bf5772bd8a 
							
						 
					 
					
						
						
							
							nix: deduplicate home-manager merging  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 44s 
				
			 
		
			
				
	Test / Sandbox (push) Successful in 55s 
				
			 
		
			
				
	Test / Sandbox (race detector) (push) Successful in 53s 
				
			 
		
			
				
	Test / Fortify (race detector) (push) Successful in 50s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 54s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m8s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 1m7s 
				
			 
		
		
	 
 
	 
						
						This becomes a problem when extraHomeConfig defines nixos module options.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-06-08 01:12:18 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							9a7c81a44e 
							
						 
					 
					
						
						
							
							nix: go generate in src derivation  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Sandbox (push) Successful in 40s 
				
			 
		
			
				
	Test / Fortify (race detector) (push) Successful in 49s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 50s 
				
			 
		
			
				
	Test / Create distribution (push) Successful in 24s 
				
			 
		
			
				
	Test / Sandbox (race detector) (push) Successful in 45s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 39s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 1m12s 
				
			 
		
		
	 
 
	 
						
						This saves the generated files in the nix store and exposes them for use by external tools.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-06-07 03:10:36 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							b7e991de5b 
							
						 
					 
					
						
						
							
							nix: update flake lock  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 51s 
				
			 
		
			
				
	Test / Sandbox (push) Successful in 15m56s 
				
			 
		
			
				
	Test / Sandbox (race detector) (push) Successful in 16m5s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 17m33s 
				
			 
		
			
				
	Test / Fortify (race detector) (push) Successful in 2m28s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 40s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 2m58s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-06-05 04:05:39 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							2ffca6984a 
							
						 
					 
					
						
						
							
							nix: use reverse-DNS style id as unique identifier  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 19s 
				
			 
		
			
				
	Test / Sandbox (push) Successful in 31s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 35s 
				
			 
		
			
				
	Test / Sandbox (race detector) (push) Successful in 31s 
				
			 
		
			
				
	Test / Fortify (race detector) (push) Successful in 35s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 33s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 1m7s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-05-25 20:12:30 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							f30a439bcd 
							
						 
					 
					
						
						
							
							nix: improve common usability  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 19s 
				
			 
		
			
				
	Test / Sandbox (push) Successful in 31s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 35s 
				
			 
		
			
				
	Test / Sandbox (race detector) (push) Successful in 31s 
				
			 
		
			
				
	Test / Fortify (race detector) (push) Successful in 35s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 33s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 1m7s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-05-16 04:40:12 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							008e9e7fc5 
							
						 
					 
					
						
						
							
							nix: update flake lock  
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 28s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 38s 
				
			 
		
			
				
	Test / Fortify (race detector) (push) Successful in 37s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 35s 
				
			 
		
			
				
	Test / Sandbox (push) Successful in 1m18s 
				
			 
		
			
				
	Test / Sandbox (race detector) (push) Successful in 1m27s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 2m47s 
				
			 
		
		
	 
 
	 
						
						
					 
					
						2025-05-07 21:35:37 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							e587112e63 
							
						 
					 
					
						
						
							
							test: check xdg-dbus-proxy termination  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Sandbox (race detector) (push) Successful in 31s 
				
			 
		
			
				
	Test / Sandbox (push) Successful in 33s 
				
			 
		
			
				
	Test / Create distribution (push) Successful in 28s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 35s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m9s 
				
			 
		
			
				
	Test / Fortify (race detector) (push) Successful in 2m37s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 1m2s 
				
			 
		
		
	 
 
	 
						
						This process runs outside the application container's pid namespace, so it is a good idea to check whether its lifecycle becomes decoupled from the application.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-04-15 20:45:31 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							31b7ddd122 
							
						 
					 
					
						
						
							
							fst: improve config  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Sandbox (push) Successful in 1m50s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m46s 
				
			 
		
			
				
	Test / Sandbox (race detector) (push) Successful in 2m59s 
				
			 
		
			
				
	Test / Fortify (race detector) (push) Successful in 4m23s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 5m25s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 1m1s 
				
			 
		
		
	 
 
	 
						
						The config struct more or less "grew" to what it is today. This change moves things around to make more sense and fixes nonsensical comments describing obsolete behaviour.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-04-13 03:30:19 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							ae6f5ede19 
							
						 
					 
					
						
						
							
							fst: mount passthrough /dev writable  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Sandbox (push) Successful in 1m50s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m39s 
				
			 
		
			
				
	Test / Sandbox (race detector) (push) Successful in 3m1s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m30s 
				
			 
		
			
				
	Test / Fortify (race detector) (push) Successful in 4m13s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 59s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-04-11 20:01:54 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							807d511c8b 
							
						 
					 
					
						
						
							
							test/sandbox: check device outcome  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Fortify (push) Successful in 35s 
				
			 
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fortify (race detector) (push) Successful in 35s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 34s 
				
			 
		
			
				
	Test / Sandbox (push) Successful in 1m22s 
				
			 
		
			
				
	Test / Sandbox (race detector) (push) Successful in 1m41s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 1m5s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-04-11 19:55:16 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							9967909460 
							
						 
					 
					
						
						
							
							sandbox: relative autoetc links  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Sandbox (push) Successful in 1m44s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m41s 
				
			 
		
			
				
	Test / Sandbox (race detector) (push) Successful in 2m48s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m35s 
				
			 
		
			
				
	Test / Fortify (race detector) (push) Successful in 4m13s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 1m3s 
				
			 
		
		
	 
 
	 
						
						This allows nested containers to use autoetc, and increases compatibility with other implementations.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-04-11 18:54:00 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							e9a7cd526f 
							
						 
					 
					
						
						
							
							app: improve shim process management  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 27s 
				
			 
		
			
				
	Test / Sandbox (push) Successful in 1m45s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m36s 
				
			 
		
			
				
	Test / Sandbox (race detector) (push) Successful in 2m49s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m33s 
				
			 
		
			
				
	Test / Fortify (race detector) (push) Successful in 4m13s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 1m6s 
				
			 
		
		
	 
 
	 
						
						This ensures a signal gets delivered to the process instead of relying on parent death behaviour.
SIGCONT was chosen as it is the only signal an unprivileged process is allowed to send to processes with different credentials.
A custom signal handler is installed because the Go runtime does not expose signal information other than which signal was received, and shim must check pid to ensure reasonable behaviour.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-04-07 03:55:17 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							8aeb06f53c 
							
						 
					 
					
						
						
							
							app: share path setup on demand  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 28s 
				
			 
		
			
				
	Test / Sandbox (race detector) (push) Successful in 34s 
				
			 
		
			
				
	Test / Sandbox (push) Successful in 34s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 39s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m16s 
				
			 
		
			
				
	Test / Fortify (race detector) (push) Successful in 2m58s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 1m33s 
				
			 
		
		
	 
 
	 
						
						This removes the unnecessary creation and destruction of share paths when none of the enablements making use of them are set.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-04-01 00:47:32 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							297b444dfb 
							
						 
					 
					
						
						
							
							test: separate app and sandbox  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Sandbox (push) Successful in 1m42s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m39s 
				
			 
		
			
				
	Test / Sandbox (race detector) (push) Successful in 2m52s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m37s 
				
			 
		
			
				
	Test / Fortify (race detector) (push) Successful in 4m17s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 1m6s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-30 22:09:46 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							89a05909a4 
							
						 
					 
					
						
						
							
							test: move test program to sandbox directory  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 27s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 39s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m38s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m22s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 1m1s 
				
			 
		
		
	 
 
	 
						
						This prepares for the separation of app and sandbox tests.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-30 21:09:16 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							f772940768 
							
						 
					 
					
						
						
							
							test/sandbox: treat ESRCH as temporary failure  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 25s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 33s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m30s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m13s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 52s 
				
			 
		
		
	 
 
	 
						
						This is an ugly fix that makes various assumptions guaranteed to hold true in the testing vm. The test package is filtered by the build system so some ugliness is tolerable here.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-30 03:50:59 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							8886c40974 
							
						 
					 
					
						
						
							
							test/sandbox: separate check filter  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 34s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m29s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m12s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 54s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-30 02:15:08 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							8b62e08b44 
							
						 
					 
					
						
						
							
							test: build test program in nixos config  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 34s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m18s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 1m53s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 57s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-29 19:33:17 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							ff3cfbb437 
							
						 
					 
					
						
						
							
							test/sandbox: check seccomp outcome  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 25s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 33s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m27s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m15s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 56s 
				
			 
		
		
	 
 
	 
						
						This is as ugly as it is because it has to have CAP_SYS_ADMIN and not be in seccomp mode.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-28 02:24:27 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							389402f955 
							
						 
					 
					
						
						
							
							test/sandbox/ptrace: generic filter block type  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 34s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m28s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m12s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 59s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-28 01:47:24 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							660a2898dc 
							
						 
					 
					
						
						
							
							test/sandbox/ptrace: dump seccomp bpf program  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 34s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m21s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m4s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 55s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-28 01:35:56 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							faf59e12c0 
							
						 
					 
					
						
						
							
							test/sandbox: expose test tool  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 27s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 34s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m22s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m11s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 56s 
				
			 
		
		
	 
 
	 
						
						Some test elements implemented in the test tool might need to run outside the sandbox. This change allows that to happen.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-28 00:08:47 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							d97a03c7c6 
							
						 
					 
					
						
						
							
							test/sandbox: separate test tool source  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 34s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m27s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m11s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 59s 
				
			 
		
		
	 
 
	 
						
						This improves readability and allows gofmt to format the file.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-27 23:43:13 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							f8502c3ece 
							
						 
					 
					
						
						
							
							test/sandbox: check environment  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 19s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 34s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 41s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 41s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 56s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-27 03:16:33 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							996b42634d 
							
						 
					 
					
						
						
							
							test/sandbox: invoke check program directly  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 34s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 40s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 2m47s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 1m4s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-27 03:11:50 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							d613257841 
							
						 
					 
					
						
						
							
							sandbox/init: clear inheritable set  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 28s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m52s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m47s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m4s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 57s 
				
			 
		
		
	 
 
	 
						
						Inheritable should not be able to affect anything regardless of its value, due to no_new_privs.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-26 07:46:13 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							52fcc48ac1 
							
						 
					 
					
						
						
							
							sandbox/init: drop capabilities  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m39s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m31s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m32s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 58s 
				
			 
		
		
	 
 
	 
						
						During development the syscall filter caused me to make an incorrect assumption about SysProcAttr.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-26 06:32:08 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							2dd49c437c 
							
						 
					 
					
						
						
							
							app: create XDG_RUNTIME_DIR with perm 0700  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m41s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m31s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m30s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 59s 
				
			 
		
		
	 
 
	 
						
						Many programs complain about this.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-26 02:49:37 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							371dd5b938 
							
						 
					 
					
						
						
							
							nix: create current-system symlink  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 20s 
				
			 
		
			
				
	Release / Create release (push) Successful in 27s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 35s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 40s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 40s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 58s 
				
			 
		
		
	 
 
	 
						
						This is copied at runtime because it appears to be impossible to obtain this path in nix.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-26 02:06:11 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							4836d570ae 
							
						 
					 
					
						
						
							
							test: raise long timeout to 15 seconds  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 34s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m20s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m4s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 57s 
				
			 
		
		
	 
 
	 
						
						The race detector really slows down container tooling.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-26 01:59:05 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							67eb28466d 
							
						 
					 
					
						
						
							
							nix: create opengl-driver symlink  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 25s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 33s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m18s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m3s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 53s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-25 20:52:20 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							c326c3f97d 
							
						 
					 
					
						
						
							
							fst/sandbox: do not create /etc in advance  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 25s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m43s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m36s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m31s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 56s 
				
			 
		
		
	 
 
	 
						
						This is now handled by the setup op. This also gets rid of the hardcoded /etc path.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-25 20:00:34 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							ee51320abf 
							
						 
					 
					
						
						
							
							test: check revert type selection  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 20s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m18s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m1s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m32s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 1m4s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-25 04:37:58 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							5c4058d5ac 
							
						 
					 
					
						
						
							
							app: run in native sandbox  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 20s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m5s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m0s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m12s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 1m4s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-25 01:52:49 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							3dd4ff29c8 
							
						 
					 
					
						
						
							
							test/sandbox: check mount table length  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 37s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m20s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 2m51s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 1m0s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-24 16:36:53 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							61d86c5e10 
							
						 
					 
					
						
						
							
							test/sandbox: fix stdout tty check  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 27s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 37s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m22s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 2m57s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 56s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-24 16:23:50 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							d097eaa28f 
							
						 
					 
					
						
						
							
							test/sandbox: unquote fail messages  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m31s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m22s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m22s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 57s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-24 16:03:53 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							b989a4601a 
							
						 
					 
					
						
						
							
							test/sandbox: fail on mismatched mount entry  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 34s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m26s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 2m47s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 57s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-24 13:43:32 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							0eb1bc6301 
							
						 
					 
					
						
						
							
							test/sandbox: verify outcome via mountinfo  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Fpkg (push) Successful in 36s 
				
			 
		
			
				
	Test / Create distribution (push) Successful in 4m56s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 6m33s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 7m3s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 54s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-24 01:42:38 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							1eb837eab8 
							
						 
					 
					
						
						
							
							test/sandbox: warn about misuse in doc comment  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 34s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m16s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 2m45s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 59s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-23 23:28:28 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							806ce18c0a 
							
						 
					 
					
						
						
							
							test/sandbox: check mapuid outcome  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 27s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 37s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m23s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 2m50s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 55s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-23 17:56:07 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							b71d2bf534 
							
						 
					 
					
						
						
							
							test/sandbox: check tty outcome  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 25s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 34s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m21s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 2m48s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 54s 
				
			 
		
		
	 
 
	 
						
						This makes no difference currently but has different behaviour in the native sandbox.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-23 17:28:57 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							46059b1840 
							
						 
					 
					
						
						
							
							test/sandbox: print mismatching file content  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 25s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 34s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m3s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 2m32s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 51s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-23 17:24:52 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							d2c329bcea 
							
						 
					 
					
						
						
							
							test: format path aid offsets  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 36s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m12s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 2m41s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 51s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-23 17:21:14 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							2d379b5a38 
							
						 
					 
					
						
						
							
							test/sandbox: pass want file as argument  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 25s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 33s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m7s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 2m36s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 49s 
				
			 
		
		
	 
 
	 
						
						This avoids building the check program multiple times.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-23 15:00:59 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							75e0c5d406 
							
						 
					 
					
						
						
							
							test/sandbox: parse full test case  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 25s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m37s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m52s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m12s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 50s 
				
			 
		
		
	 
 
	 
						
						This makes declaring multiple tests much cleaner.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-23 14:53:50 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							632b18addd 
							
						 
					 
					
						
						
							
							test/sandbox: rename misleading bind destination  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 25s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 34s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m15s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 2m49s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 59s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-21 12:56:11 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							a57a7a6a16 
							
						 
					 
					
						
						
							
							test/sandbox: check type handling host_passthrough  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 25s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m30s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m30s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m20s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 52s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-21 12:21:08 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							3385538142 
							
						 
					 
					
						
						
							
							nix: clean up flake outputs  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 25s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 32s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m0s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 2m32s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 48s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-17 12:26:19 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							5d3c8dcc92 
							
						 
					 
					
						
						
							
							test: raise timeout  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 25s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 32s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m11s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 2m42s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 51s 
				
			 
		
		
	 
 
	 
						
						Native container tooling is severely slowed down by race detector. Raise timeout so it reliably completes.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-16 23:51:17 +09:00