7a8b625a57
app: rename /fortify to /.fortify
...
Tests / Go tests (push) Successful in 35s
Nix / NixOS tests (push) Successful in 2m57s
Also removed the inner share tmpfs mount.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-21 18:11:32 +09:00
8bf12bbe68
nix: clear terminal prior to screenshot
...
Tests / Go tests (push) Successful in 35s
Nix / NixOS tests (push) Successful in 2m50s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-21 18:04:17 +09:00
f8c3d53327
nix: test pulseaudio pass through
...
Tests / Go tests (push) Successful in 39s
Nix / NixOS tests (push) Successful in 3m15s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-21 17:58:14 +09:00
74fe74e6b5
app: do not fail on missing cookie
...
Tests / Go tests (push) Successful in 40s
Nix / NixOS tests (push) Successful in 2m55s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-21 17:56:21 +09:00
ed8ee5eb4b
nix: filter nix files from src
...
Tests / Go tests (push) Successful in 38s
Nix / NixOS tests (push) Successful in 3m7s
This prevents constant rebuilds when debugging integration tests.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-21 17:39:42 +09:00
af4d92b785
nix: test dbus proxy
...
Tests / Go tests (push) Successful in 37s
Nix / NixOS tests (push) Successful in 3m1s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-21 14:19:50 +09:00
ce04dd52ca
nix: background go test
...
Tests / Go tests (push) Successful in 38s
Nix / NixOS tests (push) Successful in 3m0s
Go test takes significant time.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-21 13:58:57 +09:00
3d042f4992
nix: remove workspace switching
...
Tests / Go tests (push) Successful in 36s
Nix / NixOS tests (push) Successful in 3m17s
Switching workspaces does not test anything and introduces unnecessary wait time.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-21 13:52:05 +09:00
68660a2ad4
fortify: config/state pretty-print subcommand
...
Tests / Go tests (push) Successful in 43s
Nix / NixOS tests (push) Successful in 3m8s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-21 12:29:04 +09:00
b9cc318314
system: implement Enablements String method
...
Tests / Go tests (push) Successful in 40s
Nix / NixOS tests (push) Successful in 3m9s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-20 23:21:19 +09:00
ed10574dea
state: store join util
...
Tests / Go tests (push) Successful in 39s
Nix / NixOS tests (push) Successful in 3m5s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-20 19:05:39 +09:00
195b717e01
release: 0.2.5
...
Tests / Go tests (push) Successful in 49s
Create distribution / Release (push) Successful in 1m6s
Nix / NixOS tests (push) Successful in 1m23s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-20 00:28:48 +09:00
df6fc298f6
migrate to git.gensokyo.uk/security/fortify
...
Tests / Go tests (push) Successful in 2m55s
Nix / NixOS tests (push) Successful in 5m10s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-20 00:20:02 +09:00
eae3034260
state: expose aids and use instance id as key
...
Tests / Go tests (push) Successful in 39s
Nix / NixOS tests (push) Successful in 3m26s
Fortify state store instances was specific to aids due to outdated design decisions carried over from the ego rewrite. That no longer makes sense in the current application, so the interface now enables a single store object to manage all transient state.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-19 21:36:17 +09:00
5ea7333431
fst: implement app id parser
...
Tests / Go tests (push) Successful in 40s
Nix / NixOS tests (push) Successful in 3m8s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-19 18:19:47 +09:00
f796622c35
state: rename simple store implementation
...
Tests / Go tests (push) Successful in 42s
Nix / NixOS tests (push) Successful in 3m4s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-19 11:48:48 +09:00
5d25bee786
fortify: remove systemd check
...
Tests / Go tests (push) Successful in 38s
Nix / NixOS tests (push) Successful in 3m3s
This is no longer necessary as fortify no longer integrates with external user switchers.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-19 11:14:31 +09:00
b48ece3bb0
acl: use test-managed tmpdir
...
Tests / Go tests (push) Successful in 44s
Nix / NixOS tests (push) Successful in 3m7s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-19 11:08:13 +09:00
9f95f60400
release: 0.2.4
...
Tests / Go tests (push) Successful in 52s
Create distribution / Release (push) Successful in 1m9s
Nix / NixOS tests (push) Successful in 1m23s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-18 23:52:52 +09:00
90dd57f75d
workflows: cache nix store
...
Tests / Go tests (push) Successful in 45s
Nix / NixOS tests (push) Successful in 1m11s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-18 23:38:39 +09:00
141f2e3685
workflows: cache apt packages
...
Tests / Go tests (push) Successful in 36s
Nix / NixOS tests (push) Successful in 5m43s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-18 23:05:28 +09:00
73aa285e8f
workflows: upload nixos test output
...
Tests / Go tests (push) Successful in 44s
Nix / NixOS tests (push) Successful in 5m45s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-18 20:32:40 +09:00
6e87fc02dd
workflows: build and upload test distribution
...
Tests / Go tests (push) Successful in 43s
Nix / NixOS tests (push) Successful in 5m33s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-18 20:28:35 +09:00
52f21a19f3
cmd/fshim: switch to setup pipe
...
Tests / Go tests (push) Successful in 38s
Nix / NixOS tests (push) Successful in 5m43s
The socket-based approach is no longer necessary as fsu allows extra files and sudo compatibility is no longer relevant.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-18 19:39:25 +09:00
7be53a2438
cmd/fshim: switch to generic setup func
...
Tests / Go tests (push) Successful in 38s
Nix / NixOS tests (push) Successful in 5m47s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-18 17:20:31 +09:00
7f29b37a32
proc: setup payload send
...
Generic setup payload encoder adapted from fshim.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-18 17:20:01 +09:00
f69e8e753e
cmd/finit: switch to generic receive func
...
Tests / Go tests (push) Successful in 38s
Nix / NixOS tests (push) Successful in 5m40s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-18 16:49:19 +09:00
ef8fd37e9d
proc: setup payload receive
...
Generic implementation of setup payload receiver adapted from finit.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-18 16:48:41 +09:00
2f676c9d6e
fst: rename from fipc
...
Tests / Go tests (push) Successful in 38s
Nix / NixOS tests (push) Successful in 5m48s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-18 15:50:46 +09:00
bbace8f84b
nix: increase cpu count
...
Tests / Go tests (push) Successful in 38s
Nix / NixOS tests (push) Successful in 5m41s
This improves performance, especially when kvm is inaccessible.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-18 15:32:52 +09:00
2efedf56c0
nix: collect fortify ps output
...
Tests / Go tests (push) Successful in 38s
Nix / NixOS tests (push) Successful in 10m38s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-18 13:48:39 +09:00
b752ec4468
fipc: export config struct
...
Tests / Go tests (push) Successful in 1m12s
Nix / NixOS tests (push) Successful in 10m51s
Also store full config as part of state.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-18 13:45:55 +09:00
5d00805a7c
nix: check acl rollback
...
Tests / Go tests (push) Successful in 1m1s
Nix / NixOS tests (push) Successful in 10m32s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-18 12:49:32 +09:00
7b6052a473
nix: run Go tests in nixos
...
Tests / Go tests (push) Successful in 41s
Nix / NixOS tests (push) Successful in 9m56s
Nix build environment does not support ACLs in any filesystem. This allows acl tests to run.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-17 21:16:55 +09:00
38653c6ab5
release: 0.2.3
...
Tests / Go tests (push) Successful in 55s
Create distribution / Release (push) Successful in 1m1s
Nix / NixOS tests (push) Successful in 5m5s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-17 14:06:17 +09:00
b5cbbeab90
dist: generate distribution tarball
...
Tests / Go tests (push) Successful in 46s
Create distribution / Release (push) Successful in 49s
Nix / NixOS tests (push) Successful in 5m9s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-17 14:02:54 +09:00
c3ba0c3cce
nix: rename nixos test
...
Tests / Go tests (push) Successful in 39s
Nix / NixOS tests (push) Successful in 5m0s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-17 13:02:12 +09:00
b453f70ca2
cmd/fsu: check uid range before syscall
...
Tests / Go tests (push) Successful in 43s
Nix / NixOS tests (push) Successful in 5m0s
This limits potential exploits to the fortify uid range.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-17 13:01:36 +09:00
c2b178e626
xcb: refactor and clean up
...
Tests / Go tests (push) Successful in 45s
Nix / NixOS tests (push) Successful in 5m2s
No clean way to write Go tests for this package. Will rely on NixOS tests for now.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-17 12:46:36 +09:00
aeda40fc92
nix: test x11 permissive defaults
...
Tests / Go tests (push) Successful in 40s
Nix / NixOS tests (push) Successful in 4m51s
Also invoke glinfo/wayland-info as part of tests.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-17 12:40:29 +09:00
65dc39956f
workflows: set action names
...
Tests / Go tests (push) Successful in 42s
Nix / NixOS tests (push) Successful in 4m33s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-17 11:12:39 +09:00
35505c8a26
workflows: invoke nix flake checks
...
check / nix-flake-check (push) Successful in 4m32s
test / test (push) Successful in 37s
Integration tests are implemented as nix flake checks.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-17 10:49:43 +09:00
3f993021f8
nix: permissive defaults nixos test
...
test / test (push) Successful in 37s
Adapted from nixos sway integration tests.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-16 22:56:10 +09:00
4d3bd5338f
nix: implement flake checks
...
test / test (push) Successful in 36s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-16 20:54:28 +09:00
138666d753
nix: skip acl test
...
test / test (push) Successful in 39s
The nix build environment does not support ACLs.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-16 19:29:01 +09:00
f4628e181b
acl: create test file in tmpdir
...
test / test (push) Successful in 37s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-16 18:58:09 +09:00
c8a90666c5
acl: refactor and clean up
...
test / test (push) Successful in 37s
Move all C code to c.go, switch to pkg-config, set up finalizer for acl.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-16 18:27:19 +09:00
ee41b37606
acl: add tests
...
test / test (push) Successful in 37s
These tests test UpdatePerm correctness by parsing getfacl output.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-16 16:00:31 +09:00
e3f1d7ba60
release: 0.2.2
...
release / release (push) Successful in 44s
test / test (push) Successful in 35s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-07 21:47:22 +09:00
39e3ac3ccd
nix: require /etc/userdb nix-daemon
...
test / test (push) Successful in 36s
There seems to be some kind of credential caching in nix-daemon.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-07 21:07:57 +09:00