96 Commits

Author SHA1 Message Date
766dd89ffa
internal: clean up build strings
All checks were successful
Test / Create distribution (push) Successful in 33s
Test / Sandbox (push) Successful in 2m9s
Test / Hakurei (push) Successful in 3m5s
Test / Hpkg (push) Successful in 4m4s
Test / Sandbox (race detector) (push) Successful in 4m9s
Test / Hakurei (race detector) (push) Successful in 4m46s
Test / Flake checks (push) Successful in 1m30s
These names are less ambiguous and should be understandable without reading the source code.

Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-10-21 01:49:36 +09:00
ad1bc6794f
release: 0.2.2
All checks were successful
Release / Create release (push) Successful in 1m8s
Test / Sandbox (push) Successful in 51s
Test / Hakurei (push) Successful in 1m9s
Test / Create distribution (push) Successful in 37s
Test / Hpkg (push) Successful in 4m38s
Test / Sandbox (race detector) (push) Successful in 4m33s
Test / Hakurei (race detector) (push) Successful in 3m11s
Test / Flake checks (push) Successful in 1m42s
Unfortunately removal of internal/hlog brought about some changes that breaks API. This will likely be the last 0.2.x release.

Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-09-28 21:58:19 +09:00
9d932d1039
release: 0.2.1
All checks were successful
Release / Create release (push) Successful in 43s
Test / Sandbox (push) Successful in 40s
Test / Hakurei (push) Successful in 3m17s
Test / Create distribution (push) Successful in 24s
Test / Hpkg (push) Successful in 3m36s
Test / Sandbox (race detector) (push) Successful in 3m56s
Test / Hakurei (race detector) (push) Successful in 5m6s
Test / Flake checks (push) Successful in 1m31s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-26 03:33:45 +09:00
07194c74cb
release: 0.2.0
All checks were successful
Release / Create release (push) Successful in 39s
Test / Sandbox (push) Successful in 41s
Test / Hakurei (push) Successful in 1m9s
Test / Create distribution (push) Successful in 24s
Test / Hpkg (push) Successful in 1m10s
Test / Sandbox (race detector) (push) Successful in 4m5s
Test / Hakurei (race detector) (push) Successful in 5m12s
Test / Flake checks (push) Successful in 1m31s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-26 02:23:59 +09:00
f13dca184c
release: 0.1.3
All checks were successful
Test / Create distribution (push) Successful in 26s
Release / Create release (push) Successful in 41s
Test / Sandbox (push) Successful in 41s
Test / Hakurei (push) Successful in 44s
Test / Hakurei (race detector) (push) Successful in 44s
Test / Sandbox (race detector) (push) Successful in 42s
Test / Hpkg (push) Successful in 42s
Test / Flake checks (push) Successful in 1m17s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-02 00:02:54 +09:00
a8a79a8664
cmd/hpkg: rename from planterette
All checks were successful
Test / Create distribution (push) Successful in 33s
Test / Sandbox (push) Successful in 1m58s
Test / Sandbox (race detector) (push) Successful in 3m47s
Test / Hpkg (push) Successful in 3m54s
Test / Hakurei (race detector) (push) Successful in 4m32s
Test / Hakurei (push) Successful in 2m10s
Test / Flake checks (push) Successful in 1m19s
Planterette is now developed in another repository, so rename this proof of concept to avoid confusion.

Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-07-31 23:57:11 +09:00
cb513bb1cd
release: 0.1.2
All checks were successful
Release / Create release (push) Successful in 41s
Test / Sandbox (push) Successful in 40s
Test / Hakurei (push) Successful in 2m37s
Test / Create distribution (push) Successful in 24s
Test / Sandbox (race detector) (push) Successful in 3m29s
Test / Planterette (push) Successful in 3m5s
Test / Hakurei (race detector) (push) Successful in 2m27s
Test / Flake checks (push) Successful in 1m19s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-07-29 03:11:33 +09:00
625632c593
nix: update flake lock
All checks were successful
Test / Create distribution (push) Successful in 39s
Test / Sandbox (race detector) (push) Successful in 50s
Test / Sandbox (push) Successful in 52s
Test / Planterette (push) Successful in 50s
Test / Hakurei (race detector) (push) Successful in 57s
Test / Hakurei (push) Successful in 59s
Test / Flake checks (push) Successful in 1m53s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-07-26 18:57:54 +09:00
6ba19a7ba5
release: 0.1.1
All checks were successful
Release / Create release (push) Successful in 41s
Test / Hakurei (push) Successful in 49s
Test / Sandbox (push) Successful in 40s
Test / Create distribution (push) Successful in 24s
Test / Planterette (push) Successful in 3m13s
Test / Sandbox (race detector) (push) Successful in 3m46s
Test / Hakurei (race detector) (push) Successful in 2m18s
Test / Flake checks (push) Successful in 1m21s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-07-09 05:42:31 +09:00
e6967b8bbb
release: 0.1.0
All checks were successful
Release / Create release (push) Successful in 39s
Test / Sandbox (push) Successful in 39s
Test / Hakurei (push) Successful in 1m9s
Test / Sandbox (race detector) (push) Successful in 2m58s
Test / Create distribution (push) Successful in 24s
Test / Planterette (push) Successful in 3m48s
Test / Hakurei (race detector) (push) Successful in 4m6s
Test / Flake checks (push) Successful in 1m15s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-07-03 03:42:58 +09:00
d2f9a9b83b
treewide: migrate to hakurei.app
All checks were successful
Test / Create distribution (push) Successful in 24s
Test / Sandbox (push) Successful in 46s
Test / Hakurei (push) Successful in 2m9s
Test / Sandbox (race detector) (push) Successful in 3m14s
Test / Planterette (push) Successful in 3m41s
Test / Hakurei (race detector) (push) Successful in 3m40s
Test / Flake checks (push) Successful in 1m18s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-07-03 03:30:39 +09:00
a1d98823f8
hakurei: move container toplevel
All checks were successful
Test / Create distribution (push) Successful in 31s
Test / Sandbox (push) Successful in 1m55s
Test / Hakurei (push) Successful in 2m47s
Test / Sandbox (race detector) (push) Successful in 3m16s
Test / Planterette (push) Successful in 3m32s
Test / Hakurei (race detector) (push) Successful in 4m25s
Test / Flake checks (push) Successful in 1m9s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-07-02 21:23:55 +09:00
0e957cc9c1
release: 0.0.2
All checks were successful
Release / Create release (push) Successful in 43s
Test / Create distribution (push) Successful in 25s
Test / Sandbox (push) Successful in 40s
Test / Hakurei (push) Successful in 45s
Test / Sandbox (race detector) (push) Successful in 39s
Test / Planterette (push) Successful in 1m41s
Test / Hakurei (race detector) (push) Successful in 1m44s
Test / Flake checks (push) Successful in 1m14s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-06-25 21:11:11 +09:00
aa454b158f
cmd/planterette: remove hsu special case
All checks were successful
Test / Hakurei (push) Successful in 42s
Test / Create distribution (push) Successful in 25s
Test / Sandbox (push) Successful in 40s
Test / Hakurei (race detector) (push) Successful in 43s
Test / Sandbox (race detector) (push) Successful in 38s
Test / Planterette (push) Successful in 40s
Test / Flake checks (push) Successful in 1m15s
Remove special case and invoke hakurei out of process.

Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-06-25 20:50:24 +09:00
b380bb248c
release: 0.0.1
All checks were successful
Release / Create release (push) Successful in 40s
Test / Create distribution (push) Successful in 25s
Test / Sandbox (push) Successful in 38s
Test / Sandbox (race detector) (push) Successful in 38s
Test / Hakurei (push) Successful in 42s
Test / Hakurei (race detector) (push) Successful in 41s
Test / Fpkg (push) Successful in 39s
Test / Flake checks (push) Successful in 1m10s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-06-25 05:05:06 +09:00
87e008d56d
treewide: rename to hakurei
All checks were successful
Test / Create distribution (push) Successful in 43s
Test / Sandbox (push) Successful in 2m18s
Test / Hakurei (push) Successful in 3m10s
Test / Sandbox (race detector) (push) Successful in 3m30s
Test / Hakurei (race detector) (push) Successful in 4m43s
Test / Fpkg (push) Successful in 5m4s
Test / Flake checks (push) Successful in 1m12s
Fortify makes little sense for a container tool.

Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-06-25 04:57:41 +09:00
3992073212
dist: move comp to dist
All checks were successful
Test / Create distribution (push) Successful in 33s
Test / Sandbox (push) Successful in 1m58s
Test / Fortify (push) Successful in 2m49s
Test / Sandbox (race detector) (push) Successful in 3m13s
Test / Fpkg (push) Successful in 3m39s
Test / Fortify (race detector) (push) Successful in 4m17s
Test / Flake checks (push) Successful in 1m9s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-06-18 17:01:16 +09:00
9a7c81a44e
nix: go generate in src derivation
All checks were successful
Test / Sandbox (push) Successful in 40s
Test / Fortify (race detector) (push) Successful in 49s
Test / Fortify (push) Successful in 50s
Test / Create distribution (push) Successful in 24s
Test / Sandbox (race detector) (push) Successful in 45s
Test / Fpkg (push) Successful in 39s
Test / Flake checks (push) Successful in 1m12s
This saves the generated files in the nix store and exposes them for use by external tools.

Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-06-07 03:10:36 +09:00
6c1205106d
release: 0.4.1
All checks were successful
Release / Create release (push) Successful in 59s
Test / Sandbox (push) Successful in 1m2s
Test / Sandbox (race detector) (push) Successful in 5m25s
Test / Create distribution (push) Successful in 28s
Test / Fpkg (push) Successful in 8m35s
Test / Fortify (push) Successful in 8m57s
Test / Fortify (race detector) (push) Successful in 10m5s
Test / Flake checks (push) Successful in 1m45s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-05-26 02:55:19 +09:00
d6cf736abf
release: 0.4.0
All checks were successful
Release / Create release (push) Successful in 54s
Test / Sandbox (push) Successful in 47s
Test / Sandbox (race detector) (push) Successful in 4m44s
Test / Create distribution (push) Successful in 20s
Test / Fortify (race detector) (push) Successful in 6m42s
Test / Fpkg (push) Successful in 2m18s
Test / Fortify (push) Successful in 5m18s
Test / Flake checks (push) Successful in 2m42s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-04-13 11:10:45 +09:00
12be7bc78e
release: 0.3.3
All checks were successful
Release / Create release (push) Successful in 34s
Test / Create distribution (push) Successful in 19s
Test / Sandbox (push) Successful in 30s
Test / Sandbox (race detector) (push) Successful in 29s
Test / Fortify (push) Successful in 35s
Test / Fortify (race detector) (push) Successful in 35s
Test / Fpkg (push) Successful in 33s
Test / Flake checks (push) Successful in 1m0s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-04-01 01:42:10 +09:00
48f634d046
release: 0.3.2
All checks were successful
Release / Create release (push) Successful in 34s
Test / Sandbox (push) Successful in 34s
Test / Fortify (push) Successful in 59s
Test / Create distribution (push) Successful in 20s
Test / Sandbox (race detector) (push) Successful in 1m3s
Test / Fpkg (push) Successful in 1m16s
Test / Fortify (race detector) (push) Successful in 4m14s
Test / Flake checks (push) Successful in 1m9s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-30 23:05:57 +09:00
2a4e2724a3
release: 0.3.1
All checks were successful
Release / Create release (push) Successful in 35s
Test / Create distribution (push) Successful in 19s
Test / Fpkg (push) Successful in 33s
Test / Fortify (push) Successful in 39s
Test / Data race detector (push) Successful in 39s
Test / Flake checks (push) Successful in 55s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-26 07:48:50 +09:00
92852d8235
release: 0.3.0
All checks were successful
Test / Create distribution (push) Successful in 20s
Release / Create release (push) Successful in 35s
Test / Fortify (push) Successful in 2m45s
Test / Fpkg (push) Successful in 3m27s
Test / Data race detector (push) Successful in 4m20s
Test / Flake checks (push) Successful in 1m1s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-26 02:18:59 +09:00
b39f3aeb59
helper: remove bubblewrap wrapper
All checks were successful
Test / Create distribution (push) Successful in 19s
Test / Fortify (push) Successful in 2m12s
Test / Fpkg (push) Successful in 3m34s
Test / Data race detector (push) Successful in 4m19s
Test / Flake checks (push) Successful in 57s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-25 05:35:02 +09:00
0eb1bc6301
test/sandbox: verify outcome via mountinfo
All checks were successful
Test / Fpkg (push) Successful in 36s
Test / Create distribution (push) Successful in 4m56s
Test / Fortify (push) Successful in 6m33s
Test / Data race detector (push) Successful in 7m3s
Test / Flake checks (push) Successful in 54s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-24 01:42:38 +09:00
0a4e633db2
nix: filter test from source
All checks were successful
Test / Create distribution (push) Successful in 26s
Test / Fortify (push) Successful in 2m42s
Test / Fpkg (push) Successful in 3m52s
Test / Data race detector (push) Successful in 4m19s
Test / Flake checks (push) Successful in 54s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-23 22:20:19 +09:00
3385538142
nix: clean up flake outputs
All checks were successful
Test / Create distribution (push) Successful in 25s
Test / Fpkg (push) Successful in 32s
Test / Fortify (push) Successful in 2m0s
Test / Data race detector (push) Successful in 2m32s
Test / Flake checks (push) Successful in 48s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-17 12:26:19 +09:00
4bb5d9780f
ldd: run in native sandbox
All checks were successful
Test / Create distribution (push) Successful in 25s
Test / Fortify (push) Successful in 2m27s
Test / Fpkg (push) Successful in 3m22s
Test / Data race detector (push) Successful in 3m43s
Test / Flake checks (push) Successful in 48s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-14 17:55:55 +09:00
9b1a60b5c9
sandbox: native container tooling
All checks were successful
Test / Create distribution (push) Successful in 25s
Test / Fortify (push) Successful in 2m28s
Test / Fpkg (push) Successful in 3m23s
Test / Data race detector (push) Successful in 3m35s
Test / Flake checks (push) Successful in 48s
This should eventually replace bwrap.

Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-13 21:36:26 +09:00
2d4cabe786
nix: increase nixfmt max width
All checks were successful
Test / Create distribution (push) Successful in 30s
Test / Fpkg (push) Successful in 36s
Test / Data race detector (push) Successful in 35s
Test / Fortify (push) Successful in 39s
Test / Flake checks (push) Successful in 50s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-28 14:43:46 +09:00
673b648bd3
cmd/fpkg: call app in-process
All checks were successful
Test / Create distribution (push) Successful in 28s
Test / Fortify (push) Successful in 2m31s
Test / Data race detector (push) Successful in 3m25s
Test / Fpkg (push) Successful in 3m29s
Test / Flake checks (push) Successful in 55s
Wrapping fortify is slow, painful and error-prone. Start apps in-process instead.

Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-26 19:51:44 +09:00
c21a4cff14
nix: wrap fpkg
All checks were successful
Test / Create distribution (push) Successful in 26s
Test / Data race detector (push) Successful in 2m11s
Test / Fortify (push) Successful in 2m24s
Test / Flake checks (push) Successful in 42s
This is usable on nixos now due to the static build.

Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-26 12:24:04 +09:00
6d4ac3d9fd
internal: store fortify path in internal
All checks were successful
Test / Create distribution (push) Successful in 26s
Test / Fortify (push) Successful in 2m33s
Test / Data race detector (push) Successful in 3m20s
Test / Flake checks (push) Successful in 42s
This now makes more sense due to the changes in build system.

Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-26 12:03:25 +09:00
751aa350ee
nix: exclude files ending in ".py"
All checks were successful
Test / Create distribution (push) Successful in 26s
Test / Fortify (push) Successful in 2m12s
Test / Data race detector (push) Successful in 2m59s
Test / Flake checks (push) Successful in 44s
This reduces rebuilds when debugging nixos tests.

Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-24 17:41:56 +09:00
71135f339a
release: 0.2.18
All checks were successful
Test / Create distribution (push) Successful in 20s
Release / Create release (push) Successful in 33s
Test / Fortify (push) Successful in 2m4s
Test / Data race detector (push) Successful in 2m33s
Test / Flake checks (push) Successful in 48s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-23 18:52:33 +09:00
8bf162820b
nix: separate fsu from package
All checks were successful
Test / Create distribution (push) Successful in 26s
Test / Run NixOS test (push) Successful in 7m25s
This appears to be the only way to build them with different configuration. This enables static linking in the main package.

Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-23 18:13:37 +09:00
2e7e160683
release: 0.2.17
All checks were successful
Release / Create release (push) Successful in 33s
Test / Create distribution (push) Successful in 20s
Test / Run NixOS test (push) Successful in 3m50s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-23 02:59:31 +09:00
9d9a165379
release: 0.2.16
All checks were successful
Release / Create release (push) Successful in 35s
Test / Create distribution (push) Successful in 22s
Test / Run NixOS test (push) Successful in 2m41s
Mostly refactor and cleanup, but also contains major fix to process lifecycle management.

Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-19 23:39:16 +09:00
83e72c2b59
release: 0.2.15
All checks were successful
Test / Create distribution (push) Successful in 19s
Release / Create release (push) Successful in 33s
Test / Run NixOS test (push) Successful in 3m12s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-17 00:13:04 +09:00
90b86a5531
release: 0.2.14
All checks were successful
Release / Create release (push) Successful in 24s
Test / Create distribution (push) Successful in 18s
Test / Run NixOS test (push) Successful in 50s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-15 23:05:02 +09:00
820f48ef94
release: 0.2.13
All checks were successful
Test / Create distribution (push) Successful in 1m56s
Release / Create release (push) Successful in 2m9s
Test / Run NixOS test (push) Successful in 4m38s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-13 23:45:54 +09:00
21735a8abe
release: 0.2.12
All checks were successful
Test / Create distribution (push) Successful in 2m25s
Release / Create release (push) Successful in 4m6s
Test / Run NixOS test (push) Successful in 4m49s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-25 13:40:48 +09:00
7106b00968
release: 0.2.11
All checks were successful
Build / Create distribution (push) Successful in 3m51s
Release / Create release (push) Successful in 4m12s
Test / Run NixOS test (push) Successful in 6m17s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-23 20:49:49 +09:00
3df344828f
proc/priv/shim: seccomp bpf filter via libseccomp
All checks were successful
Build / Create distribution (push) Successful in 1m59s
Test / Run NixOS test (push) Successful in 4m11s
Rulesets adapted from Flatpak for compatibility.

Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-20 23:39:47 +09:00
1ec901f79e
release: 0.2.10
All checks were successful
Build / Create distribution (push) Successful in 1m32s
Test / Run NixOS test (push) Successful in 3m39s
Release / Create release (push) Successful in 1m30s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-18 22:50:08 +09:00
7baca66a56
proc: remove duplicate compile-time fortify reference
All checks were successful
Build / Create distribution (push) Successful in 1m46s
Test / Run NixOS test (push) Successful in 3m44s
This is no longer needed since shim and init are now part of the main program.

Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-18 11:59:33 +09:00
27d2914286
proc/priv/init: merge init into main program
All checks were successful
Build / Create distribution (push) Successful in 1m47s
Test / Run NixOS test (push) Successful in 3m46s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-18 11:47:01 +09:00
ea8f228af3
proc/priv/shim: merge shim into main program
All checks were successful
Build / Create distribution (push) Successful in 2m15s
Test / Run NixOS test (push) Successful in 2m53s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-17 23:43:32 +09:00
c4de450217
nix: do not force static linking on nix
All checks were successful
Build / Create distribution (push) Successful in 3m14s
Test / Run NixOS test (push) Successful in 3m25s
In a typical Nix or NixOS-based setup, the entire /nix/store directory is available to the sandbox.

Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-17 22:56:16 +09:00