fortify

Author	SHA1	Message	Date
Ophestra	e9a7cd526f	app: improve shim process management All checks were successful Test / Create distribution (push) Successful in 27s Details Test / Sandbox (push) Successful in 1m45s Details Test / Fortify (push) Successful in 2m36s Details Test / Sandbox (race detector) (push) Successful in 2m49s Details Test / Fpkg (push) Successful in 3m33s Details Test / Fortify (race detector) (push) Successful in 4m13s Details Test / Flake checks (push) Successful in 1m6s Details This ensures a signal gets delivered to the process instead of relying on parent death behaviour. SIGCONT was chosen as it is the only signal an unprivileged process is allowed to send to processes with different credentials. A custom signal handler is installed because the Go runtime does not expose signal information other than which signal was received, and shim must check pid to ensure reasonable behaviour. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-04-07 03:55:17 +09:00
Ophestra	5c4058d5ac	app: run in native sandbox All checks were successful Test / Create distribution (push) Successful in 20s Details Test / Fortify (push) Successful in 2m5s Details Test / Fpkg (push) Successful in 3m0s Details Test / Data race detector (push) Successful in 4m12s Details Test / Flake checks (push) Successful in 1m4s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-25 01:52:49 +09:00
Ophestra	673b648bd3	cmd/fpkg: call app in-process All checks were successful Test / Create distribution (push) Successful in 28s Details Test / Fortify (push) Successful in 2m31s Details Test / Data race detector (push) Successful in 3m25s Details Test / Fpkg (push) Successful in 3m29s Details Test / Flake checks (push) Successful in 55s Details Wrapping fortify is slow, painful and error-prone. Start apps in-process instead. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-26 19:51:44 +09:00
Ophestra	4fa38d6063	cmd/fpkg: use fortify path from internal All checks were successful Test / Create distribution (push) Successful in 25s Details Test / Fortify (push) Successful in 2m28s Details Test / Data race detector (push) Successful in 3m22s Details Test / Flake checks (push) Successful in 43s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-26 12:16:35 +09:00
Ophestra	e599b5583d	fmsg: implement suspend in writer All checks were successful Test / Create distribution (push) Successful in 24s Details Test / Run NixOS test (push) Successful in 2m18s Details This removes the requirement to call fmsg.Exit on every exit path, and enables direct use of the "log" package. However, fmsg.BeforeExit is still encouraged when possible to catch exit on suspended output. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-16 18:51:53 +09:00
Ophestra	7baca66a56	proc: remove duplicate compile-time fortify reference All checks were successful Build / Create distribution (push) Successful in 1m46s Details Test / Run NixOS test (push) Successful in 3m44s Details This is no longer needed since shim and init are now part of the main program. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-18 11:59:33 +09:00
Ophestra	e0e2f40e84	cmd/fpkg: app bundle helper All checks were successful Tests / Go tests (push) Successful in 43s Details Nix / NixOS tests (push) Successful in 4m25s Details This helper program creates fortify configuration for running an application bundle. The activate action wraps a home-manager activation package and ensures each generation gets activated once. Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-26 13:21:49 +09:00

7 Commits