hakurei

Author	SHA1	Message	Date
Ophestra	3c80fd2b0f	app: defer system.I revert All checks were successful Test / Create distribution (push) Successful in 19s Details Test / Run NixOS test (push) Successful in 49s Details Just returning an error after a successful call of commit will leave garbage behind with no way for the caller to clean them. This change ensures revert is always called after successful commit with at least per-process state enabled. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-19 21:12:11 +09:00
Ophestra	ef81828e0c	app: remove share method All checks were successful Test / Create distribution (push) Successful in 26s Details Test / Run NixOS test (push) Successful in 2m3s Details This is yet another implementation detail from before system.I, getting rid of this vastly cuts down on redundant seal state. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-19 16:20:25 +09:00
Ophestra	2978a6f046	app: separate appSeal finalise method All checks were successful Test / Create distribution (push) Successful in 25s Details Test / Run NixOS test (push) Successful in 3m27s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-19 12:33:51 +09:00
Ophestra	dfd9467523	app: merge seal with sys All checks were successful Test / Create distribution (push) Successful in 27s Details Test / Run NixOS test (push) Successful in 3m20s Details The existence of the appSealSys struct was an implementation detail obsolete since system.I was integrated in 084cd84f36a1d608541b4aa4e1e95334395d8953. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-19 01:36:29 +09:00
Ophestra	53571f030e	app: embed appSeal in app struct All checks were successful Test / Create distribution (push) Successful in 25s Details Test / Run NixOS test (push) Successful in 3m22s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-19 01:10:37 +09:00
Ophestra	aa164081e1	app/seal: improve documentation All checks were successful Test / Create distribution (push) Successful in 25s Details Test / Run NixOS test (push) Successful in 3m22s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-19 01:04:14 +09:00
Ophestra	9a10eeab90	app/seal: embed enablements All checks were successful Test / Create distribution (push) Successful in 26s Details Test / Run NixOS test (push) Successful in 3m28s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-19 00:41:51 +09:00
Ophestra	a748d40745	app: store values with string representation All checks were successful Test / Create distribution (push) Successful in 25s Details Test / Run NixOS test (push) Successful in 3m26s Details Improves code readability without changing memory layout. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-19 00:25:00 +09:00
Ophestra	648e1d641a	app: separate interface from implementation All checks were successful Test / Create distribution (push) Successful in 26s Details Test / Run NixOS test (push) Successful in 3m31s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-18 23:07:28 +09:00
Ophestra	ffaa12b9d8	sys: wrap log methods All checks were successful Test / Create distribution (push) Successful in 26s Details Test / Run NixOS test (push) Successful in 3m31s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-18 22:52:09 +09:00
Ophestra	e0f321b2c4	sys: rename from linux All checks were successful Test / Create distribution (push) Successful in 26s Details Test / Run NixOS test (push) Successful in 3m28s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-18 18:47:48 +09:00
Ophestra	2c9c7fee5b	linux: wrap fsu lookup error All checks were successful Test / Create distribution (push) Successful in 35s Details Test / Run NixOS test (push) Successful in 5m58s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-18 17:39:53 +09:00
Ophestra	d0400f3c81	fmsg: PrintBaseError skip empty message All checks were successful Test / Create distribution (push) Successful in 24s Details Test / Run NixOS test (push) Successful in 3m22s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-18 17:01:26 +09:00
Ophestra	e9b0f9faef	fmsg: export logBaseError function All checks were successful Test / Create distribution (push) Successful in 25s Details Test / Run NixOS test (push) Successful in 3m16s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-18 13:02:51 +09:00
Ophestra	90cb01b274	system: move out of internal All checks were successful Test / Create distribution (push) Successful in 25s Details Test / Run NixOS test (push) Successful in 3m17s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-17 19:00:43 +09:00
Ophestra	b1e1d5627e	system: wrap console output functions All checks were successful Test / Create distribution (push) Successful in 24s Details Test / Run NixOS test (push) Successful in 3m13s Details This eliminates all fmsg imports from internal/system. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-17 18:17:55 +09:00
Ophestra	3ae2ab652e	system/wayland: sync file at caller specified address All checks were successful Test / Create distribution (push) Successful in 24s Details Test / Run NixOS test (push) Successful in 3m14s Details Storing this in sys is incredibly ugly: sys should be stateless and Ops must keep track of their state. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-17 13:24:17 +09:00
Ophestra	db71fbe22b	system/tmpfiles: fail gracefully in API misuse All checks were successful Test / Create distribution (push) Successful in 25s Details Test / Run NixOS test (push) Successful in 3m25s Details Panicking here leaves garbage behind. Not ideal if this package is going to be exported. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-17 12:17:01 +09:00
Ophestra	82a072f641	system/tmpfiles: implement private tmpfiles All checks were successful Test / Create distribution (push) Successful in 19s Details Test / Run NixOS test (push) Successful in 3m30s Details These are only available within the mount namespace and should significantly reduce attack surface. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-17 00:07:52 +09:00
Ophestra	468696f611	internal: beforeExit before reachable fatal calls All checks were successful Test / Create distribution (push) Successful in 18s Details Test / Run NixOS test (push) Successful in 47s Details These are the only two calls to log.Fatal* reachable during suspended output. Call fmsg.BeforeExit here to catch that. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-16 19:03:34 +09:00
Ophestra	29c38caac8	app/shim/manager: return error on bad fsu path All checks were successful Test / Create distribution (push) Successful in 24s Details Test / Run NixOS test (push) Successful in 2m9s Details This results in a graceful failure that does not leave garbage behind. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-16 18:59:45 +09:00
Ophestra	e599b5583d	fmsg: implement suspend in writer All checks were successful Test / Create distribution (push) Successful in 24s Details Test / Run NixOS test (push) Successful in 2m18s Details This removes the requirement to call fmsg.Exit on every exit path, and enables direct use of the "log" package. However, fmsg.BeforeExit is still encouraged when possible to catch exit on suspended output. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-16 18:51:53 +09:00
Ophestra	33a4ab11c2	internal: move shim and init into app All checks were successful Test / Create distribution (push) Successful in 24s Details Test / Run NixOS test (push) Successful in 2m7s Details This structure makes more sense, as both processes are part of an app's lifecycle. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-16 16:28:46 +09:00
Ophestra	c667b13a00	system: separate link Op implementation All checks were successful Test / Create distribution (push) Successful in 24s Details Test / Run NixOS test (push) Successful in 2m13s Details This Op would still be useful after replacing the Tmpfiles interface, so isolate it here. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-16 12:15:26 +09:00
Ophestra	268a90f1a5	app: improve WAYLAND_DISPLAY correctness All checks were successful Test / Create distribution (push) Successful in 46s Details Test / Run NixOS test (push) Successful in 3m35s Details This now has identical behaviour as wayland C library. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-15 14:45:09 +09:00
Ophestra	ddb2f9c11b	app: remove wayland socket hard link All checks were successful Test / Create distribution (push) Successful in 49s Details Test / Run NixOS test (push) Successful in 3m32s Details This Op was not doing anything useful. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-15 10:54:00 +09:00
Ophestra	f955b15b84	system: remove write mode tmpfiles All checks were successful Test / Create distribution (push) Successful in 57s Details Test / Run NixOS test (push) Successful in 3m42s Details This interface is ugly and bug-prone. This change removes its write mode which has been obsoleted by CopyBind. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-15 03:22:20 +09:00
Ophestra	0340c67995	app: port passwd and group files to copy All checks were successful Test / Create distribution (push) Successful in 49s Details Test / Run NixOS test (push) Successful in 3m41s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-15 03:19:06 +09:00
Ophestra	ea8d1c07df	priv/shim: move /sbin/init setup to app All checks were successful Test / Create distribution (push) Successful in 49s Details Test / Run NixOS test (push) Successful in 3m36s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-15 03:06:10 +09:00
Ophestra	a0062d8275	fmsg: resume on exit All checks were successful Test / Create distribution (push) Successful in 47s Details Test / Run NixOS test (push) Successful in 3m32s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-15 02:22:09 +09:00
Ophestra	1f74b636d3	state/join: use Join method when available All checks were successful Test / Create distribution (push) Successful in 1m4s Details Test / Run NixOS test (push) Successful in 4m11s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-14 14:11:02 +09:00
Ophestra	e431ab3c24	app: check username length against LOGIN_NAME_MAX All checks were successful Test / Create distribution (push) Successful in 49s Details Test / Run NixOS test (push) Successful in 3m46s Details This limit is arbitrary, but it's good to enforce it anyway. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-14 12:44:55 +09:00
Ophestra	fe7d208cf7	helper: use generic extra files interface All checks were successful Test / Create distribution (push) Successful in 1m38s Details Test / Run NixOS test (push) Successful in 4m36s Details This replaces the pipes object and integrates context into helper process lifecycle. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-13 23:34:15 +09:00
Ophestra	e14923ae53	helper/proc: move package out of internal All checks were successful Test / Create distribution (push) Successful in 1m32s Details Test / Run NixOS test (push) Successful in 4m6s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-08 13:03:45 +09:00
Ophestra	a48386bd56	system/dbus: dump messages on early fault All checks were successful Test / Create distribution (push) Successful in 1m27s Details Test / Run NixOS test (push) Successful in 4m14s Details In the current app implementation this gets dumped in the wait method after resuming output. Wait is never called in an early fault condition, so any error messages get lost. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-07 13:20:56 +09:00
Ophestra	2e52191404	system/dbus: dump method prints msgbuf All checks were successful Test / Create distribution (push) Successful in 1m27s Details Test / Run NixOS test (push) Successful in 4m1s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-07 13:16:54 +09:00
Ophestra	163f15e93f	helper/seccomp: separate seccomp package All checks were successful Test / Create distribution (push) Successful in 1m39s Details Test / Run NixOS test (push) Successful in 3m31s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-25 12:59:11 +09:00
Ophestra	23e1152baa	app/share: clean BaseError message All checks were successful Build / Create distribution (push) Successful in 1m35s Details Test / Run NixOS test (push) Successful in 3m42s Details This removes trailing '\n' in the PulseAudio warning. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-22 11:54:16 +09:00
Ophestra	8c51012ef5	dbus: enable syscall filter All checks were successful Build / Create distribution (push) Successful in 1m33s Details Test / Run NixOS test (push) Successful in 3m42s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-22 11:49:23 +09:00
Ophestra	9a239fa1a5	helper/bwrap: integrate seccomp into helper interface All checks were successful Build / Create distribution (push) Successful in 1m36s Details Test / Run NixOS test (push) Successful in 3m40s Details This makes API usage much cleaner, and encapsulates all bwrap arguments in argsWt. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-22 01:52:57 +09:00
Ophestra	82029948e6	proc: append to ExtraFiles slice pointer All checks were successful Build / Create distribution (push) Successful in 1m30s Details Test / Run NixOS test (push) Successful in 4m4s Details This is useful for initialising extra files before command. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-21 12:51:39 +09:00
Ophestra	dfcdc5ce20	state: store config in separate gob stream All checks were successful Build / Create distribution (push) Successful in 1m37s Details Test / Run NixOS test (push) Successful in 3m38s Details This enables early serialisation of config. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-21 12:10:58 +09:00
Ophestra	20a3d4c458	proc/priv/shim: resolve and load seccomp rules All checks were successful Build / Create distribution (push) Successful in 1m33s Details Test / Run NixOS test (push) Successful in 3m36s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-20 23:52:56 +09:00
Ophestra	3df344828f	proc/priv/shim: seccomp bpf filter via libseccomp All checks were successful Build / Create distribution (push) Successful in 1m59s Details Test / Run NixOS test (push) Successful in 4m11s Details Rulesets adapted from Flatpak for compatibility. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-20 23:39:47 +09:00
Ophestra	27f5922d5c	fst: include syscall filter configuration All checks were successful Build / Create distribution (push) Successful in 3m0s Details Test / Run NixOS test (push) Successful in 5m19s Details This value is passed through to shim. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-20 21:12:39 +09:00
Ophestra	3c55fc8e86	proc/priv/shim: do not log bwrap args All checks were successful Build / Create distribution (push) Successful in 1m22s Details Test / Run NixOS test (push) Successful in 3m30s Details This message is very long and does not serve much real purpose. Remove it to de-clutter verbose messages. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-20 19:51:28 +09:00
Ophestra	eb0ef2d115	helper/bwrap: generic extra file interface All checks were successful Build / Create distribution (push) Successful in 1m32s Details Test / Run NixOS test (push) Successful in 3m50s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-20 00:20:04 +09:00
Ophestra	2f70506865	helper/bwrap: move sync to helper state All checks were successful Build / Create distribution (push) Successful in 1m25s Details Test / Run NixOS test (push) Successful in 3m33s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-19 18:38:13 +09:00
Ophestra	cae567c109	proc/priv/shim: remove unnecessary state All checks were successful Build / Create distribution (push) Successful in 1m27s Details Test / Run NixOS test (push) Successful in 3m37s Details These values are only used during process creation. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-19 18:09:07 +09:00
Ophestra	b31d055e20	proc/priv/init: early init check All checks were successful Build / Create distribution (push) Successful in 1m39s Details Test / Run NixOS test (push) Successful in 3m45s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-18 12:33:33 +09:00

... 3 4 5 6 7 ...

384 Commits