)]}' { "log": [ { "commit": "65702194ea264a0fd01fb470bacaf39264b4f637", "tree": "3469201097b30e638f1e446655e1d23b33d90f8d", "parents": [ "f551a7696824a9ddbac63191c489db8280aee0a4" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Aug 31 16:27:38 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Sep 14 13:43:45 2023 +0000" }, "message": "workspace: rules_go, gazelle, go, gVisor update\n\nThis commit not only updates rules_go and friends, but also updates\ngVisor, removes legacy protobuf usage and switches from using\nbuild_configuration to a config flag for bazel\n\nChange-Id: Idb383f35ca0fec4cb7329e9d991f08f28cf9b1fb\nReviewed-on: https://review.monogon.dev/c/monogon/+/2129\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "800e7c9514c1ea5aa9267a19217086363d6d8c4d", "tree": "3543adb39b0f1ba5d84f651a2840edc885b7dce4", "parents": [ "d1c392a788043f2bd82d936a334bd01e1be97421" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jul 12 22:37:39 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jul 13 10:23:27 2023 +0000" }, "message": "m/p/tpm: fix garbage when logging PCRs\n\nCasting an int to a string causes it to be interpreted as a byte of an\nUTF-8 string, not converted to the respective UTF-8 character(s).\nUse strconv instead to actually convert the integers to valid UTF-8\ntext.\n\nChange-Id: I4878d9312f2fd2f2401e7fc3ba0e7a69cbca4d9e\nReviewed-on: https://review.monogon.dev/c/monogon/+/1925\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "ed6bcacf756182ee62d249e3675ff050dcbc6800", "tree": "af1b4ea39b5a4ff2c9e1403748697b6869296938", "parents": [ "e11ffb67bab34f1faa439b13aeb2630d86714441" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed May 04 17:39:41 2022 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed May 04 17:49:54 2022 +0000" }, "message": "m/p/tpm: fix panic when unsealing corrupted data\n\nIf the Protobuf payload for the unseal operation is parseable but does\nnot contain a sealed_key member, the code panics trying to access it.\nThis adds an explicit check and returns a descriptive error when that\nhappens.\n\nChange-Id: I671958c69265a1e77207981a439a66dccda87064\nReviewed-on: https://review.monogon.dev/c/monogon/+/673\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "fdc3a2473e4ebfd77db342252e1088882e01b2d6", "tree": "addfe894acce55d3088764cc49a6c1c3cee55573", "parents": [ "33ce3bcd5c4791cb66a3020b7792829c534c97c6" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Apr 06 15:56:38 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Apr 19 08:01:17 2022 +0000" }, "message": "third_party/go: fix `go mod tidy`\n\nThis makes our root repository somewhat more gomod-compliant, to the\npoint where we can run `go mod tidy` to manage dependencies.\n\nThe generated placeholder files turn their parent paths into enough of a\nGo package that the go tooling is appeased, but they are ignored by\nGazelle.\n\nIdeally, we will generate these placeholders automatically before\nrunning `go mod tidy` and gitignore them, but this will do as a first\npass.\n\nWe also remove some unused dependencies which got caught by `go mod\ntidy`.\n\nChange-Id: I81e7e92a45f22c8ef9c92207f67a5bd6cc773da5\nReviewed-on: https://review.monogon.dev/c/monogon/+/652\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "d13c1c64387ca9a83bb832a3faa5c4b07268d265", "tree": "0c0f534db4726e4400486aad25235e8c573d455e", "parents": [ "79a1a8f9dd49afe8e0a2364c4586b8f39525b204" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Mar 30 19:58:58 2022 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Apr 05 10:35:29 2022 +0000" }, "message": "treewide: switch to gomod and bump everything\n\nThis switches version resolution from fietsje to gomod and updates\nall Go dependencies. It also bumps rules_go (required by gVisor) and\nswitches the Gazelle naming convention from go_default_xxx to the\nstandard Bazel convention of the default target having the package\nname.\n\nSince Kubernetes dropped upstream Bazel support and doesn\u0027t check in\nall generated files I manually pregenerated the OpenAPI spec. This\nshould be fixed, but because of the already-huge scope of this CL\nand the rebase complexity this is not in here.\n\nChange-Id: Iec8ea613d06946882426c2f9fad5bda7e8aaf833\nReviewed-on: https://review.monogon.dev/c/monogon/+/639\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "662182fd732fb523ee76bdc069f603bc378a6d2e", "tree": "0dbebeb12a8be1de9f19d31d6c6319e005af749e", "parents": [ "74440ac441be981eb570dc37036e71bf25a04492" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Mar 10 14:06:48 2022 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Mar 10 16:24:34 2022 +0000" }, "message": "m/p/tpm: use secretbox with seal/unseal for larger payloads\n\nNatively the Seal/Unseal operation in the TPM 2.0 specification only\nsupports up to 128 bytes of payload. If you need to seal more than that\nthe specification tells you to generate and seal a key and use that to\nencrypt and authenticate the rest of the data. This CL implements said\nmechanism transparently as part of the Seal and Unseal functions using\na nacl-compatible secretbox as the authenticated encryption primitive.\n\nChange-Id: I0a724b12aae5e5151d103b52ed13b71c864076ab\nReviewed-on: https://review.monogon.dev/c/monogon/+/626\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "8b786897cc419483fa586fd620c3d725d7bd6a95", "tree": "1e4f582b8c2272b73970e4727171175320aeab7c", "parents": [ "57d06a7cfa461f367d4362ccecf4a2d66068a1f9" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jan 13 14:21:16 2022 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jan 13 16:46:06 2022 +0000" }, "message": "m/n/core: only warn if no TPM 2.0 has been found\n\nCurrently the TPM is basically unused. The only user is the generator of\nnode and cluster unlock keys, which get fed with both TPM and local entropy\nwhich marginally increases security.\nThis converts a missing TPM 2.0 into a warning and falls back to generating\nboth of those keys purely with Linux entropy, allowing Metropolis to boot\non hardware without a TPM 2.0.\n\nChange-Id: I910f9768ede554e5ec2c3a35079a6799d1ee9c8c\nReviewed-on: https://review.monogon.dev/c/monogon/+/514\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "764a2de7911a42d57720911332a12895f0aad707", "tree": "dd0e31cee8fb5c753a762462e9eb16f776c3ec73", "parents": [ "e65731049afb6fd49da80f064fa40a28c9d5741d" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Nov 22 16:26:36 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Nov 22 20:39:51 2021 +0000" }, "message": "tree-wide: rewrite ioutil functions to their replacements\n\nThe ioutil package has been deprecated in Go 1.16 [1]. This CL removes\nall our own users of that package and rewrites them to use their\nreplacements in the os package. I initially wanted to do this with a\ngofix but because all replacements were signature-compatible I just\ndid it with a few string replaces and then ran goimports to fix up the\nimports.\n\nI intentionally didn\u0027t rewrite the patches as that would require a\ndifferent process and is IMO of less value.\n\n[1] https://github.com/golang/go/issues/42026\n\nChange-Id: Iac6663a1f1ee49f9b1c6e4b3d97e73f2c3b54a13\nReviewed-on: https://review.monogon.dev/c/monogon/+/449\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "216fe7b3ae949376467f626f339423a31ea7da97", "tree": "b0fe587b671a76bf6229339825d2a61df7fc847b", "parents": [ "6ebdc418f3c4799c12368e34ea78dc9c9757fb54" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri May 21 18:36:16 2021 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri May 28 17:54:03 2021 +0200" }, "message": "*: reflow comments to 80 characters\n\nThis reformats the entire Metropolis codebase to have comments no longer\nthan 80 characters, implementing CR/66.\n\nThis has been done half manually, as we don\u0027t have a good integration\nbetween commentwrap/Bazel, but that can be implemented if we decide to\ngo for this tool/limit.\n\nChange-Id: If1fff0b093ef806f5dc00551c11506e8290379d0\n" }, { "commit": "31370b07f0df2dc2765d812d4ce00a6b35185b16", "tree": "15563902eee9591083284441c8505b084b275d0a", "parents": [ "313816f41244d7520eb2b6f8c231328ee5b7a4ef" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 16:31:14 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 16:31:14 2021 +0100" }, "message": "*: git.monogon.dev -\u003e source.monogon.dev\n\nThis implements T882, setting our (virtual) GOPATH to source.monogon.dev\nfor this repository.\n\nTest Plan: Refactor, CI only.\n\nX-Origin-Diff: phab/D686\nGitOrigin-RevId: c5e2309089948ffc3a98e68e2e0e1cbb157d3a36\n" }, { "commit": "0be9be88224dd87eedb10436b11615fa59862271", "tree": "2cffcd0ca273ada48c0b42a36bd25bb1cc2da35c", "parents": [ "549b72b2d65051403301f53111509f77e88b379b" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 15:23:44 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 15:23:44 2021 +0100" }, "message": "metropolis: Lock down visibility rules\n\nThis formalizes the package structure introduced by D683.\n\nTest Plan: Pure refactor, CI only.\n\nX-Origin-Diff: phab/D684\nGitOrigin-RevId: 574aa14c71faf94f4a5c02a2110e2e3fef7d36ac\n" }, { "commit": "549b72b2d65051403301f53111509f77e88b379b", "tree": "b4e523d5d17e8130545e58b58870b4a18118a780", "parents": [ "696f39abb19ffcca03e9fc5a98681338216b1e7f" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 14:54:19 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 14:54:19 2021 +0100" }, "message": "metropolis: unify utility packages\n\nOne last sweeping rename / reshuffle.\n\nWe get rid of //metropolis/node/common and //golibs, unifying them into\na single //metropolis/pkg meta-package.\n\nThis is to be documented somwhere properly, but here\u0027s the new logic\nbehind selecting where to place a new library package:\n\n - if it\u0027s specific to k8s-on-metropolis, put it in\n //metropolis/node/kubernetes/*. This is a self-contained tree that\n other paths cannot import from.\n - if it\u0027s a big new subsystem of the metropolis core, put it in\n //metropolis/node/core. This can be imported by anything in\n //m/n (eg the Kubernetes code at //m/n/kubernetes\n - otherwise, treat it as generic library that\u0027s part of the metropolis\n project, and put it in //metropolis/pkg. This can be imported by\n anything within //metropolis.\n\nThis will be followed up by a diff that updates visibility rules.\n\nTest Plan: Pure refactor, CI only.\n\nX-Origin-Diff: phab/D683\nGitOrigin-RevId: 883e7f09a7d22d64e966d07bbe839454ed081c79\n" } ] }