migrate to git.ophivana.moe/security/fortify
All checks were successful
test / test (push) Successful in 14s
All checks were successful
test / test (push) Successful in 14s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
This commit is contained in:
parent
cdda33555c
commit
65af1684e3
@ -1,7 +1,7 @@
|
||||
Fortify
|
||||
=======
|
||||
|
||||
[![Go Reference](https://pkg.go.dev/badge/git.ophivana.moe/cat/fortify.svg)](https://pkg.go.dev/git.ophivana.moe/cat/fortify)
|
||||
[![Go Reference](https://pkg.go.dev/badge/git.ophivana.moe/security/fortify.svg)](https://pkg.go.dev/git.ophivana.moe/security/fortify)
|
||||
|
||||
Lets you run graphical applications as another user in a confined environment with a nice NixOS
|
||||
module to configure target users and provide launchers and desktop files for your privileged user.
|
||||
@ -26,7 +26,7 @@ There are a few different things to set up for this to work:
|
||||
If you have a flakes-enabled nix environment, you can try out the tool by running:
|
||||
|
||||
```shell
|
||||
nix run git+https://git.ophivana.moe/cat/fortify -- -h
|
||||
nix run git+https://git.ophivana.moe/security/fortify -- -h
|
||||
```
|
||||
|
||||
## Module usage
|
||||
@ -41,7 +41,7 @@ To use the module, import it into your configuration with
|
||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
|
||||
|
||||
fortify = {
|
||||
url = "git+https://git.ophivana.moe/cat/fortify";
|
||||
url = "git+https://git.ophivana.moe/security/fortify";
|
||||
|
||||
# Optional but recommended to limit the size of your system closure.
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
@ -6,10 +6,10 @@ import (
|
||||
"fmt"
|
||||
"os"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/dbus"
|
||||
"git.ophivana.moe/cat/fortify/internal"
|
||||
"git.ophivana.moe/cat/fortify/internal/app"
|
||||
"git.ophivana.moe/cat/fortify/internal/system"
|
||||
"git.ophivana.moe/security/fortify/dbus"
|
||||
"git.ophivana.moe/security/fortify/internal"
|
||||
"git.ophivana.moe/security/fortify/internal/app"
|
||||
"git.ophivana.moe/security/fortify/internal/system"
|
||||
)
|
||||
|
||||
var (
|
||||
|
@ -9,7 +9,7 @@ import (
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/dbus"
|
||||
"git.ophivana.moe/security/fortify/dbus"
|
||||
)
|
||||
|
||||
func TestConfig_Args(t *testing.T) {
|
||||
|
@ -5,8 +5,8 @@ import (
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/dbus"
|
||||
"git.ophivana.moe/cat/fortify/helper"
|
||||
"git.ophivana.moe/security/fortify/dbus"
|
||||
"git.ophivana.moe/security/fortify/helper"
|
||||
)
|
||||
|
||||
func TestNew(t *testing.T) {
|
||||
|
@ -6,8 +6,8 @@ import (
|
||||
"io"
|
||||
"sync"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/helper"
|
||||
"git.ophivana.moe/cat/fortify/helper/bwrap"
|
||||
"git.ophivana.moe/security/fortify/helper"
|
||||
"git.ophivana.moe/security/fortify/helper/bwrap"
|
||||
)
|
||||
|
||||
// ProxyName is the file name or path to the proxy program.
|
||||
|
@ -9,9 +9,9 @@ import (
|
||||
"strconv"
|
||||
"strings"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/helper"
|
||||
"git.ophivana.moe/cat/fortify/helper/bwrap"
|
||||
"git.ophivana.moe/cat/fortify/ldd"
|
||||
"git.ophivana.moe/security/fortify/helper"
|
||||
"git.ophivana.moe/security/fortify/helper/bwrap"
|
||||
"git.ophivana.moe/security/fortify/ldd"
|
||||
)
|
||||
|
||||
// Start launches the D-Bus proxy and sets up the Wait method.
|
||||
|
@ -3,7 +3,7 @@ package dbus_test
|
||||
import (
|
||||
"sync"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/dbus"
|
||||
"git.ophivana.moe/security/fortify/dbus"
|
||||
)
|
||||
|
||||
var samples = []dbusTestCase{
|
||||
|
@ -3,7 +3,7 @@ package dbus_test
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/helper"
|
||||
"git.ophivana.moe/security/fortify/helper"
|
||||
)
|
||||
|
||||
func TestHelperChildStub(t *testing.T) {
|
||||
|
4
error.go
4
error.go
@ -5,8 +5,8 @@ import (
|
||||
"fmt"
|
||||
"os"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/internal/app"
|
||||
"git.ophivana.moe/cat/fortify/internal/fmsg"
|
||||
"git.ophivana.moe/security/fortify/internal/app"
|
||||
"git.ophivana.moe/security/fortify/internal/fmsg"
|
||||
)
|
||||
|
||||
func logWaitError(err error) {
|
||||
|
2
go.mod
2
go.mod
@ -1,3 +1,3 @@
|
||||
module git.ophivana.moe/cat/fortify
|
||||
module git.ophivana.moe/security/fortify
|
||||
|
||||
go 1.22
|
||||
|
@ -6,7 +6,7 @@ import (
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/helper"
|
||||
"git.ophivana.moe/security/fortify/helper"
|
||||
)
|
||||
|
||||
func Test_argsFD_String(t *testing.T) {
|
||||
|
@ -7,7 +7,7 @@ import (
|
||||
"strconv"
|
||||
"sync"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/helper/bwrap"
|
||||
"git.ophivana.moe/security/fortify/helper/bwrap"
|
||||
)
|
||||
|
||||
// BubblewrapName is the file name or path to bubblewrap.
|
||||
|
@ -7,8 +7,8 @@ import (
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/helper"
|
||||
"git.ophivana.moe/cat/fortify/helper/bwrap"
|
||||
"git.ophivana.moe/security/fortify/helper"
|
||||
"git.ophivana.moe/security/fortify/helper/bwrap"
|
||||
)
|
||||
|
||||
func TestBwrap(t *testing.T) {
|
||||
|
@ -5,7 +5,7 @@ import (
|
||||
"os"
|
||||
"testing"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/helper"
|
||||
"git.ophivana.moe/security/fortify/helper"
|
||||
)
|
||||
|
||||
func TestDirect(t *testing.T) {
|
||||
|
@ -6,7 +6,7 @@ import (
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/helper"
|
||||
"git.ophivana.moe/security/fortify/helper"
|
||||
)
|
||||
|
||||
var (
|
||||
|
@ -10,7 +10,7 @@ import (
|
||||
"syscall"
|
||||
"testing"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/helper/bwrap"
|
||||
"git.ophivana.moe/security/fortify/helper/bwrap"
|
||||
)
|
||||
|
||||
// InternalChildStub is an internal function but exported because it is cross-package;
|
||||
|
@ -3,7 +3,7 @@ package helper_test
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/helper"
|
||||
"git.ophivana.moe/security/fortify/helper"
|
||||
)
|
||||
|
||||
func TestHelperChildStub(t *testing.T) {
|
||||
|
@ -4,9 +4,9 @@ import (
|
||||
"encoding/gob"
|
||||
"os"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/dbus"
|
||||
"git.ophivana.moe/cat/fortify/helper/bwrap"
|
||||
"git.ophivana.moe/cat/fortify/internal/system"
|
||||
"git.ophivana.moe/security/fortify/dbus"
|
||||
"git.ophivana.moe/security/fortify/helper/bwrap"
|
||||
"git.ophivana.moe/security/fortify/internal/system"
|
||||
)
|
||||
|
||||
func init() {
|
||||
|
@ -4,7 +4,7 @@ import (
|
||||
"os/exec"
|
||||
"strings"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/internal/verbose"
|
||||
"git.ophivana.moe/security/fortify/internal/verbose"
|
||||
)
|
||||
|
||||
func (a *app) commandBuilderMachineCtl(shimEnv string) (args []string) {
|
||||
|
@ -3,7 +3,7 @@ package app
|
||||
import (
|
||||
"os"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/internal/verbose"
|
||||
"git.ophivana.moe/security/fortify/internal/verbose"
|
||||
)
|
||||
|
||||
const (
|
||||
|
@ -8,12 +8,12 @@ import (
|
||||
"path"
|
||||
"strconv"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/dbus"
|
||||
"git.ophivana.moe/cat/fortify/internal"
|
||||
"git.ophivana.moe/cat/fortify/internal/fmsg"
|
||||
"git.ophivana.moe/cat/fortify/internal/state"
|
||||
"git.ophivana.moe/cat/fortify/internal/system"
|
||||
"git.ophivana.moe/cat/fortify/internal/verbose"
|
||||
"git.ophivana.moe/security/fortify/dbus"
|
||||
"git.ophivana.moe/security/fortify/internal"
|
||||
"git.ophivana.moe/security/fortify/internal/fmsg"
|
||||
"git.ophivana.moe/security/fortify/internal/state"
|
||||
"git.ophivana.moe/security/fortify/internal/system"
|
||||
"git.ophivana.moe/security/fortify/internal/verbose"
|
||||
)
|
||||
|
||||
const (
|
||||
|
@ -3,9 +3,9 @@ package app
|
||||
import (
|
||||
"path"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/acl"
|
||||
"git.ophivana.moe/cat/fortify/dbus"
|
||||
"git.ophivana.moe/cat/fortify/internal/system"
|
||||
"git.ophivana.moe/security/fortify/acl"
|
||||
"git.ophivana.moe/security/fortify/dbus"
|
||||
"git.ophivana.moe/security/fortify/internal/system"
|
||||
)
|
||||
|
||||
const (
|
||||
|
@ -5,9 +5,9 @@ import (
|
||||
"os"
|
||||
"path"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/acl"
|
||||
"git.ophivana.moe/cat/fortify/internal/fmsg"
|
||||
"git.ophivana.moe/cat/fortify/internal/system"
|
||||
"git.ophivana.moe/security/fortify/acl"
|
||||
"git.ophivana.moe/security/fortify/internal/fmsg"
|
||||
"git.ophivana.moe/security/fortify/internal/system"
|
||||
)
|
||||
|
||||
const (
|
||||
|
@ -7,8 +7,8 @@ import (
|
||||
"os"
|
||||
"path"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/internal/fmsg"
|
||||
"git.ophivana.moe/cat/fortify/internal/system"
|
||||
"git.ophivana.moe/security/fortify/internal/fmsg"
|
||||
"git.ophivana.moe/security/fortify/internal/system"
|
||||
)
|
||||
|
||||
const (
|
||||
|
@ -3,8 +3,8 @@ package app
|
||||
import (
|
||||
"path"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/acl"
|
||||
"git.ophivana.moe/cat/fortify/internal/system"
|
||||
"git.ophivana.moe/security/fortify/acl"
|
||||
"git.ophivana.moe/security/fortify/internal/system"
|
||||
)
|
||||
|
||||
const (
|
||||
|
@ -4,8 +4,8 @@ import (
|
||||
"os"
|
||||
"path"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/acl"
|
||||
"git.ophivana.moe/cat/fortify/internal/system"
|
||||
"git.ophivana.moe/security/fortify/acl"
|
||||
"git.ophivana.moe/security/fortify/internal/system"
|
||||
)
|
||||
|
||||
const (
|
||||
|
@ -11,12 +11,12 @@ import (
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/helper"
|
||||
"git.ophivana.moe/cat/fortify/internal/fmsg"
|
||||
"git.ophivana.moe/cat/fortify/internal/shim"
|
||||
"git.ophivana.moe/cat/fortify/internal/state"
|
||||
"git.ophivana.moe/cat/fortify/internal/system"
|
||||
"git.ophivana.moe/cat/fortify/internal/verbose"
|
||||
"git.ophivana.moe/security/fortify/helper"
|
||||
"git.ophivana.moe/security/fortify/internal/fmsg"
|
||||
"git.ophivana.moe/security/fortify/internal/shim"
|
||||
"git.ophivana.moe/security/fortify/internal/state"
|
||||
"git.ophivana.moe/security/fortify/internal/system"
|
||||
"git.ophivana.moe/security/fortify/internal/verbose"
|
||||
)
|
||||
|
||||
// Start starts the fortified child
|
||||
|
@ -3,11 +3,11 @@ package app
|
||||
import (
|
||||
"os/user"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/dbus"
|
||||
"git.ophivana.moe/cat/fortify/helper/bwrap"
|
||||
"git.ophivana.moe/cat/fortify/internal"
|
||||
"git.ophivana.moe/cat/fortify/internal/state"
|
||||
"git.ophivana.moe/cat/fortify/internal/system"
|
||||
"git.ophivana.moe/security/fortify/dbus"
|
||||
"git.ophivana.moe/security/fortify/helper/bwrap"
|
||||
"git.ophivana.moe/security/fortify/internal"
|
||||
"git.ophivana.moe/security/fortify/internal/state"
|
||||
"git.ophivana.moe/security/fortify/internal/system"
|
||||
)
|
||||
|
||||
// appSeal seals the application with child-related information
|
||||
|
@ -7,7 +7,7 @@ import (
|
||||
"strconv"
|
||||
"sync"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/internal/verbose"
|
||||
"git.ophivana.moe/security/fortify/internal/verbose"
|
||||
)
|
||||
|
||||
// state that remain constant for the lifetime of the process
|
||||
|
@ -13,7 +13,7 @@ import (
|
||||
"syscall"
|
||||
"time"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/internal/verbose"
|
||||
"git.ophivana.moe/security/fortify/internal/verbose"
|
||||
)
|
||||
|
||||
const (
|
||||
|
@ -11,9 +11,9 @@ import (
|
||||
"strconv"
|
||||
"syscall"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/helper"
|
||||
init0 "git.ophivana.moe/cat/fortify/internal/init"
|
||||
"git.ophivana.moe/cat/fortify/internal/verbose"
|
||||
"git.ophivana.moe/security/fortify/helper"
|
||||
init0 "git.ophivana.moe/security/fortify/internal/init"
|
||||
"git.ophivana.moe/security/fortify/internal/verbose"
|
||||
)
|
||||
|
||||
// everything beyond this point runs as target user
|
||||
|
@ -8,8 +8,8 @@ import (
|
||||
"os"
|
||||
"syscall"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/acl"
|
||||
"git.ophivana.moe/cat/fortify/internal/verbose"
|
||||
"git.ophivana.moe/security/fortify/acl"
|
||||
"git.ophivana.moe/security/fortify/internal/verbose"
|
||||
)
|
||||
|
||||
// called in the parent process
|
||||
|
@ -1,6 +1,6 @@
|
||||
package shim
|
||||
|
||||
import "git.ophivana.moe/cat/fortify/helper/bwrap"
|
||||
import "git.ophivana.moe/security/fortify/helper/bwrap"
|
||||
|
||||
const EnvShim = "FORTIFY_SHIM"
|
||||
|
||||
|
@ -10,8 +10,8 @@ import (
|
||||
"text/tabwriter"
|
||||
"time"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/internal/system"
|
||||
"git.ophivana.moe/cat/fortify/internal/verbose"
|
||||
"git.ophivana.moe/security/fortify/internal/system"
|
||||
"git.ophivana.moe/security/fortify/internal/verbose"
|
||||
)
|
||||
|
||||
// MustPrintLauncherStateSimpleGlobal prints active launcher states of all simple stores
|
||||
|
@ -3,7 +3,7 @@ package state
|
||||
import (
|
||||
"time"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/internal/system"
|
||||
"git.ophivana.moe/security/fortify/internal/system"
|
||||
)
|
||||
|
||||
type Store interface {
|
||||
|
@ -4,9 +4,9 @@ import (
|
||||
"fmt"
|
||||
"slices"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/acl"
|
||||
"git.ophivana.moe/cat/fortify/internal/fmsg"
|
||||
"git.ophivana.moe/cat/fortify/internal/verbose"
|
||||
"git.ophivana.moe/security/fortify/acl"
|
||||
"git.ophivana.moe/security/fortify/internal/fmsg"
|
||||
"git.ophivana.moe/security/fortify/internal/verbose"
|
||||
)
|
||||
|
||||
// UpdatePerm appends an ephemeral acl update Op.
|
||||
|
@ -3,7 +3,7 @@ package system
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/acl"
|
||||
"git.ophivana.moe/security/fortify/acl"
|
||||
)
|
||||
|
||||
func TestUpdatePerm(t *testing.T) {
|
||||
|
@ -5,9 +5,9 @@ import (
|
||||
"fmt"
|
||||
"os"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/dbus"
|
||||
"git.ophivana.moe/cat/fortify/internal/fmsg"
|
||||
"git.ophivana.moe/cat/fortify/internal/verbose"
|
||||
"git.ophivana.moe/security/fortify/dbus"
|
||||
"git.ophivana.moe/security/fortify/internal/fmsg"
|
||||
"git.ophivana.moe/security/fortify/internal/verbose"
|
||||
)
|
||||
|
||||
var (
|
||||
|
@ -5,8 +5,8 @@ import (
|
||||
"fmt"
|
||||
"os"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/internal/fmsg"
|
||||
"git.ophivana.moe/cat/fortify/internal/verbose"
|
||||
"git.ophivana.moe/security/fortify/internal/fmsg"
|
||||
"git.ophivana.moe/security/fortify/internal/verbose"
|
||||
)
|
||||
|
||||
// Ensure the existence and mode of a directory.
|
||||
|
@ -4,7 +4,7 @@ import (
|
||||
"strconv"
|
||||
"testing"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/internal/system"
|
||||
"git.ophivana.moe/security/fortify/internal/system"
|
||||
)
|
||||
|
||||
func TestNew(t *testing.T) {
|
||||
|
@ -7,9 +7,9 @@ import (
|
||||
"os"
|
||||
"strconv"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/acl"
|
||||
"git.ophivana.moe/cat/fortify/internal/fmsg"
|
||||
"git.ophivana.moe/cat/fortify/internal/verbose"
|
||||
"git.ophivana.moe/security/fortify/acl"
|
||||
"git.ophivana.moe/security/fortify/internal/fmsg"
|
||||
"git.ophivana.moe/security/fortify/internal/verbose"
|
||||
)
|
||||
|
||||
// CopyFile registers an Op that copies path dst from src.
|
||||
|
@ -4,7 +4,7 @@ import (
|
||||
"strconv"
|
||||
"testing"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/acl"
|
||||
"git.ophivana.moe/security/fortify/acl"
|
||||
)
|
||||
|
||||
func TestCopyFile(t *testing.T) {
|
||||
|
@ -3,9 +3,9 @@ package system
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/internal/fmsg"
|
||||
"git.ophivana.moe/cat/fortify/internal/verbose"
|
||||
"git.ophivana.moe/cat/fortify/xcb"
|
||||
"git.ophivana.moe/security/fortify/internal/fmsg"
|
||||
"git.ophivana.moe/security/fortify/internal/verbose"
|
||||
"git.ophivana.moe/security/fortify/xcb"
|
||||
)
|
||||
|
||||
// ChangeHosts appends an X11 ChangeHosts command Op.
|
||||
|
@ -7,7 +7,7 @@ import (
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/internal/verbose"
|
||||
"git.ophivana.moe/security/fortify/internal/verbose"
|
||||
)
|
||||
|
||||
const (
|
||||
|
@ -3,7 +3,7 @@ package verbose_test
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/internal/verbose"
|
||||
"git.ophivana.moe/security/fortify/internal/verbose"
|
||||
)
|
||||
|
||||
func TestGetSet(t *testing.T) {
|
||||
|
@ -6,8 +6,8 @@ import (
|
||||
"os/exec"
|
||||
"strings"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/helper"
|
||||
"git.ophivana.moe/cat/fortify/helper/bwrap"
|
||||
"git.ophivana.moe/security/fortify/helper"
|
||||
"git.ophivana.moe/security/fortify/helper/bwrap"
|
||||
)
|
||||
|
||||
func Exec(p string) ([]*Entry, error) {
|
||||
|
@ -6,7 +6,7 @@ import (
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/ldd"
|
||||
"git.ophivana.moe/security/fortify/ldd"
|
||||
)
|
||||
|
||||
func TestParseError(t *testing.T) {
|
||||
|
10
main.go
10
main.go
@ -6,11 +6,11 @@ import (
|
||||
"os"
|
||||
"syscall"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/internal"
|
||||
"git.ophivana.moe/cat/fortify/internal/app"
|
||||
init0 "git.ophivana.moe/cat/fortify/internal/init"
|
||||
"git.ophivana.moe/cat/fortify/internal/shim"
|
||||
"git.ophivana.moe/cat/fortify/internal/verbose"
|
||||
"git.ophivana.moe/security/fortify/internal"
|
||||
"git.ophivana.moe/security/fortify/internal/app"
|
||||
init0 "git.ophivana.moe/security/fortify/internal/init"
|
||||
"git.ophivana.moe/security/fortify/internal/shim"
|
||||
"git.ophivana.moe/security/fortify/internal/verbose"
|
||||
)
|
||||
|
||||
var (
|
||||
|
Loading…
Reference in New Issue
Block a user