hakurei

Author	SHA1	Message	Date
cat	87e008d56d	treewide: rename to hakurei Test / Create distribution (push) Successful in 43s Details Test / Sandbox (push) Successful in 2m18s Details Test / Hakurei (push) Successful in 3m10s Details Test / Sandbox (race detector) (push) Successful in 3m30s Details Test / Hakurei (race detector) (push) Successful in 4m43s Details Test / Fpkg (push) Successful in 5m4s Details Test / Flake checks (push) Successful in 1m12s Details Fortify makes little sense for a container tool. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-06-25 04:57:41 +09:00
cat	b7e991de5b	nix: update flake lock Test / Create distribution (push) Successful in 51s Details Test / Sandbox (push) Successful in 15m56s Details Test / Sandbox (race detector) (push) Successful in 16m5s Details Test / Fpkg (push) Successful in 17m33s Details Test / Fortify (race detector) (push) Successful in 2m28s Details Test / Fortify (push) Successful in 40s Details Test / Flake checks (push) Successful in 2m58s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-06-05 04:05:39 +09:00
cat	dde2516304	dbus: handle bizarre dbus proxy behaviour Test / Create distribution (push) Successful in 28s Details Test / Sandbox (push) Successful in 1m53s Details Test / Fortify (push) Successful in 2m44s Details Test / Sandbox (race detector) (push) Successful in 3m2s Details Test / Fpkg (push) Successful in 3m36s Details Test / Fortify (race detector) (push) Successful in 4m16s Details Test / Flake checks (push) Successful in 1m17s Details There is a strange behaviour in xdg-dbus-proxy where if any interface string when stripped of a single ".*" suffix does not contain a '.' byte anywhere, the program will exit with code 1 without any output. This checks for such conditions to make the failure less confusing. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-05-25 19:50:06 +09:00
cat	5979d8b1e0	dbus: clean up wrapper implementation Test / Create distribution (push) Successful in 27s Details Test / Sandbox (push) Successful in 1m50s Details Test / Fortify (push) Successful in 2m49s Details Test / Sandbox (race detector) (push) Successful in 3m4s Details Test / Fpkg (push) Successful in 3m35s Details Test / Fortify (race detector) (push) Successful in 4m13s Details Test / Flake checks (push) Successful in 1m3s Details The dbus proxy wrapper haven't been updated much ever since the helper interface was introduced. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-04-16 23:35:17 +09:00
cat	584405f7cc	sandbox/seccomp: rename flag type and constants Test / Create distribution (push) Successful in 27s Details Test / Sandbox (push) Successful in 1m38s Details Test / Fortify (push) Successful in 2m39s Details Test / Sandbox (race detector) (push) Successful in 2m55s Details Test / Fpkg (push) Successful in 3m26s Details Test / Fortify (race detector) (push) Successful in 4m5s Details Test / Flake checks (push) Successful in 56s Details The names are ambiguous. Rename them to make more sense. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-04-08 01:59:45 +09:00
cat	78aaae7ee0	helper/args: copy args on wt creation Test / Create distribution (push) Successful in 26s Details Test / Fortify (push) Successful in 2m49s Details Test / Data race detector (push) Successful in 3m4s Details Test / Fpkg (push) Successful in 3m15s Details Test / Flake checks (push) Successful in 1m1s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-27 18:22:07 +09:00
cat	24618ab9a1	sandbox: move out of internal Test / Create distribution (push) Successful in 18s Details Test / Fpkg (push) Successful in 2m40s Details Test / Data race detector (push) Successful in 3m13s Details Test / Fortify (push) Successful in 3m1s Details Test / Flake checks (push) Successful in 51s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-17 02:55:36 +09:00
cat	9a1f8e129f	sandbox: wrap fmsg interface Test / Create distribution (push) Successful in 24s Details Test / Fortify (push) Successful in 2m27s Details Test / Fpkg (push) Successful in 3m36s Details Test / Data race detector (push) Successful in 4m16s Details Test / Flake checks (push) Successful in 55s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-17 02:44:07 +09:00
cat	44277dc0f1	dbus: run in native sandbox Test / Create distribution (push) Successful in 24s Details Test / Fortify (push) Successful in 2m31s Details Test / Fpkg (push) Successful in 3m25s Details Test / Data race detector (push) Successful in 4m5s Details Test / Flake checks (push) Successful in 53s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-17 00:13:14 +09:00
cat	273d97af85	ldd: lib paths resolve function Test / Create distribution (push) Successful in 24s Details Test / Fortify (push) Successful in 2m37s Details Test / Fpkg (push) Successful in 3m37s Details Test / Data race detector (push) Successful in 3m50s Details Test / Flake checks (push) Successful in 56s Details This is what always happens right after a ldd call, so implement it here. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-16 01:20:09 +09:00
cat	6e7ddb2d2e	helper: eliminate commandContext replacement Test / Create distribution (push) Successful in 26s Details Test / Fortify (push) Successful in 2m44s Details Test / Fpkg (push) Successful in 3m42s Details Test / Data race detector (push) Successful in 3m51s Details Test / Flake checks (push) Successful in 57s Details This is done more cleanly by modifying Args in cmdF. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-16 00:01:25 +09:00
cat	10a21ce3ef	helper: expose extra files to direct Test / Create distribution (push) Successful in 42s Details Test / Fpkg (push) Successful in 11m23s Details Test / Fortify (push) Successful in 5m32s Details Test / Data race detector (push) Successful in 2m35s Details Test / Flake checks (push) Successful in 56s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-15 02:27:40 +09:00
cat	f9bf20a3c7	helper: rearrange initialisation args Test / Create distribution (push) Successful in 41s Details Test / Fortify (push) Successful in 3m3s Details Test / Data race detector (push) Successful in 4m32s Details Test / Fpkg (push) Successful in 4m47s Details Test / Flake checks (push) Successful in 1m3s Details This improves consistency across two different helper implementations. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-15 01:06:31 +09:00
cat	f443d315ad	helper: clean up interface Test / Create distribution (push) Successful in 26s Details Test / Fortify (push) Successful in 2m37s Details Test / Fpkg (push) Successful in 3m40s Details Test / Data race detector (push) Successful in 3m54s Details Test / Flake checks (push) Successful in 59s Details The helper interface was messy due to odd context acquisition order. That has changed, so this cleans it up. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-15 00:27:44 +09:00
cat	7c60a4d8e8	helper: embed context on creation Test / Create distribution (push) Successful in 24s Details Test / Fortify (push) Successful in 2m34s Details Test / Fpkg (push) Successful in 3m22s Details Test / Data race detector (push) Successful in 3m44s Details Test / Flake checks (push) Successful in 49s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-14 18:30:22 +09:00
cat	39dc8e7bd8	dbus: set process group id Test / Create distribution (push) Successful in 25s Details Test / Fortify (push) Successful in 2m18s Details Test / Data race detector (push) Successful in 3m11s Details Test / Flake checks (push) Successful in 40s Details This stops signals sent by the TTY driver from propagating to the xdg-dbus-proxy process. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-25 18:12:41 +09:00
cat	73146ea7fa	dbus: remove BwrapStatic method Test / Create distribution (push) Successful in 54s Details Test / Run NixOS test (push) Successful in 8m20s Details This method does not do anything and is not called from anywhere. It also does not make any sense as a public interface since the argument builder is no longer stateless. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-14 18:09:59 +09:00
cat	fe7d208cf7	helper: use generic extra files interface Test / Create distribution (push) Successful in 1m38s Details Test / Run NixOS test (push) Successful in 4m36s Details This replaces the pipes object and integrates context into helper process lifecycle. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-13 23:34:15 +09:00
cat	72fb13dccc	dbus: lock for read in public args interface Test / Create distribution (push) Successful in 1m27s Details Test / Run NixOS test (push) Successful in 4m2s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-07 13:42:29 +09:00
cat	8c51012ef5	dbus: enable syscall filter Build / Create distribution (push) Successful in 1m33s Details Test / Run NixOS test (push) Successful in 3m42s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-22 11:49:23 +09:00
cat	9a239fa1a5	helper/bwrap: integrate seccomp into helper interface Build / Create distribution (push) Successful in 1m36s Details Test / Run NixOS test (push) Successful in 3m40s Details This makes API usage much cleaner, and encapsulates all bwrap arguments in argsWt. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-22 01:52:57 +09:00
cat	2f70506865	helper/bwrap: move sync to helper state Build / Create distribution (push) Successful in 1m25s Details Test / Run NixOS test (push) Successful in 3m33s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-19 18:38:13 +09:00
cat	1651eb06df	dbus: implement dbus_parse_address Tests / Go tests (push) Successful in 1m14s Details Nix / NixOS tests (push) Successful in 7m36s Details This parses D-Bus addresses according to spec. It does significantly fewer copies than dbus_parse_address. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-12 23:24:03 +09:00
cat	ac543a1ce8	dbus: rename makeTestCases Tests / Go tests (push) Successful in 2m36s Details Nix / NixOS tests (push) Successful in 10m5s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-12 23:21:28 +09:00
cat	c4d6651cae	update reverse-DNS style identifiers Tests / Go tests (push) Successful in 1m6s Details Nix / NixOS tests (push) Successful in 4m11s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-31 16:16:38 +09:00
cat	dc579dc610	dbus/run: bind ldd entry absolute name Tests / Go tests (push) Successful in 32s Details Nix / NixOS tests (push) Successful in 3m35s Details The ld.so entry has an absolute name. They are usually symlinks so binding path does not guarantee ld.so availability under its expected path in the mount namespace. Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-26 16:36:03 +09:00
cat	614ad86a5b	dbus: fail on LookPath error Tests / Go tests (push) Successful in 35s Details Nix / NixOS tests (push) Successful in 3m24s Details An absolute path to xdg-dbus-proxy is required. Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-26 16:08:48 +09:00
cat	df6fc298f6	migrate to git.gensokyo.uk/security/fortify Tests / Go tests (push) Successful in 2m55s Details Nix / NixOS tests (push) Successful in 5m10s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-20 00:20:02 +09:00
cat	4b7b899bb3	add package doc comments test / test (push) Successful in 19s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-28 20:57:59 +09:00
cat	65af1684e3	migrate to git.ophivana.moe/security/fortify test / test (push) Successful in 14s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-20 19:50:13 +09:00
cat	33cf0bed54	dbus: various accessors for dbus.Proxy internal fields These values are useful during sandbox setup and exporting them makes more sense than storing them twice. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-16 01:27:49 +09:00
cat	2faf510146	helper/bwrap: ordered filesystem args The argument builder was written based on the incorrect assumption that bwrap arguments are unordered. The argument builder is replaced in this commit to correct that mistake. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-15 02:15:55 +09:00
cat	0f421644be	dbus: improve unsealed behaviour coverage Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-12 00:53:08 +09:00
cat	d41b9d2d9c	ldd: separate Parse from Exec and trim space Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-09 23:51:15 +09:00
cat	753c5191b1	dbus/run: support running xdg-dbus-proxy in a restrictive bubblewrap sandbox Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-09 20:41:42 +09:00
cat	55a5b6f242	dbus: use name resolved by exec.Command Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-07 16:55:27 +09:00
cat	85407dd3c0	helper: helper.Helper interface For upcoming bwrap implementation of helper.Helper Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-07 15:37:52 +09:00
cat	9647eb6a6b	helper: separate pipes from Helper Upcoming bwrap helper implementation requires two sets of pipes to be managed, fd will also no longer be constant. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-07 12:48:20 +09:00
cat	d1415305ae	dbus: test child process handling behaviour via helper stub Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-09-29 15:49:32 +09:00
cat	98f9fdb7cc	dbus: configurable xdg-dbus-proxy output Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-09-29 15:27:29 +09:00
cat	dc59f20d7b	dbus: toggleable xdg-dbus-proxy output Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-09-29 15:24:54 +09:00
cat	0e7849fac2	dbus: add more test cases Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-09-28 19:19:31 +09:00
cat	342c66aae8	dbus: replace test suffix * with + Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-09-28 17:47:15 +09:00
cat	cf182d1fbe	dbus: seal test error check for correct error returned Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-09-28 17:00:20 +09:00
cat	1038af98f0	dbus: add tests Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-09-28 00:06:16 +09:00
cat	aa2be18f47	dbus/config: implement file loading functions Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-09-27 23:53:08 +09:00
cat	84d8c27b5f	dbus: return exported error for nil config Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-09-27 23:52:38 +09:00
cat	ee2f5ed6ac	dbus/config: remove unused method Null checking is replaced by helper/args while string building is no longer required. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-09-27 12:04:28 +09:00
cat	8492239cba	helper/args: simplify argument parsing and eliminate excess memory copies Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-09-25 14:00:30 +09:00
cat	a8b4b3634b	dbus: use generalised helper.Helper for xdg-dbus-proxy Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-09-25 01:17:38 +09:00

1 2

58 Commits