From 9a66fbfb50d7da14ce38d384548a9f695925c73a Mon Sep 17 00:00:00 2001 From: Ophestra Date: Mon, 2 Jun 2025 18:53:28 +0900 Subject: [PATCH] nix: update flake lock Signed-off-by: Ophestra --- cmd/fsu/package.nix | 2 +- dbus/dbus_test.go | 6 +++--- flake.lock | 16 ++++++++-------- flake.nix | 4 ++-- helper/cmd_test.go | 4 ++-- helper/container_test.go | 4 ++-- helper/helper_test.go | 4 ++-- sandbox/container_test.go | 4 ++-- test/sandbox/case/device.nix | 9 +++++++++ test/sandbox/case/mapuid.nix | 9 +++++++++ test/sandbox/case/preset.nix | 9 +++++++++ test/sandbox/case/tty.nix | 9 +++++++++ 12 files changed, 58 insertions(+), 22 deletions(-) diff --git a/cmd/fsu/package.nix b/cmd/fsu/package.nix index 879c637..ab5c4b4 100644 --- a/cmd/fsu/package.nix +++ b/cmd/fsu/package.nix @@ -10,7 +10,7 @@ buildGoModule { src = ./.; inherit (fortify) vendorHash; - CGO_ENABLED = 0; + env.CGO_ENABLED = 0; preBuild = '' go mod init fsu >& /dev/null diff --git a/dbus/dbus_test.go b/dbus/dbus_test.go index 206692b..d1a9775 100644 --- a/dbus/dbus_test.go +++ b/dbus/dbus_test.go @@ -90,9 +90,9 @@ func testProxyFinaliseStartWaitCloseString(t *testing.T, useSandbox bool) { t.Run("invalid start", func(t *testing.T) { if !useSandbox { - p = dbus.NewDirect(context.TODO(), nil, nil) + p = dbus.NewDirect(t.Context(), nil, nil) } else { - p = dbus.New(context.TODO(), nil, nil) + p = dbus.New(t.Context(), nil, nil) } if err := p.Start(); !errors.Is(err, syscall.ENOTRECOVERABLE) { @@ -120,7 +120,7 @@ func testProxyFinaliseStartWaitCloseString(t *testing.T, useSandbox bool) { } }) - ctx, cancel := context.WithTimeout(context.TODO(), 5*time.Second) + ctx, cancel := context.WithTimeout(t.Context(), 5*time.Second) defer cancel() if !useSandbox { p = dbus.NewDirect(ctx, final, nil) diff --git a/flake.lock b/flake.lock index 9819846..7793d7f 100644 --- a/flake.lock +++ b/flake.lock @@ -7,32 +7,32 @@ ] }, "locked": { - "lastModified": 1746171682, - "narHash": "sha256-EyXUNSa+H+YvGVuQJP1nZskXAowxKYp79RNUsNdQTj4=", + "lastModified": 1748665073, + "narHash": "sha256-RMhjnPKWtCoIIHiuR9QKD7xfsKb3agxzMfJY8V9MOew=", "owner": "nix-community", "repo": "home-manager", - "rev": "50eee705bbdbac942074a8c120e8194185633675", + "rev": "282e1e029cb6ab4811114fc85110613d72771dea", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-24.11", + "ref": "release-25.05", "repo": "home-manager", "type": "github" } }, "nixpkgs": { "locked": { - "lastModified": 1746557022, - "narHash": "sha256-QkNoyEf6TbaTW5UZYX0OkwIJ/ZMeKSSoOMnSDPQuol0=", + "lastModified": 1748437600, + "narHash": "sha256-hYKMs3ilp09anGO7xzfGs3JqEgUqFMnZ8GMAqI6/k04=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1d3aeb5a193b9ff13f63f4d9cc169fb88129f860", + "rev": "7282cb574e0607e65224d33be8241eae7cfe0979", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-24.11", + "ref": "nixos-25.05", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index 93e21be..7aee0e1 100644 --- a/flake.nix +++ b/flake.nix @@ -2,10 +2,10 @@ description = "fortify sandbox tool and nixos module"; inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05"; home-manager = { - url = "github:nix-community/home-manager/release-24.11"; + url = "github:nix-community/home-manager/release-25.05"; inputs.nixpkgs.follows = "nixpkgs"; }; }; diff --git a/helper/cmd_test.go b/helper/cmd_test.go index a761d82..baad031 100644 --- a/helper/cmd_test.go +++ b/helper/cmd_test.go @@ -13,7 +13,7 @@ import ( func TestCmd(t *testing.T) { t.Run("start non-existent helper path", func(t *testing.T) { - h := helper.NewDirect(context.Background(), "/proc/nonexistent", argsWt, false, argF, nil, nil) + h := helper.NewDirect(t.Context(), "/proc/nonexistent", argsWt, false, argF, nil, nil) if err := h.Start(); !errors.Is(err, os.ErrNotExist) { t.Errorf("Start: error = %v, wantErr %v", @@ -22,7 +22,7 @@ func TestCmd(t *testing.T) { }) t.Run("valid new helper nil check", func(t *testing.T) { - if got := helper.NewDirect(context.TODO(), "fortify", argsWt, false, argF, nil, nil); got == nil { + if got := helper.NewDirect(t.Context(), "fortify", argsWt, false, argF, nil, nil); got == nil { t.Errorf("NewDirect(%q, %q) got nil", argsWt, "fortify") return diff --git a/helper/container_test.go b/helper/container_test.go index 886cbf4..088237c 100644 --- a/helper/container_test.go +++ b/helper/container_test.go @@ -15,7 +15,7 @@ import ( func TestContainer(t *testing.T) { t.Run("start empty container", func(t *testing.T) { - h := helper.New(context.Background(), "/nonexistent", argsWt, false, argF, nil, nil) + h := helper.New(t.Context(), "/nonexistent", argsWt, false, argF, nil, nil) wantErr := "sandbox: starting an empty container" if err := h.Start(); err == nil || err.Error() != wantErr { @@ -25,7 +25,7 @@ func TestContainer(t *testing.T) { }) t.Run("valid new helper nil check", func(t *testing.T) { - if got := helper.New(context.TODO(), "fortify", argsWt, false, argF, nil, nil); got == nil { + if got := helper.New(t.Context(), "fortify", argsWt, false, argF, nil, nil); got == nil { t.Errorf("New(%q, %q) got nil", argsWt, "fortify") return diff --git a/helper/helper_test.go b/helper/helper_test.go index aa7916d..be85304 100644 --- a/helper/helper_test.go +++ b/helper/helper_test.go @@ -55,7 +55,7 @@ func testHelper(t *testing.T, createHelper func(ctx context.Context, setOutput f t.Cleanup(func() { helper.WaitDelay = oldWaitDelay }) t.Run("start helper with status channel and wait", func(t *testing.T) { - ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) + ctx, cancel := context.WithTimeout(t.Context(), 5*time.Second) stdout := new(strings.Builder) h := createHelper(ctx, func(stdoutP, stderrP *io.Writer) { *stdoutP, *stderrP = stdout, os.Stderr }, true) @@ -109,7 +109,7 @@ func testHelper(t *testing.T, createHelper func(ctx context.Context, setOutput f }) t.Run("start helper and wait", func(t *testing.T) { - ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) + ctx, cancel := context.WithTimeout(t.Context(), 5*time.Second) defer cancel() stdout := new(strings.Builder) h := createHelper(ctx, func(stdoutP, stderrP *io.Writer) { *stdoutP, *stderrP = stdout, os.Stderr }, false) diff --git a/sandbox/container_test.go b/sandbox/container_test.go index 0ba75da..545ffa8 100644 --- a/sandbox/container_test.go +++ b/sandbox/container_test.go @@ -70,7 +70,7 @@ func TestContainer(t *testing.T) { for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { - ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) + ctx, cancel := context.WithTimeout(t.Context(), 5*time.Second) defer cancel() container := sandbox.New(ctx, "/usr/bin/sandbox.test", "-test.v", @@ -162,7 +162,7 @@ func e(root, target, vfsOptstr, fsType, source, fsOptstr string) *vfs.MountInfoE } func TestContainerString(t *testing.T) { - container := sandbox.New(context.TODO(), "ldd", "/usr/bin/env") + container := sandbox.New(t.Context(), "ldd", "/usr/bin/env") container.Flags |= sandbox.FAllowDevel container.Seccomp |= seccomp.FilterMultiarch want := `argv: ["ldd" "/usr/bin/env"], flags: 0x2, seccomp: 0x2e` diff --git a/test/sandbox/case/device.nix b/test/sandbox/case/device.nix index 173b3e0..802e2e3 100644 --- a/test/sandbox/case/device.nix +++ b/test/sandbox/case/device.nix @@ -35,6 +35,7 @@ "NIXOS" = fs "80001ff" null null; "X11" = fs "80001ff" null null; "alsa" = fs "80001ff" null null; + "bash_logout" = fs "80001ff" null null; "bashrc" = fs "80001ff" null null; "binfmt.d" = fs "80001ff" null null; "dbus-1" = fs "80001ff" null null; @@ -148,7 +149,15 @@ } null; } null; ".local" = fs "800001ed" { + share = fs "800001ed" { + dbus-1 = fs "800001ed" { + services = fs "800001ed" { + "ca.desrt.dconf.service" = fs "80001ff" null null; + } null; + } null; + } null; state = fs "800001ed" { + ".keep" = fs "80001ff" null ""; home-manager = fs "800001ed" { gcroots = fs "800001ed" { current-home = fs "80001ff" null null; } null; } null; nix = fs "800001ed" { profiles = fs "800001ed" { diff --git a/test/sandbox/case/mapuid.nix b/test/sandbox/case/mapuid.nix index 21c89c2..228532c 100644 --- a/test/sandbox/case/mapuid.nix +++ b/test/sandbox/case/mapuid.nix @@ -59,6 +59,7 @@ "NIXOS" = fs "80001ff" null null; "X11" = fs "80001ff" null null; "alsa" = fs "80001ff" null null; + "bash_logout" = fs "80001ff" null null; "bashrc" = fs "80001ff" null null; "binfmt.d" = fs "80001ff" null null; "dbus-1" = fs "80001ff" null null; @@ -172,7 +173,15 @@ } null; } null; ".local" = fs "800001ed" { + share = fs "800001ed" { + dbus-1 = fs "800001ed" { + services = fs "800001ed" { + "ca.desrt.dconf.service" = fs "80001ff" null null; + } null; + } null; + } null; state = fs "800001ed" { + ".keep" = fs "80001ff" null ""; home-manager = fs "800001ed" { gcroots = fs "800001ed" { current-home = fs "80001ff" null null; } null; } null; nix = fs "800001ed" { profiles = fs "800001ed" { diff --git a/test/sandbox/case/preset.nix b/test/sandbox/case/preset.nix index bbea0e4..455ce8a 100644 --- a/test/sandbox/case/preset.nix +++ b/test/sandbox/case/preset.nix @@ -59,6 +59,7 @@ "NIXOS" = fs "80001ff" null null; "X11" = fs "80001ff" null null; "alsa" = fs "80001ff" null null; + "bash_logout" = fs "80001ff" null null; "bashrc" = fs "80001ff" null null; "binfmt.d" = fs "80001ff" null null; "dbus-1" = fs "80001ff" null null; @@ -172,7 +173,15 @@ } null; } null; ".local" = fs "800001ed" { + share = fs "800001ed" { + dbus-1 = fs "800001ed" { + services = fs "800001ed" { + "ca.desrt.dconf.service" = fs "80001ff" null null; + } null; + } null; + } null; state = fs "800001ed" { + ".keep" = fs "80001ff" null ""; home-manager = fs "800001ed" { gcroots = fs "800001ed" { current-home = fs "80001ff" null null; } null; } null; nix = fs "800001ed" { profiles = fs "800001ed" { diff --git a/test/sandbox/case/tty.nix b/test/sandbox/case/tty.nix index 72b2c29..6077ea4 100644 --- a/test/sandbox/case/tty.nix +++ b/test/sandbox/case/tty.nix @@ -60,6 +60,7 @@ "NIXOS" = fs "80001ff" null null; "X11" = fs "80001ff" null null; "alsa" = fs "80001ff" null null; + "bash_logout" = fs "80001ff" null null; "bashrc" = fs "80001ff" null null; "binfmt.d" = fs "80001ff" null null; "dbus-1" = fs "80001ff" null null; @@ -173,7 +174,15 @@ } null; } null; ".local" = fs "800001ed" { + share = fs "800001ed" { + dbus-1 = fs "800001ed" { + services = fs "800001ed" { + "ca.desrt.dconf.service" = fs "80001ff" null null; + } null; + } null; + } null; state = fs "800001ed" { + ".keep" = fs "80001ff" null ""; home-manager = fs "800001ed" { gcroots = fs "800001ed" { current-home = fs "80001ff" null null; } null; } null; nix = fs "800001ed" { profiles = fs "800001ed" {