release: 0.2.5

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
migrate to git.gensokyo.uk/security/fortify
2024-12-20 00:28:48 +09:00 · 2024-12-20 00:20:02 +09:00 · 2024-12-19 21:36:17 +09:00 · 2024-12-19 18:19:47 +09:00 · 2024-12-19 11:48:48 +09:00 · 2024-12-19 11:14:31 +09:00
67 changed files with 732 additions and 476 deletions
--- a/README.md
+++ b/README.md
@ -1,8 +1,8 @@
 Fortify
 =======

-[![Go Reference](https://pkg.go.dev/badge/git.ophivana.moe/security/fortify.svg)](https://pkg.go.dev/git.ophivana.moe/security/fortify)
-[![Go Report Card](https://goreportcard.com/badge/git.ophivana.moe/security/fortify)](https://goreportcard.com/report/git.ophivana.moe/security/fortify)
+[![Go Reference](https://pkg.go.dev/badge/git.gensokyo.uk/security/fortify.svg)](https://pkg.go.dev/git.gensokyo.uk/security/fortify)
+[![Go Report Card](https://goreportcard.com/badge/git.gensokyo.uk/security/fortify)](https://goreportcard.com/report/git.gensokyo.uk/security/fortify)

 Lets you run graphical applications as another user in a confined environment with a nice NixOS
 module to configure target users and provide launchers and desktop files for your privileged user.
@ -18,7 +18,7 @@ Why would you want this?
 If you have a flakes-enabled nix environment, you can try out the tool by running:

 ```shell
-nix run git+https://git.ophivana.moe/security/fortify -- help
+nix run git+https://git.gensokyo.uk/security/fortify -- help
 ```

 ## Module usage
@ -35,7 +35,7 @@ To use the module, import it into your configuration with
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";

    fortify = {
-      url = "git+https://git.ophivana.moe/security/fortify";
+      url = "git+https://git.gensokyo.uk/security/fortify";

      # Optional but recommended to limit the size of your system closure.
      inputs.nixpkgs.follows = "nixpkgs";
--- a/acl/acl_test.go
+++ b/acl/acl_test.go
@ -7,7 +7,7 @@ import (
 	"reflect"
 	"testing"

-	"git.ophivana.moe/security/fortify/acl"
+	"git.gensokyo.uk/security/fortify/acl"
 )

 const testFileName = "acl.test"
@ -15,8 +15,6 @@ const testFileName = "acl.test"
 var (
 	uid  = os.Geteuid()
 	cred = int32(os.Geteuid())
-
-	testFilePath = path.Join(os.TempDir(), testFileName)
 )

 func TestUpdatePerm(t *testing.T) {
@ -25,6 +23,8 @@ func TestUpdatePerm(t *testing.T) {
 		t.SkipNow()
 	}

+	testFilePath := path.Join(t.TempDir(), testFileName)
+
 	if f, err := os.Create(testFilePath); err != nil {
 		t.Fatalf("Create: error = %v", err)
 	} else {
@ -64,16 +64,16 @@ func TestUpdatePerm(t *testing.T) {
 		}
 	})

-	testUpdate(t, "r--", cur, fAclPermRead, acl.Read)
-	testUpdate(t, "-w-", cur, fAclPermWrite, acl.Write)
-	testUpdate(t, "--x", cur, fAclPermExecute, acl.Execute)
-	testUpdate(t, "-wx", cur, fAclPermWrite|fAclPermExecute, acl.Write, acl.Execute)
-	testUpdate(t, "r-x", cur, fAclPermRead|fAclPermExecute, acl.Read, acl.Execute)
-	testUpdate(t, "rw-", cur, fAclPermRead|fAclPermWrite, acl.Read, acl.Write)
-	testUpdate(t, "rwx", cur, fAclPermRead|fAclPermWrite|fAclPermExecute, acl.Read, acl.Write, acl.Execute)
+	testUpdate(t, testFilePath, "r--", cur, fAclPermRead, acl.Read)
+	testUpdate(t, testFilePath, "-w-", cur, fAclPermWrite, acl.Write)
+	testUpdate(t, testFilePath, "--x", cur, fAclPermExecute, acl.Execute)
+	testUpdate(t, testFilePath, "-wx", cur, fAclPermWrite|fAclPermExecute, acl.Write, acl.Execute)
+	testUpdate(t, testFilePath, "r-x", cur, fAclPermRead|fAclPermExecute, acl.Read, acl.Execute)
+	testUpdate(t, testFilePath, "rw-", cur, fAclPermRead|fAclPermWrite, acl.Read, acl.Write)
+	testUpdate(t, testFilePath, "rwx", cur, fAclPermRead|fAclPermWrite|fAclPermExecute, acl.Read, acl.Write, acl.Execute)
 }

-func testUpdate(t *testing.T, name string, cur []*getFAclResp, val fAclPerm, perms ...acl.Perm) {
+func testUpdate(t *testing.T, testFilePath, name string, cur []*getFAclResp, val fAclPerm, perms ...acl.Perm) {
 	t.Run(name, func(t *testing.T) {
 		t.Cleanup(func() {
 			if err := acl.UpdatePerm(testFilePath, uid); err != nil {
--- a/cmd/finit/main.go
+++ b/cmd/finit/main.go
@ -9,10 +9,10 @@ import (
 	"syscall"
 	"time"

-	init0 "git.ophivana.moe/security/fortify/cmd/finit/ipc"
-	"git.ophivana.moe/security/fortify/internal"
-	"git.ophivana.moe/security/fortify/internal/fmsg"
-	"git.ophivana.moe/security/fortify/internal/proc"
+	init0 "git.gensokyo.uk/security/fortify/cmd/finit/ipc"
+	"git.gensokyo.uk/security/fortify/internal"
+	"git.gensokyo.uk/security/fortify/internal/fmsg"
+	"git.gensokyo.uk/security/fortify/internal/proc"
 )

 const (
--- a/cmd/fshim/ipc/payload.go
+++ b/cmd/fshim/ipc/payload.go
@ -1,7 +1,7 @@
 package shim0

 import (
-	"git.ophivana.moe/security/fortify/helper/bwrap"
+	"git.gensokyo.uk/security/fortify/helper/bwrap"
 )

 const Env = "FORTIFY_SHIM"
--- a/cmd/fshim/ipc/shim/shim.go
+++ b/cmd/fshim/ipc/shim/shim.go
@ -11,10 +11,10 @@ import (
 	"syscall"
 	"time"

-	shim0 "git.ophivana.moe/security/fortify/cmd/fshim/ipc"
-	"git.ophivana.moe/security/fortify/internal"
-	"git.ophivana.moe/security/fortify/internal/fmsg"
-	"git.ophivana.moe/security/fortify/internal/proc"
+	shim0 "git.gensokyo.uk/security/fortify/cmd/fshim/ipc"
+	"git.gensokyo.uk/security/fortify/internal"
+	"git.gensokyo.uk/security/fortify/internal/fmsg"
+	"git.gensokyo.uk/security/fortify/internal/proc"
 )

 const shimSetupTimeout = 5 * time.Second
--- a/cmd/fshim/main.go
+++ b/cmd/fshim/main.go
@ -7,12 +7,12 @@ import (
 	"strconv"
 	"syscall"

-	init0 "git.ophivana.moe/security/fortify/cmd/finit/ipc"
-	shim "git.ophivana.moe/security/fortify/cmd/fshim/ipc"
-	"git.ophivana.moe/security/fortify/helper"
-	"git.ophivana.moe/security/fortify/internal"
-	"git.ophivana.moe/security/fortify/internal/fmsg"
-	"git.ophivana.moe/security/fortify/internal/proc"
+	init0 "git.gensokyo.uk/security/fortify/cmd/finit/ipc"
+	shim "git.gensokyo.uk/security/fortify/cmd/fshim/ipc"
+	"git.gensokyo.uk/security/fortify/helper"
+	"git.gensokyo.uk/security/fortify/internal"
+	"git.gensokyo.uk/security/fortify/internal/fmsg"
+	"git.gensokyo.uk/security/fortify/internal/proc"
 )

 // everything beyond this point runs as unconstrained target user
--- a/cmd/fuserdb/main.go
+++ b/cmd/fuserdb/main.go
@ -9,7 +9,7 @@ import (
 	"path"
 	"strconv"

-	"git.ophivana.moe/security/fortify/internal/fmsg"
+	"git.gensokyo.uk/security/fortify/internal/fmsg"
 )

 func main() {
--- a/cmd/fuserdb/payload.go
+++ b/cmd/fuserdb/payload.go
@ -5,7 +5,7 @@ import (
 	"os"
 	"path"

-	"git.ophivana.moe/security/fortify/internal/fmsg"
+	"git.gensokyo.uk/security/fortify/internal/fmsg"
 )

 type payloadU struct {
--- a/dbus/config_test.go
+++ b/dbus/config_test.go
@ -9,7 +9,7 @@ import (
 	"strings"
 	"testing"

-	"git.ophivana.moe/security/fortify/dbus"
+	"git.gensokyo.uk/security/fortify/dbus"
 )

 func TestConfig_Args(t *testing.T) {
--- a/dbus/dbus_test.go
+++ b/dbus/dbus_test.go
@ -5,8 +5,8 @@ import (
 	"strings"
 	"testing"

-	"git.ophivana.moe/security/fortify/dbus"
-	"git.ophivana.moe/security/fortify/helper"
+	"git.gensokyo.uk/security/fortify/dbus"
+	"git.gensokyo.uk/security/fortify/helper"
 )

 func TestNew(t *testing.T) {
--- a/dbus/proxy.go
+++ b/dbus/proxy.go
@ -6,8 +6,8 @@ import (
 	"io"
 	"sync"

-	"git.ophivana.moe/security/fortify/helper"
-	"git.ophivana.moe/security/fortify/helper/bwrap"
+	"git.gensokyo.uk/security/fortify/helper"
+	"git.gensokyo.uk/security/fortify/helper/bwrap"
 )

 // ProxyName is the file name or path to the proxy program.
--- a/dbus/run.go
+++ b/dbus/run.go
@ -9,9 +9,9 @@ import (
 	"strconv"
 	"strings"

-	"git.ophivana.moe/security/fortify/helper"
-	"git.ophivana.moe/security/fortify/helper/bwrap"
-	"git.ophivana.moe/security/fortify/ldd"
+	"git.gensokyo.uk/security/fortify/helper"
+	"git.gensokyo.uk/security/fortify/helper/bwrap"
+	"git.gensokyo.uk/security/fortify/ldd"
 )

 // Start launches the D-Bus proxy and sets up the Wait method.
--- a/dbus/samples_test.go
+++ b/dbus/samples_test.go
@ -3,7 +3,7 @@ package dbus_test
 import (
 	"sync"

-	"git.ophivana.moe/security/fortify/dbus"
+	"git.gensokyo.uk/security/fortify/dbus"
 )

 var samples = []dbusTestCase{
--- a/dbus/stub_test.go
+++ b/dbus/stub_test.go
@ -3,7 +3,7 @@ package dbus_test
 import (
 	"testing"

-	"git.ophivana.moe/security/fortify/helper"
+	"git.gensokyo.uk/security/fortify/helper"
 )

 func TestHelperChildStub(t *testing.T) {
--- a/dist/release.sh
+++ b/dist/release.sh
@ -8,9 +8,9 @@ mkdir -p "${out}"
 cp "README.md" "dist/fsurc.default" "dist/install.sh" "${out}"

 go build -v -o "${out}/bin/" -ldflags "-s -w
-  -X git.ophivana.moe/security/fortify/internal.Version=${VERSION}
-  -X git.ophivana.moe/security/fortify/internal.Fsu=/usr/bin/fsu
-  -X git.ophivana.moe/security/fortify/internal.Finit=/usr/libexec/fortify/finit
+  -X git.gensokyo.uk/security/fortify/internal.Version=${VERSION}
+  -X git.gensokyo.uk/security/fortify/internal.Fsu=/usr/bin/fsu
+  -X git.gensokyo.uk/security/fortify/internal.Finit=/usr/libexec/fortify/finit
  -X main.Fmain=/usr/bin/fortify
  -X main.Fshim=/usr/libexec/fortify/fshim" ./...

--- a/error.go
+++ b/error.go
@ -3,8 +3,8 @@ package main
 import (
 	"errors"

-	"git.ophivana.moe/security/fortify/internal/app"
-	"git.ophivana.moe/security/fortify/internal/fmsg"
+	"git.gensokyo.uk/security/fortify/internal/app"
+	"git.gensokyo.uk/security/fortify/internal/fmsg"
 )

 func logWaitError(err error) {
--- a/fst/config.go
+++ b/fst/config.go
@ -3,10 +3,10 @@ package fst
 import (
 	"errors"

-	"git.ophivana.moe/security/fortify/dbus"
-	"git.ophivana.moe/security/fortify/helper/bwrap"
-	"git.ophivana.moe/security/fortify/internal/linux"
-	"git.ophivana.moe/security/fortify/internal/system"
+	"git.gensokyo.uk/security/fortify/dbus"
+	"git.gensokyo.uk/security/fortify/helper/bwrap"
+	"git.gensokyo.uk/security/fortify/internal/linux"
+	"git.gensokyo.uk/security/fortify/internal/system"
 )

 const fTmp = "/fortify"
--- a/fst/id.go
+++ b/fst/id.go
@ -0,0 +1,48 @@
+package fst
+
+import (
+	"crypto/rand"
+	"encoding/hex"
+	"errors"
+	"fmt"
+)
+
+type ID [16]byte
+
+var (
+	ErrInvalidLength = errors.New("string representation must have a length of 32")
+)
+
+func (a *ID) String() string {
+	return hex.EncodeToString(a[:])
+}
+
+func NewAppID(id *ID) error {
+	_, err := rand.Read(id[:])
+	return err
+}
+
+func ParseAppID(id *ID, s string) error {
+	if len(s) != 32 {
+		return ErrInvalidLength
+	}
+
+	for i, b := range s {
+		if b < '0' || b > 'f' {
+			return fmt.Errorf("invalid char %q at byte %d", b, i)
+		}
+
+		v := uint8(b)
+		if v > '9' {
+			v = 10 + v - 'a'
+		} else {
+			v -= '0'
+		}
+		if i%2 == 0 {
+			v <<= 4
+		}
+		id[i/2] += v
+	}
+
+	return nil
+}
--- a/fst/id_test.go
+++ b/fst/id_test.go
@ -0,0 +1,63 @@
+package fst_test
+
+import (
+	"errors"
+	"testing"
+
+	"git.gensokyo.uk/security/fortify/fst"
+)
+
+func TestParseAppID(t *testing.T) {
+	t.Run("bad length", func(t *testing.T) {
+		if err := fst.ParseAppID(new(fst.ID), "meow"); !errors.Is(err, fst.ErrInvalidLength) {
+			t.Errorf("ParseAppID: error = %v, wantErr =  %v", err, fst.ErrInvalidLength)
+		}
+	})
+
+	t.Run("bad byte", func(t *testing.T) {
+		wantErr := "invalid char '\\n' at byte 15"
+		if err := fst.ParseAppID(new(fst.ID), "02bc7f8936b2af6\n\ne2535cd71ef0bb7"); err == nil || err.Error() != wantErr {
+			t.Errorf("ParseAppID: error = %v, wantErr =  %v", err, wantErr)
+		}
+	})
+
+	t.Run("fuzz 16 iterations", func(t *testing.T) {
+		for i := 0; i < 16; i++ {
+			testParseAppIDWithRandom(t)
+		}
+	})
+}
+
+func FuzzParseAppID(f *testing.F) {
+	for i := 0; i < 16; i++ {
+		id := new(fst.ID)
+		if err := fst.NewAppID(id); err != nil {
+			panic(err.Error())
+		}
+		f.Add(id[0], id[1], id[2], id[3], id[4], id[5], id[6], id[7], id[8], id[9], id[10], id[11], id[12], id[13], id[14], id[15])
+	}
+
+	f.Fuzz(func(t *testing.T, b0, b1, b2, b3, b4, b5, b6, b7, b8, b9, b10, b11, b12, b13, b14, b15 byte) {
+		testParseAppID(t, &fst.ID{b0, b1, b2, b3, b4, b5, b6, b7, b8, b9, b10, b11, b12, b13, b14, b15})
+	})
+}
+
+func testParseAppIDWithRandom(t *testing.T) {
+	id := new(fst.ID)
+	if err := fst.NewAppID(id); err != nil {
+		t.Fatalf("cannot generate app ID: %v", err)
+	}
+	testParseAppID(t, id)
+}
+
+func testParseAppID(t *testing.T, id *fst.ID) {
+	s := id.String()
+	got := new(fst.ID)
+	if err := fst.ParseAppID(got, s); err != nil {
+		t.Fatalf("cannot parse app ID: %v", err)
+	}
+
+	if *got != *id {
+		t.Fatalf("ParseAppID(%#v) = \n%#v, want \n%#v", s, got, id)
+	}
+}
--- a/fst/shared.go
+++ b/fst/shared.go
@ -1,18 +1,2 @@
 // Package fst exports shared fortify types.
 package fst
-
-import (
-	"crypto/rand"
-	"encoding/hex"
-)
-
-type ID [16]byte
-
-func (a *ID) String() string {
-	return hex.EncodeToString(a[:])
-}
-
-func NewAppID(id *ID) error {
-	_, err := rand.Read(id[:])
-	return err
-}
--- a/go.mod
+++ b/go.mod
@ -1,3 +1,3 @@
-module git.ophivana.moe/security/fortify
+module git.gensokyo.uk/security/fortify

 go 1.22
--- a/helper/args_test.go
+++ b/helper/args_test.go
@ -6,7 +6,7 @@ import (
 	"strings"
 	"testing"

-	"git.ophivana.moe/security/fortify/helper"
+	"git.gensokyo.uk/security/fortify/helper"
 )

 func Test_argsFD_String(t *testing.T) {
--- a/helper/bwrap.go
+++ b/helper/bwrap.go
@ -8,8 +8,8 @@ import (
 	"strconv"
 	"sync"

-	"git.ophivana.moe/security/fortify/helper/bwrap"
-	"git.ophivana.moe/security/fortify/internal/proc"
+	"git.gensokyo.uk/security/fortify/helper/bwrap"
+	"git.gensokyo.uk/security/fortify/internal/proc"
 )

 // BubblewrapName is the file name or path to bubblewrap.
--- a/helper/bwrap_test.go
+++ b/helper/bwrap_test.go
@ -7,8 +7,8 @@ import (
 	"strings"
 	"testing"

-	"git.ophivana.moe/security/fortify/helper"
-	"git.ophivana.moe/security/fortify/helper/bwrap"
+	"git.gensokyo.uk/security/fortify/helper"
+	"git.gensokyo.uk/security/fortify/helper/bwrap"
 )

 func TestBwrap(t *testing.T) {
--- a/helper/direct_test.go
+++ b/helper/direct_test.go
@ -5,7 +5,7 @@ import (
 	"os"
 	"testing"

-	"git.ophivana.moe/security/fortify/helper"
+	"git.gensokyo.uk/security/fortify/helper"
 )

 func TestDirect(t *testing.T) {
--- a/helper/helper_test.go
+++ b/helper/helper_test.go
@ -6,7 +6,7 @@ import (
 	"testing"
 	"time"

-	"git.ophivana.moe/security/fortify/helper"
+	"git.gensokyo.uk/security/fortify/helper"
 )

 var (
--- a/helper/pipe.go
+++ b/helper/pipe.go
@ -6,7 +6,7 @@ import (
 	"os"
 	"os/exec"

-	"git.ophivana.moe/security/fortify/internal/proc"
+	"git.gensokyo.uk/security/fortify/internal/proc"
 )

 type pipes struct {
--- a/helper/stub.go
+++ b/helper/stub.go
@ -10,8 +10,8 @@ import (
 	"syscall"
 	"testing"

-	"git.ophivana.moe/security/fortify/helper/bwrap"
-	"git.ophivana.moe/security/fortify/internal/fmsg"
+	"git.gensokyo.uk/security/fortify/helper/bwrap"
+	"git.gensokyo.uk/security/fortify/internal/fmsg"
 )

 // InternalChildStub is an internal function but exported because it is cross-package;
--- a/helper/stub_test.go
+++ b/helper/stub_test.go
@ -3,7 +3,7 @@ package helper_test
 import (
 	"testing"

-	"git.ophivana.moe/security/fortify/helper"
+	"git.gensokyo.uk/security/fortify/helper"
 )

 func TestHelperChildStub(t *testing.T) {
--- a/internal/app/app.go
+++ b/internal/app/app.go
@ -4,9 +4,9 @@ import (
 	"sync"
 	"sync/atomic"

-	"git.ophivana.moe/security/fortify/cmd/fshim/ipc/shim"
-	"git.ophivana.moe/security/fortify/fst"
-	"git.ophivana.moe/security/fortify/internal/linux"
+	"git.gensokyo.uk/security/fortify/cmd/fshim/ipc/shim"
+	"git.gensokyo.uk/security/fortify/fst"
+	"git.gensokyo.uk/security/fortify/internal/linux"
 )

 type App interface {
--- a/internal/app/app_nixos_test.go
+++ b/internal/app/app_nixos_test.go
@ -1,11 +1,11 @@
 package app_test

 import (
-	"git.ophivana.moe/security/fortify/acl"
-	"git.ophivana.moe/security/fortify/dbus"
-	"git.ophivana.moe/security/fortify/fst"
-	"git.ophivana.moe/security/fortify/helper/bwrap"
-	"git.ophivana.moe/security/fortify/internal/system"
+	"git.gensokyo.uk/security/fortify/acl"
+	"git.gensokyo.uk/security/fortify/dbus"
+	"git.gensokyo.uk/security/fortify/fst"
+	"git.gensokyo.uk/security/fortify/helper/bwrap"
+	"git.gensokyo.uk/security/fortify/internal/system"
 )

 var testCasesNixos = []sealTestCase{
--- a/internal/app/app_pd_test.go
+++ b/internal/app/app_pd_test.go
@ -1,11 +1,11 @@
 package app_test

 import (
-	"git.ophivana.moe/security/fortify/acl"
-	"git.ophivana.moe/security/fortify/dbus"
-	"git.ophivana.moe/security/fortify/fst"
-	"git.ophivana.moe/security/fortify/helper/bwrap"
-	"git.ophivana.moe/security/fortify/internal/system"
+	"git.gensokyo.uk/security/fortify/acl"
+	"git.gensokyo.uk/security/fortify/dbus"
+	"git.gensokyo.uk/security/fortify/fst"
+	"git.gensokyo.uk/security/fortify/helper/bwrap"
+	"git.gensokyo.uk/security/fortify/internal/system"
 )

 var testCasesPd = []sealTestCase{
--- a/internal/app/app_stub_test.go
+++ b/internal/app/app_stub_test.go
@ -7,7 +7,7 @@ import (
 	"os/user"
 	"strconv"

-	"git.ophivana.moe/security/fortify/internal/linux"
+	"git.gensokyo.uk/security/fortify/internal/linux"
 )

 // fs methods are not implemented using a real FS
--- a/internal/app/app_test.go
+++ b/internal/app/app_test.go
@ -6,11 +6,11 @@ import (
 	"testing"
 	"time"

-	"git.ophivana.moe/security/fortify/fst"
-	"git.ophivana.moe/security/fortify/helper/bwrap"
-	"git.ophivana.moe/security/fortify/internal/app"
-	"git.ophivana.moe/security/fortify/internal/linux"
-	"git.ophivana.moe/security/fortify/internal/system"
+	"git.gensokyo.uk/security/fortify/fst"
+	"git.gensokyo.uk/security/fortify/helper/bwrap"
+	"git.gensokyo.uk/security/fortify/internal/app"
+	"git.gensokyo.uk/security/fortify/internal/linux"
+	"git.gensokyo.uk/security/fortify/internal/system"
 )

 type sealTestCase struct {
--- a/internal/app/export_test.go
+++ b/internal/app/export_test.go
@ -1,10 +1,10 @@
 package app

 import (
-	"git.ophivana.moe/security/fortify/fst"
-	"git.ophivana.moe/security/fortify/helper/bwrap"
-	"git.ophivana.moe/security/fortify/internal/linux"
-	"git.ophivana.moe/security/fortify/internal/system"
+	"git.gensokyo.uk/security/fortify/fst"
+	"git.gensokyo.uk/security/fortify/helper/bwrap"
+	"git.gensokyo.uk/security/fortify/internal/linux"
+	"git.gensokyo.uk/security/fortify/internal/system"
 )

 func NewWithID(id fst.ID, os linux.System) App {
--- a/internal/app/seal.go
+++ b/internal/app/seal.go
@ -8,12 +8,12 @@ import (
 	"regexp"
 	"strconv"

-	"git.ophivana.moe/security/fortify/dbus"
-	"git.ophivana.moe/security/fortify/fst"
-	"git.ophivana.moe/security/fortify/internal/fmsg"
-	"git.ophivana.moe/security/fortify/internal/linux"
-	"git.ophivana.moe/security/fortify/internal/state"
-	"git.ophivana.moe/security/fortify/internal/system"
+	"git.gensokyo.uk/security/fortify/dbus"
+	"git.gensokyo.uk/security/fortify/fst"
+	"git.gensokyo.uk/security/fortify/internal/fmsg"
+	"git.gensokyo.uk/security/fortify/internal/linux"
+	"git.gensokyo.uk/security/fortify/internal/state"
+	"git.gensokyo.uk/security/fortify/internal/system"
 )

 var (
@ -218,7 +218,7 @@ func (a *app) Seal(config *fst.Config) error {
 	// open process state store
 	// the simple store only starts holding an open file after first action
 	// store activity begins after Start is called and must end before Wait
-	seal.store = state.NewSimple(seal.RunDirPath, seal.sys.user.as)
+	seal.store = state.NewMulti(seal.RunDirPath)

 	// initialise system interface with full uid
 	seal.sys.I = system.New(seal.sys.user.uid)
--- a/internal/app/share.dbus.go
+++ b/internal/app/share.dbus.go
@ -3,9 +3,9 @@ package app
 import (
 	"path"

-	"git.ophivana.moe/security/fortify/acl"
-	"git.ophivana.moe/security/fortify/dbus"
-	"git.ophivana.moe/security/fortify/internal/system"
+	"git.gensokyo.uk/security/fortify/acl"
+	"git.gensokyo.uk/security/fortify/dbus"
+	"git.gensokyo.uk/security/fortify/internal/system"
 )

 const (
--- a/internal/app/share.display.go
+++ b/internal/app/share.display.go
@ -4,10 +4,10 @@ import (
 	"errors"
 	"path"

-	"git.ophivana.moe/security/fortify/acl"
-	"git.ophivana.moe/security/fortify/internal/fmsg"
-	"git.ophivana.moe/security/fortify/internal/linux"
-	"git.ophivana.moe/security/fortify/internal/system"
+	"git.gensokyo.uk/security/fortify/acl"
+	"git.gensokyo.uk/security/fortify/internal/fmsg"
+	"git.gensokyo.uk/security/fortify/internal/linux"
+	"git.gensokyo.uk/security/fortify/internal/system"
 )

 const (
--- a/internal/app/share.pulse.go
+++ b/internal/app/share.pulse.go
@ -6,9 +6,9 @@ import (
 	"io/fs"
 	"path"

-	"git.ophivana.moe/security/fortify/internal/fmsg"
-	"git.ophivana.moe/security/fortify/internal/linux"
-	"git.ophivana.moe/security/fortify/internal/system"
+	"git.gensokyo.uk/security/fortify/internal/fmsg"
+	"git.gensokyo.uk/security/fortify/internal/linux"
+	"git.gensokyo.uk/security/fortify/internal/system"
 )

 const (
--- a/internal/app/share.runtime.go
+++ b/internal/app/share.runtime.go
@ -3,8 +3,8 @@ package app
 import (
 	"path"

-	"git.ophivana.moe/security/fortify/acl"
-	"git.ophivana.moe/security/fortify/internal/system"
+	"git.gensokyo.uk/security/fortify/acl"
+	"git.gensokyo.uk/security/fortify/internal/system"
 )

 const (
--- a/internal/app/share.system.go
+++ b/internal/app/share.system.go
@ -3,9 +3,9 @@ package app
 import (
 	"path"

-	"git.ophivana.moe/security/fortify/acl"
-	"git.ophivana.moe/security/fortify/internal/linux"
-	"git.ophivana.moe/security/fortify/internal/system"
+	"git.gensokyo.uk/security/fortify/acl"
+	"git.gensokyo.uk/security/fortify/internal/linux"
+	"git.gensokyo.uk/security/fortify/internal/system"
 )

 const (
--- a/internal/app/start.go
+++ b/internal/app/start.go
@ -7,12 +7,12 @@ import (
 	"path/filepath"
 	"strings"

-	shim0 "git.ophivana.moe/security/fortify/cmd/fshim/ipc"
-	"git.ophivana.moe/security/fortify/cmd/fshim/ipc/shim"
-	"git.ophivana.moe/security/fortify/helper"
-	"git.ophivana.moe/security/fortify/internal/fmsg"
-	"git.ophivana.moe/security/fortify/internal/state"
-	"git.ophivana.moe/security/fortify/internal/system"
+	shim0 "git.gensokyo.uk/security/fortify/cmd/fshim/ipc"
+	"git.gensokyo.uk/security/fortify/cmd/fshim/ipc/shim"
+	"git.gensokyo.uk/security/fortify/helper"
+	"git.gensokyo.uk/security/fortify/internal/fmsg"
+	"git.gensokyo.uk/security/fortify/internal/state"
+	"git.gensokyo.uk/security/fortify/internal/system"
 )

 // Start selects a user switcher and starts shim.
@ -76,8 +76,8 @@ func (a *app) Start() error {

 		// register process state
 		var err0 = new(StateStoreError)
-		err0.Inner, err0.DoErr = a.seal.store.Do(func(b state.Backend) {
-			err0.InnerErr = b.Save(&sd)
+		err0.Inner, err0.DoErr = a.seal.store.Do(a.seal.sys.user.aid, func(c state.Cursor) {
+			err0.InnerErr = c.Save(&sd)
 		})
 		a.seal.sys.saveState = true
 		return err0.equiv("cannot save process state:")
@ -199,11 +199,11 @@ func (a *app) Wait() (int, error) {

 	// update store and revert app setup transaction
 	e := new(StateStoreError)
-	e.Inner, e.DoErr = a.seal.store.Do(func(b state.Backend) {
+	e.Inner, e.DoErr = a.seal.store.Do(a.seal.sys.user.aid, func(b state.Cursor) {
 		e.InnerErr = func() error {
 			// destroy defunct state entry
 			if cmd := a.shim.Unwrap(); cmd != nil && a.seal.sys.saveState {
-				if err := b.Destroy(cmd.Process.Pid); err != nil {
+				if err := b.Destroy(*a.id); err != nil {
 					return err
 				}
 			}
--- a/internal/app/system.go
+++ b/internal/app/system.go
@ -1,10 +1,10 @@
 package app

 import (
-	"git.ophivana.moe/security/fortify/dbus"
-	"git.ophivana.moe/security/fortify/helper/bwrap"
-	"git.ophivana.moe/security/fortify/internal/linux"
-	"git.ophivana.moe/security/fortify/internal/system"
+	"git.gensokyo.uk/security/fortify/dbus"
+	"git.gensokyo.uk/security/fortify/helper/bwrap"
+	"git.gensokyo.uk/security/fortify/internal/linux"
+	"git.gensokyo.uk/security/fortify/internal/system"
 )

 // appSealSys encapsulates app seal behaviour with OS interactions
--- a/internal/linux/interface.go
+++ b/internal/linux/interface.go
@ -7,7 +7,7 @@ import (
 	"path"
 	"strconv"

-	"git.ophivana.moe/security/fortify/internal/fmsg"
+	"git.gensokyo.uk/security/fortify/internal/fmsg"
 )

 // System provides safe access to operating system resources.
@ -39,8 +39,6 @@ type System interface {
 	Paths() Paths
 	// Uid invokes fsu and returns target uid.
 	Uid(aid int) (int, error)
-	// SdBooted implements https://www.freedesktop.org/software/systemd/man/sd_booted.html
-	SdBooted() bool
 }

 // Paths contains environment dependent paths used by fortify.
--- a/internal/linux/std.go
+++ b/internal/linux/std.go
@ -1,7 +1,6 @@
 package linux

 import (
-	"errors"
 	"io"
 	"io/fs"
 	"os"
@ -10,8 +9,8 @@ import (
 	"strconv"
 	"sync"

-	"git.ophivana.moe/security/fortify/internal"
-	"git.ophivana.moe/security/fortify/internal/fmsg"
+	"git.gensokyo.uk/security/fortify/internal"
+	"git.gensokyo.uk/security/fortify/internal/fmsg"
 )

 // Std implements System using the standard library.
@ -19,9 +18,6 @@ type Std struct {
 	paths     Paths
 	pathsOnce sync.Once

-	sdBooted     bool
-	sdBootedOnce sync.Once
-
 	uidOnce sync.Once
 	uidCopy map[int]struct {
 		uid int
@ -90,31 +86,3 @@ func (s *Std) Uid(aid int) (int, error) {
 		return u.uid, u.err
 	}
 }
-
-func (s *Std) SdBooted() bool {
-	s.sdBootedOnce.Do(func() { s.sdBooted = copySdBooted() })
-	return s.sdBooted
-}
-
-const systemdCheckPath = "/run/systemd/system"
-
-func copySdBooted() bool {
-	if v, err := sdBooted(); err != nil {
-		fmsg.Println("cannot read systemd marker:", err)
-		return false
-	} else {
-		return v
-	}
-}
-
-func sdBooted() (bool, error) {
-	_, err := os.Stat(systemdCheckPath)
-	if err != nil {
-		if errors.Is(err, fs.ErrNotExist) {
-			err = nil
-		}
-		return false, err
-	}
-
-	return true, nil
-}
--- a/internal/state/multi.go
+++ b/internal/state/multi.go
@ -0,0 +1,292 @@
+package state
+
+import (
+	"encoding/gob"
+	"errors"
+	"fmt"
+	"io/fs"
+	"os"
+	"path"
+	"strconv"
+	"sync"
+	"syscall"
+
+	"git.gensokyo.uk/security/fortify/fst"
+	"git.gensokyo.uk/security/fortify/internal/fmsg"
+)
+
+// fine-grained locking and access
+type multiStore struct {
+	base string
+
+	// initialised backends
+	backends *sync.Map
+
+	lock sync.RWMutex
+}
+
+func (s *multiStore) Do(aid int, f func(c Cursor)) (bool, error) {
+	s.lock.RLock()
+	defer s.lock.RUnlock()
+
+	// load or initialise new backend
+	b := new(multiBackend)
+	if v, ok := s.backends.LoadOrStore(aid, b); ok {
+		b = v.(*multiBackend)
+	} else {
+		b.lock.Lock()
+		b.path = path.Join(s.base, strconv.Itoa(aid))
+
+		// ensure directory
+		if err := os.MkdirAll(b.path, 0700); err != nil && !errors.Is(err, fs.ErrExist) {
+			s.backends.CompareAndDelete(aid, b)
+			return false, err
+		}
+
+		// open locker file
+		if l, err := os.OpenFile(b.path+".lock", os.O_RDWR|os.O_CREATE, 0600); err != nil {
+			s.backends.CompareAndDelete(aid, b)
+			return false, err
+		} else {
+			b.lockfile = l
+		}
+		b.lock.Unlock()
+	}
+
+	// lock backend
+	if err := b.lockFile(); err != nil {
+		return false, err
+	}
+
+	// expose backend methods without exporting the pointer
+	c := new(struct{ *multiBackend })
+	c.multiBackend = b
+	f(b)
+	// disable access to the backend on a best-effort basis
+	c.multiBackend = nil
+
+	// unlock backend
+	return true, b.unlockFile()
+}
+
+func (s *multiStore) List() ([]int, error) {
+	var entries []os.DirEntry
+
+	// read base directory to get all aids
+	if v, err := os.ReadDir(s.base); err != nil && !errors.Is(err, os.ErrNotExist) {
+		return nil, err
+	} else {
+		entries = v
+	}
+
+	aidsBuf := make([]int, 0, len(entries))
+	for _, e := range entries {
+		// skip non-directories
+		if !e.IsDir() {
+			fmsg.VPrintf("skipped non-directory entry %q", e.Name())
+			continue
+		}
+
+		// skip non-numerical names
+		if v, err := strconv.Atoi(e.Name()); err != nil {
+			fmsg.VPrintf("skipped non-aid entry %q", e.Name())
+			continue
+		} else {
+			if v < 0 || v > 9999 {
+				fmsg.VPrintf("skipped out of bounds entry %q", e.Name())
+				continue
+			}
+
+			aidsBuf = append(aidsBuf, v)
+		}
+	}
+
+	return append([]int(nil), aidsBuf...), nil
+}
+
+func (s *multiStore) Close() error {
+	s.lock.Lock()
+	defer s.lock.Unlock()
+
+	var errs []error
+	s.backends.Range(func(_, value any) bool {
+		b := value.(*multiBackend)
+		errs = append(errs, b.close())
+		return true
+	})
+
+	return errors.Join(errs...)
+}
+
+type multiBackend struct {
+	path string
+
+	// created/opened by prepare
+	lockfile *os.File
+
+	lock sync.RWMutex
+}
+
+func (b *multiBackend) filename(id *fst.ID) string {
+	return path.Join(b.path, id.String())
+}
+
+func (b *multiBackend) lockFileAct(lt int) (err error) {
+	op := "LockAct"
+	switch lt {
+	case syscall.LOCK_EX:
+		op = "Lock"
+	case syscall.LOCK_UN:
+		op = "Unlock"
+	}
+
+	for {
+		err = syscall.Flock(int(b.lockfile.Fd()), lt)
+		if !errors.Is(err, syscall.EINTR) {
+			break
+		}
+	}
+	if err != nil {
+		return &fs.PathError{
+			Op:   op,
+			Path: b.lockfile.Name(),
+			Err:  err,
+		}
+	}
+	return nil
+}
+
+func (b *multiBackend) lockFile() error {
+	return b.lockFileAct(syscall.LOCK_EX)
+}
+
+func (b *multiBackend) unlockFile() error {
+	return b.lockFileAct(syscall.LOCK_UN)
+}
+
+// reads all launchers in simpleBackend
+// file contents are ignored if decode is false
+func (b *multiBackend) load(decode bool) (Entries, error) {
+	b.lock.RLock()
+	defer b.lock.RUnlock()
+
+	// read directory contents, should only contain files named after ids
+	var entries []os.DirEntry
+	if pl, err := os.ReadDir(b.path); err != nil {
+		return nil, err
+	} else {
+		entries = pl
+	}
+
+	// allocate as if every entry is valid
+	// since that should be the case assuming no external interference happens
+	r := make(Entries, len(entries))
+
+	for _, e := range entries {
+		if e.IsDir() {
+			return nil, fmt.Errorf("unexpected directory %q in store", e.Name())
+		}
+
+		id := new(fst.ID)
+		if err := fst.ParseAppID(id, e.Name()); err != nil {
+			return nil, err
+		}
+
+		// run in a function to better handle file closing
+		if err := func() error {
+			// open state file for reading
+			if f, err := os.Open(path.Join(b.path, e.Name())); err != nil {
+				return err
+			} else {
+				defer func() {
+					if f.Close() != nil {
+						// unreachable
+						panic("foreign state file closed prematurely")
+					}
+				}()
+
+				s := new(State)
+				r[*id] = s
+
+				// append regardless, but only parse if required, used to implement Len
+				if decode {
+					if err = gob.NewDecoder(f).Decode(s); err != nil {
+						return err
+					}
+
+					if s.ID != *id {
+						return fmt.Errorf("state entry %s has unexpected id %s", id, &s.ID)
+					}
+				}
+
+				return nil
+			}
+		}(); err != nil {
+			return nil, err
+		}
+	}
+
+	return r, nil
+}
+
+// Save writes process state to filesystem
+func (b *multiBackend) Save(state *State) error {
+	b.lock.Lock()
+	defer b.lock.Unlock()
+
+	if state.Config == nil {
+		return errors.New("state does not contain config")
+	}
+
+	statePath := b.filename(&state.ID)
+
+	// create and open state data file
+	if f, err := os.OpenFile(statePath, os.O_RDWR|os.O_CREATE|os.O_EXCL, 0600); err != nil {
+		return err
+	} else {
+		defer func() {
+			if f.Close() != nil {
+				// unreachable
+				panic("state file closed prematurely")
+			}
+		}()
+		// encode into state file
+		return gob.NewEncoder(f).Encode(state)
+	}
+}
+
+func (b *multiBackend) Destroy(id fst.ID) error {
+	b.lock.Lock()
+	defer b.lock.Unlock()
+
+	return os.Remove(b.filename(&id))
+}
+
+func (b *multiBackend) Load() (Entries, error) {
+	return b.load(true)
+}
+
+func (b *multiBackend) Len() (int, error) {
+	// rn consists of only nil entries but has the correct length
+	rn, err := b.load(false)
+	return len(rn), err
+}
+
+func (b *multiBackend) close() error {
+	b.lock.Lock()
+	defer b.lock.Unlock()
+
+	err := b.lockfile.Close()
+	if err == nil || errors.Is(err, os.ErrInvalid) || errors.Is(err, os.ErrClosed) {
+		return nil
+	}
+	return err
+}
+
+// NewMulti returns an instance of the multi-file store.
+func NewMulti(runDir string) Store {
+	b := new(multiStore)
+	b.base = path.Join(runDir, "state")
+	b.backends = new(sync.Map)
+	return b
+}
--- a/internal/state/multi_test.go
+++ b/internal/state/multi_test.go
@ -0,0 +1,11 @@
+package state_test
+
+import (
+	"testing"
+
+	"git.gensokyo.uk/security/fortify/internal/state"
+)
+
+func TestMulti(t *testing.T) {
+	testStore(t, state.NewMulti(t.TempDir()))
+}
--- a/internal/state/print.go
+++ b/internal/state/print.go
@ -1,62 +1,45 @@
 package state

 import (
-	"errors"
 	"fmt"
 	"os"
-	"path"
-	"strconv"
 	"strings"
 	"text/tabwriter"
 	"time"

-	"git.ophivana.moe/security/fortify/internal/fmsg"
-	"git.ophivana.moe/security/fortify/internal/system"
+	"git.gensokyo.uk/security/fortify/internal/fmsg"
+	"git.gensokyo.uk/security/fortify/internal/system"
 )

 // MustPrintLauncherStateSimpleGlobal prints active launcher states of all simple stores
 // in an implementation-specific way.
 func MustPrintLauncherStateSimpleGlobal(w **tabwriter.Writer, runDir string) {
 	now := time.Now().UTC()
+	s := NewMulti(runDir)

 	// read runtime directory to get all UIDs
-	if dirs, err := os.ReadDir(path.Join(runDir, "state")); err != nil && !errors.Is(err, os.ErrNotExist) {
-		fmsg.Fatal("cannot read runtime directory:", err)
+	if aids, err := s.List(); err != nil {
+		fmsg.Fatal("cannot list store:", err)
 	} else {
-		for _, e := range dirs {
-			// skip non-directories
-			if !e.IsDir() {
-				fmsg.VPrintf("skipped non-directory entry %q", e.Name())
-				continue
-			}
-
-			// skip non-numerical names
-			if _, err = strconv.Atoi(e.Name()); err != nil {
-				fmsg.VPrintf("skipped non-uid entry %q", e.Name())
-				continue
-			}
-
-			// obtain temporary store
-			s := NewSimple(runDir, e.Name()).(*simpleStore)
-
+		for _, aid := range aids {
 			// print states belonging to this store
-			s.mustPrintLauncherState(w, now)
-
-			// mustPrintLauncherState causes store activity so store needs to be closed
-			if err = s.Close(); err != nil {
-				fmsg.Printf("cannot close store for user %q: %s", e.Name(), err)
-			}
+			s.(*multiStore).mustPrintLauncherState(aid, w, now)
 		}
 	}
+
+	// mustPrintLauncherState causes store activity so store needs to be closed
+	if err := s.Close(); err != nil {
+		fmsg.Printf("cannot close store: %v", err)
+	}
 }

-func (s *simpleStore) mustPrintLauncherState(w **tabwriter.Writer, now time.Time) {
+func (s *multiStore) mustPrintLauncherState(aid int, w **tabwriter.Writer, now time.Time) {
 	var innerErr error

-	if ok, err := s.Do(func(b Backend) {
+	if ok, err := s.Do(aid, func(c Cursor) {
 		innerErr = func() error {
 			// read launcher states
-			states, err := b.Load()
+			states, err := c.Load()
 			if err != nil {
 				return err
 			}
@ -111,25 +94,25 @@ func (s *simpleStore) mustPrintLauncherState(w **tabwriter.Writer, now time.Time
 				}

 				if !fmsg.Verbose() {
-					_, _ = fmt.Fprintf(*w, "\t%d\t%s\t%s\t%s\t%s\n",
-						state.PID, s.path[len(s.path)-1], now.Sub(state.Time).Round(time.Second).String(), strings.TrimPrefix(ets.String(), ", "), cs)
+					_, _ = fmt.Fprintf(*w, "\t%d\t%d\t%s\t%s\t%s\n",
+						state.PID, aid, now.Sub(state.Time).Round(time.Second).String(), strings.TrimPrefix(ets.String(), ", "), cs)
 				} else {
 					// emit argv instead when verbose
-					_, _ = fmt.Fprintf(*w, "\t%d\t%s\t%s\n",
-						state.PID, s.path[len(s.path)-1], state.ID)
+					_, _ = fmt.Fprintf(*w, "\t%d\t%d\t%s\n",
+						state.PID, aid, state.ID)
 				}
 			}

 			return nil
 		}()
 	}); err != nil {
-		fmsg.Printf("cannot perform action on store %q: %s", path.Join(s.path...), err)
+		fmsg.Printf("cannot perform action on app %d: %v", aid, err)
 		if !ok {
 			fmsg.Fatal("store faulted before printing")
 		}
 	}

 	if innerErr != nil {
-		fmsg.Fatalf("cannot print launcher state for store %q: %s", path.Join(s.path...), innerErr)
+		fmsg.Fatalf("cannot print launcher state of app %d: %s", aid, innerErr)
 	}
 }
--- a/internal/state/simple.go
+++ b/internal/state/simple.go
@ -1,222 +0,0 @@
-package state
-
-import (
-	"encoding/gob"
-	"errors"
-	"io/fs"
-	"os"
-	"path"
-	"strconv"
-	"sync"
-	"syscall"
-)
-
-// file-based locking
-type simpleStore struct {
-	path []string
-
-	// created/opened by prepare
-	lockfile *os.File
-	// enforce prepare method
-	init sync.Once
-	// error returned by prepare
-	initErr error
-
-	lock sync.Mutex
-}
-
-func (s *simpleStore) Do(f func(b Backend)) (bool, error) {
-	s.init.Do(s.prepare)
-	if s.initErr != nil {
-		return false, s.initErr
-	}
-
-	s.lock.Lock()
-	defer s.lock.Unlock()
-
-	// lock store
-	if err := s.lockFile(); err != nil {
-		return false, err
-	}
-
-	// initialise new backend for caller
-	b := new(simpleBackend)
-	b.path = path.Join(s.path...)
-	f(b)
-	// disable backend
-	b.lock.Lock()
-
-	// unlock store
-	return true, s.unlockFile()
-}
-
-func (s *simpleStore) lockFileAct(lt int) (err error) {
-	op := "LockAct"
-	switch lt {
-	case syscall.LOCK_EX:
-		op = "Lock"
-	case syscall.LOCK_UN:
-		op = "Unlock"
-	}
-
-	for {
-		err = syscall.Flock(int(s.lockfile.Fd()), lt)
-		if !errors.Is(err, syscall.EINTR) {
-			break
-		}
-	}
-	if err != nil {
-		return &fs.PathError{
-			Op:   op,
-			Path: s.lockfile.Name(),
-			Err:  err,
-		}
-	}
-	return nil
-}
-
-func (s *simpleStore) lockFile() error {
-	return s.lockFileAct(syscall.LOCK_EX)
-}
-
-func (s *simpleStore) unlockFile() error {
-	return s.lockFileAct(syscall.LOCK_UN)
-}
-
-func (s *simpleStore) prepare() {
-	s.initErr = func() error {
-		prefix := path.Join(s.path...)
-		// ensure directory
-		if err := os.MkdirAll(prefix, 0700); err != nil && !errors.Is(err, fs.ErrExist) {
-			return err
-		}
-
-		// open locker file
-		if f, err := os.OpenFile(prefix+".lock", os.O_RDWR|os.O_CREATE, 0600); err != nil {
-			return err
-		} else {
-			s.lockfile = f
-		}
-
-		return nil
-	}()
-}
-
-func (s *simpleStore) Close() error {
-	s.lock.Lock()
-	defer s.lock.Unlock()
-
-	err := s.lockfile.Close()
-	if err == nil || errors.Is(err, os.ErrInvalid) || errors.Is(err, os.ErrClosed) {
-		return nil
-	}
-	return err
-}
-
-type simpleBackend struct {
-	path string
-
-	lock sync.RWMutex
-}
-
-func (b *simpleBackend) filename(pid int) string {
-	return path.Join(b.path, strconv.Itoa(pid))
-}
-
-// reads all launchers in simpleBackend
-// file contents are ignored if decode is false
-func (b *simpleBackend) load(decode bool) ([]*State, error) {
-	b.lock.RLock()
-	defer b.lock.RUnlock()
-
-	var (
-		r []*State
-		f *os.File
-	)
-
-	// read directory contents, should only contain files named after PIDs
-	if pl, err := os.ReadDir(b.path); err != nil {
-		return nil, err
-	} else {
-		for _, e := range pl {
-			// run in a function to better handle file closing
-			if err = func() error {
-				// open state file for reading
-				if f, err = os.Open(path.Join(b.path, e.Name())); err != nil {
-					return err
-				} else {
-					defer func() {
-						if f.Close() != nil {
-							// unreachable
-							panic("foreign state file closed prematurely")
-						}
-					}()
-
-					var s State
-					r = append(r, &s)
-
-					// append regardless, but only parse if required, used to implement Len
-					if decode {
-						return gob.NewDecoder(f).Decode(&s)
-					} else {
-						return nil
-					}
-				}
-			}(); err != nil {
-				return nil, err
-			}
-		}
-	}
-
-	return r, nil
-}
-
-// Save writes process state to filesystem
-func (b *simpleBackend) Save(state *State) error {
-	b.lock.Lock()
-	defer b.lock.Unlock()
-
-	if state.Config == nil {
-		return errors.New("state does not contain config")
-	}
-
-	statePath := b.filename(state.PID)
-
-	// create and open state data file
-	if f, err := os.OpenFile(statePath, os.O_RDWR|os.O_CREATE|os.O_EXCL, 0600); err != nil {
-		return err
-	} else {
-		defer func() {
-			if f.Close() != nil {
-				// unreachable
-				panic("state file closed prematurely")
-			}
-		}()
-		// encode into state file
-		return gob.NewEncoder(f).Encode(state)
-	}
-}
-
-func (b *simpleBackend) Destroy(pid int) error {
-	b.lock.Lock()
-	defer b.lock.Unlock()
-
-	return os.Remove(b.filename(pid))
-}
-
-func (b *simpleBackend) Load() ([]*State, error) {
-	return b.load(true)
-}
-
-func (b *simpleBackend) Len() (int, error) {
-	// rn consists of only nil entries but has the correct length
-	rn, err := b.load(false)
-	return len(rn), err
-}
-
-// NewSimple returns an instance of a file-based store.
-func NewSimple(runDir string, prefix ...string) Store {
-	b := new(simpleStore)
-	b.path = append([]string{runDir, "state"}, prefix...)
-	return b
-}
--- a/internal/state/state.go
+++ b/internal/state/state.go
@ -3,24 +3,30 @@ package state
 import (
 	"time"

-	"git.ophivana.moe/security/fortify/fst"
+	"git.gensokyo.uk/security/fortify/fst"
 )

+type Entries map[fst.ID]*State
+
 type Store interface {
 	// Do calls f exactly once and ensures store exclusivity until f returns.
 	// Returns whether f is called and any errors during the locking process.
-	// Backend provided to f becomes invalid as soon as f returns.
-	Do(f func(b Backend)) (bool, error)
+	// Cursor provided to f becomes invalid as soon as f returns.
+	Do(aid int, f func(c Cursor)) (ok bool, err error)
+
+	// List queries the store and returns a list of aids known to the store.
+	// Note that some or all returned aids might not have any active apps.
+	List() (aids []int, err error)

 	// Close releases any resources held by Store.
 	Close() error
 }

-// Backend provides access to the store
-type Backend interface {
+// Cursor provides access to the store
+type Cursor interface {
 	Save(state *State) error
-	Destroy(pid int) error
-	Load() ([]*State, error)
+	Destroy(id fst.ID) error
+	Load() (Entries, error)
 	Len() (int, error)
 }

--- a/internal/state/state_test.go
+++ b/internal/state/state_test.go
@ -0,0 +1,126 @@
+package state_test
+
+import (
+	"math/rand/v2"
+	"reflect"
+	"slices"
+	"testing"
+	"time"
+
+	"git.gensokyo.uk/security/fortify/fst"
+	"git.gensokyo.uk/security/fortify/internal/state"
+)
+
+func testStore(t *testing.T, s state.Store) {
+	t.Run("list empty store", func(t *testing.T) {
+		if aids, err := s.List(); err != nil {
+			t.Fatalf("List: error = %v", err)
+		} else if len(aids) != 0 {
+			t.Fatalf("List: aids = %#v", aids)
+		}
+	})
+
+	const (
+		insertEntryChecked = iota
+		insertEntryNoCheck
+		insertEntryOtherApp
+
+		tl
+	)
+
+	var tc [tl]state.State
+	for i := 0; i < tl; i++ {
+		makeState(t, &tc[i])
+	}
+
+	do := func(aid int, f func(c state.Cursor)) {
+		if ok, err := s.Do(aid, f); err != nil {
+			t.Fatalf("Do: ok = %v, error = %v", ok, err)
+		}
+	}
+
+	insert := func(i, aid int) {
+		do(aid, func(c state.Cursor) {
+			if err := c.Save(&tc[i]); err != nil {
+				t.Fatalf("Save(&tc[%v]): error = %v", i, err)
+			}
+		})
+	}
+
+	check := func(i, aid int) {
+		do(aid, func(c state.Cursor) {
+			if entries, err := c.Load(); err != nil {
+				t.Fatalf("Load: error = %v", err)
+			} else if got, ok := entries[tc[i].ID]; !ok {
+				t.Fatalf("Load: entry %s missing",
+					&tc[i].ID)
+			} else {
+				got.Time = tc[i].Time
+				if !reflect.DeepEqual(got, &tc[i]) {
+					t.Fatalf("Load: entry %s got %#v, want %#v",
+						&tc[i].ID, got, &tc[i])
+				}
+			}
+		})
+	}
+
+	t.Run("insert entry checked", func(t *testing.T) {
+		insert(insertEntryChecked, 0)
+		check(insertEntryChecked, 0)
+	})
+
+	t.Run("insert entry unchecked", func(t *testing.T) {
+		insert(insertEntryNoCheck, 0)
+	})
+
+	t.Run("insert entry different aid", func(t *testing.T) {
+		insert(insertEntryOtherApp, 1)
+		check(insertEntryOtherApp, 1)
+	})
+
+	t.Run("check previous insertion", func(t *testing.T) {
+		check(insertEntryNoCheck, 0)
+	})
+
+	t.Run("list aids", func(t *testing.T) {
+		if aids, err := s.List(); err != nil {
+			t.Fatalf("List: error = %v", err)
+		} else {
+			slices.Sort(aids)
+			want := []int{0, 1}
+			if slices.Compare(aids, want) != 0 {
+				t.Fatalf("List() = %#v, want %#v", aids, want)
+			}
+		}
+	})
+
+	t.Run("clear aid 1", func(t *testing.T) {
+		do(1, func(c state.Cursor) {
+			if err := c.Destroy(tc[insertEntryOtherApp].ID); err != nil {
+				t.Fatalf("Destroy: error = %v", err)
+			}
+		})
+		do(1, func(c state.Cursor) {
+			if l, err := c.Len(); err != nil {
+				t.Fatalf("Len: error = %v", err)
+			} else if l != 0 {
+				t.Fatalf("Len() = %d, want 0", l)
+			}
+		})
+	})
+
+	t.Run("close store", func(t *testing.T) {
+		if err := s.Close(); err != nil {
+			t.Fatalf("Close: error = %v", err)
+		}
+	})
+}
+
+func makeState(t *testing.T, s *state.State) {
+	if err := fst.NewAppID(&s.ID); err != nil {
+		t.Fatalf("cannot create dummy state: %v", err)
+	}
+	s.Config = fst.Template()
+	s.PID = rand.Int()
+	s.Time = time.Now()
+}
--- a/internal/system/acl.go
+++ b/internal/system/acl.go
@ -4,8 +4,8 @@ import (
 	"fmt"
 	"slices"

-	"git.ophivana.moe/security/fortify/acl"
-	"git.ophivana.moe/security/fortify/internal/fmsg"
+	"git.gensokyo.uk/security/fortify/acl"
+	"git.gensokyo.uk/security/fortify/internal/fmsg"
 )

 // UpdatePerm appends an ephemeral acl update Op.
--- a/internal/system/acl_test.go
+++ b/internal/system/acl_test.go
@ -3,7 +3,7 @@ package system
 import (
 	"testing"

-	"git.ophivana.moe/security/fortify/acl"
+	"git.gensokyo.uk/security/fortify/acl"
 )

 func TestUpdatePerm(t *testing.T) {
--- a/internal/system/dbus.go
+++ b/internal/system/dbus.go
@ -7,8 +7,8 @@ import (
 	"strings"
 	"sync"

-	"git.ophivana.moe/security/fortify/dbus"
-	"git.ophivana.moe/security/fortify/internal/fmsg"
+	"git.gensokyo.uk/security/fortify/dbus"
+	"git.gensokyo.uk/security/fortify/internal/fmsg"
 )

 var (
--- a/internal/system/mkdir.go
+++ b/internal/system/mkdir.go
@ -5,7 +5,7 @@ import (
 	"fmt"
 	"os"

-	"git.ophivana.moe/security/fortify/internal/fmsg"
+	"git.gensokyo.uk/security/fortify/internal/fmsg"
 )

 // Ensure the existence and mode of a directory.
--- a/internal/system/op.go
+++ b/internal/system/op.go
@ -5,7 +5,7 @@ import (
 	"os"
 	"sync"

-	"git.ophivana.moe/security/fortify/internal/fmsg"
+	"git.gensokyo.uk/security/fortify/internal/fmsg"
 )

 const (
--- a/internal/system/op_test.go
+++ b/internal/system/op_test.go
@ -4,7 +4,7 @@ import (
 	"strconv"
 	"testing"

-	"git.ophivana.moe/security/fortify/internal/system"
+	"git.gensokyo.uk/security/fortify/internal/system"
 )

 func TestNew(t *testing.T) {
--- a/internal/system/tmpfiles.go
+++ b/internal/system/tmpfiles.go
@ -7,8 +7,8 @@ import (
 	"os"
 	"strconv"

-	"git.ophivana.moe/security/fortify/acl"
-	"git.ophivana.moe/security/fortify/internal/fmsg"
+	"git.gensokyo.uk/security/fortify/acl"
+	"git.gensokyo.uk/security/fortify/internal/fmsg"
 )

 // CopyFile registers an Op that copies path dst from src.
--- a/internal/system/tmpfiles_test.go
+++ b/internal/system/tmpfiles_test.go
@ -4,7 +4,7 @@ import (
 	"strconv"
 	"testing"

-	"git.ophivana.moe/security/fortify/acl"
+	"git.gensokyo.uk/security/fortify/acl"
 )

 func TestCopyFile(t *testing.T) {
--- a/internal/system/wayland.go
+++ b/internal/system/wayland.go
@ -5,9 +5,9 @@ import (
 	"fmt"
 	"os"

-	"git.ophivana.moe/security/fortify/acl"
-	"git.ophivana.moe/security/fortify/internal/fmsg"
-	"git.ophivana.moe/security/fortify/wl"
+	"git.gensokyo.uk/security/fortify/acl"
+	"git.gensokyo.uk/security/fortify/internal/fmsg"
+	"git.gensokyo.uk/security/fortify/wl"
 )

 // Wayland sets up a wayland socket with a security context attached.
--- a/internal/system/xhost.go
+++ b/internal/system/xhost.go
@ -3,8 +3,8 @@ package system
 import (
 	"fmt"

-	"git.ophivana.moe/security/fortify/internal/fmsg"
-	"git.ophivana.moe/security/fortify/xcb"
+	"git.gensokyo.uk/security/fortify/internal/fmsg"
+	"git.gensokyo.uk/security/fortify/xcb"
 )

 // ChangeHosts appends an X11 ChangeHosts command Op.
--- a/ldd/exec.go
+++ b/ldd/exec.go
@ -6,8 +6,8 @@ import (
 	"os/exec"
 	"strings"

-	"git.ophivana.moe/security/fortify/helper"
-	"git.ophivana.moe/security/fortify/helper/bwrap"
+	"git.gensokyo.uk/security/fortify/helper"
+	"git.gensokyo.uk/security/fortify/helper/bwrap"
 )

 func Exec(p string) ([]*Entry, error) {
--- a/ldd/ldd_test.go
+++ b/ldd/ldd_test.go
@ -6,7 +6,7 @@ import (
 	"strings"
 	"testing"

-	"git.ophivana.moe/security/fortify/ldd"
+	"git.gensokyo.uk/security/fortify/ldd"
 )

 func TestParseError(t *testing.T) {
--- a/main.go
+++ b/main.go
@ -11,14 +11,14 @@ import (
 	"sync"
 	"text/tabwriter"

-	"git.ophivana.moe/security/fortify/dbus"
-	"git.ophivana.moe/security/fortify/fst"
-	"git.ophivana.moe/security/fortify/internal"
-	"git.ophivana.moe/security/fortify/internal/app"
-	"git.ophivana.moe/security/fortify/internal/fmsg"
-	"git.ophivana.moe/security/fortify/internal/linux"
-	"git.ophivana.moe/security/fortify/internal/state"
-	"git.ophivana.moe/security/fortify/internal/system"
+	"git.gensokyo.uk/security/fortify/dbus"
+	"git.gensokyo.uk/security/fortify/fst"
+	"git.gensokyo.uk/security/fortify/internal"
+	"git.gensokyo.uk/security/fortify/internal/app"
+	"git.gensokyo.uk/security/fortify/internal/fmsg"
+	"git.gensokyo.uk/security/fortify/internal/linux"
+	"git.gensokyo.uk/security/fortify/internal/state"
+	"git.gensokyo.uk/security/fortify/internal/system"
 )

 var (
@ -277,10 +277,6 @@ func main() {
 }

 func runApp(config *fst.Config) {
-	if os.SdBooted() {
-		fmsg.VPrintln("system booted with systemd as init system")
-	}
-
 	a, err := app.New(os)
 	if err != nil {
 		fmsg.Fatalf("cannot create app: %s\n", err)
--- a/options.md
+++ b/options.md
@ -36,7 +36,7 @@ package


 *Default:*
-` <derivation fortify-0.2.4> `
+` <derivation fortify-0.2.5> `



--- a/package.nix
+++ b/package.nix
@ -14,7 +14,7 @@

 buildGoModule rec {
  pname = "fortify";
-  version = "0.2.4";
+  version = "0.2.5";

  src = ./.;
  vendorHash = null;
@ -26,7 +26,7 @@ buildGoModule rec {
        ldflags
        ++ [
          "-X"
-          "git.ophivana.moe/security/fortify/internal.${name}=${value}"
+          "git.gensokyo.uk/security/fortify/internal.${name}=${value}"
        ]
      )
      [
--- a/test.nix
+++ b/test.nix
@ -214,5 +214,8 @@ nixosTest {
    swaymsg("exit", succeed=False)
    machine.wait_until_fails("pgrep -x sway")
    machine.wait_for_file("/tmp/sway-exit-ok")
+
+    # Print fortify runDir contents:
+    print(machine.succeed("find /run/user/1000/fortify"))
  '';
 }
Author	SHA1	Message	Date
Ophestra Umiker	195b717e01	release: 0.2.5 All checks were successful Tests / Go tests (push) Successful in 49s Details Create distribution / Release (push) Successful in 1m6s Details Nix / NixOS tests (push) Successful in 1m23s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-20 00:28:48 +09:00
Ophestra Umiker	df6fc298f6	migrate to git.gensokyo.uk/security/fortify All checks were successful Tests / Go tests (push) Successful in 2m55s Details Nix / NixOS tests (push) Successful in 5m10s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-20 00:20:02 +09:00
Ophestra Umiker	eae3034260	state: expose aids and use instance id as key All checks were successful Tests / Go tests (push) Successful in 39s Details Nix / NixOS tests (push) Successful in 3m26s Details Fortify state store instances was specific to aids due to outdated design decisions carried over from the ego rewrite. That no longer makes sense in the current application, so the interface now enables a single store object to manage all transient state. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-19 21:36:17 +09:00
Ophestra Umiker	5ea7333431	fst: implement app id parser All checks were successful Tests / Go tests (push) Successful in 40s Details Nix / NixOS tests (push) Successful in 3m8s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-19 18:19:47 +09:00
Ophestra Umiker	f796622c35	state: rename simple store implementation All checks were successful Tests / Go tests (push) Successful in 42s Details Nix / NixOS tests (push) Successful in 3m4s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-19 11:48:48 +09:00
Ophestra Umiker	5d25bee786	fortify: remove systemd check All checks were successful Tests / Go tests (push) Successful in 38s Details Nix / NixOS tests (push) Successful in 3m3s Details This is no longer necessary as fortify no longer integrates with external user switchers. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-19 11:14:31 +09:00
Ophestra Umiker	b48ece3bb0	acl: use test-managed tmpdir All checks were successful Tests / Go tests (push) Successful in 44s Details Nix / NixOS tests (push) Successful in 3m7s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-19 11:08:13 +09:00