hakurei

Author	SHA1	Message	Date
Ophestra	3b8a3d3b00	app: remount root readonly All checks were successful Test / Create distribution (push) Successful in 25s Details Test / Sandbox (push) Successful in 41s Details Test / Sandbox (race detector) (push) Successful in 42s Details Test / Hakurei (race detector) (push) Successful in 45s Details Test / Hpkg (push) Successful in 44s Details Test / Hakurei (push) Successful in 2m13s Details Test / Flake checks (push) Successful in 1m25s Details This does nothing for security, but should help avoid hiding bugs of programs developed in a hakurei container. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-01 23:56:28 +09:00
Ophestra	ec33061c92	nix: remove nscd cover All checks were successful Test / Create distribution (push) Successful in 33s Details Test / Hpkg (push) Successful in 40s Details Test / Sandbox (push) Successful in 1m30s Details Test / Hakurei (push) Successful in 2m18s Details Test / Sandbox (race detector) (push) Successful in 2m21s Details Test / Hakurei (race detector) (push) Successful in 2m50s Details Test / Flake checks (push) Successful in 1m15s Details This is a pd workaround that does nothing in the nixos module. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-01 22:04:58 +09:00
Ophestra	547a2adaa4	container/mount: pass tmpfs flags All checks were successful Test / Create distribution (push) Successful in 32s Details Test / Sandbox (push) Successful in 2m1s Details Test / Sandbox (race detector) (push) Successful in 3m57s Details Test / Hpkg (push) Successful in 3m55s Details Test / Hakurei (race detector) (push) Successful in 4m30s Details Test / Hakurei (push) Successful in 2m18s Details Test / Flake checks (push) Successful in 1m14s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-01 18:59:06 +09:00
Ophestra	625632c593	nix: update flake lock All checks were successful Test / Create distribution (push) Successful in 39s Details Test / Sandbox (race detector) (push) Successful in 50s Details Test / Sandbox (push) Successful in 52s Details Test / Planterette (push) Successful in 50s Details Test / Hakurei (race detector) (push) Successful in 57s Details Test / Hakurei (push) Successful in 59s Details Test / Flake checks (push) Successful in 1m53s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-07-26 18:57:54 +09:00
Ophestra	749a2779f5	test/sandbox: add arm64 constants All checks were successful Test / Create distribution (push) Successful in 24s Details Test / Sandbox (push) Successful in 40s Details Test / Hakurei (push) Successful in 42s Details Test / Hakurei (race detector) (push) Successful in 42s Details Test / Sandbox (race detector) (push) Successful in 38s Details Test / Planterette (push) Successful in 40s Details Test / Flake checks (push) Successful in 1m30s Details Most of these are differences in qemu. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-07-09 05:36:35 +09:00
Ophestra	e574042d76	test/sandbox: verify seccomp on all test cases All checks were successful Test / Hakurei (push) Successful in 42s Details Test / Sandbox (push) Successful in 39s Details Test / Hakurei (race detector) (push) Successful in 41s Details Test / Create distribution (push) Successful in 33s Details Test / Sandbox (race detector) (push) Successful in 39s Details Test / Planterette (push) Successful in 41s Details Test / Flake checks (push) Successful in 1m17s Details This change also makes seccomp hashes cross-platform. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-07-09 04:21:35 +09:00
Ophestra	87e008d56d	treewide: rename to hakurei All checks were successful Test / Create distribution (push) Successful in 43s Details Test / Sandbox (push) Successful in 2m18s Details Test / Hakurei (push) Successful in 3m10s Details Test / Sandbox (race detector) (push) Successful in 3m30s Details Test / Hakurei (race detector) (push) Successful in 4m43s Details Test / Fpkg (push) Successful in 5m4s Details Test / Flake checks (push) Successful in 1m12s Details Fortify makes little sense for a container tool. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-06-25 04:57:41 +09:00
Ophestra	717771ae80	app: share runtime dir All checks were successful Test / Create distribution (push) Successful in 24s Details Test / Sandbox (race detector) (push) Successful in 37s Details Test / Sandbox (push) Successful in 37s Details Test / Fortify (push) Successful in 40s Details Test / Fortify (race detector) (push) Successful in 40s Details Test / Fpkg (push) Successful in 38s Details Test / Flake checks (push) Successful in 1m5s Details This allows apps with the same identity to access the same runtime dir. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-06-08 03:24:48 +09:00
Ophestra	b7e991de5b	nix: update flake lock All checks were successful Test / Create distribution (push) Successful in 51s Details Test / Sandbox (push) Successful in 15m56s Details Test / Sandbox (race detector) (push) Successful in 16m5s Details Test / Fpkg (push) Successful in 17m33s Details Test / Fortify (race detector) (push) Successful in 2m28s Details Test / Fortify (push) Successful in 40s Details Test / Flake checks (push) Successful in 2m58s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-06-05 04:05:39 +09:00
Ophestra	f30a439bcd	nix: improve common usability All checks were successful Test / Create distribution (push) Successful in 19s Details Test / Sandbox (push) Successful in 31s Details Test / Fortify (push) Successful in 35s Details Test / Sandbox (race detector) (push) Successful in 31s Details Test / Fortify (race detector) (push) Successful in 35s Details Test / Fpkg (push) Successful in 33s Details Test / Flake checks (push) Successful in 1m7s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-05-16 04:40:12 +09:00
Ophestra	008e9e7fc5	nix: update flake lock All checks were successful Test / Create distribution (push) Successful in 28s Details Test / Fortify (push) Successful in 38s Details Test / Fortify (race detector) (push) Successful in 37s Details Test / Fpkg (push) Successful in 35s Details Test / Sandbox (push) Successful in 1m18s Details Test / Sandbox (race detector) (push) Successful in 1m27s Details Test / Flake checks (push) Successful in 2m47s Details	2025-05-07 21:35:37 +09:00
Ophestra	807d511c8b	test/sandbox: check device outcome All checks were successful Test / Fortify (push) Successful in 35s Details Test / Create distribution (push) Successful in 26s Details Test / Fortify (race detector) (push) Successful in 35s Details Test / Fpkg (push) Successful in 34s Details Test / Sandbox (push) Successful in 1m22s Details Test / Sandbox (race detector) (push) Successful in 1m41s Details Test / Flake checks (push) Successful in 1m5s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-04-11 19:55:16 +09:00
Ophestra	9967909460	sandbox: relative autoetc links All checks were successful Test / Create distribution (push) Successful in 26s Details Test / Sandbox (push) Successful in 1m44s Details Test / Fortify (push) Successful in 2m41s Details Test / Sandbox (race detector) (push) Successful in 2m48s Details Test / Fpkg (push) Successful in 3m35s Details Test / Fortify (race detector) (push) Successful in 4m13s Details Test / Flake checks (push) Successful in 1m3s Details This allows nested containers to use autoetc, and increases compatibility with other implementations. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-04-11 18:54:00 +09:00
Ophestra	297b444dfb	test: separate app and sandbox All checks were successful Test / Create distribution (push) Successful in 26s Details Test / Sandbox (push) Successful in 1m42s Details Test / Fortify (push) Successful in 2m39s Details Test / Sandbox (race detector) (push) Successful in 2m52s Details Test / Fpkg (push) Successful in 3m37s Details Test / Fortify (race detector) (push) Successful in 4m17s Details Test / Flake checks (push) Successful in 1m6s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-30 22:09:46 +09:00
Ophestra	f8502c3ece	test/sandbox: check environment All checks were successful Test / Create distribution (push) Successful in 19s Details Test / Fpkg (push) Successful in 34s Details Test / Fortify (push) Successful in 41s Details Test / Data race detector (push) Successful in 41s Details Test / Flake checks (push) Successful in 56s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-27 03:16:33 +09:00
Ophestra	2dd49c437c	app: create XDG_RUNTIME_DIR with perm 0700 All checks were successful Test / Create distribution (push) Successful in 26s Details Test / Fortify (push) Successful in 2m41s Details Test / Fpkg (push) Successful in 3m31s Details Test / Data race detector (push) Successful in 4m30s Details Test / Flake checks (push) Successful in 59s Details Many programs complain about this. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-26 02:49:37 +09:00
Ophestra	371dd5b938	nix: create current-system symlink All checks were successful Test / Create distribution (push) Successful in 20s Details Release / Create release (push) Successful in 27s Details Test / Fortify (push) Successful in 40s Details Test / Data race detector (push) Successful in 40s Details Test / Flake checks (push) Successful in 58s Details Test / Fpkg (push) Successful in 35s Details This is copied at runtime because it appears to be impossible to obtain this path in nix. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-26 02:06:11 +09:00
Ophestra	67eb28466d	nix: create opengl-driver symlink All checks were successful Test / Create distribution (push) Successful in 25s Details Test / Fpkg (push) Successful in 33s Details Test / Fortify (push) Successful in 2m18s Details Test / Data race detector (push) Successful in 3m3s Details Test / Flake checks (push) Successful in 53s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-25 20:52:20 +09:00
Ophestra	c326c3f97d	fst/sandbox: do not create /etc in advance All checks were successful Test / Create distribution (push) Successful in 25s Details Test / Fortify (push) Successful in 2m43s Details Test / Fpkg (push) Successful in 3m36s Details Test / Data race detector (push) Successful in 4m31s Details Test / Flake checks (push) Successful in 56s Details This is now handled by the setup op. This also gets rid of the hardcoded /etc path. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-25 20:00:34 +09:00
Ophestra	5c4058d5ac	app: run in native sandbox All checks were successful Test / Create distribution (push) Successful in 20s Details Test / Fortify (push) Successful in 2m5s Details Test / Fpkg (push) Successful in 3m0s Details Test / Data race detector (push) Successful in 4m12s Details Test / Flake checks (push) Successful in 1m4s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-25 01:52:49 +09:00
Ophestra	61d86c5e10	test/sandbox: fix stdout tty check All checks were successful Test / Create distribution (push) Successful in 27s Details Test / Fpkg (push) Successful in 37s Details Test / Fortify (push) Successful in 2m22s Details Test / Data race detector (push) Successful in 2m57s Details Test / Flake checks (push) Successful in 56s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-24 16:23:50 +09:00
Ophestra	b989a4601a	test/sandbox: fail on mismatched mount entry All checks were successful Test / Create distribution (push) Successful in 26s Details Test / Fpkg (push) Successful in 34s Details Test / Fortify (push) Successful in 2m26s Details Test / Data race detector (push) Successful in 2m47s Details Test / Flake checks (push) Successful in 57s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-24 13:43:32 +09:00
Ophestra	0eb1bc6301	test/sandbox: verify outcome via mountinfo All checks were successful Test / Fpkg (push) Successful in 36s Details Test / Create distribution (push) Successful in 4m56s Details Test / Fortify (push) Successful in 6m33s Details Test / Data race detector (push) Successful in 7m3s Details Test / Flake checks (push) Successful in 54s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-24 01:42:38 +09:00
Ophestra	806ce18c0a	test/sandbox: check mapuid outcome All checks were successful Test / Create distribution (push) Successful in 27s Details Test / Fpkg (push) Successful in 37s Details Test / Fortify (push) Successful in 2m23s Details Test / Data race detector (push) Successful in 2m50s Details Test / Flake checks (push) Successful in 55s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-23 17:56:07 +09:00
Ophestra	b71d2bf534	test/sandbox: check tty outcome All checks were successful Test / Create distribution (push) Successful in 25s Details Test / Fpkg (push) Successful in 34s Details Test / Fortify (push) Successful in 2m21s Details Test / Data race detector (push) Successful in 2m48s Details Test / Flake checks (push) Successful in 54s Details This makes no difference currently but has different behaviour in the native sandbox. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-23 17:28:57 +09:00

25 Commits