cat
be7d944b39
helper/bwrap: PositionalArg implement fmt.Stringer
...
Test / Create distribution (push) Successful in 49s
Test / Run NixOS test (push) Successful in 3m28s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-15 00:11:48 +09:00
cat
ace97952cc
helper/bwrap: merge Args and FDArgs
...
Test / Create distribution (push) Successful in 1m13s
Test / Run NixOS test (push) Successful in 4m34s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-14 18:13:06 +09:00
cat
73146ea7fa
dbus: remove BwrapStatic method
...
Test / Create distribution (push) Successful in 54s
Test / Run NixOS test (push) Successful in 8m20s
This method does not do anything and is not called from anywhere. It also does not make any sense as a public interface since the argument builder is no longer stateless.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-14 18:09:59 +09:00
cat
88040504b2
helper/bwrap: remove fmsg import
...
Test / Create distribution (push) Successful in 57s
Test / Run NixOS test (push) Successful in 8m13s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-14 18:05:00 +09:00
cat
1fd571d561
cmd/fsu: check parse behaviour
...
Test / Run NixOS test (push) Successful in 10m33s
Test / Create distribution (push) Successful in 1m8s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-14 16:43:55 +09:00
cat
be30e2f11e
cmd/fsu: revert offset in error message
...
Test / Create distribution (push) Successful in 51s
Test / Run NixOS test (push) Successful in 3m39s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-14 15:31:39 +09:00
cat
aaebb8f3ab
fortify: check print behaviour
...
Test / Create distribution (push) Successful in 1m10s
Test / Run NixOS test (push) Successful in 3m59s
These output are supposed to be deterministic, so checking them is a good way to catch regressions.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-14 14:44:28 +09:00
cat
1f74b636d3
state/join: use Join method when available
...
Test / Create distribution (push) Successful in 1m4s
Test / Run NixOS test (push) Successful in 4m11s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-14 14:11:02 +09:00
cat
e431ab3c24
app: check username length against LOGIN_NAME_MAX
...
Test / Create distribution (push) Successful in 49s
Test / Run NixOS test (push) Successful in 3m46s
This limit is arbitrary, but it's good to enforce it anyway.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-14 12:44:55 +09:00
cat
3fba33687b
fortify: print line after ps output
...
Test / Create distribution (push) Successful in 1m43s
Test / Run NixOS test (push) Successful in 9m18s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-14 12:23:20 +09:00
cat
820f48ef94
release: 0.2.13
...
Test / Create distribution (push) Successful in 1m56s
Release / Create release (push) Successful in 2m9s
Test / Run NixOS test (push) Successful in 4m38s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-13 23:45:54 +09:00
cat
fe7d208cf7
helper: use generic extra files interface
...
Test / Create distribution (push) Successful in 1m38s
Test / Run NixOS test (push) Successful in 4m36s
This replaces the pipes object and integrates context into helper process lifecycle.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-13 23:34:15 +09:00
cat
60c2873750
helper/proc: cancel ec on parent ctx
...
Test / Create distribution (push) Successful in 1m31s
Test / Run NixOS test (push) Successful in 4m13s
This allows errors written during a timeout to be received and handled.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-13 23:08:28 +09:00
cat
d1d20c06fb
helper/seccomp: use sync.Once for closeWrite
...
Test / Create distribution (push) Successful in 1m29s
Test / Run NixOS test (push) Successful in 4m13s
This makes the code much cleaner, and eliminates the intermittent ErrInvalid errors.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-13 22:49:16 +09:00
cat
1e6a059668
helper/seccomp: benchmark exporter
...
Test / Create distribution (push) Successful in 1m44s
Test / Run NixOS test (push) Successful in 4m32s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-13 22:37:51 +09:00
cat
318df0f7e1
nix: test syscall filter
...
Test / Create distribution (push) Successful in 1m30s
Test / Run NixOS test (push) Successful in 4m17s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-13 22:01:16 +09:00
cat
58eb8f971d
proc/pipe: implement args and stat file
...
Test / Create distribution (push) Successful in 1m30s
Test / Run NixOS test (push) Successful in 4m11s
This is a generic implementation of helper/pipe.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-13 19:57:24 +09:00
cat
0a1d7c01cd
helper/proc: count dispatched errs
...
Test / Create distribution (push) Successful in 1m28s
Test / Run NixOS test (push) Successful in 3m59s
This helps debug implementation errors of [proc.File].
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-13 19:55:37 +09:00
cat
60ca1c6c55
helper/proc: store file addresses in linked list
...
Test / Create distribution (push) Successful in 1m28s
Test / Run NixOS test (push) Successful in 4m5s
Storing extra files as a slice requires the caller to allocate a large enough slice before initialising any file and never grow the slice.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-13 17:42:12 +09:00
cat
099da78af5
helper/seccomp: eliminate data race on pfd
...
Test / Create distribution (push) Successful in 2m10s
Test / Run NixOS test (push) Successful in 4m50s
Turns out the doc comment on os.File was lying about its methods being safe for concurrent use. The race detector picked up a data race from concurrent use of Fd and Close.
This change eliminates that by calling Fd in the prepare routine.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-13 10:40:51 +09:00
cat
18466cfd02
helper/proc: declare generic extra files interface
...
Test / Create distribution (push) Successful in 1m29s
Test / Run NixOS test (push) Successful in 4m4s
Helpers use extra files for various purposes. This provides a generic interface for implementing the fulfillment of these extra files without having to specifically handle them in the process creation code.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-11 16:34:47 +09:00
cat
e14923ae53
helper/proc: move package out of internal
...
Test / Create distribution (push) Successful in 1m32s
Test / Run NixOS test (push) Successful in 4m6s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-08 13:03:45 +09:00
cat
7aff3ead3a
nix: vm test remove unnecessary setup
...
Test / Create distribution (push) Successful in 1m27s
Test / Run NixOS test (push) Successful in 4m10s
This step is no longer required as the NixOS module is responsible for home directory creation.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-07 22:29:56 +09:00
cat
72fb13dccc
dbus: lock for read in public args interface
...
Test / Create distribution (push) Successful in 1m27s
Test / Run NixOS test (push) Successful in 4m2s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-07 13:42:29 +09:00
cat
a48386bd56
system/dbus: dump messages on early fault
...
Test / Create distribution (push) Successful in 1m27s
Test / Run NixOS test (push) Successful in 4m14s
In the current app implementation this gets dumped in the wait method after resuming output. Wait is never called in an early fault condition, so any error messages get lost.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-07 13:20:56 +09:00
cat
2e52191404
system/dbus: dump method prints msgbuf
...
Test / Create distribution (push) Successful in 1m27s
Test / Run NixOS test (push) Successful in 4m1s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-07 13:16:54 +09:00
cat
568d7758d5
helper/seccomp: panic on invalid closeWrite use
...
Test / Create distribution (push) Successful in 1m46s
Test / Run NixOS test (push) Successful in 4m39s
Returning an error here puts exporter in an invalid state. The caller should guard against this condition instead.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-07 12:58:20 +09:00
cat
5b7b3fa9a4
helper/seccomp: implement reader interface via pipe
...
Test / Create distribution (push) Successful in 1m6s
Test / Run NixOS test (push) Successful in 2m44s
This also does not require the libc tmpfile call.
BPF programs emitted by libseccomp seems to be deterministic. The tests would catch regressions as it verifies the program against known good output backed by manual testing.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-03 19:43:03 +09:00
cat
d58fb8c6ee
workflows: fix nix store cache
...
Test / Create distribution (push) Successful in 1m13s
Test / Run NixOS test (push) Successful in 3m0s
Prefix does not seem to match correctly, this appears to be a Gitea implementation bug.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-01 21:16:13 +09:00
cat
5808fe61c3
nix: vm test set sway background
...
Test / Create distribution (push) Successful in 2m36s
Test / Run NixOS test (push) Successful in 6m32s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-25 22:28:04 +09:00
cat
f338d3bb4b
nix: update flake lock
Test / Create distribution (push) Successful in 3m6s
Test / Run NixOS test (push) Successful in 6m32s
2025-01-25 19:46:33 +09:00
cat
8d04dd72f1
nix: mount nvidia devices
...
Test / Create distribution (push) Successful in 1m43s
Test / Run NixOS test (push) Successful in 3m33s
These non-standard paths are required in the sandbox for nvidia drivers to work.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-25 18:05:18 +09:00
cat
21735a8abe
release: 0.2.12
...
Test / Create distribution (push) Successful in 2m25s
Release / Create release (push) Successful in 4m6s
Test / Run NixOS test (push) Successful in 4m49s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-25 13:40:48 +09:00
cat
34272672b1
nix: verify silent output when not running with -v
...
Test / Create distribution (push) Successful in 1m51s
Test / Run NixOS test (push) Successful in 4m40s
This checks behaviour of fmsg and seccomp.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-25 13:38:18 +09:00
cat
7b96cd6ded
helper/seccomp: do not call F_println if not verbose
...
Test / Create distribution (push) Successful in 1m42s
Test / Run NixOS test (push) Successful in 3m34s
This (slightly) improves performance.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-25 13:19:38 +09:00
cat
163f15e93f
helper/seccomp: separate seccomp package
...
Test / Create distribution (push) Successful in 1m39s
Test / Run NixOS test (push) Successful in 3m31s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-25 12:59:11 +09:00
cat
016da20443
nix: expose compat flag in nixos module
...
Test / Create distribution (push) Successful in 1m55s
Test / Run NixOS test (push) Successful in 4m6s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-25 12:42:48 +09:00
cat
37780456a7
helper: block more unusual/privileged syscalls
...
Test / Create distribution (push) Successful in 1m44s
Test / Run NixOS test (push) Successful in 3m35s
These are toggled by F_EXT and exposed as SyscallPolicy.Compat in the Go interface.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-25 12:35:47 +09:00
cat
efacaa40fa
nix: set deny_devel correctly
...
Test / Create distribution (push) Successful in 1m55s
Test / Run NixOS test (push) Successful in 3m51s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-24 00:50:35 +09:00
cat
ad6d0ee55f
workflows: rename integration test artifact
...
Test / Create distribution (push) Successful in 1m53s
Test / Run NixOS test (push) Successful in 3m45s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-24 00:30:39 +09:00
cat
cf791469d8
workflows: gc store and purge old caches
...
Test / Create distribution (push) Successful in 1m39s
Test / Run NixOS test (push) Successful in 3m32s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-24 00:25:57 +09:00
cat
be14421775
workflows: merge test build job into test
...
Test / Create distribution (push) Successful in 2m8s
Test / Run NixOS test (push) Successful in 3m57s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-24 00:22:44 +09:00
cat
045983d7f4
wl: separate inline C
...
Build / Create distribution (push) Successful in 1m41s
Test / Run NixOS test (push) Successful in 3m29s
Having a huge blurb of inline C hurts readability on web pages and some text editors.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-23 22:06:29 +09:00
cat
7106b00968
release: 0.2.11
...
Build / Create distribution (push) Successful in 3m51s
Release / Create release (push) Successful in 4m12s
Test / Run NixOS test (push) Successful in 6m17s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-23 20:49:49 +09:00
cat
96d5d8a396
nix: apply shared home config to reserved aid
...
Build / Create distribution (push) Successful in 2m16s
Test / Run NixOS test (push) Successful in 5m43s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-23 20:48:04 +09:00
cat
8a00a83c71
nix: expose syscall filter policy
...
Build / Create distribution (push) Successful in 1m31s
Test / Run NixOS test (push) Successful in 1m52s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-23 17:24:42 +09:00
cat
134247b57d
nix: configure target users via nixos
...
Build / Create distribution (push) Successful in 2m0s
Test / Run NixOS test (push) Successful in 3m46s
This makes patching home-manager no longer necessary.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-23 17:04:19 +09:00
cat
b5bb7654da
nix: redirect sway output to journal
...
Build / Create distribution (push) Successful in 2m8s
Test / Run NixOS test (push) Successful in 3m58s
This makes swaymsg exec output appear in test output.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-23 16:08:22 +09:00
cat
cc1efa22e2
fst: add missing fields to template
...
Build / Create distribution (push) Successful in 1m28s
Test / Run NixOS test (push) Successful in 3m43s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-22 12:09:25 +09:00
cat
580128922b
cmd/fpkg: expose syscall policy options
...
Build / Create distribution (push) Successful in 1m34s
Test / Run NixOS test (push) Successful in 3m44s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-22 12:01:30 +09:00
cat
