hakurei

Author	SHA1	Message	Date
Ophestra	b9cc318314	system: implement Enablements String method All checks were successful Tests / Go tests (push) Successful in 40s Details Nix / NixOS tests (push) Successful in 3m9s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-20 23:21:19 +09:00
Ophestra	ed10574dea	state: store join util All checks were successful Tests / Go tests (push) Successful in 39s Details Nix / NixOS tests (push) Successful in 3m5s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-20 19:05:39 +09:00
Ophestra Umiker	195b717e01	release: 0.2.5 All checks were successful Tests / Go tests (push) Successful in 49s Details Create distribution / Release (push) Successful in 1m6s Details Nix / NixOS tests (push) Successful in 1m23s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-20 00:28:48 +09:00
Ophestra Umiker	df6fc298f6	migrate to git.gensokyo.uk/security/fortify All checks were successful Tests / Go tests (push) Successful in 2m55s Details Nix / NixOS tests (push) Successful in 5m10s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-20 00:20:02 +09:00
Ophestra Umiker	eae3034260	state: expose aids and use instance id as key All checks were successful Tests / Go tests (push) Successful in 39s Details Nix / NixOS tests (push) Successful in 3m26s Details Fortify state store instances was specific to aids due to outdated design decisions carried over from the ego rewrite. That no longer makes sense in the current application, so the interface now enables a single store object to manage all transient state. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-19 21:36:17 +09:00
Ophestra Umiker	5ea7333431	fst: implement app id parser All checks were successful Tests / Go tests (push) Successful in 40s Details Nix / NixOS tests (push) Successful in 3m8s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-19 18:19:47 +09:00
Ophestra Umiker	f796622c35	state: rename simple store implementation All checks were successful Tests / Go tests (push) Successful in 42s Details Nix / NixOS tests (push) Successful in 3m4s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-19 11:48:48 +09:00
Ophestra Umiker	5d25bee786	fortify: remove systemd check All checks were successful Tests / Go tests (push) Successful in 38s Details Nix / NixOS tests (push) Successful in 3m3s Details This is no longer necessary as fortify no longer integrates with external user switchers. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-19 11:14:31 +09:00
Ophestra Umiker	b48ece3bb0	acl: use test-managed tmpdir All checks were successful Tests / Go tests (push) Successful in 44s Details Nix / NixOS tests (push) Successful in 3m7s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-19 11:08:13 +09:00
Ophestra Umiker	9f95f60400	release: 0.2.4 All checks were successful Tests / Go tests (push) Successful in 52s Details Create distribution / Release (push) Successful in 1m9s Details Nix / NixOS tests (push) Successful in 1m23s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 23:52:52 +09:00
Ophestra Umiker	90dd57f75d	workflows: cache nix store All checks were successful Tests / Go tests (push) Successful in 45s Details Nix / NixOS tests (push) Successful in 1m11s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 23:38:39 +09:00
Ophestra Umiker	141f2e3685	workflows: cache apt packages All checks were successful Tests / Go tests (push) Successful in 36s Details Nix / NixOS tests (push) Successful in 5m43s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 23:05:28 +09:00
Ophestra Umiker	73aa285e8f	workflows: upload nixos test output All checks were successful Tests / Go tests (push) Successful in 44s Details Nix / NixOS tests (push) Successful in 5m45s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 20:32:40 +09:00
Ophestra Umiker	6e87fc02dd	workflows: build and upload test distribution All checks were successful Tests / Go tests (push) Successful in 43s Details Nix / NixOS tests (push) Successful in 5m33s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 20:28:35 +09:00
Ophestra Umiker	52f21a19f3	cmd/fshim: switch to setup pipe All checks were successful Tests / Go tests (push) Successful in 38s Details Nix / NixOS tests (push) Successful in 5m43s Details The socket-based approach is no longer necessary as fsu allows extra files and sudo compatibility is no longer relevant. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 19:39:25 +09:00
Ophestra Umiker	7be53a2438	cmd/fshim: switch to generic setup func All checks were successful Tests / Go tests (push) Successful in 38s Details Nix / NixOS tests (push) Successful in 5m47s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 17:20:31 +09:00
Ophestra Umiker	7f29b37a32	proc: setup payload send Generic setup payload encoder adapted from fshim. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 17:20:01 +09:00
Ophestra Umiker	f69e8e753e	cmd/finit: switch to generic receive func All checks were successful Tests / Go tests (push) Successful in 38s Details Nix / NixOS tests (push) Successful in 5m40s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 16:49:19 +09:00
Ophestra Umiker	ef8fd37e9d	proc: setup payload receive Generic implementation of setup payload receiver adapted from finit. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 16:48:41 +09:00
Ophestra Umiker	2f676c9d6e	fst: rename from fipc All checks were successful Tests / Go tests (push) Successful in 38s Details Nix / NixOS tests (push) Successful in 5m48s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 15:50:46 +09:00
Ophestra Umiker	bbace8f84b	nix: increase cpu count All checks were successful Tests / Go tests (push) Successful in 38s Details Nix / NixOS tests (push) Successful in 5m41s Details This improves performance, especially when kvm is inaccessible. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 15:32:52 +09:00
Ophestra Umiker	2efedf56c0	nix: collect fortify ps output All checks were successful Tests / Go tests (push) Successful in 38s Details Nix / NixOS tests (push) Successful in 10m38s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 13:48:39 +09:00
Ophestra Umiker	b752ec4468	fipc: export config struct All checks were successful Tests / Go tests (push) Successful in 1m12s Details Nix / NixOS tests (push) Successful in 10m51s Details Also store full config as part of state. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 13:45:55 +09:00
Ophestra Umiker	5d00805a7c	nix: check acl rollback All checks were successful Tests / Go tests (push) Successful in 1m1s Details Nix / NixOS tests (push) Successful in 10m32s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 12:49:32 +09:00
Ophestra Umiker	7b6052a473	nix: run Go tests in nixos All checks were successful Tests / Go tests (push) Successful in 41s Details Nix / NixOS tests (push) Successful in 9m56s Details Nix build environment does not support ACLs in any filesystem. This allows acl tests to run. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-17 21:16:55 +09:00
Ophestra Umiker	38653c6ab5	release: 0.2.3 All checks were successful Tests / Go tests (push) Successful in 55s Details Create distribution / Release (push) Successful in 1m1s Details Nix / NixOS tests (push) Successful in 5m5s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-17 14:06:17 +09:00
Ophestra Umiker	b5cbbeab90	dist: generate distribution tarball All checks were successful Tests / Go tests (push) Successful in 46s Details Create distribution / Release (push) Successful in 49s Details Nix / NixOS tests (push) Successful in 5m9s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-17 14:02:54 +09:00
Ophestra Umiker	c3ba0c3cce	nix: rename nixos test All checks were successful Tests / Go tests (push) Successful in 39s Details Nix / NixOS tests (push) Successful in 5m0s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-17 13:02:12 +09:00
Ophestra Umiker	b453f70ca2	cmd/fsu: check uid range before syscall All checks were successful Tests / Go tests (push) Successful in 43s Details Nix / NixOS tests (push) Successful in 5m0s Details This limits potential exploits to the fortify uid range. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-17 13:01:36 +09:00
Ophestra Umiker	c2b178e626	xcb: refactor and clean up All checks were successful Tests / Go tests (push) Successful in 45s Details Nix / NixOS tests (push) Successful in 5m2s Details No clean way to write Go tests for this package. Will rely on NixOS tests for now. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-17 12:46:36 +09:00
Ophestra Umiker	aeda40fc92	nix: test x11 permissive defaults All checks were successful Tests / Go tests (push) Successful in 40s Details Nix / NixOS tests (push) Successful in 4m51s Details Also invoke glinfo/wayland-info as part of tests. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-17 12:40:29 +09:00
Ophestra Umiker	65dc39956f	workflows: set action names All checks were successful Tests / Go tests (push) Successful in 42s Details Nix / NixOS tests (push) Successful in 4m33s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-17 11:12:39 +09:00
Ophestra Umiker	35505c8a26	workflows: invoke nix flake checks All checks were successful check / nix-flake-check (push) Successful in 4m32s Details test / test (push) Successful in 37s Details Integration tests are implemented as nix flake checks. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-17 10:49:43 +09:00
Ophestra Umiker	3f993021f8	nix: permissive defaults nixos test All checks were successful test / test (push) Successful in 37s Details Adapted from nixos sway integration tests. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-16 22:56:10 +09:00
Ophestra Umiker	4d3bd5338f	nix: implement flake checks All checks were successful test / test (push) Successful in 36s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-16 20:54:28 +09:00
Ophestra Umiker	138666d753	nix: skip acl test All checks were successful test / test (push) Successful in 39s Details The nix build environment does not support ACLs. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-16 19:29:01 +09:00
Ophestra Umiker	f4628e181b	acl: create test file in tmpdir All checks were successful test / test (push) Successful in 37s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-16 18:58:09 +09:00
Ophestra Umiker	c8a90666c5	acl: refactor and clean up All checks were successful test / test (push) Successful in 37s Details Move all C code to c.go, switch to pkg-config, set up finalizer for acl. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-16 18:27:19 +09:00
Ophestra Umiker	ee41b37606	acl: add tests All checks were successful test / test (push) Successful in 37s Details These tests test UpdatePerm correctness by parsing getfacl output. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-16 16:00:31 +09:00
Ophestra Umiker	e3f1d7ba60	release: 0.2.2 All checks were successful release / release (push) Successful in 44s Details test / test (push) Successful in 35s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-07 21:47:22 +09:00
Ophestra Umiker	39e3ac3ccd	nix: require /etc/userdb nix-daemon All checks were successful test / test (push) Successful in 36s Details There seems to be some kind of credential caching in nix-daemon. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-07 21:07:57 +09:00
Ophestra Umiker	33c95b80ca	cmd/fuserdb: rename home directories All checks were successful test / test (push) Successful in 36s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-07 20:23:46 +09:00
Ophestra Umiker	40cc8a68d1	nix: rename home directories All checks were successful test / test (push) Successful in 38s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-07 20:15:37 +09:00
Ophestra Umiker	f773c92411	system: prevent duplicate Wayland op All checks were successful test / test (push) Successful in 36s Details Wayland is implemented as an Op to enforce dependency and cleanup, its implementation does not allow multiple instances on a single sys object, nor would doing that make any sense. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-07 19:45:37 +09:00
Ophestra Umiker	16ab734fcd	update README document All checks were successful test / test (push) Successful in 37s Details A lot of this information is no longer true since fsu. Remove them for now and write up proper documentation later. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-06 17:04:36 +09:00
Ophestra Umiker	cc816a1aaa	proc: cleaner extra files All checks were successful test / test (push) Successful in 37s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-06 16:05:04 +09:00
Ophestra Umiker	b3ef53b193	app: integrate security-context-v1 All checks were successful test / test (push) Successful in 37s Details Should be able to get rid of XDG_RUNTIME_DIR share after this. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-06 04:25:33 +09:00
Ophestra Umiker	8d0573405a	helper/bwrap: implement sync fd All checks were successful test / test (push) Successful in 38s Details This is required by wayland security-context-v1. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-06 04:21:37 +09:00
Ophestra Umiker	38e92edb8e	system/wayland: integrate security-context-v1 All checks were successful test / test (push) Successful in 37s Details Had to pass the sync fd through sys. The rest are just part of a standard Op. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-06 04:20:15 +09:00
Ophestra Umiker	2d606b1f4b	wl: implement security-context-v1 All checks were successful test / test (push) Successful in 38s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-06 04:15:13 +09:00

... 3 4 5 6 7 ...

500 Commits