891b3cbde7
cmd/fpkg: compare all three store paths
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-29 17:10:41 +09:00
c795293f36
cmd/fpkg: clean up broken links before activation
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-29 15:21:40 +09:00
42e1043300
nix: set home-manager user information
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-29 15:11:36 +09:00
5416b07daa
nix: remove unused argument 'self'
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-29 14:49:55 +09:00
e57a0e9bf2
nix: rename fortifyBundle to buildPackage
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-29 14:35:37 +09:00
ab48706ebe
dist: install fpkg to /usr/bin
...
This is a high level user-facing tool.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-29 01:04:53 +09:00
c1a459a0b1
cmd/fpkg/start: correct drop to shell wording
...
Activation no longer happens during application startup.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-29 00:56:14 +09:00
5125e96ecf
nix: generate application package build script
...
This takes some metadata, sandbox options, a launch script and a list of home-manager modules. The result needs to be executed in an environment with nix daemon access, and it produces the final package file.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-29 00:42:21 +09:00
e0e2f40e84
cmd/fpkg: app bundle helper
...
This helper program creates fortify configuration for running an application bundle. The activate action wraps a home-manager activation package and ensures each generation gets activated once.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-26 13:21:49 +09:00
bf8094c6ca
internal: include path to fortify main program
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-26 12:48:48 +09:00
2e3bb1893e
release: 0.2.8
...
This release mostly fixes bugs uncovered when running fortify on a generic linux distribution.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-29 01:09:47 +09:00
9b206072fa
cmd/fshim: ensure data directory
...
Ensuring home directory in shim causes the directory to be owned by the target user.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-28 14:39:01 +09:00
b9e2003d5b
app: ensure extra paths
...
The primary use case for extra perms is app-specific state directories, which may or may not exist (first run of any app).
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-28 14:07:49 +09:00
66ec0d882f
dist: build with -trimpath
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-28 13:44:05 +09:00
847b667489
app: extra acl entries from configuration
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-28 13:23:27 +09:00
c70f0612ad
fortify/print: skip nil filesystem entries
...
This fixes a panic when displaying configurations with nil filesystem entries.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-28 12:14:42 +09:00
85e5b097fd
fst/config: add template etc entry
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-28 12:05:32 +09:00
0107620d8c
app: merge share methods
...
This significantly increases readability and makes order of ops more obvious.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-28 11:12:35 +09:00
fc26659ea1
fst/config: autoetc read custom path
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-27 18:57:44 +09:00
1f173a469c
system/dbus: fix inverted system bus state
...
Debug message and socket cleanup gets missed due to this value being inverted.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-27 18:38:11 +09:00
2fdbd6a4dd
fst/config: alternative /etc directory
...
This is useful for static /etc directories provided by self-contained application packages, or in cases where autoetc is useful for paths other than /etc.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-27 18:06:26 +09:00
aef847b5ae
helper/bwrap: fix typo in --dir config builder
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-27 15:34:43 +09:00
0a2aa5823b
cmd/fshim: bind finit inside sandbox
...
The outer finit executable is normally inaccessible inside the sandbox. This was obscured by the current Nix-based setup exposing /nix/store to the sandbox.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-27 14:44:57 +09:00
b956ce4052
ldd: trim leading and trailing white spaces from name
...
Glibc emits ldd output with \t prefix for formatting. Remove that here.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-26 16:53:01 +09:00
dc579dc610
dbus/run: bind ldd entry absolute name
...
The ld.so entry has an absolute name. They are usually symlinks so binding path does not guarantee ld.so availability under its expected path in the mount namespace.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-26 16:36:03 +09:00
ade57c39af
ldd: add fhs glibc test case
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-26 16:33:02 +09:00
614ad86a5b
dbus: fail on LookPath error
...
An absolute path to xdg-dbus-proxy is required.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-26 16:08:48 +09:00
831dc6a181
dist: create checksum in dist directory
...
This makes verification easier.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-26 15:14:35 +09:00
c67b8ab9ac
fst/config: improve correctness of comments
...
The meanings of many of these fields have changed since they were added.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-26 00:45:29 +09:00
7c5aaa38e2
dist: include zsh completion
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-25 23:41:54 +09:00
b52b1a5f90
dist/install: do not replace existing fsurc
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-25 23:37:15 +09:00
9fc82d67b7
fortify/parse: accept config stream fd
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-23 20:09:07 +09:00
70bffeaa1e
fortify: clean up config loading
...
Move duplicate code to function. Also handle - as config from stdin.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-23 17:57:54 +09:00
c109ac2653
release: 0.2.7
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-22 13:34:50 +09:00
58f8731b2e
nix: include fortify show output
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-22 13:28:21 +09:00
8a9ba5e0ad
fortify: show short mode omit filesystems
...
Filesystem information can be quite noisy in permissive defaults.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-22 13:20:33 +09:00
f608f28a6a
app: mount /dev/kvm in permissive defaults
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-22 12:37:24 +09:00
aecfae1874
fortify: sort by time of start
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-22 12:06:54 +09:00
27f2b53d18
fortify: sort ps output
...
This ensures consistency between runs.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-22 11:59:53 +09:00
5838963265
nix: test dbus via notify-send
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-22 11:31:12 +09:00
e8594cf670
fortify: print short instance id in non-json short mode
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-22 11:02:19 +09:00
5c73acb56f
release: 0.2.6
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-22 01:18:21 +09:00
76ca2a92ee
nix: check state store contents
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-22 01:10:48 +09:00
f2869c4235
fortify: serialise ps with string as key
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-21 23:52:48 +09:00
bf11241649
fortify: zsh complete show instance list
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-21 21:13:53 +09:00
cb98baa19d
fortify: clean up ps formatting code
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-21 20:34:40 +09:00
4f4c690d38
fortify: move json indent call
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-21 19:06:25 +09:00
df7f692e61
fortify: move show formatting out of main
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-21 18:33:30 +09:00
7a8b625a57
app: rename /fortify to /.fortify
...
Also removed the inner share tmpfs mount.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-21 18:11:32 +09:00
8bf12bbe68
nix: clear terminal prior to screenshot
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-21 18:04:17 +09:00