security/hakurei
security/hakurei
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

treewide: migrate to hakurei.app
All checks were successful
Test / Create distribution (push) Successful in 24s
Details
Test / Sandbox (push) Successful in 46s
Details
Test / Hakurei (push) Successful in 2m9s
Details
Test / Sandbox (race detector) (push) Successful in 3m14s
Details
Test / Planterette (push) Successful in 3m41s
Details
Test / Hakurei (race detector) (push) Successful in 3m40s
Details
Test / Flake checks (push) Successful in 1m18s
Details

Browse Source 
Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra 2025-07-03 03:30:39 +09:00
parent 1b5ecd9eaf
commit d2f9a9b83b
Signed by: cat
SSH Key Fingerprint: SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
89 changed files with 205 additions and 205 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -7,8 +7,8 @@
</p> </p>
<p align="center"> <p align="center">
<a href="https://pkg.go.dev/git.gensokyo.uk/security/hakurei"><img src="https://pkg.go.dev/badge/git.gensokyo.uk/security/hakurei.svg" alt="Go Reference" /></a> <a href="https://pkg.go.dev/hakurei.app"><img src="https://pkg.go.dev/badge/hakurei.app.svg" alt="Go Reference" /></a>
<a href="https://goreportcard.com/report/git.gensokyo.uk/security/hakurei"><img src="https://goreportcard.com/badge/git.gensokyo.uk/security/hakurei" alt="Go Report Card" /></a> <a href="https://goreportcard.com/report/hakurei.app"><img src="https://goreportcard.com/badge/hakurei.app" alt="Go Report Card" /></a>
</p> </p>
Hakurei is a tool for running sandboxed graphical applications as dedicated subordinate users on the Linux kernel. Hakurei is a tool for running sandboxed graphical applications as dedicated subordinate users on the Linux kernel.

18
cmd/hakurei/command.go
View File

@ -13,15 +13,15 @@ import (
"syscall" "syscall"
"time" "time"
"git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" "hakurei.app/cmd/hakurei/internal/app"
"git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app/instance" "hakurei.app/cmd/hakurei/internal/app/instance"
"git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/state" "hakurei.app/cmd/hakurei/internal/state"
"git.gensokyo.uk/security/hakurei/command" "hakurei.app/command"
"git.gensokyo.uk/security/hakurei/hst" "hakurei.app/hst"
"git.gensokyo.uk/security/hakurei/internal" "hakurei.app/internal"
"git.gensokyo.uk/security/hakurei/internal/hlog" "hakurei.app/internal/hlog"
"git.gensokyo.uk/security/hakurei/system" "hakurei.app/system"
"git.gensokyo.uk/security/hakurei/system/dbus" "hakurei.app/system/dbus"
) )
func buildCommand(out io.Writer) command.Command { func buildCommand(out io.Writer) command.Command {

2
cmd/hakurei/command_test.go
View File

@ -6,7 +6,7 @@ import (
"flag" "flag"
"testing" "testing"
"git.gensokyo.uk/security/hakurei/command" "hakurei.app/command"
) )
func TestHelp(t *testing.T) { func TestHelp(t *testing.T) {

2
cmd/hakurei/internal/app/app.go
View File

@ -5,7 +5,7 @@ import (
"syscall" "syscall"
"time" "time"
"git.gensokyo.uk/security/hakurei/hst" "hakurei.app/hst"
) )
type App interface { type App interface {

2
cmd/hakurei/internal/app/id_test.go
View File

@ -4,7 +4,7 @@ import (
"errors" "errors"
"testing" "testing"
. "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" . "hakurei.app/cmd/hakurei/internal/app"
) )
func TestParseAppID(t *testing.T) { func TestParseAppID(t *testing.T) {

10
cmd/hakurei/internal/app/instance/common/container.go
View File

@ -8,11 +8,11 @@ import (
"path" "path"
"syscall" "syscall"
"git.gensokyo.uk/security/hakurei/container" "hakurei.app/container"
"git.gensokyo.uk/security/hakurei/container/seccomp" "hakurei.app/container/seccomp"
"git.gensokyo.uk/security/hakurei/hst" "hakurei.app/hst"
"git.gensokyo.uk/security/hakurei/internal/sys" "hakurei.app/internal/sys"
"git.gensokyo.uk/security/hakurei/system/dbus" "hakurei.app/system/dbus"
) )
// in practice there should be less than 30 entries added by the runtime; // in practice there should be less than 30 entries added by the runtime;

4
cmd/hakurei/internal/app/instance/errors.go
View File

@ -3,8 +3,8 @@ package instance
import ( import (
"syscall" "syscall"
"git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" "hakurei.app/cmd/hakurei/internal/app"
"git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app/internal/setuid" "hakurei.app/cmd/hakurei/internal/app/internal/setuid"
) )
func PrintRunStateErr(whence int, rs *app.RunState, runErr error) (code int) { func PrintRunStateErr(whence int, rs *app.RunState, runErr error) (code int) {

6
cmd/hakurei/internal/app/instance/new.go
View File

@ -6,9 +6,9 @@ import (
"log" "log"
"syscall" "syscall"
"git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" "hakurei.app/cmd/hakurei/internal/app"
"git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app/internal/setuid" "hakurei.app/cmd/hakurei/internal/app/internal/setuid"
"git.gensokyo.uk/security/hakurei/internal/sys" "hakurei.app/internal/sys"
) )
const ( const (

2
cmd/hakurei/internal/app/instance/shim.go
View File

@ -1,6 +1,6 @@
package instance package instance
import "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app/internal/setuid" import "hakurei.app/cmd/hakurei/internal/app/internal/setuid"
// ShimMain is the main function of the shim process and runs as the unconstrained target user. // ShimMain is the main function of the shim process and runs as the unconstrained target user.
func ShimMain() { setuid.ShimMain() } func ShimMain() { setuid.ShimMain() }

8
cmd/hakurei/internal/app/internal/setuid/app.go
View File

@ -5,10 +5,10 @@ import (
"fmt" "fmt"
"sync" "sync"
. "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" . "hakurei.app/cmd/hakurei/internal/app"
"git.gensokyo.uk/security/hakurei/hst" "hakurei.app/hst"
"git.gensokyo.uk/security/hakurei/internal/hlog" "hakurei.app/internal/hlog"
"git.gensokyo.uk/security/hakurei/internal/sys" "hakurei.app/internal/sys"
) )
func New(ctx context.Context, os sys.State) (App, error) { func New(ctx context.Context, os sys.State) (App, error) {

14
cmd/hakurei/internal/app/internal/setuid/app_nixos_test.go
View File

@ -1,13 +1,13 @@
package setuid_test package setuid_test
import ( import (
"git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" "hakurei.app/cmd/hakurei/internal/app"
"git.gensokyo.uk/security/hakurei/container" "hakurei.app/container"
"git.gensokyo.uk/security/hakurei/container/seccomp" "hakurei.app/container/seccomp"
"git.gensokyo.uk/security/hakurei/hst" "hakurei.app/hst"
"git.gensokyo.uk/security/hakurei/system" "hakurei.app/system"
"git.gensokyo.uk/security/hakurei/system/acl" "hakurei.app/system/acl"
"git.gensokyo.uk/security/hakurei/system/dbus" "hakurei.app/system/dbus"
) )
var testCasesNixos = []sealTestCase{ var testCasesNixos = []sealTestCase{

14
cmd/hakurei/internal/app/internal/setuid/app_pd_test.go
View File

@ -3,13 +3,13 @@ package setuid_test
import ( import (
"os" "os"
"git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" "hakurei.app/cmd/hakurei/internal/app"
"git.gensokyo.uk/security/hakurei/container" "hakurei.app/container"
"git.gensokyo.uk/security/hakurei/container/seccomp" "hakurei.app/container/seccomp"
"git.gensokyo.uk/security/hakurei/hst" "hakurei.app/hst"
"git.gensokyo.uk/security/hakurei/system" "hakurei.app/system"
"git.gensokyo.uk/security/hakurei/system/acl" "hakurei.app/system/acl"
"git.gensokyo.uk/security/hakurei/system/dbus" "hakurei.app/system/dbus"
) )
var testCasesPd = []sealTestCase{ var testCasesPd = []sealTestCase{

2
cmd/hakurei/internal/app/internal/setuid/app_stub_test.go
View File

@ -7,7 +7,7 @@ import (
"os/user" "os/user"
"strconv" "strconv"
"git.gensokyo.uk/security/hakurei/hst" "hakurei.app/hst"
) )
// fs methods are not implemented using a real FS // fs methods are not implemented using a real FS

12
cmd/hakurei/internal/app/internal/setuid/app_test.go
View File

@ -7,12 +7,12 @@ import (
"testing" "testing"
"time" "time"
"git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" "hakurei.app/cmd/hakurei/internal/app"
"git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app/internal/setuid" "hakurei.app/cmd/hakurei/internal/app/internal/setuid"
"git.gensokyo.uk/security/hakurei/container" "hakurei.app/container"
"git.gensokyo.uk/security/hakurei/hst" "hakurei.app/hst"
"git.gensokyo.uk/security/hakurei/internal/sys" "hakurei.app/internal/sys"
"git.gensokyo.uk/security/hakurei/system" "hakurei.app/system"
) )
type sealTestCase struct { type sealTestCase struct {

4
cmd/hakurei/internal/app/internal/setuid/errors.go
View File

@ -4,8 +4,8 @@ import (
"errors" "errors"
"log" "log"
. "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" . "hakurei.app/cmd/hakurei/internal/app"
"git.gensokyo.uk/security/hakurei/internal/hlog" "hakurei.app/internal/hlog"
) )
func PrintRunStateErr(rs *RunState, runErr error) (code int) { func PrintRunStateErr(rs *RunState, runErr error) (code int) {

8
cmd/hakurei/internal/app/internal/setuid/export_test.go
View File

@ -1,10 +1,10 @@
package setuid package setuid
import ( import (
. "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" . "hakurei.app/cmd/hakurei/internal/app"
"git.gensokyo.uk/security/hakurei/container" "hakurei.app/container"
"git.gensokyo.uk/security/hakurei/internal/sys" "hakurei.app/internal/sys"
"git.gensokyo.uk/security/hakurei/system" "hakurei.app/system"
) )
func NewWithID(id ID, os sys.State) App { func NewWithID(id ID, os sys.State) App {

12
cmd/hakurei/internal/app/internal/setuid/process.go
View File

@ -12,12 +12,12 @@ import (
"syscall" "syscall"
"time" "time"
. "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" . "hakurei.app/cmd/hakurei/internal/app"
"git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/state" "hakurei.app/cmd/hakurei/internal/state"
"git.gensokyo.uk/security/hakurei/container" "hakurei.app/container"
"git.gensokyo.uk/security/hakurei/internal" "hakurei.app/internal"
"git.gensokyo.uk/security/hakurei/internal/hlog" "hakurei.app/internal/hlog"
"git.gensokyo.uk/security/hakurei/system" "hakurei.app/system"
) )
const shimWaitTimeout = 5 * time.Second const shimWaitTimeout = 5 * time.Second

22
cmd/hakurei/internal/app/internal/setuid/seal.go
View File

@ -16,17 +16,17 @@ import (
"sync/atomic" "sync/atomic"
"syscall" "syscall"
. "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" . "hakurei.app/cmd/hakurei/internal/app"
"git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app/instance/common" "hakurei.app/cmd/hakurei/internal/app/instance/common"
"git.gensokyo.uk/security/hakurei/container" "hakurei.app/container"
"git.gensokyo.uk/security/hakurei/hst" "hakurei.app/hst"
"git.gensokyo.uk/security/hakurei/internal" "hakurei.app/internal"
"git.gensokyo.uk/security/hakurei/internal/hlog" "hakurei.app/internal/hlog"
"git.gensokyo.uk/security/hakurei/internal/sys" "hakurei.app/internal/sys"
"git.gensokyo.uk/security/hakurei/system" "hakurei.app/system"
"git.gensokyo.uk/security/hakurei/system/acl" "hakurei.app/system/acl"
"git.gensokyo.uk/security/hakurei/system/dbus" "hakurei.app/system/dbus"
"git.gensokyo.uk/security/hakurei/system/wayland" "hakurei.app/system/wayland"
) )
const ( const (

8
cmd/hakurei/internal/app/internal/setuid/shim.go
View File

@ -10,10 +10,10 @@ import (
"syscall" "syscall"
"time" "time"
"git.gensokyo.uk/security/hakurei/container" "hakurei.app/container"
"git.gensokyo.uk/security/hakurei/container/seccomp" "hakurei.app/container/seccomp"
"git.gensokyo.uk/security/hakurei/internal" "hakurei.app/internal"
"git.gensokyo.uk/security/hakurei/internal/hlog" "hakurei.app/internal/hlog"
) )
/* /*

2
cmd/hakurei/internal/app/internal/setuid/strings.go
View File

@ -3,7 +3,7 @@ package setuid
import ( import (
"strconv" "strconv"
. "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" . "hakurei.app/cmd/hakurei/internal/app"
) )
func newInt(v int) *stringPair[int] { return &stringPair[int]{v, strconv.Itoa(v)} } func newInt(v int) *stringPair[int] { return &stringPair[int]{v, strconv.Itoa(v)} }

6
cmd/hakurei/internal/state/multi.go
View File

@ -13,9 +13,9 @@ import (
"sync" "sync"
"syscall" "syscall"
"git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" "hakurei.app/cmd/hakurei/internal/app"
"git.gensokyo.uk/security/hakurei/hst" "hakurei.app/hst"
"git.gensokyo.uk/security/hakurei/internal/hlog" "hakurei.app/internal/hlog"
) )
// fine-grained locking and access // fine-grained locking and access

2
cmd/hakurei/internal/state/multi_test.go
View File

@ -3,7 +3,7 @@ package state_test
import ( import (
"testing" "testing"
"git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/state" "hakurei.app/cmd/hakurei/internal/state"
) )
func TestMulti(t *testing.T) { testStore(t, state.NewMulti(t.TempDir())) } func TestMulti(t *testing.T) { testStore(t, state.NewMulti(t.TempDir())) }

4
cmd/hakurei/internal/state/state.go
View File

@ -5,8 +5,8 @@ import (
"io" "io"
"time" "time"
"git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" "hakurei.app/cmd/hakurei/internal/app"
"git.gensokyo.uk/security/hakurei/hst" "hakurei.app/hst"
) )
var ErrNoConfig = errors.New("state does not contain config") var ErrNoConfig = errors.New("state does not contain config")

6
cmd/hakurei/internal/state/state_test.go
View File

@ -10,9 +10,9 @@ import (
"testing" "testing"
"time" "time"
"git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" "hakurei.app/cmd/hakurei/internal/app"
"git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/state" "hakurei.app/cmd/hakurei/internal/state"
"git.gensokyo.uk/security/hakurei/hst" "hakurei.app/hst"
) )
func testStore(t *testing.T, s state.Store) { func testStore(t *testing.T, s state.Store) {

8
cmd/hakurei/main.go
View File

@ -9,10 +9,10 @@ import (
"log" "log"
"os" "os"
"git.gensokyo.uk/security/hakurei/container" "hakurei.app/container"
"git.gensokyo.uk/security/hakurei/internal" "hakurei.app/internal"
"git.gensokyo.uk/security/hakurei/internal/hlog" "hakurei.app/internal/hlog"
"git.gensokyo.uk/security/hakurei/internal/sys" "hakurei.app/internal/sys"
) )
var ( var (

6
cmd/hakurei/parse.go
View File

@ -10,9 +10,9 @@ import (
"strings" "strings"
"syscall" "syscall"
"git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/state" "hakurei.app/cmd/hakurei/internal/state"
"git.gensokyo.uk/security/hakurei/hst" "hakurei.app/hst"
"git.gensokyo.uk/security/hakurei/internal/hlog" "hakurei.app/internal/hlog"
) )
func tryPath(name string) (config *hst.Config) { func tryPath(name string) (config *hst.Config) {

8
cmd/hakurei/print.go
View File

@ -12,10 +12,10 @@ import (
"text/tabwriter" "text/tabwriter"
"time" "time"
"git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/state" "hakurei.app/cmd/hakurei/internal/state"
"git.gensokyo.uk/security/hakurei/hst" "hakurei.app/hst"
"git.gensokyo.uk/security/hakurei/internal/hlog" "hakurei.app/internal/hlog"
"git.gensokyo.uk/security/hakurei/system/dbus" "hakurei.app/system/dbus"
) )
func printShowSystem(output io.Writer, short, flagJSON bool) { func printShowSystem(output io.Writer, short, flagJSON bool) {

8
cmd/hakurei/print_test.go
View File

@ -5,10 +5,10 @@ import (
"testing" "testing"
"time" "time"
"git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" "hakurei.app/cmd/hakurei/internal/app"
"git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/state" "hakurei.app/cmd/hakurei/internal/state"
"git.gensokyo.uk/security/hakurei/hst" "hakurei.app/hst"
"git.gensokyo.uk/security/hakurei/system/dbus" "hakurei.app/system/dbus"
) )
var ( var (

8
cmd/planterette/app.go
View File

@ -6,10 +6,10 @@ import (
"os" "os"
"path" "path"
"git.gensokyo.uk/security/hakurei/container/seccomp" "hakurei.app/container/seccomp"
"git.gensokyo.uk/security/hakurei/hst" "hakurei.app/hst"
"git.gensokyo.uk/security/hakurei/system" "hakurei.app/system"
"git.gensokyo.uk/security/hakurei/system/dbus" "hakurei.app/system/dbus"
) )
type appInfo struct { type appInfo struct {

8
cmd/planterette/main.go
View File

@ -10,10 +10,10 @@ import (
"path" "path"
"syscall" "syscall"
"git.gensokyo.uk/security/hakurei/command" "hakurei.app/command"
"git.gensokyo.uk/security/hakurei/hst" "hakurei.app/hst"
"git.gensokyo.uk/security/hakurei/internal" "hakurei.app/internal"
"git.gensokyo.uk/security/hakurei/internal/hlog" "hakurei.app/internal/hlog"
) )
const shellPath = "/run/current-system/sw/bin/bash" const shellPath = "/run/current-system/sw/bin/bash"

4
cmd/planterette/paths.go
View File

@ -8,8 +8,8 @@ import (
"strconv" "strconv"
"sync/atomic" "sync/atomic"
"git.gensokyo.uk/security/hakurei/hst" "hakurei.app/hst"
"git.gensokyo.uk/security/hakurei/internal/hlog" "hakurei.app/internal/hlog"
) )
var ( var (

6
cmd/planterette/proc.go
View File

@ -9,9 +9,9 @@ import (
"os" "os"
"os/exec" "os/exec"
"git.gensokyo.uk/security/hakurei/hst" "hakurei.app/hst"
"git.gensokyo.uk/security/hakurei/internal" "hakurei.app/internal"
"git.gensokyo.uk/security/hakurei/internal/hlog" "hakurei.app/internal/hlog"
) )
var hakureiPath = internal.MustHakureiPath() var hakureiPath = internal.MustHakureiPath()

6
cmd/planterette/with.go
View File

@ -5,9 +5,9 @@ import (
"path" "path"
"strings" "strings"
"git.gensokyo.uk/security/hakurei/container/seccomp" "hakurei.app/container/seccomp"
"git.gensokyo.uk/security/hakurei/hst" "hakurei.app/hst"
"git.gensokyo.uk/security/hakurei/internal" "hakurei.app/internal"
) )
func withNixDaemon( func withNixDaemon(

2
command/builder_test.go
View File

@ -3,7 +3,7 @@ package command_test
import ( import (
"testing" "testing"
"git.gensokyo.uk/security/hakurei/command" "hakurei.app/command"
) )
func TestBuild(t *testing.T) { func TestBuild(t *testing.T) {

2
command/parse_test.go
View File

@ -10,7 +10,7 @@ import (
"strings" "strings"
"testing" "testing"
"git.gensokyo.uk/security/hakurei/command" "hakurei.app/command"
) )
func TestParse(t *testing.T) { func TestParse(t *testing.T) {

2
container/container.go
View File

@ -14,7 +14,7 @@ import (
. "syscall" . "syscall"
"time" "time"
"git.gensokyo.uk/security/hakurei/container/seccomp" "hakurei.app/container/seccomp"
) )
type ( type (

14
container/container_test.go
View File

@ -12,13 +12,13 @@ import (
"testing" "testing"
"time" "time"
"git.gensokyo.uk/security/hakurei/container" "hakurei.app/container"
"git.gensokyo.uk/security/hakurei/container/seccomp" "hakurei.app/container/seccomp"
"git.gensokyo.uk/security/hakurei/container/vfs" "hakurei.app/container/vfs"
"git.gensokyo.uk/security/hakurei/hst" "hakurei.app/hst"
"git.gensokyo.uk/security/hakurei/internal" "hakurei.app/internal"
"git.gensokyo.uk/security/hakurei/internal/hlog" "hakurei.app/internal/hlog"
"git.gensokyo.uk/security/hakurei/ldd" "hakurei.app/ldd"
) )
const ( const (

2
container/executable_test.go
View File

@ -4,7 +4,7 @@ import (
"os" "os"
"testing" "testing"
"git.gensokyo.uk/security/hakurei/container" "hakurei.app/container"
) )
func TestExecutable(t *testing.T) { func TestExecutable(t *testing.T) {

2
container/init.go
View File

@ -13,7 +13,7 @@ import (
. "syscall" . "syscall"
"time" "time"
"git.gensokyo.uk/security/hakurei/container/seccomp" "hakurei.app/container/seccomp"
) )
const ( const (

2
container/mount.go
View File

@ -7,7 +7,7 @@ import (
"path/filepath" "path/filepath"
. "syscall" . "syscall"
"git.gensokyo.uk/security/hakurei/container/vfs" "hakurei.app/container/vfs"
) )
func (p *procPaths) bindMount(source, target string, flags uintptr, eq bool) error { func (p *procPaths) bindMount(source, target string, flags uintptr, eq bool) error {

2
container/path.go
View File

@ -10,7 +10,7 @@ import (
"strings" "strings"
"syscall" "syscall"
"git.gensokyo.uk/security/hakurei/container/vfs" "hakurei.app/container/vfs"
) )
const ( const (

2
container/seccomp/libseccomp_test.go
View File

@ -8,7 +8,7 @@ import (
"syscall" "syscall"
"testing" "testing"
. "git.gensokyo.uk/security/hakurei/container/seccomp" . "hakurei.app/container/seccomp"
) )
func TestExport(t *testing.T) { func TestExport(t *testing.T) {

2
container/seccomp/proc.go
View File

@ -5,7 +5,7 @@ import (
"errors" "errors"
"syscall" "syscall"
"git.gensokyo.uk/security/hakurei/helper/proc" "hakurei.app/helper/proc"
) )
const ( const (

2
container/seccomp/seccomp_test.go
View File

@ -6,7 +6,7 @@ import (
"syscall" "syscall"
"testing" "testing"
"git.gensokyo.uk/security/hakurei/container/seccomp" "hakurei.app/container/seccomp"
) )
func TestLibraryError(t *testing.T) { func TestLibraryError(t *testing.T) {

2
container/vfs/mangle_test.go
View File

@ -3,7 +3,7 @@ package vfs_test
import ( import (
"testing" "testing"
"git.gensokyo.uk/security/hakurei/container/vfs" "hakurei.app/container/vfs"
) )
func TestUnmangle(t *testing.T) { func TestUnmangle(t *testing.T) {

2
container/vfs/mountinfo_test.go
View File

@ -12,7 +12,7 @@ import (
"syscall" "syscall"
"testing" "testing"
"git.gensokyo.uk/security/hakurei/container/vfs" "hakurei.app/container/vfs"
) )
func TestMountInfo(t *testing.T) { func TestMountInfo(t *testing.T) {

2
container/vfs/unfold_test.go
View File

@ -8,7 +8,7 @@ import (
"syscall" "syscall"
"testing" "testing"
"git.gensokyo.uk/security/hakurei/container/vfs" "hakurei.app/container/vfs"
) )
func TestUnfold(t *testing.T) { func TestUnfold(t *testing.T) {

6
dist/release.sh vendored
View File

@ -10,9 +10,9 @@ cp -rv "dist/comp" "${out}"
go generate ./... go generate ./...
go build -trimpath -v -o "${out}/bin/" -ldflags "-s -w -buildid= -extldflags '-static' go build -trimpath -v -o "${out}/bin/" -ldflags "-s -w -buildid= -extldflags '-static'
-X git.gensokyo.uk/security/hakurei/internal.version=${VERSION} -X hakurei.app/internal.version=${VERSION}
-X git.gensokyo.uk/security/hakurei/internal.hmain=/usr/bin/hakurei -X hakurei.app/internal.hmain=/usr/bin/hakurei
-X git.gensokyo.uk/security/hakurei/internal.hsu=/usr/bin/hsu -X hakurei.app/internal.hsu=/usr/bin/hsu
-X main.hmain=/usr/bin/hakurei" ./... -X main.hmain=/usr/bin/hakurei" ./...
rm -f "./${out}.tar.gz" && tar -C dist -czf "${out}.tar.gz" "${pname}" rm -f "./${out}.tar.gz" && tar -C dist -czf "${out}.tar.gz" "${pname}"

2
go.mod
View File

@ -1,3 +1,3 @@
module git.gensokyo.uk/security/hakurei module hakurei.app
go 1.24 go 1.24

2
helper/args_test.go
View File

@ -7,7 +7,7 @@ import (
"syscall" "syscall"
"testing" "testing"
"git.gensokyo.uk/security/hakurei/helper" "hakurei.app/helper"
) )
func TestArgsString(t *testing.T) { func TestArgsString(t *testing.T) {

2
helper/cmd.go
View File

@ -10,7 +10,7 @@ import (
"sync" "sync"
"syscall" "syscall"
"git.gensokyo.uk/security/hakurei/helper/proc" "hakurei.app/helper/proc"
) )
// NewDirect initialises a new direct Helper instance with wt as the null-terminated argument writer. // NewDirect initialises a new direct Helper instance with wt as the null-terminated argument writer.

2
helper/cmd_test.go
View File

@ -8,7 +8,7 @@ import (
"os/exec" "os/exec"
"testing" "testing"
"git.gensokyo.uk/security/hakurei/helper" "hakurei.app/helper"
) )
func TestCmd(t *testing.T) { func TestCmd(t *testing.T) {

4
helper/container.go
View File

@ -9,8 +9,8 @@ import (
"slices" "slices"
"sync" "sync"
"git.gensokyo.uk/security/hakurei/container" "hakurei.app/container"
"git.gensokyo.uk/security/hakurei/helper/proc" "hakurei.app/helper/proc"
) )
// New initialises a Helper instance with wt as the null-terminated argument writer. // New initialises a Helper instance with wt as the null-terminated argument writer.

8
helper/container_test.go
View File

@ -7,10 +7,10 @@ import (
"os/exec" "os/exec"
"testing" "testing"
"git.gensokyo.uk/security/hakurei/container" "hakurei.app/container"
"git.gensokyo.uk/security/hakurei/helper" "hakurei.app/helper"
"git.gensokyo.uk/security/hakurei/internal" "hakurei.app/internal"
"git.gensokyo.uk/security/hakurei/internal/hlog" "hakurei.app/internal/hlog"
) )
func TestContainer(t *testing.T) { func TestContainer(t *testing.T) {

2
helper/helper.go
View File

@ -8,7 +8,7 @@ import (
"os" "os"
"time" "time"
"git.gensokyo.uk/security/hakurei/helper/proc" "hakurei.app/helper/proc"
) )
var WaitDelay = 2 * time.Second var WaitDelay = 2 * time.Second

2
helper/helper_test.go
View File

@ -11,7 +11,7 @@ import (
"testing" "testing"
"time" "time"
"git.gensokyo.uk/security/hakurei/helper" "hakurei.app/helper"
) )
var ( var (

2
helper/stub_test.go
View File

@ -3,7 +3,7 @@ package helper_test
import ( import (
"testing" "testing"
"git.gensokyo.uk/security/hakurei/helper" "hakurei.app/helper"
) )
func TestHelperStub(t *testing.T) { helper.InternalHelperStub() } func TestHelperStub(t *testing.T) { helper.InternalHelperStub() }

4
hst/config.go
View File

@ -2,8 +2,8 @@
package hst package hst
import ( import (
"git.gensokyo.uk/security/hakurei/system" "hakurei.app/system"
"git.gensokyo.uk/security/hakurei/system/dbus" "hakurei.app/system/dbus"
) )
const Tmp = "/.hakurei" const Tmp = "/.hakurei"

2
hst/container.go
View File

@ -1,7 +1,7 @@
package hst package hst
import ( import (
"git.gensokyo.uk/security/hakurei/container/seccomp" "hakurei.app/container/seccomp"
) )
type ( type (

6
hst/template.go
View File

@ -1,9 +1,9 @@
package hst package hst
import ( import (
"git.gensokyo.uk/security/hakurei/container/seccomp" "hakurei.app/container/seccomp"
"git.gensokyo.uk/security/hakurei/system" "hakurei.app/system"
"git.gensokyo.uk/security/hakurei/system/dbus" "hakurei.app/system/dbus"
) )
// Template returns a fully populated instance of Config. // Template returns a fully populated instance of Config.

2
hst/template_test.go
View File

@ -4,7 +4,7 @@ import (
"encoding/json" "encoding/json"
"testing" "testing"
"git.gensokyo.uk/security/hakurei/hst" "hakurei.app/hst"
) )
func TestTemplate(t *testing.T) { func TestTemplate(t *testing.T) {

2
internal/exit.go
View File

@ -3,7 +3,7 @@ package internal
import ( import (
"os" "os"
"git.gensokyo.uk/security/hakurei/internal/hlog" "hakurei.app/internal/hlog"
) )
func Exit(code int) { hlog.BeforeExit(); os.Exit(code) } func Exit(code int) { hlog.BeforeExit(); os.Exit(code) }

6
internal/output.go
View File

@ -1,9 +1,9 @@
package internal package internal
import ( import (
"git.gensokyo.uk/security/hakurei/container" "hakurei.app/container"
"git.gensokyo.uk/security/hakurei/internal/hlog" "hakurei.app/internal/hlog"
"git.gensokyo.uk/security/hakurei/system" "hakurei.app/system"
) )
func InstallOutput(verbose bool) { func InstallOutput(verbose bool) {

2
internal/path.go
View File

@ -4,7 +4,7 @@ import (
"log" "log"
"path" "path"
"git.gensokyo.uk/security/hakurei/internal/hlog" "hakurei.app/internal/hlog"
) )
var ( var (

4
internal/sys/interface.go
View File

@ -7,8 +7,8 @@ import (
"path" "path"
"strconv" "strconv"
"git.gensokyo.uk/security/hakurei/hst" "hakurei.app/hst"
"git.gensokyo.uk/security/hakurei/internal/hlog" "hakurei.app/internal/hlog"
) )
// State provides safe interaction with operating system state. // State provides safe interaction with operating system state.

8
internal/sys/std.go
View File

@ -12,10 +12,10 @@ import (
"sync" "sync"
"syscall" "syscall"
"git.gensokyo.uk/security/hakurei/container" "hakurei.app/container"
"git.gensokyo.uk/security/hakurei/hst" "hakurei.app/hst"
"git.gensokyo.uk/security/hakurei/internal" "hakurei.app/internal"
"git.gensokyo.uk/security/hakurei/internal/hlog" "hakurei.app/internal/hlog"
) )
// Std implements System using the standard library. // Std implements System using the standard library.

4
ldd/exec.go
View File

@ -8,8 +8,8 @@ import (
"os/exec" "os/exec"
"time" "time"
"git.gensokyo.uk/security/hakurei/container" "hakurei.app/container"
"git.gensokyo.uk/security/hakurei/container/seccomp" "hakurei.app/container/seccomp"
) )
const lddTimeout = 2 * time.Second const lddTimeout = 2 * time.Second

2
ldd/ldd_test.go
View File

@ -5,7 +5,7 @@ import (
"reflect" "reflect"
"testing" "testing"
"git.gensokyo.uk/security/hakurei/ldd" "hakurei.app/ldd"
) )
func TestParseError(t *testing.T) { func TestParseError(t *testing.T) {

2
package.nix
View File

@ -65,7 +65,7 @@ buildGoModule rec {
lib.attrsets.foldlAttrs lib.attrsets.foldlAttrs
( (
ldflags: name: value: ldflags: name: value:
ldflags ++ [ "-X git.gensokyo.uk/security/hakurei/internal.${name}=${value}" ] ldflags ++ [ "-X hakurei.app/internal.${name}=${value}" ]
) )
( (
[ "-s -w" ] [ "-s -w" ]

2
system/acl.go
View File

@ -6,7 +6,7 @@ import (
"os" "os"
"slices" "slices"
"git.gensokyo.uk/security/hakurei/system/acl" "hakurei.app/system/acl"
) )
// UpdatePerm appends an ephemeral acl update Op. // UpdatePerm appends an ephemeral acl update Op.

2
system/acl/acl_test.go
View File

@ -7,7 +7,7 @@ import (
"reflect" "reflect"
"testing" "testing"
"git.gensokyo.uk/security/hakurei/system/acl" "hakurei.app/system/acl"
) )
const testFileName = "acl.test" const testFileName = "acl.test"

2
system/acl_test.go
View File

@ -3,7 +3,7 @@ package system
import ( import (
"testing" "testing"
"git.gensokyo.uk/security/hakurei/system/acl" "hakurei.app/system/acl"
) )
func TestUpdatePerm(t *testing.T) { func TestUpdatePerm(t *testing.T) {

2
system/dbus.go
View File

@ -9,7 +9,7 @@ import (
"sync" "sync"
"syscall" "syscall"
"git.gensokyo.uk/security/hakurei/system/dbus" "hakurei.app/system/dbus"
) )
var ( var (

2
system/dbus/address_test.go
View File

@ -5,7 +5,7 @@ import (
"reflect" "reflect"
"testing" "testing"
"git.gensokyo.uk/security/hakurei/system/dbus" "hakurei.app/system/dbus"
) )
func TestParse(t *testing.T) { func TestParse(t *testing.T) {

2
system/dbus/config_test.go
View File

@ -9,7 +9,7 @@ import (
"strings" "strings"
"testing" "testing"
"git.gensokyo.uk/security/hakurei/system/dbus" "hakurei.app/system/dbus"
) )
func TestConfig_Args(t *testing.T) { func TestConfig_Args(t *testing.T) {

10
system/dbus/dbus_test.go
View File

@ -13,11 +13,11 @@ import (
"testing" "testing"
"time" "time"
"git.gensokyo.uk/security/hakurei/container" "hakurei.app/container"
"git.gensokyo.uk/security/hakurei/helper" "hakurei.app/helper"
"git.gensokyo.uk/security/hakurei/internal" "hakurei.app/internal"
"git.gensokyo.uk/security/hakurei/internal/hlog" "hakurei.app/internal/hlog"
"git.gensokyo.uk/security/hakurei/system/dbus" "hakurei.app/system/dbus"
) )
func TestFinalise(t *testing.T) { func TestFinalise(t *testing.T) {

8
system/dbus/proc.go
View File

@ -11,10 +11,10 @@ import (
"strconv" "strconv"
"syscall" "syscall"
"git.gensokyo.uk/security/hakurei/container" "hakurei.app/container"
"git.gensokyo.uk/security/hakurei/container/seccomp" "hakurei.app/container/seccomp"
"git.gensokyo.uk/security/hakurei/helper" "hakurei.app/helper"
"git.gensokyo.uk/security/hakurei/ldd" "hakurei.app/ldd"
) )
// Start starts and configures a D-Bus proxy process. // Start starts and configures a D-Bus proxy process.

2
system/dbus/proxy.go
View File

@ -8,7 +8,7 @@ import (
"sync" "sync"
"syscall" "syscall"
"git.gensokyo.uk/security/hakurei/helper" "hakurei.app/helper"
) )
// ProxyName is the file name or path to the proxy program. // ProxyName is the file name or path to the proxy program.

2
system/dbus/samples_test.go
View File

@ -3,7 +3,7 @@ package dbus_test
import ( import (
"sync" "sync"
"git.gensokyo.uk/security/hakurei/system/dbus" "hakurei.app/system/dbus"
) )
const ( const (

2
system/dbus/stub_test.go
View File

@ -3,7 +3,7 @@ package dbus_test
import ( import (
"testing" "testing"
"git.gensokyo.uk/security/hakurei/helper" "hakurei.app/helper"
) )
func TestHelperStub(t *testing.T) { helper.InternalHelperStub() } func TestHelperStub(t *testing.T) { helper.InternalHelperStub() }

2
system/enablement_test.go
View File

@ -3,7 +3,7 @@ package system_test
import ( import (
"testing" "testing"
"git.gensokyo.uk/security/hakurei/system" "hakurei.app/system"
) )
func TestEnablementString(t *testing.T) { func TestEnablementString(t *testing.T) {

2
system/op_test.go
View File

@ -4,7 +4,7 @@ import (
"strconv" "strconv"
"testing" "testing"
"git.gensokyo.uk/security/hakurei/system" "hakurei.app/system"
) )
func TestNew(t *testing.T) { func TestNew(t *testing.T) {

2
system/output.go
View File

@ -1,7 +1,7 @@
package system package system
import ( import (
"git.gensokyo.uk/security/hakurei/container" "hakurei.app/container"
) )
var msg container.Msg = new(container.DefaultMsg) var msg container.Msg = new(container.DefaultMsg)

4
system/wayland.go
View File

@ -5,8 +5,8 @@ import (
"fmt" "fmt"
"os" "os"
"git.gensokyo.uk/security/hakurei/system/acl" "hakurei.app/system/acl"
"git.gensokyo.uk/security/hakurei/system/wayland" "hakurei.app/system/wayland"
) )
// Wayland sets up a wayland socket with a security context attached. // Wayland sets up a wayland socket with a security context attached.

2
system/xhost.go
View File

@ -3,7 +3,7 @@ package system
import ( import (
"fmt" "fmt"
"git.gensokyo.uk/security/hakurei/system/internal/xcb" "hakurei.app/system/internal/xcb"
) )
// ChangeHosts appends an X11 ChangeHosts command Op. // ChangeHosts appends an X11 ChangeHosts command Op.

2
test/sandbox/fs_test.go
View File

@ -8,7 +8,7 @@ import (
"testing" "testing"
"testing/fstest" "testing/fstest"
"git.gensokyo.uk/security/hakurei/test/sandbox" "hakurei.app/test/sandbox"
) )
var ( var (

2
test/sandbox/mount_test.go
View File

@ -5,7 +5,7 @@ import (
"path" "path"
"testing" "testing"
"git.gensokyo.uk/security/hakurei/test/sandbox" "hakurei.app/test/sandbox"
) )
func TestMountinfo(t *testing.T) { func TestMountinfo(t *testing.T) {

2
test/sandbox/tool/main.go
View File

@ -6,7 +6,7 @@ import (
"strconv" "strconv"
"strings" "strings"
"git.gensokyo.uk/security/hakurei/test/sandbox" "hakurei.app/test/sandbox"
) )
func main() { func main() {

2
test/sandbox/tool/package.nix
View File

@ -21,7 +21,7 @@ buildGoModule rec {
nativeBuildInputs = [ pkg-config ]; nativeBuildInputs = [ pkg-config ];
preBuild = '' preBuild = ''
go mod init git.gensokyo.uk/security/hakurei/test/sandbox >& /dev/null go mod init hakurei.app/test/sandbox >& /dev/null
''; '';
postInstall = '' postInstall = ''