byn 0.3.0
·
63 commits
to main
since this release
v0.3.0
sandeepbaynes
Sandeep Baynes
This tag was signed with the committer’s verified signature.
sandeepbaynes
Sandeep Baynes
Changelog
- ceb9b55: Add GitHub Pages deploy workflow (gensite build) (@sandeepbaynes)
- d725022: Add ImportSource seam with a local-FS vault source (@sandeepbaynes)
- 0b17276: Add Linux systemd unit + sysusers install for the daemon (@sandeepbaynes)
- 4ec3ad4: Add Spawner: daemon spawns exec child via privileged helper (@sandeepbaynes)
- 8775723: Add byn migrate relocate/import; drop trust+passkeys on import (@sandeepbaynes)
- 6abcc16: Add byn setup: provision service users + install spawn helper (@sandeepbaynes)
- 6737e40: Add docs-site generator (markdown to themed HTML) (@sandeepbaynes)
- de4b70b: Add exec.spawn op: server-side privsep spawn, shared auth gate (@sandeepbaynes)
- 8637112: Add fd-passing transport + exec.spawn config/env wiring (@sandeepbaynes)
- 76e8c81: Add hardened SCM_RIGHTS fd send/recv for exec stdio (@sandeepbaynes)
- 6e9bcb8: Add macOS LaunchDaemon + role accounts for the daemon (@sandeepbaynes)
- 17605d9: Add migrate Adopt: verify then atomically adopt a vault (@sandeepbaynes)
- f0b10c7: Add privileged exec-child spawn helper (drop to _byn-exec) (@sandeepbaynes)
- a22f8a9: Add privsep cred-leak integration test (root-gated) (@sandeepbaynes)
- 30a6d36: Add privsep package: service-UID lookup + provisioning state (@sandeepbaynes)
- ef2d047: Add root CI job for privsep integration (@sandeepbaynes)
- 4d9ea29: Add root-gated daemon-privsep posture integration test (@sandeepbaynes)
- e0dccfa: Allowlist recorded owner UID and relocate socket when provisioned (@sandeepbaynes)
- 4a452d8: Bring gh-pages site source into the branch (single source) (@sandeepbaynes)
- a9b8512: Bump version to v0.3.0 across docs, site, and packaging (@sandeepbaynes)
- 59dd59e: Confine exec child: macOS Seatbelt profile + Linux Setsid (@sandeepbaynes)
- b356f6d: Document privsep posture and honest ceiling (@sandeepbaynes)
- 938e463: Document privsep posture, migration, and honest ceiling (@sandeepbaynes)
- 5217af1: Dup stdio fds in Spawner; guard NUL in env (@sandeepbaynes)
- 66b7337: Fix CI failures: unit-test assertion, UID bound, exec PATH (@sandeepbaynes)
- 2b42826: Fix Linux-only lint + provision test assertion (@sandeepbaynes)
- e2e16f4: Fix data root to system path; remove BYN_DIR override (@sandeepbaynes)
- d8d213b: Fix docs site: don't indent inside
code blocks (@sandeepbaynes)
- 33c5b2c: Fix docs site: give the first h2 the same top spacing as the rest (@sandeepbaynes)
- 11863ab: Grant ACL on bulk trust; remove default ACL on revoke (@sandeepbaynes)
- 442abaa: Grant _byn-exec project-dir ACL at trust, revoke at untrust (@sandeepbaynes)
- 211309f: Harden ci.yml perms; run NU-6 privsep test in root job (@sandeepbaynes)
- 831d301: Harden helper: self-contained env, absolute-path exec, fstat config (@sandeepbaynes)
- 538821d: Harden memory: PR_SET_DUMPABLE + macOS hardened-runtime note (@sandeepbaynes)
- c297ced: Make byn setup fully provision privsep; add --uninstall (@sandeepbaynes)
- 6b28583: Merge pull request #10 from sandeepbaynes/fix-h2-top-margin (@sandeepbaynes)
- 893e0e4: Merge pull request #11 from sandeepbaynes/fix-docs-v030-correctness (@sandeepbaynes)
- f3f37dd: Merge pull request #7 from sandeepbaynes/nu-5-privsep (@sandeepbaynes)
- 5ff6be1: Merge pull request #8 from sandeepbaynes/pages-deploy (@sandeepbaynes)
- 629ce49: Merge pull request #9 from sandeepbaynes/fix-site-codeblock-indent (@sandeepbaynes)
- 1a70720: Pass --allow-root in NU-5 privsep test (NU-6 root refusal) (@sandeepbaynes)
- 3533a43: Refuse to run the daemon as root unless --allow-root (@sandeepbaynes)
- 8202cfd: Remove EE/premium/open-core framing from docs (no-EE model) (@sandeepbaynes)
- 7b5f503: Resolve data root: system path if provisioned, else legacy ~/.byn (@sandeepbaynes)
- f8e755a: Route byn exec through privsep spawn (opt-in) (@sandeepbaynes)
- ae65b0c: Run internal/paths untagged in CI to cover the no-override test (@sandeepbaynes)
- 25215f7: Set close-on-exec on received fds; check truncation (@sandeepbaynes)
- d599000: Ship byn-exec-helper in release artifacts (privsep) (@sandeepbaynes)
- ae27455: Skip trust password prompt for uninitialized vaults (@sandeepbaynes)
- 4246b34: Test darwin provisioning; simplify Setup; minor polish (@sandeepbaynes)
- 54965a8: Trust by .byn scope vault; never force the default vault (@sandeepbaynes)
- 605d37b: Update docs + landing for NU privsep; expand site manifest (@sandeepbaynes)
- f766ac0: Wait for exec.spawn fds via netpoller; fix EAGAIN race (@sandeepbaynes)
Contributors
sandeepbaynes