cmd/fpkg: call app in-process

Wrapping fortify is slow, painful and error-prone. Start apps in-process instead. Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-26 19:46:43 +09:00
parent 45ad788c6d
commit 673b648bd3
10 changed files with 121 additions and 115 deletions
--- a/package.nix
+++ b/package.nix
@@ -44,18 +44,15 @@ buildGoModule rec {
        ldflags ++ [ "-X git.gensokyo.uk/security/fortify/internal.${name}=${value}" ]
      )
      (
-        [
-          "-s -w"
-        ]
+        [ "-s -w" ]
        ++ lib.optionals withStatic [
          "-linkmode external"
          "-extldflags \"-static\""
        ]
      )
      {
-        Version = "v${version}";
-        Fsu = "/run/wrappers/bin/fsu";
-        Fortify = "${placeholder "out"}/libexec/fortify";
+        version = "v${version}";
+        fsu = "/run/wrappers/bin/fsu";
      };

  # nix build environment does not allow acls