tests (push) Successful in 36s
Nix / NixOS tests (push) Successful in 2m59s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-21 19:06:25 +09:00
cat
df7f692e61
fortify: move show formatting out of main
...
Tests / Go tests (push) Successful in 38s
Nix / NixOS tests (push) Successful in 3m1s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-21 18:33:30 +09:00
cat
7a8b625a57
app: rename /fortify to /.fortify
...
Tests / Go tests (push) Successful in 35s
Nix / NixOS tests (push) Successful in 2m57s
Also removed the inner share tmpfs mount.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-21 18:11:32 +09:00
cat
8bf12bbe68
nix: clear terminal prior to screenshot
...
Tests / Go tests (push) Successful in 35s
Nix / NixOS tests (push) Successful in 2m50s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-21 18:04:17 +09:00
cat
f8c3d53327
nix: test pulseaudio pass through
...
Tests / Go tests (push) Successful in 39s
Nix / NixOS tests (push) Successful in 3m15s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-21 17:58:14 +09:00
cat
74fe74e6b5
app: do not fail on missing cookie
...
Tests / Go tests (push) Successful in 40s
Nix / NixOS tests (push) Successful in 2m55s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-21 17:56:21 +09:00
cat
ed8ee5eb4b
nix: filter nix files from src
...
Tests / Go tests (push) Successful in 38s
Nix / NixOS tests (push) Successful in 3m7s
This prevents constant rebuilds when debugging integration tests.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-21 17:39:42 +09:00
cat
af4d92b785
nix: test dbus proxy
...
Tests / Go tests (push) Successful in 37s
Nix / NixOS tests (push) Successful in 3m1s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-21 14:19:50 +09:00
cat
ce04dd52ca
nix: background go test
...
Tests / Go tests (push) Successful in 38s
Nix / NixOS tests (push) Successful in 3m0s
Go test takes significant time.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-21 13:58:57 +09:00
cat
3d042f4992
nix: remove workspace switching
...
Tests / Go tests (push) Successful in 36s
Nix / NixOS tests (push) Successful in 3m17s
Switching workspaces does not test anything and introduces unnecessary wait time.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-21 13:52:05 +09:00
cat
68660a2ad4
fortify: config/state pretty-print subcommand
...
Tests / Go tests (push) Successful in 43s
Nix / NixOS tests (push) Successful in 3m8s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-21 12:29:04 +09:00
cat
b9cc318314
system: implement Enablements String method
...
Tests / Go tests (push) Successful in 40s
Nix / NixOS tests (push) Successful in 3m9s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-20 23:21:19 +09:00
cat
ed10574dea
state: store join util
...
Tests / Go tests (push) Successful in 39s
Nix / NixOS tests (push) Successful in 3m5s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-20 19:05:39 +09:00
cat
195b717e01
release: 0.2.5
...
Tests / Go tests (push) Successful in 49s
Create distribution / Release (push) Successful in 1m6s
Nix / NixOS tests (push) Successful in 1m23s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe >
2024-12-20 00:28:48 +09:00
cat
df6fc298f6
migrate to git.gensokyo.uk/security/fortify
...
Tests / Go tests (push) Successful in 2m55s
Nix / NixOS tests (push) Successful in 5m10s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe >
2024-12-20 00:20:02 +09:00
cat
eae3034260
state: expose aids and use instance id as key
...
Tests / Go tests (push) Successful in 39s
Nix / NixOS tests (push) Successful in 3m26s
Fortify state store instances was specific to aids due to outdated design decisions carried over from the ego rewrite. That no longer makes sense in the current application, so the interface now enables a single store object to manage all transient state.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe >
2024-12-19 21:36:17 +09:00
cat
5ea7333431
fst: implement app id parser
...
Tests / Go tests (push) Successful in 40s
Nix / NixOS tests (push) Successful in 3m8s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe >
2024-12-19 18:19:47 +09:00
cat
f796622c35
state: rename simple store implementation
...
Tests / Go tests (push) Successful in 42s
Nix / NixOS tests (push) Successful in 3m4s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe >
2024-12-19 11:48:48 +09:00
cat
