)]}' { "log": [ { "commit": "356b896eb4c3db9608d637c775845a09fc20fd07", "tree": "af30addfbc8caba5275febf71847196f13aba8a5", "parents": [ "116c4a69dc90827d82023c362cbc26a17e188787" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Tue Aug 10 17:27:15 2021 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Tue Sep 28 12:14:43 2021 +0000" }, "message": "m/n/b/mkverity: refactor into VerityEncoder\n\nThe implementation was refactored into a stream-oriented VerityEncoder and exposed for use outside the mkverity tool. In addition, end-to-end tests were provided.\n\nChange-Id: I2d009ca8030d6a86e9d6dbe6d6ae60a3b84d2d74\nReviewed-on: https://review.monogon.dev/c/monogon/+/314\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "d7d6e0284de38cbeeb185ca17c0853b4b2c10ee9", "tree": "37e0b443caf904f0b78d423ba6580c1416f5bc11", "parents": [ "9ffa1f9577003ab70a6b483475874f3552d1ccc3" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Sep 01 15:03:06 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Fri Sep 03 11:15:40 2021 +0000" }, "message": "m/n/core/rpc: create library for common gRPC functions\n\nThis is the beginning of consolidating all gRPC-related code into a\nsingle package.\n\nWe also run the Curator service publicly and place it behind a new\nauthorization permission bit. This is in preparation for Curator\nfollowers needing access to this Service.\n\nSome of the service split and authorization options are likely to be\nchanged in the future (I\u0027m considering renaming Curator to something\nelse, or at least clearly stating that it\u0027s a node-to-node service).\n\nChange-Id: I0a4a57da15b35688aefe7bf669ba6342d46aa3f5\nReviewed-on: https://review.monogon.dev/c/monogon/+/316\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "9ffa1f9577003ab70a6b483475874f3552d1ccc3", "tree": "a688d02424e8601ed830d12021b5867688d31438", "parents": [ "6bd415920b84bd695038caeb386f1e97184f0c51" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Sep 01 15:42:23 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Thu Sep 02 10:38:15 2021 +0000" }, "message": "m/n/core/curator: authenticated RPC\n\nThis adds authentication middleware (server interceptors) for gRPC\nservices running on the public curator listener.\n\nMost of this code is testing harnesses to start up just the curator\nlistener with enough of a PKI infrastructure copy from a real Metropolis\ncluster to be able to start running tests against GetRegisterTicket.\n\nChange-Id: I429ff29e3c1233d74e8da619ddb543d56bc051b9\nReviewed-on: https://review.monogon.dev/c/monogon/+/311\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "031243f5a276726080a92410f7d3503e5870ed49", "tree": "ab582e63dccf71c27e916d23ea24d5f250774d41", "parents": [ "cbeb8a01de2ac264f41b403b6fdc33dca7b5e568" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Aug 24 12:14:27 2021 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Aug 26 16:02:23 2021 +0000" }, "message": "m/p/devicemapper: fix GC closing control fd\n\nThe devicemapper package stored a reference to its control file\ndescriptor as a uintptr after opening it thorugh os.Open(). This is a\nproblem as os.newFile (internally called by os.Open) sets a finalizer\non the os.File which closes the fd as soon as the object is GCed.\nBecause no such reference was kept by the devicemapper package, the GC\ncould end up closing the fd.\n\nTo fix this, the package now keeps the original os.File around and\njust grabs an Fd as necessary. While we\u0027re at it, let\u0027s make the\ncontrol file descriptor implementation threadsafe.\n\nChange-Id: I6f7e0a398f28c1141627904ccbd2d99dd248bc78\nReviewed-on: https://review.monogon.dev/c/monogon/+/310\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\nVouch-Run-CI: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "b9044c888097757c36933062f27b5f5ee103ee5f", "tree": "b07722231a9cf0fd3c0b81486bd637e11cbd7b6b", "parents": [ "3bb23219009a98643a562b1e59e3a4080f422c51" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Aug 24 11:59:47 2021 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Aug 24 16:12:52 2021 +0000" }, "message": "m/p/devicemapper: make parameter encoding part of package\n\nThe DM kernel interface gets a single parameter string for each DM\ntarget in a table but internally the kernel immediately decodes it into\nan argv-style list of string arguments. Because everything needs to do\nit and it can be quite hard to get right, let\u0027s make it part of the\ndevicemapper package. Properly encoding this also means you get\nactionable errors when you pass invalid data instead of weird kernel\nerrors or misbehavior.\n\nChange-Id: I8060871a7459183c0395e5e4e8aac517544b2e87\nReviewed-on: https://review.monogon.dev/c/monogon/+/309\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "a41caacc71418f7307d851fad95991cf80bdcb41", "tree": "cbcf9af76f29ccb94b7c2b94d75f1e8eb39cfb3d", "parents": [ "5253884d51cb64c1d1afcb2d7b969f7c2b50b302" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Aug 12 17:00:55 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Thu Aug 19 10:20:55 2021 +0000" }, "message": "m/pkg/pki: forbid External/Managed certificates without name\n\nThis ensures any stored certificates must have a name set - otherwise\nthey end up being created with an empty string as a name, and end up\ncolliding with eachother.\n\nChange-Id: I9e415b6ff89dbda179526920d58e33e638a28cec\nReviewed-on: https://review.monogon.dev/c/monogon/+/286\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "5253884d51cb64c1d1afcb2d7b969f7c2b50b302", "tree": "10a6bf03472e9c14da2515ea7755d74bb3f660e6", "parents": [ "99f477412a2e701f89f7698be1dd432adcfff17c" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Aug 11 16:22:41 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Thu Aug 19 10:20:55 2021 +0000" }, "message": "m/pkg/pki: refactor, allow for external certificates\n\nThe pki library supported managing certificates in two modes:\n\n - default, when name !\u003d \"\"\n - volatile/ephemeral, when name \u003d\u003d \"\"\n\nThe difference between the two being that default certificates were\nfully stored in etcd (key and x509 certificate), while volatile\ncertificates weren\u0027t stored at all. However, both kinds needed private\nkeys passed to the pki library.\n\nWe want to be able to emit certificates without having private keys for\nthat certificate, so we end up a third mode of operation: \u0027external\ncertificates\u0027. These are still stored in etcd, but without any\ncorresponding private key.\n\nIn the future we might actually get rid of ephemeral certificates by\nexpanding the logic of external certificates to provide a full audit log\nand revocation system, instead of matching by Certificate Name. But this\nwill do for now.\n\nWe also use this opportunity to write some simple tests for this\npackage.\n\nChange-Id: I193f4b147273b0a3981c38d749b43362d3c1b69a\nReviewed-on: https://review.monogon.dev/c/monogon/+/263\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "257acab41f5a35575ca0f2dbc9568b1bd75d2570", "tree": "fdc41d8de424f74525b7a92024c12f00ed8928fa", "parents": [ "1445396219351e711f82d4cebad6e84a46553bda" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Aug 10 12:36:17 2021 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 11 11:28:06 2021 +0000" }, "message": "m/p/devicemapper: Support creating read-only devices\n\nI originally thought this is not going to be needed as R/W control can be done through devicemapper itself, but verity requires a read-only table.\n\nWhile we\u0027re here let\u0027s also add some doc comments to the Target struct.\n\nExisting functionality is covered by existing tests, read-only functionality will be exercised by verity tests once they land.\n\nChange-Id: Ib76bcffb14b5fe40d8d77bd9731b591d0d8cf22f\nReviewed-on: https://review.monogon.dev/c/monogon/+/262\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "2098b98c7deaf9115742cf73071f888e0513cf2f", "tree": "6037aec601525299a09d8996f4ebe0c1e4a91674", "parents": [ "79fc1e9fd6ee8777f097ab251b828d82e33b7bad" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Jul 07 15:13:46 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Wed Jul 07 15:34:42 2021 +0000" }, "message": "m/pkg/combinectx: reformat\n\nSeems like this slipped past the cracks on original review - we should\nadd CI for this.\n\nChange-Id: I35cc1d14710109d4d2d0a60b573400b65cb7d350\nReviewed-on: https://review.monogon.dev/c/monogon/+/212\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "ebe025936fc86f53e7316f894f54dd6ef9b0a9d7", "tree": "0dd0a48c297e69a8bcbe53ef65d3dba7f53961a3", "parents": [ "020b7c53a59f7f4e31976d7b3f08011dadb1c9c4" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Jul 07 14:23:26 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Wed Jul 07 13:45:29 2021 +0000" }, "message": "m/pkg/logtree/unraw: implement\n\nThis is another part of the generic external leveled log ingestion\nmechanism. This parts takes care of ingesting external data either by\nexposing an io.Writer or a named pipe on the filesystem from which\nexternal logs are parsed and then inejcted into the logtree.\n\nChange-Id: Ie2263496ca4d50220abdd8e4d37a35730d127319\nReviewed-on: https://review.monogon.dev/c/monogon/+/208\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "020b7c53a59f7f4e31976d7b3f08011dadb1c9c4", "tree": "9c6b8ea68b0a4db7d4a8b90b636feff712998235", "parents": [ "f8a8e65685cb621dc7fb39043a6d01caee5dcaf0" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Jul 07 14:22:28 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Wed Jul 07 13:45:21 2021 +0000" }, "message": "metropolis/pkg/logtree: allow logging external leveled payloads\n\nThis is in preparation for making the mechanism to ingest external\nlogging more generic (currently we have an ad-hoc solution for klog, but\nwe now also want to implement one for etcd).\n\nChange-Id: I6e6f656e5d83ad22d67a81fbeb87c8d369796e18\nReviewed-on: https://review.monogon.dev/c/monogon/+/207\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "f8a8e65685cb621dc7fb39043a6d01caee5dcaf0", "tree": "db6142898e003969628a3ec879f6af77780f8da4", "parents": [ "f0b4da54afc17f4b2b1c31ddb9433ee888aea699" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Jul 06 16:23:43 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Wed Jul 07 13:36:48 2021 +0000" }, "message": "m/pkg/{logtree,supervisor}: add test helpers\n\nThis adds two functions:\n\n logtree.PipeAllToStderr\n supervisor.NewHarness\n\nThese are designed to simplify tests that exercise code which expects to\nbe run as a supervisor runnable and/or have access to a logtree\ninstance.\n\nChange-Id: Ibce77aa4927515af7c273d07ced15215ff456ecc\nReviewed-on: https://review.monogon.dev/c/monogon/+/205\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "35e43d133a16750adfa1683473f5c2648a010b1a", "tree": "6aa1e8bcebd03a74b3950128436c5a37268d87c0", "parents": [ "3c885deeda9ab560ee29e94159782ce4323af80e" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Jul 06 13:12:14 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Wed Jul 07 13:24:21 2021 +0000" }, "message": "m/pkg/supervisor: move internal testhelpers\n\nThese are helper functions used for internal supervisor tests. This move\nis in preparation for writing the other kind of \u0027test helers\u0027: ones that\nare used by tests in other libraries when interacting with supervisor\ntypes.\n\nChange-Id: I64efe19b68c7c244ad426167565b0083a1b86fcf\nReviewed-on: https://review.monogon.dev/c/monogon/+/204\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "fac8b2e265836dea105e8463a3a22b189764fd3f", "tree": "0f78f138d0095d99a1bf529e29c29cb668a1f0b4", "parents": [ "b9013af7fa0247191099ec1f471a2d751537f545" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue May 04 12:23:26 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Tue Jun 08 10:23:53 2021 +0000" }, "message": "m/pkg/event: split out ValueWatch from Value\n\nSummary:\nThis implements a small TODO, letting the etcd Value implementation only\nimplement the Watch part of the interface.\n\nTest Plan: Refactor.\n\nChange-Id: I9ccd73ce4d165182d9588387230e71bcb425ab94\nReviewed-on: https://review.monogon.dev/c/monogon/+/122\nReviewed-by: Lorenz Brun \u003clorenz@nexantic.com\u003e\n" }, { "commit": "4166a71f51d9546c1dfd9f99b5fdffcb9301b57b", "tree": "a1e5341a9b71f973e1c24734872b0e1cc897f93c", "parents": [ "c89df2f0de65533e0801c6472cc4cee8b13cd761" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Jun 07 21:58:54 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Tue Jun 08 00:02:06 2021 +0000" }, "message": "m/pkg/combinectx: implement\n\nThis implements combinectx, a Go library for combining two contexts into\na single one. We need this for the new curator logic (where we want to\ncancel RPC calls both when the incoming request gets canceled but also\nwhen leadership status changes), and this functionality has been\nfactored out as a reusable, generic library.\n\nPrior art:\n\n1) https://github.com/golang/go/issues/36503\n Proposal to add Merge() to context stdlib package. Unimplemented.\n\n2) https://github.com/teivah/onecontext\n Complex reflect-based logic for arbitrary amount of contexts to join,\n no functionality to detect which context caused the joined context to\n be canceled.\n\n3) https://github.com/LK4D4/joincontext\n No functionality to detect which context caused the joined context to\n be canceled.\n\nChange-Id: I774607da38b06c192ff0fee133eb258abd500864\nReviewed-on: https://review.monogon.dev/c/monogon/+/123\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "c89df2f0de65533e0801c6472cc4cee8b13cd761", "tree": "b65e4c12ab0c629dcc311335ad0151e1b19f3bbe", "parents": [ "dcf654592593e4ad897bfb34a5a9238a3223cca4" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Apr 27 15:51:37 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Mon May 31 16:51:31 2021 +0000" }, "message": "m/pkg/event/etcd: implement etcd-backed Value\n\nThis implements Event Value stored in etcd, with each Value\ncorresponding to a single KV value stored in etcd.\n\nComes with more lines of unit tests than lines of code.\n\nChange-Id: I5514f211ded6640836ed801ddaf1b2fcc31ae552\nReviewed-on: https://review.monogon.dev/c/monogon/+/64\nReviewed-by: Lorenz Brun \u003clorenz@nexantic.com\u003e\n" }, { "commit": "216fe7b3ae949376467f626f339423a31ea7da97", "tree": "b0fe587b671a76bf6229339825d2a61df7fc847b", "parents": [ "6ebdc418f3c4799c12368e34ea78dc9c9757fb54" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri May 21 18:36:16 2021 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri May 28 17:54:03 2021 +0200" }, "message": "*: reflow comments to 80 characters\n\nThis reformats the entire Metropolis codebase to have comments no longer\nthan 80 characters, implementing CR/66.\n\nThis has been done half manually, as we don\u0027t have a good integration\nbetween commentwrap/Bazel, but that can be implemented if we decide to\ngo for this tool/limit.\n\nChange-Id: If1fff0b093ef806f5dc00551c11506e8290379d0\n" }, { "commit": "68ca5eebd0ccd00a2d60eb42289c64357fb2e83f", "tree": "5706f5b4fa8dc44775dbabe24cd577f1d37a0422", "parents": [ "93bba15a0059da200a5d09a2bd7ec5ed5a667c60" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Apr 27 16:09:16 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue May 11 12:09:33 2021 +0200" }, "message": "m/pkg/event: move MemoryValue to subpackage\n\nThis keeps metropolis/pkg/event as a pure interface package, and\nmoves the memory-backed implementation to a subpackage.\n\nTest Plan: Refactor, coevered by tests.\n\nX-Origin-Diff: phab/D764\nGitOrigin-RevId: 1337bf55a7752293791b3efe8648bbf5f6e6e9e1\n" }, { "commit": "9956e72c6c0b4f6436dc9493bc213965ee0cc191", "tree": "7842ac67432e3a187dda6a2dcb46d11088934159", "parents": [ "dca59d924dac4345099e5acd99405b5451d29cdb" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Mar 24 18:48:55 2021 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Apr 13 11:03:53 2021 +0200" }, "message": "Add Loop Device package\n\nThis adds Loop device support in our Linux kernel and adds a Go package for working with them.\nIt also drive-by adds a pre-mounted tmpfs to ktest as that is quite useful in a lot of situations.\n\nTest Plan: Comes with ktests.\n\nX-Origin-Diff: phab/D745\nGitOrigin-RevId: fa06bcdddc033efb136f56da3b4a91159273bf88\n" }, { "commit": "056042962060369bd7607ecfea51c515fc3a8140", "tree": "86a6dbf7b1781ed2f5baf332938d4e8211353112", "parents": [ "0ab4edafde3eb22e111e75d6aa5e29faa92c30ca" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Mar 12 17:47:21 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Mar 12 17:47:21 2021 +0100" }, "message": "m/node/kubernetes: parse klog output from services\n\nThis translates Kubernetes\u0027 logging ingo logging that we can\nquery/filter more easily.\n\nTest Plan: We don\u0027t test resulting logs from the system, and I\u0027m not sure we should?\n\nX-Origin-Diff: phab/D716\nGitOrigin-RevId: ba3f42b9a4e3172bf058bd7dce4283f50dc8e69d\n" }, { "commit": "0ab4edafde3eb22e111e75d6aa5e29faa92c30ca", "tree": "8931f10cd69309ece470c38c3a062ef74f3699a5", "parents": [ "9411f7c2ed0afbbf617075ab37901addc76fadfb" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Mar 12 17:43:57 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Mar 12 17:43:57 2021 +0100" }, "message": "m/pkg/logtree: implement klog parsing\n\nThis adds logtree.KLogParser, a shim which parses klog/glog-formatted\nlines into logtree leveled logging.\n\nThis will be used to consume logs from external components (like\nKubernetes services) into leveled logging inside logtree.\n\nAn alternative would be to switch all Kubernetes components to\n\u0027structured\u0027 (JSON) logging - but that seems to still be experimental,\nand does not exactly map into something that we can log further. Maybe\nin the future we can switch over, and also copy these over into our own\nbinary/structured logging.\n\nTest Plan: Adds unit tests for parsing, which is the most tricky part.\n\nX-Origin-Diff: phab/D715\nGitOrigin-RevId: 9994d819f15c9542800d488f57c83ab945a35d34\n" }, { "commit": "9411f7c2ed0afbbf617075ab37901addc76fadfb", "tree": "f1f62aa538ba3c2265815d2dbe942377264850a5", "parents": [ "0de189355c6afad6f677029d90fa40dee824141b" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Mar 10 13:12:53 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Mar 10 13:12:53 2021 +0100" }, "message": "m/node/kubernetes/pki: refactor out CA functionality\n\nThis factors out all non-k8s-specific CA functionality from\nmetropolis/node/kubernetes/pki into metropolis/pkg/pki.\n\nThis will allow us to re-use the same PKI-in-CA system to issue\ncertificates for the Metropolis cluster and nodes.\n\nWe also drive-by change some Kubernetes/PKI interactions to make things\ncleaner. Notably, this implements Certificate.Mount to return a\nfileargs.FileArgs containing all the files neede to use this\nCertificate.\n\nTest Plan: covered by current e2e tests. An etcd harness to test this independently would be nice, though.\n\nX-Origin-Diff: phab/D709\nGitOrigin-RevId: bdc9ff215b94c9192f65c6da8935fe2818fd14ad\n" }, { "commit": "ddd6caff9edac56dad727a79eb5b0faf4dbd6cb9", "tree": "120710eb4a9acf0c3ad1086d9f6f6f3c850a0d70", "parents": [ "bcae658f9530e95cde2ac931beacae71c9fb240e" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Mar 04 17:16:04 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Mar 04 17:16:04 2021 +0100" }, "message": "Build mkfs.xfs using rules_cc\n\nThis drops the old big genrule for mkfs.xfs and replaces it with a nice rules_cc build system\nwith the help of bazel_cc_fix generated patches and our musl-based toolchain.\nWhile we\u0027re at it I bumped the versions of all related dependencies to their latest stable release.\nThis also means pulling in ini.h which is a dependency of the new xfstools version.\n\nInstructions to regenerate the patches are included in the spec files.\n\nToolchain selection is done by the existing transition in our rootfs rule so we automatically get a musl-built\nstatic binary when building for the rootfs.\n\nTest Plan: Tested with E2E tests, should fail fairly catastrophically if something were wrong.\n\nX-Origin-Diff: phab/D708\nGitOrigin-RevId: 648a05cdd08cfa84a8a9f4c057c52446e7005631\n" }, { "commit": "c00318e448212b01a8121059be3c3e9b35bd13a7", "tree": "38011616a2112e14591da1b06ac65ac8ec75b372", "parents": [ "32d73486f4ea778cd3ea58e2d579e862cf67fb9c" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Mar 03 12:39:24 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Mar 03 12:39:24 2021 +0100" }, "message": "m/pkg/event: implement\n\nThis specifies event.{Value,Watcher}, an interface for data that might\nbe updated by its producer, and which is watched for such updates by\nmultiple consumers.\n\nIt also implements MemoryValue, a Value that is stored in memory.\n\nTest Plan: adds unit tests.\n\nX-Origin-Diff: phab/D706\nGitOrigin-RevId: 271fd4e88969817b66318d3e03d50b70cf2819b8\n" }, { "commit": "5999e92b2da34cbbd50391327ec01081a91866ee", "tree": "164e447b7d17e89f2b1046c3da51af141deaa08b", "parents": [ "3a99c590543394ceb5260282ef8e924b44e8eef8" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jan 27 18:53:54 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jan 27 18:53:54 2021 +0100" }, "message": "Bump Linux kernel to 5.10\n\nThis bumps our Linux kernel to 5.10. There\u0027s one minor fix in fsinfo accounting for the fact that strings are\nnow null-terminated. While debugging this I also drive-by fixed a minor typing issue in quotactl.go.\n\nThis drops support for the old initramfs loading method (which was the driving force for the EROFS changes)\nas refactors in the kernel made the patch we carried until now non-viable. Nothing uses it anymore, everything is\neither a microvm-style machine which doesn\u0027t use EFI and thus doesn\u0027t suffer from the issue or uses EROFS.\n\nTest Plan: No new functionality, should be covered by E2E tests.\n\nX-Origin-Diff: phab/D697\nGitOrigin-RevId: d8e40954abb66cb082eecbca372b94a7e40b84a8\n" }, { "commit": "10b9ee96d4c2b8a011af4cd4db3390c1fd1ddf93", "tree": "ea0ca7da66e44cc52defa1a307e47642ca83a150", "parents": [ "2073ce34e57b0be3cedd39b8934869abb6f73582" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Feb 10 12:14:23 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Feb 10 12:14:23 2021 +0100" }, "message": "erofs: Don\u0027t modify caller\u0027s data\n\nThe erofs library\u0027s directory writer appends data to parameters. Because of the way slices work in Go this\nresults in the caller\u0027s data being changed, which is obviously undesirable. Fix this by making a copy first.\n\nTest Plan: Minimal change, should be covered by existing tests\n\nX-Origin-Diff: phab/D703\nGitOrigin-RevId: ebf473c1049e5e8035802382220aba98c4498877\n" }, { "commit": "378a4455aedda838f60c546e55199092f24952ed", "tree": "aa78b858535224fe8c9b24c2ff7e9ed2c903080b", "parents": [ "74e8e5c35fea1ec9ce13c8a2d16100bab45d42d9" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jan 26 13:47:41 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jan 26 13:47:41 2021 +0100" }, "message": "Add EROFS library\n\nThis adds a library to write EROFS filesystems. It supports most of the non-deprecated features the\nfilesystem supports other than extended inodes (which have no benefits for most use cases where EROFS would be\nappropriate). EROFS\u0027s variable-length extent compression is partially implemented but it requires an LZ4\ncompressor with support for fixed-size output which Go\u0027s https://github.com/pierrec/lz4 doesn\u0027t have. This means\nthat VLE compression is currently not wired up.\n\nThis will be used later as a replacement for our current initramfs-based root filesystem.\n\nTest Plan: Has both integration and some unit tests. Confirmed working for our whole rootfs.\n\nX-Origin-Diff: phab/D692\nGitOrigin-RevId: 8c52b45ea05c617c80047e99c04c2b63e1b60c7c\n" }, { "commit": "f12bedfa4cd144c3abc4deac58405067d55f9c87", "tree": "ddbc408e424a0ea8e446bcf0022ee16278202d63", "parents": [ "c3ad846e0eaf4cf008130a643ff247aa27531e17" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Jan 15 16:58:50 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Jan 15 16:58:50 2021 +0100" }, "message": "*: bump up Go dependencies\n\nThis started off as \u0027let\u0027s bump gVisor\u0027. However, pulling that thread\nresulted in quite a few things that also required bumping for the build\nto actually work. Here I come back from a day in the Bazel mines,\nbearing fruits of my labor.\n\nNotable changes:\n\n - bump up gVisor\n - bump up containerd\n - bump up Bazel\n - bump up rules_go, rules_docker, Gazelle\n - use google.golang.org/protobuf (the \u0027new\u0027 go proto package)\n - bump up gRPC (but not too much, as go-etcd is still straggling)\n\nNotable effects:\n\n - new gVisor supports TTY allocation (kubectl run -it\n --image\u003dubuntu:20.04 ubuntu bash now works!)\n\nNotable notes:\n\n - gVisor shim has new been rolled into the main gVisor package and is\n slightly easier to build (we can get rid of a bunch of patches).\n - Opencontainers\u0027 runtime-specs now follow containerd instead of gVisor\n - gVisor had to be taught to use the slightly newer runtime-specs via a\n new patch.\n - go_rule() in Starlark is now deprecated, and we had to change our\n Starlark rule definitions to use rule() instead. We also had to patch\n gVisor to do that (as there hasn\u0027t yet been a release that rolled\n this up).\n - Gazelle now supports different naming schemes for generated Go\n targets - either the old //foo/bar:go_default_library scheme, or a\n new and nicer //foo/bar:bar scheme. We currently force the usage of\n the old scheme, as switching over is probably not going to be easy\n (we use a lot of external Bazel files, and we have to wait for their\n compatibility with the new scheme first).\n - New Bazel/rules_go sets a TMPDIR long enough to generate paths (via\n ioutil.TempDir) to which sockets cannot be bound (108-byte limit).\n - The new protobuf API is incompatible with gogoproto. containerd/ttrpc\n uses gogoproto, but we are smart enough to pull in the old protobuf\n library as gogoproto\u0027s transitive dep. However, ttrpc also wants to\n use some proto-generated grpc bits, and that doesn\u0027t work. We have to\n pull in a ttrpc fork from a PR that hasn\u0027t yet been merged that fixes\n this issue.\n\nTest Plan: Refactor only, should be covered by tests.\n\nX-Origin-Diff: phab/D689\nGitOrigin-RevId: 1188c0605d25e7f40307fab5fd96e7019f3a9171\n" }, { "commit": "31370b07f0df2dc2765d812d4ce00a6b35185b16", "tree": "15563902eee9591083284441c8505b084b275d0a", "parents": [ "313816f41244d7520eb2b6f8c231328ee5b7a4ef" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 16:31:14 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 16:31:14 2021 +0100" }, "message": "*: git.monogon.dev -\u003e source.monogon.dev\n\nThis implements T882, setting our (virtual) GOPATH to source.monogon.dev\nfor this repository.\n\nTest Plan: Refactor, CI only.\n\nX-Origin-Diff: phab/D686\nGitOrigin-RevId: c5e2309089948ffc3a98e68e2e0e1cbb157d3a36\n" }, { "commit": "0be9be88224dd87eedb10436b11615fa59862271", "tree": "2cffcd0ca273ada48c0b42a36bd25bb1cc2da35c", "parents": [ "549b72b2d65051403301f53111509f77e88b379b" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 15:23:44 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 15:23:44 2021 +0100" }, "message": "metropolis: Lock down visibility rules\n\nThis formalizes the package structure introduced by D683.\n\nTest Plan: Pure refactor, CI only.\n\nX-Origin-Diff: phab/D684\nGitOrigin-RevId: 574aa14c71faf94f4a5c02a2110e2e3fef7d36ac\n" }, { "commit": "549b72b2d65051403301f53111509f77e88b379b", "tree": "b4e523d5d17e8130545e58b58870b4a18118a780", "parents": [ "696f39abb19ffcca03e9fc5a98681338216b1e7f" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 14:54:19 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 14:54:19 2021 +0100" }, "message": "metropolis: unify utility packages\n\nOne last sweeping rename / reshuffle.\n\nWe get rid of //metropolis/node/common and //golibs, unifying them into\na single //metropolis/pkg meta-package.\n\nThis is to be documented somwhere properly, but here\u0027s the new logic\nbehind selecting where to place a new library package:\n\n - if it\u0027s specific to k8s-on-metropolis, put it in\n //metropolis/node/kubernetes/*. This is a self-contained tree that\n other paths cannot import from.\n - if it\u0027s a big new subsystem of the metropolis core, put it in\n //metropolis/node/core. This can be imported by anything in\n //m/n (eg the Kubernetes code at //m/n/kubernetes\n - otherwise, treat it as generic library that\u0027s part of the metropolis\n project, and put it in //metropolis/pkg. This can be imported by\n anything within //metropolis.\n\nThis will be followed up by a diff that updates visibility rules.\n\nTest Plan: Pure refactor, CI only.\n\nX-Origin-Diff: phab/D683\nGitOrigin-RevId: 883e7f09a7d22d64e966d07bbe839454ed081c79\n" } ] }