hakurei

Author	SHA1	Message	Date
Ophestra	e14923ae53	helper/proc: move package out of internal All checks were successful Test / Create distribution (push) Successful in 1m32s Details Test / Run NixOS test (push) Successful in 4m6s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-08 13:03:45 +09:00
Ophestra	7aff3ead3a	nix: vm test remove unnecessary setup All checks were successful Test / Create distribution (push) Successful in 1m27s Details Test / Run NixOS test (push) Successful in 4m10s Details This step is no longer required as the NixOS module is responsible for home directory creation. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-07 22:29:56 +09:00
Ophestra	72fb13dccc	dbus: lock for read in public args interface All checks were successful Test / Create distribution (push) Successful in 1m27s Details Test / Run NixOS test (push) Successful in 4m2s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-07 13:42:29 +09:00
Ophestra	a48386bd56	system/dbus: dump messages on early fault All checks were successful Test / Create distribution (push) Successful in 1m27s Details Test / Run NixOS test (push) Successful in 4m14s Details In the current app implementation this gets dumped in the wait method after resuming output. Wait is never called in an early fault condition, so any error messages get lost. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-07 13:20:56 +09:00
Ophestra	2e52191404	system/dbus: dump method prints msgbuf All checks were successful Test / Create distribution (push) Successful in 1m27s Details Test / Run NixOS test (push) Successful in 4m1s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-07 13:16:54 +09:00
Ophestra	568d7758d5	helper/seccomp: panic on invalid closeWrite use All checks were successful Test / Create distribution (push) Successful in 1m46s Details Test / Run NixOS test (push) Successful in 4m39s Details Returning an error here puts exporter in an invalid state. The caller should guard against this condition instead. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-07 12:58:20 +09:00
Ophestra	5b7b3fa9a4	helper/seccomp: implement reader interface via pipe All checks were successful Test / Create distribution (push) Successful in 1m6s Details Test / Run NixOS test (push) Successful in 2m44s Details This also does not require the libc tmpfile call. BPF programs emitted by libseccomp seems to be deterministic. The tests would catch regressions as it verifies the program against known good output backed by manual testing. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-03 19:43:03 +09:00
Ophestra	d58fb8c6ee	workflows: fix nix store cache All checks were successful Test / Create distribution (push) Successful in 1m13s Details Test / Run NixOS test (push) Successful in 3m0s Details Prefix does not seem to match correctly, this appears to be a Gitea implementation bug. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-01 21:16:13 +09:00
Ophestra	5808fe61c3	nix: vm test set sway background All checks were successful Test / Create distribution (push) Successful in 2m36s Details Test / Run NixOS test (push) Successful in 6m32s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-25 22:28:04 +09:00
Ophestra	f338d3bb4b	nix: update flake lock All checks were successful Test / Create distribution (push) Successful in 3m6s Details Test / Run NixOS test (push) Successful in 6m32s Details	2025-01-25 19:46:33 +09:00
Ophestra	8d04dd72f1	nix: mount nvidia devices All checks were successful Test / Create distribution (push) Successful in 1m43s Details Test / Run NixOS test (push) Successful in 3m33s Details These non-standard paths are required in the sandbox for nvidia drivers to work. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-25 18:05:18 +09:00
Ophestra	21735a8abe	release: 0.2.12 All checks were successful Test / Create distribution (push) Successful in 2m25s Details Release / Create release (push) Successful in 4m6s Details Test / Run NixOS test (push) Successful in 4m49s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-25 13:40:48 +09:00
Ophestra	34272672b1	nix: verify silent output when not running with -v All checks were successful Test / Create distribution (push) Successful in 1m51s Details Test / Run NixOS test (push) Successful in 4m40s Details This checks behaviour of fmsg and seccomp. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-25 13:38:18 +09:00
Ophestra	7b96cd6ded	helper/seccomp: do not call F_println if not verbose All checks were successful Test / Create distribution (push) Successful in 1m42s Details Test / Run NixOS test (push) Successful in 3m34s Details This (slightly) improves performance. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-25 13:19:38 +09:00
Ophestra	163f15e93f	helper/seccomp: separate seccomp package All checks were successful Test / Create distribution (push) Successful in 1m39s Details Test / Run NixOS test (push) Successful in 3m31s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-25 12:59:11 +09:00
Ophestra	016da20443	nix: expose compat flag in nixos module All checks were successful Test / Create distribution (push) Successful in 1m55s Details Test / Run NixOS test (push) Successful in 4m6s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-25 12:42:48 +09:00
Ophestra	37780456a7	helper: block more unusual/privileged syscalls All checks were successful Test / Create distribution (push) Successful in 1m44s Details Test / Run NixOS test (push) Successful in 3m35s Details These are toggled by F_EXT and exposed as SyscallPolicy.Compat in the Go interface. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-25 12:35:47 +09:00
Ophestra	efacaa40fa	nix: set deny_devel correctly All checks were successful Test / Create distribution (push) Successful in 1m55s Details Test / Run NixOS test (push) Successful in 3m51s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-24 00:50:35 +09:00
Ophestra	ad6d0ee55f	workflows: rename integration test artifact All checks were successful Test / Create distribution (push) Successful in 1m53s Details Test / Run NixOS test (push) Successful in 3m45s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-24 00:30:39 +09:00
Ophestra	cf791469d8	workflows: gc store and purge old caches All checks were successful Test / Create distribution (push) Successful in 1m39s Details Test / Run NixOS test (push) Successful in 3m32s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-24 00:25:57 +09:00
Ophestra	be14421775	workflows: merge test build job into test All checks were successful Test / Create distribution (push) Successful in 2m8s Details Test / Run NixOS test (push) Successful in 3m57s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-24 00:22:44 +09:00
Ophestra	045983d7f4	wl: separate inline C All checks were successful Build / Create distribution (push) Successful in 1m41s Details Test / Run NixOS test (push) Successful in 3m29s Details Having a huge blurb of inline C hurts readability on web pages and some text editors. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-23 22:06:29 +09:00
Ophestra	7106b00968	release: 0.2.11 All checks were successful Build / Create distribution (push) Successful in 3m51s Details Release / Create release (push) Successful in 4m12s Details Test / Run NixOS test (push) Successful in 6m17s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-23 20:49:49 +09:00
Ophestra	96d5d8a396	nix: apply shared home config to reserved aid All checks were successful Build / Create distribution (push) Successful in 2m16s Details Test / Run NixOS test (push) Successful in 5m43s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-23 20:48:04 +09:00
Ophestra	8a00a83c71	nix: expose syscall filter policy All checks were successful Build / Create distribution (push) Successful in 1m31s Details Test / Run NixOS test (push) Successful in 1m52s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-23 17:24:42 +09:00
Ophestra	134247b57d	nix: configure target users via nixos All checks were successful Build / Create distribution (push) Successful in 2m0s Details Test / Run NixOS test (push) Successful in 3m46s Details This makes patching home-manager no longer necessary. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-23 17:04:19 +09:00
Ophestra	b5bb7654da	nix: redirect sway output to journal All checks were successful Build / Create distribution (push) Successful in 2m8s Details Test / Run NixOS test (push) Successful in 3m58s Details This makes swaymsg exec output appear in test output. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-23 16:08:22 +09:00
Ophestra	cc1efa22e2	fst: add missing fields to template All checks were successful Build / Create distribution (push) Successful in 1m28s Details Test / Run NixOS test (push) Successful in 3m43s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-22 12:09:25 +09:00
Ophestra	580128922b	cmd/fpkg: expose syscall policy options All checks were successful Build / Create distribution (push) Successful in 1m34s Details Test / Run NixOS test (push) Successful in 3m44s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-22 12:01:30 +09:00
Ophestra	23e1152baa	app/share: clean BaseError message All checks were successful Build / Create distribution (push) Successful in 1m35s Details Test / Run NixOS test (push) Successful in 3m42s Details This removes trailing '\n' in the PulseAudio warning. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-22 11:54:16 +09:00
Ophestra	8c51012ef5	dbus: enable syscall filter All checks were successful Build / Create distribution (push) Successful in 1m33s Details Test / Run NixOS test (push) Successful in 3m42s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-22 11:49:23 +09:00
Ophestra	5a64cdaf4f	ldd: enable syscall filter All checks were successful Build / Create distribution (push) Successful in 1m55s Details Test / Run NixOS test (push) Successful in 4m6s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-22 02:00:49 +09:00
Ophestra	a30f5e1226	fortify: set up seccomp verbose logging early All checks were successful Build / Create distribution (push) Successful in 1m34s Details Test / Run NixOS test (push) Successful in 4m4s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-22 01:58:54 +09:00
Ophestra	9a239fa1a5	helper/bwrap: integrate seccomp into helper interface All checks were successful Build / Create distribution (push) Successful in 1m36s Details Test / Run NixOS test (push) Successful in 3m40s Details This makes API usage much cleaner, and encapsulates all bwrap arguments in argsWt. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-22 01:52:57 +09:00
Ophestra	82029948e6	proc: append to ExtraFiles slice pointer All checks were successful Build / Create distribution (push) Successful in 1m30s Details Test / Run NixOS test (push) Successful in 4m4s Details This is useful for initialising extra files before command. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-21 12:51:39 +09:00
Ophestra	dfcdc5ce20	state: store config in separate gob stream All checks were successful Build / Create distribution (push) Successful in 1m37s Details Test / Run NixOS test (push) Successful in 3m38s Details This enables early serialisation of config. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-21 12:10:58 +09:00
Ophestra	fa0616b274	fortify: print permissive defaults warning early All checks were successful Build / Create distribution (push) Successful in 1m47s Details Test / Run NixOS test (push) Successful in 4m1s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-21 12:05:31 +09:00
Ophestra	20a3d4c458	proc/priv/shim: resolve and load seccomp rules All checks were successful Build / Create distribution (push) Successful in 1m33s Details Test / Run NixOS test (push) Successful in 3m36s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-20 23:52:56 +09:00
Ophestra	3df344828f	proc/priv/shim: seccomp bpf filter via libseccomp All checks were successful Build / Create distribution (push) Successful in 1m59s Details Test / Run NixOS test (push) Successful in 4m11s Details Rulesets adapted from Flatpak for compatibility. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-20 23:39:47 +09:00
Ophestra	27f5922d5c	fst: include syscall filter configuration All checks were successful Build / Create distribution (push) Successful in 3m0s Details Test / Run NixOS test (push) Successful in 5m19s Details This value is passed through to shim. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-20 21:12:39 +09:00
Ophestra	2cf1f46ea2	nix: test show without --short All checks were successful Build / Create distribution (push) Successful in 3m36s Details Test / Run NixOS test (push) Successful in 6m45s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-20 21:10:24 +09:00
Ophestra	3c55fc8e86	proc/priv/shim: do not log bwrap args All checks were successful Build / Create distribution (push) Successful in 1m22s Details Test / Run NixOS test (push) Successful in 3m30s Details This message is very long and does not serve much real purpose. Remove it to de-clutter verbose messages. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-20 19:51:28 +09:00
Ophestra	eb0ef2d115	helper/bwrap: generic extra file interface All checks were successful Build / Create distribution (push) Successful in 1m32s Details Test / Run NixOS test (push) Successful in 3m50s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-20 00:20:04 +09:00
Ophestra	2f70506865	helper/bwrap: move sync to helper state All checks were successful Build / Create distribution (push) Successful in 1m25s Details Test / Run NixOS test (push) Successful in 3m33s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-19 18:38:13 +09:00
Ophestra	cae567c109	proc/priv/shim: remove unnecessary state All checks were successful Build / Create distribution (push) Successful in 1m27s Details Test / Run NixOS test (push) Successful in 3m37s Details These values are only used during process creation. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-19 18:09:07 +09:00
Ophestra	1ec901f79e	release: 0.2.10 All checks were successful Build / Create distribution (push) Successful in 1m32s Details Test / Run NixOS test (push) Successful in 3m39s Details Release / Create release (push) Successful in 1m30s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-18 22:50:08 +09:00
Ophestra	715addaccd	helper/bwrap: append --sync-fd before -- All checks were successful Build / Create distribution (push) Successful in 1m26s Details Test / Run NixOS test (push) Successful in 3m26s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-18 12:30:03 +09:00
Ophestra	b31d055e20	proc/priv/init: early init check All checks were successful Build / Create distribution (push) Successful in 1m39s Details Test / Run NixOS test (push) Successful in 3m45s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-18 12:33:33 +09:00
Ophestra	7baca66a56	proc: remove duplicate compile-time fortify reference All checks were successful Build / Create distribution (push) Successful in 1m46s Details Test / Run NixOS test (push) Successful in 3m44s Details This is no longer needed since shim and init are now part of the main program. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-18 11:59:33 +09:00
Ophestra	27d2914286	proc/priv/init: merge init into main program All checks were successful Build / Create distribution (push) Successful in 1m47s Details Test / Run NixOS test (push) Successful in 3m46s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-18 11:47:01 +09:00

... 13 14 15 16 17 ...

1136 Commits