cat
891b3cbde7
cmd/fpkg: compare all three store paths
...
Tests / Go tests (push) Successful in 34s
Nix / NixOS tests (push) Successful in 3m39s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-29 17:10:41 +09:00
cat
c795293f36
cmd/fpkg: clean up broken links before activation
...
Tests / Go tests (push) Successful in 35s
Nix / NixOS tests (push) Successful in 3m38s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-29 15:21:40 +09:00
cat
42e1043300
nix: set home-manager user information
...
Tests / Go tests (push) Successful in 33s
Nix / NixOS tests (push) Successful in 2m36s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-29 15:11:36 +09:00
cat
5416b07daa
nix: remove unused argument 'self'
...
Tests / Go tests (push) Successful in 34s
Nix / NixOS tests (push) Successful in 2m36s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-29 14:49:55 +09:00
cat
e57a0e9bf2
nix: rename fortifyBundle to buildPackage
...
Tests / Go tests (push) Successful in 34s
Nix / NixOS tests (push) Successful in 2m35s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-29 14:35:37 +09:00
cat
ab48706ebe
dist: install fpkg to /usr/bin
...
Tests / Go tests (push) Successful in 36s
Nix / NixOS tests (push) Successful in 2m25s
This is a high level user-facing tool.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-29 01:04:53 +09:00
cat
c1a459a0b1
cmd/fpkg/start: correct drop to shell wording
...
Tests / Go tests (push) Successful in 52s
Nix / NixOS tests (push) Successful in 4m27s
Activation no longer happens during application startup.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-29 00:56:14 +09:00
cat
5125e96ecf
nix: generate application package build script
...
Tests / Go tests (push) Successful in 55s
Nix / NixOS tests (push) Successful in 4m24s
This takes some metadata, sandbox options, a launch script and a list of home-manager modules. The result needs to be executed in an environment with nix daemon access, and it produces the final package file.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-29 00:42:21 +09:00
cat
e0e2f40e84
cmd/fpkg: app bundle helper
...
Tests / Go tests (push) Successful in 43s
Nix / NixOS tests (push) Successful in 4m25s
This helper program creates fortify configuration for running an application bundle. The activate action wraps a home-manager activation package and ensures each generation gets activated once.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-26 13:21:49 +09:00
cat
bf8094c6ca
internal: include path to fortify main program
...
Tests / Go tests (push) Successful in 36s
Nix / NixOS tests (push) Successful in 4m6s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-26 12:48:48 +09:00
cat
2e3bb1893e
release: 0.2.8
...
Tests / Go tests (push) Successful in 42s
Create distribution / Release (push) Successful in 1m0s
Nix / NixOS tests (push) Successful in 3m53s
This release mostly fixes bugs uncovered when running fortify on a generic linux distribution.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-29 01:09:47 +09:00
cat
9b206072fa
cmd/fshim: ensure data directory
...
Tests / Go tests (push) Successful in 36s
Nix / NixOS tests (push) Successful in 3m33s
Ensuring home directory in shim causes the directory to be owned by the target user.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-28 14:39:01 +09:00
cat
b9e2003d5b
app: ensure extra paths
...
Tests / Go tests (push) Successful in 36s
Nix / NixOS tests (push) Successful in 3m37s
The primary use case for extra perms is app-specific state directories, which may or may not exist (first run of any app).
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-28 14:07:49 +09:00
cat
66ec0d882f
dist: build with -trimpath
...
Tests / Go tests (push) Successful in 35s
Nix / NixOS tests (push) Successful in 3m26s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-28 13:44:05 +09:00
cat
847b667489
app: extra acl entries from configuration
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-28 13:23:27 +09:00
cat
c70f0612ad
fortify/print: skip nil filesystem entries
...
Tests / Go tests (push) Successful in 31s
Nix / NixOS tests (push) Successful in 3m24s
This fixes a panic when displaying configurations with nil filesystem entries.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-28 12:14:42 +09:00
cat
85e5b097fd
fst/config: add template etc entry
...
Tests / Go tests (push) Successful in 31s
Nix / NixOS tests (push) Successful in 3m21s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-28 12:05:32 +09:00
cat
0107620d8c
app: merge share methods
...
Tests / Go tests (push) Successful in 32s
Nix / NixOS tests (push) Successful in 3m25s
This significantly increases readability and makes order of ops more obvious.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-28 11:12:35 +09:00
cat
fc26659ea1
fst/config: autoetc read custom path
...
Tests / Go tests (push) Successful in 43s
Nix / NixOS tests (push) Successful in 3m40s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-27 18:57:44 +09:00
cat
1f173a469c
system/dbus: fix inverted system bus state
...
Tests / Go tests (push) Successful in 33s
Nix / NixOS tests (push) Successful in 3m38s
Debug message and socket cleanup gets missed due to this value being inverted.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-27 18:38:11 +09:00
cat
2fdbd6a4dd
fst/config: alternative /etc directory
...
Tests / Go tests (push) Successful in 32s
Nix / NixOS tests (push) Successful in 3m41s
This is useful for static /etc directories provided by self-contained application packages, or in cases where autoetc is useful for paths other than /etc.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-27 18:06:26 +09:00
cat
aef847b5ae
helper/bwrap: fix typo in --dir config builder
...
Tests / Go tests (push) Successful in 32s
Nix / NixOS tests (push) Successful in 3m33s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-27 15:34:43 +09:00
cat
0a2aa5823b
cmd/fshim: bind finit inside sandbox
...
Tests / Go tests (push) Successful in 34s
Nix / NixOS tests (push) Successful in 3m32s
The outer finit executable is normally inaccessible inside the sandbox. This was obscured by the current Nix-based setup exposing /nix/store to the sandbox.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-27 14:44:57 +09:00
cat
b956ce4052
ldd: trim leading and trailing white spaces from name
...
Tests / Go tests (push) Successful in 33s
Nix / NixOS tests (push) Successful in 3m31s
Glibc emits ldd output with \t prefix for formatting. Remove that here.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-26 16:53:01 +09:00
cat
dc579dc610
dbus/run: bind ldd entry absolute name
...
Tests / Go tests (push) Successful in 32s
Nix / NixOS tests (push) Successful in 3m35s
The ld.so entry has an absolute name. They are usually symlinks so binding path does not guarantee ld.so availability under its expected path in the mount namespace.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-26 16:36:03 +09:00
cat
ade57c39af
ldd: add fhs glibc test case
...
Tests / Go tests (push) Successful in 33s
Nix / NixOS tests (push) Successful in 3m34s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-26 16:33:02 +09:00
cat
614ad86a5b
dbus: fail on LookPath error
...
Tests / Go tests (push) Successful in 35s
Nix / NixOS tests (push) Successful in 3m24s
An absolute path to xdg-dbus-proxy is required.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-26 16:08:48 +09:00
cat
831dc6a181
dist: create checksum in dist directory
...
Tests / Go tests (push) Successful in 35s
Nix / NixOS tests (push) Successful in 3m38s
This makes verification easier.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-26 15:14:35 +09:00
cat
c67b8ab9ac
fst/config: improve correctness of comments
...
Tests / Go tests (push) Successful in 33s
Nix / NixOS tests (push) Successful in 3m26s
The meanings of many of these fields have changed since they were added.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-26 00:45:29 +09:00
cat
7c5aaa38e2
dist: include zsh completion
...
Tests / Go tests (push) Successful in 33s
Nix / NixOS tests (push) Successful in 3m26s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-25 23:41:54 +09:00
cat
b52b1a5f90
dist/install: do not replace existing fsurc
...
Tests / Go tests (push) Successful in 38s
Nix / NixOS tests (push) Successful in 3m28s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-25 23:37:15 +09:00
cat
9fc82d67b7
fortify/parse: accept config stream fd
...
Tests / Go tests (push) Successful in 36s
Nix / NixOS tests (push) Successful in 3m29s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-23 20:09:07 +09:00
cat
70bffeaa1e
fortify: clean up config loading
...
Tests / Go tests (push) Successful in 40s
Nix / NixOS tests (push) Successful in 3m28s
Move duplicate code to function. Also handle - as config from stdin.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-23 17:57:54 +09:00
cat
c109ac2653
release: 0.2.7
...
Tests / Go tests (push) Successful in 47s
Create distribution / Release (push) Successful in 1m5s
Nix / NixOS tests (push) Successful in 4m40s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-22 13:34:50 +09:00
cat
58f8731b2e
nix: include fortify show output
...
Tests / Go tests (push) Successful in 35s
Nix / NixOS tests (push) Successful in 3m40s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-22 13:28:21 +09:00
cat
8a9ba5e0ad
fortify: show short mode omit filesystems
...
Tests / Go tests (push) Successful in 36s
Nix / NixOS tests (push) Successful in 3m19s
Filesystem information can be quite noisy in permissive defaults.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-22 13:20:33 +09:00
cat
f608f28a6a
app: mount /dev/kvm in permissive defaults
...
Tests / Go tests (push) Successful in 35s
Nix / NixOS tests (push) Successful in 3m21s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-22 12:37:24 +09:00
cat
aecfae1874
fortify: sort by time of start
...
Tests / Go tests (push) Successful in 35s
Nix / NixOS tests (push) Successful in 3m14s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-22 12:06:54 +09:00
cat
27f2b53d18
fortify: sort ps output
...
Tests / Go tests (push) Successful in 37s
Nix / NixOS tests (push) Successful in 3m20s
This ensures consistency between runs.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-22 11:59:53 +09:00
cat
5838963265
nix: test dbus via notify-send
...
Tests / Go tests (push) Successful in 1m28s
Nix / NixOS tests (push) Successful in 4m0s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-22 11:31:12 +09:00
cat
e8594cf670
fortify: print short instance id in non-json short mode
...
Tests / Go tests (push) Successful in 1m23s
Nix / NixOS tests (push) Successful in 3m28s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-22 11:02:19 +09:00
cat
5c73acb56f
release: 0.2.6
...
Tests / Go tests (push) Successful in 48s
Create distribution / Release (push) Successful in 1m12s
Nix / NixOS tests (push) Successful in 3m59s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-22 01:18:21 +09:00
cat
76ca2a92ee
nix: check state store contents
...
Tests / Go tests (push) Successful in 39s
Nix / NixOS tests (push) Successful in 3m27s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-22 01:10:48 +09:00
cat
f2869c4235
fortify: serialise ps with string as key
...
Tests / Go tests (push) Successful in 40s
Nix / NixOS tests (push) Successful in 2m59s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-21 23:52:48 +09:00
cat
bf11241649
fortify: zsh complete show instance list
...
Tests / Go tests (push) Successful in 37s
Nix / NixOS tests (push) Successful in 2m59s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-21 21:13:53 +09:00
cat
cb98baa19d
fortify: clean up ps formatting code
...
Tests / Go tests (push) Successful in 38s
Nix / NixOS tests (push) Successful in 3m1s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-21 20:34:40 +09:00
cat
4f4c690d38
fortify: move json indent call
...
Tests / Go tests (push) Successful in 36s
Nix / NixOS tests (push) Successful in 2m59s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-21 19:06:25 +09:00
cat
df7f692e61
fortify: move show formatting out of main
...
Tests / Go tests (push) Successful in 38s
Nix / NixOS tests (push) Successful in 3m1s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-21 18:33:30 +09:00
cat
7a8b625a57
app: rename /fortify to /.fortify
...
Tests / Go tests (push) Successful in 35s
Nix / NixOS tests (push) Successful in 2m57s
Also removed the inner share tmpfs mount.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-21 18:11:32 +09:00
cat
8bf12bbe68
nix: clear terminal prior to screenshot
...
Tests / Go tests (push) Successful in 35s
Nix / NixOS tests (push) Successful in 2m50s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-21 18:04:17 +09:00
cat
