cat
9a8a047908
sandbox/seccomp: syscall name lookup table
...
Test / Create distribution (push) Successful in 33s
Test / Sandbox (push) Successful in 1m58s
Test / Hakurei (push) Successful in 2m42s
Test / Sandbox (race detector) (push) Successful in 2m59s
Test / Planterette (push) Successful in 3m31s
Test / Hakurei (race detector) (push) Successful in 4m21s
Test / Flake checks (push) Successful in 1m9s
The script is from Go source of same name. The result is checked against libseccomp.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-06-26 03:49:07 +09:00
cat
863bf69ad3
treewide: reapply clang-format
...
Test / Create distribution (push) Successful in 32s
Test / Sandbox (push) Successful in 1m51s
Test / Hakurei (push) Successful in 2m49s
Test / Sandbox (race detector) (push) Successful in 2m58s
Test / Planterette (push) Successful in 3m37s
Test / Hakurei (race detector) (push) Successful in 4m15s
Test / Flake checks (push) Successful in 1m8s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-06-25 23:43:42 +09:00
cat
0e957cc9c1
release: 0.0.2
...
Release / Create release (push) Successful in 43s
Test / Create distribution (push) Successful in 25s
Test / Sandbox (push) Successful in 40s
Test / Hakurei (push) Successful in 45s
Test / Sandbox (race detector) (push) Successful in 39s
Test / Planterette (push) Successful in 1m41s
Test / Hakurei (race detector) (push) Successful in 1m44s
Test / Flake checks (push) Successful in 1m14s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-06-25 21:11:11 +09:00
cat
aa454b158f
cmd/planterette: remove hsu special case
...
Test / Hakurei (push) Successful in 42s
Test / Create distribution (push) Successful in 25s
Test / Sandbox (push) Successful in 40s
Test / Hakurei (race detector) (push) Successful in 43s
Test / Sandbox (race detector) (push) Successful in 38s
Test / Planterette (push) Successful in 40s
Test / Flake checks (push) Successful in 1m15s
Remove special case and invoke hakurei out of process.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-06-25 20:50:24 +09:00
cat
7007bd6a1c
workflows: port release workflow to github
...
Test / Create distribution (push) Successful in 32s
Test / Sandbox (push) Successful in 1m55s
Test / Hakurei (push) Successful in 2m46s
Test / Sandbox (race detector) (push) Successful in 3m6s
Test / Fpkg (push) Successful in 3m31s
Test / Hakurei (race detector) (push) Successful in 4m15s
Test / Flake checks (push) Successful in 1m8s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-06-25 20:17:53 +09:00
cat
00efc95ee7
workflows: port test workflow to github
...
Test / Create distribution (push) Successful in 24s
Test / Sandbox (push) Successful in 1m29s
Test / Sandbox (race detector) (push) Successful in 2m54s
Test / Fpkg (push) Successful in 3m10s
Test / Hakurei (race detector) (push) Successful in 4m10s
Test / Hakurei (push) Successful in 1m57s
Test / Flake checks (push) Successful in 1m8s
This is a much less useful port of the test workflow and runs much slower due to runner limitations.
Still better than nothing though.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-06-25 19:37:45 +09:00
cat
b380bb248c
release: 0.0.1
...
Release / Create release (push) Successful in 40s
Test / Create distribution (push) Successful in 25s
Test / Sandbox (push) Successful in 38s
Test / Sandbox (race detector) (push) Successful in 38s
Test / Hakurei (push) Successful in 42s
Test / Hakurei (race detector) (push) Successful in 41s
Test / Fpkg (push) Successful in 39s
Test / Flake checks (push) Successful in 1m10s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-06-25 05:05:06 +09:00
cat
87e008d56d
treewide: rename to hakurei
...
Test / Create distribution (push) Successful in 43s
Test / Sandbox (push) Successful in 2m18s
Test / Hakurei (push) Successful in 3m10s
Test / Sandbox (race detector) (push) Successful in 3m30s
Test / Hakurei (race detector) (push) Successful in 4m43s
Test / Fpkg (push) Successful in 5m4s
Test / Flake checks (push) Successful in 1m12s
Fortify makes little sense for a container tool.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-06-25 04:57:41 +09:00
cat
3992073212
dist: move comp to dist
...
Test / Create distribution (push) Successful in 33s
Test / Sandbox (push) Successful in 1m58s
Test / Fortify (push) Successful in 2m49s
Test / Sandbox (race detector) (push) Successful in 3m13s
Test / Fpkg (push) Successful in 3m39s
Test / Fortify (race detector) (push) Successful in 4m17s
Test / Flake checks (push) Successful in 1m9s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-06-18 17:01:16 +09:00
cat
ef80b19f2f
treewide: switch to clang-format
...
Test / Create distribution (push) Successful in 32s
Test / Sandbox (push) Successful in 1m49s
Test / Fortify (push) Successful in 2m44s
Test / Sandbox (race detector) (push) Successful in 3m5s
Test / Fpkg (push) Successful in 3m32s
Test / Fortify (race detector) (push) Successful in 4m15s
Test / Flake checks (push) Successful in 1m4s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-06-18 13:45:34 +09:00
cat
717771ae80
app: share runtime dir
...
Test / Create distribution (push) Successful in 24s
Test / Sandbox (race detector) (push) Successful in 37s
Test / Sandbox (push) Successful in 37s
Test / Fortify (push) Successful in 40s
Test / Fortify (race detector) (push) Successful in 40s
Test / Fpkg (push) Successful in 38s
Test / Flake checks (push) Successful in 1m5s
This allows apps with the same identity to access the same runtime dir.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-06-08 03:24:48 +09:00
cat
bf5772bd8a
nix: deduplicate home-manager merging
...
Test / Create distribution (push) Successful in 44s
Test / Sandbox (push) Successful in 55s
Test / Sandbox (race detector) (push) Successful in 53s
Test / Fortify (race detector) (push) Successful in 50s
Test / Fpkg (push) Successful in 54s
Test / Fortify (push) Successful in 2m8s
Test / Flake checks (push) Successful in 1m7s
This becomes a problem when extraHomeConfig defines nixos module options.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-06-08 01:12:18 +09:00
cat
9a7c81a44e
nix: go generate in src derivation
...
Test / Sandbox (push) Successful in 40s
Test / Fortify (race detector) (push) Successful in 49s
Test / Fortify (push) Successful in 50s
Test / Create distribution (push) Successful in 24s
Test / Sandbox (race detector) (push) Successful in 45s
Test / Fpkg (push) Successful in 39s
Test / Flake checks (push) Successful in 1m12s
This saves the generated files in the nix store and exposes them for use by external tools.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-06-07 03:10:36 +09:00
cat
b7e991de5b
nix: update flake lock
...
Test / Create distribution (push) Successful in 51s
Test / Sandbox (push) Successful in 15m56s
Test / Sandbox (race detector) (push) Successful in 16m5s
Test / Fpkg (push) Successful in 17m33s
Test / Fortify (race detector) (push) Successful in 2m28s
Test / Fortify (push) Successful in 40s
Test / Flake checks (push) Successful in 2m58s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-06-05 04:05:39 +09:00
cat
6c1205106d
release: 0.4.1
...
Release / Create release (push) Successful in 59s
Test / Sandbox (push) Successful in 1m2s
Test / Sandbox (race detector) (push) Successful in 5m25s
Test / Create distribution (push) Successful in 28s
Test / Fpkg (push) Successful in 8m35s
Test / Fortify (push) Successful in 8m57s
Test / Fortify (race detector) (push) Successful in 10m5s
Test / Flake checks (push) Successful in 1m45s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-05-26 02:55:19 +09:00
cat
2ffca6984a
nix: use reverse-DNS style id as unique identifier
...
Test / Create distribution (push) Successful in 19s
Test / Sandbox (push) Successful in 31s
Test / Fortify (push) Successful in 35s
Test / Sandbox (race detector) (push) Successful in 31s
Test / Fortify (race detector) (push) Successful in 35s
Test / Fpkg (push) Successful in 33s
Test / Flake checks (push) Successful in 1m7s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-05-25 20:12:30 +09:00
cat
dde2516304
dbus: handle bizarre dbus proxy behaviour
...
Test / Create distribution (push) Successful in 28s
Test / Sandbox (push) Successful in 1m53s
Test / Fortify (push) Successful in 2m44s
Test / Sandbox (race detector) (push) Successful in 3m2s
Test / Fpkg (push) Successful in 3m36s
Test / Fortify (race detector) (push) Successful in 4m16s
Test / Flake checks (push) Successful in 1m17s
There is a strange behaviour in xdg-dbus-proxy where if any interface string when stripped of a single ".*" suffix does not contain a '.' byte anywhere, the program will exit with code 1 without any output. This checks for such conditions to make the failure less confusing.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-05-25 19:50:06 +09:00
cat
f30a439bcd
nix: improve common usability
...
Test / Create distribution (push) Successful in 19s
Test / Sandbox (push) Successful in 31s
Test / Fortify (push) Successful in 35s
Test / Sandbox (race detector) (push) Successful in 31s
Test / Fortify (race detector) (push) Successful in 35s
Test / Fpkg (push) Successful in 33s
Test / Flake checks (push) Successful in 1m7s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-05-16 04:40:12 +09:00
cat
008e9e7fc5
nix: update flake lock
Test / Create distribution (push) Successful in 28s
Test / Fortify (push) Successful in 38s
Test / Fortify (race detector) (push) Successful in 37s
Test / Fpkg (push) Successful in 35s
Test / Sandbox (push) Successful in 1m18s
Test / Sandbox (race detector) (push) Successful in 1m27s
Test / Flake checks (push) Successful in 2m47s
2025-05-07 21:35:37 +09:00
cat
23aefcd759
fortify: update help strings
...
Test / Create distribution (push) Successful in 30s
Test / Sandbox (push) Successful in 1m58s
Test / Sandbox (race detector) (push) Successful in 3m11s
Test / Fpkg (push) Successful in 4m24s
Test / Fortify (race detector) (push) Successful in 4m58s
Test / Fortify (push) Successful in 3m44s
Test / Flake checks (push) Successful in 1m34s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-05-07 19:06:36 +09:00
cat
cb8b886446
nix: update flake lock
Test / Create distribution (push) Successful in 1m28s
Test / Fortify (push) Successful in 49m23s
Test / Fortify (race detector) (push) Successful in 49m56s
Test / Fpkg (push) Successful in 50m14s
Test / Sandbox (push) Successful in 1m18s
Test / Sandbox (race detector) (push) Successful in 1m20s
Test / Flake checks (push) Successful in 3m0s
2025-04-22 22:23:21 +09:00
cat
5979d8b1e0
dbus: clean up wrapper implementation
...
Test / Create distribution (push) Successful in 27s
Test / Sandbox (push) Successful in 1m50s
Test / Fortify (push) Successful in 2m49s
Test / Sandbox (race detector) (push) Successful in 3m4s
Test / Fpkg (push) Successful in 3m35s
Test / Fortify (race detector) (push) Successful in 4m13s
Test / Flake checks (push) Successful in 1m3s
The dbus proxy wrapper haven't been updated much ever since the helper interface was introduced.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-04-16 23:35:17 +09:00
cat
e587112e63
test: check xdg-dbus-proxy termination
...
Test / Sandbox (race detector) (push) Successful in 31s
Test / Sandbox (push) Successful in 33s
Test / Create distribution (push) Successful in 28s
Test / Fpkg (push) Successful in 35s
Test / Fortify (push) Successful in 2m9s
Test / Fortify (race detector) (push) Successful in 2m37s
Test / Flake checks (push) Successful in 1m2s
This process runs outside the application container's pid namespace, so it is a good idea to check whether its lifecycle becomes decoupled from the application.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-04-15 20:45:31 +09:00
cat
d6cf736abf
release: 0.4.0
...
Release / Create release (push) Successful in 54s
Test / Sandbox (push) Successful in 47s
Test / Sandbox (race detector) (push) Successful in 4m44s
Test / Create distribution (push) Successful in 20s
Test / Fortify (race detector) (push) Successful in 6m42s
Test / Fpkg (push) Successful in 2m18s
Test / Fortify (push) Successful in 5m18s
Test / Flake checks (push) Successful in 2m42s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-04-13 11:10:45 +09:00
cat
15011c4173
app/instance/common: optimise ops allocation
...
Test / Create distribution (push) Successful in 26s
Test / Sandbox (push) Successful in 1m55s
Test / Fortify (push) Successful in 2m46s
Test / Sandbox (race detector) (push) Successful in 3m10s
Test / Fpkg (push) Successful in 3m52s
Test / Fortify (race detector) (push) Successful in 4m23s
Test / Flake checks (push) Successful in 1m2s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-04-13 03:49:07 +09:00
cat
31b7ddd122
fst: improve config
...
Test / Create distribution (push) Successful in 26s
Test / Sandbox (push) Successful in 1m50s
Test / Fortify (push) Successful in 2m46s
Test / Sandbox (race detector) (push) Successful in 2m59s
Test / Fortify (race detector) (push) Successful in 4m23s
Test / Fpkg (push) Successful in 5m25s
Test / Flake checks (push) Successful in 1m1s
The config struct more or less "grew" to what it is today. This change moves things around to make more sense and fixes nonsensical comments describing obsolete behaviour.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-04-13 03:30:19 +09:00
cat
c460892cbd
fst: check template
...
Test / Create distribution (push) Successful in 26s
Test / Sandbox (push) Successful in 1m51s
Test / Fortify (push) Successful in 2m39s
Test / Sandbox (race detector) (push) Successful in 3m7s
Test / Fpkg (push) Successful in 3m36s
Test / Fortify (race detector) (push) Successful in 4m14s
Test / Flake checks (push) Successful in 1m6s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-04-12 18:00:25 +09:00
cat
6309469e93
app/instance: wrap internal implementation
...
Test / Create distribution (push) Successful in 26s
Test / Sandbox (push) Successful in 1m44s
Test / Fortify (push) Successful in 2m37s
Test / Sandbox (race detector) (push) Successful in 2m59s
Test / Fpkg (push) Successful in 3m34s
Test / Fortify (race detector) (push) Successful in 4m6s
Test / Flake checks (push) Successful in 59s
This reduces the scope of the fst package, which was growing questionably large.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-04-12 13:56:41 +09:00
cat
0d7c1a9a43
app: rename app implementation package
...
Test / Create distribution (push) Successful in 26s
Test / Sandbox (push) Successful in 1m48s
Test / Fortify (push) Successful in 2m36s
Test / Sandbox (race detector) (push) Successful in 2m52s
Test / Fpkg (push) Successful in 3m32s
Test / Fortify (race detector) (push) Successful in 4m9s
Test / Flake checks (push) Successful in 1m4s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-04-12 10:54:24 +09:00
cat
ae6f5ede19
fst: mount passthrough /dev writable
...
Test / Create distribution (push) Successful in 26s
Test / Sandbox (push) Successful in 1m50s
Test / Fortify (push) Successful in 2m39s
Test / Sandbox (race detector) (push) Successful in 3m1s
Test / Fpkg (push) Successful in 3m30s
Test / Fortify (race detector) (push) Successful in 4m13s
Test / Flake checks (push) Successful in 59s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-04-11 20:01:54 +09:00
cat
807d511c8b
test/sandbox: check device outcome
...
Test / Fortify (push) Successful in 35s
Test / Create distribution (push) Successful in 26s
Test / Fortify (race detector) (push) Successful in 35s
Test / Fpkg (push) Successful in 34s
Test / Sandbox (push) Successful in 1m22s
Test / Sandbox (race detector) (push) Successful in 1m41s
Test / Flake checks (push) Successful in 1m5s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-04-11 19:55:16 +09:00
cat
2f4f21fb18
fst: rename device field
...
Test / Create distribution (push) Successful in 26s
Test / Sandbox (push) Successful in 1m46s
Test / Fortify (push) Successful in 2m39s
Test / Sandbox (race detector) (push) Successful in 3m1s
Test / Fpkg (push) Successful in 3m38s
Test / Fortify (race detector) (push) Successful in 4m10s
Test / Flake checks (push) Successful in 1m5s
Dev is very ambiguous. Rename it here alongside upcoming config changes.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-04-11 19:32:15 +09:00
cat
9967909460
sandbox: relative autoetc links
...
Test / Create distribution (push) Successful in 26s
Test / Sandbox (push) Successful in 1m44s
Test / Fortify (push) Successful in 2m41s
Test / Sandbox (race detector) (push) Successful in 2m48s
Test / Fpkg (push) Successful in 3m35s
Test / Fortify (race detector) (push) Successful in 4m13s
Test / Flake checks (push) Successful in 1m3s
This allows nested containers to use autoetc, and increases compatibility with other implementations.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-04-11 18:54:00 +09:00
cat
c806f43881
sandbox: implement autoetc as setup op
...
Test / Create distribution (push) Successful in 27s
Test / Sandbox (push) Successful in 1m48s
Test / Fortify (push) Successful in 2m42s
Test / Sandbox (race detector) (push) Successful in 2m51s
Test / Fpkg (push) Successful in 3m37s
Test / Fortify (race detector) (push) Successful in 4m9s
Test / Flake checks (push) Successful in 1m4s
This significantly reduces setup op count and the readdir call now happens in the context of the init process.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-04-10 18:54:25 +09:00
cat
584405f7cc
sandbox/seccomp: rename flag type and constants
...
Test / Create distribution (push) Successful in 27s
Test / Sandbox (push) Successful in 1m38s
Test / Fortify (push) Successful in 2m39s
Test / Sandbox (race detector) (push) Successful in 2m55s
Test / Fpkg (push) Successful in 3m26s
Test / Fortify (race detector) (push) Successful in 4m5s
Test / Flake checks (push) Successful in 56s
The names are ambiguous. Rename them to make more sense.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-04-08 01:59:45 +09:00
cat
50127ed5f9
fortify: print synthesised id in ps
...
Test / Create distribution (push) Successful in 26s
Test / Sandbox (push) Successful in 1m48s
Test / Fortify (push) Successful in 2m42s
Test / Sandbox (race detector) (push) Successful in 2m53s
Test / Fpkg (push) Successful in 3m30s
Test / Fortify (race detector) (push) Successful in 4m7s
Test / Flake checks (push) Successful in 1m2s
This is not the full synthesised id so it does not get too long.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-04-07 21:55:07 +09:00
cat
b5eff27c40
fortify: check fst id string length
...
Test / Create distribution (push) Successful in 26s
Test / Sandbox (push) Successful in 1m44s
Test / Fortify (push) Successful in 2m42s
Test / Sandbox (race detector) (push) Successful in 2m49s
Test / Fpkg (push) Successful in 3m25s
Test / Fortify (race detector) (push) Successful in 4m9s
Test / Flake checks (push) Successful in 1m3s
This should never be a problem, however in case it happens printing a warning message is better than relying on the runtime to panic.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-04-07 21:39:46 +09:00
cat
74ba183256
app: install seccomp filter to shim
...
Test / Create distribution (push) Successful in 27s
Test / Sandbox (push) Successful in 1m57s
Test / Fortify (push) Successful in 2m53s
Test / Sandbox (race detector) (push) Successful in 3m5s
Test / Fpkg (push) Successful in 3m51s
Test / Fortify (race detector) (push) Successful in 4m19s
Test / Flake checks (push) Successful in 1m5s
This does not necessarily reduce attack surface but does not affect functionality or introduce any side effects, so is nice to have.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-04-07 04:13:08 +09:00
cat
f885dede9b
sandbox/seccomp: unexport println wrapper
...
Test / Create distribution (push) Successful in 27s
Test / Sandbox (push) Successful in 1m45s
Test / Fortify (push) Successful in 2m40s
Test / Sandbox (race detector) (push) Successful in 2m52s
Test / Fpkg (push) Successful in 3m25s
Test / Fortify (race detector) (push) Successful in 4m10s
Test / Flake checks (push) Successful in 1m6s
This is an implementation detail that was exported for the bwrap argument builder. The removal of that package allows it to be unexported.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-04-07 04:07:20 +09:00
cat
e9a7cd526f
app: improve shim process management
...
Test / Create distribution (push) Successful in 27s
Test / Sandbox (push) Successful in 1m45s
Test / Fortify (push) Successful in 2m36s
Test / Sandbox (race detector) (push) Successful in 2m49s
Test / Fpkg (push) Successful in 3m33s
Test / Fortify (race detector) (push) Successful in 4m13s
Test / Flake checks (push) Successful in 1m6s
This ensures a signal gets delivered to the process instead of relying on parent death behaviour.
SIGCONT was chosen as it is the only signal an unprivileged process is allowed to send to processes with different credentials.
A custom signal handler is installed because the Go runtime does not expose signal information other than which signal was received, and shim must check pid to ensure reasonable behaviour.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-04-07 03:55:17 +09:00
cat
12be7bc78e
release: 0.3.3
...
Release / Create release (push) Successful in 34s
Test / Create distribution (push) Successful in 19s
Test / Sandbox (push) Successful in 30s
Test / Sandbox (race detector) (push) Successful in 29s
Test / Fortify (push) Successful in 35s
Test / Fortify (race detector) (push) Successful in 35s
Test / Fpkg (push) Successful in 33s
Test / Flake checks (push) Successful in 1m0s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-04-01 01:42:10 +09:00
cat
0ba8be659f
sandbox: document less obvious parts of setup
...
Test / Create distribution (push) Successful in 29s
Test / Sandbox (push) Successful in 2m8s
Test / Fortify (push) Successful in 3m3s
Test / Sandbox (race detector) (push) Successful in 3m9s
Test / Fpkg (push) Successful in 4m22s
Test / Fortify (race detector) (push) Successful in 4m37s
Test / Flake checks (push) Successful in 1m19s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-04-01 01:21:04 +09:00
cat
022242a84a
app: wayland socket in process share
...
Test / Create distribution (push) Successful in 29s
Test / Sandbox (push) Successful in 1m9s
Test / Fortify (push) Successful in 2m16s
Test / Sandbox (race detector) (push) Successful in 3m8s
Test / Fpkg (push) Successful in 3m35s
Test / Fortify (race detector) (push) Successful in 4m32s
Test / Flake checks (push) Successful in 1m24s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-04-01 00:53:04 +09:00
cat
8aeb06f53c
app: share path setup on demand
...
Test / Create distribution (push) Successful in 28s
Test / Sandbox (race detector) (push) Successful in 34s
Test / Sandbox (push) Successful in 34s
Test / Fpkg (push) Successful in 39s
Test / Fortify (push) Successful in 2m16s
Test / Fortify (race detector) (push) Successful in 2m58s
Test / Flake checks (push) Successful in 1m33s
This removes the unnecessary creation and destruction of share paths when none of the enablements making use of them are set.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-04-01 00:47:32 +09:00
cat
4036da3b5c
fst: optional configured shell path
...
Test / Create distribution (push) Successful in 25s
Test / Sandbox (push) Successful in 1m45s
Test / Fortify (push) Successful in 2m28s
Test / Sandbox (race detector) (push) Successful in 2m45s
Test / Fpkg (push) Successful in 3m32s
Test / Fortify (race detector) (push) Successful in 4m5s
Test / Flake checks (push) Successful in 1m2s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-03-31 21:27:31 +09:00
cat
986105958c
fortify: update show output
...
Test / Create distribution (push) Successful in 25s
Test / Sandbox (push) Successful in 1m48s
Test / Fortify (push) Successful in 2m31s
Test / Sandbox (race detector) (push) Successful in 2m49s
Test / Fpkg (push) Successful in 3m27s
Test / Fortify (race detector) (push) Successful in 4m8s
Test / Flake checks (push) Successful in 1m0s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-03-31 04:54:10 +09:00
cat
ecdd4d8202
fortify: clean ps output
...
Test / Create distribution (push) Successful in 26s
Test / Sandbox (push) Successful in 1m40s
Test / Fortify (push) Successful in 2m34s
Test / Sandbox (race detector) (push) Successful in 2m52s
Test / Fpkg (push) Successful in 3m36s
Test / Fortify (race detector) (push) Successful in 4m5s
Test / Flake checks (push) Successful in 1m3s
This format never changed ever since it was added. It used to show everything there is in a process state but that is no longer true for a long time. This change cleans it up in favour of `fortify show` displaying extra information.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-03-31 04:41:08 +09:00
cat
bdee0c3921
nix: update flake lock
...
Test / Create distribution (push) Successful in 33s
Test / Sandbox (push) Successful in 5m6s
Test / Sandbox (race detector) (push) Successful in 5m12s
Test / Fortify (push) Successful in 6m5s
Test / Fortify (race detector) (push) Successful in 6m39s
Test / Fpkg (push) Successful in 9m53s
Test / Flake checks (push) Successful in 1m20s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-03-30 23:15:18 +09:00
cat
48f634d046
release: 0.3.2
...
Release / Create release (push) Successful in 34s
Test / Sandbox (push) Successful in 34s
Test / Fortify (push) Successful in 59s
Test / Create distribution (push) Successful in 20s
Test / Sandbox (race detector) (push) Successful in 1m3s
Test / Fpkg (push) Successful in 1m16s
Test / Fortify (race detector) (push) Successful in 4m14s
Test / Flake checks (push) Successful in 1m9s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-03-30 23:05:57 +09:00
cat
2a46f5bb12
sandbox/seccomp: update doc comment
...
Test / Create distribution (push) Successful in 26s
Test / Sandbox (push) Successful in 1m43s
Test / Fortify (push) Successful in 2m44s
Test / Sandbox (race detector) (push) Successful in 2m58s
Test / Fpkg (push) Successful in 3m38s
Test / Fortify (race detector) (push) Successful in 4m9s
Test / Flake checks (push) Successful in 1m8s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-03-30 23:00:20 +09:00
cat
