)]}' { "log": [ { "commit": "12450d28a5a841994df41bb7c37c24d53a2c80d2", "tree": "4d986fcb759755fa81ebb4a6ef9bf98db916a3bb", "parents": [ "fba5da0d552a7406276be9bacc87c79108698669" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Dec 20 13:06:19 2022 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jan 03 18:16:07 2023 +0000" }, "message": "pkg/smbios: fix error calculating memory size\n\nThere were two errors in the memory size calculation.\nOne was that if the high bit is set the unit is KiB, otherwise MiB, not\nthe other way around.\nThe other one was that I extracted the bit, but failed to shift it to\nthe right position. So I took the time to stop this bit twiddling and\nadded some constants and a good old-fashioned if.\n\nChange-Id: I0bce8f7607981e62120365374458425f3c663b51\nReviewed-on: https://review.monogon.dev/c/monogon/+/1000\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "fba5da0d552a7406276be9bacc87c79108698669", "tree": "fbb6f9eb26f86bfb3e7aa8ba524a29bafe76ec12", "parents": [ "189495ac490e93770a88affdce25b8f2087cb193" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Dec 15 11:20:47 2022 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jan 03 18:16:07 2023 +0000" }, "message": "pkg/nvme: add NVMe package\n\nThis adds a NVMe package for performing various low-level operations on\nNVMe devices. Only the most important (to us) calls are implemented as\nNVMe has a vast API surface.\n\nChange-Id: I532894c3c2eb780309993a1688226c92c91cdedf\nReviewed-on: https://review.monogon.dev/c/monogon/+/999\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "f9c65e9e588c44e019d6b8836275493abe298a2e", "tree": "623c0d0e36c62d0593dbd6cc73ed3c629bf0466a", "parents": [ "68ca370db4bb8314ac7598ce3b9c90194bde47a8" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Nov 22 12:50:56 2022 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Nov 29 12:22:31 2022 +0000" }, "message": "pkg/smbios: add SMBIOS package\n\nThis adds a new SMBIOS package which contains common structures from\nSMBIOS as well as corresponding parsers.\nI originally explored an approach where I manually designed optimized Go\ntypes for each structure, but that would have led to a huge amount of\ncode that reading a structure of this type would cause if done\nliterally. I also considered code generation, but if the generated types\nare to be close to the manually-designed ones it would be an incredibly\ncomplex piece of code as well.\nFinally I went with a design based on reflection which is much more\ncompact than the first two and consists of plain Go code at the expense\nsome niceness in the types.\nI called the current types SomeTypeRaw in case I want to come back later\nintroduce a small layer mapping the current structures into nicer ones.\nBut for our current purposes the raw ones are good enough already.\n\nThis has been tested against our deployment targets, but as the SMBIOS\ndata contains uniquely identifying information these small tests are not\npart of this CL. Sadly I haven\u0027t found any public SMBIOS test-cases.\n\nChange-Id: I55d746ada0801de456f2a0eb961821abd9d58fa2\nReviewed-on: https://review.monogon.dev/c/monogon/+/983\nTested-by: Jenkins CI\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "0123a1c948100c040c1924e50dc1e05a9cd523a7", "tree": "0e99c3903f18cca4e97c60f3595b4fee5924ca1d", "parents": [ "35e8d79e695b290d371d82dbcc5b15cea429d424" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Oct 24 18:41:48 2022 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Oct 26 15:46:46 2022 +0000" }, "message": "m/p/kexec: add auxiliary EFI handling\n\nThis makes kexec do auxiliary handling related to EFI. If a system is\nbooted using EFI and has an ACPI Root System Description Pointer (RDSP)\ni.e. just about every modern system, the pointer to that structure needs\nto be passed to the kexec\u0027ed kernel on its command line.\nOtherwise various EFI-related functionality breaks, like accessing\nEFI variables which causes a kernel crash.\n\nLogically I think this functionality belongs to kexec as callers\nshouldn\u0027t need to be aware of kexec specifics and every caller\npotentially running on EFI needs this functionality.\n\nChange-Id: Iec7ad4c3c0a7e5c31d738d307ff0e10aac02ab11\nReviewed-on: https://review.monogon.dev/c/monogon/+/960\nTested-by: Jenkins CI\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "ee17d8303258980270587755f75dc4b6412e3a31", "tree": "25e30e22a95527592b8d596dc8da5e6f7b6b63ab", "parents": [ "ce3d810f4fde5e00aba7539a4d12ebe82d65b672" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Oct 18 12:02:45 2022 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Oct 24 16:30:56 2022 +0000" }, "message": "m/p/gpt: add GPT package\n\nThis introduces our own GPT package. It will be used for provisioning\nand Metropolis images.\n\nChange-Id: I905cd5d540673fd4b69c01d8975f98b88e24edd4\nReviewed-on: https://review.monogon.dev/c/monogon/+/956\nTested-by: Jenkins CI\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "5486a9cf8c7092a213bfda0b52681c156fe87cbb", "tree": "458c972750c2a47ff4697ac11fe3c27b421fb8ff", "parents": [ "d1bc4a61ebcebe25fc45fbaba577867a6f293b97" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Sep 12 16:49:30 2022 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Sep 13 11:32:54 2022 +0000" }, "message": "m/p/kexec: add minimal kexec library\n\nThis adds a minimal kexec library which wraps the kexec_file_load\nsyscall in a Go-style interface.\n\nChange-Id: Ia69b47ec6a305b19b238f30a7515aabdccb44bb9\nReviewed-on: https://review.monogon.dev/c/monogon/+/903\nTested-by: Jenkins CI\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "bd2ce6dcffa271d8ef00bceda1a89fc34d1d0f3d", "tree": "d40ddca810272927e140a369866be45adde0e150", "parents": [ "4c078788121339beb45cad8b2ac2a24dac55cb93" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Fri Jul 22 00:00:13 2022 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Sep 06 13:59:45 2022 +0000" }, "message": "m/p/fat32: add fat32 package\n\nThe fat32 package is a write-only implementation of the FAT32\nfilesystem. It works quite unlike a normal file system by first\ndetermining the entire disk layout and then sequentially writing\nout everything. This allows it to have a fully streaming output without\nneeding to seek at all.\nBecause all IO is sequential the implementation is extremely fast and\ncan potentially even leverage things like the copy_file_range syscall.\nThis means however that all files and readers need to be prepared ahead\nof time, it is not possible to make decisions during the writing\nprocess.\nIt is also possible to generate \"right-sized\" filesystems by not\nspecifying an explicit block count. In that case the resulting image\nwill contain exactly as many clusters as needed.\n\nChange-Id: I49bf2ce09b26a7d628a39a0dd0745bca61c1c4da\nReviewed-on: https://review.monogon.dev/c/monogon/+/841\nTested-by: Jenkins CI\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "b838e05983828a443390479691dba3de086bcb53", "tree": "14eef15338691f9764f3e93452bc27fc0834f29c", "parents": [ "9c315f1116567df934cf7fce5f3f341c70cb9b66" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Fri Aug 12 18:08:10 2022 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Thu Aug 25 11:26:58 2022 +0000" }, "message": "m/c/metroctl: implement the \"describe\" command\n\nThis implements metroctl\u0027s \"describe\".\n\ncmd.TerminateIfFound was adjusted to meet new test needs.\n\nChange-Id: If86f35bc648d99396e7d5be48ab459d6b13334ce\nReviewed-on: https://review.monogon.dev/c/monogon/+/850\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "2f7790dfe7a93f5f048e914d0c1d61af61dbdfba", "tree": "5bf39f6d0c3a13b97a617b752789c2bf2764e60c", "parents": [ "6cdc976f681edc51f68454a76e7d7af64417ca7e" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Sat Aug 06 16:10:42 2022 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Thu Aug 25 11:26:58 2022 +0000" }, "message": "m/p/cmd: handle exiting processes\n\nRunCommand was seen waiting for the line that would trigger its\nsupplied predicate function even after the managed process exited,\nwhich is deemed a bad strategy.\n\nChange-Id: I5fa5add1daf3c4f0c69f72f5b5859e88f7bc2679\nReviewed-on: https://review.monogon.dev/c/monogon/+/847\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "6cdc976f681edc51f68454a76e7d7af64417ca7e", "tree": "dfcfa01566c2c82f41616cdc654937a3fbee0e31", "parents": [ "18a67b033fd8ccd5dacb7c7e1f0c1a9c21eb0a6b" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Wed Aug 03 17:15:01 2022 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Thu Aug 25 11:26:58 2022 +0000" }, "message": "m/p/cmd: use predicates in RunCommand\n\nThis generalizes RunCommand by making it accept any completion\npredicate function.\n\nChange-Id: Ic6b911244aaecd16c01000050fca618a8c8e09d7\nReviewed-on: https://review.monogon.dev/c/monogon/+/846\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "cf92f409655c4f4bc22eaa5d17f543d69e8c411b", "tree": "f0db9b6b5d73e168954544af951754a082b34493", "parents": [ "28800ad9a591c8a9dbbba4f21de51d8e07443b1e" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Fri Jul 08 15:08:48 2022 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Jul 11 12:09:15 2022 +0000" }, "message": "m/p/api: use protobuf.Timestamp in LogEntry\n\nThis updates LogEntry to use google.protobuf.Timestamp.\nSee: issue #129.\n\nChange-Id: I937800aa91e86690da0d06f743e720c2d474ad0a\nReviewed-on: https://review.monogon.dev/c/monogon/+/832\nTested-by: Jenkins CI\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "f1234a9528f700bc3c44a45fe19d5a743da29af5", "tree": "26fd08130af2338c02b657eae8497454056e505d", "parents": [ "cce1f0d12155fbaa4011ab459844575cd360036b" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Wed Jun 22 13:57:38 2022 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Jul 11 12:09:15 2022 +0000" }, "message": "m/p/cmd: implement RunCommand\n\nThis implements a new utility function RunCommand, based on existing\nm/installer/test implementation.\n\nRunCommand will be used in the upcoming metroctl test implementation.\n\nChange-Id: Ieb98acada7e7408249da0e289861674e80b4d581\nReviewed-on: https://review.monogon.dev/c/monogon/+/789\nTested-by: Jenkins CI\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "237cf4076e4314ea98f4d47e9557857ef73f554b", "tree": "2c4a6f8e62958469f84b5e948faace8bd8e3441e", "parents": [ "d57ef1c61a520fa251ede0b4ef2491b8c3ebd3b8" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Jul 04 12:14:37 2022 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Jul 04 14:03:05 2022 +0000" }, "message": "m/p/pki: set correct authority key identifier\n\nThe current code sets the AuthorityKeyId of a signed certificate to the\nparent\u0027s AuthorityKeyId while it should set it to the parent\u0027s\nSubjectKeyId. This worked as we do not currently use intermediate CAs.\n\nChange-Id: I74dae8b50fd32d2b158ed95ccf918a6a38a1c699\nReviewed-on: https://review.monogon.dev/c/monogon/+/819\nTested-by: Jenkins CI\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "bbb873d19c7b0b981c6d00e78c1d25544835b500", "tree": "ee0d0420f53aed79197f35491bc5e72a7d61d0c1", "parents": [ "2a64fff55720780c1702d1013be2a80575d80aa7" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Fri Jun 24 14:22:39 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 28 10:26:11 2022 +0000" }, "message": "m/p/event/etcd: better handle update coalescing\n\nI wasn\u0027t able to replicate this in a test, but sometimes etcd sends\nmultiple events relating to the same key within a single entry in the\nwatch channel. I assume this happens when the etcd watcher client is not\nreading from the server fast enough.\n\nAnyway, when that happened, we\u0027d get a panic about duplicate keys in a\nnon-ranged call because of a logic bug in the entry coalescing (in which\nwe would not coalesce multiple updates to the same key, just updates\nwith the same key and value). Now we coalesce these too, and the bug\nseems to be gone.\n\nChange-Id: I36234cc1104ec96a38ad1566b9df75532df44bba\nReviewed-on: https://review.monogon.dev/c/monogon/+/800\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "9d9711884e042066b1f9ba51b7d9665596828748", "tree": "0759c534953500a5dae5d684eba80e5f45593445", "parents": [ "944cb53d38e1b506eb5dcb0ca17fa0811195b09f" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Jun 23 17:44:13 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Fri Jun 24 09:24:48 2022 +0000" }, "message": "m/p/event/etcd: provide logging for heisenbug\n\nI\u0027ve just had this panic(), but it didn\u0027t give me enough data to debug\nfurther. Wasn\u0027t able to replicate it yet, but whenever this happens\nagain we\u0027ll be able to hopefully figure out what went wrong.\n\nChange-Id: Id440ece88410d78eb720f353633c02db1a0f4588\nReviewed-on: https://review.monogon.dev/c/monogon/+/799\nTested-by: Jenkins CI\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "f8da2e7dfbcbb144ee894875e46c44a525e57c5c", "tree": "8a9d321de91d1816241d400bd167c67dcb472dfd", "parents": [ "2c6906a62a623d49c6a9c8529b26d692194c1dd5" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jun 14 12:39:32 2022 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jun 15 13:40:21 2022 +0000" }, "message": "m/pkg/pstore: add package to interface with pstore\n\nThis adds a package for interfacing with the Linux kernel\u0027s pstore\n(persistent storage) system. Currently only handles kmsg/dmesg-type logs\nas mce has an unknown format and I have no examples.\n\nChange-Id: I3089a53cdca224c7e6e04dd51a94035d7b2b880b\nReviewed-on: https://review.monogon.dev/c/monogon/+/769\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "ad10ecea0bf387c0093c7cb8ed7b873ccd039896", "tree": "bbc694c80fb2895dbf6824a4a7654f3bdb45b151", "parents": [ "9a6cc56da8f1f5b11eda7ff8ae1f4c7315891556" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue May 17 11:20:17 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed May 25 13:51:16 2022 +0000" }, "message": "m/pkg/value/etcd: fix test flakes on partitioning\n\nFixes monogon-dev/monogon#124\n\nChange-Id: Ib1224dc809901d8dea61a297c3d836bd35f160c5\nReviewed-on: https://review.monogon.dev/c/monogon/+/689\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "defff5220d4ed1123a85cf41300eeeeb558b7cc6", "tree": "9082dd3faaa58a3e219be579b0c7c6138b434b53", "parents": [ "a81096f56a337b5709e7cc692e89cb0e55e45708" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon May 16 17:28:16 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue May 24 15:31:20 2022 +0000" }, "message": "metropolis: fix tests using etcd\n\nEver since we bumped etcd, we have started calling\nintegration.BeforeTest. The correct call is BeforeTestExternal,\notherwise some internal-etcd-integration-test logic is invoked, which\nseems to break test error calls (!) in some cases (probably goroutine\nleak detection, which is enabled by default when using BeforeTest -\nwhich we don\u0027t care about, as we don\u0027t [yet] expect our tests to be fully\nclean).\n\nWe also have to modify the harnesses used by curator tests to\nsynchronously terminate the cluster on each test end. Otherwise, etcd\nwill fail due to conflicts on domain sockets on which test members\nlisten. Unfortunately, there doesn\u0027t seem to be an easy way to run each\ncluster/test in a totally separate, non-conflicting socket setup.\n\nChange-Id: I2fb1332edb35349b66af131684feb378ae3a13ee\nReviewed-on: https://review.monogon.dev/c/monogon/+/688\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "ed6bcacf756182ee62d249e3675ff050dcbc6800", "tree": "af1b4ea39b5a4ff2c9e1403748697b6869296938", "parents": [ "e11ffb67bab34f1faa439b13aeb2630d86714441" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed May 04 17:39:41 2022 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed May 04 17:49:54 2022 +0000" }, "message": "m/p/tpm: fix panic when unsealing corrupted data\n\nIf the Protobuf payload for the unseal operation is parseable but does\nnot contain a sealed_key member, the code panics trying to access it.\nThis adds an explicit check and returns a descriptive error when that\nhappens.\n\nChange-Id: I671958c69265a1e77207981a439a66dccda87064\nReviewed-on: https://review.monogon.dev/c/monogon/+/673\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "832bc77f0f0530059dd66b59cfd8a000b59b6251", "tree": "c063cc6398e410496844622ed9e2688f1e5c8116", "parents": [ "abe02eb86b64920be8aec862e380853be1fd3372" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Apr 07 12:33:01 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Apr 19 08:06:03 2022 +0000" }, "message": "m/p/event/etcd: handle spurious watch updates\n\nWith the recent etcd updates, we started seeing some failures in tests\nfor the etcd-backed Event Value library.\n\nThis seems to be due to etcd now sometimes returning \u0027spurious\u0027 watch\nupdates, in which a keyvalue is returned twice, with two separate\nrevision numbers, even though the underlying value has not been\nupdated.\n\nWe elect to deduplicate these within the event value library itself, if\nonly to make it less work for downstream users to do the same. This is\ndone be keeping a cross-watcher.Get map of key-\u003evalues, and filtering\nout updates which effectively do not update the data underneath.\n\nWe had one test relying on 1:1 correspondance between etcd puts and\nEvent Value backlogged Gets. However, the rest of our codebase does not\nmake this assumption, and it seems fair that this assumption doesn\u0027t\nmake sense alongside the intended use of the Event Value system in which\nwe deliberately and arbitrarily drop intermediate updates within a\nsingle Get call.\n\nChange-Id: I731a15b2d15ab6807bb95cb6c777c176dde22f0b\nReviewed-on: https://review.monogon.dev/c/monogon/+/654\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "fdc3a2473e4ebfd77db342252e1088882e01b2d6", "tree": "addfe894acce55d3088764cc49a6c1c3cee55573", "parents": [ "33ce3bcd5c4791cb66a3020b7792829c534c97c6" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Apr 06 15:56:38 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Apr 19 08:01:17 2022 +0000" }, "message": "third_party/go: fix `go mod tidy`\n\nThis makes our root repository somewhat more gomod-compliant, to the\npoint where we can run `go mod tidy` to manage dependencies.\n\nThe generated placeholder files turn their parent paths into enough of a\nGo package that the go tooling is appeased, but they are ignored by\nGazelle.\n\nIdeally, we will generate these placeholders automatically before\nrunning `go mod tidy` and gitignore them, but this will do as a first\npass.\n\nWe also remove some unused dependencies which got caught by `go mod\ntidy`.\n\nChange-Id: I81e7e92a45f22c8ef9c92207f67a5bd6cc773da5\nReviewed-on: https://review.monogon.dev/c/monogon/+/652\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "fe7134b0b25b620b6f40b1f41f37ab93fca6d3c0", "tree": "56bae6b492cb092f21723d3407e64258eb8b255f", "parents": [ "a393814a28df60f67fa6a39309a6d8604811ca95" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Fri Apr 01 15:46:29 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Apr 05 14:44:40 2022 +0000" }, "message": "m/pkg/socksproxy: init\n\nThis implements a simple SOCKS5 proxy server, which will be used within\nnanoswitch to expose multiple nodes to test code and metroctl.\n\nSome existing alternatives were considered, but none were in a healthy\nenough state to be usable within Metropolis. And, in the end, we only\nneed a small subset of an already simple standard, so implementing this\nourselves isn\u0027t a massive waste of time.\n\nChange-Id: Ifa4d4edf837b55b93cae9981028efef336ff2a3d\nReviewed-on: https://review.monogon.dev/c/monogon/+/646\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "8ca9c292b2b8e5aa83500f2065da56919ce7af41", "tree": "7e13b5cd63a4eb5a35c5e90178983b2360cd54e0", "parents": [ "d13c1c64387ca9a83bb832a3faa5c4b07268d265" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Apr 04 16:29:26 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Apr 05 13:53:02 2022 +0000" }, "message": "m/p/erofs: add character device test\n\nAlso, drive-by fix a misleading comment.\n\nChange-Id: Ic5dc2d16a0c2f453d55f0f698f06f30fd355098a\nReviewed-on: https://review.monogon.dev/c/monogon/+/649\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "d13c1c64387ca9a83bb832a3faa5c4b07268d265", "tree": "0c0f534db4726e4400486aad25235e8c573d455e", "parents": [ "79a1a8f9dd49afe8e0a2364c4586b8f39525b204" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Mar 30 19:58:58 2022 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Apr 05 10:35:29 2022 +0000" }, "message": "treewide: switch to gomod and bump everything\n\nThis switches version resolution from fietsje to gomod and updates\nall Go dependencies. It also bumps rules_go (required by gVisor) and\nswitches the Gazelle naming convention from go_default_xxx to the\nstandard Bazel convention of the default target having the package\nname.\n\nSince Kubernetes dropped upstream Bazel support and doesn\u0027t check in\nall generated files I manually pregenerated the OpenAPI spec. This\nshould be fixed, but because of the already-huge scope of this CL\nand the rebase complexity this is not in here.\n\nChange-Id: Iec8ea613d06946882426c2f9fad5bda7e8aaf833\nReviewed-on: https://review.monogon.dev/c/monogon/+/639\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "ec19b60842e905a4400e5f8b46b783a54d0a025a", "tree": "b4c0d22ef5dc693a21fef4e987d9c82457d816f6", "parents": [ "662182fd732fb523ee76bdc069f603bc378a6d2e" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 09 20:41:31 2022 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Fri Mar 11 11:00:50 2022 +0000" }, "message": "m/p/supervisor: wait for runnables to exit in TestHarness\n\nThis ensures that tests which aren\u0027t marked as parallel won\u0027t interfere\nwith eachother due to still running runnables (for example, gracefully\nterminating gRPC services listening on some stable port number).\n\nTo implement this, we add the Liquidator, a goroutine responsible for\nmaintaining a minimum viable supervisor processor which records all\nrunnables\u0027 exits. These can then be inspected by the TestHarness to\nensure that all runnables are truly dead.\n\nChange-Id: I436f9608d1e0e04796f7198b641e7d625df885f8\nReviewed-on: https://review.monogon.dev/c/monogon/+/625\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "662182fd732fb523ee76bdc069f603bc378a6d2e", "tree": "0dbebeb12a8be1de9f19d31d6c6319e005af749e", "parents": [ "74440ac441be981eb570dc37036e71bf25a04492" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Mar 10 14:06:48 2022 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Mar 10 16:24:34 2022 +0000" }, "message": "m/p/tpm: use secretbox with seal/unseal for larger payloads\n\nNatively the Seal/Unseal operation in the TPM 2.0 specification only\nsupports up to 128 bytes of payload. If you need to seal more than that\nthe specification tells you to generate and seal a key and use that to\nencrypt and authenticate the rest of the data. This CL implements said\nmechanism transparently as part of the Seal and Unseal functions using\na nacl-compatible secretbox as the authenticated encryption primitive.\n\nChange-Id: I0a724b12aae5e5151d103b52ed13b71c864076ab\nReviewed-on: https://review.monogon.dev/c/monogon/+/626\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "5a637b05610cfa0ecc7bfb5a6875f6c5fa98da11", "tree": "02db33e64d1574b71582b36c846d0d7bb79312a9", "parents": [ "fb0fb6db2a30038fecea4500ffd4281ad510c1d3" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Fri Feb 18 12:18:04 2022 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Mon Feb 21 11:58:32 2022 +0000" }, "message": "m/n/c/curator: inject Spans into RPCs, log events\n\nThis uses the new Span/Trace API in the RPC library to inject some spans\ninto all Curator RPC handlers, and converts a bunch of TODO: add logging\ncomments into Trace(ctx).Printf.\n\nChange-Id: Ie480fa7020246b60befa024e000f9e452daabe0c\nReviewed-on: https://review.monogon.dev/c/monogon/+/542\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "d9775a656cb709133407507b1e3a94793dd0ea49", "tree": "c836f791e5bd2c3e737f43fce279f0b803384006", "parents": [ "17c4c8bb0feaa0395b31757c8186521ec3c0d723" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Feb 15 13:28:55 2022 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Feb 15 20:10:48 2022 +0000" }, "message": "m/p/logtree: implement WithAddedStackDepth\n\nThis is a prerequisite to easily pass over trace-based events into\nlogtree. It allows a testing/Test.Helper()-like mechanism to skip some\nstackframes within a call tree to the logger in order to log pertinent\nlog origins instead of a wrapper.\n\nChange-Id: Ida9732f8505ff4a400e689045bea318a185f7983\nReviewed-on: https://review.monogon.dev/c/monogon/+/538\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "26d5225a142057b6eb04cff9ba86173a6682b626", "tree": "8b5d8b35d0cd629d467b1e01200c2f12a950a588", "parents": [ "cc078df2124306799c66786833746999259ea792" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Feb 07 15:57:54 2022 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Feb 08 13:00:46 2022 +0000" }, "message": "m/p/supervisor: implement sub-loggers\n\nThis permits logging from a runnable into a logtree sub-DN that is not\nbacked by an actualy child runnable. For example, \u0027root.foo\u0027 can request\na SubLogger with name \u0027bar\u0027 to emit logs into \u0027root.foo.bar\u0027.\n\nThis is in preparation for logging RPC calls within supervised\nrunnables, but can also come in handy in other situations where we\u0027d\nlike to log to separete \u0027topics\u0027 within a single runnable.\n\nThis breaks 1:1 correspondence between logtree DNs and supervisor DNs.\nAn alternative would be to introduce extra \u0027tags\u0027/\u0027topics\u0027 eg\nroot.foo:bar, but that would require encoding extra logic to the\nlogtree. However, that would perhaps allow us to introduce higher\ncardinality child loggers, with a logger per RPC. We\u0027ll have to consider\nthis at some later point.\n\nLet\u0027s see where this takes us, there\u0027s a chance we\u0027ll roll this\nback if it\u0027s too confusing from an UX point of view.\n\nChange-Id: Ibdee5c2b400bb8fce76b0a4f781914748793db0e\nReviewed-on: https://review.monogon.dev/c/monogon/+/536\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "ba1da9d64dddec392fd2ae8b495d339f4fe41883", "tree": "45de7129c77f263721e1a78cde453d11f49899cf", "parents": [ "8ed99764d8bd692f31e84c1ffed8b86df7bca2d6" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Tue Jan 25 19:12:02 2022 +0100" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Jan 31 08:34:28 2022 +0000" }, "message": "m/n/b/mkverity: produce a combined image\n\nmkverity was updated to output a copy of the source image, with Verity\nmetadata appended to it, instead of a separate hash image. This is\nneeded by the upcoming verity rootfs implementation.\n\nChange-Id: I2a311da6851dabf5a09d77551dc3e9d35bcc845f\nReviewed-on: https://review.monogon.dev/c/monogon/+/525\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "8b786897cc419483fa586fd620c3d725d7bd6a95", "tree": "1e4f582b8c2272b73970e4727171175320aeab7c", "parents": [ "57d06a7cfa461f367d4362ccecf4a2d66068a1f9" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jan 13 14:21:16 2022 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jan 13 16:46:06 2022 +0000" }, "message": "m/n/core: only warn if no TPM 2.0 has been found\n\nCurrently the TPM is basically unused. The only user is the generator of\nnode and cluster unlock keys, which get fed with both TPM and local entropy\nwhich marginally increases security.\nThis converts a missing TPM 2.0 into a warning and falls back to generating\nboth of those keys purely with Linux entropy, allowing Metropolis to boot\non hardware without a TPM 2.0.\n\nChange-Id: I910f9768ede554e5ec2c3a35079a6799d1ee9c8c\nReviewed-on: https://review.monogon.dev/c/monogon/+/514\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "57d06a7cfa461f367d4362ccecf4a2d66068a1f9", "tree": "b7ba9bd74e49faf8965b70bb7a4ee75632ed7b00", "parents": [ "8cde7ae0efa7dbef5d4d17759df5fd0a274db6fc" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jan 13 14:12:27 2022 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jan 13 15:41:41 2022 +0000" }, "message": "m/n/installer: wait for ESP block device to show up\n\nIn real-world hardware disks do not always show up before the kernel\nlaunches the init process. Wait up to 30s for the ESP to show up before\naborting because of that.\n\nChange-Id: I3f7972e699a06d6f9d0333fe0ae3355ae3ce9c73\nReviewed-on: https://review.monogon.dev/c/monogon/+/513\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "999e1db0130f148ac6e79e1acbb5ee68db1dcb64", "tree": "570784da91193e279b2777b809d6c4be55aa120e", "parents": [ "e78a08987e48aa5d9f77954886b7cc544f218638" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Nov 30 20:37:38 2021 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Thu Dec 09 17:51:43 2021 +0000" }, "message": "m/p/pki: implement CRLs\n\nThis implements revokation and CRL watching functionality in the main\nmetropolis PKI library, in preparation for use in the consensus library\n(which has full CRL support). In the future, this should also be\nextended to be used in Metropolis authentication/authorization.\n\nThis also introduces a breaking change by changing the layout of etcd\nstorage for the PKI library - but we\u0027re pre-MVP, so this is fine.\n\nChange-Id: If0775f5447a76949d8498d8853dd7b9c03e0e6dc\nReviewed-on: https://review.monogon.dev/c/monogon/+/465\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "612a0335e94100137d8d95cbaf43da328bfb2e80", "tree": "839adcb5b38bbf92f5bad000b44816499e324fa0", "parents": [ "290436425ac7e9f9c3a9c5a79520b48c623c95bd" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Wed Nov 17 20:04:52 2021 +0100" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Wed Dec 08 17:36:42 2021 +0000" }, "message": "efivarfs, osimage: fix boot entry handling\n\nefivarfs was updated to handle partition UUIDs in the mixed-endian\nformat [1], enabling it to produce correct boot entries. Its interface\nwas changed in the process, leading to further changes in osimage.\n\nIn addition, BootEntry.Marshal will replace any backslash with a\nforward slash in the EFI executable path.\n\n[1] https://en.wikipedia.org/wiki/Universally_unique_identifier#Encoding\n\nChange-Id: Ib8300e01fd1664d0c08bb033b1dc36addb925b20\nReviewed-on: https://review.monogon.dev/c/monogon/+/456\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "02d69e99f0c8ccdd9f53e5bc6c2a5e4ee26cbd83", "tree": "55c4d4efbb2c39c822f16cd988f153f6c9ba6694", "parents": [ "8cde8e70f3705cfdb6fa8ab298919df77ad9022d" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Fri Dec 03 17:21:38 2021 +0100" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Dec 06 12:27:04 2021 +0000" }, "message": "m/p/verity: add a missing copyright notice\n\nChange-Id: I330c3bf748c25b44a0616147b430b051bb8a5f99\nReviewed-on: https://review.monogon.dev/c/monogon/+/459\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "43e2107d9b76e8c1df0974c3125878ca64f2bb61", "tree": "3dbf072846ba3439240043f6f2f161f02d18ec50", "parents": [ "cb2dcf6c3ffa2d50293faa1708fad975ea237afa" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Fri Oct 08 18:05:29 2021 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Tue Nov 30 15:09:01 2021 +0000" }, "message": "m/{n,t}/installer: init\n\nThis adds partial implementation of the installer [1].\n\nIt needs to be integrated with the installer bundle to become\nfunctional.\n\n[1] https://github.com/monogon-dev/monogon/issues/44\n\nChange-Id: I6223e50dc02bc1ad1a8d1351b556ecba43f30a2f\nReviewed-on: https://review.monogon.dev/c/monogon/+/408\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "764a2de7911a42d57720911332a12895f0aad707", "tree": "dd0e31cee8fb5c753a762462e9eb16f776c3ec73", "parents": [ "e65731049afb6fd49da80f064fa40a28c9d5741d" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Nov 22 16:26:36 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Nov 22 20:39:51 2021 +0000" }, "message": "tree-wide: rewrite ioutil functions to their replacements\n\nThe ioutil package has been deprecated in Go 1.16 [1]. This CL removes\nall our own users of that package and rewrites them to use their\nreplacements in the os package. I initially wanted to do this with a\ngofix but because all replacements were signature-compatible I just\ndid it with a few string replaces and then ran goimports to fix up the\nimports.\n\nI intentionally didn\u0027t rewrite the patches as that would require a\ndifferent process and is IMO of less value.\n\n[1] https://github.com/golang/go/issues/42026\n\nChange-Id: Iac6663a1f1ee49f9b1c6e4b3d97e73f2c3b54a13\nReviewed-on: https://review.monogon.dev/c/monogon/+/449\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "5b60e581bdc1cd420a281e3a110367e310337850", "tree": "f5bf40f16039a685243f04ea64e4d279b3ab41ac", "parents": [ "5611447f05c85eb5d0b7f7c5865911b1d560ef66" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Wed Nov 10 19:57:17 2021 +0100" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Thu Nov 18 17:10:32 2021 +0000" }, "message": "m/p/efivarfs: add boot settings manipulation routines\n\nThis adds CreateBootEntry and SetBootOrder.\n\nBoth functions can be used to adjust EFI boot settings by writing to\nEFI variable files exposed through efivarfs.\n\nChange-Id: I0b1364357bcf1e8dabf24ef4046861924306e029\nReviewed-on: https://review.monogon.dev/c/monogon/+/436\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "6cefe518de0b964db90c1b10d57b8be47aa4448e", "tree": "c6ad847d934e0769c89c809e91077208f2a3adb3", "parents": [ "531e2c25995933a2e3110f5a53852bdbb5a2a39c" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Nov 08 18:19:42 2021 +0100" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Thu Nov 18 15:13:32 2021 +0000" }, "message": "m/p/efivarfs: import the EFI boot entry data type\n\nThis imports marshal.go from the Softmetal project.\n\nThe complete MIT license under which it was released was added at the\nstart of the file. It was renamed to boot.go which better reflects its\npurpose in its current context. The implementation was adapted for\nMetropolis.\n\nChange-Id: I41d1b10bf5105c52fa7de7695def5b6f3a9b192e\nReviewed-on: https://review.monogon.dev/c/monogon/+/427\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "531e2c25995933a2e3110f5a53852bdbb5a2a39c", "tree": "b8b8dd9d56e6aebb9eaab8225e5f31fc999d8db3", "parents": [ "ed86976004c8a9d8d06e787ece3d59b04dba11f9" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Nov 17 20:00:05 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Nov 18 14:12:47 2021 +0000" }, "message": "WORKSPACE: bump Linux to 5.15.2\n\nThis involves ripping out fsinfo because there now is quotactl_fd which\nhandles what we originally used fsinfo for. I also enabled a few new\ninteresting kernel features in the config like the Landlock LSM and\nKFENCE.\n\nChange-Id: Ic0a113893a437b2c8068d06984fdc386f34e6adb\nReviewed-on: https://review.monogon.dev/c/monogon/+/444\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "579015afff6be9d6c87c867b0645f254b9aeb2d8", "tree": "9d561def0da0671c67fd6aaea2e128e8dc01b432", "parents": [ "ad5b47d816f50f8f63f65b63861adea811ed85e8" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Nov 18 13:20:20 2021 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Thu Nov 18 12:34:46 2021 +0000" }, "message": "m/p/supervisor: deflake tests\n\nThis removes some poorly designed test code which attempted to\nsynchronize with a goroutine in a way that\u0027s unsound in Go\u0027s concurrency\nmodel. Instead of doing a non-blocking read and failing if there is no\nsending goroutine, we just block. Test timeouts will, in this case,\ncause the test to error out.\n\nChange-Id: I5338693c578c8eb8b494a1a651a04de6a54df15c\nReviewed-on: https://review.monogon.dev/c/monogon/+/445\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "c6c092be9c8774192867620d1df41c6014e20de1", "tree": "ea4b7ca337f1465bfb71298a578cee55977e96a1", "parents": [ "c2e3b1b7f29708fa136e9195645b31fce530c1f0" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Tue Nov 09 13:09:37 2021 +0100" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Tue Nov 16 13:18:01 2021 +0000" }, "message": "m/p/efivarfs: init\n\nThis adds a package supporting efivarfs operations.\n\nChange-Id: Ib0d0713a121efaa0ecdd7e70d8c9d27f4697f958\nReviewed-on: https://review.monogon.dev/c/monogon/+/426\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "8d45a0598ae83b8da89442ce8960e64f065182c7", "tree": "76fc262f260152be7be130ed2a078738e03073c2", "parents": [ "52304a8aa84604846e316e28c955b67e68c52f34" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Oct 18 17:24:24 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Nov 03 15:01:37 2021 +0000" }, "message": "m/pkg/event/etcd: implement ranged watchers\n\nThis adds a new mode of operation to etcd Values/Watchers in which a\nrange of etcd keys is watched for updates instead of a single key.\n\nThis allows the implementation of watching a collection of objects\nstored in etcd for updates, eg. the node state in the Curator.\n\nThis has been implemented within the existing API of Event Values, which\nis likely the biggest contention point of this change. An alternative\nwould be to design a separate API for multi-value use, but this should\nallow us to more easily integrate with the existing code. We make use of\nGo\u0027s options-as-varargs paradigm to not break any existing use of this\ncodebase.\n\nSome behaviour of the Get() operation in ranged context is left\nunderdefined, but none of the expected users of this codebase are\nexpected to depend on this. Once the dust settles a bit, we can attempt\nto formalize this more strongly.\n\nChange-Id: I8f84d74332765e52b9bbec04b626d00f05c23071\nReviewed-on: https://review.monogon.dev/c/monogon/+/419\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "ba7bf7dc83c15cbd94a1f71b7992df7d7fc7d752", "tree": "b3594e9440c82c099a5be021cabed1ab84a8f789", "parents": [ "1fd64a2ac8675eb532a8a01361c0b7251e8b9754" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Fri Oct 29 16:59:00 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Nov 02 19:49:35 2021 +0000" }, "message": "m/pkg/supervisor: log instances of runnables pending restart\n\nThis can be helpful to debug stuck runnables that cannot restart due to\nsome of their children not restarting yet.\n\nWe should probably also keep a list of \u0027stuck\u0027 runnables and expose them\nvia some introspection API?\n\nChange-Id: Ia6219f6e721987b0746cb5cd0e5f11c4edc01cc6\nReviewed-on: https://review.monogon.dev/c/monogon/+/415\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "1fd64a2ac8675eb532a8a01361c0b7251e8b9754", "tree": "819b0c9d2d4f5d22d792a13adc38663a05df7b4e", "parents": [ "d102ebed4e10b33db95f6d6ff0c7fbc7dbb6b614" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Fri Oct 29 16:59:40 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Nov 02 19:49:31 2021 +0000" }, "message": "m/p/logtree/unraw: close fifo on context cancel\n\nThis makes unraw runnables capable of being restarted instead of being\nstuck forever in canceling.\n\nChange-Id: I99d66d25b96644cc6a2da431fd4ca1873e552104\nReviewed-on: https://review.monogon.dev/c/monogon/+/416\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "826a9e94db7345bbb1932fa51049bc6e090391e3", "tree": "f602a0ec7c7f6d251be419b6e62014c65080a407", "parents": [ "27b6c4fd36a3e664cb9ed209e498404090d550a2" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Oct 05 21:23:48 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Oct 06 14:49:38 2021 +0000" }, "message": "m/pkg/logtree/unraw: deflake tests\n\nThis test was flaking quite seriously on CI, due to races between the\nsupervisor\u0027s test harness logging a startup message and the test\u0027s own\nlogging exercise logic.\n\nFixing that, I also spotted a rare flake that occurs when a\nNamedPipeReader restart races a write to the named pipe, possible\ncausing the write to be sent to the old but still running\nNamedPipeReader. We fix that in the test, as fixing this in the code\nitself is difficult and the resulting problem (a lost log line in this\nrare race condition) isn\u0027t that bad.\n\nChange-Id: If749798498acb9bf9e6557fd9cbcc441207b9726\nReviewed-on: https://review.monogon.dev/c/monogon/+/345\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "96043bc1cb55b1271b21309b2011d64d2361a0fd", "tree": "b4db59595d8635154de74b0a244a6bb28bc52d2d", "parents": [ "3379a5d0ffcd652031c135f2ffe7600272fa0093" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Oct 05 12:10:13 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Oct 05 17:29:16 2021 +0000" }, "message": "*: import reformats\n\nAs caused by my IntelliJ/gofmt locally. We really need to do gofmt\nchecks in CI, especially now that we nearly have the tooling ready for\nit.\n\nChange-Id: Id105ba9ad8a34b8b8e883d52d621d47b0ea888d7\nReviewed-on: https://review.monogon.dev/c/monogon/+/338\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "3379a5d0ffcd652031c135f2ffe7600272fa0093", "tree": "6c771e39336d5df9f7d956fadb9578b94b25b174", "parents": [ "6adf8840e846b15b7b34151c3432c886b540f420" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Sep 09 12:56:40 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Oct 05 17:13:53 2021 +0000" }, "message": "m/n/core: factor out gRPC/TLS into rpc and identity libraries\n\nThis is an annoying large change, which started its life as me pulling\nthe \u0027let\u0027s add tests for authentication\u0027 thread, and ended up in\nunifying a whole bunch of dispersed logic under two new libraries.\n\nNotable changes:\n\n - m/n/core/identity now contains the NodeCertificate (now called Node)\n and NodeCredentials types. These used to exist in the cluster code,\n but were factored out to prevent loops between the curator, the\n cluster enrolment logic, and other code. They can now be shared by\n nearly all of the node code, removing the need for some conversions\n between subsystems/packages.\n - Alongside Node{,Credentials} types, the identity package contains\n code that creates x509 certificate templates and verifies x509\n certificates, and has functions specific to nodes and users - not\n clients and servers. This allows moving most of the rest of\n certificate checking code into a single set of functions, and allows\n us to test this logic thoroughly.\n - pki.{Client,Server,CA} are not used by the node core code anymore,\n and can now be moved to kubernetes-specific code (as that was their\n original purpose and that\u0027s their only current use).\n - m/n/core/rpc has been refactored to deduplicate code between the\n local/external gRPC servers and unary/stream interceptors for these\n servers, also allowing for more thorough testing and unified\n behaviour between all.\n - A PeerInfo structure is now injected into all gRPC handlers, and is\n unified to contain information both about nodes, users, and possibly\n unauthenticated callers.\n - The AAA.Escrow implementation now makes use of PeerInfo in order to\n retrieve the client\u0027s certificate, instead of rolling its own logic.\n - The EphemeralClusterCredentials test helper has been moved to the rpc\n library, and now returns identity objects, allowing for simplified\n test code (less juggling of bare public keys and\n {x509,tls}.Certificate objects).\n\nChange-Id: I9284966b4f18c0d7628167ca3168b4b4037808c1\nReviewed-on: https://review.monogon.dev/c/monogon/+/325\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "356b896eb4c3db9608d637c775845a09fc20fd07", "tree": "af30addfbc8caba5275febf71847196f13aba8a5", "parents": [ "116c4a69dc90827d82023c362cbc26a17e188787" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Tue Aug 10 17:27:15 2021 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Tue Sep 28 12:14:43 2021 +0000" }, "message": "m/n/b/mkverity: refactor into VerityEncoder\n\nThe implementation was refactored into a stream-oriented VerityEncoder and exposed for use outside the mkverity tool. In addition, end-to-end tests were provided.\n\nChange-Id: I2d009ca8030d6a86e9d6dbe6d6ae60a3b84d2d74\nReviewed-on: https://review.monogon.dev/c/monogon/+/314\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "d7d6e0284de38cbeeb185ca17c0853b4b2c10ee9", "tree": "37e0b443caf904f0b78d423ba6580c1416f5bc11", "parents": [ "9ffa1f9577003ab70a6b483475874f3552d1ccc3" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Sep 01 15:03:06 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Fri Sep 03 11:15:40 2021 +0000" }, "message": "m/n/core/rpc: create library for common gRPC functions\n\nThis is the beginning of consolidating all gRPC-related code into a\nsingle package.\n\nWe also run the Curator service publicly and place it behind a new\nauthorization permission bit. This is in preparation for Curator\nfollowers needing access to this Service.\n\nSome of the service split and authorization options are likely to be\nchanged in the future (I\u0027m considering renaming Curator to something\nelse, or at least clearly stating that it\u0027s a node-to-node service).\n\nChange-Id: I0a4a57da15b35688aefe7bf669ba6342d46aa3f5\nReviewed-on: https://review.monogon.dev/c/monogon/+/316\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "9ffa1f9577003ab70a6b483475874f3552d1ccc3", "tree": "a688d02424e8601ed830d12021b5867688d31438", "parents": [ "6bd415920b84bd695038caeb386f1e97184f0c51" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Sep 01 15:42:23 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Thu Sep 02 10:38:15 2021 +0000" }, "message": "m/n/core/curator: authenticated RPC\n\nThis adds authentication middleware (server interceptors) for gRPC\nservices running on the public curator listener.\n\nMost of this code is testing harnesses to start up just the curator\nlistener with enough of a PKI infrastructure copy from a real Metropolis\ncluster to be able to start running tests against GetRegisterTicket.\n\nChange-Id: I429ff29e3c1233d74e8da619ddb543d56bc051b9\nReviewed-on: https://review.monogon.dev/c/monogon/+/311\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "031243f5a276726080a92410f7d3503e5870ed49", "tree": "ab582e63dccf71c27e916d23ea24d5f250774d41", "parents": [ "cbeb8a01de2ac264f41b403b6fdc33dca7b5e568" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Aug 24 12:14:27 2021 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Aug 26 16:02:23 2021 +0000" }, "message": "m/p/devicemapper: fix GC closing control fd\n\nThe devicemapper package stored a reference to its control file\ndescriptor as a uintptr after opening it thorugh os.Open(). This is a\nproblem as os.newFile (internally called by os.Open) sets a finalizer\non the os.File which closes the fd as soon as the object is GCed.\nBecause no such reference was kept by the devicemapper package, the GC\ncould end up closing the fd.\n\nTo fix this, the package now keeps the original os.File around and\njust grabs an Fd as necessary. While we\u0027re at it, let\u0027s make the\ncontrol file descriptor implementation threadsafe.\n\nChange-Id: I6f7e0a398f28c1141627904ccbd2d99dd248bc78\nReviewed-on: https://review.monogon.dev/c/monogon/+/310\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\nVouch-Run-CI: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "b9044c888097757c36933062f27b5f5ee103ee5f", "tree": "b07722231a9cf0fd3c0b81486bd637e11cbd7b6b", "parents": [ "3bb23219009a98643a562b1e59e3a4080f422c51" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Aug 24 11:59:47 2021 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Aug 24 16:12:52 2021 +0000" }, "message": "m/p/devicemapper: make parameter encoding part of package\n\nThe DM kernel interface gets a single parameter string for each DM\ntarget in a table but internally the kernel immediately decodes it into\nan argv-style list of string arguments. Because everything needs to do\nit and it can be quite hard to get right, let\u0027s make it part of the\ndevicemapper package. Properly encoding this also means you get\nactionable errors when you pass invalid data instead of weird kernel\nerrors or misbehavior.\n\nChange-Id: I8060871a7459183c0395e5e4e8aac517544b2e87\nReviewed-on: https://review.monogon.dev/c/monogon/+/309\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "a41caacc71418f7307d851fad95991cf80bdcb41", "tree": "cbcf9af76f29ccb94b7c2b94d75f1e8eb39cfb3d", "parents": [ "5253884d51cb64c1d1afcb2d7b969f7c2b50b302" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Aug 12 17:00:55 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Thu Aug 19 10:20:55 2021 +0000" }, "message": "m/pkg/pki: forbid External/Managed certificates without name\n\nThis ensures any stored certificates must have a name set - otherwise\nthey end up being created with an empty string as a name, and end up\ncolliding with eachother.\n\nChange-Id: I9e415b6ff89dbda179526920d58e33e638a28cec\nReviewed-on: https://review.monogon.dev/c/monogon/+/286\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "5253884d51cb64c1d1afcb2d7b969f7c2b50b302", "tree": "10a6bf03472e9c14da2515ea7755d74bb3f660e6", "parents": [ "99f477412a2e701f89f7698be1dd432adcfff17c" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Aug 11 16:22:41 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Thu Aug 19 10:20:55 2021 +0000" }, "message": "m/pkg/pki: refactor, allow for external certificates\n\nThe pki library supported managing certificates in two modes:\n\n - default, when name !\u003d \"\"\n - volatile/ephemeral, when name \u003d\u003d \"\"\n\nThe difference between the two being that default certificates were\nfully stored in etcd (key and x509 certificate), while volatile\ncertificates weren\u0027t stored at all. However, both kinds needed private\nkeys passed to the pki library.\n\nWe want to be able to emit certificates without having private keys for\nthat certificate, so we end up a third mode of operation: \u0027external\ncertificates\u0027. These are still stored in etcd, but without any\ncorresponding private key.\n\nIn the future we might actually get rid of ephemeral certificates by\nexpanding the logic of external certificates to provide a full audit log\nand revocation system, instead of matching by Certificate Name. But this\nwill do for now.\n\nWe also use this opportunity to write some simple tests for this\npackage.\n\nChange-Id: I193f4b147273b0a3981c38d749b43362d3c1b69a\nReviewed-on: https://review.monogon.dev/c/monogon/+/263\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "257acab41f5a35575ca0f2dbc9568b1bd75d2570", "tree": "fdc41d8de424f74525b7a92024c12f00ed8928fa", "parents": [ "1445396219351e711f82d4cebad6e84a46553bda" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Aug 10 12:36:17 2021 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 11 11:28:06 2021 +0000" }, "message": "m/p/devicemapper: Support creating read-only devices\n\nI originally thought this is not going to be needed as R/W control can be done through devicemapper itself, but verity requires a read-only table.\n\nWhile we\u0027re here let\u0027s also add some doc comments to the Target struct.\n\nExisting functionality is covered by existing tests, read-only functionality will be exercised by verity tests once they land.\n\nChange-Id: Ib76bcffb14b5fe40d8d77bd9731b591d0d8cf22f\nReviewed-on: https://review.monogon.dev/c/monogon/+/262\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "2098b98c7deaf9115742cf73071f888e0513cf2f", "tree": "6037aec601525299a09d8996f4ebe0c1e4a91674", "parents": [ "79fc1e9fd6ee8777f097ab251b828d82e33b7bad" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Jul 07 15:13:46 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Wed Jul 07 15:34:42 2021 +0000" }, "message": "m/pkg/combinectx: reformat\n\nSeems like this slipped past the cracks on original review - we should\nadd CI for this.\n\nChange-Id: I35cc1d14710109d4d2d0a60b573400b65cb7d350\nReviewed-on: https://review.monogon.dev/c/monogon/+/212\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "ebe025936fc86f53e7316f894f54dd6ef9b0a9d7", "tree": "0dd0a48c297e69a8bcbe53ef65d3dba7f53961a3", "parents": [ "020b7c53a59f7f4e31976d7b3f08011dadb1c9c4" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Jul 07 14:23:26 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Wed Jul 07 13:45:29 2021 +0000" }, "message": "m/pkg/logtree/unraw: implement\n\nThis is another part of the generic external leveled log ingestion\nmechanism. This parts takes care of ingesting external data either by\nexposing an io.Writer or a named pipe on the filesystem from which\nexternal logs are parsed and then inejcted into the logtree.\n\nChange-Id: Ie2263496ca4d50220abdd8e4d37a35730d127319\nReviewed-on: https://review.monogon.dev/c/monogon/+/208\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "020b7c53a59f7f4e31976d7b3f08011dadb1c9c4", "tree": "9c6b8ea68b0a4db7d4a8b90b636feff712998235", "parents": [ "f8a8e65685cb621dc7fb39043a6d01caee5dcaf0" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Jul 07 14:22:28 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Wed Jul 07 13:45:21 2021 +0000" }, "message": "metropolis/pkg/logtree: allow logging external leveled payloads\n\nThis is in preparation for making the mechanism to ingest external\nlogging more generic (currently we have an ad-hoc solution for klog, but\nwe now also want to implement one for etcd).\n\nChange-Id: I6e6f656e5d83ad22d67a81fbeb87c8d369796e18\nReviewed-on: https://review.monogon.dev/c/monogon/+/207\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "f8a8e65685cb621dc7fb39043a6d01caee5dcaf0", "tree": "db6142898e003969628a3ec879f6af77780f8da4", "parents": [ "f0b4da54afc17f4b2b1c31ddb9433ee888aea699" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Jul 06 16:23:43 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Wed Jul 07 13:36:48 2021 +0000" }, "message": "m/pkg/{logtree,supervisor}: add test helpers\n\nThis adds two functions:\n\n logtree.PipeAllToStderr\n supervisor.NewHarness\n\nThese are designed to simplify tests that exercise code which expects to\nbe run as a supervisor runnable and/or have access to a logtree\ninstance.\n\nChange-Id: Ibce77aa4927515af7c273d07ced15215ff456ecc\nReviewed-on: https://review.monogon.dev/c/monogon/+/205\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "35e43d133a16750adfa1683473f5c2648a010b1a", "tree": "6aa1e8bcebd03a74b3950128436c5a37268d87c0", "parents": [ "3c885deeda9ab560ee29e94159782ce4323af80e" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Jul 06 13:12:14 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Wed Jul 07 13:24:21 2021 +0000" }, "message": "m/pkg/supervisor: move internal testhelpers\n\nThese are helper functions used for internal supervisor tests. This move\nis in preparation for writing the other kind of \u0027test helers\u0027: ones that\nare used by tests in other libraries when interacting with supervisor\ntypes.\n\nChange-Id: I64efe19b68c7c244ad426167565b0083a1b86fcf\nReviewed-on: https://review.monogon.dev/c/monogon/+/204\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "fac8b2e265836dea105e8463a3a22b189764fd3f", "tree": "0f78f138d0095d99a1bf529e29c29cb668a1f0b4", "parents": [ "b9013af7fa0247191099ec1f471a2d751537f545" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue May 04 12:23:26 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Tue Jun 08 10:23:53 2021 +0000" }, "message": "m/pkg/event: split out ValueWatch from Value\n\nSummary:\nThis implements a small TODO, letting the etcd Value implementation only\nimplement the Watch part of the interface.\n\nTest Plan: Refactor.\n\nChange-Id: I9ccd73ce4d165182d9588387230e71bcb425ab94\nReviewed-on: https://review.monogon.dev/c/monogon/+/122\nReviewed-by: Lorenz Brun \u003clorenz@nexantic.com\u003e\n" }, { "commit": "4166a71f51d9546c1dfd9f99b5fdffcb9301b57b", "tree": "a1e5341a9b71f973e1c24734872b0e1cc897f93c", "parents": [ "c89df2f0de65533e0801c6472cc4cee8b13cd761" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Jun 07 21:58:54 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Tue Jun 08 00:02:06 2021 +0000" }, "message": "m/pkg/combinectx: implement\n\nThis implements combinectx, a Go library for combining two contexts into\na single one. We need this for the new curator logic (where we want to\ncancel RPC calls both when the incoming request gets canceled but also\nwhen leadership status changes), and this functionality has been\nfactored out as a reusable, generic library.\n\nPrior art:\n\n1) https://github.com/golang/go/issues/36503\n Proposal to add Merge() to context stdlib package. Unimplemented.\n\n2) https://github.com/teivah/onecontext\n Complex reflect-based logic for arbitrary amount of contexts to join,\n no functionality to detect which context caused the joined context to\n be canceled.\n\n3) https://github.com/LK4D4/joincontext\n No functionality to detect which context caused the joined context to\n be canceled.\n\nChange-Id: I774607da38b06c192ff0fee133eb258abd500864\nReviewed-on: https://review.monogon.dev/c/monogon/+/123\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "c89df2f0de65533e0801c6472cc4cee8b13cd761", "tree": "b65e4c12ab0c629dcc311335ad0151e1b19f3bbe", "parents": [ "dcf654592593e4ad897bfb34a5a9238a3223cca4" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Apr 27 15:51:37 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Mon May 31 16:51:31 2021 +0000" }, "message": "m/pkg/event/etcd: implement etcd-backed Value\n\nThis implements Event Value stored in etcd, with each Value\ncorresponding to a single KV value stored in etcd.\n\nComes with more lines of unit tests than lines of code.\n\nChange-Id: I5514f211ded6640836ed801ddaf1b2fcc31ae552\nReviewed-on: https://review.monogon.dev/c/monogon/+/64\nReviewed-by: Lorenz Brun \u003clorenz@nexantic.com\u003e\n" }, { "commit": "216fe7b3ae949376467f626f339423a31ea7da97", "tree": "b0fe587b671a76bf6229339825d2a61df7fc847b", "parents": [ "6ebdc418f3c4799c12368e34ea78dc9c9757fb54" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri May 21 18:36:16 2021 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri May 28 17:54:03 2021 +0200" }, "message": "*: reflow comments to 80 characters\n\nThis reformats the entire Metropolis codebase to have comments no longer\nthan 80 characters, implementing CR/66.\n\nThis has been done half manually, as we don\u0027t have a good integration\nbetween commentwrap/Bazel, but that can be implemented if we decide to\ngo for this tool/limit.\n\nChange-Id: If1fff0b093ef806f5dc00551c11506e8290379d0\n" }, { "commit": "68ca5eebd0ccd00a2d60eb42289c64357fb2e83f", "tree": "5706f5b4fa8dc44775dbabe24cd577f1d37a0422", "parents": [ "93bba15a0059da200a5d09a2bd7ec5ed5a667c60" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Apr 27 16:09:16 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue May 11 12:09:33 2021 +0200" }, "message": "m/pkg/event: move MemoryValue to subpackage\n\nThis keeps metropolis/pkg/event as a pure interface package, and\nmoves the memory-backed implementation to a subpackage.\n\nTest Plan: Refactor, coevered by tests.\n\nX-Origin-Diff: phab/D764\nGitOrigin-RevId: 1337bf55a7752293791b3efe8648bbf5f6e6e9e1\n" }, { "commit": "9956e72c6c0b4f6436dc9493bc213965ee0cc191", "tree": "7842ac67432e3a187dda6a2dcb46d11088934159", "parents": [ "dca59d924dac4345099e5acd99405b5451d29cdb" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Mar 24 18:48:55 2021 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Apr 13 11:03:53 2021 +0200" }, "message": "Add Loop Device package\n\nThis adds Loop device support in our Linux kernel and adds a Go package for working with them.\nIt also drive-by adds a pre-mounted tmpfs to ktest as that is quite useful in a lot of situations.\n\nTest Plan: Comes with ktests.\n\nX-Origin-Diff: phab/D745\nGitOrigin-RevId: fa06bcdddc033efb136f56da3b4a91159273bf88\n" }, { "commit": "056042962060369bd7607ecfea51c515fc3a8140", "tree": "86a6dbf7b1781ed2f5baf332938d4e8211353112", "parents": [ "0ab4edafde3eb22e111e75d6aa5e29faa92c30ca" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Mar 12 17:47:21 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Mar 12 17:47:21 2021 +0100" }, "message": "m/node/kubernetes: parse klog output from services\n\nThis translates Kubernetes\u0027 logging ingo logging that we can\nquery/filter more easily.\n\nTest Plan: We don\u0027t test resulting logs from the system, and I\u0027m not sure we should?\n\nX-Origin-Diff: phab/D716\nGitOrigin-RevId: ba3f42b9a4e3172bf058bd7dce4283f50dc8e69d\n" }, { "commit": "0ab4edafde3eb22e111e75d6aa5e29faa92c30ca", "tree": "8931f10cd69309ece470c38c3a062ef74f3699a5", "parents": [ "9411f7c2ed0afbbf617075ab37901addc76fadfb" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Mar 12 17:43:57 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Mar 12 17:43:57 2021 +0100" }, "message": "m/pkg/logtree: implement klog parsing\n\nThis adds logtree.KLogParser, a shim which parses klog/glog-formatted\nlines into logtree leveled logging.\n\nThis will be used to consume logs from external components (like\nKubernetes services) into leveled logging inside logtree.\n\nAn alternative would be to switch all Kubernetes components to\n\u0027structured\u0027 (JSON) logging - but that seems to still be experimental,\nand does not exactly map into something that we can log further. Maybe\nin the future we can switch over, and also copy these over into our own\nbinary/structured logging.\n\nTest Plan: Adds unit tests for parsing, which is the most tricky part.\n\nX-Origin-Diff: phab/D715\nGitOrigin-RevId: 9994d819f15c9542800d488f57c83ab945a35d34\n" }, { "commit": "9411f7c2ed0afbbf617075ab37901addc76fadfb", "tree": "f1f62aa538ba3c2265815d2dbe942377264850a5", "parents": [ "0de189355c6afad6f677029d90fa40dee824141b" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Mar 10 13:12:53 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Mar 10 13:12:53 2021 +0100" }, "message": "m/node/kubernetes/pki: refactor out CA functionality\n\nThis factors out all non-k8s-specific CA functionality from\nmetropolis/node/kubernetes/pki into metropolis/pkg/pki.\n\nThis will allow us to re-use the same PKI-in-CA system to issue\ncertificates for the Metropolis cluster and nodes.\n\nWe also drive-by change some Kubernetes/PKI interactions to make things\ncleaner. Notably, this implements Certificate.Mount to return a\nfileargs.FileArgs containing all the files neede to use this\nCertificate.\n\nTest Plan: covered by current e2e tests. An etcd harness to test this independently would be nice, though.\n\nX-Origin-Diff: phab/D709\nGitOrigin-RevId: bdc9ff215b94c9192f65c6da8935fe2818fd14ad\n" }, { "commit": "ddd6caff9edac56dad727a79eb5b0faf4dbd6cb9", "tree": "120710eb4a9acf0c3ad1086d9f6f6f3c850a0d70", "parents": [ "bcae658f9530e95cde2ac931beacae71c9fb240e" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Mar 04 17:16:04 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Mar 04 17:16:04 2021 +0100" }, "message": "Build mkfs.xfs using rules_cc\n\nThis drops the old big genrule for mkfs.xfs and replaces it with a nice rules_cc build system\nwith the help of bazel_cc_fix generated patches and our musl-based toolchain.\nWhile we\u0027re at it I bumped the versions of all related dependencies to their latest stable release.\nThis also means pulling in ini.h which is a dependency of the new xfstools version.\n\nInstructions to regenerate the patches are included in the spec files.\n\nToolchain selection is done by the existing transition in our rootfs rule so we automatically get a musl-built\nstatic binary when building for the rootfs.\n\nTest Plan: Tested with E2E tests, should fail fairly catastrophically if something were wrong.\n\nX-Origin-Diff: phab/D708\nGitOrigin-RevId: 648a05cdd08cfa84a8a9f4c057c52446e7005631\n" }, { "commit": "c00318e448212b01a8121059be3c3e9b35bd13a7", "tree": "38011616a2112e14591da1b06ac65ac8ec75b372", "parents": [ "32d73486f4ea778cd3ea58e2d579e862cf67fb9c" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Mar 03 12:39:24 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Mar 03 12:39:24 2021 +0100" }, "message": "m/pkg/event: implement\n\nThis specifies event.{Value,Watcher}, an interface for data that might\nbe updated by its producer, and which is watched for such updates by\nmultiple consumers.\n\nIt also implements MemoryValue, a Value that is stored in memory.\n\nTest Plan: adds unit tests.\n\nX-Origin-Diff: phab/D706\nGitOrigin-RevId: 271fd4e88969817b66318d3e03d50b70cf2819b8\n" }, { "commit": "5999e92b2da34cbbd50391327ec01081a91866ee", "tree": "164e447b7d17e89f2b1046c3da51af141deaa08b", "parents": [ "3a99c590543394ceb5260282ef8e924b44e8eef8" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jan 27 18:53:54 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jan 27 18:53:54 2021 +0100" }, "message": "Bump Linux kernel to 5.10\n\nThis bumps our Linux kernel to 5.10. There\u0027s one minor fix in fsinfo accounting for the fact that strings are\nnow null-terminated. While debugging this I also drive-by fixed a minor typing issue in quotactl.go.\n\nThis drops support for the old initramfs loading method (which was the driving force for the EROFS changes)\nas refactors in the kernel made the patch we carried until now non-viable. Nothing uses it anymore, everything is\neither a microvm-style machine which doesn\u0027t use EFI and thus doesn\u0027t suffer from the issue or uses EROFS.\n\nTest Plan: No new functionality, should be covered by E2E tests.\n\nX-Origin-Diff: phab/D697\nGitOrigin-RevId: d8e40954abb66cb082eecbca372b94a7e40b84a8\n" }, { "commit": "10b9ee96d4c2b8a011af4cd4db3390c1fd1ddf93", "tree": "ea0ca7da66e44cc52defa1a307e47642ca83a150", "parents": [ "2073ce34e57b0be3cedd39b8934869abb6f73582" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Feb 10 12:14:23 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Feb 10 12:14:23 2021 +0100" }, "message": "erofs: Don\u0027t modify caller\u0027s data\n\nThe erofs library\u0027s directory writer appends data to parameters. Because of the way slices work in Go this\nresults in the caller\u0027s data being changed, which is obviously undesirable. Fix this by making a copy first.\n\nTest Plan: Minimal change, should be covered by existing tests\n\nX-Origin-Diff: phab/D703\nGitOrigin-RevId: ebf473c1049e5e8035802382220aba98c4498877\n" }, { "commit": "378a4455aedda838f60c546e55199092f24952ed", "tree": "aa78b858535224fe8c9b24c2ff7e9ed2c903080b", "parents": [ "74e8e5c35fea1ec9ce13c8a2d16100bab45d42d9" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jan 26 13:47:41 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jan 26 13:47:41 2021 +0100" }, "message": "Add EROFS library\n\nThis adds a library to write EROFS filesystems. It supports most of the non-deprecated features the\nfilesystem supports other than extended inodes (which have no benefits for most use cases where EROFS would be\nappropriate). EROFS\u0027s variable-length extent compression is partially implemented but it requires an LZ4\ncompressor with support for fixed-size output which Go\u0027s https://github.com/pierrec/lz4 doesn\u0027t have. This means\nthat VLE compression is currently not wired up.\n\nThis will be used later as a replacement for our current initramfs-based root filesystem.\n\nTest Plan: Has both integration and some unit tests. Confirmed working for our whole rootfs.\n\nX-Origin-Diff: phab/D692\nGitOrigin-RevId: 8c52b45ea05c617c80047e99c04c2b63e1b60c7c\n" }, { "commit": "f12bedfa4cd144c3abc4deac58405067d55f9c87", "tree": "ddbc408e424a0ea8e446bcf0022ee16278202d63", "parents": [ "c3ad846e0eaf4cf008130a643ff247aa27531e17" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Jan 15 16:58:50 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Jan 15 16:58:50 2021 +0100" }, "message": "*: bump up Go dependencies\n\nThis started off as \u0027let\u0027s bump gVisor\u0027. However, pulling that thread\nresulted in quite a few things that also required bumping for the build\nto actually work. Here I come back from a day in the Bazel mines,\nbearing fruits of my labor.\n\nNotable changes:\n\n - bump up gVisor\n - bump up containerd\n - bump up Bazel\n - bump up rules_go, rules_docker, Gazelle\n - use google.golang.org/protobuf (the \u0027new\u0027 go proto package)\n - bump up gRPC (but not too much, as go-etcd is still straggling)\n\nNotable effects:\n\n - new gVisor supports TTY allocation (kubectl run -it\n --image\u003dubuntu:20.04 ubuntu bash now works!)\n\nNotable notes:\n\n - gVisor shim has new been rolled into the main gVisor package and is\n slightly easier to build (we can get rid of a bunch of patches).\n - Opencontainers\u0027 runtime-specs now follow containerd instead of gVisor\n - gVisor had to be taught to use the slightly newer runtime-specs via a\n new patch.\n - go_rule() in Starlark is now deprecated, and we had to change our\n Starlark rule definitions to use rule() instead. We also had to patch\n gVisor to do that (as there hasn\u0027t yet been a release that rolled\n this up).\n - Gazelle now supports different naming schemes for generated Go\n targets - either the old //foo/bar:go_default_library scheme, or a\n new and nicer //foo/bar:bar scheme. We currently force the usage of\n the old scheme, as switching over is probably not going to be easy\n (we use a lot of external Bazel files, and we have to wait for their\n compatibility with the new scheme first).\n - New Bazel/rules_go sets a TMPDIR long enough to generate paths (via\n ioutil.TempDir) to which sockets cannot be bound (108-byte limit).\n - The new protobuf API is incompatible with gogoproto. containerd/ttrpc\n uses gogoproto, but we are smart enough to pull in the old protobuf\n library as gogoproto\u0027s transitive dep. However, ttrpc also wants to\n use some proto-generated grpc bits, and that doesn\u0027t work. We have to\n pull in a ttrpc fork from a PR that hasn\u0027t yet been merged that fixes\n this issue.\n\nTest Plan: Refactor only, should be covered by tests.\n\nX-Origin-Diff: phab/D689\nGitOrigin-RevId: 1188c0605d25e7f40307fab5fd96e7019f3a9171\n" }, { "commit": "31370b07f0df2dc2765d812d4ce00a6b35185b16", "tree": "15563902eee9591083284441c8505b084b275d0a", "parents": [ "313816f41244d7520eb2b6f8c231328ee5b7a4ef" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 16:31:14 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 16:31:14 2021 +0100" }, "message": "*: git.monogon.dev -\u003e source.monogon.dev\n\nThis implements T882, setting our (virtual) GOPATH to source.monogon.dev\nfor this repository.\n\nTest Plan: Refactor, CI only.\n\nX-Origin-Diff: phab/D686\nGitOrigin-RevId: c5e2309089948ffc3a98e68e2e0e1cbb157d3a36\n" }, { "commit": "0be9be88224dd87eedb10436b11615fa59862271", "tree": "2cffcd0ca273ada48c0b42a36bd25bb1cc2da35c", "parents": [ "549b72b2d65051403301f53111509f77e88b379b" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 15:23:44 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 15:23:44 2021 +0100" }, "message": "metropolis: Lock down visibility rules\n\nThis formalizes the package structure introduced by D683.\n\nTest Plan: Pure refactor, CI only.\n\nX-Origin-Diff: phab/D684\nGitOrigin-RevId: 574aa14c71faf94f4a5c02a2110e2e3fef7d36ac\n" }, { "commit": "549b72b2d65051403301f53111509f77e88b379b", "tree": "b4e523d5d17e8130545e58b58870b4a18118a780", "parents": [ "696f39abb19ffcca03e9fc5a98681338216b1e7f" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 14:54:19 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 14:54:19 2021 +0100" }, "message": "metropolis: unify utility packages\n\nOne last sweeping rename / reshuffle.\n\nWe get rid of //metropolis/node/common and //golibs, unifying them into\na single //metropolis/pkg meta-package.\n\nThis is to be documented somwhere properly, but here\u0027s the new logic\nbehind selecting where to place a new library package:\n\n - if it\u0027s specific to k8s-on-metropolis, put it in\n //metropolis/node/kubernetes/*. This is a self-contained tree that\n other paths cannot import from.\n - if it\u0027s a big new subsystem of the metropolis core, put it in\n //metropolis/node/core. This can be imported by anything in\n //m/n (eg the Kubernetes code at //m/n/kubernetes\n - otherwise, treat it as generic library that\u0027s part of the metropolis\n project, and put it in //metropolis/pkg. This can be imported by\n anything within //metropolis.\n\nThis will be followed up by a diff that updates visibility rules.\n\nTest Plan: Pure refactor, CI only.\n\nX-Origin-Diff: phab/D683\nGitOrigin-RevId: 883e7f09a7d22d64e966d07bbe839454ed081c79\n" } ] }