Ophestra
f8661ad479
All checks were successful
Test / Create distribution (push) Successful in 57s
Test / Sandbox (push) Successful in 2m55s
Test / ShareFS (push) Successful in 4m25s
Test / Hpkg (push) Successful in 4m58s
Test / Sandbox (race detector) (push) Successful in 5m25s
Test / Hakurei (push) Successful in 2m44s
Test / Hakurei (race detector) (push) Successful in 3m41s
Test / Flake checks (push) Successful in 1m37s
This patch will be removed in the next release. Signed-off-by: Ophestra <cat@gensokyo.uk>
291 lines
10 KiB
Go
291 lines
10 KiB
Go
package rosa
|
|
|
|
import (
|
|
"hakurei.app/internal/pkg"
|
|
)
|
|
|
|
func (t Toolchain) newHakurei(suffix, script string) pkg.Artifact {
|
|
const (
|
|
version = "0.3.4"
|
|
checksum = "wVwSLo75a2OnH5tgxNWXR_YhiOJUFnYM_9-sJtxAEOKhcPE0BJafs6PU8o5JzyCT"
|
|
)
|
|
return t.New("hakurei"+suffix+"-"+version, 0, []pkg.Artifact{
|
|
t.Load(Go),
|
|
|
|
t.Load(Gzip),
|
|
t.Load(PkgConfig),
|
|
|
|
t.Load(KernelHeaders),
|
|
t.Load(Libseccomp),
|
|
t.Load(ACL),
|
|
t.Load(Attr),
|
|
t.Load(Fuse),
|
|
|
|
t.Load(Xproto),
|
|
t.Load(LibXau),
|
|
t.Load(XCBProto),
|
|
t.Load(XCB),
|
|
|
|
t.Load(Libffi),
|
|
t.Load(Libexpat),
|
|
t.Load(Libxml2),
|
|
t.Load(Wayland),
|
|
t.Load(WaylandProtocols),
|
|
}, nil, []string{
|
|
"CGO_ENABLED=1",
|
|
"GOCACHE=/tmp/gocache",
|
|
"CC=clang -O3 -Werror",
|
|
}, `
|
|
echo '# Building test helper (hostname).'
|
|
go build -v -o /bin/hostname /usr/src/hostname/main.go
|
|
echo
|
|
|
|
chmod -R +w /usr/src/hakurei
|
|
cd /usr/src/hakurei
|
|
|
|
HAKUREI_VERSION='v`+version+`'
|
|
`+script, pkg.Path(AbsUsrSrc.Append("hakurei"), true, t.NewPatchedSource("hakurei", version, pkg.NewHTTPGetTar(
|
|
nil, "https://git.gensokyo.uk/security/hakurei/archive/"+
|
|
"v"+version+".tar.gz",
|
|
mustDecode(checksum),
|
|
pkg.TarGzip,
|
|
), true, [2]string{"dist", `From 67e453f5c4de915de23ecbe5980e595758f0f2fb Mon Sep 17 00:00:00 2001
|
|
From: Ophestra <cat@gensokyo.uk>
|
|
Date: Tue, 27 Jan 2026 06:49:48 +0900
|
|
Subject: [PATCH] dist: run tests
|
|
|
|
This used to be impossible due to nix jank which has been addressed.
|
|
|
|
Signed-off-by: Ophestra <cat@gensokyo.uk>
|
|
---
|
|
dist/release.sh | 21 ++++++++++++++++-----
|
|
flake.nix | 32 ++++++++++++++++++++------------
|
|
internal/acl/acl_test.go | 2 +-
|
|
package.nix | 2 +-
|
|
4 files changed, 38 insertions(+), 19 deletions(-)
|
|
|
|
diff --git a/dist/release.sh b/dist/release.sh
|
|
index 4dcb278..0ba9104 100755
|
|
--- a/dist/release.sh
|
|
+++ b/dist/release.sh
|
|
@@ -2,19 +2,30 @@
|
|
cd "$(dirname -- "$0")/.."
|
|
VERSION="${HAKUREI_VERSION:-untagged}"
|
|
pname="hakurei-${VERSION}"
|
|
-out="dist/${pname}"
|
|
+out="${DESTDIR:-dist}/${pname}"
|
|
|
|
+echo '# Preparing distribution files.'
|
|
mkdir -p "${out}"
|
|
cp -v "README.md" "dist/hsurc.default" "dist/install.sh" "${out}"
|
|
cp -rv "dist/comp" "${out}"
|
|
+echo
|
|
|
|
+echo '# Building hakurei.'
|
|
go generate ./...
|
|
-go build -trimpath -v -o "${out}/bin/" -ldflags "-s -w -buildid= -extldflags '-static'
|
|
+go build -trimpath -v -o "${out}/bin/" -ldflags "-s -w
|
|
+ -buildid= -extldflags '-static'
|
|
-X hakurei.app/internal/info.buildVersion=${VERSION}
|
|
-X hakurei.app/internal/info.hakureiPath=/usr/bin/hakurei
|
|
-X hakurei.app/internal/info.hsuPath=/usr/bin/hsu
|
|
-X main.hakureiPath=/usr/bin/hakurei" ./...
|
|
+echo
|
|
|
|
-rm -f "./${out}.tar.gz" && tar -C dist -czf "${out}.tar.gz" "${pname}"
|
|
-rm -rf "./${out}"
|
|
-(cd dist && sha512sum "${pname}.tar.gz" > "${pname}.tar.gz.sha512")
|
|
+echo '# Testing hakurei.'
|
|
+go test -ldflags='-buildid= -extldflags=-static' ./...
|
|
+echo
|
|
+
|
|
+echo '# Creating distribution.'
|
|
+rm -f "${out}.tar.gz" && tar -C "${out}/.." -vczf "${out}.tar.gz" "${pname}"
|
|
+rm -rf "${out}"
|
|
+(cd "${out}/.." && sha512sum "${pname}.tar.gz" > "${pname}.tar.gz.sha512")
|
|
+echo
|
|
diff --git a/flake.nix b/flake.nix
|
|
index 9e09c61..2340b92 100644
|
|
--- a/flake.nix
|
|
+++ b/flake.nix
|
|
@@ -143,19 +143,27 @@
|
|
"bin/mount.fuse.sharefs" = "${hakurei}/libexec/sharefs";
|
|
};
|
|
|
|
- dist = pkgs.runCommand "${hakurei.name}-dist" { buildInputs = hakurei.targetPkgs ++ [ pkgs.pkgsStatic.musl ]; } ''
|
|
- # go requires XDG_CACHE_HOME for the build cache
|
|
- export XDG_CACHE_HOME="$(mktemp -d)"
|
|
+ dist =
|
|
+ pkgs.runCommand "${hakurei.name}-dist"
|
|
+ {
|
|
+ buildInputs = hakurei.targetPkgs ++ [
|
|
+ pkgs.pkgsStatic.musl
|
|
+ ];
|
|
+ }
|
|
+ ''
|
|
+ cd $(mktemp -d) \
|
|
+ && cp -r ${hakurei.src}/. . \
|
|
+ && chmod +w cmd && cp -r ${hsu.src}/. cmd/hsu/ \
|
|
+ && chmod -R +w .
|
|
|
|
- # get a different workdir as go does not like /build
|
|
- cd $(mktemp -d) \
|
|
- && cp -r ${hakurei.src}/. . \
|
|
- && chmod +w cmd && cp -r ${hsu.src}/. cmd/hsu/ \
|
|
- && chmod -R +w .
|
|
-
|
|
- export HAKUREI_VERSION="v${hakurei.version}"
|
|
- CC="clang -O3 -Werror" ./dist/release.sh && mkdir $out && cp -v "dist/hakurei-$HAKUREI_VERSION.tar.gz"* $out
|
|
- '';
|
|
+ CC="musl-clang -O3 -Werror -Qunused-arguments" \
|
|
+ GOCACHE="$(mktemp -d)" \
|
|
+ HAKUREI_TEST_SKIP_ACL=1 \
|
|
+ PATH="${pkgs.pkgsStatic.musl.bin}/bin:$PATH" \
|
|
+ DESTDIR="$out" \
|
|
+ HAKUREI_VERSION="v${hakurei.version}" \
|
|
+ ./dist/release.sh
|
|
+ '';
|
|
}
|
|
);
|
|
|
|
diff --git a/internal/acl/acl_test.go b/internal/acl/acl_test.go
|
|
index af6da55..19ce45a 100644
|
|
--- a/internal/acl/acl_test.go
|
|
+++ b/internal/acl/acl_test.go
|
|
@@ -24,7 +24,7 @@ var (
|
|
)
|
|
|
|
func TestUpdate(t *testing.T) {
|
|
- if os.Getenv("GO_TEST_SKIP_ACL") == "1" {
|
|
+ if os.Getenv("HAKUREI_TEST_SKIP_ACL") == "1" {
|
|
t.Skip("acl test skipped")
|
|
}
|
|
|
|
diff --git a/package.nix b/package.nix
|
|
index 00c4401..2eaa2ec 100644
|
|
--- a/package.nix
|
|
+++ b/package.nix
|
|
@@ -89,7 +89,7 @@ buildGoModule rec {
|
|
CC = "clang -O3 -Werror";
|
|
|
|
# nix build environment does not allow acls
|
|
- GO_TEST_SKIP_ACL = 1;
|
|
+ HAKUREI_TEST_SKIP_ACL = 1;
|
|
};
|
|
|
|
buildInputs = [`}, [2]string{"container-tests", `From bf14a412e47344fff2681f4b24d1ecc7415bfcb0 Mon Sep 17 00:00:00 2001
|
|
From: Ophestra <cat@gensokyo.uk>
|
|
Date: Sat, 31 Jan 2026 10:59:56 +0900
|
|
Subject: [PATCH] container: fix host-dependent test cases
|
|
|
|
These are not fully controlled by hakurei and may change depending on host configuration.
|
|
|
|
Signed-off-by: Ophestra <cat@gensokyo.uk>
|
|
---
|
|
container/container_test.go | 27 +++++++++++++++------------
|
|
1 file changed, 15 insertions(+), 12 deletions(-)
|
|
|
|
diff --git a/container/container_test.go b/container/container_test.go
|
|
index d737a18..98713cb 100644
|
|
--- a/container/container_test.go
|
|
+++ b/container/container_test.go
|
|
@@ -275,12 +275,12 @@ var containerTestCases = []struct {
|
|
),
|
|
earlyMnt(
|
|
ent("/", "/dev", "ro,nosuid,nodev,relatime", "tmpfs", "devtmpfs", ignore),
|
|
- ent("/null", "/dev/null", "rw,nosuid", "devtmpfs", "devtmpfs", ignore),
|
|
- ent("/zero", "/dev/zero", "rw,nosuid", "devtmpfs", "devtmpfs", ignore),
|
|
- ent("/full", "/dev/full", "rw,nosuid", "devtmpfs", "devtmpfs", ignore),
|
|
- ent("/random", "/dev/random", "rw,nosuid", "devtmpfs", "devtmpfs", ignore),
|
|
- ent("/urandom", "/dev/urandom", "rw,nosuid", "devtmpfs", "devtmpfs", ignore),
|
|
- ent("/tty", "/dev/tty", "rw,nosuid", "devtmpfs", "devtmpfs", ignore),
|
|
+ ent("/null", "/dev/null", ignore, "devtmpfs", "devtmpfs", ignore),
|
|
+ ent("/zero", "/dev/zero", ignore, "devtmpfs", "devtmpfs", ignore),
|
|
+ ent("/full", "/dev/full", ignore, "devtmpfs", "devtmpfs", ignore),
|
|
+ ent("/random", "/dev/random", ignore, "devtmpfs", "devtmpfs", ignore),
|
|
+ ent("/urandom", "/dev/urandom", ignore, "devtmpfs", "devtmpfs", ignore),
|
|
+ ent("/tty", "/dev/tty", ignore, "devtmpfs", "devtmpfs", ignore),
|
|
ent("/", "/dev/pts", "rw,nosuid,noexec,relatime", "devpts", "devpts", "rw,mode=620,ptmxmode=666"),
|
|
ent("/", "/dev/mqueue", "rw,nosuid,nodev,noexec,relatime", "mqueue", "mqueue", "rw"),
|
|
ent("/", "/dev/shm", "rw,nosuid,nodev,relatime", "tmpfs", "tmpfs", ignore),
|
|
@@ -293,12 +293,12 @@ var containerTestCases = []struct {
|
|
),
|
|
earlyMnt(
|
|
ent("/", "/dev", "ro,nosuid,nodev,relatime", "tmpfs", "devtmpfs", ignore),
|
|
- ent("/null", "/dev/null", "rw,nosuid", "devtmpfs", "devtmpfs", ignore),
|
|
- ent("/zero", "/dev/zero", "rw,nosuid", "devtmpfs", "devtmpfs", ignore),
|
|
- ent("/full", "/dev/full", "rw,nosuid", "devtmpfs", "devtmpfs", ignore),
|
|
- ent("/random", "/dev/random", "rw,nosuid", "devtmpfs", "devtmpfs", ignore),
|
|
- ent("/urandom", "/dev/urandom", "rw,nosuid", "devtmpfs", "devtmpfs", ignore),
|
|
- ent("/tty", "/dev/tty", "rw,nosuid", "devtmpfs", "devtmpfs", ignore),
|
|
+ ent("/null", "/dev/null", ignore, "devtmpfs", "devtmpfs", ignore),
|
|
+ ent("/zero", "/dev/zero", ignore, "devtmpfs", "devtmpfs", ignore),
|
|
+ ent("/full", "/dev/full", ignore, "devtmpfs", "devtmpfs", ignore),
|
|
+ ent("/random", "/dev/random", ignore, "devtmpfs", "devtmpfs", ignore),
|
|
+ ent("/urandom", "/dev/urandom", ignore, "devtmpfs", "devtmpfs", ignore),
|
|
+ ent("/tty", "/dev/tty", ignore, "devtmpfs", "devtmpfs", ignore),
|
|
ent("/", "/dev/pts", "rw,nosuid,noexec,relatime", "devpts", "devpts", "rw,mode=620,ptmxmode=666"),
|
|
ent("/", "/dev/shm", "rw,nosuid,nodev,relatime", "tmpfs", "tmpfs", ignore),
|
|
),
|
|
@@ -696,6 +696,9 @@ func init() {
|
|
mnt[i].VfsOptstr = strings.TrimSuffix(mnt[i].VfsOptstr, ",relatime")
|
|
mnt[i].VfsOptstr = strings.TrimSuffix(mnt[i].VfsOptstr, ",noatime")
|
|
|
|
+ cur.FsOptstr = strings.Replace(cur.FsOptstr, ",seclabel", "", 1)
|
|
+ mnt[i].FsOptstr = strings.Replace(mnt[i].FsOptstr, ",seclabel", "", 1)
|
|
+
|
|
if !cur.EqualWithIgnore(mnt[i], "\x00") {
|
|
fail = true
|
|
log.Printf("[FAIL] %s", cur)`}),
|
|
), pkg.Path(AbsUsrSrc.Append("hostname", "main.go"), false, pkg.NewFile(
|
|
"hostname.go",
|
|
[]byte(`
|
|
package main
|
|
|
|
import "os"
|
|
|
|
func main() {
|
|
if name, err := os.Hostname(); err != nil {
|
|
panic(err)
|
|
} else {
|
|
os.Stdout.WriteString(name)
|
|
}
|
|
}
|
|
`),
|
|
)))
|
|
}
|
|
func init() {
|
|
artifactsF[Hakurei] = func(t Toolchain) pkg.Artifact {
|
|
return t.newHakurei("", `
|
|
mkdir -p /work/system/libexec/hakurei/
|
|
|
|
echo '# Building hakurei.'
|
|
go generate -v ./...
|
|
go build -trimpath -v -o /work/system/libexec/hakurei -ldflags="-s -w
|
|
-buildid=
|
|
-extldflags=-static
|
|
-X hakurei.app/internal/info.buildVersion="$HAKUREI_VERSION"
|
|
-X hakurei.app/internal/info.hakureiPath=/system/bin/hakurei
|
|
-X hakurei.app/internal/info.hsuPath=/system/bin/hsu
|
|
-X main.hakureiPath=/system/bin/hakurei" ./...
|
|
echo
|
|
|
|
echo '# Testing hakurei.'
|
|
go test -ldflags='-buildid= -extldflags=-static' ./...
|
|
echo
|
|
|
|
mkdir -p /work/system/bin/
|
|
(cd /work/system/libexec/hakurei && mv \
|
|
hakurei \
|
|
sharefs \
|
|
../../bin/)
|
|
`)
|
|
}
|
|
artifactsF[HakureiDist] = func(t Toolchain) pkg.Artifact {
|
|
return t.newHakurei("-dist", `
|
|
export HAKUREI_VERSION
|
|
DESTDIR=/work /usr/src/hakurei/dist/release.sh
|
|
`)
|
|
}
|
|
}
|