Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / f1628ac0972b8ee7da19322514dc229872b5982b
commitf1628ac0972b8ee7da19322514dc229872b5982b[log] [tgz]
authorSerge Bazanski <serge@monogon.tech>Thu May 25 14:43:19 2023 +0200
committerSerge Bazanski <serge@monogon.tech>Wed May 31 12:25:21 2023 +0000
tree9720402ab66d83dbd69844ffea60403e73756f26
parent2b0f3d3df1fd3f71b57bb2ea581a649678b2451e [diff]
m/n/core/localstorage/crypt: support more enc/auth modes

This is in preparation for introducing configurable disk
encryption/authentication policies in Metropolis (eg. low integrity
mode).

We also use the opportunity to add some tests for the newly refactored
crypt library. All modes go through an end-to-end test making sure data
is preserved and repeatedly mapping/unmapping the device works.

This change also disables insecure mode in debug builds. The equivalent
functionality will be re-established at a higher level in the cluster
code in a subsequent change, alongside the encryption/authentication
policy code.

Change-Id: I85db001c7c37a918cb491b1fcc3a51ea1d715817
Reviewed-on: https://review.monogon.dev/c/monogon/+/1724
Tested-by: Jenkins CI
Reviewed-by: Lorenz Brun <lorenz@monogon.tech>
8 files changed
tree: 9720402ab66d83dbd69844ffea60403e73756f26
  1. .github/
  2. build/
  3. cloud/
  4. go/
  5. intellij/
  6. metropolis/
  7. net/
  8. third_party/
  9. tools/
  10. .bazelignore
  11. .bazelproject
  12. .bazelrc
  13. .bazelrc.sandboxroot
  14. .bazelversion
  15. .git-ignore-revs
  16. .gitignore
  17. BUILD.bazel
  18. CODING_STANDARDS.md
  19. go.mod
  20. go.sum
  21. LICENSE
  22. README.md
  23. SETUP.md
  24. WORKSPACE
README.md

Monogon Monorepo

This is the main repository containing the source code for the Monogon Platform.

This is pre-release software - take a look, and check back later!

Environment

Our build environment is self-contained and requires only minimal host dependencies:

  • A Linux machine or VM.
  • Bazelisk >= v1.15.0
  • A reasonably recent kernel with user namespaces enabled.
  • Working KVM with access to /dev/kvm (if you want to run tests).

Our docs assume that Bazelisk is available as bazel on your PATH.

Refer to SETUP.md for detailed instructions.

Monogon OS

Run a single node demo cluster

Build CLI and node image:

bazel build //metropolis/cli/dbg //:launch -c dbg

Launch an ephemeral test node:

bazel test //:launch -c dbg --test_output=streamed

Run a kubectl command while the test is running:

bazel-bin/metropolis/cli/dbg/dbg_/dbg kubectl describe node

Test suite

Run full test suite:

bazel test -c dbg //...