rosa/hakurei
6
4
Fork 2
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases 19 Wiki Activity
2,458 Commits 3 Branches 19 Tags
e192fca762c2a44743474db33e5c807aab68ce6b
Commit Graph

156 Commits

Author SHA1 Message Date
cat 7eafc7b1e4 nix: update flake lock
Test / Create distribution (push) Successful in 1m3s
Details
Test / Sandbox (push) Successful in 2m52s
Details
Test / ShareFS (push) Successful in 4m5s
Details
Test / Sandbox (race detector) (push) Successful in 5m45s
Details
Test / Hakurei (race detector) (push) Successful in 7m0s
Details
Test / Hakurei (push) Successful in 2m23s
Details
Test / Flake checks (push) Successful in 1m14s
Details 
Was unfortunately not able to implement vm test suite before this release. Hopefully the last nixos update we have to follow.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-06-06 13:14:09 +09:00
cat da11b26ec1 container/initoverlay: configure via fsconfig
Test / ShareFS (push) Successful in 40s
Details
Test / Hakurei (push) Successful in 53s
Details
Test / Hakurei (race detector) (push) Successful in 51s
Details
Test / Create distribution (push) Successful in 1m1s
Details
Test / Sandbox (push) Successful in 1m48s
Details
Test / Sandbox (race detector) (push) Successful in 2m37s
Details
Test / Flake checks (push) Successful in 1m20s
Details 
This works around the page size limit at the cost of negligible performance regressions.

Closes #34.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-05-04 02:29:56 +09:00
cat 725ae7d64d nix: remove all explicit timeouts
Test / ShareFS (push) Successful in 2m18s
Details
Test / Create distribution (push) Successful in 2m43s
Details
Test / Sandbox (push) Successful in 3m21s
Details
Test / Sandbox (race detector) (push) Successful in 4m11s
Details
Test / Hakurei (push) Successful in 4m26s
Details
Test / Hakurei (race detector) (push) Successful in 5m14s
Details
Test / Flake checks (push) Successful in 1m54s
Details 
These were useful during development because timing out is often the only indication of failure due to the terrible design of nixos vm test harness. This has become a nuisance however especially when the system is under load, so remove explicit values and fall back to the ludicrously high default.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-23 13:07:22 +09:00
cat 28ebf973d6 nix: add sharefs supplementary group
Test / Sandbox (push) Successful in 1m1s
Details
Test / Hakurei (push) Successful in 1m5s
Details
Test / Sandbox (race detector) (push) Successful in 1m2s
Details
Test / Hakurei (race detector) (push) Successful in 1m10s
Details
Test / Create distribution (push) Successful in 1m19s
Details
Test / ShareFS (push) Successful in 3m6s
Details
Test / Flake checks (push) Successful in 1m33s
Details 
This works around vfs inode file attribute race.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-11 23:28:18 +09:00
cat b0ba165107 cmd/sharefs: group-accessible permission bits
Test / Create distribution (push) Successful in 1m16s
Details
Test / Sandbox (push) Successful in 3m17s
Details
Test / Hakurei (push) Successful in 4m21s
Details
Test / ShareFS (push) Successful in 4m30s
Details
Test / Sandbox (race detector) (push) Successful in 5m43s
Details
Test / Hakurei (race detector) (push) Successful in 6m48s
Details
Test / Flake checks (push) Successful in 1m28s
Details 
This works around the race in vfs via supplementary group.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-08 16:14:47 +09:00
cat 351d6c5a35 cmd/sharefs: reproduce vfs inode file attribute race
Test / ShareFS (push) Successful in 46s
Details
Test / Sandbox (race detector) (push) Successful in 53s
Details
Test / Sandbox (push) Successful in 55s
Details
Test / Hakurei (push) Successful in 1m1s
Details
Test / Hakurei (race detector) (push) Successful in 1m0s
Details
Test / Create distribution (push) Successful in 1m11s
Details
Test / Flake checks (push) Successful in 1m28s
Details 
This happens in the vfs permissions check only and stale data appears to never reach userspace.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-08 15:51:36 +09:00
cat e4355279a1 all: optionally forbid degrading in tests
Test / Create distribution (push) Successful in 1m28s
Details
Test / Sandbox (push) Successful in 3m27s
Details
Test / Hakurei (push) Successful in 4m41s
Details
Test / ShareFS (push) Successful in 4m47s
Details
Test / Sandbox (race detector) (push) Successful in 5m57s
Details
Test / Hakurei (race detector) (push) Successful in 7m3s
Details
Test / Flake checks (push) Successful in 1m29s
Details 
This enables transparently degradable tests to be forced on in environments known to support them.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-07 15:22:52 +09:00
cat a6600be34a all: use filepath
Test / Create distribution (push) Successful in 1m17s
Details
Test / Sandbox (push) Successful in 3m5s
Details
Test / Hakurei (push) Successful in 4m12s
Details
Test / ShareFS (push) Successful in 4m25s
Details
Test / Sandbox (race detector) (push) Successful in 5m39s
Details
Test / Hakurei (race detector) (push) Successful in 6m44s
Details
Test / Flake checks (push) Successful in 1m24s
Details 
This makes package check portable, and removes nonportable behaviour from package pkg, pipewire, and system. All other packages remain nonportable due to their nature. No latency increase was observed due to this change on amd64 and arm64 linux.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-30 18:24:53 +09:00
cat b1ea3b4acf cmd/hakurei: rename app to run
Test / Create distribution (push) Successful in 1m15s
Details
Test / Sandbox (push) Successful in 3m7s
Details
Test / Hakurei (push) Successful in 4m21s
Details
Test / ShareFS (push) Successful in 4m20s
Details
Test / Sandbox (race detector) (push) Successful in 5m39s
Details
Test / Hakurei (race detector) (push) Successful in 6m36s
Details
Test / Flake checks (push) Successful in 1m24s
Details 
The run command was a legacy holdover from very early days and is only useful for testing and demonstration these days. This change also renames it to exec.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-28 16:48:26 +09:00
cat 620062cca9 hst: expose scheduling priority
Test / ShareFS (push) Successful in 43s
Details
Test / Hakurei (push) Successful in 53s
Details
Test / Sandbox (push) Successful in 49s
Details
Test / Sandbox (race detector) (push) Successful in 48s
Details
Test / Hakurei (race detector) (push) Successful in 53s
Details
Test / Create distribution (push) Successful in 35s
Details
Test / Flake checks (push) Successful in 1m18s
Details 
This is useful when limits are configured to allow it.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-12 02:15:14 +09:00
cat 196b200d0f container: expose priority and SCHED_OTHER policy
Test / Create distribution (push) Successful in 35s
Details
Test / ShareFS (push) Successful in 40s
Details
Test / Sandbox (push) Successful in 46s
Details
Test / Sandbox (race detector) (push) Successful in 45s
Details
Test / Hakurei (push) Successful in 52s
Details
Test / Hakurei (race detector) (push) Successful in 50s
Details
Test / Flake checks (push) Successful in 1m14s
Details 
The more explicit API removes the arbitrary limit preventing use of SCHED_OTHER (referred to as SCHED_NORMAL in the kernel). This change also exposes priority value to set.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-12 01:14:03 +09:00
cat 04e6bc3c5c hst: expose scheduling policy
Test / ShareFS (push) Successful in 39s
Details
Test / Sandbox (push) Successful in 45s
Details
Test / Hakurei (push) Successful in 50s
Details
Test / Sandbox (race detector) (push) Successful in 45s
Details
Test / Hakurei (race detector) (push) Successful in 49s
Details
Test / Create distribution (push) Successful in 59s
Details
Test / Flake checks (push) Successful in 1m19s
Details 
This is primarily useful for poorly written music players for now.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-12 00:52:18 +09:00
cat 48cdf8bf85 go: 1.26
Test / Sandbox (push) Successful in 3m1s
Details
Test / Hakurei (push) Successful in 3m58s
Details
Test / ShareFS (push) Successful in 4m10s
Details
Test / Sandbox (race detector) (push) Successful in 5m25s
Details
Test / Hakurei (race detector) (push) Successful in 6m48s
Details
Test / Create distribution (push) Successful in 1m3s
Details
Test / Flake checks (push) Successful in 2m24s
Details 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-10 03:29:19 +09:00
cat 1df3bcc3b9 nix: mount tmpfs on /tmp
Test / ShareFS (push) Successful in 36s
Details
Test / Sandbox (race detector) (push) Successful in 46s
Details
Test / Sandbox (push) Successful in 47s
Details
Test / Hpkg (push) Successful in 47s
Details
Test / Create distribution (push) Successful in 1m1s
Details
Test / Hakurei (push) Successful in 3m4s
Details
Test / Hakurei (race detector) (push) Successful in 3m30s
Details
Test / Flake checks (push) Successful in 1m38s
Details 
This hopefully eliminates spurious test failures caused by /tmp running out of space.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-02-16 18:22:29 +09:00
cat 7bfbd59810 cmd/sharefs: implement shared filesystem
Test / Create distribution (push) Successful in 46s
Details
Test / Sandbox (push) Successful in 2m40s
Details
Test / Hakurei (push) Successful in 3m41s
Details
Test / Hpkg (push) Successful in 4m42s
Details
Test / Sandbox (race detector) (push) Successful in 4m53s
Details
Test / Hakurei (race detector) (push) Successful in 5m53s
Details
Test / ShareFS (push) Successful in 38m10s
Details
Test / Flake checks (push) Successful in 1m46s
Details 
This is for passing files between applications, similar to android /sdcard.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-12-25 05:13:02 +09:00
cat 767f1844d2 test: check shim private dir cleanup
Test / Create distribution (push) Successful in 38s
Details
Test / Hpkg (push) Successful in 45s
Details
Test / Sandbox (push) Successful in 1m35s
Details
Test / Sandbox (race detector) (push) Successful in 2m28s
Details
Test / Hakurei (push) Successful in 2m32s
Details
Test / Hakurei (race detector) (push) Successful in 3m17s
Details
Test / Flake checks (push) Successful in 1m31s
Details 
This asserts that no shim private dir was left behind after all containers terminate.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-12-15 20:30:19 +09:00
cat 54610aaddc internal/outcome: expose pipewire via pipewire-pulse
Test / Create distribution (push) Successful in 28s
Details
Test / Sandbox (push) Successful in 42s
Details
Test / Hakurei (push) Successful in 3m20s
Details
Test / Hpkg (push) Successful in 2m13s
Details
Test / Sandbox (race detector) (push) Successful in 4m25s
Details
Test / Hakurei (race detector) (push) Successful in 3m21s
Details
Test / Flake checks (push) Successful in 1m30s
Details 
This no longer exposes the pipewire socket to the container, and instead mediates access via pipewire-pulse. This makes insecure parts of the protocol inaccessible as explained in the doc comment in hst.

Closes #29.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-12-15 12:57:06 +09:00
cat ebc67bb8ad nix: update flake lock
Test / Create distribution (push) Successful in 1m1s
Details
Test / Sandbox (push) Successful in 4m13s
Details
Test / Hakurei (push) Successful in 5m11s
Details
Test / Sandbox (race detector) (push) Successful in 5m46s
Details
Test / Hakurei (race detector) (push) Successful in 6m50s
Details
Test / Hpkg (push) Successful in 13m44s
Details
Test / Flake checks (push) Successful in 2m14s
Details 
NixOS 25.11 introduces a crash in cage and an intermittent crash in foot.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-12-12 08:39:55 +09:00
cat e9fb1d7be5 container/initdaemon: copy wstatus from wait4 loop
Test / Create distribution (push) Successful in 27s
Details
Test / Sandbox (push) Successful in 44s
Details
Test / Sandbox (race detector) (push) Successful in 42s
Details
Test / Hakurei (push) Successful in 48s
Details
Test / Hpkg (push) Successful in 44s
Details
Test / Hakurei (race detector) (push) Successful in 47s
Details
Test / Flake checks (push) Successful in 1m37s
Details 
Due to the special nature of the init process, direct use of wait outside the wait4 loop is racy. This change copies the wstatus from wait4 loop state instead.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-12-08 22:58:42 +09:00
cat d5fb179012 cmd/hakurei: exec instead of fork/exec from shell
Test / Create distribution (push) Successful in 36s
Details
Test / Sandbox (push) Successful in 2m44s
Details
Test / Sandbox (race detector) (push) Successful in 4m40s
Details
Test / Hakurei (push) Successful in 4m53s
Details
Test / Hpkg (push) Successful in 5m5s
Details
Test / Hakurei (race detector) (push) Successful in 6m26s
Details
Test / Flake checks (push) Successful in 1m27s
Details 
There is no reason to keep the shell process around.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-12-08 22:29:41 +09:00
cat 2786611b88 test/interactive: add app with bad daemon
Test / Create distribution (push) Successful in 36s
Details
Test / Sandbox (push) Successful in 40s
Details
Test / Sandbox (race detector) (push) Successful in 41s
Details
Test / Hakurei (push) Successful in 44s
Details
Test / Hakurei (race detector) (push) Successful in 45s
Details
Test / Hpkg (push) Successful in 41s
Details
Test / Flake checks (push) Successful in 1m28s
Details 
This is useful for testing daemon error handling behaviour.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-12-08 22:12:07 +09:00
cat 87781c7658 treewide: include PipeWire op and enforce PulseAudio check
Test / Create distribution (push) Successful in 29s
Details
Test / Sandbox (push) Successful in 40s
Details
Test / Sandbox (race detector) (push) Successful in 41s
Details
Test / Hakurei (push) Successful in 44s
Details
Test / Hpkg (push) Successful in 41s
Details
Test / Hakurei (race detector) (push) Successful in 45s
Details
Test / Flake checks (push) Successful in 1m29s
Details 
This fully replaces PulseAudio with PipeWire and enforces the PulseAudio check and error message. The pipewire-pulse daemon is handled in the NixOS module.

Closes #26.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-12-08 08:53:04 +09:00
cat 422efcf258 hst: check for insecure PulseAudio enablement
Test / Create distribution (push) Successful in 37s
Details
Test / Sandbox (push) Successful in 43s
Details
Test / Sandbox (race detector) (push) Successful in 42s
Details
Test / Hakurei (push) Successful in 47s
Details
Test / Hakurei (race detector) (push) Successful in 46s
Details
Test / Hpkg (push) Successful in 5m39s
Details
Test / Flake checks (push) Successful in 1m32s
Details 
This is currently still a noop, but required for #26.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-12-08 03:13:02 +09:00
cat c761e1de4d nix: build with clang
Test / Create distribution (push) Successful in 36s
Details
Test / Sandbox (push) Successful in 41s
Details
Test / Sandbox (race detector) (push) Successful in 41s
Details
Test / Hakurei (push) Successful in 44s
Details
Test / Hakurei (race detector) (push) Successful in 45s
Details
Test / Hpkg (push) Successful in 42s
Details
Test / Flake checks (push) Successful in 1m29s
Details 
Clang is better than gcc in various ways. This also pulls in clang-format which is very helpful.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-15 16:36:36 +09:00
cat b5630f6883 test: move package sandbox internal
Test / Create distribution (push) Successful in 33s
Details
Test / Hakurei (push) Successful in 43s
Details
Test / Hpkg (push) Successful in 40s
Details
Test / Hakurei (race detector) (push) Successful in 43s
Details
Test / Sandbox (push) Successful in 1m56s
Details
Test / Sandbox (race detector) (push) Successful in 2m39s
Details
Test / Flake checks (push) Successful in 1m24s
Details 
This should never be used outside vm tests.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-12 23:03:22 +09:00
cat ac34635890 container: set FD_CLOEXEC on all open files
Test / Create distribution (push) Successful in 29s
Details
Test / Sandbox (race detector) (push) Successful in 40s
Details
Test / Hakurei (race detector) (push) Successful in 46s
Details
Test / Hakurei (push) Successful in 47s
Details
Test / Sandbox (push) Successful in 44s
Details
Test / Hpkg (push) Successful in 43s
Details
Test / Flake checks (push) Successful in 1m31s
Details 
While fd created from this side always has the FD_CLOEXEC flag, the same is not true for files left open by the parent. This change prevents those files from leaking into the container.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-12 00:18:29 +09:00
cat 9dec9dbc4b container/init: close setup pipe early
Test / Create distribution (push) Successful in 34s
Details
Test / Sandbox (push) Successful in 2m32s
Details
Test / Sandbox (race detector) (push) Successful in 4m30s
Details
Test / Hpkg (push) Successful in 4m48s
Details
Test / Hakurei (race detector) (push) Successful in 6m17s
Details
Test / Hakurei (push) Successful in 3m17s
Details
Test / Flake checks (push) Successful in 1m21s
Details 
This prevents leaking the setup pipe.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-11 07:31:58 +09:00
cat bb92e3ada9 cmd/hakurei: expose current instance identifier
Test / Create distribution (push) Successful in 33s
Details
Test / Sandbox (push) Successful in 2m25s
Details
Test / Hakurei (push) Successful in 4m36s
Details
Test / Sandbox (race detector) (push) Successful in 4m31s
Details
Test / Hpkg (push) Successful in 4m52s
Details
Test / Hakurei (race detector) (push) Successful in 6m4s
Details
Test / Flake checks (push) Successful in 1m24s
Details 
This writes the 16-byte instance identifier to file descriptor specified by --identifier-fd if set, and closes the file.

This enables safely obtaining the new instance's identifier.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-10 07:52:35 +09:00
cat 5c2b63a7f1 container: add 386 constants
Test / Create distribution (push) Successful in 32s
Details
Test / Sandbox (push) Successful in 2m17s
Details
Test / Hakurei (push) Successful in 3m11s
Details
Test / Hpkg (push) Successful in 4m0s
Details
Test / Sandbox (race detector) (push) Successful in 4m16s
Details
Test / Hakurei (race detector) (push) Successful in 5m2s
Details
Test / Flake checks (push) Successful in 1m24s
Details 
While it is unlikely a use case for hakurei on i686 exists, it does not hurt to have this support.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-05 20:21:14 +09:00
cat cb9ebf0e15 hst/grp_pwd: specify new uid format
Test / Create distribution (push) Successful in 27s
Details
Test / Sandbox (push) Successful in 41s
Details
Test / Sandbox (race detector) (push) Successful in 41s
Details
Test / Hpkg (push) Successful in 42s
Details
Test / Hakurei (push) Successful in 47s
Details
Test / Hakurei (race detector) (push) Successful in 46s
Details
Test / Flake checks (push) Successful in 1m31s
Details 
This leaves slots available for additional uid ranges in Rosa OS.

This breaks all existing installations! Users are required to fix ownership manually.

Closes #18.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-04 08:24:41 +09:00
cat 0edcb7c1d3 test: print share directory
Test / Create distribution (push) Successful in 35s
Details
Test / Sandbox (race detector) (push) Successful in 41s
Details
Test / Sandbox (push) Successful in 41s
Details
Test / Hpkg (push) Successful in 41s
Details
Test / Hakurei (push) Successful in 2m24s
Details
Test / Hakurei (race detector) (push) Successful in 3m3s
Details
Test / Flake checks (push) Successful in 1m29s
Details 
This is more useful now that state is tracked here.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-02 17:00:59 +09:00
cat 0e5ca74b98 cmd/hakurei/print: serialise array for ps
Test / Create distribution (push) Successful in 35s
Details
Test / Sandbox (push) Successful in 40s
Details
Test / Sandbox (race detector) (push) Successful in 42s
Details
Test / Hakurei (push) Successful in 2m25s
Details
Test / Hakurei (race detector) (push) Successful in 3m7s
Details
Test / Hpkg (push) Successful in 3m13s
Details
Test / Flake checks (push) Successful in 1m27s
Details 
Wanted to do this for a long time, since the key is redundant. This also makes it easier to migrate to the new store interface.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-02 16:37:08 +09:00
cat 2442eda8d9 hst/instance: embed config struct
Test / Create distribution (push) Successful in 34s
Details
Test / Sandbox (push) Successful in 41s
Details
Test / Sandbox (race detector) (push) Successful in 40s
Details
Test / Hakurei (push) Successful in 2m20s
Details
Test / Hakurei (race detector) (push) Successful in 2m59s
Details
Test / Hpkg (push) Successful in 3m20s
Details
Test / Flake checks (push) Successful in 1m28s
Details 
This makes the resulting json easier to parse since it can now be deserialised into the config struct.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-24 00:42:16 +09:00
cat 56beae17fe test: assert hst CGO_ENABLED=0
Test / Create distribution (push) Successful in 33s
Details
Test / Sandbox (push) Successful in 40s
Details
Test / Sandbox (race detector) (push) Successful in 39s
Details
Test / Hpkg (push) Successful in 41s
Details
Test / Hakurei (push) Successful in 2m29s
Details
Test / Hakurei (race detector) (push) Successful in 3m7s
Details
Test / Flake checks (push) Successful in 1m24s
Details 
The hst package only deals with data serialisation, however since many parts of hakurei make use of C libraries in some way it can be easy to inadvertently depend on cgo.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-21 19:49:04 +09:00
cat fbd1638e7f test/interactive/trace: update nix attribute
Test / Create distribution (push) Successful in 33s
Details
Test / Sandbox (push) Successful in 40s
Details
Test / Sandbox (race detector) (push) Successful in 40s
Details
Test / Hakurei (race detector) (push) Successful in 44s
Details
Test / Hakurei (push) Successful in 45s
Details
Test / Hpkg (push) Successful in 42s
Details
Test / Flake checks (push) Successful in 1m28s
Details 
Updated according to evaluation warning.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-21 06:03:09 +09:00
cat 699c19e972 hst/container: optional runtime and tmpdir sharing
Test / Create distribution (push) Successful in 25s
Details
Test / Sandbox (push) Successful in 39s
Details
Test / Sandbox (race detector) (push) Successful in 39s
Details
Test / Hakurei (push) Successful in 42s
Details
Test / Hpkg (push) Successful in 40s
Details
Test / Hakurei (race detector) (push) Successful in 44s
Details
Test / Flake checks (push) Successful in 1m23s
Details 
Sharing and persisting these directories do not always make sense. Make it optional here.

Closes #16.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-19 04:11:38 +09:00
cat b5b30aea2e test: place marker in common path
Test / Create distribution (push) Successful in 26s
Details
Test / Sandbox (race detector) (push) Successful in 39s
Details
Test / Sandbox (push) Successful in 41s
Details
Test / Hakurei (race detector) (push) Successful in 45s
Details
Test / Hpkg (push) Successful in 42s
Details
Test / Hakurei (push) Successful in 46s
Details
Test / Flake checks (push) Successful in 1m33s
Details 
This discontinues the dependency on shared tmpdir and xdg_runtime_dir implementation detail, for #16.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-19 03:50:48 +09:00
cat e47aebb7a0 internal/app/outcome: apply configured filesystems late
Test / Create distribution (push) Successful in 27s
Details
Test / Sandbox (push) Successful in 1m42s
Details
Test / Hakurei (push) Successful in 2m37s
Details
Test / Hpkg (push) Successful in 3m33s
Details
Test / Sandbox (race detector) (push) Successful in 4m10s
Details
Test / Hakurei (race detector) (push) Successful in 4m49s
Details
Test / Flake checks (push) Successful in 1m29s
Details 
This enables configured filesystems to cover system mount points.

Closes #8.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-19 01:41:52 +09:00
cat d4284c109d internal/app/spruntime: emulate pam_systemd type
Test / Create distribution (push) Successful in 34s
Details
Test / Hakurei (push) Successful in 44s
Details
Test / Hakurei (race detector) (push) Successful in 44s
Details
Test / Hpkg (push) Successful in 42s
Details
Test / Sandbox (push) Successful in 1m42s
Details
Test / Sandbox (race detector) (push) Successful in 2m29s
Details
Test / Flake checks (push) Successful in 1m22s
Details 
This sets XDG_SESSION_TYPE to the corresponding values specified in pam_systemd(8) according to enablements.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-18 04:33:04 +09:00
cat 52e3324ef4 test/sandbox: ignore nondeterministic mount point
Test / Create distribution (push) Successful in 27s
Details
Test / Sandbox (race detector) (push) Successful in 42s
Details
Test / Sandbox (push) Successful in 43s
Details
Test / Hakurei (race detector) (push) Successful in 46s
Details
Test / Hpkg (push) Successful in 43s
Details
Test / Hakurei (push) Successful in 47s
Details
Test / Flake checks (push) Successful in 1m30s
Details 
No idea what systemd is doing with this to cause its options to change.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-14 07:08:39 +09:00
cat 9e48d7f562 hst/config: move container fields from toplevel
Test / Create distribution (push) Successful in 33s
Details
Test / Sandbox (push) Successful in 2m7s
Details
Test / Hpkg (push) Successful in 3m54s
Details
Test / Hakurei (race detector) (push) Successful in 5m18s
Details
Test / Sandbox (race detector) (push) Successful in 2m10s
Details
Test / Hakurei (push) Successful in 2m13s
Details
Test / Flake checks (push) Successful in 1m33s
Details 
This change also moves pd behaviour to cmd/hakurei, as this does not belong in the hst API.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-07 04:24:45 +09:00
cat f280994957 internal/app: check nscd socket for path hiding
Test / Create distribution (push) Successful in 34s
Details
Test / Hakurei (push) Successful in 45s
Details
Test / Hakurei (race detector) (push) Successful in 45s
Details
Test / Hpkg (push) Successful in 42s
Details
Test / Sandbox (push) Successful in 1m32s
Details
Test / Sandbox (race detector) (push) Successful in 2m19s
Details
Test / Flake checks (push) Successful in 1m26s
Details 
This can seriously break things, and exposes extra host attack surface, so include it here.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-05 20:47:30 +09:00
cat ae2df2c450 internal: remove sys package
Test / Create distribution (push) Successful in 33s
Details
Test / Sandbox (push) Successful in 2m13s
Details
Test / Hakurei (push) Successful in 3m14s
Details
Test / Hpkg (push) Successful in 4m2s
Details
Test / Sandbox (race detector) (push) Successful in 4m39s
Details
Test / Hakurei (race detector) (push) Successful in 5m19s
Details
Test / Flake checks (push) Successful in 1m19s
Details 
This package is replaced by container/stub. Remove and replace it with unexported implementation for the upcoming test suite rewrite.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-25 13:51:54 +09:00
cat 773253fdf5 test/sandbox: raise timeout
Test / Create distribution (push) Successful in 37s
Details
Test / Hpkg (push) Successful in 46s
Details
Test / Hakurei (push) Successful in 51s
Details
Test / Hakurei (race detector) (push) Successful in 51s
Details
Test / Sandbox (push) Successful in 1m31s
Details
Test / Sandbox (race detector) (push) Successful in 2m13s
Details
Test / Flake checks (push) Successful in 1m36s
Details 
The integration vm is being very slow for some reason. This change should reduce spurious timeouts.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-24 19:41:59 +09:00
cat f09133a224 test: check init lingering timeout behaviour
Test / Create distribution (push) Successful in 34s
Details
Test / Sandbox (race detector) (push) Successful in 41s
Details
Test / Sandbox (push) Successful in 40s
Details
Test / Hpkg (push) Successful in 41s
Details
Test / Hakurei (race detector) (push) Successful in 4m7s
Details
Test / Hakurei (push) Successful in 2m35s
Details
Test / Flake checks (push) Successful in 1m35s
Details 
This checks init timeout on lingering process after initial process termination.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-22 21:56:29 +09:00
cat a2a291791c internal/sys: separate hsu uid cache
Test / Create distribution (push) Successful in 33s
Details
Test / Hakurei (push) Successful in 3m8s
Details
Test / Hpkg (push) Successful in 3m56s
Details
Test / Sandbox (race detector) (push) Successful in 4m34s
Details
Test / Hakurei (race detector) (push) Successful in 5m6s
Details
Test / Sandbox (push) Successful in 1m23s
Details
Test / Flake checks (push) Successful in 1m22s
Details 
This begins the effort of the removal of the sys package.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-15 02:30:47 +09:00
cat 1cdc6b4246 test/sandbox: create marker in /var/tmp
Test / Hakurei (push) Successful in 49s
Details
Test / Create distribution (push) Successful in 39s
Details
Test / Hakurei (race detector) (push) Successful in 48s
Details
Test / Hpkg (push) Successful in 49s
Details
Test / Sandbox (push) Successful in 1m41s
Details
Test / Sandbox (race detector) (push) Successful in 2m31s
Details
Test / Flake checks (push) Successful in 1m29s
Details 
This prepares the test suite for private TMPDIR.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-14 16:45:17 +09:00
cat 56aad8dc11 test/sandbox/tool: marker pathname from flag
Test / Hakurei (push) Successful in 45s
Details
Test / Create distribution (push) Successful in 37s
Details
Test / Hakurei (race detector) (push) Successful in 45s
Details
Test / Hpkg (push) Successful in 45s
Details
Test / Sandbox (push) Successful in 1m26s
Details
Test / Sandbox (race detector) (push) Successful in 2m10s
Details
Test / Flake checks (push) Successful in 1m32s
Details 
Since this is going to be placed in a shared directory, it needs to be unique to the identity. Instead of trying to figure out identity from mountinfo, just have the test script pass hardcoded values.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-14 15:57:41 +09:00
cat 83c4f8b767 test/sandbox: check extra writable paths
Test / Hakurei (push) Successful in 48s
Details
Test / Create distribution (push) Successful in 39s
Details
Test / Hakurei (race detector) (push) Successful in 49s
Details
Test / Hpkg (push) Successful in 47s
Details
Test / Sandbox (push) Successful in 1m52s
Details
Test / Sandbox (race detector) (push) Successful in 2m54s
Details
Test / Flake checks (push) Successful in 1m21s
Details 
This is not always obvious from mountinfo.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-14 15:12:51 +09:00
cat d0ddd71934 test/sandbox: bind /var/tmp writable
Test / Hakurei (push) Successful in 45s
Details
Test / Hakurei (race detector) (push) Successful in 45s
Details
Test / Create distribution (push) Successful in 38s
Details
Test / Hpkg (push) Successful in 46s
Details
Test / Sandbox (push) Successful in 1m36s
Details
Test / Sandbox (race detector) (push) Successful in 2m29s
Details
Test / Flake checks (push) Successful in 1m23s
Details 
This makes it possible to place markers with private tmpdir.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-14 14:59:53 +09:00