hakurei

Author	SHA1	Message	Date
Ophestra	699c19e972	hst/container: optional runtime and tmpdir sharing All checks were successful Test / Create distribution (push) Successful in 25s Details Test / Sandbox (push) Successful in 39s Details Test / Sandbox (race detector) (push) Successful in 39s Details Test / Hakurei (push) Successful in 42s Details Test / Hpkg (push) Successful in 40s Details Test / Hakurei (race detector) (push) Successful in 44s Details Test / Flake checks (push) Successful in 1m23s Details Sharing and persisting these directories do not always make sense. Make it optional here. Closes #16. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-10-19 04:11:38 +09:00
Ophestra	1cdc6b4246	test/sandbox: create marker in /var/tmp All checks were successful Test / Hakurei (push) Successful in 49s Details Test / Create distribution (push) Successful in 39s Details Test / Hakurei (race detector) (push) Successful in 48s Details Test / Hpkg (push) Successful in 49s Details Test / Sandbox (push) Successful in 1m41s Details Test / Sandbox (race detector) (push) Successful in 2m31s Details Test / Flake checks (push) Successful in 1m29s Details This prepares the test suite for private TMPDIR. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-09-14 16:45:17 +09:00
Ophestra	d0ddd71934	test/sandbox: bind /var/tmp writable All checks were successful Test / Hakurei (push) Successful in 45s Details Test / Hakurei (race detector) (push) Successful in 45s Details Test / Create distribution (push) Successful in 38s Details Test / Hpkg (push) Successful in 46s Details Test / Sandbox (push) Successful in 1m36s Details Test / Sandbox (race detector) (push) Successful in 2m29s Details Test / Flake checks (push) Successful in 1m23s Details This makes it possible to place markers with private tmpdir. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-09-14 14:59:53 +09:00
Ophestra	acb6931f3e	app/seal: leave $DISPLAY as is on host abstract All checks were successful Test / Create distribution (push) Successful in 26s Details Test / Hakurei (push) Successful in 42s Details Test / Hakurei (race detector) (push) Successful in 42s Details Test / Sandbox (race detector) (push) Successful in 40s Details Test / Sandbox (push) Successful in 40s Details Test / Hpkg (push) Successful in 40s Details Test / Flake checks (push) Successful in 1m24s Details This helps work around faulty software that misinterprets unix: DISPLAY string. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-27 20:42:03 +09:00
Ophestra	83a1c75f1a	app: set up acl on X11 socket All checks were successful Test / Create distribution (push) Successful in 33s Details Test / Sandbox (push) Successful in 2m9s Details Test / Hakurei (push) Successful in 3m22s Details Test / Sandbox (race detector) (push) Successful in 4m26s Details Test / Hpkg (push) Successful in 4m25s Details Test / Hakurei (race detector) (push) Successful in 43s Details Test / Flake checks (push) Successful in 1m38s Details The socket is typically owned by the priv-user, and inaccessible by the target user, so just allowing access to the directory is not enough. This change fixes this oversight and add checks that will also be useful for merging #1. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-18 11:30:58 +09:00
Ophestra	987981df73	test/sandbox: check pd behaviour All checks were successful Test / Create distribution (push) Successful in 34s Details Test / Sandbox (race detector) (push) Successful in 42s Details Test / Hakurei (push) Successful in 44s Details Test / Sandbox (push) Successful in 42s Details Test / Hakurei (race detector) (push) Successful in 45s Details Test / Hpkg (push) Successful in 43s Details Test / Flake checks (push) Successful in 1m23s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-01 03:27:02 +09:00
Ophestra	749a2779f5	test/sandbox: add arm64 constants All checks were successful Test / Create distribution (push) Successful in 24s Details Test / Sandbox (push) Successful in 40s Details Test / Hakurei (push) Successful in 42s Details Test / Hakurei (race detector) (push) Successful in 42s Details Test / Sandbox (race detector) (push) Successful in 38s Details Test / Planterette (push) Successful in 40s Details Test / Flake checks (push) Successful in 1m30s Details Most of these are differences in qemu. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-07-09 05:36:35 +09:00
Ophestra	e574042d76	test/sandbox: verify seccomp on all test cases All checks were successful Test / Hakurei (push) Successful in 42s Details Test / Sandbox (push) Successful in 39s Details Test / Hakurei (race detector) (push) Successful in 41s Details Test / Create distribution (push) Successful in 33s Details Test / Sandbox (race detector) (push) Successful in 39s Details Test / Planterette (push) Successful in 41s Details Test / Flake checks (push) Successful in 1m17s Details This change also makes seccomp hashes cross-platform. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-07-09 04:21:35 +09:00
Ophestra	87e008d56d	treewide: rename to hakurei All checks were successful Test / Create distribution (push) Successful in 43s Details Test / Sandbox (push) Successful in 2m18s Details Test / Hakurei (push) Successful in 3m10s Details Test / Sandbox (race detector) (push) Successful in 3m30s Details Test / Hakurei (race detector) (push) Successful in 4m43s Details Test / Fpkg (push) Successful in 5m4s Details Test / Flake checks (push) Successful in 1m12s Details Fortify makes little sense for a container tool. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-06-25 04:57:41 +09:00
Ophestra	2ffca6984a	nix: use reverse-DNS style id as unique identifier All checks were successful Test / Create distribution (push) Successful in 19s Details Test / Sandbox (push) Successful in 31s Details Test / Fortify (push) Successful in 35s Details Test / Sandbox (race detector) (push) Successful in 31s Details Test / Fortify (race detector) (push) Successful in 35s Details Test / Fpkg (push) Successful in 33s Details Test / Flake checks (push) Successful in 1m7s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-05-25 20:12:30 +09:00
Ophestra	f30a439bcd	nix: improve common usability All checks were successful Test / Create distribution (push) Successful in 19s Details Test / Sandbox (push) Successful in 31s Details Test / Fortify (push) Successful in 35s Details Test / Sandbox (race detector) (push) Successful in 31s Details Test / Fortify (race detector) (push) Successful in 35s Details Test / Fpkg (push) Successful in 33s Details Test / Flake checks (push) Successful in 1m7s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-05-16 04:40:12 +09:00
Ophestra	807d511c8b	test/sandbox: check device outcome All checks were successful Test / Fortify (push) Successful in 35s Details Test / Create distribution (push) Successful in 26s Details Test / Fortify (race detector) (push) Successful in 35s Details Test / Fpkg (push) Successful in 34s Details Test / Sandbox (push) Successful in 1m22s Details Test / Sandbox (race detector) (push) Successful in 1m41s Details Test / Flake checks (push) Successful in 1m5s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-04-11 19:55:16 +09:00
Ophestra	8b62e08b44	test: build test program in nixos config All checks were successful Test / Create distribution (push) Successful in 26s Details Test / Fpkg (push) Successful in 34s Details Test / Data race detector (push) Successful in 3m18s Details Test / Fortify (push) Successful in 1m53s Details Test / Flake checks (push) Successful in 57s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-29 19:33:17 +09:00
Ophestra	faf59e12c0	test/sandbox: expose test tool All checks were successful Test / Create distribution (push) Successful in 27s Details Test / Fpkg (push) Successful in 34s Details Test / Fortify (push) Successful in 2m22s Details Test / Data race detector (push) Successful in 3m11s Details Test / Flake checks (push) Successful in 56s Details Some test elements implemented in the test tool might need to run outside the sandbox. This change allows that to happen. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-28 00:08:47 +09:00
Ophestra	d97a03c7c6	test/sandbox: separate test tool source All checks were successful Test / Create distribution (push) Successful in 26s Details Test / Fpkg (push) Successful in 34s Details Test / Fortify (push) Successful in 2m27s Details Test / Data race detector (push) Successful in 3m11s Details Test / Flake checks (push) Successful in 59s Details This improves readability and allows gofmt to format the file. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-27 23:43:13 +09:00
Ophestra	996b42634d	test/sandbox: invoke check program directly All checks were successful Test / Create distribution (push) Successful in 26s Details Test / Fpkg (push) Successful in 34s Details Test / Fortify (push) Successful in 40s Details Test / Data race detector (push) Successful in 2m47s Details Test / Flake checks (push) Successful in 1m4s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-27 03:11:50 +09:00
Ophestra	61d86c5e10	test/sandbox: fix stdout tty check All checks were successful Test / Create distribution (push) Successful in 27s Details Test / Fpkg (push) Successful in 37s Details Test / Fortify (push) Successful in 2m22s Details Test / Data race detector (push) Successful in 2m57s Details Test / Flake checks (push) Successful in 56s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-24 16:23:50 +09:00
Ophestra	0eb1bc6301	test/sandbox: verify outcome via mountinfo All checks were successful Test / Fpkg (push) Successful in 36s Details Test / Create distribution (push) Successful in 4m56s Details Test / Fortify (push) Successful in 6m33s Details Test / Data race detector (push) Successful in 7m3s Details Test / Flake checks (push) Successful in 54s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-24 01:42:38 +09:00
Ophestra	806ce18c0a	test/sandbox: check mapuid outcome All checks were successful Test / Create distribution (push) Successful in 27s Details Test / Fpkg (push) Successful in 37s Details Test / Fortify (push) Successful in 2m23s Details Test / Data race detector (push) Successful in 2m50s Details Test / Flake checks (push) Successful in 55s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-23 17:56:07 +09:00
Ophestra	b71d2bf534	test/sandbox: check tty outcome All checks were successful Test / Create distribution (push) Successful in 25s Details Test / Fpkg (push) Successful in 34s Details Test / Fortify (push) Successful in 2m21s Details Test / Data race detector (push) Successful in 2m48s Details Test / Flake checks (push) Successful in 54s Details This makes no difference currently but has different behaviour in the native sandbox. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-23 17:28:57 +09:00
Ophestra	d2c329bcea	test: format path aid offsets All checks were successful Test / Create distribution (push) Successful in 26s Details Test / Fpkg (push) Successful in 36s Details Test / Fortify (push) Successful in 2m12s Details Test / Data race detector (push) Successful in 2m41s Details Test / Flake checks (push) Successful in 51s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-23 17:21:14 +09:00
Ophestra	2d379b5a38	test/sandbox: pass want file as argument All checks were successful Test / Create distribution (push) Successful in 25s Details Test / Fpkg (push) Successful in 33s Details Test / Fortify (push) Successful in 2m7s Details Test / Data race detector (push) Successful in 2m36s Details Test / Flake checks (push) Successful in 49s Details This avoids building the check program multiple times. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-23 15:00:59 +09:00
Ophestra	75e0c5d406	test/sandbox: parse full test case All checks were successful Test / Create distribution (push) Successful in 25s Details Test / Fortify (push) Successful in 2m37s Details Test / Fpkg (push) Successful in 3m52s Details Test / Data race detector (push) Successful in 4m12s Details Test / Flake checks (push) Successful in 50s Details This makes declaring multiple tests much cleaner. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-23 14:53:50 +09:00

23 Commits