)]}' { "log": [ { "commit": "7ba3152b450889e81e85a02bd2e28f992edba2b0", "tree": "f543b51e889ff997beff6780e86a2eb4aab6aa50", "parents": [ "71049afd7c1828f5deb660c059527e5d99e8d1c7" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Feb 03 16:08:19 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Feb 03 16:08:19 2020 +0100" }, "message": "core/internal/api: use gRPC statuses as much as possible\n\nReturning plain go errors via gRPC will always result in a gRPC \u0027INTERNAL\u0027 error code, which is suboptimal. We go ahead and semanticize some of the possible error paths, and at the same time:\n\n - swallow some internal errors into logs and serve sanitized errors\n - move some of the internal service implementations to also use gRPC statuses\n - change a panic() call into a status.Unimplemented return type\n\nThere\u0027s still plenty work to be done on this front, but this is a good first change.\n\nTest Plan: if this is not covered by tests we\u0027re screwed anyways\n\nX-Origin-Diff: phab/D366\nGitOrigin-RevId: 71880a9e23c65631d6c4df6338855864c34bb11f\n" }, { "commit": "71049afd7c1828f5deb660c059527e5d99e8d1c7", "tree": "cae977fc7e2640c2630d662ef3d97525468a9691", "parents": [ "dcb3a56fe915f2359a5832c685aa2789027ee5fb" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Feb 03 16:05:52 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Feb 03 16:05:52 2020 +0100" }, "message": "core/api: fix RemoveNode return type.\n\nTest Plan: should be covered by API tests\n\nX-Origin-Diff: phab/D365\nGitOrigin-RevId: 71cb5ae7c91fff1a57bae508f027cac6f2f2fa74\n" }, { "commit": "dcb3a56fe915f2359a5832c685aa2789027ee5fb", "tree": "acaa864bedaa306005830dc7d5aa1e3b0562139d", "parents": [ "f8323f1010f4d1714570197f438888d081056846" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Feb 03 13:44:44 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Feb 03 13:44:44 2020 +0100" }, "message": "Remove spurious \u0027@//\u0027 root workspace references\n\nTest Plan: covered by tests\n\nX-Origin-Diff: phab/D364\nGitOrigin-RevId: 4425fa5756468685dfafaf87186bf12f7da455e8\n" }, { "commit": "f8323f1010f4d1714570197f438888d081056846", "tree": "58c3328cd2e1a576d0aa29ccebac6dd7b6a3077a", "parents": [ "83dc285944ad65d429bb2641a7348366e7028c40" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Jan 07 23:26:34 2020 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Jan 07 23:26:34 2020 +0100" }, "message": "Remove synthetic GOPATH and symlinks\n\nAs it turns out, `go mod tidy` complains about missing modules\nbut still properly generates go.mod, so it appears that we do\nnot need a GOPATH or symlinks except for non-IntelliJ IDE support.\n\nWe should standardize on IntelliJ and just get rid of this\nworkaround. Hendrik had trouble rebasing the shield revisions\n(that have a lot of generated code) and it\u0027s likely a lot of\nwork to maintain this hack in the future.\n\nSee D305, D309\n\nTest Plan:\nRan `scripts/gazelle.sh` after deleting all symlinks\nand tested that `go mod tidy` properly restored the go.mod file\nafter modifying it manually.\n\nX-Origin-Diff: phab/D311\nGitOrigin-RevId: fe4bc491fca6fa072cff047185d7c18305564ea4\n" }, { "commit": "83dc285944ad65d429bb2641a7348366e7028c40", "tree": "e81cc19c682a21084ec5ab700e61fe4396c81f8d", "parents": [ "2ab141d7fb88b7d939a286a219a000bedcf5f2e5" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Jan 07 21:57:08 2020 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Jan 07 21:57:08 2020 +0100" }, "message": "Teach Gazelle about k8s import paths in @kubernetes\n\nThis prevents \"gazelle update\" from attempting to add its\ngo_repository equivalent to the auto-generated BUILD file.\n\nWe still need to keep the entries in Go.mod and Gazelle\nwill generate unused go_repository rules for them, because\n`go mod tidy` would break otherwise (and we cannot use a\nreplace directive or a symlink, because replacing requires\na Go.mod file, which the Kubernetes repo does not have,\nand symlinks are not a thing for external dependencies).\n\nThis was broken in master since D271.\n\nTest Plan:\nRan `scripts/gazelle.sh`, `bazel build :gopath`,\nand then the script again. This previously broke and now works.\n\nX-Origin-Diff: phab/D310\nGitOrigin-RevId: 79c1b2836e86df6baddbc1a1dd770e6c0dd84133\n" }, { "commit": "2ab141d7fb88b7d939a286a219a000bedcf5f2e5", "tree": "7bf957488aac2289578490d00a07d1b9c027aa46", "parents": [ "f1d34d328eaf66f8ede61a0ffe30519f43aa73d9" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Jan 07 20:50:07 2020 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Jan 07 20:50:07 2020 +0100" }, "message": "Add documentation for scripts/symlink_generated_files.sh\n\nTest Plan: N/a\n\nX-Origin-Diff: phab/D309\nGitOrigin-RevId: 0e0d29f1e981ba383e38256f496f77f726a3c29a\n" }, { "commit": "f1d34d328eaf66f8ede61a0ffe30519f43aa73d9", "tree": "aa50b5494e92180403e8397087885ef4eeac0ce5", "parents": [ "db6283e3d6425eea168e8dfc56c4f19f358ab64f" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Jan 07 14:15:44 2020 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Jan 07 14:15:44 2020 +0100" }, "message": "Update Bazel, rules_go, gazelle, linux_kernel, musl, and k8s\n\nrules_go updates Go to 1.13.5.\n\nEFI boot patch had to be rebased since a bunch of ifdefs got cleaned up in 5.x\n\nhttps://github.com/torvalds/linux/commit/ac09c5f43cf613939850cc38d7a34ae6556016ba\n\nhttps://github.com/torvalds/linux/commit/82f9ed3a93307089242ff8a5c694e82c8c93f522)\n\nTest Plan: CI\n\nX-Origin-Diff: phab/D304\nGitOrigin-RevId: 8d7711dd2038e76e091a22a1aab865c3593e3889\n" }, { "commit": "db6283e3d6425eea168e8dfc56c4f19f358ab64f", "tree": "586c9eb107e430ceeb90bdde96e57369044388b3", "parents": [ "8cc81f6d87a7fe2a1440a112a51d2fdfcf5bf568" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Jan 06 17:05:54 2020 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Jan 06 17:05:54 2020 +0100" }, "message": "Do not hardcode Fedora version in README\n\nTest Plan: N/A\n\nX-Origin-Diff: phab/D307\nGitOrigin-RevId: 1d2eb3e5b2b854f0a1791d0d9e28260d70566bb4\n" }, { "commit": "8cc81f6d87a7fe2a1440a112a51d2fdfcf5bf568", "tree": "1e719b87498a6197b678805f3dc2528ac5f79ce7", "parents": [ "eff7217f788aae2af6b86dbb91defa3171eb88b8" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Jan 06 17:04:54 2020 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Jan 06 17:04:54 2020 +0100" }, "message": "Pick the latest IntelliJ config folder for $ASPECT_ORIG\n\nTest Plan: Executed the two lines in my local shell\n\nX-Origin-Diff: phab/D306\nGitOrigin-RevId: f5744482129a649d358944fff0ae80a96e28a47d\n" }, { "commit": "eff7217f788aae2af6b86dbb91defa3171eb88b8", "tree": "c092558c9d6cc64725c1a41ed6797736ad5552e2", "parents": [ "a4516f9887e43b774e49c22db93cdf289dc9cfb1" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Sat Jan 04 15:07:52 2020 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Sat Jan 04 15:07:52 2020 +0100" }, "message": "Synthesize fake GOPATH and remove bazel_copy_generated_for_ide.sh\n\nWe can use rules_go to create a fake symlink farm GOPATH. This can be\nset as the GOPATH in IDEs that do not have native support for Bazel,\nand we can stop maintaining the bazel_copy_generated_for_ide.sh hack.\n\nThe remaining issue is that we still need Go tooling to manage our\ngo.mod file that serves as the input to Gazelle, so we need to add\nreplace directives to ensure that Go tools can resolve generated code.\n\nThe proper fix for all this is the upcoming native Bazel support in Go:\nhttps://github.com/bazelbuild/rules_go/issues/512\n\nTest Plan:\nRan `bazel build :gopath`, and a wild\n`bazel-bin/gopath/src/git.monogon.dev/source/nexantic.git/core/generated/api/schema.pb.go`\nappeared.\n\n`scripts/symlink_generated_files.sh` created a valid symlink in core/generated\nand `go mod tidy` ran successfully (despite complaining about the symlink).\n\nRunning `scripts/gazelle.sh` twice worked.\n\nX-Origin-Diff: phab/D305\nGitOrigin-RevId: 0d456bc57d4a2d72e30865ffef777d2f5be5c407\n" }, { "commit": "a4516f9887e43b774e49c22db93cdf289dc9cfb1", "tree": "8a0761a3480074b01d5584a1cd5c111a69f76594", "parents": [ "6e8f69c53a2c82f5a760ab2e8152218cc86f3430" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Dec 04 20:27:05 2019 +0000" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Dec 04 20:27:05 2019 +0000" }, "message": "Add minimal functionality test for k8s control plane\n\nBasic functionality test that sends the bootstrap RPC call,\nwaits for the k8s control plane to come up and runs a simple\nkubectl command (that is expected to fail).\n\nAdds reflection to the server to make grpc_cli easier to use.\n\nTest Plan:\nRan `:launch` (because we modified its config) and `:test_boot`,\nsaw a nicely booted k8s cluster:\n\n{P90}\n\nX-Origin-Diff: phab/D275\nGitOrigin-RevId: fe01e3f3ed09877aa76c15946664c9d9bdc4751b\n" }, { "commit": "6e8f69c53a2c82f5a760ab2e8152218cc86f3430", "tree": "1556b56e0a0cdb5108c301dc88710b5b2d74ba1b", "parents": [ "b7a18fd9be7732e9ed9b29f33b7f545916da207b" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Nov 18 10:44:24 2019 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Nov 18 10:44:24 2019 +0100" }, "message": "Initial Kubernetes Control Plane\n\nThis adds a minimum viable Kubernetes Control Plane consisting of a\nkube-apiserver, kube-controller-manager and kube-scheduler. It contains\ntwo small CAs for Kubernetes Identity management based on shared\ncertificates and contains changes for exposing etcd via UNIX socket\nso that the apiserver can talk to it.\n\nTest Plan:\nTested by manually calling Setup() and observing subsequent logs and\nconnecting to the API server.\n\nBug: T485\n\nX-Origin-Diff: phab/D271\nGitOrigin-RevId: e56f3e50eb9d33ea291289faa1aac3bebdeb3346\n" }, { "commit": "b7a18fd9be7732e9ed9b29f33b7f545916da207b", "tree": "e748ecfad21a55dc128f1d98b48307ba6160a204", "parents": [ "049049626fe28957009c7957fba5e04bd928ae78" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Nov 28 13:57:54 2019 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Nov 28 13:57:54 2019 +0100" }, "message": "Bump IJ version to 2019.3\n\nTest Plan: Recreated container, Bazel things still worked\n\nX-Origin-Diff: phab/D279\nGitOrigin-RevId: 9aa7832fd81ef7cfdf875db8732790b438c74a57\n" }, { "commit": "049049626fe28957009c7957fba5e04bd928ae78", "tree": "7ffc478b5e0a44a50ff06a1ded7c031af2085d1e", "parents": [ "f79bfac498914c90395c577f4a2f70956d9a5c56" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Nov 11 15:21:14 2019 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Nov 11 15:21:14 2019 +0100" }, "message": "Added kube-controlplane binary\n\nThis adds a custom binary which contains all Kubernetes control plane\ncomponents. This is necessary since every control plane binary by itself\nis around 130MiB and this combined one is only around 150MiB. This\ncan be cut in half to around 70MiB as soon as Kubernetes can be built\nproviderless by Bazel.\n\nI\u0027m not entirely happy with the integration, we may need gazelle\nexclusions and a plan to deal with go mod since it can\u0027t resolve the\ndependencies in a reasonable way.\n\nTest Plan: Manual test with kubectl (this by itself is not runnable)\n\nBug: T485\n\nX-Origin-Diff: phab/D256\nGitOrigin-RevId: d76702f2cd0d71463ff891e5a44eac7b66be07f0\n" }, { "commit": "f79bfac498914c90395c577f4a2f70956d9a5c56", "tree": "bf9eb32f936f07a6228262c7b7a2e2b145c1423f", "parents": [ "60a85b669e05f788bc63663568102a23c78d6195" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Nov 18 11:16:39 2019 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Nov 18 11:16:39 2019 +0100" }, "message": "Increase test_boot timeout to 60s\n\nUnbreaks master ()\n\nTest Plan: N/A\n\nGitOrigin-RevId: 4b3eb37ba37ff93e86e1739ab662299d6a280b51\n" }, { "commit": "60a85b669e05f788bc63663568102a23c78d6195", "tree": "f7dcac1fcabe86b8cd1afa317284e309d43916cf", "parents": [ "d868d69320140863a1938bfa042ad0824cfa9500" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Sun Nov 17 19:12:41 2019 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Sun Nov 17 19:12:41 2019 +0100" }, "message": "Run go vet using nogo during build step\n\nSee https://github.com/bazelbuild/rules_go/blob/master/go/nogo.rst\n\nThese are correctness checks, not coding style linters, such that\ncompilation will fail if they do not pass.\n\nThey are also ran for external dependencies, with more or less\nfine-grained exclusions.\n\nTest Plan: Ran gazelle.sh and tests.\n\nBug: T472\n\nX-Origin-Diff: phab/D269\nGitOrigin-RevId: f932555ec8cbb9d0c09f2a3c6a0df94a0f6724a8\n" }, { "commit": "d868d69320140863a1938bfa042ad0824cfa9500", "tree": "fd519288299185f48eec666a19b061b1444c9f78", "parents": [ "45333b68dd60942adc61a29f50b2c72420b792e3" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Sun Nov 17 17:28:29 2019 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Sun Nov 17 17:28:29 2019 +0100" }, "message": "Add go-sqlite3 dependency to go.mod\n\nFixes this \"go mod tidy\" error on master:\n\n```\ngit.monogon.dev/source/nexantic.git imports\n\tgithub.com/rubenv/sql-migrate/sql-migrate imports\n\tgithub.com/mattn/go-sqlite3: module github.com/mattn/go-sqlite3@latest found (v2.0.0+incompatible), but does not contain package github.com/mattn/go-sqlite3\n```\n\nThe fix was to run `go mod tidy` using Go 1.12, since Go 1.13 got confused\nabout the sqlite3 package (there is no v2.0.0 - I suspect an issue with\nthe proxy). Notably, neither sql-migrate nor go-sqlite3 use Go modules,\nand there\u0027s no way to get rid of the dependency:\n\nhttps://github.com/rubenv/sql-migrate/blob/aff46b65bb7f71e015dc28dc2edd083737985dfb/sql-migrate/config.go#L17\n\nAdds a `go mod tidy` invocation to gazelle.sh.\n\nTest Plan: Ran gazelle.sh.\n\nX-Origin-Diff: phab/D268\nGitOrigin-RevId: 843710797dc2bccc2c7efdc249ac2b28a23c3fae\n" }, { "commit": "45333b68dd60942adc61a29f50b2c72420b792e3", "tree": "64d2997e5b7bf68d5bc7084b07a765ddf5c9aa58", "parents": [ "719362043a48b7d1575b53885c3e95dade55f0bf" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Nov 11 15:26:27 2019 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Nov 11 15:26:27 2019 +0100" }, "message": "Enable network loopback interface\n\nAbsence of a properly enabled loopback interface caused weird\nbehavior in the Kubernetes control plane.\n\nTest Plan: Issues with kube-apiserver were no longer observed.\n\nX-Origin-Diff: phab/D257\nGitOrigin-RevId: 9b8a18a28463a29e85945587765f155de86f68b3\n" }, { "commit": "719362043a48b7d1575b53885c3e95dade55f0bf", "tree": "47d2be8211a290469db9e5b3c777dcd35c92d7d9", "parents": [ "399fe83ccccf616b5bc47c91693f86bce526f652" ], "author": { "name": "Lorenz Brun", "email": "lorenz@brun.one", "time": "Mon Nov 18 10:22:57 2019 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@brun.one", "time": "Mon Nov 18 10:22:57 2019 +0100" }, "message": "Added fileargs helper package\n\nThis helps with working with commandline software that mostly takes its\nconfiguration from files.\nIt exposes a data-friendly interface and hides\nall the messy file operations.\n\nTest Plan: Has been tested with Kubernetes\n\nX-Origin-Diff: phab/D270\nGitOrigin-RevId: 432f61830679225be54de577c0c2282b0ac8c306\n" }, { "commit": "399fe83ccccf616b5bc47c91693f86bce526f652", "tree": "e963fb801159692afcf9be25d5f687dfc94d7690", "parents": [ "8b9c055ed5a0dc77a191fb19d6812ea137c2b0fa" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Fri Nov 15 21:15:30 2019 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Fri Nov 15 21:15:30 2019 +0100" }, "message": "Patch IntelliJ Bazel plugin to recognize our custom generators\n\nWe can get rid of the fuzzy $ASPECT_PATH matching now that Hendrik\nhas deployed rW, and can remove the bind mount.\n\nTest Plan:\nRecreated container, ran tests and full sync. Generated SQL code\nwas properly recognized.\n\nX-Origin-Diff: phab/D265\nGitOrigin-RevId: 81de00d54402107ba217ab28b8812ace772777ac\n" }, { "commit": "8b9c055ed5a0dc77a191fb19d6812ea137c2b0fa", "tree": "d10f003ebe7fe9f75b4d22451a889dc91faebe88", "parents": [ "7670e67e72d6d4aaac174b91f4465a67479e1026" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Fri Nov 15 14:07:45 2019 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Fri Nov 15 14:07:45 2019 +0100" }, "message": "Bazel IntelliJ plugin support\n\nThis eliminates the need for manually synchronizing generated files.\n\nThe plugin authors advise against checking in the .iwjb directory,\nwhich we resolutely ignore. The recommended method is to provide a\ntemplate .bazelproject file that everyone needs to manually import and\nupdate. However, checking in the directory is supported and no different\nthan checking in .idea. This allows us to version things like watchers\nand run configurations, at the expense of requiring everyone to use\nthe same IntelliJ and Bazel plugin versions.\n\nHow it works:\n\n- Source code and execroot paths are identical inside and outside the\n container. This requires a bind mount. To avoid conflicts with a\n local Bazel instance, a separate directory is used.\n\n The wrapper script injects a --output_user_root startup parameter.\n We cannot set this in .bazelrc since we cannot substitute the\n user home. This means that running bazel inside the container,\n without the wrapper, will no longer work/blow up the overlayfs.\n\n Did anyone do this?\n\n- The tmpfs and other caches are eliminated.\n Forcing it hasn\u0027t been ideal anyway due to\n the excessive memory usage, and it can still be accomplished\n by mounting a tmpfs to `~/.cache/bazel-nxt` or symlinking it to\n `/dev/shm` or similar (set proper permissions!).\n\n- The plugin configures a custom local repository that has helper\n scripts. Since we need to be on the same IntelliJ version, we can\n simply hardcode the path and bind mount it (read only).\n\n The alternative would be to copy the files into the container and\n override the command line option using sync_flags\n (https://github.com/bazelbuild/intellij/issues/397), but bind\n mounting seems muche easier at no disadvantage.\n\n- IntelliJ needs a somewhat obscure custom startup option (see README)\n for BEP temp files (https://github.com/bazelbuild/intellij/issues/407).\n\nTest Plan:\n- Running tests works:\n\n {F16996}\n\n- Full and partial sync works:\n\n {F17000}\n\n- Updating a protobuf file triggered the watcher, which rebuilt the\n generated files. After triggering an source sync, the changes\n are visible in the IDE (I suspect that IntelliJ does not inotify-\n watch the generated files since they are outside the project directory.\n\nX-Origin-Diff: phab/D263\nGitOrigin-RevId: 39c50665575c2a0131c492385b0981b7ee2588d8\n" }, { "commit": "7670e67e72d6d4aaac174b91f4465a67479e1026", "tree": "e76d204e13a52816182f86599f22c6ce95eebeb6", "parents": [ "383d4bb84b7b5062b859f81db10e3f16bd427739" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Fri Nov 15 13:49:53 2019 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Fri Nov 15 13:49:53 2019 +0100" }, "message": "Improve core/scripts:launch ergonomics\n\n- Disable qemu monitor multiplexing. We don\u0027t need the monitor for most\n debugging tasks, and disabling it means we can kill the VM using Ctrl-C.\n\n- Strip metacharacters and DOS newlines from qemu serial output.\n This makes logs easier to read in the CI, and prevents it from\n messing with terminal settings locally.\n\n- Copy swtpm_data to a temporary directory to ensure we never override\n the build inputs (which can happen in a local run without sandbox).\n\n Re-running the target no longer triggers rebuilds for swtpm_data.\n\n- Remove local tag from :launch - it works fine in the sandbox.\n\nTest Plan:\nRan the test multiple times, no rebuilds occurred:\n\n bazel test core/scripts:test_boot\n\nX-Origin-Diff: phab/D264\nGitOrigin-RevId: 70d52e8a4cf24747d18fbaffeddb6e30bcdf61da\n" }, { "commit": "383d4bb84b7b5062b859f81db10e3f16bd427739", "tree": "9430d87be1ea0716b4075d5d19a358c2e3630383", "parents": [ "68c58755e0a56e1b1c565d80f99056ec4948fbec" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Nov 14 22:53:58 2019 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Nov 14 22:53:58 2019 +0100" }, "message": "Run \"bazel test //...\" in CI\n\nThis will build all buildable targets and test all testable targets.\n\nThe hardcoded Harbormaster rules have been removed in Phabricator.\n\nAdds a simple test for booting Smalltown.\n\nBUILD files that are injected into repositories have been renamed to\nBUILD.repo to ensure that Bazel does not recognize them as local BUILD\nfiles and attempt to build them.\n\nTest Plan: Covered by CI :)\n\nBug: T483\n\nX-Origin-Diff: phab/D262\nGitOrigin-RevId: 3512a5e13430001f4e6f91d21ac503564c8fb085\n" }, { "commit": "68c58755e0a56e1b1c565d80f99056ec4948fbec", "tree": "f122ab392769d33620077c65ddf0f0a3aed43d1c", "parents": [ "5ed291ea1833ffd07665b6194f7b6db2b7c1c4aa" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Nov 14 21:00:59 2019 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Nov 14 21:00:59 2019 +0100" }, "message": "Improve documentation, remove dead code plus some minor refactorings\n\nThis improves our code-to-comments ratio by a lot.\n\nOn the refactorings:\n\n- Simplify the cluster join mode to just a single protobuf message -\n a node can either join an existing cluster or bootstrap a new one.\n All of the node-level setup like hostname and trust backend is done\n using the setup call, since those are identical for both cases.\n\n- We don\u0027t need a node name separate from the hostname. Ideally, we would\n get rid of IP addresses for etcd as well.\n\n- Google API design guidelines suggest the `List` term (vs. `Get`).\n\n- Add username to comments for consistency. I think the names provide\n useful context, but git blame is a thing. What do you think?\n\n- Fixed or silenced some ignored error checks in preparation of using\n an errcheck linter. Especially during early boot, many errors are\n obviously not recoverable, but logging them can provide useful debugging info.\n\n- Split up the common package into smaller subpackages.\n\n- Remove the audit package (this will be a separate service that probably\n uses it own database, rather than etcd).\n\n- Move storage constants to storage package.\n\n- Remove the unused KV type.\n\nI also added a bunch of TODO comments with discussion points.\nAdded both of you as blocking reviewers - please comment if I\nmisunderstood any of your code.\n\nTest Plan: Everything compiles and scripts:launch works (for whatever that\u0027s worth).\n\nX-Origin-Diff: phab/D235\nGitOrigin-RevId: 922fec5076e8d683e1138f26d2cb490de64a9777\n" }, { "commit": "5ed291ea1833ffd07665b6194f7b6db2b7c1c4aa", "tree": "3a0f4cb2e726cddade0c6295c56b5d901b94c052", "parents": [ "4b0e5c075a81a7ea251c5c85af1d15c5ab54e962" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Nov 14 19:09:24 2019 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Nov 14 19:09:24 2019 +0100" }, "message": "IntelliJ generated sources content root and file watcher\n\nThis automatically refreshes the generated source files, and the\ngenerated sources folder now has a nice icon.\n\nPotential conflict if anyone uses IntelliJ without the container\n(which I\u0027m not aware of).\n\nTest Plan: Modified protobuf file, generated sources were automatically refreshed.\n\nX-Origin-Diff: phab/D234\nGitOrigin-RevId: 5f5eb7f2cf541c7dd143564dcad4885476b4bfb0\n" }, { "commit": "4b0e5c075a81a7ea251c5c85af1d15c5ab54e962", "tree": "e060fc053d6057b2488644aa36b75843fde62280", "parents": [ "a4ea9d03f1fb4248739392615967eaf07842e74b" ], "author": { "name": "Hendrik Hofstadt", "email": "hendrik@certus.one", "time": "Thu Nov 07 20:21:24 2019 +0100" }, "committer": { "name": "Hendrik Hofstadt", "email": "hendrik@certus.one", "time": "Thu Nov 07 20:21:24 2019 +0100" }, "message": "Add bindata rule\n\nTest Plan: Created a sample rule and packaged files to a go binary\n\nX-Origin-Diff: phab/D252\nGitOrigin-RevId: f80c25518008fded7104fa6945d077a52d928d85\n" }, { "commit": "a4ea9d03f1fb4248739392615967eaf07842e74b", "tree": "e2b8e2e3d9aa83ca7f650f2a0d972023869c1d3b", "parents": [ "e47ace84cb3e30375dcb4236c17ee9710a77a6ad" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Oct 31 11:40:30 2019 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Oct 31 11:40:30 2019 +0100" }, "message": "Added bootstrap CA\n\nThis adds a self-contained CA for bootstrapping and securing etcd\nusing certificates of infinite duration and a CRL for near-instant\nrevocation.\n\nThe bootstrapping problem is addressed by first\ngenerating the CA and issuing initial certificates and then\ninjecting them once the consensus system is up and running.\nAll files are also kept on the encrypted persistent data store to\nprevent the same bootstrapping problem when the node is already\ninitialized. The CRL is synchronized using a sync loop on every\nnode running the consensus service and distributed inside that.\n\nThe CA uses Ed25519-based cryptography and identifies the\nhosts by their external hostname.\n\nTest Plan:\nInitial bootstrapping manually tested on a single node using a\nmanual gRPC call for Setup() and openssl s_client for connecting\nto etcd.\n\nX-Origin-Diff: phab/D233\nGitOrigin-RevId: bd67818b5b649b13e0c098e480059ef990826542\n" }, { "commit": "e47ace84cb3e30375dcb4236c17ee9710a77a6ad", "tree": "c0e71fd6d25e4efad7175103b3b3780b773a02a0", "parents": [ "5b87d7b074f3385eb85de601f48f4f7bccf1d423" ], "author": { "name": "Lorenz Brun", "email": "lorenz@brun.one", "time": "Wed Nov 06 12:45:47 2019 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@brun.one", "time": "Wed Nov 06 12:45:47 2019 +0100" }, "message": "Fixes bazel_copy_generated_for_ide paths\n\nThis fixes the paths in bazel_copy_generated\nfor the new monorepo layout\n\nTest Plan: By using it :)\n\nX-Origin-Diff: phab/D246\nGitOrigin-RevId: 01fc0488ef4e2f6412ae458b4f2010a975a83692\n" }, { "commit": "5b87d7b074f3385eb85de601f48f4f7bccf1d423", "tree": "8c87ae8ce2f880af7963298811570e749e0a2a10", "parents": [ "1626705fd0ae9e93f563c2463fc514a144d41a99" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Nov 06 14:56:30 2019 +0000" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Nov 06 14:56:30 2019 +0000" }, "message": "Follow-up fix for D250 - actually use the new volume\n\nTest Plan: Covered by CI\n\nX-Origin-Diff: phab/D251\nGitOrigin-RevId: 65c547de038a4dfd37c7c8394a8a0e79914333bb\n" }, { "commit": "1626705fd0ae9e93f563c2463fc514a144d41a99", "tree": "0b882399123846787b9a20265b04e41cdf1e4941", "parents": [ "654930736a90fb7f2dadf280dc9044d8e57bce06" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Nov 06 14:43:21 2019 +0000" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Nov 06 14:43:21 2019 +0000" }, "message": "Separate cache volume for each working copy\n\nWe can rely on the repository leases to coordinate Bazel caches,\nbasically leasing them out along with the repository.\n\nWith multiple copies of the cache, keeping them on a tmpfs seems\nlike a bad idea, so we switch to a local volume.\n\nTest Plan: Covered by CI\n\nX-Origin-Diff: phab/D250\nGitOrigin-RevId: 01d9392198d8c00089d3133425091ab766b9b590\n" }, { "commit": "654930736a90fb7f2dadf280dc9044d8e57bce06", "tree": "55fbb824cb781fac42c9924b2883b63cf97b91ef", "parents": [ "5f1d05f7ad386d6832a5230c78f6c155659a32e9" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Nov 06 13:40:44 2019 +0000" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Nov 06 13:40:44 2019 +0000" }, "message": "Use flag package for mkimage command line parsing\n\nTest Plan: Covered by CI\n\nX-Origin-Diff: phab/D248\nGitOrigin-RevId: 3b59e11885c78e8321d8a44b22e67d85268b5765\n" }, { "commit": "5f1d05f7ad386d6832a5230c78f6c155659a32e9", "tree": "b37adaa75a67eb544deaea512c0fd829747836a0", "parents": [ "4d39d37035c5e46274183f36221c2e50f99bb411" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Nov 06 13:58:40 2019 +0000" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Nov 06 13:58:40 2019 +0000" }, "message": "Split up linux_kernel build folder to separate repo changes\n\nThis separates the kernel build steps (that happen in our main repo)\nand the things we inject into @linux_kernel.\n\nTest Plan: Covered by CI\n\nX-Origin-Diff: phab/D249\nGitOrigin-RevId: 98982d005ba582f9f08783915ee0603ff8634f55\n" }, { "commit": "4d39d37035c5e46274183f36221c2e50f99bb411", "tree": "48820886a3b559eac0669b1a7291425471efcc44", "parents": [ "0bcaaee19dc2338751705a83126cec40a1b8a2e8" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Nov 06 14:11:12 2019 +0000" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Nov 06 14:11:12 2019 +0000" }, "message": "Remove left-over debugging code introduced in D242\n\nThis was, of course, done on purpose in order to check how carefully\nyou read the code ;-)\n\nTest Plan: N/A\n\nX-Origin-Diff: phab/D247\nGitOrigin-RevId: caf9e59d4c87c59eab6e08c70cdcd61b1fa12627\n" }, { "commit": "0bcaaee19dc2338751705a83126cec40a1b8a2e8", "tree": "00b3015ea5085c7a66aa8f27cd71e750a8745bf2", "parents": [ "f08704a6a47e9a0cdbf7b9173c24f2f8eca581d5" ], "author": { "name": "Lorenz Brun", "email": "lorenz@brun.one", "time": "Wed Nov 06 12:42:39 2019 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@brun.one", "time": "Wed Nov 06 12:42:39 2019 +0100" }, "message": "Build core with separate initramfs\n\nBuild the initramfs separately and include it via mkimage. Also includes\na patch to the kernel which adds support for hardcoded cmdline\nto the Linux efistub.\n\nThis lowers build times by a lot, for normal changes they are now\nbelow 5s\n\nTest Plan: Ran `bazel run //core/scripts:launch`\n\nX-Origin-Diff: phab/D245\nGitOrigin-RevId: 206c7c5c979c10ffd25c36dfefd8b9290a6a3f43\n" }, { "commit": "f08704a6a47e9a0cdbf7b9173c24f2f8eca581d5", "tree": "89aaa4d65404fd5c2d36bab78faf7fa658fd1ad5", "parents": [ "052af2dce813dba9f74ffc05ffd760e60a37c23b" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Nov 06 12:34:53 2019 +0000" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Nov 06 12:34:53 2019 +0000" }, "message": "Dynamic \"make -j\" parameter\n\nThis obviously interferes with Bazel\u0027s own scheduler, but these are\nour only compute-intensive compilation tasks, anyway.\n\nFixes T522\n\nTest Plan:\n{F16451}\n\n(fun fact: that EPYC 7401P wasn\u0027t faster than the 3900X)\n\nBug: T522\n\nX-Origin-Diff: phab/D236\nGitOrigin-RevId: 8735ece9eea6ed2cd38fda8823a674d0298b6dbc\n" }, { "commit": "052af2dce813dba9f74ffc05ffd760e60a37c23b", "tree": "e0c5dac8c237ad4e92a6c2d91427678d8a4e1691", "parents": [ "b51b4171390ec52433f8c06faef46ef5eccf91d4" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Nov 06 02:21:53 2019 +0000" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Nov 06 02:21:53 2019 +0000" }, "message": "Simple CI pipeline for Smalltown Core\n\nSince we run as root on the build server, we can properly mount a tmpfs\nas the shared build volume with exec support (this is still broken for\nunprivileged create_container.sh). We\u0027ll have to see when and if this\nblows up, and whether we want to use a disk-backed volume instead.\n\nThe pipeline has two stages that run the following commands:\n\n- `scripts/run_ci.sh ${build.id} ${target.phid} bazel build //core/scripts:launch`\n\n- `timeout 30 scripts/run_ci.sh ${build.id} ${target.phid} bazel run //core/scripts:launch; true` (for visual inspection)\n\nThose are placeholders - we will want to integrate any and all\ntests in Bazel, only trigger tests whose dependencies have been\nmodified in a given build step, and report individual results back\nto Habormaster.\n\nWhat works:\n\n- Persistent working copies on the build server. Drydocks caches a number of\n persistent repository copies to avoid a full clone on each build, and\n uses a leasing mechanism to allocate them. Of course, this means we\n have to be careful about not polluting the repo, but Bazel takes care of that.\n\n- Shared build cache with fast incremental rebuilds\n (a build with no changes takes ~15s including the podman build step).\n\n- Full rebuild after volume deletion takes ~4m.\n\n- Build output shows up in Phabricator in real time.\n\n- Aborting a build properly cancels the running build and clean up the pod.\n\n- Launching the QEMU VM.\n\n- Reporting build status back to Harbormaster (noop at the moment, can\n be used to report unit test states later). This uses the awesome undocumented\n SSH conduit transport so we don\u0027t have to deploy a separate token on the host.\n\n- Phabricator revisions are drafts until all tests complete successfully.\n\nTest Plan: See tests :-)\n\nBug: T483\n\nX-Origin-Diff: phab/D242\nGitOrigin-RevId: 64eca996c8704cb0cd4f1cbb4f88f71a6fdca1eb\n" }, { "commit": "b51b4171390ec52433f8c06faef46ef5eccf91d4", "tree": "8c537364ed17732d16800fbe0e5a710519de71ca", "parents": [ "6c39ea1355bf2853abdbd2f69a7eece222c44b78" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Nov 04 12:55:19 2019 +0000" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Nov 04 12:55:19 2019 +0000" }, "message": "Remove --userns\u003dkeep-id in create_container.sh\n\nWith a mapped user namespace, recent podman versions fail to mount /sys\n\nThis removes some isolation, similar to using uid 0 in a regular Docker container.\n\nTest Plan: Ran build\n\nX-Origin-Diff: phab/D238\nGitOrigin-RevId: 39dc826f4ce95a6c5b405a49be3d2e9d19174fc1\n" }, { "commit": "6c39ea1355bf2853abdbd2f69a7eece222c44b78", "tree": "a0377ac95e3036fb06886c1b9be504faf4773850", "parents": [ "3e6018fcf0645da7876eec06d1604438bea0550e" ], "author": { "name": "Lorenz Brun", "email": "lorenz@brun.one", "time": "Mon Nov 04 11:39:42 2019 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@brun.one", "time": "Mon Nov 04 11:39:42 2019 +0100" }, "message": "Added Kubernetes to build system\n\nThis adds Kubernetes and its dependencies to the WORKSPACE. A small patch\nis needed to make this compatible with Bazel 1.0+ since they still use\n0.23.\n\nTest Plan:\n`bazel test @kubernetes//pkg/...` (:warning: slow)\nThere is one single test failure with OpenAPI, but I\u0027m not yet sure if it\nis actually meaningful since the individual tests of the OpenAPI generated\ncode pass just fine.\n\n`bazel build @kubernetes//cmd/kube-controller-manager @kubernetes//cmd/kube-scheduler @kubernetes//cmd/kube-apiserver`\nAll three required binaries for the control plane build just fine\n\nX-Origin-Diff: phab/D237\nGitOrigin-RevId: 1c0708272636fb68ca6ced6666f885344bb81a7c\n" }, { "commit": "3e6018fcf0645da7876eec06d1604438bea0550e", "tree": "6bb2fa6081152d2dc32530a8eaaf0a58c31dc35e", "parents": [ "0d7c91e331022831a974c2e34d32bb5b89ddc89c" ], "author": { "name": "Hendrik Hofstadt", "email": "hendrik@certus.one", "time": "Mon Oct 28 21:29:42 2019 +0100" }, "committer": { "name": "Hendrik Hofstadt", "email": "hendrik@certus.one", "time": "Mon Oct 28 21:29:42 2019 +0100" }, "message": "Add sqlboiler bazel rules\n\nThis implements a bazel rule to build sqlboiler models from sql migration stacks. It also launches a cockroachdb container in `create_container` and puts it in one pod with the nexantic-dev container.\n\nCurrently gazelle overwrites the `go_library` rule. I still need to find a way to properly exclude it.\n\nTest Plan: Built a sample set of sql models\n\nX-Origin-Diff: phab/D226\nGitOrigin-RevId: ff24f07bb0b3da9994c52a74f48b54e1e2bea726\n" }, { "commit": "0d7c91e331022831a974c2e34d32bb5b89ddc89c", "tree": "5b822873c015053f4b697d60c33fa3b1ef9a3a4b", "parents": [ "043daa57020dd36e074488dcb432114a548a3d2a" ], "author": { "name": "Hendrik Hofstadt", "email": "hendrik@certus.one", "time": "Wed Oct 23 21:44:47 2019 +0200" }, "committer": { "name": "Hendrik Hofstadt", "email": "hendrik@certus.one", "time": "Wed Oct 23 21:44:47 2019 +0200" }, "message": "Implement monorepo layout\n\nImplemented the nexantic monorepo.\n\nSmalltown code was moved to `core`. From now on all code will live in top level directories named after the projects with the exception for general purpose libraries which should go to `\u003clang\u003elibs`.\n\nGeneral build and utility folders are underscore prefixed.\n\nThe repo name will from now on be rNXT (nexantic). I think this change makes sense since components in this repo will not all be part of Smalltown, the Smalltown brand has been claimed by Signon GmbH so we need to change it anyway and the longer we wait the harder it will be to change/move it.\n\nTest Plan: Launched Smalltown using `./scripts/bin/bazel run //core/scripts:launch`\n\nX-Origin-Diff: phab/D210\nGitOrigin-RevId: fa5a7f08143d2ead2cb7206b4c63ab641794162c\n" }, { "commit": "043daa57020dd36e074488dcb432114a548a3d2a", "tree": "2975b607028ca0c085df182afd809d1d322be2b7", "parents": [ "23be9215aae77d2171c31f767c37cf69050fb748" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Oct 28 11:48:45 2019 +0000" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Oct 28 11:48:45 2019 +0000" }, "message": "Fix caching and set home to /user\n\nTest Plan: Ran build\n\nX-Origin-Diff: phab/D220\nGitOrigin-RevId: d93c13b9a74c45d717e92151cdb10f0f3484a78b\n" }, { "commit": "23be9215aae77d2171c31f767c37cf69050fb748", "tree": "72323854031d5311f437e490370f1644d34f0796", "parents": [ "ba7bc7664b53ce63824ec991febdd74ea4d9dbf3" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Oct 28 11:48:32 2019 +0000" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Oct 28 11:48:32 2019 +0000" }, "message": "Use rsync --delete to sync generated dependencies\n\nTest Plan:\nRecreated container, ran `build api/...` and the copy script,\neverything works.\n\nX-Origin-Diff: phab/D218\nGitOrigin-RevId: 22160ddaf417177ba7af94ea29d75663b20950b0\n" }, { "commit": "ba7bc7664b53ce63824ec991febdd74ea4d9dbf3", "tree": "f645fd2ccedb7f31d48d14f7e1a10cd5ba3a9f71", "parents": [ "4abadef540e5c5155aa0e6cc7b19221cbaa4b82d" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Oct 24 18:34:29 2019 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Oct 24 18:34:29 2019 +0200" }, "message": "Fix protobuf dependencies for internal/api and internal/common\n\nThis fixes the build. As it turns out, the local `generated` folder\nhad the side effect of confusing gazelle.\n\nFixes regression introduced by D216.\n\nTest Plan: Ran scripts/gazelle.sh, protobuf dependencies were re-added.\n\nX-Origin-Diff: phab/D217\nGitOrigin-RevId: ac0d5dd89e5fb154fe363a40dc8f8965fa12ba8c\n" }, { "commit": "4abadef540e5c5155aa0e6cc7b19221cbaa4b82d", "tree": "cdc71545bda98761bd7cd80958f3127b08da2d28", "parents": [ "f5c89110d9af59fe3a5c928ce1b244d3ad815fce" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Oct 24 18:19:53 2019 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Oct 24 18:19:53 2019 +0200" }, "message": "Specify -prune\u003dtrue Gazelle flag\n\nThis cleans up our repositories.bzl file.\n\nUpdate BUILD.bazel files and go.mod. `google.golang.org/appengine v1.4.0`\ndisappears due to a bug that was fixed in Go 1.13 - make sure your\nworkstation is up to date, an automated installer for Fedora was\nadded in rWdfcd0da736.\n\nTest Plan: Ran scripts/gazelle.sh, repositories.bzl was updated properly.\n\nX-Origin-Diff: phab/D216\nGitOrigin-RevId: 2435f88beb610845edfc8a6c50e4ef16edb895ea\n" }, { "commit": "f5c89110d9af59fe3a5c928ce1b244d3ad815fce", "tree": "a6af6fdd7f920a9411389b38abc1f096cadc41c1", "parents": [ "1fbd7d9ef119d7a0487a7234affe7683c43a7b80" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Oct 24 17:51:49 2019 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Oct 24 17:51:49 2019 +0200" }, "message": "Create generated folder in bazel_copy_generated_for_ide.sh\n\nMinor change,\n\nTest Plan:\n\nRan the script inside the container, dependencies were fetched.\n\nGitOrigin-RevId: 91edd8babca5e506885b311cf95b4e8deb4f0525\n" }, { "commit": "1fbd7d9ef119d7a0487a7234affe7683c43a7b80", "tree": "04578ab2f193690a3bcdeb3e01d443af108fdbfa", "parents": [ "52804a1970bf8633c216fea4e165df4e88a16acc" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Oct 24 03:15:19 2019 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Oct 24 03:15:19 2019 +0200" }, "message": "Fix sandboxed build for :swtpm_data and expose signkey.pem and issuercert.pem\n\nTest Plan: Built target, new files were exposed and sandboxed build worked.\n\nX-Origin-Diff: phab/D213\nGitOrigin-RevId: b2e27264edbeabfc664f1a8b1e047c163411a562\n" }, { "commit": "52804a1970bf8633c216fea4e165df4e88a16acc", "tree": "e6be5233989911dd21f2d74a170199a396793054", "parents": [ "b51250a42b51b8dc6509c7dc57522d42bced2c00" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Oct 24 02:17:13 2019 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Oct 24 02:17:13 2019 +0200" }, "message": "Run as unprivileged user in container in a new user namespace\n\nThis prevents the build from accidentally modifying system files in\nthe container, and increases security.\n\nTest Plan:\n scripts/destroy_container.sh; scripts/create_container.sh \u0026\u0026 scripts/run_in_container.sh id\n # uid\u003d1000(1000) gid\u003d1000 groups\u003d1000\n\n bazel run scripts:launch\n # works\n\nX-Origin-Diff: phab/D212\nGitOrigin-RevId: 74af18ee49cf48e45440e12e9efe36e57be5f18d\n" }, { "commit": "b51250a42b51b8dc6509c7dc57522d42bced2c00", "tree": "2acae03fe183393dae34c7cabd6f92f10dd8d08b", "parents": [ "3ea707028e5f140b1a5186a7086c0089a70c8f9c" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Oct 23 23:32:59 2019 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Oct 23 23:32:59 2019 +0200" }, "message": "Update Bazel to 1.1.0 and replace bazelisk by a direct download\n\nThis pins the version and avoids the need to redownload the binary\neach time the container is recreated.\n\nThe .bazelversion file was bazelisk-specific and is no longer needed.\n\nTest Plan:\nRebuilt the container, ran `scripts:launch`.\n\nModifying the checksum caused to build to fail.\n\nX-Origin-Diff: phab/D211\nGitOrigin-RevId: ec9ec2b97c6555a676f6444ac3923fad34b2cd16\n" }, { "commit": "3ea707028e5f140b1a5186a7086c0089a70c8f9c", "tree": "f07f5a23d75445789a1cbb116e8ca30471106ab2", "parents": [ "544440b6c8603ddaa548add84a657c999feeec49" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Oct 23 16:40:06 2019 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Oct 23 16:40:06 2019 +0200" }, "message": "Mount Bazel repository_cache, Go mod cache and Go build cache as volumes\n\nThis leaves us with only git_repository rules not being cached,\nthe worst offender being the edk2 recursive submodule clone.\n\nSee: https://github.com/bazelbuild/bazel/issues/5116\n\ngazelle\u0027s repo lookup (running `go list`) is also not cached, even if the\nrepositories themselves are.\n\nWe can eliminate most of the remaining rebuild time by mounting\nthe entire execroot, however, this is currently foiled by a podman bug\n(Bazel needs to execute lots of binaries inside the root):\n\nhttps://github.com/containers/libpod/issues/4318\n\nTest Plan:\nRan `bazel build scripts:launch`, recreated container, ran it again.\n\nBuild times decreased significantly:\n\n INFO: Elapsed time: 279.951s, Critical Path: 119.05s\n INFO: 477 processes: 476 linux-sandbox, 1 local.\n INFO: Build completed successfully, 497 total actions\n\nX-Origin-Diff: phab/D206\nGitOrigin-RevId: 2d17a7eeb5d8b70ad4e26c13a0c6b31c4edfb33f\n" }, { "commit": "544440b6c8603ddaa548add84a657c999feeec49", "tree": "89eb7ab3920a5b90aab2623cfdd992850dff669b", "parents": [ "2a2081cc8bdb0a04a1c5e4509ce5cb569f3ef110" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Oct 23 15:47:50 2019 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Oct 23 15:47:50 2019 +0200" }, "message": "Fix sandbox build by setting /tmp --syslibdir during musl build\n\nTest Plan: Ran a clean `scripts:launch` build, no longer failed.\n\nX-Origin-Diff: phab/D205\nGitOrigin-RevId: 6edd31d46816414c6b4c51664f23ce9d7c6d603d\n" }, { "commit": "2a2081cc8bdb0a04a1c5e4509ce5cb569f3ef110", "tree": "af2403c83ae163f1f512721b1c27643d21ab39b2", "parents": [ "7afd390eadf37eac58d4db8ad3751783c40bdf37" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Oct 23 13:33:10 2019 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Oct 23 13:33:10 2019 +0200" }, "message": "Increase robustness of bazel wrapper script and remove repository_cache\n\nThis allows the wrapper script to be called from anywhere.\n\nThe repo cache does not actually work as expected since it does not\ncache most external dependencies we care about, and is not always a\nvalid command line argument, so we would either have to specify it\nin .bazelrc (breaking non-standard dev setups), or specify it manually.\n\nTest Plan: Ran the bazel wrapper from my home directory, got expected output.\n\nX-Origin-Diff: phab/D204\nGitOrigin-RevId: 74d09ba24fd84ba0dd6e1ba282995c452546eb25\n" }, { "commit": "7afd390eadf37eac58d4db8ad3751783c40bdf37", "tree": "73b7533e0ba991eb8f2d98ed58e4350ca4c8e394", "parents": [ "2983d7285fe019f943f1b722f26a0f2e959c5f80" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Oct 23 12:16:57 2019 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Oct 23 12:16:57 2019 +0200" }, "message": "Use --privileged in Fedora container\n\nThis enables the namespace-based sandbox in Bazel.\n\nUsing `--privileged` isn\u0027t as dangerous as it looks, when used with podman in rootless mode (i.e. ran as unprivileged user), in which case it uses user namespaces.\n\nWe drop `--net\u003dhost`, which is not actually necessary.\n\nTest Plan:\n scripts/destroy_container.sh\n scripts/create_container.sh\n scripts/run_in_container.sh bazelisk build :swtpm_data\n\n This now fails properly when ran with the container:\n\n swtpm-localca: touch: cannot touch \u0027/var/lib/swtpm-localca/.lock.swtpm-localca\u0027: Read-only file system\n swtpm-localca: Error: Could not create lock file /var/lib/swtpm-localca/.lock.swtpm-localca.\n\nX-Origin-Diff: phab/D202\nGitOrigin-RevId: f51a831e7584cccf21860e9f18b73272a658f055\n" }, { "commit": "2983d7285fe019f943f1b722f26a0f2e959c5f80", "tree": "f6b5056682bef41597d02347dff0d523916d196f", "parents": [ "e28e1b3556feb786c71f161b357fcf6899e44c19" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Oct 23 12:16:42 2019 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Oct 23 12:16:42 2019 +0200" }, "message": "Improve Bazel Fedora build container handling and cache repository downloads\n\nAdds lifecycle management scripts for the dev container and a \"bazel\" wrapper script, which sets container-only startup options.\n\nReplaces /dev/null bind mounts by SELinux contexts for container breakup prevention, since newer podman versions managed to somehow break the ordering of mounts and mounting on top of a volume gives ENOENT. This requires a placeholder .arcconfig.\n\nOn Fedora, SELinux prevents the container from accessing /dev/kvm, which requires a custom policy (see rWa716c988d69e).\n\nDesign considerations:\n\n- The build cache is on a tmpfs. This avoids fuse-overlayfs overhead. If the container is recreated, we want to drop the build cache - Bazel does not track ambient dependencies, so we do not know if we need to rebuild anything (like after upgrading a compiler).\n\n- The repository cache contains just workspace dependencies and is mounted as a volume.\n\nThe repository caches does not work terribly well yet, we probably need to mount parts ~/.cache/bazel as well. podman always mounts volumes as noexec, so this is not as straight-forward as it looks.\n\nTest Plan:\nRan the commands from the README as my unprivileged workstation user.\nSmalltown was built and launched successfully.\n\nX-Origin-Diff: phab/D198\nGitOrigin-RevId: aff720d2862cdf5d1df67813d842d221d69a84c0\n" }, { "commit": "e28e1b3556feb786c71f161b357fcf6899e44c19", "tree": "4bc2b91b2e276c6e7ee4131ab0c76eec4ec391fa", "parents": [ "5c80acaec733e0b7c43cb0584cdeb7cebc826aa9" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Oct 22 19:20:34 2019 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Oct 22 19:20:34 2019 +0200" }, "message": "Fix Bazel on properly sandboxed execution\n\nTest Plan: Tested by launching VM\n\nX-Origin-Diff: phab/D199\nGitOrigin-RevId: d27f09e62067082ca0d6f40510c851752094b481\n" }, { "commit": "5c80acaec733e0b7c43cb0584cdeb7cebc826aa9", "tree": "f7db6de47e4ef38599da89dd4f1082c65569ca03", "parents": [ "a71b5a4c36d5cae089666eaad57514c64baf6f24" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Oct 22 15:48:58 2019 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Oct 22 15:48:58 2019 +0200" }, "message": "Replace build system with a Bazel-based one\n\nThis pins our external dependencies and introduces a mostly-hermetic build where all dependencies are explicitly declared and rebuilt if needed.\n\nNecessary prerequite for a proper CI workflow. Since Bazel can cache build artifacts, we can remove the hardcoded binary artifacts from the repo.\n\nAs suggested in our discussions, the genrule that builds mkfs.xfs is basically doing the same as the previous build_artifacts.sh script (see source code comments for rationale).\n\nThe main issue at this point is that the `build/linux_kernel:image` target rebuilds the kernel each time any of its inputs (like cmd/init)\nchange. This is very hard to fix without compromising on hermeticity, porting kbuild to Bazel (no thanks) or injecting the initramfs into the\nkernel image in a separate rule (might just work, but the kernel build rule would either have custom code, or a massive set of outputs).\n\nPerhaps we could use a separate initramfs for development? Or deliberately poke holes into Bazel\u0027s sandbox to reuse kernel build?\n\nTest Plan:\nRun this in a fresh container with empty Bazel cache:\n\n bazelisk run scripts:launch\n\n... and watch as Bazel rebuilds the world.\n\nX-Origin-Diff: phab/D197\nGitOrigin-RevId: 21eea0e213a50e1c4ad25b2ac2bb87c53e36ea6d\n" }, { "commit": "a71b5a4c36d5cae089666eaad57514c64baf6f24", "tree": "b73960c90b2635bf804fcadafb93d141ef4a203a", "parents": [ "67f9d096fb66d9f9298542d98d128a42b9d43695" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Oct 22 15:48:23 2019 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Oct 22 15:48:23 2019 +0200" }, "message": "Explicitly ignore call to os.Remove\n\nThis stops linters and GoLand from complaining.\n\nTest Plan: No functional change\n\nX-Origin-Diff: phab/D196\nGitOrigin-RevId: b4174bb82b8a14e2677dfbf9e95b97ee04ed284b\n" }, { "commit": "67f9d096fb66d9f9298542d98d128a42b9d43695", "tree": "cb548c7e7a63df850302f6bb42a5a6bb3e5d2700", "parents": [ "40ab4b41d338657c67a7fa72a3f76e26f582d98e" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Oct 22 15:41:42 2019 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Oct 22 15:41:42 2019 +0200" }, "message": "Refactor build_artifacts.sh and makefile\n\n- Move everything to .data, .vendor, .artifacts and .bin in order to cleanly separate build input and output.\n- Sprinkle some subshells on build_artifacts.sh to make it fail more gracefully.\n- Fix fetch_third_party.sh check.\n- GOBUILD make helper.\n- Dockerfile with build dependencies.\n\nTest Plan:\nRan `make clean` and build steps described in README.md, it boots:\n\n{P84}\n\nX-Origin-Diff: phab/D195\nGitOrigin-RevId: 4106534c7248931b79e93e2a13153482033cd0d8\n" }, { "commit": "40ab4b41d338657c67a7fa72a3f76e26f582d98e", "tree": "3caf6bf0363c00472cd1f3ceada351a142542cf7", "parents": [ "dd8c80e4806660f5a792c731249873406d097165" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Oct 22 15:35:52 2019 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Oct 22 15:35:52 2019 +0200" }, "message": "Rename base package to git.monogon.dev/source/smalltown.git\n\nThis ensures that the package is go get-able in our managed environment,\nwhich has SSH configs for git.monogon.dev by default.\n\ngo knows that it\u0027s a Git repo by matching on \".git\"\n(see: https://golang.org/cmd/go/#hdr-Remote_import_paths).\n\nThe package name is a bit more unwieldy than it needs to be, so maybe\nwe should add go-import metadata to git.monogon.dev at some point\n(which is not straight-forward, since Go does not understand SRV records,\nso this needs to be added to the Phabricator web server).\n\nAlso refreshed all generated files and go.mod/go.sum.\n\nTest Plan:\n make cmd/mkimage/mkimage\n make cmd/init/init\n\nX-Origin-Diff: phab/D193\nGitOrigin-RevId: 766325ccd9a51d04eba0e49269c530c520444193\n" }, { "commit": "dd8c80e4806660f5a792c731249873406d097165", "tree": "a2e9ef14ac051c6a7014f033670a083a7a396ed5", "parents": [ "f95909d11f20c01129120274076a44a689eabe3d" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Oct 07 16:19:49 2019 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Oct 07 16:19:49 2019 +0200" }, "message": "Delete old secretstore, cmd/node and config modules\n\nThis removes even more code that is no longer necessary or interferes with new concepts. It also refactors the storage stuff into a StorageManager which deals with all the paths and async initialization.\n\nThis does intentionally break a few things which will be fixed when the CA code lands.\n\nTest Plan: Manually tested using make launch, CI is in a separate ticket\n\nX-Origin-Diff: phab/D182\nGitOrigin-RevId: 282a4bd84b47010d859e03da53b2c2de8183b13b\n" }, { "commit": "f95909d11f20c01129120274076a44a689eabe3d", "tree": "2ba85463c30b26c0df8b7c278ea5df22da42dfdb", "parents": [ "ae0d90d0f95a1a71801d31d5460d32f8644fc0dd" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Sep 11 19:48:26 2019 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Sep 11 19:48:26 2019 +0200" }, "message": "UEFI EDK II, TPM minting, QEMU launcher and basic DHCP support\n\nTest Plan:\nYou still need a recent version of QEMU and swtpm installed (these are not yet integrated)\nRun `make launch` and have fun with a running Smalltown instance :)\n\nX-Origin-Diff: phab/D159\nGitOrigin-RevId: c7245bfbabebf92507445525bee009a71d19caea\n" }, { "commit": "ae0d90d0f95a1a71801d31d5460d32f8644fc0dd", "tree": "558ca2744e8ba310f36362ae68cb48e0511ea376", "parents": [ "16a981d4c23c1f2cd4808b6ba489df83455d68b4" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Sep 05 17:53:56 2019 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Sep 05 17:53:56 2019 +0200" }, "message": "Initial operating system work\n\nAdds a draft for most of the operating system work, sans external things like EDK2 and kernel build which will be pushed later in a separate diff.\n\n* Sealing/Unsealing of encrypted and integrity-protected data partition using TPM2\n* PID1 standard behaviour (mounting minimal filesystems, cleaning up orphans)\n* TPM2.0 helper library\n* Block device finding and mounting\n\nTest Plan: Manually tested, CI will be dealt with later.\n\nX-Origin-Diff: phab/D157\nGitOrigin-RevId: 6fc494f50cab1f081c3d352677158c009f4d7990\n" }, { "commit": "16a981d4c23c1f2cd4808b6ba489df83455d68b4", "tree": "fd47d6cff0e2d8d90d2fad2d1bf4f70b8ce77b92", "parents": [], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Sep 16 11:26:05 2019 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Sep 16 11:26:05 2019 +0200" }, "message": "Added userspace device mapper library\n\nThis adds a userspace library to talk to the Kernel\u0027s DM subsystem and\nis part of the Smalltown init to set up dm-integrity/dm-crypt.\n\nTest Plan:\nCurrently manually tested, automated testing possible but would require\nspinning up a kernel and testing against it. This would require KVM access\non the test infrastructure, a test kernel and additional code.\n\nX-Origin-Diff: phab/D154\nGitOrigin-RevId: 45565ae6288e2accee3f8ce80233580c6ac3e754\n" } ] }