)]}' { "log": [ { "commit": "1bfa0c2d9107cecb56ef6243133cfa12f4c3317b", "tree": "aeb008c1f685962e2d2387ed348435ef52534794", "parents": [ "248b2ecab2a933024b443b29bb7f9872f38f2956" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Oct 14 16:45:07 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Oct 14 16:45:07 2020 +0200" }, "message": "logtree: rename payload to leveledpayload\n\nTest Plan: Refactor, covered by tests.\n\nX-Origin-Diff: phab/D639\nGitOrigin-RevId: 6c268c8b437a93c97720f110dbc9c39e95402648\n" }, { "commit": "248b2ecab2a933024b443b29bb7f9872f38f2956", "tree": "04aac2dcb6bdc74d19d5cfd35e45a52e20e1e3a8", "parents": [ "a7dca8956f9e0182f51b74d1309f49f177416eef" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Oct 26 15:55:51 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Oct 26 15:55:51 2020 +0100" }, "message": "logbuffer: split out LineBuffer\n\nWe want to be able to use similar line-oriented buffering in LogTree.\nRather than repeat ourselves, let\u0027s fact this out into a nice little\nlibrary.\n\nTest Plan: Covered by existing logbuffer tests, added some extra linebuffer-specific ones.\n\nX-Origin-Diff: phab/D636\nGitOrigin-RevId: 38e832d323ed9f1723feaa9f9169caad18619e55\n" }, { "commit": "06d65bc4e57c4c83150a3b67fc33763d5360b80f", "tree": "3ee27d08628e68d5c5f971e24519bc3f0fc8082e", "parents": [ "9e861a87775191faf1a027f603a0074446cd1319" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Sep 24 10:51:59 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Sep 24 10:51:59 2020 +0200" }, "message": "logtree: chase out some documentation typos\n\nTest Plan: only documentation changes.\n\nX-Origin-Diff: phab/D627\nGitOrigin-RevId: 78b1983bd67c632f467227689371113f26da5842\n" }, { "commit": "5faa2fc7fb6266486183fdc1455e711079d33e37", "tree": "17203f2ac8ed9124b4573b2f9a05aaa92335190c", "parents": [ "5ade732e7778b774caf03c850fbfaa7b67132d9b" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Sep 07 14:09:30 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Sep 07 14:09:30 2020 +0200" }, "message": "logtree: implement\n\nThis implements logtree, as per go/logtree .\n\nSome API changes are present, the design doc will be updated to reflect\nthese and the rationale behind the changes.\n\nThis implementation is missing \u0027raw\u0027 log functionality, this will be\nadded in a diff on top (as the implementation is trivial, but we want\nto keep this diff as simple as possible).\n\nTest Plan: covered by tests\n\nX-Origin-Diff: phab/D624\nGitOrigin-RevId: 6d1e0fb16f47e4b0dc9a18765cecb9314bbcb441\n" }, { "commit": "5ade732e7778b774caf03c850fbfaa7b67132d9b", "tree": "ad467196bf11717d4193f45c346112ffe97c375b", "parents": [ "a50e845df333a4d7531793e3fed61ca8411384f5" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Aug 27 13:27:51 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Aug 27 13:27:51 2020 +0200" }, "message": "logtree: implement LeveledLogger interface\n\nThis implementes the equivalent of StructuredLogger from go/logtree as\na pure interface for further implementation by LogTree (or other logging\nmechanism, eg. in tests).\n\nStructuredLogger was a slightly poor name (because of the unfortunate\nindustry understanding of what structured logging is), so we go ahead\nand rename that. Once this change goes through, the design document will\nbe reflected to rename \u0027Structured Logging\u0027 to \u0027Leveled Logging\u0027.\n\nWe base the API off of github.com/golang/glog, but without a single\nglobal instance. Other API differences include:\n - No {Info,Warning,Error,Fatal}ln calls, as these are pretty much\n equivalent to {Info,Warning,Error,Fatal} calls.\n - V(n) now returns an interface with .Enabled(), instead of a boolean\n value. This is necessary as the returned value will have to carry\n its corresponding LeveledLogger instead of calling global functions.\n\nTest Plan: plain interface, untested\n\nX-Origin-Diff: phab/D620\nGitOrigin-RevId: 06c7e3a88751ff7503e8106fac2360cf8de621c4\n" }, { "commit": "a50e845df333a4d7531793e3fed61ca8411384f5", "tree": "d27ebc111fce076181d9ddda5c06882334f91823", "parents": [ "ed0503cbe3c2d85d138f2604b87d73417be6c940" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Sep 09 17:09:27 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Sep 09 17:09:27 2020 +0200" }, "message": "Introduce TPM event log infrastructure\n\nThis adds support for reading the local TPM event log and for parsing the\nresulting blob. Reading the log is implemented as part of our TPM library, but\nfor reading and processing the event log binary structure we rely on Google\u0027s\ngo-attestation. Since they don\u0027t separate their event log processing from the rest\nof the package, I imported the relevant files here directly.\n\nSince TPM event logs are really terrible (see included workarounds and\nhttps://github.com/google/go-attestation/blob/master/docs/event-log-disclosure.md)\nit\u0027s probably a bad idea to use them for anything where we can avoid it.\nSo this will likely only be used for EFI boot / secure boot attestation and\neverything we measure will be part of our TPM library with a much less insane format.\n\nTest Plan:\nManually smoke-tested using a custom fixture on a Ryzen 3000 fTPM.\nWe cannot really test this until we have a way of generating and loading\nsecure boot keys since an empty secure boot setup generates no events.\n\nX-Origin-Diff: phab/D622\nGitOrigin-RevId: e730a3ea69c4055e411833c80530f630d77788e4\n" }, { "commit": "f042e6f95bb7dc771bf79f309dbdf0b34da933da", "tree": "f18c60fb92202ce2d5ec7041c85579865a81509d", "parents": [ "b876fc31f12628562a51c70668b318b9fc50478b" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jun 24 16:46:09 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jun 24 16:46:09 2020 +0200" }, "message": "Add Wireguard-based K8s pod networking\n\nThis adds a pod networking runnable based on Wireguard which watches all nodes\nand adds their K8s IPAM allocations as routes into the kernel \u0026 WireGuard. It only depends\non K8s and only performs direct routing.\n\nTest Plan: Manually tested by spinning up a two-node cluster and running two Alpine pods pinging eachother. Can be covered by E2E tests once we can do image preseeding for the test infra (T793).\n\nBug: T487\n\nX-Origin-Diff: phab/D573\nGitOrigin-RevId: ba3fc36f421fd75002f6cf8bea25ed6f1eb457b0\n" }, { "commit": "547b33f2b38dba41f2c171f8730ff5093b267eaf", "tree": "0b1993d79cd3724613e43caed66e81979de0b082", "parents": [ "3dba53221970a81cdc1158cced2c6acf85b33065" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Apr 23 15:27:06 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Apr 23 15:27:06 2020 +0200" }, "message": "Add in-kernel test runner\n\nThis adds a way to run tests inside the Smalltown kernel.\n\nImprovements to the Bazel part of this are tracked in T726\n\nTest Plan: Tested by intentionally failing the test.\n\nX-Origin-Diff: phab/D485\nGitOrigin-RevId: e4aad7f28d122d82a7fcb6699e678cbe022e2f73\n" }, { "commit": "1d8017549154d0bf2c36610d75eee8de9b25ce02", "tree": "854997e22377a1a3b2b2ef00fa9efe8fc2651228", "parents": [ "25b82a85dceb8f3ce847d712fa58809d87f316fb" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Apr 02 09:24:51 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Apr 02 09:24:51 2020 +0200" }, "message": "Introduce fsquota package\n\nThis introduces a new fsquota package and\na few low-level support packages to simplify the\nmanagement of filesystem quotas.\n\nTo expose an API that\u0027s nice to use while staying\nperformant and safe the new fsinfo syscall is being\nused. Since that syscall is not yet in mainline it has\nbeen backported to our 5.6 kernel.\n\nTest Plan:\nManually validated on our kernel, automated\ntests are pending some Bazel work to be able to run them\ninside our own kernel.\n\nX-Origin-Diff: phab/D462\nGitOrigin-RevId: bb463056589d2b13b7cf32d48ab0b884e70b1bad\n" }, { "commit": "25b82a85dceb8f3ce847d712fa58809d87f316fb", "tree": "badbb242c6fbd3889af79a5bb493895285d42707", "parents": [ "fd16651a2ef1484b7d8f12d0a7c7f93899af2747" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Mar 23 20:27:51 2020 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Mar 23 20:27:51 2020 +0100" }, "message": "Added logbuffer helper package\n\nThis adds a small package which is used to store logs for other\nbinaries we\u0027re calling. It\u0027s an in-memory non-depleting ring buffer\ncapable of directly taking in a stream (for example from stdout).\nFor reliability it has bounded total memory consumption.\nIt offers a simple interface to get the last n log lines out.\n\nTest Plan: Has 100% test coverage built-in\n\nBug: T667\n\nX-Origin-Diff: phab/D442\nGitOrigin-RevId: 32d5944650793b6cea8ec48a40ea4abb3944ad21\n" }, { "commit": "8fba0f84d52095ff933b442f2acaec315e2eb1da", "tree": "f8b168b9f2395ada0ea11980800836daee009dd5", "parents": [ "8efe51e0fd63e9df72cd61ab610ffe0a6dd27834" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Jan 22 18:46:25 2020 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Jan 22 18:46:25 2020 +0100" }, "message": "Review comments for TPM attestation\n\nLots of comments and an updated boot test. Generously increase the timeout to eliminate random CI failures.\n\nTest Plan: Boot test works\n\nBug: T499\n\nX-Origin-Diff: phab/D319\nGitOrigin-RevId: cf17fe7c599f670ff8b6f0ac60486f2a04f13a5a\n" }, { "commit": "aa6b7346a87a5512fbdd5b39db766000c0e10415", "tree": "8b7665934b854d4d2ee18e90a289752f8cd85942", "parents": [ "5e0bd2d43ab72cf4091e7689d02f95e07b1c1010" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Dec 12 02:55:02 2019 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Dec 12 02:55:02 2019 +0100" }, "message": "Attestation \u0026 Identity \u0026 Global Unlock \u0026 Enrolment\n\nThis changes the node startup sequence significantly. Now the following three startup procedures replace the old setup/join mechanic:\n* If no enrolment config is present, automatically bootstrap a new cluster and become master for it.\n* If an enrolment config with an enrolment token is present, register with the NodeManagementService.\n* If an enrolment config without an enrolment token is present, attempt a normal cluster unlock.\n\nIt also completely revamps the GRPC management services:\n* NodeManagementService is a master-only service that deals with other nodes and has a cluster-wide identity\n* NodeService is only available in unlocked state and keyed with the node identity\n* ClusterManagement is now a master-only service that\u0027s been spun out of the main NMS since they have very different authentication models and also deals with EnrolmentConfigs\n\nThe TPM support library has also been extended by:\n* Lots of integrity attestation and verification functions\n* Built-in AK management\n* Some advanced policy-based authentication stuff\n\nAlso contains various enhancements to the network service to make everything work in a proper multi-node environment.\n\nLots of old code has been thrown out.\n\nTest Plan: Passed a full manual test of all three startup modes (bootstrap, enrolment and normal unlock) including automated EnrolmentConfig generation and consumption in a dual-node configuration on swtpm / OVMF.\n\nBug: T499\n\nX-Origin-Diff: phab/D291\nGitOrigin-RevId: d53755c828218b1df83a1d7ad252c7b3231abca8\n" }, { "commit": "719362043a48b7d1575b53885c3e95dade55f0bf", "tree": "47d2be8211a290469db9e5b3c777dcd35c92d7d9", "parents": [ "399fe83ccccf616b5bc47c91693f86bce526f652" ], "author": { "name": "Lorenz Brun", "email": "lorenz@brun.one", "time": "Mon Nov 18 10:22:57 2019 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@brun.one", "time": "Mon Nov 18 10:22:57 2019 +0100" }, "message": "Added fileargs helper package\n\nThis helps with working with commandline software that mostly takes its\nconfiguration from files.\nIt exposes a data-friendly interface and hides\nall the messy file operations.\n\nTest Plan: Has been tested with Kubernetes\n\nX-Origin-Diff: phab/D270\nGitOrigin-RevId: 432f61830679225be54de577c0c2282b0ac8c306\n" }, { "commit": "68c58755e0a56e1b1c565d80f99056ec4948fbec", "tree": "f122ab392769d33620077c65ddf0f0a3aed43d1c", "parents": [ "5ed291ea1833ffd07665b6194f7b6db2b7c1c4aa" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Nov 14 21:00:59 2019 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Nov 14 21:00:59 2019 +0100" }, "message": "Improve documentation, remove dead code plus some minor refactorings\n\nThis improves our code-to-comments ratio by a lot.\n\nOn the refactorings:\n\n- Simplify the cluster join mode to just a single protobuf message -\n a node can either join an existing cluster or bootstrap a new one.\n All of the node-level setup like hostname and trust backend is done\n using the setup call, since those are identical for both cases.\n\n- We don\u0027t need a node name separate from the hostname. Ideally, we would\n get rid of IP addresses for etcd as well.\n\n- Google API design guidelines suggest the `List` term (vs. `Get`).\n\n- Add username to comments for consistency. I think the names provide\n useful context, but git blame is a thing. What do you think?\n\n- Fixed or silenced some ignored error checks in preparation of using\n an errcheck linter. Especially during early boot, many errors are\n obviously not recoverable, but logging them can provide useful debugging info.\n\n- Split up the common package into smaller subpackages.\n\n- Remove the audit package (this will be a separate service that probably\n uses it own database, rather than etcd).\n\n- Move storage constants to storage package.\n\n- Remove the unused KV type.\n\nI also added a bunch of TODO comments with discussion points.\nAdded both of you as blocking reviewers - please comment if I\nmisunderstood any of your code.\n\nTest Plan: Everything compiles and scripts:launch works (for whatever that\u0027s worth).\n\nX-Origin-Diff: phab/D235\nGitOrigin-RevId: 922fec5076e8d683e1138f26d2cb490de64a9777\n" }, { "commit": "0d7c91e331022831a974c2e34d32bb5b89ddc89c", "tree": "5b822873c015053f4b697d60c33fa3b1ef9a3a4b", "parents": [ "043daa57020dd36e074488dcb432114a548a3d2a" ], "author": { "name": "Hendrik Hofstadt", "email": "hendrik@certus.one", "time": "Wed Oct 23 21:44:47 2019 +0200" }, "committer": { "name": "Hendrik Hofstadt", "email": "hendrik@certus.one", "time": "Wed Oct 23 21:44:47 2019 +0200" }, "message": "Implement monorepo layout\n\nImplemented the nexantic monorepo.\n\nSmalltown code was moved to `core`. From now on all code will live in top level directories named after the projects with the exception for general purpose libraries which should go to `\u003clang\u003elibs`.\n\nGeneral build and utility folders are underscore prefixed.\n\nThe repo name will from now on be rNXT (nexantic). I think this change makes sense since components in this repo will not all be part of Smalltown, the Smalltown brand has been claimed by Signon GmbH so we need to change it anyway and the longer we wait the harder it will be to change/move it.\n\nTest Plan: Launched Smalltown using `./scripts/bin/bazel run //core/scripts:launch`\n\nX-Origin-Diff: phab/D210\nGitOrigin-RevId: fa5a7f08143d2ead2cb7206b4c63ab641794162c\n" } ] }