a14b6535a6 
							
						 
					 
					
						
						
							
							helper/stub: write ready byte late  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 27s 
				
			 
		
			
				
	Test / Sandbox (race detector) (push) Successful in 41s 
				
			 
		
			
				
	Test / Sandbox (push) Successful in 41s 
				
			 
		
			
				
	Test / Hakurei (push) Successful in 44s 
				
			 
		
			
				
	Test / Hakurei (race detector) (push) Successful in 44s 
				
			 
		
			
				
	Test / Hpkg (push) Successful in 42s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 1m30s 
				
			 
		
		
	 
 
	 
						
						Hopefully eliminates spurious failures.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-10-13 01:55:44 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							e71ae3b8c5 
							
						 
					 
					
						
						
							
							container: remove custom cmd initialisation  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Hakurei (push) Successful in 45s 
				
			 
		
			
				
	Test / Sandbox (push) Successful in 43s 
				
			 
		
			
				
	Test / Hakurei (race detector) (push) Successful in 45s 
				
			 
		
			
				
	Test / Sandbox (race detector) (push) Successful in 43s 
				
			 
		
			
				
	Test / Planterette (push) Successful in 43s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 1m27s 
				
			 
		
		
	 
 
	 
						
						This part of the interface is very unintuitive and only used for testing, even in testing it is inelegant and can be done better.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-07-25 00:45:10 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							87e008d56d 
							
						 
					 
					
						
						
							
							treewide: rename to hakurei  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 43s 
				
			 
		
			
				
	Test / Sandbox (push) Successful in 2m18s 
				
			 
		
			
				
	Test / Hakurei (push) Successful in 3m10s 
				
			 
		
			
				
	Test / Sandbox (race detector) (push) Successful in 3m30s 
				
			 
		
			
				
	Test / Hakurei (race detector) (push) Successful in 4m43s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 5m4s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 1m12s 
				
			 
		
		
	 
 
	 
						
						Fortify makes little sense for a container tool.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-06-25 04:57:41 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							5c82f1ed3e 
							
						 
					 
					
						
						
							
							helper/stub: output to stdout  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 19s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 43s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 1m26s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 2m28s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 1m0s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-27 17:25:10 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							b39f3aeb59 
							
						 
					 
					
						
						
							
							helper: remove bubblewrap wrapper  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 19s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m12s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m34s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m19s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 57s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-25 05:35:02 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							9a1f8e129f 
							
						 
					 
					
						
						
							
							sandbox: wrap fmsg interface  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 24s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m27s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m36s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m16s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 55s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-17 02:44:07 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							44277dc0f1 
							
						 
					 
					
						
						
							
							dbus: run in native sandbox  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 24s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m31s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m25s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m5s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 53s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-17 00:13:14 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							273d97af85 
							
						 
					 
					
						
						
							
							ldd: lib paths resolve function  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 24s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m37s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m37s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m50s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 56s 
				
			 
		
		
	 
 
	 
						
						This is what always happens right after a ldd call, so implement it here.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-16 01:20:09 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							891316d924 
							
						 
					 
					
						
						
							
							helper/stub: copy args to stderr  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 25s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m33s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m30s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m52s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 53s 
				
			 
		
		
	 
 
	 
						
						Some helpers are implemented via go test itself in tests, and as a result stdout gets clobbered.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-16 00:39:42 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							6e7ddb2d2e 
							
						 
					 
					
						
						
							
							helper: eliminate commandContext replacement  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m44s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m42s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m51s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 57s 
				
			 
		
		
	 
 
	 
						
						This is done more cleanly by modifying Args in cmdF.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-16 00:01:25 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							e599b5583d 
							
						 
					 
					
						
						
							
							fmsg: implement suspend in writer  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 24s 
				
			 
		
			
				
	Test / Run NixOS test (push) Successful in 2m18s 
				
			 
		
		
	 
 
	 
						
						This removes the requirement to call fmsg.Exit on every exit path, and enables direct use of the "log" package. However, fmsg.BeforeExit is still encouraged when possible to catch exit on suspended output.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-02-16 18:51:53 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							ace97952cc 
							
						 
					 
					
						
						
							
							helper/bwrap: merge Args and FDArgs  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 1m13s 
				
			 
		
			
				
	Test / Run NixOS test (push) Successful in 4m34s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-02-14 18:13:06 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							fe7d208cf7 
							
						 
					 
					
						
						
							
							helper: use generic extra files interface  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 1m38s 
				
			 
		
			
				
	Test / Run NixOS test (push) Successful in 4m36s 
				
			 
		
		
	 
 
	 
						
						This replaces the pipes object and integrates context into helper process lifecycle.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-02-13 23:34:15 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							df6fc298f6 
							
						 
					 
					
						
						
							
							migrate to git.gensokyo.uk/security/fortify  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Tests / Go tests (push) Successful in 2m55s 
				
			 
		
			
				
	Nix / NixOS tests (push) Successful in 5m10s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 
						
						
					 
					
						2024-12-20 00:20:02 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							ae1a102882 
							
						 
					 
					
						
						
							
							fmsg: support temporarily withholding output  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	test / test (push) Successful in 31s 
				
			 
		
		
	 
 
	 
						
						Trying to print to a shared stdout is a terrible idea. This change makes it possible to withhold output for the lifetime of the sandbox.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 
						
						
					 
					
						2024-10-26 23:09:32 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							65af1684e3 
							
						 
					 
					
						
						
							
							migrate to git.ophivana.moe/security/fortify  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	test / test (push) Successful in 14s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 
						
						
					 
					
						2024-10-20 19:50:13 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							c201c30c7f 
							
						 
					 
					
						
						
							
							helper/bwrap: check args only for internal tests  
						
						... 
						
						
						
						Tests internal to the helper package sets crash-test-dummy as the command whenever a launch is expected to go through, and the hardcoded args are only valid for internal tests, so this characteristic is used here to exclude external tests that pass real program names and custom bwrap configurations.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 
						
						
					 
					
						2024-10-09 00:21:31 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							7c7999e9e5 
							
						 
					 
					
						
						
							
							helper: implementation of helper.Helper using bwrap  
						
						... 
						
						
						
						Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 
						
						
					 
					
						2024-10-08 18:02:38 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							9647eb6a6b 
							
						 
					 
					
						
						
							
							helper: separate pipes from Helper  
						
						... 
						
						
						
						Upcoming bwrap helper implementation requires two sets of pipes to be managed, fd will also no longer be constant.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 
						
						
					 
					
						2024-10-07 12:48:20 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							18d9ce733e 
							
						 
					 
					
						
						
							
							helper: test non-existent helpers  
						
						... 
						
						
						
						Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 
						
						
					 
					
						2024-10-06 16:00:59 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							7e7327ebf8 
							
						 
					 
					
						
						
							
							helper: export internal stub functions for cross-package testing  
						
						... 
						
						
						
						Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 
						
						
					 
					
						2024-09-29 15:22:35 +09:00