)]}'
{
  "log": [
    {
      "commit": "2983d7285fe019f943f1b722f26a0f2e959c5f80",
      "tree": "f6b5056682bef41597d02347dff0d523916d196f",
      "parents": [
        "e28e1b3556feb786c71f161b357fcf6899e44c19"
      ],
      "author": {
        "name": "Leopold Schabel",
        "email": "leo@nexantic.com",
        "time": "Wed Oct 23 12:16:42 2019 +0200"
      },
      "committer": {
        "name": "Leopold Schabel",
        "email": "leo@nexantic.com",
        "time": "Wed Oct 23 12:16:42 2019 +0200"
      },
      "message": "Improve Bazel Fedora build container handling and cache repository downloads\n\nAdds lifecycle management scripts for the dev container and a \"bazel\" wrapper script, which sets container-only startup options.\n\nReplaces /dev/null bind mounts by SELinux contexts for container breakup prevention, since newer podman versions managed to somehow break the ordering of mounts and mounting on top of a volume gives ENOENT. This requires a placeholder .arcconfig.\n\nOn Fedora, SELinux prevents the container from accessing /dev/kvm, which requires a custom policy (see rWa716c988d69e).\n\nDesign considerations:\n\n- The build cache is on a tmpfs. This avoids fuse-overlayfs overhead. If the container is recreated, we want to drop the build cache - Bazel does not track ambient dependencies, so we do not know if we need to rebuild anything (like after upgrading a compiler).\n\n- The repository cache contains just workspace dependencies and is mounted as a volume.\n\nThe repository caches does not work terribly well yet, we probably need to mount parts ~/.cache/bazel as well. podman always mounts volumes as noexec, so this is not as straight-forward as it looks.\n\nTest Plan:\nRan the commands from the README as my unprivileged workstation user.\nSmalltown was built and launched successfully.\n\nX-Origin-Diff: phab/D198\nGitOrigin-RevId: aff720d2862cdf5d1df67813d842d221d69a84c0\n"
    },
    {
      "commit": "e28e1b3556feb786c71f161b357fcf6899e44c19",
      "tree": "4bc2b91b2e276c6e7ee4131ab0c76eec4ec391fa",
      "parents": [
        "5c80acaec733e0b7c43cb0584cdeb7cebc826aa9"
      ],
      "author": {
        "name": "Lorenz Brun",
        "email": "lorenz@nexantic.com",
        "time": "Tue Oct 22 19:20:34 2019 +0200"
      },
      "committer": {
        "name": "Lorenz Brun",
        "email": "lorenz@nexantic.com",
        "time": "Tue Oct 22 19:20:34 2019 +0200"
      },
      "message": "Fix Bazel on properly sandboxed execution\n\nTest Plan: Tested by launching VM\n\nX-Origin-Diff: phab/D199\nGitOrigin-RevId: d27f09e62067082ca0d6f40510c851752094b481\n"
    },
    {
      "commit": "5c80acaec733e0b7c43cb0584cdeb7cebc826aa9",
      "tree": "f7db6de47e4ef38599da89dd4f1082c65569ca03",
      "parents": [
        "a71b5a4c36d5cae089666eaad57514c64baf6f24"
      ],
      "author": {
        "name": "Leopold Schabel",
        "email": "leo@nexantic.com",
        "time": "Tue Oct 22 15:48:58 2019 +0200"
      },
      "committer": {
        "name": "Leopold Schabel",
        "email": "leo@nexantic.com",
        "time": "Tue Oct 22 15:48:58 2019 +0200"
      },
      "message": "Replace build system with a Bazel-based one\n\nThis pins our external dependencies and introduces a mostly-hermetic build where all dependencies are explicitly declared and rebuilt if needed.\n\nNecessary prerequite for a proper CI workflow. Since Bazel can cache build artifacts, we can remove the hardcoded binary artifacts from the repo.\n\nAs suggested in our discussions, the genrule that builds mkfs.xfs is basically doing the same as the previous build_artifacts.sh script (see source code comments for rationale).\n\nThe main issue at this point is that the `build/linux_kernel:image` target rebuilds the kernel each time any of its inputs (like cmd/init)\nchange. This is very hard to fix without compromising on hermeticity, porting kbuild to Bazel (no thanks) or injecting the initramfs into the\nkernel image in a separate rule (might just work, but the kernel build rule would either have custom code, or a massive set of outputs).\n\nPerhaps we could use a separate initramfs for development? Or deliberately poke holes into Bazel\u0027s sandbox to reuse kernel build?\n\nTest Plan:\nRun this in a fresh container with empty Bazel cache:\n\n    bazelisk run scripts:launch\n\n... and watch as Bazel rebuilds the world.\n\nX-Origin-Diff: phab/D197\nGitOrigin-RevId: 21eea0e213a50e1c4ad25b2ac2bb87c53e36ea6d\n"
    },
    {
      "commit": "a71b5a4c36d5cae089666eaad57514c64baf6f24",
      "tree": "b73960c90b2635bf804fcadafb93d141ef4a203a",
      "parents": [
        "67f9d096fb66d9f9298542d98d128a42b9d43695"
      ],
      "author": {
        "name": "Leopold Schabel",
        "email": "leo@nexantic.com",
        "time": "Tue Oct 22 15:48:23 2019 +0200"
      },
      "committer": {
        "name": "Leopold Schabel",
        "email": "leo@nexantic.com",
        "time": "Tue Oct 22 15:48:23 2019 +0200"
      },
      "message": "Explicitly ignore call to os.Remove\n\nThis stops linters and GoLand from complaining.\n\nTest Plan: No functional change\n\nX-Origin-Diff: phab/D196\nGitOrigin-RevId: b4174bb82b8a14e2677dfbf9e95b97ee04ed284b\n"
    },
    {
      "commit": "67f9d096fb66d9f9298542d98d128a42b9d43695",
      "tree": "cb548c7e7a63df850302f6bb42a5a6bb3e5d2700",
      "parents": [
        "40ab4b41d338657c67a7fa72a3f76e26f582d98e"
      ],
      "author": {
        "name": "Leopold Schabel",
        "email": "leo@nexantic.com",
        "time": "Tue Oct 22 15:41:42 2019 +0200"
      },
      "committer": {
        "name": "Leopold Schabel",
        "email": "leo@nexantic.com",
        "time": "Tue Oct 22 15:41:42 2019 +0200"
      },
      "message": "Refactor build_artifacts.sh and makefile\n\n- Move everything to .data, .vendor, .artifacts and .bin in order to cleanly separate build input and output.\n- Sprinkle some subshells on build_artifacts.sh to make it fail more gracefully.\n- Fix fetch_third_party.sh check.\n- GOBUILD make helper.\n- Dockerfile with build dependencies.\n\nTest Plan:\nRan `make clean` and build steps described in README.md, it boots:\n\n{P84}\n\nX-Origin-Diff: phab/D195\nGitOrigin-RevId: 4106534c7248931b79e93e2a13153482033cd0d8\n"
    },
    {
      "commit": "40ab4b41d338657c67a7fa72a3f76e26f582d98e",
      "tree": "3caf6bf0363c00472cd1f3ceada351a142542cf7",
      "parents": [
        "dd8c80e4806660f5a792c731249873406d097165"
      ],
      "author": {
        "name": "Leopold Schabel",
        "email": "leo@nexantic.com",
        "time": "Tue Oct 22 15:35:52 2019 +0200"
      },
      "committer": {
        "name": "Leopold Schabel",
        "email": "leo@nexantic.com",
        "time": "Tue Oct 22 15:35:52 2019 +0200"
      },
      "message": "Rename base package to git.monogon.dev/source/smalltown.git\n\nThis ensures that the package is go get-able in our managed environment,\nwhich has SSH configs for git.monogon.dev by default.\n\ngo knows that it\u0027s a Git repo by matching on \".git\"\n(see: https://golang.org/cmd/go/#hdr-Remote_import_paths).\n\nThe package name is a bit more unwieldy than it needs to be, so maybe\nwe should add go-import metadata to git.monogon.dev at some point\n(which is not straight-forward, since Go does not understand SRV records,\nso this needs to be added to the Phabricator web server).\n\nAlso refreshed all generated files and go.mod/go.sum.\n\nTest Plan:\n    make cmd/mkimage/mkimage\n    make cmd/init/init\n\nX-Origin-Diff: phab/D193\nGitOrigin-RevId: 766325ccd9a51d04eba0e49269c530c520444193\n"
    },
    {
      "commit": "dd8c80e4806660f5a792c731249873406d097165",
      "tree": "a2e9ef14ac051c6a7014f033670a083a7a396ed5",
      "parents": [
        "f95909d11f20c01129120274076a44a689eabe3d"
      ],
      "author": {
        "name": "Lorenz Brun",
        "email": "lorenz@nexantic.com",
        "time": "Mon Oct 07 16:19:49 2019 +0200"
      },
      "committer": {
        "name": "Lorenz Brun",
        "email": "lorenz@nexantic.com",
        "time": "Mon Oct 07 16:19:49 2019 +0200"
      },
      "message": "Delete old secretstore, cmd/node and config modules\n\nThis removes even more code that is no longer necessary or interferes with new concepts. It also refactors the storage stuff into a StorageManager which deals with all the paths and async initialization.\n\nThis does intentionally break a few things which will be fixed when the CA code lands.\n\nTest Plan: Manually tested using make launch, CI is in a separate ticket\n\nX-Origin-Diff: phab/D182\nGitOrigin-RevId: 282a4bd84b47010d859e03da53b2c2de8183b13b\n"
    },
    {
      "commit": "f95909d11f20c01129120274076a44a689eabe3d",
      "tree": "2ba85463c30b26c0df8b7c278ea5df22da42dfdb",
      "parents": [
        "ae0d90d0f95a1a71801d31d5460d32f8644fc0dd"
      ],
      "author": {
        "name": "Lorenz Brun",
        "email": "lorenz@nexantic.com",
        "time": "Wed Sep 11 19:48:26 2019 +0200"
      },
      "committer": {
        "name": "Lorenz Brun",
        "email": "lorenz@nexantic.com",
        "time": "Wed Sep 11 19:48:26 2019 +0200"
      },
      "message": "UEFI EDK II, TPM minting, QEMU launcher and basic DHCP support\n\nTest Plan:\nYou still need a recent version of QEMU and swtpm installed (these are not yet integrated)\nRun `make launch` and have fun with a running Smalltown instance :)\n\nX-Origin-Diff: phab/D159\nGitOrigin-RevId: c7245bfbabebf92507445525bee009a71d19caea\n"
    },
    {
      "commit": "ae0d90d0f95a1a71801d31d5460d32f8644fc0dd",
      "tree": "558ca2744e8ba310f36362ae68cb48e0511ea376",
      "parents": [
        "16a981d4c23c1f2cd4808b6ba489df83455d68b4"
      ],
      "author": {
        "name": "Lorenz Brun",
        "email": "lorenz@nexantic.com",
        "time": "Thu Sep 05 17:53:56 2019 +0200"
      },
      "committer": {
        "name": "Lorenz Brun",
        "email": "lorenz@nexantic.com",
        "time": "Thu Sep 05 17:53:56 2019 +0200"
      },
      "message": "Initial operating system work\n\nAdds a draft for most of the operating system work, sans external things like EDK2 and kernel build which will be pushed later in a separate diff.\n\n* Sealing/Unsealing of encrypted and integrity-protected data partition using TPM2\n* PID1 standard behaviour (mounting minimal filesystems, cleaning up orphans)\n* TPM2.0 helper library\n* Block device finding and mounting\n\nTest Plan: Manually tested, CI will be dealt with later.\n\nX-Origin-Diff: phab/D157\nGitOrigin-RevId: 6fc494f50cab1f081c3d352677158c009f4d7990\n"
    },
    {
      "commit": "16a981d4c23c1f2cd4808b6ba489df83455d68b4",
      "tree": "fd47d6cff0e2d8d90d2fad2d1bf4f70b8ce77b92",
      "parents": [],
      "author": {
        "name": "Lorenz Brun",
        "email": "lorenz@nexantic.com",
        "time": "Mon Sep 16 11:26:05 2019 +0200"
      },
      "committer": {
        "name": "Lorenz Brun",
        "email": "lorenz@nexantic.com",
        "time": "Mon Sep 16 11:26:05 2019 +0200"
      },
      "message": "Added userspace device mapper library\n\nThis adds a userspace library to talk to the Kernel\u0027s DM subsystem and\nis part of the Smalltown init to set up dm-integrity/dm-crypt.\n\nTest Plan:\nCurrently manually tested, automated testing possible but would require\nspinning up a kernel and testing against it. This would require KVM access\non the test infrastructure, a test kernel and additional code.\n\nX-Origin-Diff: phab/D154\nGitOrigin-RevId: 45565ae6288e2accee3f8ce80233580c6ac3e754\n"
    }
  ]
}