)]}' { "log": [ { "commit": "052af2dce813dba9f74ffc05ffd760e60a37c23b", "tree": "e0c5dac8c237ad4e92a6c2d91427678d8a4e1691", "parents": [ "b51b4171390ec52433f8c06faef46ef5eccf91d4" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Nov 06 02:21:53 2019 +0000" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Nov 06 02:21:53 2019 +0000" }, "message": "Simple CI pipeline for Smalltown Core\n\nSince we run as root on the build server, we can properly mount a tmpfs\nas the shared build volume with exec support (this is still broken for\nunprivileged create_container.sh). We\u0027ll have to see when and if this\nblows up, and whether we want to use a disk-backed volume instead.\n\nThe pipeline has two stages that run the following commands:\n\n- `scripts/run_ci.sh ${build.id} ${target.phid} bazel build //core/scripts:launch`\n\n- `timeout 30 scripts/run_ci.sh ${build.id} ${target.phid} bazel run //core/scripts:launch; true` (for visual inspection)\n\nThose are placeholders - we will want to integrate any and all\ntests in Bazel, only trigger tests whose dependencies have been\nmodified in a given build step, and report individual results back\nto Habormaster.\n\nWhat works:\n\n- Persistent working copies on the build server. Drydocks caches a number of\n persistent repository copies to avoid a full clone on each build, and\n uses a leasing mechanism to allocate them. Of course, this means we\n have to be careful about not polluting the repo, but Bazel takes care of that.\n\n- Shared build cache with fast incremental rebuilds\n (a build with no changes takes ~15s including the podman build step).\n\n- Full rebuild after volume deletion takes ~4m.\n\n- Build output shows up in Phabricator in real time.\n\n- Aborting a build properly cancels the running build and clean up the pod.\n\n- Launching the QEMU VM.\n\n- Reporting build status back to Harbormaster (noop at the moment, can\n be used to report unit test states later). This uses the awesome undocumented\n SSH conduit transport so we don\u0027t have to deploy a separate token on the host.\n\n- Phabricator revisions are drafts until all tests complete successfully.\n\nTest Plan: See tests :-)\n\nBug: T483\n\nX-Origin-Diff: phab/D242\nGitOrigin-RevId: 64eca996c8704cb0cd4f1cbb4f88f71a6fdca1eb\n" }, { "commit": "b51b4171390ec52433f8c06faef46ef5eccf91d4", "tree": "8c537364ed17732d16800fbe0e5a710519de71ca", "parents": [ "6c39ea1355bf2853abdbd2f69a7eece222c44b78" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Nov 04 12:55:19 2019 +0000" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Nov 04 12:55:19 2019 +0000" }, "message": "Remove --userns\u003dkeep-id in create_container.sh\n\nWith a mapped user namespace, recent podman versions fail to mount /sys\n\nThis removes some isolation, similar to using uid 0 in a regular Docker container.\n\nTest Plan: Ran build\n\nX-Origin-Diff: phab/D238\nGitOrigin-RevId: 39dc826f4ce95a6c5b405a49be3d2e9d19174fc1\n" }, { "commit": "6c39ea1355bf2853abdbd2f69a7eece222c44b78", "tree": "a0377ac95e3036fb06886c1b9be504faf4773850", "parents": [ "3e6018fcf0645da7876eec06d1604438bea0550e" ], "author": { "name": "Lorenz Brun", "email": "lorenz@brun.one", "time": "Mon Nov 04 11:39:42 2019 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@brun.one", "time": "Mon Nov 04 11:39:42 2019 +0100" }, "message": "Added Kubernetes to build system\n\nThis adds Kubernetes and its dependencies to the WORKSPACE. A small patch\nis needed to make this compatible with Bazel 1.0+ since they still use\n0.23.\n\nTest Plan:\n`bazel test @kubernetes//pkg/...` (:warning: slow)\nThere is one single test failure with OpenAPI, but I\u0027m not yet sure if it\nis actually meaningful since the individual tests of the OpenAPI generated\ncode pass just fine.\n\n`bazel build @kubernetes//cmd/kube-controller-manager @kubernetes//cmd/kube-scheduler @kubernetes//cmd/kube-apiserver`\nAll three required binaries for the control plane build just fine\n\nX-Origin-Diff: phab/D237\nGitOrigin-RevId: 1c0708272636fb68ca6ced6666f885344bb81a7c\n" }, { "commit": "3e6018fcf0645da7876eec06d1604438bea0550e", "tree": "6bb2fa6081152d2dc32530a8eaaf0a58c31dc35e", "parents": [ "0d7c91e331022831a974c2e34d32bb5b89ddc89c" ], "author": { "name": "Hendrik Hofstadt", "email": "hendrik@certus.one", "time": "Mon Oct 28 21:29:42 2019 +0100" }, "committer": { "name": "Hendrik Hofstadt", "email": "hendrik@certus.one", "time": "Mon Oct 28 21:29:42 2019 +0100" }, "message": "Add sqlboiler bazel rules\n\nThis implements a bazel rule to build sqlboiler models from sql migration stacks. It also launches a cockroachdb container in `create_container` and puts it in one pod with the nexantic-dev container.\n\nCurrently gazelle overwrites the `go_library` rule. I still need to find a way to properly exclude it.\n\nTest Plan: Built a sample set of sql models\n\nX-Origin-Diff: phab/D226\nGitOrigin-RevId: ff24f07bb0b3da9994c52a74f48b54e1e2bea726\n" }, { "commit": "0d7c91e331022831a974c2e34d32bb5b89ddc89c", "tree": "5b822873c015053f4b697d60c33fa3b1ef9a3a4b", "parents": [ "043daa57020dd36e074488dcb432114a548a3d2a" ], "author": { "name": "Hendrik Hofstadt", "email": "hendrik@certus.one", "time": "Wed Oct 23 21:44:47 2019 +0200" }, "committer": { "name": "Hendrik Hofstadt", "email": "hendrik@certus.one", "time": "Wed Oct 23 21:44:47 2019 +0200" }, "message": "Implement monorepo layout\n\nImplemented the nexantic monorepo.\n\nSmalltown code was moved to `core`. From now on all code will live in top level directories named after the projects with the exception for general purpose libraries which should go to `\u003clang\u003elibs`.\n\nGeneral build and utility folders are underscore prefixed.\n\nThe repo name will from now on be rNXT (nexantic). I think this change makes sense since components in this repo will not all be part of Smalltown, the Smalltown brand has been claimed by Signon GmbH so we need to change it anyway and the longer we wait the harder it will be to change/move it.\n\nTest Plan: Launched Smalltown using `./scripts/bin/bazel run //core/scripts:launch`\n\nX-Origin-Diff: phab/D210\nGitOrigin-RevId: fa5a7f08143d2ead2cb7206b4c63ab641794162c\n" }, { "commit": "043daa57020dd36e074488dcb432114a548a3d2a", "tree": "2975b607028ca0c085df182afd809d1d322be2b7", "parents": [ "23be9215aae77d2171c31f767c37cf69050fb748" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Oct 28 11:48:45 2019 +0000" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Oct 28 11:48:45 2019 +0000" }, "message": "Fix caching and set home to /user\n\nTest Plan: Ran build\n\nX-Origin-Diff: phab/D220\nGitOrigin-RevId: d93c13b9a74c45d717e92151cdb10f0f3484a78b\n" }, { "commit": "23be9215aae77d2171c31f767c37cf69050fb748", "tree": "72323854031d5311f437e490370f1644d34f0796", "parents": [ "ba7bc7664b53ce63824ec991febdd74ea4d9dbf3" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Oct 28 11:48:32 2019 +0000" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Oct 28 11:48:32 2019 +0000" }, "message": "Use rsync --delete to sync generated dependencies\n\nTest Plan:\nRecreated container, ran `build api/...` and the copy script,\neverything works.\n\nX-Origin-Diff: phab/D218\nGitOrigin-RevId: 22160ddaf417177ba7af94ea29d75663b20950b0\n" }, { "commit": "ba7bc7664b53ce63824ec991febdd74ea4d9dbf3", "tree": "f645fd2ccedb7f31d48d14f7e1a10cd5ba3a9f71", "parents": [ "4abadef540e5c5155aa0e6cc7b19221cbaa4b82d" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Oct 24 18:34:29 2019 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Oct 24 18:34:29 2019 +0200" }, "message": "Fix protobuf dependencies for internal/api and internal/common\n\nThis fixes the build. As it turns out, the local `generated` folder\nhad the side effect of confusing gazelle.\n\nFixes regression introduced by D216.\n\nTest Plan: Ran scripts/gazelle.sh, protobuf dependencies were re-added.\n\nX-Origin-Diff: phab/D217\nGitOrigin-RevId: ac0d5dd89e5fb154fe363a40dc8f8965fa12ba8c\n" }, { "commit": "4abadef540e5c5155aa0e6cc7b19221cbaa4b82d", "tree": "cdc71545bda98761bd7cd80958f3127b08da2d28", "parents": [ "f5c89110d9af59fe3a5c928ce1b244d3ad815fce" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Oct 24 18:19:53 2019 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Oct 24 18:19:53 2019 +0200" }, "message": "Specify -prune\u003dtrue Gazelle flag\n\nThis cleans up our repositories.bzl file.\n\nUpdate BUILD.bazel files and go.mod. `google.golang.org/appengine v1.4.0`\ndisappears due to a bug that was fixed in Go 1.13 - make sure your\nworkstation is up to date, an automated installer for Fedora was\nadded in rWdfcd0da736.\n\nTest Plan: Ran scripts/gazelle.sh, repositories.bzl was updated properly.\n\nX-Origin-Diff: phab/D216\nGitOrigin-RevId: 2435f88beb610845edfc8a6c50e4ef16edb895ea\n" }, { "commit": "f5c89110d9af59fe3a5c928ce1b244d3ad815fce", "tree": "a6af6fdd7f920a9411389b38abc1f096cadc41c1", "parents": [ "1fbd7d9ef119d7a0487a7234affe7683c43a7b80" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Oct 24 17:51:49 2019 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Oct 24 17:51:49 2019 +0200" }, "message": "Create generated folder in bazel_copy_generated_for_ide.sh\n\nMinor change,\n\nTest Plan:\n\nRan the script inside the container, dependencies were fetched.\n\nGitOrigin-RevId: 91edd8babca5e506885b311cf95b4e8deb4f0525\n" }, { "commit": "1fbd7d9ef119d7a0487a7234affe7683c43a7b80", "tree": "04578ab2f193690a3bcdeb3e01d443af108fdbfa", "parents": [ "52804a1970bf8633c216fea4e165df4e88a16acc" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Oct 24 03:15:19 2019 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Oct 24 03:15:19 2019 +0200" }, "message": "Fix sandboxed build for :swtpm_data and expose signkey.pem and issuercert.pem\n\nTest Plan: Built target, new files were exposed and sandboxed build worked.\n\nX-Origin-Diff: phab/D213\nGitOrigin-RevId: b2e27264edbeabfc664f1a8b1e047c163411a562\n" }, { "commit": "52804a1970bf8633c216fea4e165df4e88a16acc", "tree": "e6be5233989911dd21f2d74a170199a396793054", "parents": [ "b51250a42b51b8dc6509c7dc57522d42bced2c00" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Oct 24 02:17:13 2019 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Oct 24 02:17:13 2019 +0200" }, "message": "Run as unprivileged user in container in a new user namespace\n\nThis prevents the build from accidentally modifying system files in\nthe container, and increases security.\n\nTest Plan:\n scripts/destroy_container.sh; scripts/create_container.sh \u0026\u0026 scripts/run_in_container.sh id\n # uid\u003d1000(1000) gid\u003d1000 groups\u003d1000\n\n bazel run scripts:launch\n # works\n\nX-Origin-Diff: phab/D212\nGitOrigin-RevId: 74af18ee49cf48e45440e12e9efe36e57be5f18d\n" }, { "commit": "b51250a42b51b8dc6509c7dc57522d42bced2c00", "tree": "2acae03fe183393dae34c7cabd6f92f10dd8d08b", "parents": [ "3ea707028e5f140b1a5186a7086c0089a70c8f9c" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Oct 23 23:32:59 2019 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Oct 23 23:32:59 2019 +0200" }, "message": "Update Bazel to 1.1.0 and replace bazelisk by a direct download\n\nThis pins the version and avoids the need to redownload the binary\neach time the container is recreated.\n\nThe .bazelversion file was bazelisk-specific and is no longer needed.\n\nTest Plan:\nRebuilt the container, ran `scripts:launch`.\n\nModifying the checksum caused to build to fail.\n\nX-Origin-Diff: phab/D211\nGitOrigin-RevId: ec9ec2b97c6555a676f6444ac3923fad34b2cd16\n" }, { "commit": "3ea707028e5f140b1a5186a7086c0089a70c8f9c", "tree": "f07f5a23d75445789a1cbb116e8ca30471106ab2", "parents": [ "544440b6c8603ddaa548add84a657c999feeec49" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Oct 23 16:40:06 2019 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Oct 23 16:40:06 2019 +0200" }, "message": "Mount Bazel repository_cache, Go mod cache and Go build cache as volumes\n\nThis leaves us with only git_repository rules not being cached,\nthe worst offender being the edk2 recursive submodule clone.\n\nSee: https://github.com/bazelbuild/bazel/issues/5116\n\ngazelle\u0027s repo lookup (running `go list`) is also not cached, even if the\nrepositories themselves are.\n\nWe can eliminate most of the remaining rebuild time by mounting\nthe entire execroot, however, this is currently foiled by a podman bug\n(Bazel needs to execute lots of binaries inside the root):\n\nhttps://github.com/containers/libpod/issues/4318\n\nTest Plan:\nRan `bazel build scripts:launch`, recreated container, ran it again.\n\nBuild times decreased significantly:\n\n INFO: Elapsed time: 279.951s, Critical Path: 119.05s\n INFO: 477 processes: 476 linux-sandbox, 1 local.\n INFO: Build completed successfully, 497 total actions\n\nX-Origin-Diff: phab/D206\nGitOrigin-RevId: 2d17a7eeb5d8b70ad4e26c13a0c6b31c4edfb33f\n" }, { "commit": "544440b6c8603ddaa548add84a657c999feeec49", "tree": "89eb7ab3920a5b90aab2623cfdd992850dff669b", "parents": [ "2a2081cc8bdb0a04a1c5e4509ce5cb569f3ef110" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Oct 23 15:47:50 2019 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Oct 23 15:47:50 2019 +0200" }, "message": "Fix sandbox build by setting /tmp --syslibdir during musl build\n\nTest Plan: Ran a clean `scripts:launch` build, no longer failed.\n\nX-Origin-Diff: phab/D205\nGitOrigin-RevId: 6edd31d46816414c6b4c51664f23ce9d7c6d603d\n" }, { "commit": "2a2081cc8bdb0a04a1c5e4509ce5cb569f3ef110", "tree": "af2403c83ae163f1f512721b1c27643d21ab39b2", "parents": [ "7afd390eadf37eac58d4db8ad3751783c40bdf37" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Oct 23 13:33:10 2019 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Oct 23 13:33:10 2019 +0200" }, "message": "Increase robustness of bazel wrapper script and remove repository_cache\n\nThis allows the wrapper script to be called from anywhere.\n\nThe repo cache does not actually work as expected since it does not\ncache most external dependencies we care about, and is not always a\nvalid command line argument, so we would either have to specify it\nin .bazelrc (breaking non-standard dev setups), or specify it manually.\n\nTest Plan: Ran the bazel wrapper from my home directory, got expected output.\n\nX-Origin-Diff: phab/D204\nGitOrigin-RevId: 74d09ba24fd84ba0dd6e1ba282995c452546eb25\n" }, { "commit": "7afd390eadf37eac58d4db8ad3751783c40bdf37", "tree": "73b7533e0ba991eb8f2d98ed58e4350ca4c8e394", "parents": [ "2983d7285fe019f943f1b722f26a0f2e959c5f80" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Oct 23 12:16:57 2019 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Oct 23 12:16:57 2019 +0200" }, "message": "Use --privileged in Fedora container\n\nThis enables the namespace-based sandbox in Bazel.\n\nUsing `--privileged` isn\u0027t as dangerous as it looks, when used with podman in rootless mode (i.e. ran as unprivileged user), in which case it uses user namespaces.\n\nWe drop `--net\u003dhost`, which is not actually necessary.\n\nTest Plan:\n scripts/destroy_container.sh\n scripts/create_container.sh\n scripts/run_in_container.sh bazelisk build :swtpm_data\n\n This now fails properly when ran with the container:\n\n swtpm-localca: touch: cannot touch \u0027/var/lib/swtpm-localca/.lock.swtpm-localca\u0027: Read-only file system\n swtpm-localca: Error: Could not create lock file /var/lib/swtpm-localca/.lock.swtpm-localca.\n\nX-Origin-Diff: phab/D202\nGitOrigin-RevId: f51a831e7584cccf21860e9f18b73272a658f055\n" }, { "commit": "2983d7285fe019f943f1b722f26a0f2e959c5f80", "tree": "f6b5056682bef41597d02347dff0d523916d196f", "parents": [ "e28e1b3556feb786c71f161b357fcf6899e44c19" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Oct 23 12:16:42 2019 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Oct 23 12:16:42 2019 +0200" }, "message": "Improve Bazel Fedora build container handling and cache repository downloads\n\nAdds lifecycle management scripts for the dev container and a \"bazel\" wrapper script, which sets container-only startup options.\n\nReplaces /dev/null bind mounts by SELinux contexts for container breakup prevention, since newer podman versions managed to somehow break the ordering of mounts and mounting on top of a volume gives ENOENT. This requires a placeholder .arcconfig.\n\nOn Fedora, SELinux prevents the container from accessing /dev/kvm, which requires a custom policy (see rWa716c988d69e).\n\nDesign considerations:\n\n- The build cache is on a tmpfs. This avoids fuse-overlayfs overhead. If the container is recreated, we want to drop the build cache - Bazel does not track ambient dependencies, so we do not know if we need to rebuild anything (like after upgrading a compiler).\n\n- The repository cache contains just workspace dependencies and is mounted as a volume.\n\nThe repository caches does not work terribly well yet, we probably need to mount parts ~/.cache/bazel as well. podman always mounts volumes as noexec, so this is not as straight-forward as it looks.\n\nTest Plan:\nRan the commands from the README as my unprivileged workstation user.\nSmalltown was built and launched successfully.\n\nX-Origin-Diff: phab/D198\nGitOrigin-RevId: aff720d2862cdf5d1df67813d842d221d69a84c0\n" }, { "commit": "e28e1b3556feb786c71f161b357fcf6899e44c19", "tree": "4bc2b91b2e276c6e7ee4131ab0c76eec4ec391fa", "parents": [ "5c80acaec733e0b7c43cb0584cdeb7cebc826aa9" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Oct 22 19:20:34 2019 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Oct 22 19:20:34 2019 +0200" }, "message": "Fix Bazel on properly sandboxed execution\n\nTest Plan: Tested by launching VM\n\nX-Origin-Diff: phab/D199\nGitOrigin-RevId: d27f09e62067082ca0d6f40510c851752094b481\n" }, { "commit": "5c80acaec733e0b7c43cb0584cdeb7cebc826aa9", "tree": "f7db6de47e4ef38599da89dd4f1082c65569ca03", "parents": [ "a71b5a4c36d5cae089666eaad57514c64baf6f24" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Oct 22 15:48:58 2019 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Oct 22 15:48:58 2019 +0200" }, "message": "Replace build system with a Bazel-based one\n\nThis pins our external dependencies and introduces a mostly-hermetic build where all dependencies are explicitly declared and rebuilt if needed.\n\nNecessary prerequite for a proper CI workflow. Since Bazel can cache build artifacts, we can remove the hardcoded binary artifacts from the repo.\n\nAs suggested in our discussions, the genrule that builds mkfs.xfs is basically doing the same as the previous build_artifacts.sh script (see source code comments for rationale).\n\nThe main issue at this point is that the `build/linux_kernel:image` target rebuilds the kernel each time any of its inputs (like cmd/init)\nchange. This is very hard to fix without compromising on hermeticity, porting kbuild to Bazel (no thanks) or injecting the initramfs into the\nkernel image in a separate rule (might just work, but the kernel build rule would either have custom code, or a massive set of outputs).\n\nPerhaps we could use a separate initramfs for development? Or deliberately poke holes into Bazel\u0027s sandbox to reuse kernel build?\n\nTest Plan:\nRun this in a fresh container with empty Bazel cache:\n\n bazelisk run scripts:launch\n\n... and watch as Bazel rebuilds the world.\n\nX-Origin-Diff: phab/D197\nGitOrigin-RevId: 21eea0e213a50e1c4ad25b2ac2bb87c53e36ea6d\n" }, { "commit": "a71b5a4c36d5cae089666eaad57514c64baf6f24", "tree": "b73960c90b2635bf804fcadafb93d141ef4a203a", "parents": [ "67f9d096fb66d9f9298542d98d128a42b9d43695" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Oct 22 15:48:23 2019 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Oct 22 15:48:23 2019 +0200" }, "message": "Explicitly ignore call to os.Remove\n\nThis stops linters and GoLand from complaining.\n\nTest Plan: No functional change\n\nX-Origin-Diff: phab/D196\nGitOrigin-RevId: b4174bb82b8a14e2677dfbf9e95b97ee04ed284b\n" }, { "commit": "67f9d096fb66d9f9298542d98d128a42b9d43695", "tree": "cb548c7e7a63df850302f6bb42a5a6bb3e5d2700", "parents": [ "40ab4b41d338657c67a7fa72a3f76e26f582d98e" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Oct 22 15:41:42 2019 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Oct 22 15:41:42 2019 +0200" }, "message": "Refactor build_artifacts.sh and makefile\n\n- Move everything to .data, .vendor, .artifacts and .bin in order to cleanly separate build input and output.\n- Sprinkle some subshells on build_artifacts.sh to make it fail more gracefully.\n- Fix fetch_third_party.sh check.\n- GOBUILD make helper.\n- Dockerfile with build dependencies.\n\nTest Plan:\nRan `make clean` and build steps described in README.md, it boots:\n\n{P84}\n\nX-Origin-Diff: phab/D195\nGitOrigin-RevId: 4106534c7248931b79e93e2a13153482033cd0d8\n" }, { "commit": "40ab4b41d338657c67a7fa72a3f76e26f582d98e", "tree": "3caf6bf0363c00472cd1f3ceada351a142542cf7", "parents": [ "dd8c80e4806660f5a792c731249873406d097165" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Oct 22 15:35:52 2019 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Oct 22 15:35:52 2019 +0200" }, "message": "Rename base package to git.monogon.dev/source/smalltown.git\n\nThis ensures that the package is go get-able in our managed environment,\nwhich has SSH configs for git.monogon.dev by default.\n\ngo knows that it\u0027s a Git repo by matching on \".git\"\n(see: https://golang.org/cmd/go/#hdr-Remote_import_paths).\n\nThe package name is a bit more unwieldy than it needs to be, so maybe\nwe should add go-import metadata to git.monogon.dev at some point\n(which is not straight-forward, since Go does not understand SRV records,\nso this needs to be added to the Phabricator web server).\n\nAlso refreshed all generated files and go.mod/go.sum.\n\nTest Plan:\n make cmd/mkimage/mkimage\n make cmd/init/init\n\nX-Origin-Diff: phab/D193\nGitOrigin-RevId: 766325ccd9a51d04eba0e49269c530c520444193\n" }, { "commit": "dd8c80e4806660f5a792c731249873406d097165", "tree": "a2e9ef14ac051c6a7014f033670a083a7a396ed5", "parents": [ "f95909d11f20c01129120274076a44a689eabe3d" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Oct 07 16:19:49 2019 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Oct 07 16:19:49 2019 +0200" }, "message": "Delete old secretstore, cmd/node and config modules\n\nThis removes even more code that is no longer necessary or interferes with new concepts. It also refactors the storage stuff into a StorageManager which deals with all the paths and async initialization.\n\nThis does intentionally break a few things which will be fixed when the CA code lands.\n\nTest Plan: Manually tested using make launch, CI is in a separate ticket\n\nX-Origin-Diff: phab/D182\nGitOrigin-RevId: 282a4bd84b47010d859e03da53b2c2de8183b13b\n" }, { "commit": "f95909d11f20c01129120274076a44a689eabe3d", "tree": "2ba85463c30b26c0df8b7c278ea5df22da42dfdb", "parents": [ "ae0d90d0f95a1a71801d31d5460d32f8644fc0dd" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Sep 11 19:48:26 2019 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Sep 11 19:48:26 2019 +0200" }, "message": "UEFI EDK II, TPM minting, QEMU launcher and basic DHCP support\n\nTest Plan:\nYou still need a recent version of QEMU and swtpm installed (these are not yet integrated)\nRun `make launch` and have fun with a running Smalltown instance :)\n\nX-Origin-Diff: phab/D159\nGitOrigin-RevId: c7245bfbabebf92507445525bee009a71d19caea\n" }, { "commit": "ae0d90d0f95a1a71801d31d5460d32f8644fc0dd", "tree": "558ca2744e8ba310f36362ae68cb48e0511ea376", "parents": [ "16a981d4c23c1f2cd4808b6ba489df83455d68b4" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Sep 05 17:53:56 2019 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Sep 05 17:53:56 2019 +0200" }, "message": "Initial operating system work\n\nAdds a draft for most of the operating system work, sans external things like EDK2 and kernel build which will be pushed later in a separate diff.\n\n* Sealing/Unsealing of encrypted and integrity-protected data partition using TPM2\n* PID1 standard behaviour (mounting minimal filesystems, cleaning up orphans)\n* TPM2.0 helper library\n* Block device finding and mounting\n\nTest Plan: Manually tested, CI will be dealt with later.\n\nX-Origin-Diff: phab/D157\nGitOrigin-RevId: 6fc494f50cab1f081c3d352677158c009f4d7990\n" }, { "commit": "16a981d4c23c1f2cd4808b6ba489df83455d68b4", "tree": "fd47d6cff0e2d8d90d2fad2d1bf4f70b8ce77b92", "parents": [], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Sep 16 11:26:05 2019 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Sep 16 11:26:05 2019 +0200" }, "message": "Added userspace device mapper library\n\nThis adds a userspace library to talk to the Kernel\u0027s DM subsystem and\nis part of the Smalltown init to set up dm-integrity/dm-crypt.\n\nTest Plan:\nCurrently manually tested, automated testing possible but would require\nspinning up a kernel and testing against it. This would require KVM access\non the test infrastructure, a test kernel and additional code.\n\nX-Origin-Diff: phab/D154\nGitOrigin-RevId: 45565ae6288e2accee3f8ce80233580c6ac3e754\n" } ] }