proc/priv/shim: merge shim into main program

Signed-off-by: Ophestra <cat@gensokyo.uk>
internal: do PR_SET_PDEATHSIG once
2025-01-17 23:43:32 +09:00 · 2025-01-17 23:08:46 +09:00 · 2025-01-17 22:56:16 +09:00 · 2025-01-17 22:52:23 +09:00
1 changed files with 2 additions and 22 deletions
--- a/flake.nix
+++ b/flake.nix
@ -166,28 +166,8 @@
                go
                gcc
              ]
-              # buildInputs
+              ++ fortify.buildInputs
-              ++ (
+              ++ fortify.nativeBuildInputs;
                with pkgsStatic;
                [
                  musl
                  libffi
                  acl
                  wayland
                  wayland-protocols
                ]
                ++ (with xorg; [
                  libxcb
                  libXau
                  libXdmcp
                ])
              )
              # nativeBuildInputs
              ++ [
                pkg-config
                wayland-scanner
                makeBinaryWrapper
              ];
          };
          fhs = fhs.env;
Author	SHA1	Message	Date
Ophestra	b39e320173	proc/priv/shim: merge shim into main program Some checks failed Build / Create distribution (push) Failing after 1m15s Details Test / Run NixOS test (push) Successful in 3m41s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-17 23:43:32 +09:00
Ophestra	6f5d92b395	internal: do PR_SET_PDEATHSIG once Some checks failed Build / Create distribution (push) Failing after 1m15s Details Test / Run NixOS test (push) Successful in 3m23s Details This prctl affects the entire process, doing it on every OS thread is pointless. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-17 23:08:46 +09:00
Ophestra	47932b3c8e	nix: do not force static linking on nix Some checks failed Build / Create distribution (push) Failing after 54s Details Test / Run NixOS test (push) Successful in 4m22s Details In a typical Nix or NixOS-based setup, the entire /nix/store directory is available to the sandbox. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-17 22:56:16 +09:00
Ophestra	9b066e6088	fortify: switch to static linking All checks were successful Build / Create distribution (push) Successful in 55s Details Test / Run NixOS test (push) Successful in 3m29s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-17 22:52:23 +09:00