016da20443 
							
						 
					 
					
						
						
							
							nix: expose compat flag in nixos module  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 1m55s 
				
			 
		
			
				
	Test / Run NixOS test (push) Successful in 4m6s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-25 12:42:48 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							37780456a7 
							
						 
					 
					
						
						
							
							helper: block more unusual/privileged syscalls  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 1m44s 
				
			 
		
			
				
	Test / Run NixOS test (push) Successful in 3m35s 
				
			 
		
		
	 
 
	 
						
						These are toggled by F_EXT and exposed as SyscallPolicy.Compat in the Go interface.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-25 12:35:47 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							efacaa40fa 
							
						 
					 
					
						
						
							
							nix: set deny_devel correctly  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 1m55s 
				
			 
		
			
				
	Test / Run NixOS test (push) Successful in 3m51s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-24 00:50:35 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							ad6d0ee55f 
							
						 
					 
					
						
						
							
							workflows: rename integration test artifact  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 1m53s 
				
			 
		
			
				
	Test / Run NixOS test (push) Successful in 3m45s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-24 00:30:39 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							cf791469d8 
							
						 
					 
					
						
						
							
							workflows: gc store and purge old caches  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 1m39s 
				
			 
		
			
				
	Test / Run NixOS test (push) Successful in 3m32s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-24 00:25:57 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							be14421775 
							
						 
					 
					
						
						
							
							workflows: merge test build job into test  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 2m8s 
				
			 
		
			
				
	Test / Run NixOS test (push) Successful in 3m57s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-24 00:22:44 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							045983d7f4 
							
						 
					 
					
						
						
							
							wl: separate inline C  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Build / Create distribution (push) Successful in 1m41s 
				
			 
		
			
				
	Test / Run NixOS test (push) Successful in 3m29s 
				
			 
		
		
	 
 
	 
						
						Having a huge blurb of inline C hurts readability on web pages and some text editors.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-23 22:06:29 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							7106b00968 
							
						 
					 
					
						
						
							
							release: 0.2.11  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Build / Create distribution (push) Successful in 3m51s 
				
			 
		
			
				
	Release / Create release (push) Successful in 4m12s 
				
			 
		
			
				
	Test / Run NixOS test (push) Successful in 6m17s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-23 20:49:49 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							96d5d8a396 
							
						 
					 
					
						
						
							
							nix: apply shared home config to reserved aid  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Build / Create distribution (push) Successful in 2m16s 
				
			 
		
			
				
	Test / Run NixOS test (push) Successful in 5m43s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-23 20:48:04 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							8a00a83c71 
							
						 
					 
					
						
						
							
							nix: expose syscall filter policy  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Build / Create distribution (push) Successful in 1m31s 
				
			 
		
			
				
	Test / Run NixOS test (push) Successful in 1m52s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-23 17:24:42 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							134247b57d 
							
						 
					 
					
						
						
							
							nix: configure target users via nixos  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Build / Create distribution (push) Successful in 2m0s 
				
			 
		
			
				
	Test / Run NixOS test (push) Successful in 3m46s 
				
			 
		
		
	 
 
	 
						
						This makes patching home-manager no longer necessary.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-23 17:04:19 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							b5bb7654da 
							
						 
					 
					
						
						
							
							nix: redirect sway output to journal  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Build / Create distribution (push) Successful in 2m8s 
				
			 
		
			
				
	Test / Run NixOS test (push) Successful in 3m58s 
				
			 
		
		
	 
 
	 
						
						This makes swaymsg exec output appear in test output.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-23 16:08:22 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							cc1efa22e2 
							
						 
					 
					
						
						
							
							fst: add missing fields to template  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Build / Create distribution (push) Successful in 1m28s 
				
			 
		
			
				
	Test / Run NixOS test (push) Successful in 3m43s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-22 12:09:25 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							580128922b 
							
						 
					 
					
						
						
							
							cmd/fpkg: expose syscall policy options  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Build / Create distribution (push) Successful in 1m34s 
				
			 
		
			
				
	Test / Run NixOS test (push) Successful in 3m44s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-22 12:01:30 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							23e1152baa 
							
						 
					 
					
						
						
							
							app/share: clean BaseError message  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Build / Create distribution (push) Successful in 1m35s 
				
			 
		
			
				
	Test / Run NixOS test (push) Successful in 3m42s 
				
			 
		
		
	 
 
	 
						
						This removes trailing '\n' in the PulseAudio warning.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-22 11:54:16 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							8c51012ef5 
							
						 
					 
					
						
						
							
							dbus: enable syscall filter  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Build / Create distribution (push) Successful in 1m33s 
				
			 
		
			
				
	Test / Run NixOS test (push) Successful in 3m42s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-22 11:49:23 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							5a64cdaf4f 
							
						 
					 
					
						
						
							
							ldd: enable syscall filter  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Build / Create distribution (push) Successful in 1m55s 
				
			 
		
			
				
	Test / Run NixOS test (push) Successful in 4m6s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-22 02:00:49 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							a30f5e1226 
							
						 
					 
					
						
						
							
							fortify: set up seccomp verbose logging early  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Build / Create distribution (push) Successful in 1m34s 
				
			 
		
			
				
	Test / Run NixOS test (push) Successful in 4m4s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-22 01:58:54 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							9a239fa1a5 
							
						 
					 
					
						
						
							
							helper/bwrap: integrate seccomp into helper interface  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Build / Create distribution (push) Successful in 1m36s 
				
			 
		
			
				
	Test / Run NixOS test (push) Successful in 3m40s 
				
			 
		
		
	 
 
	 
						
						This makes API usage much cleaner, and encapsulates all bwrap arguments in argsWt.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-22 01:52:57 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							82029948e6 
							
						 
					 
					
						
						
							
							proc: append to ExtraFiles slice pointer  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Build / Create distribution (push) Successful in 1m30s 
				
			 
		
			
				
	Test / Run NixOS test (push) Successful in 4m4s 
				
			 
		
		
	 
 
	 
						
						This is useful for initialising extra files before command.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-21 12:51:39 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							dfcdc5ce20 
							
						 
					 
					
						
						
							
							state: store config in separate gob stream  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Build / Create distribution (push) Successful in 1m37s 
				
			 
		
			
				
	Test / Run NixOS test (push) Successful in 3m38s 
				
			 
		
		
	 
 
	 
						
						This enables early serialisation of config.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-21 12:10:58 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							fa0616b274 
							
						 
					 
					
						
						
							
							fortify: print permissive defaults warning early  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Build / Create distribution (push) Successful in 1m47s 
				
			 
		
			
				
	Test / Run NixOS test (push) Successful in 4m1s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-21 12:05:31 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							20a3d4c458 
							
						 
					 
					
						
						
							
							proc/priv/shim: resolve and load seccomp rules  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Build / Create distribution (push) Successful in 1m33s 
				
			 
		
			
				
	Test / Run NixOS test (push) Successful in 3m36s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-20 23:52:56 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							3df344828f 
							
						 
					 
					
						
						
							
							proc/priv/shim: seccomp bpf filter via libseccomp  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Build / Create distribution (push) Successful in 1m59s 
				
			 
		
			
				
	Test / Run NixOS test (push) Successful in 4m11s 
				
			 
		
		
	 
 
	 
						
						Rulesets adapted from Flatpak for compatibility.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-20 23:39:47 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							27f5922d5c 
							
						 
					 
					
						
						
							
							fst: include syscall filter configuration  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Build / Create distribution (push) Successful in 3m0s 
				
			 
		
			
				
	Test / Run NixOS test (push) Successful in 5m19s 
				
			 
		
		
	 
 
	 
						
						This value is passed through to shim.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-20 21:12:39 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							2cf1f46ea2 
							
						 
					 
					
						
						
							
							nix: test show without --short  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Build / Create distribution (push) Successful in 3m36s 
				
			 
		
			
				
	Test / Run NixOS test (push) Successful in 6m45s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-20 21:10:24 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							3c55fc8e86 
							
						 
					 
					
						
						
							
							proc/priv/shim: do not log bwrap args  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Build / Create distribution (push) Successful in 1m22s 
				
			 
		
			
				
	Test / Run NixOS test (push) Successful in 3m30s 
				
			 
		
		
	 
 
	 
						
						This message is very long and does not serve much real purpose. Remove it to de-clutter verbose messages.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-20 19:51:28 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							eb0ef2d115 
							
						 
					 
					
						
						
							
							helper/bwrap: generic extra file interface  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Build / Create distribution (push) Successful in 1m32s 
				
			 
		
			
				
	Test / Run NixOS test (push) Successful in 3m50s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-20 00:20:04 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							2f70506865 
							
						 
					 
					
						
						
							
							helper/bwrap: move sync to helper state  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Build / Create distribution (push) Successful in 1m25s 
				
			 
		
			
				
	Test / Run NixOS test (push) Successful in 3m33s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-19 18:38:13 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							cae567c109 
							
						 
					 
					
						
						
							
							proc/priv/shim: remove unnecessary state  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Build / Create distribution (push) Successful in 1m27s 
				
			 
		
			
				
	Test / Run NixOS test (push) Successful in 3m37s 
				
			 
		
		
	 
 
	 
						
						These values are only used during process creation.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-19 18:09:07 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							1ec901f79e 
							
						 
					 
					
						
						
							
							release: 0.2.10  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Build / Create distribution (push) Successful in 1m32s 
				
			 
		
			
				
	Test / Run NixOS test (push) Successful in 3m39s 
				
			 
		
			
				
	Release / Create release (push) Successful in 1m30s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-18 22:50:08 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							715addaccd 
							
						 
					 
					
						
						
							
							helper/bwrap: append --sync-fd before --  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Build / Create distribution (push) Successful in 1m26s 
				
			 
		
			
				
	Test / Run NixOS test (push) Successful in 3m26s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-18 12:30:03 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							b31d055e20 
							
						 
					 
					
						
						
							
							proc/priv/init: early init check  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Build / Create distribution (push) Successful in 1m39s 
				
			 
		
			
				
	Test / Run NixOS test (push) Successful in 3m45s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-18 12:33:33 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							7baca66a56 
							
						 
					 
					
						
						
							
							proc: remove duplicate compile-time fortify reference  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Build / Create distribution (push) Successful in 1m46s 
				
			 
		
			
				
	Test / Run NixOS test (push) Successful in 3m44s 
				
			 
		
		
	 
 
	 
						
						This is no longer needed since shim and init are now part of the main program.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-18 11:59:33 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							27d2914286 
							
						 
					 
					
						
						
							
							proc/priv/init: merge init into main program  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Build / Create distribution (push) Successful in 1m47s 
				
			 
		
			
				
	Test / Run NixOS test (push) Successful in 3m46s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-18 11:47:01 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							ea8f228af3 
							
						 
					 
					
						
						
							
							proc/priv/shim: merge shim into main program  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Build / Create distribution (push) Successful in 2m15s 
				
			 
		
			
				
	Test / Run NixOS test (push) Successful in 2m53s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-17 23:43:32 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							16db3dabe2 
							
						 
					 
					
						
						
							
							internal: do PR_SET_PDEATHSIG once  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Build / Create distribution (push) Successful in 3m7s 
				
			 
		
			
				
	Test / Run NixOS test (push) Successful in 4m40s 
				
			 
		
		
	 
 
	 
						
						This prctl affects the entire process, doing it on every OS thread is pointless.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-17 23:08:46 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							c4de450217 
							
						 
					 
					
						
						
							
							nix: do not force static linking on nix  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Build / Create distribution (push) Successful in 3m14s 
				
			 
		
			
				
	Test / Run NixOS test (push) Successful in 3m25s 
				
			 
		
		
	 
 
	 
						
						In a typical Nix or NixOS-based setup, the entire /nix/store directory is available to the sandbox.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-17 22:56:16 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							b60c01f440 
							
						 
					 
					
						
						
							
							fortify: switch to static linking  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Build / Create distribution (push) Successful in 1m43s 
				
			 
		
			
				
	Test / Run NixOS test (push) Successful in 4m32s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-16 17:32:52 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							124743ffd3 
							
						 
					 
					
						
						
							
							app: expose single run method  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Tests / Go tests (push) Successful in 1m1s 
				
			 
		
			
				
	Nix / NixOS tests (push) Successful in 3m20s 
				
			 
		
		
	 
 
	 
						
						App is no longer just a simple [exec.Cmd] wrapper, so exposing these steps separately no longer makes sense and actually hinders proper error handling, cleanup and cancellation. This change removes the five-second wait when the shim dies before receiving the payload, and provides caller the ability to gracefully stop execution of the confined process.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-15 23:39:51 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							be4d8b6300 
							
						 
					 
					
						
						
							
							release: 0.2.9  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Create distribution / Release (push) Successful in 1m21s 
				
			 
		
			
				
	Tests / Go tests (push) Successful in 46s 
				
			 
		
			
				
	Nix / NixOS tests (push) Successful in 3m6s 
				
			 
		
		
	 
 
	 
						
						This release mostly contains permissive defaults fixes and optimisations. It also contains a proof of concept version of fpkg.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-15 13:14:43 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							3e11ce6868 
							
						 
					 
					
						
						
							
							helper/bwrap: separate sequential/static args  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Tests / Go tests (push) Successful in 41s 
				
			 
		
			
				
	Nix / NixOS tests (push) Successful in 3m59s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-15 13:07:06 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							562f5ed797 
							
						 
					 
					
						
						
							
							fst: hide sockets exposed via Filesystem  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Tests / Go tests (push) Successful in 40s 
				
			 
		
			
				
	Nix / NixOS tests (push) Successful in 2m49s 
				
			 
		
		
	 
 
	 
						
						This is mostly useful for permissive defaults.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-15 10:13:18 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							db03565614 
							
						 
					 
					
						
						
							
							fst: move sandbox struct to separate file  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Tests / Go tests (push) Successful in 1m0s 
				
			 
		
			
				
	Nix / NixOS tests (push) Successful in 3m9s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-15 09:42:44 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							7d99e45b88 
							
						 
					 
					
						
						
							
							helper/bwrap: register OverlayConfig with gob  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Tests / Go tests (push) Successful in 58s 
				
			 
		
			
				
	Nix / NixOS tests (push) Successful in 3m5s 
				
			 
		
		
	 
 
	 
						
						This is required for copying bwrap configurations across processes.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-14 12:25:10 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							1651eb06df 
							
						 
					 
					
						
						
							
							dbus: implement dbus_parse_address  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Tests / Go tests (push) Successful in 1m14s 
				
			 
		
			
				
	Nix / NixOS tests (push) Successful in 7m36s 
				
			 
		
		
	 
 
	 
						
						This parses D-Bus addresses according to spec. It does significantly fewer copies than dbus_parse_address.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-12 23:24:03 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							ac543a1ce8 
							
						 
					 
					
						
						
							
							dbus: rename makeTestCases  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Tests / Go tests (push) Successful in 2m36s 
				
			 
		
			
				
	Nix / NixOS tests (push) Successful in 10m5s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-12 23:21:28 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							e2489059c1 
							
						 
					 
					
						
						
							
							helper/bwrap: implement overlayfs builder  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Tests / Go tests (push) Successful in 33s 
				
			 
		
			
				
	Nix / NixOS tests (push) Successful in 4m5s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-05 20:09:35 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							2e3f6a4c51 
							
						 
					 
					
						
						
							
							helper/bwrap: move test out of bwrap package  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Tests / Go tests (push) Successful in 36s 
				
			 
		
			
				
	Nix / NixOS tests (push) Successful in 4m51s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-05 19:45:24 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							2162029f46 
							
						 
					 
					
						
						
							
							helper/bwrap: add json struct tag to filesystem  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Tests / Go tests (push) Successful in 38s 
				
			 
		
			
				
	Nix / NixOS tests (push) Successful in 4m43s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-01-05 19:41:04 +09:00