)]}' { "log": [ { "commit": "12cab56e96b6591f4756bdca96e26260431fbcda", "tree": "bdba0d9a4bc52abe4fb2dd8bf287055f844725a1", "parents": [ "e294916b24bb6d0035484d215421ceb03c6598b7" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Feb 25 17:01:02 2025 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Feb 26 14:11:21 2025 +0000" }, "message": "m/n/c/l/crypt: open blockdevs read-only for discovery\n\nUse the new blockdev capabilities to only open the block devices in\nread-only mode for partition discovery. This allows us to disable writes\nto mounted partitions in Linux 6.12 and not get a spurious warning for\nevery boot. It\u0027s also generally good practice as we don\u0027t want to write\nat that stage anyways.\n\nChange-Id: If8dd9b49ae593aac6f0a25d439baa0b7d60d7ffe\nReviewed-on: https://review.monogon.dev/c/monogon/+/3986\nReviewed-by: Jan Schär \u003cjan@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "d842aaf9b5b45c6a0851542e8c9d21032f99a249", "tree": "1aab5f477d1019cf62e1f69b160afc3d639e2722", "parents": [ "44c31a087929a16e93700d7d92fcff1bd066b8c0" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Feb 17 17:39:46 2025 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Feb 25 16:04:05 2025 +0000" }, "message": "workspace: update linux to 6.12.15\n\nSwitch to the current 6.12 LTS branch and rebase the patches.\nAlso switch to using savedefconfig for config instead of just including\nthe entire thing. This makes it much more readable as it only contains\nsettings we\u0027ve touched.\n\nChange-Id: I2b15944f0083399290a2539c42e37205e839bf36\nReviewed-on: https://review.monogon.dev/c/monogon/+/3908\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "e4895292e2627e4047c833e1808e614bba3c4783", "tree": "0bd7f4de0419c7273e5da32e43adaac75ae059cb", "parents": [ "f525fa74802d2ea61577b188476bea2d54f816d7" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Feb 04 03:10:39 2025 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Feb 05 17:30:48 2025 +0000" }, "message": "third_party: rename build_files to $reponame.bzl\n\nThis enables IDEs to correctly identify the filetype\n\nChange-Id: I9e2644514f001f94abe7da92c332f95889a34380\nReviewed-on: https://review.monogon.dev/c/monogon/+/3823\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "156248b949f3da7c8d0f4f46cb97ac7606464952", "tree": "ff52faf242a29f1916edad64bca6282f8030ee66", "parents": [ "227c5cbbdd8f682b6e4d4cc661fa0d6e734206f2" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Fri Jan 10 00:27:45 2025 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Fri Jan 10 20:13:30 2025 +0000" }, "message": "treewide: format repo with buildifier\n\nChange-Id: Ia7aebeb7bba5b119c9157d1ad805cc477bcbb68a\nReviewed-on: https://review.monogon.dev/c/monogon/+/3774\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "117006e5a66f0c5858bff44aa05dc036083610a3", "tree": "62491f59c1747dca7c2334c32dd1d22e6074195b", "parents": [ "8eeae7b7fb8f98497caa5c69f9d6528fbdd81281" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Dec 09 22:53:52 2024 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Fri Jan 03 15:40:32 2025 +0000" }, "message": "third_party/linux: set transition overrides to default value\n\nWithout this a run with the race detector doesn\u0027t work as we prevent CGO\nwith this transition.\n\nChange-Id: Ibba17ec4058ed34bee1beb7b5f3c6cac345bac5d\nReviewed-on: https://review.monogon.dev/c/monogon/+/3690\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "f9c824951877cf295d7fd031073c2a3c0e09c804", "tree": "0b8f0405bb2094d90b7008a594ba00ff31f0144a", "parents": [ "c7a332be2ac37af8d3e27029e6300c8884988ab5" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Sep 16 16:50:39 2024 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Sep 16 15:28:27 2024 +0000" }, "message": "third_party/linux: build at 16 threads, request 16 CPUs\n\nThis makes sure we don\u0027t overwhelm build machines with a bunch of\nparallel kernel builds. That should in turn deflake tests which are\nresource-dependent (like E2E tests).\n\nChange-Id: If2758f328d7b2c71c8f405246c6ac41091b4a350\nReviewed-on: https://review.monogon.dev/c/monogon/+/3433\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "c7a332be2ac37af8d3e27029e6300c8884988ab5", "tree": "dc834fee3e970b047b65e329d8f278cd5a91eeca", "parents": [ "3c5d0635f855f16780792a6be311f71b4d59f20b" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Sep 12 17:58:42 2024 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Sep 16 15:13:57 2024 +0000" }, "message": "third_party/linux: disable fallback tunnel devs\n\nIntroduces a patch for a kernel config option to control the default\nbehavior for fallback tunnel devices in the kernel.\nWe want to fully disable them but this can otherwise only be done by\npassing kernel commandline arguments which would need to be specified in\na lot of places and can easily be missed.\n\nThis will get rid of things like the sit0 interface in the host and\ncontainer namespaces.\n\nChange-Id: I2c03c5aa50bc64b527b72c3c022d3e9f2111dd84\nReviewed-on: https://review.monogon.dev/c/monogon/+/3430\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "e1420ab79117be4c97818fa708f62fea3ff6d265", "tree": "e358545afc0d5510d3da8dee2fbed03355e87c3e", "parents": [ "ca6da6adf2fa3b88c743c9d7f88ef9cfea4e0823" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Aug 27 01:53:16 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Sep 10 12:10:01 2024 +0000" }, "message": "treewide: migrate more to bzlmod\n\nThis does migrate nearly everything to bzlmod and away from the \"old\"\nWORKSPACE system. We do have to use some workarounds and there is no\ngood way to get the path to a repository. This definitively requires\nsome more love in future CLs but this should cover the basics. See\nmonogon-dev/monogon#343 for more information.\n\nChange-Id: I0e188d8708b66fcdbdf0adc9143c93160e3395ae\nReviewed-on: https://review.monogon.dev/c/monogon/+/3357\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "1c42c42ff6621c44cdc3da39b066e4fc270105ef", "tree": "d72618e3c8872b1577fd9ba6c323e0c1e43789d7", "parents": [ "0b9276519a7475c3a341f78d83ca8d18cec3b38a" ], "author": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Thu Aug 01 15:41:54 2024 +0000" }, "committer": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Tue Aug 06 09:13:31 2024 +0000" }, "message": "third_party/linux: enable landlock at boot time\n\nRequired by a customer workload. Also likely to be\nused by our own OS components in the future.\n\nChange-Id: I7ddb2fadba483fd3c4aabecdce45c37679fca6c9\nReviewed-on: https://review.monogon.dev/c/monogon/+/3296\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "e166fa3f1e18bda930bb281758207d7e18c73762", "tree": "4ef76c49f58e996461b04b394d70230dde955256", "parents": [ "5150223ce08f503f83ddcff2feec46a342b385f5" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jul 25 13:29:12 2024 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jul 25 14:16:01 2024 +0000" }, "message": "WORKSPACE: update linux to 6.6.42\n\nStable release bump, no significant changes expected.\nNo relevant regressions on the linux-regressions list.\n\nChange-Id: I7688746eb94d514d53bfaa696ea5312a03b39690\nReviewed-on: https://review.monogon.dev/c/monogon/+/3254\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "f65898347121ef898f7efcaacfd7f2063045132a", "tree": "8419cd0014949939800622662bd604d5e8803b7c", "parents": [ "8661db30d08ed95df3749497c2e88a42f1e0fe9a" ], "author": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Wed Jul 24 16:29:22 2024 +0000" }, "committer": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Thu Jul 25 12:02:52 2024 +0000" }, "message": "third_party/linux: enable BPF_JIT, XDP_SOCKETS and HUGETLBFS\n\nKernel features required by customer workloads.\n\nChange-Id: Ifc67025e4832aa79fcec6aa74b7887859d831db4\nReviewed-on: https://review.monogon.dev/c/monogon/+/3248\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "fe6b506b6124b39b0b36c483d03de3b4efc5bdc4", "tree": "b3a4cbd0f4890dc5ee9a30eb643b2d3e9aa79fa5", "parents": [ "9f21f5396aa18bc9f2f83c867ff883f49bbf02ae" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jul 02 16:32:35 2024 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jul 04 14:50:22 2024 +0000" }, "message": "m/node: switch to cgroupv2\n\nThis switches us from legacy cgroup (v1) to cgroup v2 aka unified\ncgroup. Our versions of Kubernetes, containerd and runc/gVisor all\nsupport this by now.\n\ncgroup_bpf needs to be enabled in the kernel for containerd with cgroup\nv2. Also enable swap as this now works with cgroup v2, this gets rid of\na warning for every pod being started.\n\nWe are not really using cgroups ourselves, but as the root cgroup in v2\nis special, move our own process into a subgroup at startup.\n\nChange-Id: I8d63b2ad672568c052c3fe1a2306182f033667fa\nReviewed-on: https://review.monogon.dev/c/monogon/+/3207\nTested-by: Jenkins CI\nReviewed-by: Jan Schär \u003cjan@monogon.tech\u003e\n" }, { "commit": "1595e01e480fd2ab3f7690102bb722c4a6882bc4", "tree": "3999563b95a0d5c8cacb77f4d5e649261e129797", "parents": [ "3b5a917c5a1ac49acad50eeacb5cf275efc3631e" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Sun May 26 14:20:12 2024 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon May 27 17:01:01 2024 +0000" }, "message": "third_party/linux: enable more network drivers\n\nEnables drivers for VMWare\u0027s VMXNET3 paravirtual adapter, IP over\nThunderbolt/USB4 as well as Microsoft\u0027s Hyper-V paravirtual adapter.\n\nThese were missed as they are in a different configuration category.\n\nChange-Id: I1a391e5e258ba810bb229ce325932600be52cbd6\nReviewed-on: https://review.monogon.dev/c/monogon/+/3110\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "ae7ad94cd590cb4f93eb0dd6597efa2bbd9e2f09", "tree": "e7899fd9d1492daa0915c1a9721d3601fc85f225", "parents": [ "146346870881d7043bf591ea1e7ca6cdde8e11d6" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue May 14 18:21:55 2024 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed May 15 12:30:02 2024 +0000" }, "message": "workspace: update Linux to 6.6.30\n\nStable kernel release bump, no notable changes expected.\nNo known regressions relevant to us according to the regressions list.\n\nChange-Id: I3fdf0248a8f679f9a80fa6c2f510a3f31e374df5\nReviewed-on: https://review.monogon.dev/c/monogon/+/3089\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "8bc82868fd289220078ff317235db084349d9f70", "tree": "38c893fc96169d4c79a7d699d83158f86f564d04", "parents": [ "b765f24f8f1c93b817c8a3f4f1eef2514562b140" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Apr 30 11:47:09 2024 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon May 13 10:44:10 2024 +0000" }, "message": "third_party/linux: fix LACP issues\n\nThis fixes two major issues with the Linux LACP implementation:\nFirst, the bond interface indicates carrier availability before any port\nis even in aggregation state. It pretty much only cares about underlying\nport carrier state which is not meaningful in LACP-controlled\naggregation.\nSecond, individual ports are added to the list of transmitting ports\nimmediately after coming up. This causes packets to be transmitted\nbefore the LACP state indicates that this should happen.\n\nFix both of these issues by only enabling ports when the LACP state\nmachine places them in collecting/distributing state and making the bond\ncarrier state dependent on ports being enabled. This makes the interface\nalso behave logically consistent, i.e. it can transmit packets when its\ncarrier is reported up and not when its carrier is reported down.\n\nWhile in there, fix some timer-related annoyances which make convergence\nunnecessarily slow.\n\nThis also comes with a ktest which can be used for testing and\nverification of these changes.\n\nChange-Id: I60d0ed483f4f4ccea4d582b80e2bb29ff741783d\nReviewed-on: https://review.monogon.dev/c/monogon/+/3073\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "59f8d0a0748063a44474f8c874e0a5ea447f2d60", "tree": "ef02eae36802fa26bc2ffb4b19f282da36d60f31", "parents": [ "7f72748c67df593b110176422d27be878a7a37f4" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Mar 27 13:31:39 2024 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Mar 27 15:18:01 2024 +0000" }, "message": "third_party/linux: disable SEV\n\nCurrently we do not use SEV and it is causing issues with some system\nfirmware. Disable it for better compatibility until we actually use it.\n\nChange-Id: If0046d93b75a61b03522b11f3a62c3a35a28df95\nReviewed-on: https://review.monogon.dev/c/monogon/+/2896\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "acdfba5e65701520a23e3b3a90c5cb17c0cf3ac2", "tree": "ffa24e208faa66029bb406e3d69a3c0cf1d7921e", "parents": [ "d1f82e98ffe72d8378fbff4d127c6863d96b1f72" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Jan 29 23:09:42 2024 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Feb 12 18:10:28 2024 +0000" }, "message": "third_party/linux: enable more features\n\nEnables EDAC for ECC stats as well as SysRq over serial for diagnostics\nand some misc stuff we want like watchdogs.\n\nChange-Id: I8293a498726452d07176ddf59a841adf41e3ccd6\nReviewed-on: https://review.monogon.dev/c/monogon/+/2730\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "d1f82e98ffe72d8378fbff4d127c6863d96b1f72", "tree": "5c5e47642c62a059307b7cb72f46edc302b86750", "parents": [ "38b959fcda1df417ad833acc006fb4a039b4f9ce" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Feb 08 19:27:46 2024 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Feb 12 18:10:28 2024 +0000" }, "message": "m/node: use pstore for panic storage\n\nThe old solution never worked as the ESP was not mounted at that stage.\nIn general storing crash data there is suboptimal as it makes lots of\nassumptions about the system state.\n\nFor kernel crashes we already use pstore and there is an interface for\nstoring userspace messages in pstore as well. Set up the panic handler\nto put its logs in there and extend the pstore cleanup runnable to also\ndump that part of pstore into the logtree after reboot.\n\nIn most cases this also requires a kernel patch as most pstore backends\nto not allow userspace messages, probably to preserve limited space.\nSince we always clean pstore after reboot, this should be fine.\n\nChange-Id: I011109112e7bfd24d1772d5853a1d491c0cfd026\nReviewed-on: https://review.monogon.dev/c/monogon/+/2753\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "38b959fcda1df417ad833acc006fb4a039b4f9ce", "tree": "44971846f1720cb91d198e8a92b4261218c5b7a8", "parents": [ "223609ced73e359b040cb56a873880e3f9efbd7e" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Feb 08 17:53:45 2024 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Feb 12 18:10:28 2024 +0000" }, "message": "workspace: update linux to 6.6.13\n\nNow that Linux 6.6 is in LTS, let\u0027s switch to it. This also allows us to\ndrop one patch which has since been merged upstream.\n\nAs our kernel config hasn\u0027t been regenerated in quite some time I took\nthis opportunity to do so. No semantic changes to the existing config\nwere made, I just went through all new settings and set them to\nappropriate values.\n\nChange-Id: I4e7d92e13ddb51aad5c6571f2ae081e8e6de7138\nReviewed-on: https://review.monogon.dev/c/monogon/+/2752\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "0974b2275edc21ce3b76606ba7f8eed84e5cc9f0", "tree": "b9bd73528dc6823168273fb8eb58d02054e90047", "parents": [ "c834b7dd62f20188f3ffd7cbb092e2536403474b" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jan 16 14:04:15 2024 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jan 23 15:52:54 2024 +0000" }, "message": "treewide: replace rules_docker with rules_oci\n\nrules_docker is not maintained anymore and recommends migration to\nrules_oci\n\nChange-Id: I089f3cf44888b3c3c0baa2c84a319b04b1a7dec4\nReviewed-on: https://review.monogon.dev/c/monogon/+/2712\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "4327e8ff7cbe9ea1511248f303b84730f688ea43", "tree": "307581de89cf2d8d5aefeaaed43168493a0a3956", "parents": [ "60efa4416d36f04f860a130e51e8d82e0bf13f45" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Dec 21 16:01:54 2023 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Dec 21 16:37:24 2023 +0000" }, "message": "workspace: update linux to 6.1.69\n\nChange-Id: Ia2e8442f7d4780c8f34b2e4a10f30f47222f9fbc\nReviewed-on: https://review.monogon.dev/c/monogon/+/2595\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "4811e70b3cd8f237c1b57ac85cc4c02b57c82535", "tree": "aefc6d2f568c61ab5afcb2a7cb4f2c46b479deaf", "parents": [ "0f43359cd444ab84167c9f5305ad5bfb9ffd3a3c" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Oct 09 22:13:34 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Oct 09 20:27:06 2023 +0000" }, "message": "linux: bump to 6.1.56\n\nThis gets us to the latest LTS kernel, 5.15 is nearly two years old.\n\nChange-Id: I2f386c334b5067b9ced1b5286253d439884182bf\nReviewed-on: https://review.monogon.dev/c/monogon/+/2210\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "1e963fe8bdf4eb368b66717bafd640c7f17528d6", "tree": "e6f40f9ee469f824bd3f9bfceae3c6074f95990b", "parents": [ "6eb3fb31f0d1385e96652b6bee043bd9c5f6a577" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 09 18:24:02 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 09 21:01:36 2023 +0000" }, "message": "t/linux: update to 5.15.125\n\nThis kernel contains additional handling and workarounds for Gather Data\nSampling aka Downfall (CVE-2022-40982) on Intel CPUs,\nInception (CVE-2023-20569) and Phantom (CVE-2022-23825) on AMD CPUs.\n\nPerformant workarounds for these issues also requires updated microcode\nfor both CPU vendors. Microcode for Intel has already been updated,\nAMD\u0027s is not merged in linux-firmware yet.\n\nChange-Id: I441c8c7b39a8eec0c42d1aac0375d0d15ec1703d\nReviewed-on: https://review.monogon.dev/c/monogon/+/2048\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "8055d23f3116a9695367ee09155ef9e0a4059f90", "tree": "17a093240dca129cec9aba29edcf777ff56c9f23", "parents": [ "0e74961fc03de5a439484ea5ec33e0fc52a22edd" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Aug 08 23:56:07 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Aug 08 22:07:41 2023 +0000" }, "message": "third_party/linux: enable VLAN interface support\n\nThis is configurable through the Metropolis static network\nconfiguration and thus needs to be enabled.\n\nChange-Id: Id479e0d26a93819de0e315c8c470e94386f0351f\nReviewed-on: https://review.monogon.dev/c/monogon/+/2041\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "78a538df4c1112bad6bee08509385af8d0ecc77a", "tree": "7c0c3d44f2334a2305242f768322f36a175434a9", "parents": [ "90613afdf11f7831fc0a673f2fe502c28ab93729" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jul 25 21:39:04 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jul 26 12:39:17 2023 +0000" }, "message": "t/{linux,-firmware}: fix Zenbleed (CVE-2023-20593)\n\nThis fixes the Zenbleed vulnerability by including the latest fixed\nmicrocode from linux-firmware. They don\u0027t do proper release management\nbut just tag a date approximately every month to keep distros happy.\nThus we need to use a master commit to get the fixes now.\n\nAlso update Linux to 5.15.122 to make sure that we know in case the\nmicrocode fix somehow didn\u0027t get applied.\n\nChange-Id: I5e26826e6df0f665e1a23efe8587dfb93edb2d94\nReviewed-on: https://review.monogon.dev/c/monogon/+/1974\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "5b13d8112a63282d12690ce05dbfa245f910d5a9", "tree": "f69de58cf76b274e4c83f2472d08b578afb64fdc", "parents": [ "d20af4f15347651efa7b90490f8e657d35281883" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 20 13:22:23 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 20 14:18:03 2023 +0000" }, "message": "third_party/linux: ignore more configuration settings\n\nChange-Id: Id1117d86d742a94f762f186e6c1f9193dc4e0597\nReviewed-on: https://review.monogon.dev/c/monogon/+/1829\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "6c45434189e387b234109b68b1ed5a8f2cd5b439", "tree": "4cff8bb2fac00df28699559256ce7649b38877e1", "parents": [ "46bf7d6c6437dfbf9dcc1e1d7d80fcc1c601f9b5" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jun 01 12:23:38 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jun 13 13:44:46 2023 +0000" }, "message": "m/node: build Linux with modules\n\nThis introduces modules into our Linux build. I originally didn\u0027t want\nto do this, this is why this wasn\u0027t done until now. But various things\nin the kernel weren\u0027t set up for this, for example the AMD and Intel KVM\nmodules cannot both be loaded, only the first one loaded works. Also,\nthe Linux kernel cannot load firmware for built-in modules reliably as\nthe filesystem it tries to load it from is not always mounted first,\neven if the kernel itself mounts it.\n\nThe firmware issue was brought up multiple times on LKML, but Linus is\nof the opinion that the firmware should be next to the kernel module,\nthus either built-in (not viable for licensing and size reasons) or the\nmodules need to be loadable and on the same filesystem as the firmware.\n\nThus unless we want to carry signifcant patches against the Kernel in a\ndeadlock-prone area, we are forced to adopt a design with loadable\nmodules (or ship everything twice in an initramfs which is also not\ndesirable).\n\nThe kernel config currently only has the modules as non-builtin which\nrequire firmware, everything else has been left as-is. For boot-time\nperformance it would eventually be a good idea to move to a setup with\nmore modules once we\u0027re confident in the implementation and everything\ncan deal with late-loaded modules/devices.\n\nAs a drive-by fix this also moves the kernel builds to out-of-tree so\nthat we no longer pollute the source folder. Bazel protected us from\nserious issues due to this, but it\u0027s still bad practice.\n\nChange-Id: Iced8e12234565e5b7447e732716651e05e67d55b\nReviewed-on: https://review.monogon.dev/c/monogon/+/1791\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "7c38eef75b395b0515e34e2059091f8b0f8d3daf", "tree": "636f2fa665d79f14109e10a3abc7d277b1ab73a3", "parents": [ "f2af76024340e782002f5d07333e2f3d09031554" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed May 24 14:48:14 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue May 30 16:29:11 2023 +0000" }, "message": "third_party/linux: refresh config\n\nRan oldconfig from 5.15.104, no functional changes intended.\n\nThis is to make subsequent changes easier to review.\n\nChange-Id: I420073d3c8fdc8ce96a4ec22061c4158d9f99a9e\nReviewed-on: https://review.monogon.dev/c/monogon/+/1709\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "333cb8bd69852ebb2010fc821e525345f0e6a8a9", "tree": "e558dea1d60afb41a0694ffd0bcd5db5134e4c6c", "parents": [ "76e39d81415a51926e784d441760773574ecbdb9" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Apr 20 23:10:39 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Fri Apr 21 10:21:02 2023 +0000" }, "message": "t/linux: patch out static virtual interfaces\n\nA few virtual drivers (bonding, dummy) predate netlink (~2003), which\nmeans that the kernel had no way to dynamically create network\ninterfaces.\nThe solution was kernel module paramter which statically precreated a\nlist of these virtual interfaces. The number was generally set to 1 by\ndefault, meaning that loading the module creates one of its interface.\n\nFor compatibility with legacy userspaces this is still kept around. We\ncould set the parameters to zero, but doing that everywhere is a pain.\nThis just patches the default values to zero.\n\nChange-Id: I605781b80fb8b20a7724e7fdfa5a4f75ca25eea1\nReviewed-on: https://review.monogon.dev/c/monogon/+/1589\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "50d39370424b5c8e28b72f976d3b57b7d23a6f8b", "tree": "d645666a19b861e7f199bdf6fce3f19bcefc8a3f", "parents": [ "48f92e19a60062b696660213d579795866e6e718" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Mar 27 22:20:15 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Mar 28 10:08:04 2023 +0000" }, "message": "WORKSPACE: bump kernel to 5.15.104\n\nBumps the kernel to the latest patch release.\n\nHash verified against GPG signature from\n647F28654894E3BD457199BE38DBBDC86092693E alias Greg KH.\n\nChange-Id: I20d78d0492d1e869d684a1c045341f142f2039c8\nReviewed-on: https://review.monogon.dev/c/monogon/+/1410\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "3ccf69641de62c68a5740d8194d4f0776052dd63", "tree": "8a35f1aa01076a35890862f90c186da7fe4ebeda", "parents": [ "d266812c63eb25cf9a586297785add76f5b1f073" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Jan 23 17:01:40 2023 +0000" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Thu Feb 09 12:00:00 2023 +0000" }, "message": "go/net/psample: init\n\nThis adds a minimal golang implementation facilitating network packet\nsampling based on \u0027psample\u0027 kernel module.\n\nMetropolis kernel configuration was modified both in order for this\nchange to be testable in a ktest, as well as to make sure Metropolis\nwill be able to run the included code.\n\nChange-Id: Ie6a4721455f26644b6be01aa6190cf87f21355f3\nReviewed-on: https://review.monogon.dev/c/monogon/+/1102\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "bc93c2b50690e66712d80e4da5837554588ca065", "tree": "68842095e93b11649cdc23da3bb4a6ef24f9dc8a", "parents": [ "e1ebf729194f3673ea0638f0aceb90cb70de23aa" ], "author": { "name": "Leopold", "email": "leo@monogon.tech", "time": "Sat Jan 14 13:12:23 2023 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Thu Jan 19 19:07:21 2023 +0000" }, "message": "*: migrate to CC toolchains and Bazel 5.4.0\n\nChange-Id: Iff3c0ddda4413dd0c5fa657a5b7813223e98611e\nReviewed-on: https://review.monogon.dev/c/monogon/+/1079\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "06f51944c154f10756796323b1cbde1ce5376c47", "tree": "cb616c969928dd53b79eaf6d81afef58edc189c1", "parents": [ "12450d28a5a841994df41bb7c37c24d53a2c80d2" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Dec 20 13:06:53 2022 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jan 03 18:16:07 2023 +0000" }, "message": "third_party/linux: add memory hotplug\n\nWe need this for hardware reporting (and for running in VMs).\n\nChange-Id: I52dff73e0c945dcfde59b014a46c4efe15a133c2\nReviewed-on: https://review.monogon.dev/c/monogon/+/1001\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "ce3d810f4fde5e00aba7539a4d12ebe82d65b672", "tree": "115369420532871a70e28e6985baf486321ecde8", "parents": [ "a5baa87a6ca09502afb077b5fd74f0b374fecaf4" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Oct 18 12:04:43 2022 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Oct 19 20:30:58 2022 +0000" }, "message": "third_party/linux: add bonding\n\nFor our provisioning project we need bonding support, enable it in\nour kernel.\n\nChange-Id: I46c348c7c855be3a2c3a5db88840f4a7611a49fe\nReviewed-on: https://review.monogon.dev/c/monogon/+/957\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "f054486ae95df87cb0811df488bb47aebdac14da", "tree": "195657113c01909686a9de30aa36d1ebc5014353", "parents": [ "5486a9cf8c7092a213bfda0b52681c156fe87cbb" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Sep 12 17:05:54 2022 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Sep 13 11:33:35 2022 +0000" }, "message": "third_party/linux: improve kernel configuration\n\nThese configuration changes are required to boot the Metropolis kernel\nvia kexec on a PowerEdge R750.\n\nkexec needs to be enabled even if we\u0027re not using it as just using kexec\nto launch a kernel on an EFI machine requires a fixup performed only if\nthe target kernel is built with kexec enabled. Otherwise it crashes\nimmediately after mounting efivars by dereferencing a null pointer.\n\nbpfilter should be disabled because it needs a userspace helper (the\n.ko actually runs in userspacee) and we ship none of that, causing an\nerror-level log message on every boot.\nUntil we actually ship the required infrastructure disable it.\n\nirq_remap is required for x2apic, without it\nthe kernel can\u0027t even boot on that platform.\n\nintel_iommu is just a drive-by enable because the AMD IOMMU is already\nenabled and we want the protection.\n\nChange-Id: Iaf0012e8c0427114c56fc5d90a9748ebeb800a54\nReviewed-on: https://review.monogon.dev/c/monogon/+/904\nTested-by: Jenkins CI\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "e5053ed77b4fcfce6f88e2f8f0e98a0581b795cb", "tree": "70b259c9a023b389267064690131597ab2386ecd", "parents": [ "ea0a2c862d41544cf58807b17daf6b3b4dfa12bc" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jul 13 14:25:02 2022 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jul 14 09:01:19 2022 +0000" }, "message": "t/linux: enable LoadPin LSM\n\nThe LoadPin LSM ensures that the kernel only loads files for its own use\n(like firmware, modules, ...) from the root file system. This helps\nprevent attacks which overlay directories with mount points.\n\nChange-Id: Id7f8da0e6030e2a6d19fc25840063e6af56c389c\nReviewed-on: https://review.monogon.dev/c/monogon/+/835\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "fc2d0d8275a2596794f4f2d1d32b8a536854d825", "tree": "f868c35e5a72d1c9af108c8df7b8060077424b59", "parents": [ "399ce5537c9d74b2335add19dcb6a4043d9468b5" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Mar 31 14:36:17 2022 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Mar 31 13:10:50 2022 +0000" }, "message": "workspace: bump Linux to 5.15.32\n\nBumps Linux to latest LTS patch release\n\nChange-Id: I40e6c4a7e161915d41a688e00cb4ca98553bf89f\nReviewed-on: https://review.monogon.dev/c/monogon/+/644\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "942f5e2188f67d78fe8da86f42e1902427792f2b", "tree": "b3465cd8996a224a678f12cf1d858173077dadd1", "parents": [ "d3ce0ac027b205b1eeccbbcb062c9d417e205df4" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jan 27 15:03:10 2022 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Mar 08 12:05:38 2022 +0000" }, "message": "b/ci: update build container to Fedora 35\n\nFedora 32 is EOL since over half a year, update to the current stable\nFedora release.\n\ntoolchains: adds clang as it\u0027s no longer part of the llvm package,\nchanges toolchain path references to GCC 11, and rebuilds the sysroot.\n\nedk2: update to latest stable (old version cannot build with a newer\nminor version of Python 3) and patch to disable -Werror and make the\nnewer included Brotli version work as it natively includes BUILD\nfiles which need to be patched out to make the source files accessible.\n\nlinux: add patch to fix PVH ELF note entrypoint with binutils 2.32+ as\notherwise the .notes section gets emitted with broken alignment.\n\nm/t/launch: RunMicroVM is broken if SerialPort is not set with newer\nQEMU versions because fcntl(2) fails to interact with a broken file\ndescriptor. This is due to a confusion between nil interfaces and\ninterfaces containing a nil pointer causing Go to improperly pass the\nfile descriptor. Changing the type of SerialPort to the actual\ninterface resolves the issue.\n\nChange-Id: I03a8cbf4f80a7363794dad1ff62ccb57e778cac3\nReviewed-on: https://review.monogon.dev/c/monogon/+/529\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "d348fd1c66194c0fff46e39a16131a7bd0e45707", "tree": "c2731c55a03e1fdd7f81f25c363345acc508ac73", "parents": [ "b6aa3f7a4bb57fa3d29c846fcfcc6c0d267ae8b7" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Fri Mar 04 12:11:46 2022 +0100" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Fri Mar 04 14:59:11 2022 +0000" }, "message": "t/linux: disable IMA\n\nThis disables IMA in the kernel config. Currently Metropolis doesn\u0027t\nutilize any of its features, since integrity is ensured in other ways.\n\nSee: https://github.com/monogon-dev/monogon/issues/107\nChange-Id: Icc0af8790ef30c2e0497b570abb403cadd89371f\nReviewed-on: https://review.monogon.dev/c/monogon/+/557\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "8c2c771a750f30b3edf240fc8352e777795e989b", "tree": "f7a30cb1af95485dd83998ca674d89ceffeea4b9", "parents": [ "e2bf5742fe984bfb920fcb8b745bb0c6ac4de4db" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Tue Jan 25 19:42:21 2022 +0100" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Jan 31 16:31:41 2022 +0000" }, "message": "m: enable dm-verity rootfs\n\nThis makes all the existing EFI unified kernel images boot from a\ndm-verity rootfs.\n\nChange-Id: Iac05942e40b81825252e84feb5c79c8ff215680a\nReviewed-on: https://review.monogon.dev/c/monogon/+/527\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "0e057feb0b5c932e1b86ba769ad92bfc9bfdcd65", "tree": "f4ee473eacbf446c85f553ad417a8e4902c07bb7", "parents": [ "87bf0bf46c83f3a59536f577171985b4fa1db1eb" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jan 13 16:19:10 2022 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jan 13 19:51:25 2022 +0000" }, "message": "metropolis: use hybrid consoles\n\nThis enables two consoles, one on the serial port and one on the\non-screen EFI framebuffer, if it exists. It also enables quiet mode\nwhich stops Linux from logging purely informational messages to\nthe console making it hard to see our own output.\n\nChange-Id: I25499a1dda8cf0c566878ac24877bf19b64ddda6\nReviewed-on: https://review.monogon.dev/c/monogon/+/517\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "8cde7ae0efa7dbef5d4d17759df5fd0a274db6fc", "tree": "64c1943e0f23f368e433cd5566f5ab13880d9f46", "parents": [ "705a4025b3a28f5ddc5c62d40d3011437a0199f0" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jan 13 14:10:10 2022 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jan 13 15:11:54 2022 +0000" }, "message": "t/linux: enable USB and USB mass storage\n\nThis enables USB and USB mass storage in our kernel. This is necessary for\nthe installer to read data off of a USB drive.\n\nChange-Id: I6a78f1d4f4234234b05b26188ae022b543d6bf35\nReviewed-on: https://review.monogon.dev/c/monogon/+/512\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "9a66b18b911e4551c708b4b4fffbe9e89f19d232", "tree": "abbbaa0e3c2586fafc7797390aef6bc3a328f453", "parents": [ "1de8b1845e75dc1e020df21b997b2d6fc66fb65e" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Wed Dec 22 20:33:12 2021 +0100" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Fri Dec 24 15:30:09 2021 +0000" }, "message": "t/linux: output modules.builtin.modinfo\n\nThis makes the linux_image rule provide modules.builtin.modinfo, a\nkernel image build side effect, in a separate output group.\n\nChange-Id: I1323089864831e0eefae42c6a0d02288abe179b7\nReviewed-on: https://review.monogon.dev/c/monogon/+/507\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "531e2c25995933a2e3110f5a53852bdbb5a2a39c", "tree": "b8b8dd9d56e6aebb9eaab8225e5f31fc999d8db3", "parents": [ "ed86976004c8a9d8d06e787ece3d59b04dba11f9" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Nov 17 20:00:05 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Nov 18 14:12:47 2021 +0000" }, "message": "WORKSPACE: bump Linux to 5.15.2\n\nThis involves ripping out fsinfo because there now is quotactl_fd which\nhandles what we originally used fsinfo for. I also enabled a few new\ninteresting kernel features in the config like the Landlock LSM and\nKFENCE.\n\nChange-Id: Ic0a113893a437b2c8068d06984fdc386f34e6adb\nReviewed-on: https://review.monogon.dev/c/monogon/+/444\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "b7f8e9a05f2e47e63b697ae93a9c72741aef98c1", "tree": "f47454e0d2b266674b520a3125884aca20ea5fa5", "parents": [ "dc7e31c81095fe809e3bfe07bbda36a21f54464e" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Wed Oct 20 13:41:41 2021 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Nov 08 10:03:59 2021 +0000" }, "message": "third_party/linux: expose PARTUUID through uevent\n\nThe kernel was patched to expose partition UUIDs.\n\nThis was inspired by a change [1] that didn\u0027t make it into mainline.\nThe patch is meant for internal use and would need to be adapted for\nmainlining due to recent changes in the part of codebase involved.\n\n[1] https://lkml.org/lkml/2017/10/10/1130\n\nChange-Id: Ie34bf6f46ba95e39c5d8589414f98f06435aaae2\nReviewed-on: https://review.monogon.dev/c/monogon/+/407\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "dc7e31c81095fe809e3bfe07bbda36a21f54464e", "tree": "20ac8760617b9aa18968b5fb7fad288aeabca6f4", "parents": [ "d32d1eaec33b9b6e8a2ce6f207892d7a2b236382" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Thu Oct 07 22:23:39 2021 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Nov 08 10:03:04 2021 +0000" }, "message": "m/node: move kernel cmdline to the unified kernel image\n\nThe upcoming installer code relies on its own params.\n\nChange-Id: I6408ffa3f14ae184e05786a48b59499ac25d8928\nReviewed-on: https://review.monogon.dev/c/monogon/+/406\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "f055a7fce0263a30fd2c853b5ed002a765fc23e8", "tree": "de2dc0daeebfc7ecce2b1987ffb13eb4f2475088", "parents": [ "2666513457e8d7a282560a7090f35439ab9695ce" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Apr 13 16:22:33 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Apr 14 14:35:09 2021 +0200" }, "message": "third_party/linux: build using unhermetic rule\n\nThis replaces ad-hoc genrules (for the node Linux image and the ktest\nimage) with a real Bazel rule with an attached transition which ensures\nwe end up with the same-ish configurations for all builds of an image.\n\nThis reduces rebuilds of the ktest Linux kernel, from three down to one.\n\nBefore: https://drive.google.com/file/d/1c6VmY2bqx9Pgs61TOUfgMi8Sn0WQeobu/view\n\nAfter: https://drive.google.com/file/d/13eO1rLhoBCMMRUKrmJz8QnhdAR3ctIGb/view\n\nWe also drive-by fix the Kubernetes CTS test suite to run on a single-node\nCluster (instead of failing early due to that being currently reworked).\n\nTest Plan: Build system refactor, following existing test.\n\nX-Origin-Diff: phab/D761\nGitOrigin-RevId: b5545ac5fd402fbf0340d941a90b9ea6ea0b6d43\n" }, { "commit": "2666513457e8d7a282560a7090f35439ab9695ce", "tree": "328d8f62ddb665b6cd057272f7cae2713aa247ad", "parents": [ "a105db57640d6abf6de368ec0c33a3a5b4f93893" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Apr 13 16:55:59 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Apr 13 19:51:33 2021 +0200" }, "message": "Fix TCP BBR setting\n\nI previously set the TCP queuing discipline to BBR without actually compiling in BBR.\nSee T943. This actually builds in BBR and sets it as default in the kernel config, thus removing\nthe need to manually set it in userspace.\n\nTest Plan: CI\n\nBug: T943\n\nX-Origin-Diff: phab/D760\nGitOrigin-RevId: 779a709e4298ec59bfdcf462fe2f3563952204b6\n" }, { "commit": "09c275bc489bc1de406be9a2e8f158eaa87b7c61", "tree": "31c62a93e37f6052aa99e2addacef6c060d75e85", "parents": [ "37050126ef89ec30cc677c272471debe55ec0d69" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Mar 30 12:47:09 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Apr 13 11:04:05 2021 +0200" }, "message": "Add ftrace support to DebugService\n\nThis allows us to do ad-hoc kernel-level tracing on a running Metropolis node.\nUseful for tracking down complex bugs.\n\nExample: `bazel run //metropolis/cli/dbg -- trace -function_graph_filter blkdev_* function_graph`\n\nTest Plan: Debug utility, manually tested\n\nX-Origin-Diff: phab/D748\nGitOrigin-RevId: 924eb795250412a73eb30c0eef4a8c1cc726e5fd\n" }, { "commit": "9956e72c6c0b4f6436dc9493bc213965ee0cc191", "tree": "7842ac67432e3a187dda6a2dcb46d11088934159", "parents": [ "dca59d924dac4345099e5acd99405b5451d29cdb" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Mar 24 18:48:55 2021 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Apr 13 11:03:53 2021 +0200" }, "message": "Add Loop Device package\n\nThis adds Loop device support in our Linux kernel and adds a Go package for working with them.\nIt also drive-by adds a pre-mounted tmpfs to ktest as that is quite useful in a lot of situations.\n\nTest Plan: Comes with ktests.\n\nX-Origin-Diff: phab/D745\nGitOrigin-RevId: fa06bcdddc033efb136f56da3b4a91159273bf88\n" }, { "commit": "4e090357c4f1f3bae53a5f2feaf20ea5e1bbbe61", "tree": "335ec273335722befdeca623b8f3f787a2cd6571", "parents": [ "0ed2f96a3a86aff2c9ce36289aa5d58a75f4d59b" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Mar 17 17:44:41 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Mar 17 17:44:41 2021 +0100" }, "message": "Add KVM device plugin\n\nThis adds a KVM device plugin for Kubernetes. This plugin allows for unprivileged access and granular\ncontrol of KVM access.\n\nTest Plan: Tested in subsequent revision\n\nX-Origin-Diff: phab/D739\nGitOrigin-RevId: 5cd738a47d24e7bfdc29bbd1a31537209e1ebf46\n" }, { "commit": "5999e92b2da34cbbd50391327ec01081a91866ee", "tree": "164e447b7d17e89f2b1046c3da51af141deaa08b", "parents": [ "3a99c590543394ceb5260282ef8e924b44e8eef8" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jan 27 18:53:54 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jan 27 18:53:54 2021 +0100" }, "message": "Bump Linux kernel to 5.10\n\nThis bumps our Linux kernel to 5.10. There\u0027s one minor fix in fsinfo accounting for the fact that strings are\nnow null-terminated. While debugging this I also drive-by fixed a minor typing issue in quotactl.go.\n\nThis drops support for the old initramfs loading method (which was the driving force for the EROFS changes)\nas refactors in the kernel made the patch we carried until now non-viable. Nothing uses it anymore, everything is\neither a microvm-style machine which doesn\u0027t use EFI and thus doesn\u0027t suffer from the issue or uses EROFS.\n\nTest Plan: No new functionality, should be covered by E2E tests.\n\nX-Origin-Diff: phab/D697\nGitOrigin-RevId: d8e40954abb66cb082eecbca372b94a7e40b84a8\n" }, { "commit": "3a99c590543394ceb5260282ef8e924b44e8eef8", "tree": "e1b727a0c12b387e1bc12d71826405b8b588fa40", "parents": [ "6b13bf1a98c4a612d13ae939e68802e77fb45474" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jan 26 19:57:21 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jan 26 19:57:21 2021 +0100" }, "message": "Switch Metropolis to EROFS-based root filesystem\n\nThis gets rid of the old large initramfs and switches to an EROFS-based root\nfilesystem. It also drops the copy \u0026 remount compatibility code. As this filesystem is\nproperly read-only and not just ephemeral, this also brings various changes to the code\nto make systems compatible with that.\n\nTest Plan: Covered by E2E tests, also manually smoke-tested.\n\nX-Origin-Diff: phab/D696\nGitOrigin-RevId: 037f2b8253e7cff8435cc79771fad05f53670ff0\n" }, { "commit": "662b5b3119b0798980b887d1ef9fa1b5632aa7fb", "tree": "3e1fc4ab033530e6d579112ba500d2c6edb43368", "parents": [ "39f2f691726dc6e0a291aa8609085b835a313dad" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Dec 21 13:49:00 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Dec 21 13:49:00 2020 +0100" }, "message": "smalltown -\u003e metropolis\n\nThis pass removes all mentions of Smalltown, both from code and comments,\nand replaces them with appropriate new terminology.\n\nTest Plan: Refactor, covered by CI.\n\nX-Origin-Diff: phab/D674\nGitOrigin-RevId: 04a94d44ef07d46f7821530da5614daefe16d7ea\n" }, { "commit": "9601f26770e2aed2c8c37a490e936ce300b1a01d", "tree": "4d378d512ac02685b7eccbd8ef41ace024cef2d9", "parents": [ "ede8a80d816f8c102ed4de13ba25512024582a75" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Dec 09 19:44:41 2020 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Dec 09 19:44:41 2020 +0100" }, "message": "Implement DHCPv4 default callbacks\n\nThis implements common callbacks to manage interface IPs and\nroutes in the kernel from DHCPv4.\n\nTest Plan: New integration tests against our kernel via ktest.\n\nX-Origin-Diff: phab/D657\nGitOrigin-RevId: 3c39dddbd0e4151e6e902de150243296e6e459b4\n" }, { "commit": "5e4fc2d107722f748f90cad06601c1b20e0934fc", "tree": "3f29a0772e9182a7e7cc0073b61b00f58013e071", "parents": [ "fa5c2fccc528b40f216687e02f0c1cd004e013d6" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Sep 22 18:35:15 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Sep 22 18:35:15 2020 +0200" }, "message": "Add support for runc container runtime\n\nAdds the runc container runtime, its containerd shim, required Linux features and plumbs it into\nKubernetes using RuntimeClasses and containerd runtime selection. Also adds support for building C-based\ntargets as part of our initramfs.\n\nThe Bazel portion is a bit verbose but since label dicts cannot be reasonably concatenated and closures\nare prohibited in Starlark I see no better way.\n\nFor this to be usable for most images new Linux binfmt options have been added. The hashbang binfmt\nshouldn\u0027t have any negative impact, but binfmt_misc has a registry which is only namespaced if used\nwith user namespaces, which are currently not used and thus might represent an exploit vector. This\nis tracked in T864.\n\nTest Plan: New E2E tests covering this feature have been added.\n\nX-Origin-Diff: phab/D625\nGitOrigin-RevId: 1e7e27166135437b2965eca4dc238f3255c9b1ba\n" }, { "commit": "b682ba55d4a51babad2beebb470b0fef0e6067ca", "tree": "d94c2bb98f3a47896558d9cd4d2cc0271a4558c7", "parents": [ "f85748717f32f0a74816de01b1e5f2e0104342c5" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jul 08 14:51:36 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jul 08 14:51:36 2020 +0200" }, "message": "Add service proxy\n\nThis adds a service proxy based on nfproxy and changes to the service IP allocation to make it work.\nAlso adds support for masquerading outbound traffic for outbound network connectivity.\n\nTest Plan:\nCurrently manually tested by creating an alpine pod and running \u0027apk add curl \u0026\u0026 curl -k https://192.168.188.1:443/\u0027.\nWill be covered later by CTS.\n\nBug: T810\n\nX-Origin-Diff: phab/D580\nGitOrigin-RevId: cace863fd8c2f045560f8abf84c40cc77bc275d4\n" }, { "commit": "52f7f291c1987fe98bd10d3ad79d4a0c8772ad03", "tree": "eaf212647f9bab001e62bb35647255b5f107bd2e", "parents": [ "3ff5af330857b2aadcdae9d9e6ca37b7e5d2c56e" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jun 24 16:42:02 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jun 24 16:42:02 2020 +0200" }, "message": "Add nanoswitch and cluster testing\n\nAdds nanoswitch and the `switched-multi2` launch target to launch two Smalltown instances on a switched\nnetwork and enroll them into a single cluster. Nanoswitch contains a Linux bridge and a minimal DHCP server\nand connects to the two Smalltown instances over virtual Ethernet cables. Also moves out the DHCP client into\na package since nanoswitch needs it.\n\nTest Plan:\nManually tested using `bazel run //:launch -- switched-multi2` and observing that the second VM\n(whose serial port is mapped to stdout) prints that it is enrolled. Also validated by `bazel run //core/cmd/dbg -- kubectl get node -o wide` returning two ready nodes.\n\nX-Origin-Diff: phab/D572\nGitOrigin-RevId: 9f6e2b3d8268749dd81588205646ae3976ad14b3\n" }, { "commit": "c88c82db8b1a7f8a07782c970e1d0dfb453f9f66", "tree": "22072c4f18e4aaa855577ff0b42a86ef77a9c4cb", "parents": [ "60febd9db40970a31a2f49bdb969897a37c11cc6" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Fri May 08 14:35:04 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Fri May 08 14:35:04 2020 +0200" }, "message": "Add containerd \u0026 gVisor support\n\nThis adds containerd, CNI, gVisor and all the necessary shims\nand supporting infrastructure. It also enables all relevant features in\nthe Linux kernel. containerd is designed as a simple supervisor.Runnable.\nIt is not being started yet, this will happen in D497.\n\nSplit out from feature/kubelet.\n\nTest Plan:\nHas been tested in conjunction with the rest of D497, will be\ncovered by a K8s E2E test there.\n\nX-Origin-Diff: phab/D509\nGitOrigin-RevId: 92523516b7e361a30da330eb187787e6045bfd17\n" }, { "commit": "547b33f2b38dba41f2c171f8730ff5093b267eaf", "tree": "0b1993d79cd3724613e43caed66e81979de0b082", "parents": [ "3dba53221970a81cdc1158cced2c6acf85b33065" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Apr 23 15:27:06 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Apr 23 15:27:06 2020 +0200" }, "message": "Add in-kernel test runner\n\nThis adds a way to run tests inside the Smalltown kernel.\n\nImprovements to the Bazel part of this are tracked in T726\n\nTest Plan: Tested by intentionally failing the test.\n\nX-Origin-Diff: phab/D485\nGitOrigin-RevId: e4aad7f28d122d82a7fcb6699e678cbe022e2f73\n" }, { "commit": "1d8017549154d0bf2c36610d75eee8de9b25ce02", "tree": "854997e22377a1a3b2b2ef00fa9efe8fc2651228", "parents": [ "25b82a85dceb8f3ce847d712fa58809d87f316fb" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Apr 02 09:24:51 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Apr 02 09:24:51 2020 +0200" }, "message": "Introduce fsquota package\n\nThis introduces a new fsquota package and\na few low-level support packages to simplify the\nmanagement of filesystem quotas.\n\nTo expose an API that\u0027s nice to use while staying\nperformant and safe the new fsinfo syscall is being\nused. Since that syscall is not yet in mainline it has\nbeen backported to our 5.6 kernel.\n\nTest Plan:\nManually validated on our kernel, automated\ntests are pending some Bazel work to be able to run them\ninside our own kernel.\n\nX-Origin-Diff: phab/D462\nGitOrigin-RevId: bb463056589d2b13b7cf32d48ab0b884e70b1bad\n" }, { "commit": "fd16651a2ef1484b7d8f12d0a7c7f93899af2747", "tree": "f7931a575e0a7133695b2e5a7ec412a2c21731e1", "parents": [ "b1b742f91489cafa199bf5dd6e83d965cb23f63f" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Apr 01 17:29:45 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Apr 01 17:29:45 2020 +0200" }, "message": "Update Linux to 5.6\n\nTest Plan: Covered by existing tests.\n\nX-Origin-Diff: phab/D458\nGitOrigin-RevId: ebc83b17a0bcf66997d65763d8ff852a2613887c\n" }, { "commit": "581b0bd6386a077e29107710e008983b62233ccf", "tree": "85cf721d9711e7adc88c744c55ee12a96ee7114d", "parents": [ "79d7a625709242204993cffbd99ed734dc1c50a5" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Mar 12 13:36:43 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Mar 12 13:36:43 2020 +0100" }, "message": "init: remount to tmpfs\n\nrunsc needs to be able to pivot_root. According to @lorenz this does not\nwork from initramfs. This introduces a temporary fix to re-mount and\nre-exec into a new root based on tmpfs.\n\nA proper fix would be to use a real filesystem instead of initramfs\n(like squashfs), but this will do for now.\n\nWe also use this opportunity to use devtmpfs instead of manually\nmanaging /dev. This collides with the storage manager that tries to\ncreate all storage nodes - we just remove that.\n\nTest Plan: shouldn\u0027t change behaviour\n\nX-Origin-Diff: phab/D433\nGitOrigin-RevId: aa59fec6551bab1b1b9c2fe037dce410e550981b\n" }, { "commit": "2fb13a89a00a1d0bf2e87f10516dcb5d7c0691dc", "tree": "4a5c4b3b14afdd6d10192d2e6144d62051c92d9d", "parents": [ "aa6b7346a87a5512fbdd5b39db766000c0e10415" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Feb 11 12:41:37 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Feb 11 12:41:37 2020 +0100" }, "message": "third_party: slurp in edk2, kubernetes, mkfs.xfs\n\nThis finishes the move from core/build/* into third_party/.\n\nWhile at first this might look like wasted bandwidth, this separation\nwill make much more sense in the future, where different parts (not only\nthe Smalltown core) might depend on shared external dependencies. In\naddition, having everything in third_party laid out in a similar fashion\nlends itself to writing more general rules. Already there is quite a bit\nof deduplicaiton that we could remove for reliability and readability.\n\nThis does not fix the problem of the big honkin\u0027 genrule for mkfs.xfs -\nwhile I think we should fix it sooner than later by building a real\ntoolchain, that time is not yet now. But at least we\u0027ve moved things out\nof the way so that we can then drop in a better mkfs.xfs, once it is\nbuilt so.\n\nTest Plan: build file mangling, CI should cover this\n\nX-Origin-Diff: phab/D391\nGitOrigin-RevId: fb99c6a6270c5c6a56eeb4f18a41323ffebbc655\n" }, { "commit": "731d00ae802712305d2a01ea4a7bbc74227b2f0d", "tree": "574c39c5ce00a4aeb03cb0e0136320836f2259cb", "parents": [ "7ba3152b450889e81e85a02bd2e28f992edba2b0" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Feb 03 19:08:07 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Feb 03 19:08:07 2020 +0100" }, "message": "Move linux to //third_party.\n\nTest Plan: refactor of build system, should be covered by existing tests\n\nX-Origin-Diff: phab/D367\nGitOrigin-RevId: 603c61bfadadfbd66c0ce31f05f6748251bea9f3\n" } ] }