ff3cfbb437 
							
						 
					 
					
						
						
							
							test/sandbox: check seccomp outcome  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 25s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 33s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m27s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m15s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 56s 
				
			 
		
		
	 
 
	 
						
						This is as ugly as it is because it has to have CAP_SYS_ADMIN and not be in seccomp mode.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-28 02:24:27 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							c13eb70d7d 
							
						 
					 
					
						
						
							
							sandbox/seccomp: add fortify default sample  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 25s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m39s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m29s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m34s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 57s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-28 02:02:02 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							389402f955 
							
						 
					 
					
						
						
							
							test/sandbox/ptrace: generic filter block type  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 34s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m28s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m12s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 59s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-28 01:47:24 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							660a2898dc 
							
						 
					 
					
						
						
							
							test/sandbox/ptrace: dump seccomp bpf program  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 34s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m21s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m4s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 55s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-28 01:35:56 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							faf59e12c0 
							
						 
					 
					
						
						
							
							test/sandbox: expose test tool  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 27s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 34s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m22s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m11s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 56s 
				
			 
		
		
	 
 
	 
						
						Some test elements implemented in the test tool might need to run outside the sandbox. This change allows that to happen.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-28 00:08:47 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							d97a03c7c6 
							
						 
					 
					
						
						
							
							test/sandbox: separate test tool source  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 34s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m27s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m11s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 59s 
				
			 
		
		
	 
 
	 
						
						This improves readability and allows gofmt to format the file.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-27 23:43:13 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							a102178019 
							
						 
					 
					
						
						
							
							sys: update doc comment  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 28s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m45s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m36s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m32s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 58s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-27 22:43:17 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							e400862a12 
							
						 
					 
					
						
						
							
							state/multi: fix backend cache population race  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 27s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m46s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m33s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m37s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 57s 
				
			 
		
		
	 
 
	 
						
						This race is never able to happen since no caller concurrently requests the same aid yet.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-27 22:37:08 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							184e9db2b2 
							
						 
					 
					
						
						
							
							sandbox: support privileged container  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m34s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m25s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m27s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 53s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-27 19:40:19 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							605d018be2 
							
						 
					 
					
						
						
							
							app/seal: check for '=' in envv  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m58s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m50s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m40s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 55s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-27 18:25:23 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							78aaae7ee0 
							
						 
					 
					
						
						
							
							helper/args: copy args on wt creation  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m49s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m4s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m15s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 1m1s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-27 18:22:07 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							5c82f1ed3e 
							
						 
					 
					
						
						
							
							helper/stub: output to stdout  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 19s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 43s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 1m26s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 2m28s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 1m0s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-27 17:25:10 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							f8502c3ece 
							
						 
					 
					
						
						
							
							test/sandbox: check environment  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 19s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 34s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 41s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 41s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 56s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-27 03:16:33 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							996b42634d 
							
						 
					 
					
						
						
							
							test/sandbox: invoke check program directly  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 34s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 40s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 2m47s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 1m4s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-27 03:11:50 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							300571af47 
							
						 
					 
					
						
						
							
							app: pass through $SHELL  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 25s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 33s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 39s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 39s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 55s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-27 01:22:40 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							32c90ef4e7 
							
						 
					 
					
						
						
							
							nix: pass through exec arguments  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 19s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 34s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 41s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 41s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 56s 
				
			 
		
		
	 
 
	 
						
						This is useful for when a wrapper script is unnecessary.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-27 03:04:46 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							2a4e2724a3 
							
						 
					 
					
						
						
							
							release: 0.3.1  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Release / Create release (push) Successful in 35s 
				
			 
		
			
				
	Test / Create distribution (push) Successful in 19s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 33s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 39s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 39s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 55s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-26 07:48:50 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							d613257841 
							
						 
					 
					
						
						
							
							sandbox/init: clear inheritable set  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 28s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m52s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m47s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m4s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 57s 
				
			 
		
		
	 
 
	 
						
						Inheritable should not be able to affect anything regardless of its value, due to no_new_privs.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-26 07:46:13 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							18644d90be 
							
						 
					 
					
						
						
							
							sandbox: wrap capset syscall  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 21s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m25s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m10s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 2m59s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 1m4s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-26 07:44:07 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							52fcc48ac1 
							
						 
					 
					
						
						
							
							sandbox/init: drop capabilities  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m39s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m31s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m32s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 58s 
				
			 
		
		
	 
 
	 
						
						During development the syscall filter caused me to make an incorrect assumption about SysProcAttr.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-26 06:32:08 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							8b69bcd215 
							
						 
					 
					
						
						
							
							sandbox: cache kernel.cap_last_cap value  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m37s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m33s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m27s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 59s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-26 06:19:19 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							2dd49c437c 
							
						 
					 
					
						
						
							
							app: create XDG_RUNTIME_DIR with perm 0700  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m41s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m31s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m30s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 59s 
				
			 
		
		
	 
 
	 
						
						Many programs complain about this.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-26 02:49:37 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							92852d8235 
							
						 
					 
					
						
						
							
							release: 0.3.0  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 20s 
				
			 
		
			
				
	Release / Create release (push) Successful in 35s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m45s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m27s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m20s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 1m1s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-26 02:18:59 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							371dd5b938 
							
						 
					 
					
						
						
							
							nix: create current-system symlink  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 20s 
				
			 
		
			
				
	Release / Create release (push) Successful in 27s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 35s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 40s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 40s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 58s 
				
			 
		
		
	 
 
	 
						
						This is copied at runtime because it appears to be impossible to obtain this path in nix.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-26 02:06:11 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							4836d570ae 
							
						 
					 
					
						
						
							
							test: raise long timeout to 15 seconds  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 34s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m20s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m4s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 57s 
				
			 
		
		
	 
 
	 
						
						The race detector really slows down container tooling.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-26 01:59:05 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							985f9442e6 
							
						 
					 
					
						
						
							
							sandbox: copy symlink with magic prefix  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 25s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m39s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m31s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 2m40s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 59s 
				
			 
		
		
	 
 
	 
						
						This does not dereference the symlink, but only reads one level of it. This is useful for symlink targets that are not yet known at the time the configuration is emitted.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-26 01:42:39 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							67eb28466d 
							
						 
					 
					
						
						
							
							nix: create opengl-driver symlink  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 25s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 33s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m18s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m3s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 53s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-25 20:52:20 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							c326c3f97d 
							
						 
					 
					
						
						
							
							fst/sandbox: do not create /etc in advance  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 25s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m43s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m36s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m31s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 56s 
				
			 
		
		
	 
 
	 
						
						This is now handled by the setup op. This also gets rid of the hardcoded /etc path.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-25 20:00:34 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							971c79bb80 
							
						 
					 
					
						
						
							
							sandbox: remove hardcoded parent perm  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 27s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m43s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m41s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m32s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 59s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-25 19:49:51 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							f86d868274 
							
						 
					 
					
						
						
							
							sandbox: wrap error with its own text message  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m40s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m33s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m24s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 57s 
				
			 
		
		
	 
 
	 
						
						PathError has a pretty good text message, many of them are wrapped with its own text message. This change adds a function to do just that to improve readability.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-25 19:42:20 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							33940265a6 
							
						 
					 
					
						
						
							
							sandbox: do not ensure symlink target  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 25s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m40s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m29s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m31s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 1m4s 
				
			 
		
		
	 
 
	 
						
						This masks EEXIST on target and might clobber filesystems and lead to other confusing behaviour. Create its parent instead.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-25 19:30:53 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							b39f3aeb59 
							
						 
					 
					
						
						
							
							helper: remove bubblewrap wrapper  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 19s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m12s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m34s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m19s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 57s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-25 05:35:02 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							61dbfeffe7 
							
						 
					 
					
						
						
							
							sandbox/wl: move into sandbox  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m49s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m54s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m36s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 58s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-25 05:26:37 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							532feb4bfa 
							
						 
					 
					
						
						
							
							app: merge shim into app package  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m48s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m39s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m35s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 56s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-25 05:21:47 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							ec5e91b8c9 
							
						 
					 
					
						
						
							
							system: optimise string formatting  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 20s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 36s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 42s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 43s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 1m10s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-25 04:42:30 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							ee51320abf 
							
						 
					 
					
						
						
							
							test: check revert type selection  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 20s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m18s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m1s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m32s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 1m4s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-25 04:37:58 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							5c4058d5ac 
							
						 
					 
					
						
						
							
							app: run in native sandbox  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 20s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m5s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m0s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m12s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 1m4s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-25 01:52:49 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							e732dca762 
							
						 
					 
					
						
						
							
							wl: fix sync pipe keepalive  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m30s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m36s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m14s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 59s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-25 01:33:37 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							a9adcd914b 
							
						 
					 
					
						
						
							
							fortify/parse: omit try fd fallthrough message  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 25s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m33s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m28s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m12s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 57s 
				
			 
		
		
	 
 
	 
						
						This reduces noise in verbose output.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-25 01:21:11 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							3dd4ff29c8 
							
						 
					 
					
						
						
							
							test/sandbox: check mount table length  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 37s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m20s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 2m51s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 1m0s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-24 16:36:53 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							61d86c5e10 
							
						 
					 
					
						
						
							
							test/sandbox: fix stdout tty check  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 27s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 37s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m22s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 2m57s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 56s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-24 16:23:50 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							d097eaa28f 
							
						 
					 
					
						
						
							
							test/sandbox: unquote fail messages  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m31s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m22s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m22s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 57s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-24 16:03:53 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							ad3576c164 
							
						 
					 
					
						
						
							
							sandbox: resolve tty name  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 19s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m17s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m15s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m10s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 56s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-24 16:03:07 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							b989a4601a 
							
						 
					 
					
						
						
							
							test/sandbox: fail on mismatched mount entry  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 34s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m26s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 2m47s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 57s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-24 13:43:32 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							a11237b158 
							
						 
					 
					
						
						
							
							sandbox/vfs: add doc comments  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m42s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m40s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m15s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 55s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-24 13:21:55 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							40f00d570e 
							
						 
					 
					
						
						
							
							sandbox: set mkdir perm  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m34s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m26s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m7s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 57s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-24 12:51:39 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							0eb1bc6301 
							
						 
					 
					
						
						
							
							test/sandbox: verify outcome via mountinfo  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Fpkg (push) Successful in 36s 
				
			 
		
			
				
	Test / Create distribution (push) Successful in 4m56s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 6m33s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 7m3s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 54s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-24 01:42:38 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							1eb837eab8 
							
						 
					 
					
						
						
							
							test/sandbox: warn about misuse in doc comment  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 34s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m16s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 2m45s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 59s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-23 23:28:28 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							0a4e633db2 
							
						 
					 
					
						
						
							
							nix: filter test from source  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m42s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m52s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m19s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 54s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-23 22:20:19 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							e8809125d4 
							
						 
					 
					
						
						
							
							sandbox: verify outcome via mountinfo  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m39s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m29s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m17s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 1m6s 
				
			 
		
		
	 
 
	 
						
						This contains much more information than /proc/mounts and allows for more fields to be checked. This also removes the dependency on the test package.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-23 22:17:36 +09:00