)]}' { "log": [ { "commit": "78a538df4c1112bad6bee08509385af8d0ecc77a", "tree": "7c0c3d44f2334a2305242f768322f36a175434a9", "parents": [ "90613afdf11f7831fc0a673f2fe502c28ab93729" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jul 25 21:39:04 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jul 26 12:39:17 2023 +0000" }, "message": "t/{linux,-firmware}: fix Zenbleed (CVE-2023-20593)\n\nThis fixes the Zenbleed vulnerability by including the latest fixed\nmicrocode from linux-firmware. They don\u0027t do proper release management\nbut just tag a date approximately every month to keep distros happy.\nThus we need to use a master commit to get the fixes now.\n\nAlso update Linux to 5.15.122 to make sure that we know in case the\nmicrocode fix somehow didn\u0027t get applied.\n\nChange-Id: I5e26826e6df0f665e1a23efe8587dfb93edb2d94\nReviewed-on: https://review.monogon.dev/c/monogon/+/1974\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "f83f5037ab5e09b7c57a01fe7ff3c2eba3b69f4c", "tree": "99286697f55a59cd15a6331ee64a70b0e046d3cc", "parents": [ "7e0649b4ea4e450dde5ea309d984209226d995a3" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jul 04 14:59:14 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jul 04 18:58:40 2023 +0000" }, "message": "WORKSPACE: add gazelle generate directive for this monorepo\n\nTo allow usage of metropolis code inside other repositories via e.g.\npatches, we need to expose metropolis as gazelle repository\n\nChange-Id: I07ab413d66aef2be67f78c80ad8202204e788d76\nReviewed-on: https://review.monogon.dev/c/monogon/+/1897\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "213d90c4f27478bcdac4a9429422cf496f989431", "tree": "dc98a19b90b1dbe36c6fd09aa241ccbb8c407f3f", "parents": [ "4969fd72246bf4d50436a22acbb1bdcdaa72a0e9" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Apr 19 17:42:06 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Apr 20 08:47:22 2023 +0000" }, "message": "third_party: update sqlc and pganalyze\n\nChange-Id: I82e0d2dfe507c834f64b5cd9a64c5e0071c07620\nReviewed-on: https://review.monogon.dev/c/monogon/+/1575\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "ca4bbee8d21cbfc4cdc3bf6750d3bc2166c7c1ea", "tree": "209a1430b01e3cf2b8684d6f57a88fec26f50a7f", "parents": [ "93d593b8b51a597a030d589d4f7435236a52b2c5" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Mar 30 17:15:59 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Mar 30 16:51:21 2023 +0000" }, "message": "WORKSPACE: update rules_docker\n\nChange-Id: I7f4c8d3d289b78868bd59ae44a1e2ff7ed1da566\nReviewed-on: https://review.monogon.dev/c/monogon/+/1446\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "0731937d1f66230495e770fcdeaac16aaed8a0cb", "tree": "7e8bd6290ca88cd5630eacf9e87b1ef3a86f984a", "parents": [ "50d39370424b5c8e28b72f976d3b57b7d23a6f8b" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Mar 27 17:56:41 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Mar 28 10:08:04 2023 +0000" }, "message": "WORKSPACE: bump intel_ucode\n\nUpdate intel_ucode to get the latest microcode for newer Intel CPUs.\n\nChange-Id: I5035de1b84a6d190904c1d89258162a26f98774c\nReviewed-on: https://review.monogon.dev/c/monogon/+/1411\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "50d39370424b5c8e28b72f976d3b57b7d23a6f8b", "tree": "d645666a19b861e7f199bdf6fce3f19bcefc8a3f", "parents": [ "48f92e19a60062b696660213d579795866e6e718" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Mar 27 22:20:15 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Mar 28 10:08:04 2023 +0000" }, "message": "WORKSPACE: bump kernel to 5.15.104\n\nBumps the kernel to the latest patch release.\n\nHash verified against GPG signature from\n647F28654894E3BD457199BE38DBBDC86092693E alias Greg KH.\n\nChange-Id: I20d78d0492d1e869d684a1c045341f142f2039c8\nReviewed-on: https://review.monogon.dev/c/monogon/+/1410\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "48f92e19a60062b696660213d579795866e6e718", "tree": "9e36ffdf2899ff9c75e1ef156e265e43c6e09e1e", "parents": [ "c271d6ee5ada79fdec874f5c82315ef7689f84f5" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Mar 27 17:50:26 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Mar 28 10:08:04 2023 +0000" }, "message": "WORKSPACE: bump linux-firmware to 20230310\n\nUpdates our old linux-firmware to include newer firmware, especially\nnewer microcode which is relevant for us.\n\nVerified GPG signature for SHA256 hash against key\n4CDE8575E547BF835FE15807A31B6BD72486CFD6\n\nChange-Id: I73a63ba7f586e686f5c16960a4f3eb2b514022a5\nReviewed-on: https://review.monogon.dev/c/monogon/+/1409\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "c271d6ee5ada79fdec874f5c82315ef7689f84f5", "tree": "b9bac94f6dc3f3f217e7fedc200ad6dc54f926de", "parents": [ "7da4d3c9ed62d5e88096422dafbecd1e0d7634cf" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Mar 27 17:43:24 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Mar 28 10:08:04 2023 +0000" }, "message": "WORKSPACE: update Go to latest minor 1.18.10\n\nThis gets us a bunch of fixes including security fixes without needing\nto qualify a new Go version.\n\nChange-Id: I7d745b4963228066793486c637d411181c69b137\nReviewed-on: https://review.monogon.dev/c/monogon/+/1408\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "7da4d3c9ed62d5e88096422dafbecd1e0d7634cf", "tree": "8a85c0af0649428f1c58c9a7608e49881c708a2d", "parents": [ "cfbbbdba0e7fa60c87ea6119697dff4e5e84a6ee" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Mar 27 17:38:47 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Mar 28 10:08:04 2023 +0000" }, "message": "WORKSPACE: update CA root store\n\nUpdate our CA root store, which has become quite outdated.\n\ncurl.haxx.se is now curl.se, see\nhttps://curl.se/mail/lib-2020-11/0000.html\n\nChange-Id: Ic63908572ee64bb18451db9e0516f9a653152b3b\nReviewed-on: https://review.monogon.dev/c/monogon/+/1407\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "2d284b5718ad0948e7ef5afc5905f36701f4a3ab", "tree": "1525231844ed4fb336e9cf3b0b252008f4f44393", "parents": [ "7922d41e98a28458e17e4ff33c9ece0d9ff6578a" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Mar 08 17:05:12 2023 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Mar 09 20:09:06 2023 +0000" }, "message": "c/takeover/e2e: add takeover end-to-end test\n\nThis adds an end-to-end test to the takeover system.\nIt launches a QEMU VM running a Debian Cloud Image which is configured\nvia cloud-init to accept SSH access from the test.\nIt connects to that VM via SSH, copies the takeover binary under test\nto it via SFTP and launches it.\nIt passes a test TakeoverInit message to it, performs basic sanity\nchecking on the response and then looks on the serial port for a flag\nmesage that the agent has started.\n\nChange-Id: I8edce6163259da305bb43660a2d70474f7f11612\nReviewed-on: https://review.monogon.dev/c/monogon/+/1262\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "2aa8b184fcbc713d99bb7c3d868d1ab9df6f5b71", "tree": "6ee292c36be2008e8d2fc4d7af23157c17c0c981", "parents": [ "bc93c2b50690e66712d80e4da5837554588ca065" ], "author": { "name": "Leopold", "email": "leo@monogon.tech", "time": "Sat Jan 14 23:31:43 2023 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Thu Jan 19 19:07:21 2023 +0000" }, "message": "third_party/rust: update rules_rust and deps\n\nThis is required for rules_rust to work with CC toolchains.\n\nChange-Id: I15f20c7bde09697fda248f7107be8bcd00e24d57\nReviewed-on: https://review.monogon.dev/c/monogon/+/1073\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "bc93c2b50690e66712d80e4da5837554588ca065", "tree": "68842095e93b11649cdc23da3bb4a6ef24f9dc8a", "parents": [ "e1ebf729194f3673ea0638f0aceb90cb70de23aa" ], "author": { "name": "Leopold", "email": "leo@monogon.tech", "time": "Sat Jan 14 13:12:23 2023 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Thu Jan 19 19:07:21 2023 +0000" }, "message": "*: migrate to CC toolchains and Bazel 5.4.0\n\nChange-Id: Iff3c0ddda4413dd0c5fa657a5b7813223e98611e\nReviewed-on: https://review.monogon.dev/c/monogon/+/1079\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "7fbf10455fd61b4c34182be5cdb3a53fd9897d4b", "tree": "02ead12ee79b10abfdd624071802acc771f6bb3e", "parents": [ "bffdda85d7750c9a9a34289a79281edeae1d73ef" ], "author": { "name": "Leopold", "email": "leo@monogon.tech", "time": "Fri Jan 06 19:57:37 2023 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Thu Jan 19 19:07:21 2023 +0000" }, "message": "*: bring our own sandbox root\n\nThis change removes the build container and replaces it with a\nBazel-built Fedora 37 sysroot which is bind-mounted into the Bazel\nsandbox using --sandbox_add_mount_pair. The tools/bazel wrapper script\nautomatically (re-)generates the sysroot when needed.\n\nBoth Bazelisk and Bazel\u0027s native wrapper automatically run the\ntools/bazel script, which means that our build should now work without\nextra steps on any machine with a working Bazelisk setup and unpriv ns.\n\nThis fixes all kinds of weirdness caused by the previous podman setup\n(\"bazel run\"/container pushes, log access, weird podman bugs,\nbreaking the IDE plugin for any non-Monogon workspaces...).\n\nUsing the sandbox hash as an action var also ensures that the cache\nis invalidated whenever the ambient environment changes. Previously,\nBazel did not invalidate build steps when any host dependency changed.\nTo my knowledge, this was the only remaining cause for stale builds.\n\nIt also means we cannot depend on the host toolchain since it\nwon\u0027t be accessible in the sandbox, and anything that inspects the\nhost during analysis stage will fail. This currently means that\nrunning on a non-Fedora host won\u0027t work - we fix this next.\n\nAll RPMs are pinned and the sysroot is fully reproducible.\n\nOnce we upgrade to Bazel 5.x, we can take it further by enabling\n--experimental_use_hermetic_linux_sandbox and fully remove the\nremaining host paths from the sandbox for full hermeticity.\n\nIn a follow-up, we can clean up the CI image to only contain the\nminimum dependencies needed for Bazelisk and the agent.\n\nExisting IntelliJ users need to remove the -Dbazel.bep.path flag\nfrom their VM options.\n\nHandbook/Rust rules are disabled temporarily to keep CI green\n(requires a more recent rules_rust version).\n\nChange-Id: I1f17d57d985ff9d749bf3359f259d8ef52247c18\nReviewed-on: https://review.monogon.dev/c/monogon/+/1033\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "be326c24068009a0f8aa039f1fb5a004fbacae6a", "tree": "04bb044ad4aa292ac51ba7e8a402b519ad266fe6", "parents": [ "acfad5b4d130084d58235a1eae54f4c51f936e44" ], "author": { "name": "Leopold", "email": "leo@monogon.tech", "time": "Wed Jan 04 20:42:59 2023 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Mon Jan 16 21:45:48 2023 +0000" }, "message": "*: add bazeldnf dependency\n\nThis adds https://github.com/rmohr/bazeldnf, a pure-Go RPM dependency\nresolver. Requires a dummy import for proper Go dependency resolution.\n\nChange-Id: I4d4e7716bfd7da7e3157f06dc1f1612c9e39c17e\nReviewed-on: https://review.monogon.dev/c/monogon/+/1028\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "1e9d7d875a7bd10ab30d4b193badab9f76936aca", "tree": "aa51445504663ebe1ec348ec37d6f22bbb59be2b", "parents": [ "bee272f2240dd33f9ec74666205349ced91d3f0a" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Sep 15 18:45:44 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Fri Sep 16 11:30:15 2022 +0000" }, "message": "third_party: add lib/pq, cockroachdb and cockroachdb test server\n\nChange-Id: I0e32635fd9a9e063e53877213ff87ef6d881403d\nReviewed-on: https://review.monogon.dev/c/monogon/+/910\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "46e72abb01d6bd4b39fd720680602bd6914e545a", "tree": "6b5b740ecc003b62db432f5b2b6b13a88dcb3c8a", "parents": [ "bd2ce6dcffa271d8ef00bceda1a89fc34d1d0f3d" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Sep 05 15:13:22 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Sep 07 13:44:24 2022 +0000" }, "message": "third_party: add libpg_query and sqlc\n\nThis adds sqlc, a SQL query code generator for Go (and other languages).\nIt in turn requires pganalyze\u0027s libpg_query, which is a C library for\nparsing PostgreSQL queries.\n\nTo test:\n\n $ bazel build @com_github_kyleconroy_sqlc//cmd/sqlc\n\nIn the future this will be used by Bazel rules to generate sources at\nbuild time.\n\nChange-Id: I369c9ab503e8ce6952fd3f73c233dd3d59922358\nReviewed-on: https://review.monogon.dev/c/monogon/+/882\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "073a1c562f386ac9b33d5361a380098e5d3fdd74", "tree": "7173e3adfb3b648d60258cc94b4ce33f6d9bac3e", "parents": [ "fab7d46b81250f0b3dab0a588f414b2eb4ac6fc4" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Aug 02 11:36:36 2022 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Aug 04 15:48:57 2022 +0000" }, "message": "workspace: add dosfstools\n\nThis adds dosfstools for its FAT32 fsck which is going to be used for\nthe FAT32 integration tests.\n\nChange-Id: Ie4ae13ad3a63581868fea69fa7d91a27044f1d3b\nReviewed-on: https://review.monogon.dev/c/monogon/+/842\nTested-by: Jenkins CI\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "adb98f9d02a0b2c6b5def344d421a79ab9c6b37e", "tree": "3e71b40b2ebb7c0ddae3667b58d9ee85a727526b", "parents": [ "237cf4076e4314ea98f4d47e9557857ef73f554b" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Jul 04 14:09:41 2022 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Jul 04 15:32:37 2022 +0000" }, "message": "workspace: support workspace-relative embeds in rules_go\n\nrules_go constrains itself by default to includes from the same\ndirectory or its subdirectories, just like the standard Go compiler.\nWith Bazel however including things from other packages is very common.\nAliases don\u0027t help as Bazel doesn\u0027t actually copy the artifacts for\nefficiency.\n\nThis patches rules_go to also accept Bazel-style embeds.\n\nChange-Id: I8fc9479492da00e463297e11b99ff2a9b88bbfde\nReviewed-on: https://review.monogon.dev/c/monogon/+/820\nTested-by: Jenkins CI\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "fcc5115636da2fcc27d4707c908b8aa2bb0162d0", "tree": "a33ba89f3bc23b601b55a1251ceac3c938a1ab04", "parents": [ "58ddc0981614e7582a3ad5a505d64e4c48cd2800" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Jun 30 19:10:42 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Thu Jun 30 17:59:44 2022 +0000" }, "message": "*: bump to go 1.18.3\n\nChange-Id: I3c57b5d3233a45e205801cb6a0ccbb565fe42468\nReviewed-on: https://review.monogon.dev/c/monogon/+/811\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "2c6906a62a623d49c6a9c8529b26d692194c1dd5", "tree": "a0e91524fde140a3a1ecfcb5d586bed8baaf0f94", "parents": [ "45c196cc0e8a388d6e1d69744c1b8d1b52b4b74e" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jun 15 12:55:45 2022 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jun 15 13:30:52 2022 +0000" }, "message": "WORKSPACE: clean out unused patch\n\nThis was added as a transitory measure when I was porting to gomod.\nIts use was dropped in Kubernetes 1.24 as Kubernetes started\npregenerating this themselves.\n\nChange-Id: If3cf7577aa03c3779c8347360f0e6f6efe55bb6a\nReviewed-on: https://review.monogon.dev/c/monogon/+/771\nTested-by: Jenkins CI\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "d13c1c64387ca9a83bb832a3faa5c4b07268d265", "tree": "0c0f534db4726e4400486aad25235e8c573d455e", "parents": [ "79a1a8f9dd49afe8e0a2364c4586b8f39525b204" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Mar 30 19:58:58 2022 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Apr 05 10:35:29 2022 +0000" }, "message": "treewide: switch to gomod and bump everything\n\nThis switches version resolution from fietsje to gomod and updates\nall Go dependencies. It also bumps rules_go (required by gVisor) and\nswitches the Gazelle naming convention from go_default_xxx to the\nstandard Bazel convention of the default target having the package\nname.\n\nSince Kubernetes dropped upstream Bazel support and doesn\u0027t check in\nall generated files I manually pregenerated the OpenAPI spec. This\nshould be fixed, but because of the already-huge scope of this CL\nand the rebase complexity this is not in here.\n\nChange-Id: Iec8ea613d06946882426c2f9fad5bda7e8aaf833\nReviewed-on: https://review.monogon.dev/c/monogon/+/639\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "fc2d0d8275a2596794f4f2d1d32b8a536854d825", "tree": "f868c35e5a72d1c9af108c8df7b8060077424b59", "parents": [ "399ce5537c9d74b2335add19dcb6a4043d9468b5" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Mar 31 14:36:17 2022 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Mar 31 13:10:50 2022 +0000" }, "message": "workspace: bump Linux to 5.15.32\n\nBumps Linux to latest LTS patch release\n\nChange-Id: I40e6c4a7e161915d41a688e00cb4ca98553bf89f\nReviewed-on: https://review.monogon.dev/c/monogon/+/644\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "942f5e2188f67d78fe8da86f42e1902427792f2b", "tree": "b3465cd8996a224a678f12cf1d858173077dadd1", "parents": [ "d3ce0ac027b205b1eeccbbcb062c9d417e205df4" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jan 27 15:03:10 2022 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Mar 08 12:05:38 2022 +0000" }, "message": "b/ci: update build container to Fedora 35\n\nFedora 32 is EOL since over half a year, update to the current stable\nFedora release.\n\ntoolchains: adds clang as it\u0027s no longer part of the llvm package,\nchanges toolchain path references to GCC 11, and rebuilds the sysroot.\n\nedk2: update to latest stable (old version cannot build with a newer\nminor version of Python 3) and patch to disable -Werror and make the\nnewer included Brotli version work as it natively includes BUILD\nfiles which need to be patched out to make the source files accessible.\n\nlinux: add patch to fix PVH ELF note entrypoint with binutils 2.32+ as\notherwise the .notes section gets emitted with broken alignment.\n\nm/t/launch: RunMicroVM is broken if SerialPort is not set with newer\nQEMU versions because fcntl(2) fails to interact with a broken file\ndescriptor. This is due to a confusion between nil interfaces and\ninterfaces containing a nil pointer causing Go to improperly pass the\nfile descriptor. Changing the type of SerialPort to the actual\ninterface resolves the issue.\n\nChange-Id: I03a8cbf4f80a7363794dad1ff62ccb57e778cac3\nReviewed-on: https://review.monogon.dev/c/monogon/+/529\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "80deba52ce3d1ff3c60fa2901cbbb0135e40f90b", "tree": "659869cf80fae0c808d7caae2d8341669bd8e1c5", "parents": [ "ac82c0d984cd23b4b35163b223c9ed0001df8f55" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Feb 24 17:07:13 2022 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Mar 01 19:32:09 2022 +0000" }, "message": "m/node: build microcode payloads\n\nThis adds a builder for loadable microcode payloads for the Linux\nkernel and microcode for Intel and AMD CPUs. It also adds a rule\ngenerating a microcode payload for Metropolis at\n//metropolis/node:ucode but does not integrate it yet.\n\nChange-Id: I00145e4c983d9ff3e81881e92cbecc3e09392665\nReviewed-on: https://review.monogon.dev/c/monogon/+/546\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "17c4c8bb0feaa0395b31757c8186521ec3c0d723", "tree": "abcc2f8419659ac3f9dcb55a1c0c3de43f4008f0", "parents": [ "b6a9d3c613847de99be456f17c6b18cc4d1c4e63" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Feb 01 12:59:47 2022 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Feb 08 13:06:05 2022 +0000" }, "message": "m/n/b/fwprune: adapt to fsspec and use\n\nThis modifies the fwprune tool to generate fsspecs instead of making\ncopies and makes it take a list of paths for suffix matching instead\nof a directory as input. It also adds the fsspec_linux_firmware rule\nwhich uses the utility to actually build a partial fsspec. Finally it\nintegrates the linux-firmware external repository and uses that rule\nto ship firmware in Metropolis.\n\nChange-Id: I0552995105eda84e63d7259040ad36d794079308\nReviewed-on: https://review.monogon.dev/c/monogon/+/534\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "dcfc6787c736ae3461138224a33c5d5c560df2ff", "tree": "5ce2f2719c320e0f77aa5c667ed8221e27a39ca2", "parents": [ "43e2107d9b76e8c1df0974c3125878ca64f2bb61" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Nov 30 05:27:48 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Nov 30 19:38:46 2021 +0000" }, "message": "build/proto_docs: add proto documentation generator\n\nThis adds an HTML documentation generator for our Protobuf files.\nIt consists of a new Bazel rule `proto_docs` which wraps protoc-gen-doc.\nprotoc-gen-doc itself and go-proto-validator which it includes need\nsome light patching because of dumbness in the Go Proto ecosystem that\ndoesn\u0027t exist in our Bazel build.\n\nThis just hooks up everything, it does not yet do anything custom like\nannotating our own authorization metadata or similar.\n\nChange-Id: If6fd7c777210fea700e49242b5339cfafe7c030d\nReviewed-on: https://review.monogon.dev/c/monogon/+/452\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "531e2c25995933a2e3110f5a53852bdbb5a2a39c", "tree": "b8b8dd9d56e6aebb9eaab8225e5f31fc999d8db3", "parents": [ "ed86976004c8a9d8d06e787ece3d59b04dba11f9" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Nov 17 20:00:05 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Nov 18 14:12:47 2021 +0000" }, "message": "WORKSPACE: bump Linux to 5.15.2\n\nThis involves ripping out fsinfo because there now is quotactl_fd which\nhandles what we originally used fsinfo for. I also enabled a few new\ninteresting kernel features in the config like the Landlock LSM and\nKFENCE.\n\nChange-Id: Ic0a113893a437b2c8068d06984fdc386f34e6adb\nReviewed-on: https://review.monogon.dev/c/monogon/+/444\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "c2e3b1b7f29708fa136e9195645b31fce530c1f0", "tree": "94d45711f78c1c1cc859e251519838350ce91938", "parents": [ "44d2ad428573bb20ee6be4b957b1abbacad50fcb" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Nov 11 11:06:41 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Nov 16 12:47:21 2021 +0000" }, "message": "WORKSPACE: bump rules_go go 0.29 and Go to 1.17.1\n\nThe changes to nogo are from rules_go being able to use go_library\ntargets as part toolchain definitions. gVisor needed to be bumped\nto be compatible with Go 1.17. It also needs a fix for us not having\nthe systemd cgroup controller.\n\nChange-Id: I058b5c68d97809a286fbe36df00e49e55874dfd5\nReviewed-on: https://review.monogon.dev/c/monogon/+/438\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "3ec8116383edfbe4aa4e04803f45a7201998ac80", "tree": "41ffa2346ec8452832c1b85bfd41323051eec57c", "parents": [ "0b12170ae5e0ca561d1575a8e107da1b9690b2ca" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Nov 09 03:37:03 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Nov 09 13:54:32 2021 +0000" }, "message": "workspace: bump rules_pkg\n\nThis updates rules_pkg to 0.5.1 and registers its dependencies so that\nwe can actually use it.\n\nChange-Id: I4f9c225bfaed05da7a85c88f707df96b6ce1f1ce\nReviewed-on: https://review.monogon.dev/c/monogon/+/429\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "5d40c67126d51ab1d78f44f51ec23cb75e9887fc", "tree": "9158b3c5c4a922c3e8759923c52a136ac206c229", "parents": [ "296bde209e76f677dc0f38d003a27df83bcf0f5a" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Sep 28 15:06:37 2021 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Sep 30 13:14:43 2021 +0000" }, "message": "third_party/efistub: init\n\nAdds the EFI stub from systemd-boot, built using our new EFI toolchain.\nThis allows us to bundle kernels, command lines and other data into\nsingle EFI payloads and also sign them later.\n\nA rules to build these unified EFI payloads is coming later.\n\nChange-Id: I789e893ff88541f3dc9e7400ccd2565ae414e554\nReviewed-on: https://review.monogon.dev/c/monogon/+/335\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "296bde209e76f677dc0f38d003a27df83bcf0f5a", "tree": "c4afb8f42d8856bca4cafedbd022f9b61967022b", "parents": [ "605efbe76a4317b50bc5499041784f303a9bdc37" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Sep 28 15:04:40 2021 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Sep 30 13:14:43 2021 +0000" }, "message": "third_party/gnuefi: init\n\nAdds GNU EFI, not for the hacky trampolines but for the EFI headers\nand the standard library.\nThe \"canonical\" EDK II headers are extremely hard to use so almost\neveryone not inside the EDK II uses these.\n\nChange-Id: I1189bb4c0897e9fed0da3e6471092d7fb09646cb\nReviewed-on: https://review.monogon.dev/c/monogon/+/334\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "40025ff859d65f1a50ae38b20841f9e0a908050b", "tree": "4a81af38eea054baf3cada86a1a94a572096e683", "parents": [ "031243f5a276726080a92410f7d3503e5870ed49" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Aug 31 13:06:02 2021 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Sep 01 10:33:39 2021 +0000" }, "message": "third_party/cap: initialize\n\nThis adds libcap which is needed for any chance at running chrony as non-root.\n\nUpstream contains a multi-stage codegen based on various external utilities\nwhich has been replaced by a clean Go script. Upstream is capable of also\nusing gperf to generate hash tables for faster lookups, but due to the\nextremely low amount of items (~40) and the additional complexity this is\nnot enabled.\n\nThis is not tested standalone, but it has been tested with chrony.\n\nChange-Id: I638f6aea98158cd2e2838531a5a6125e724838f5\nReviewed-on: https://review.monogon.dev/c/monogon/+/317\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "cbeb8a01de2ac264f41b403b6fdc33dca7b5e568", "tree": "944b19b5fea9647e0604274d4a052a3fa5bacc1d", "parents": [ "c1bf6aa7ac83513659d56756009d572deffa7177" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Aug 24 15:17:04 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Aug 25 12:05:29 2021 +0000" }, "message": "*: bump protobuf/protoc\n\nThis gets rid of the following spurious warnings when building\nmetropolis/proto:\n\n metropolis/proto/api/aaa.proto: warning: Import metropolis/proto/ext/authorization.proto but not used.\n metropolis/proto/api/management.proto: warning: Import metropolis/proto/ext/authorization.proto but not used.\n\nChange-Id: Id61a058977e969ccabd2ebccfee53f3268dcf177\nReviewed-on: https://review.monogon.dev/c/monogon/+/312\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "8ff4b7c6f20c9dda91c0eefc524e9bb6c3bff52d", "tree": "6e455a4fe977b47492cc8f1db58b1c5288225036", "parents": [ "158e9a415a72bfacfdf9f46eb06b30486680299f" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Aug 17 19:21:18 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Fri Aug 20 09:02:55 2021 +0000" }, "message": "third_party/chrony: initialize\n\nFirst pass at building chrony. Minimal functionality, notably skipped\nfeatures are:\n\n - PRIVDROP (requires libcap)\n - NTS (requires gnutls)\n\nDo we need anything else?\n\nTested with:\n\n $ bazel build \u0027@chrony//:chrony\u0027 --crosstool_top\u003d//build/toolchain/musl-host-gcc:musl_host_cc_suite\n $ file bazel-bin/external/chrony/chrony\n bazel-bin/external/chrony/chrony: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, not stripped\n $ bazel-bin/external/chrony/chrony -v\n chronyd (chrony) version 4.1-monogon (NTP RTC SCFILTER ASYNCDNS)\n\nChange-Id: I56ac15a23e5741c0428580268cf40ae7744078d4\nReviewed-on: https://review.monogon.dev/c/monogon/+/293\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "cbf1fa97307024b1f0c60c88e8ebf968a42bf980", "tree": "728f661bb449220c98556fdd0635714db750ac9c", "parents": [ "e7bb94c0b2b2a7694c8985c5da80e814a51c4bdf" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Jul 02 17:28:50 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Fri Jul 02 18:16:43 2021 +0000" }, "message": "third_party/rust: initialize, add mdbook\n\nAs we want to use [mdbook](https://github.com/rust-lang/mdBook) to build\ndocumentation, we now have to pull it into the monorepo, alongside\nsupport for Rust in general.\n\nTesting plan: bazel run //third_party/rust:cargo_bin_mdbook. The CI\nshould also pick this up now.\n\nChange-Id: I6cf5d02d926bb0de61a5c882828accd35f3a1076\nReviewed-on: https://review.monogon.dev/c/monogon/+/201\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "0ef9629ffd82027c5dbff11f3530b86136636597", "tree": "b28ac6ae9aff11c0fdbdf6e50d75d2d8b830dd76", "parents": [ "bd0d24e1fda0ee0cd8231d25eff499894226e04d" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri May 21 15:41:32 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Tue May 25 09:52:53 2021 +0000" }, "message": "build/analysis: move nogo configuration\n\nThis moves the nogo config JSON file from the root of the repository,\nand cleans up the BUILD file in preparation for adding extra, possibly\ncustom, analyzers.\n\nChange-Id: Id85c9cd8515b9178712329fe425c1e1740f04d8b\nReviewed-on: https://review.monogon.dev/c/monogon/+/65\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "3536e4d4923e76486167c85c2b09a1cf4ca5502d", "tree": "7e0fba60817509fc4514ae9faf58acf0b0118a92", "parents": [ "68ca5eebd0ccd00a2d60eb42289c64357fb2e83f" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue May 11 11:58:56 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue May 11 12:09:36 2021 +0200" }, "message": "WORKSPACE: bump rules_docker\n\nThis fixes the following build issue on machines without a cache:\n\nError in download_and_extract: java.io.IOException: Error downloading [https://api.github.com/repos/google/go-containerregistry/tarball/8a2841911ffee4f6892ca0083e89752fb46c48dd] to /home/ci/.cache/bazel/_bazel_ci/0a07aad6377a57fb9a149ee20941825f/external/com_github_google_go_containerregistry/temp4646182565351458604/8a2841911ffee4f6892ca0083e89752fb46c48dd.tar.gz: Checksum was cadb09cb5bcbe00688c73d716d1c9e774d6e4959abec4c425a1b995faf33e964 but wanted 60b9a600affa5667bd444019a4e218b7752d8500cfa923c1ac54ce2f88f773e2\n\nSee https://github.com/bazelbuild/rules_docker/issues/1814\n\nTest Plan: The build should pass.\n\nX-Origin-Diff: phab/D772\nGitOrigin-RevId: 64da076b378bc060c80c8b471eab908a0e52747a\n" }, { "commit": "57a9d3e7c609203b95ee7d09db87a43a64f79be9", "tree": "79a1199f3a7c0f4a8fdb00a2131244f59b9c205c", "parents": [ "7353e17fcd3b158e575ca4455ee75224fa4f0921" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Apr 01 17:31:48 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Apr 01 18:59:01 2021 +0200" }, "message": "WORKSPACE: fix repository path of gperf fork\n\nTest Plan: CI\n\nX-Origin-Diff: phab/D755\nGitOrigin-RevId: 65d4541c8a60e57825548abc831d6593161780ce\n" }, { "commit": "0de189355c6afad6f677029d90fa40dee824141b", "tree": "3e926e04415d4310b120cc641e4cd7893c5a6b61", "parents": [ "735119f8efcd1ce8689703fe455e39f2146b0b3e" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Mar 11 00:36:48 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Mar 11 00:36:48 2021 +0100" }, "message": "Add QEMU into the monorepo\n\nThis adds QEMU and all its dependencies into the monorepo. Enough features are enabled that\nthis QEMU should be both usable for running tests for Metropolis as well as running customer VMs in\ncontainers. Thus we can also get rid of the QEMU ambient dependency.\n\nAll dependencies have their includes fully rewritten as to be reusable without a huge effort. QEMU itself\nrelies on `includes` attributes since the patch would otherwise be enormous and it is a binary and thus\nany include path madness ends there.\n\nOverall though this is quite nice, the final QEMU build with full optimization is \u003c10MiB and has no further\nambient dependencies. It also has full io_uring support, which works very well with our 5.10 kernel.\nTPM support is also included.\n\nThis is not used anywhere, replacing the ambient dependency and shipping a container will be in an upcoming\nrevision.\n\nTest Plan:\nManually tested to run a Ubuntu cloud image with io_uring and virtio. Automated tests will follow as\npart of its roles in this repo.\n\nX-Origin-Diff: phab/D712\nGitOrigin-RevId: 9c2607d75c875b1d65346e3cdac1a5e08467ea33\n" }, { "commit": "ddd6caff9edac56dad727a79eb5b0faf4dbd6cb9", "tree": "120710eb4a9acf0c3ad1086d9f6f6f3c850a0d70", "parents": [ "bcae658f9530e95cde2ac931beacae71c9fb240e" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Mar 04 17:16:04 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Mar 04 17:16:04 2021 +0100" }, "message": "Build mkfs.xfs using rules_cc\n\nThis drops the old big genrule for mkfs.xfs and replaces it with a nice rules_cc build system\nwith the help of bazel_cc_fix generated patches and our musl-based toolchain.\nWhile we\u0027re at it I bumped the versions of all related dependencies to their latest stable release.\nThis also means pulling in ini.h which is a dependency of the new xfstools version.\n\nInstructions to regenerate the patches are included in the spec files.\n\nToolchain selection is done by the existing transition in our rootfs rule so we automatically get a musl-built\nstatic binary when building for the rootfs.\n\nTest Plan: Tested with E2E tests, should fail fairly catastrophically if something were wrong.\n\nX-Origin-Diff: phab/D708\nGitOrigin-RevId: 648a05cdd08cfa84a8a9f4c057c52446e7005631\n" }, { "commit": "5999e92b2da34cbbd50391327ec01081a91866ee", "tree": "164e447b7d17e89f2b1046c3da51af141deaa08b", "parents": [ "3a99c590543394ceb5260282ef8e924b44e8eef8" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jan 27 18:53:54 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jan 27 18:53:54 2021 +0100" }, "message": "Bump Linux kernel to 5.10\n\nThis bumps our Linux kernel to 5.10. There\u0027s one minor fix in fsinfo accounting for the fact that strings are\nnow null-terminated. While debugging this I also drive-by fixed a minor typing issue in quotactl.go.\n\nThis drops support for the old initramfs loading method (which was the driving force for the EROFS changes)\nas refactors in the kernel made the patch we carried until now non-viable. Nothing uses it anymore, everything is\neither a microvm-style machine which doesn\u0027t use EFI and thus doesn\u0027t suffer from the issue or uses EROFS.\n\nTest Plan: No new functionality, should be covered by E2E tests.\n\nX-Origin-Diff: phab/D697\nGitOrigin-RevId: d8e40954abb66cb082eecbca372b94a7e40b84a8\n" }, { "commit": "2073ce34e57b0be3cedd39b8934869abb6f73582", "tree": "8c7f86cecb41848e0614da742935cc656be02239", "parents": [ "7b82227c87f477e9d986d648b8ad63f4268dde3b" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Feb 03 18:52:59 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Feb 03 18:52:59 2021 +0100" }, "message": "Bump Bazel to 4.0.0\n\nThis bumps Bazel to 4.0.0 because we want to use ProtoModule. The update was relatively painless,\nno incompat-flags needed to be switched back off. `bazel_gazelle` is pinned on a master version\nsince they haven\u0027t released a Bazel 4-comaptible version yet and I have one patch against Kubernetes\u0027s\ninfra repo which is going upstream.\n\nTest Plan: Build system change, should be covered by existing tests\n\nX-Origin-Diff: phab/D701\nGitOrigin-RevId: 24f675e6ba33efb9f46191eccca95088d7d2d1f1\n" }, { "commit": "f12bedfa4cd144c3abc4deac58405067d55f9c87", "tree": "ddbc408e424a0ea8e446bcf0022ee16278202d63", "parents": [ "c3ad846e0eaf4cf008130a643ff247aa27531e17" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Jan 15 16:58:50 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Jan 15 16:58:50 2021 +0100" }, "message": "*: bump up Go dependencies\n\nThis started off as \u0027let\u0027s bump gVisor\u0027. However, pulling that thread\nresulted in quite a few things that also required bumping for the build\nto actually work. Here I come back from a day in the Bazel mines,\nbearing fruits of my labor.\n\nNotable changes:\n\n - bump up gVisor\n - bump up containerd\n - bump up Bazel\n - bump up rules_go, rules_docker, Gazelle\n - use google.golang.org/protobuf (the \u0027new\u0027 go proto package)\n - bump up gRPC (but not too much, as go-etcd is still straggling)\n\nNotable effects:\n\n - new gVisor supports TTY allocation (kubectl run -it\n --image\u003dubuntu:20.04 ubuntu bash now works!)\n\nNotable notes:\n\n - gVisor shim has new been rolled into the main gVisor package and is\n slightly easier to build (we can get rid of a bunch of patches).\n - Opencontainers\u0027 runtime-specs now follow containerd instead of gVisor\n - gVisor had to be taught to use the slightly newer runtime-specs via a\n new patch.\n - go_rule() in Starlark is now deprecated, and we had to change our\n Starlark rule definitions to use rule() instead. We also had to patch\n gVisor to do that (as there hasn\u0027t yet been a release that rolled\n this up).\n - Gazelle now supports different naming schemes for generated Go\n targets - either the old //foo/bar:go_default_library scheme, or a\n new and nicer //foo/bar:bar scheme. We currently force the usage of\n the old scheme, as switching over is probably not going to be easy\n (we use a lot of external Bazel files, and we have to wait for their\n compatibility with the new scheme first).\n - New Bazel/rules_go sets a TMPDIR long enough to generate paths (via\n ioutil.TempDir) to which sockets cannot be bound (108-byte limit).\n - The new protobuf API is incompatible with gogoproto. containerd/ttrpc\n uses gogoproto, but we are smart enough to pull in the old protobuf\n library as gogoproto\u0027s transitive dep. However, ttrpc also wants to\n use some proto-generated grpc bits, and that doesn\u0027t work. We have to\n pull in a ttrpc fork from a PR that hasn\u0027t yet been merged that fixes\n this issue.\n\nTest Plan: Refactor only, should be covered by tests.\n\nX-Origin-Diff: phab/D689\nGitOrigin-RevId: 1188c0605d25e7f40307fab5fd96e7019f3a9171\n" }, { "commit": "31370b07f0df2dc2765d812d4ce00a6b35185b16", "tree": "15563902eee9591083284441c8505b084b275d0a", "parents": [ "313816f41244d7520eb2b6f8c231328ee5b7a4ef" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 16:31:14 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 16:31:14 2021 +0100" }, "message": "*: git.monogon.dev -\u003e source.monogon.dev\n\nThis implements T882, setting our (virtual) GOPATH to source.monogon.dev\nfor this repository.\n\nTest Plan: Refactor, CI only.\n\nX-Origin-Diff: phab/D686\nGitOrigin-RevId: c5e2309089948ffc3a98e68e2e0e1cbb157d3a36\n" }, { "commit": "662b5b3119b0798980b887d1ef9fa1b5632aa7fb", "tree": "3e1fc4ab033530e6d579112ba500d2c6edb43368", "parents": [ "39f2f691726dc6e0a291aa8609085b835a313dad" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Dec 21 13:49:00 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Dec 21 13:49:00 2020 +0100" }, "message": "smalltown -\u003e metropolis\n\nThis pass removes all mentions of Smalltown, both from code and comments,\nand replaces them with appropriate new terminology.\n\nTest Plan: Refactor, covered by CI.\n\nX-Origin-Diff: phab/D674\nGitOrigin-RevId: 04a94d44ef07d46f7821530da5614daefe16d7ea\n" }, { "commit": "9e861a87775191faf1a027f603a0074446cd1319", "tree": "01fb624b542762594bad6e88d67c947263837769", "parents": [ "5faa2fc7fb6266486183fdc1455e711079d33e37" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Sep 16 13:46:41 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Sep 16 13:46:41 2020 +0200" }, "message": "//build/toolchain/musl-host-gcc: implement\n\nThis is a cc_toolchain which runs on x86 systems with Linux/gcc and\ntargets Smalltown via static musl builds.\n\nIt is currently unused, but can be tested by trying to build any\ncc_binary with\n--crosstool_top\u003d//build/toolchain/musl-host-gcc:musl_host_cc_suite .\n\nTest Plan: This has been tested manually by running it against a simple cc_binary. Another revision on top of this will attempt to build mkfs.xfs with it.\n\nX-Origin-Diff: phab/D623\nGitOrigin-RevId: ebdf51ee76d9d5a7fd94725c66ef53783f787df7\n" }, { "commit": "efb028fdc542dd2f19bf74a3be98506e7a15c7b7", "tree": "778c7ccea019f423ca9f660125fe8898014aa9d8", "parents": [ "8b0431a9d22b1f2bb8ab3e6eb66ffda5ca4a2ea9" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jul 28 17:04:49 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jul 28 17:04:49 2020 +0200" }, "message": "Allow applying patches before BUILD file generation\n\nThis adds support for patching Go dependencies before BUILD file generation and\nalso plumbs that support into fietsje. No actual prepatching is done in this revision.\n\nTest Plan: This has been used successfully in code built on top of it.\n\nX-Origin-Diff: phab/D612\nGitOrigin-RevId: 7013e5f98feb57ac64ff3dc79d1a9bb94e4152a8\n" }, { "commit": "8b0431a9d22b1f2bb8ab3e6eb66ffda5ca4a2ea9", "tree": "9ce1dd78a249056144e83e0884eb19b6febcda18", "parents": [ "b682ba55d4a51babad2beebb470b0fef0e6067ca" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Jul 13 16:56:36 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Jul 13 16:56:36 2020 +0200" }, "message": "Implement image preseeding\n\nThis pulls in the infrastructure to build OCI bundles with Bazel and adds a loader to\nload them into containerd at runtime.\n\nTest Plan: New E2E test using a simple hello world Go image.\n\nBug: T793\n\nX-Origin-Diff: phab/D585\nGitOrigin-RevId: 3bc5e35a89a80a9683778ced72cc79e2d0b684ed\n" }, { "commit": "2e30e88fe6afcf06bdd01478bc584619e91d4c1b", "tree": "c7e8a73330d170df708d8dc6de374d440411f224", "parents": [ "5be29dda1d099e1d72636aec06bd3995f39ae4d8" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jun 24 15:17:29 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jun 24 15:17:29 2020 +0200" }, "message": "Add our own qboot firmware\n\nMy qboot fix (https://github.com/bonzini/qboot/pull/28) has (contrary to what I assumed based on the tests passing)\nnot made it into QEMU yet, so the firmware shipped by it is still affected. This fix not being there silently broke our ktests\nsince the return code processing can in weird conditions wrongly succeed. The fix for this will be another revision, same with\ncode that actually uses this. This is just the build.\n\nTest Plan: Build test: `bazel build @com_github_bonzini_qboot//:qboot-bin`. Also tested in subsequent code depending on it.\n\nX-Origin-Diff: phab/D569\nGitOrigin-RevId: b693220768bc8e39be21fd90eedc7ab79e9c4bcf\n" }, { "commit": "140bddcbe1aac46b168f6fc2178eb9c3870a434c", "tree": "8719383a79e42b1334a53f88bdc015872cba66dd", "parents": [ "e6030f696613983ea00fc93b9e8b826cea7a1e9a" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Jun 05 21:01:19 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Jun 05 21:01:19 2020 +0200" }, "message": "core: build initramfs using generic initramfs rule\n\nThis chips away at three different things:\n - it brings us closer to hermetic and cross-platform builds by not\n depending on genrule/shell and lz4-the-tool\n - it generalizes initramfs building (allowing for more than one to be\n built, if necessary)\n - sets the stage to use Bazel transitions [1] to force all included Go\n binaries to be built in pure/static mode while allowing host Go\n binaries to use cgo/dynamic linking if necessary, and hopefully also\n allowing us to get rid of some BUILD patches that set pure\u003d\u0027on\u0027 in\n go_binary calls (notably needed in Cilium and some existing\n third_party dependencies).\n\n[1] - https://docs.bazel.build/versions/master/skylark/config.html#user-defined-transitions\n\nTest Plan: build machinery change, covered by existing tests\n\nX-Origin-Diff: phab/D554\nGitOrigin-RevId: a5561eb5ca16e6529b9a4a2b98352f579c424222\n" }, { "commit": "df12522ed48dbac7edbae32be01a09770b01d0f7", "tree": "167d9d5de66c430cc2ddd37feff561430ed0be5d", "parents": [ "d3c59d22955d01ff4afcada9d4845cd935d820b7" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Sat May 23 00:29:30 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Sat May 23 00:29:30 2020 +0200" }, "message": "*: unpin rules_go/gazelle\n\nWe unpin these now that Gazelle 0.21.0 is out. This release also changes\nrunfile pathnames for go_binary, so we have to fix up the test_boot.sh\nscript that hardcodes a path.\n\nThis also pulls in a new protobuf version, that we have to let in with\nits imperfections that nogo rightfully complains about.\n\nTest Plan: machinery change, current tests cover this\n\nX-Origin-Diff: phab/D538\nGitOrigin-RevId: ad83d7868608b6883a891d127a6fbaf28f8aa14a\n" }, { "commit": "d3c59d22955d01ff4afcada9d4845cd935d820b7", "tree": "faa355d618630f556b053707cbe5ee60f84a534e", "parents": [ "c88c82db8b1a7f8a07782c970e1d0dfb453f9f66" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon May 11 16:00:22 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon May 11 16:00:22 2020 +0200" }, "message": "Update to Go 1.14\n\nUpdates the Go toolchain to 1.14 and gets rid of all upstreamed\npatches. Also shrinks binary sizes.\n\nTest Plan: Should be covered by CI.\n\nX-Origin-Diff: phab/D515\nGitOrigin-RevId: 1c400a6ba6a8d78a02aba925d95486b807eda0e9\n" }, { "commit": "c88c82db8b1a7f8a07782c970e1d0dfb453f9f66", "tree": "22072c4f18e4aaa855577ff0b42a86ef77a9c4cb", "parents": [ "60febd9db40970a31a2f49bdb969897a37c11cc6" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Fri May 08 14:35:04 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Fri May 08 14:35:04 2020 +0200" }, "message": "Add containerd \u0026 gVisor support\n\nThis adds containerd, CNI, gVisor and all the necessary shims\nand supporting infrastructure. It also enables all relevant features in\nthe Linux kernel. containerd is designed as a simple supervisor.Runnable.\nIt is not being started yet, this will happen in D497.\n\nSplit out from feature/kubelet.\n\nTest Plan:\nHas been tested in conjunction with the rest of D497, will be\ncovered by a K8s E2E test there.\n\nX-Origin-Diff: phab/D509\nGitOrigin-RevId: 92523516b7e361a30da330eb187787e6045bfd17\n" }, { "commit": "bb7db92ee6e788b576e22ece70914e0321a785f7", "tree": "1f4fee21a390625bd9766d0394e3076cf7e34d48", "parents": [ "547b33f2b38dba41f2c171f8730ff5093b267eaf" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Apr 30 12:43:10 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Apr 30 12:43:10 2020 +0200" }, "message": "Add all dependencies for Kubernetes worker\n\nAdds Kubelet, CNI plugins, containerd, runc and gVisor using a\npre-baked list of dependencies generated using scripts/gazelle-deps/sh.\n\nThis moves all dependencies of gVisor, Kubernetes, runc, etc into the\nsame \u0027namespace\u0027 of Bazel external repositories, giving us ease of\naccessing code as libraries, and benefits when it comes to version\nauditing.\n\nThe gazelle-deps.sh script is a temporary solution that will be replaced\nASAP, see T725.\n\nThis unblocks T486.\n\nThis is an alternative to D389.\n\nTest Plan: `bazel build //core:image` runs and picks up the new binaries\n\nX-Origin-Diff: phab/D487\nGitOrigin-RevId: a28a25071fa2ae76b272d237ce9af777485065ff\n" }, { "commit": "5d7d2a42ed0394ecc57ef3cde1d837d8a997ec20", "tree": "55ead1cb4ddbd347faf26f7370b46de7e7f634b6", "parents": [ "1d8017549154d0bf2c36610d75eee8de9b25ce02" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Apr 06 14:11:02 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Apr 06 14:11:02 2020 +0200" }, "message": "Update Kubernetes to 1.18.0\n\nUpdates Kubernetes to 1.18.0 and removes patches that are no\nlonger needed. The directories themselves and the build code that deals\nwith patching is left intact since rebasing D389 and subsequent K8s work\nwould otherwise be unnecessarily complicated.\n\nTest Plan: Should be covered by CI\n\nX-Origin-Diff: phab/D470\nGitOrigin-RevId: 5c7749926f0adcc8d58e3bff3ce6413bab1d797d\n" }, { "commit": "fd16651a2ef1484b7d8f12d0a7c7f93899af2747", "tree": "f7931a575e0a7133695b2e5a7ec412a2c21731e1", "parents": [ "b1b742f91489cafa199bf5dd6e83d965cb23f63f" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Apr 01 17:29:45 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Apr 01 17:29:45 2020 +0200" }, "message": "Update Linux to 5.6\n\nTest Plan: Covered by existing tests.\n\nX-Origin-Diff: phab/D458\nGitOrigin-RevId: ebc83b17a0bcf66997d65763d8ff852a2613887c\n" }, { "commit": "7b5d994379ef72ccf9f4de15d01b9604fc650287", "tree": "baaa1bb99c2cb3e081d4f978303be56520a3e4df", "parents": [ "9374393a16b9400866003cd972f9c4711c94869c" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Mar 19 16:14:02 2020 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Mar 19 16:14:02 2020 +0100" }, "message": "Update rules_go to 0.22.1 to fix @go_googleapis issue\n\nThis fixes a known issue[1] with rules_go in combination with\nBazel 2.2+ and some protobuf generates (like @go_googleapis).\nAlso updates a few dependencies because rules_go switched to\na newer GRPC compiler.\n\n[1] https://github.com/bazelbuild/bazel/issues/10681\n\nTest Plan: bazel test //... works again on Bazel 2.2+\n\nX-Origin-Diff: phab/D436\nGitOrigin-RevId: d5700cbaa59fefd791f5c9902195f0294a0e6f07\n" }, { "commit": "af5ec37ef2549cf136438e3fd1775ce601c25bc9", "tree": "b96cf29a39793cb4e3511e1f3a7d637d29a08f79", "parents": [ "8fba0f84d52095ff933b442f2acaec315e2eb1da" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Mar 11 13:33:17 2020 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Mar 11 13:33:17 2020 +0100" }, "message": "build: update to Fedora 31 and Bazel 2.2.0\n\nTest Plan: CI\n\nX-Origin-Diff: phab/D432\nGitOrigin-RevId: 8b9173313e3d7970399e17305b61e3cfd0851a41\n" }, { "commit": "6c8d5f9319706be576563b990c875afc0d60d02d", "tree": "914915b626992cb596323c7756c4f01e02e24832", "parents": [ "2fb13a89a00a1d0bf2e87f10516dcb5d7c0691dc" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Feb 11 12:42:29 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Feb 11 12:42:29 2020 +0100" }, "message": "repositories.bzl -\u003e third_party/go/repositories.bzl\n\nLet\u0027s keep the root of the monorepo tidy. Also, a list of third party\ndependencies sounds like it should belong in third_party/, really.\n\nTest Plan: more build file mangling, CI should catch issues\n\nX-Origin-Diff: phab/D392\nGitOrigin-RevId: 3fdd7bb430e8b44df7301520657170ce28ba859e\n" }, { "commit": "2fb13a89a00a1d0bf2e87f10516dcb5d7c0691dc", "tree": "4a5c4b3b14afdd6d10192d2e6144d62051c92d9d", "parents": [ "aa6b7346a87a5512fbdd5b39db766000c0e10415" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Feb 11 12:41:37 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Feb 11 12:41:37 2020 +0100" }, "message": "third_party: slurp in edk2, kubernetes, mkfs.xfs\n\nThis finishes the move from core/build/* into third_party/.\n\nWhile at first this might look like wasted bandwidth, this separation\nwill make much more sense in the future, where different parts (not only\nthe Smalltown core) might depend on shared external dependencies. In\naddition, having everything in third_party laid out in a similar fashion\nlends itself to writing more general rules. Already there is quite a bit\nof deduplicaiton that we could remove for reliability and readability.\n\nThis does not fix the problem of the big honkin\u0027 genrule for mkfs.xfs -\nwhile I think we should fix it sooner than later by building a real\ntoolchain, that time is not yet now. But at least we\u0027ve moved things out\nof the way so that we can then drop in a better mkfs.xfs, once it is\nbuilt so.\n\nTest Plan: build file mangling, CI should cover this\n\nX-Origin-Diff: phab/D391\nGitOrigin-RevId: fb99c6a6270c5c6a56eeb4f18a41323ffebbc655\n" }, { "commit": "7a1b10c4eb2a01084298537fae46f60ecf97cb6c", "tree": "f65eea8dbd90529aaf9e99e41b7a3517f391849f", "parents": [ "ab0cc82b343ad93736ea4094844839a717190fd8" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Feb 11 10:02:21 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Feb 11 10:02:21 2020 +0100" }, "message": "Explicitly provide Python toolchain, provide `python` in build container\n\nThis fixes being able to run py_binary targets within the build\ncontainer.\n\nEach py_binary creates a stub that always has the #!/usr/bin/env python\nshebang, and as such we need to have `python` available in the build\ncontainer. The stub then dispatches into the right Python interpreter,\nwhich we now configure explicitely via rules_python\u0027s py_runtime_pair.\n\nTest Plan: nothing breaks, future uses of py_binary (eg D389) will make actual use of this\n\nX-Origin-Diff: phab/D390\nGitOrigin-RevId: 78b6c51f09c720a46fbe2e6cbadb2a97d1161f7b\n" }, { "commit": "731d00ae802712305d2a01ea4a7bbc74227b2f0d", "tree": "574c39c5ce00a4aeb03cb0e0136320836f2259cb", "parents": [ "7ba3152b450889e81e85a02bd2e28f992edba2b0" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Feb 03 19:08:07 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Feb 03 19:08:07 2020 +0100" }, "message": "Move linux to //third_party.\n\nTest Plan: refactor of build system, should be covered by existing tests\n\nX-Origin-Diff: phab/D367\nGitOrigin-RevId: 603c61bfadadfbd66c0ce31f05f6748251bea9f3\n" }, { "commit": "dcb3a56fe915f2359a5832c685aa2789027ee5fb", "tree": "acaa864bedaa306005830dc7d5aa1e3b0562139d", "parents": [ "f8323f1010f4d1714570197f438888d081056846" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Feb 03 13:44:44 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Feb 03 13:44:44 2020 +0100" }, "message": "Remove spurious \u0027@//\u0027 root workspace references\n\nTest Plan: covered by tests\n\nX-Origin-Diff: phab/D364\nGitOrigin-RevId: 4425fa5756468685dfafaf87186bf12f7da455e8\n" }, { "commit": "f1d34d328eaf66f8ede61a0ffe30519f43aa73d9", "tree": "aa50b5494e92180403e8397087885ef4eeac0ce5", "parents": [ "db6283e3d6425eea168e8dfc56c4f19f358ab64f" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Jan 07 14:15:44 2020 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Jan 07 14:15:44 2020 +0100" }, "message": "Update Bazel, rules_go, gazelle, linux_kernel, musl, and k8s\n\nrules_go updates Go to 1.13.5.\n\nEFI boot patch had to be rebased since a bunch of ifdefs got cleaned up in 5.x\n\nhttps://github.com/torvalds/linux/commit/ac09c5f43cf613939850cc38d7a34ae6556016ba\n\nhttps://github.com/torvalds/linux/commit/82f9ed3a93307089242ff8a5c694e82c8c93f522)\n\nTest Plan: CI\n\nX-Origin-Diff: phab/D304\nGitOrigin-RevId: 8d7711dd2038e76e091a22a1aab865c3593e3889\n" }, { "commit": "60a85b669e05f788bc63663568102a23c78d6195", "tree": "f7dcac1fcabe86b8cd1afa317284e309d43916cf", "parents": [ "d868d69320140863a1938bfa042ad0824cfa9500" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Sun Nov 17 19:12:41 2019 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Sun Nov 17 19:12:41 2019 +0100" }, "message": "Run go vet using nogo during build step\n\nSee https://github.com/bazelbuild/rules_go/blob/master/go/nogo.rst\n\nThese are correctness checks, not coding style linters, such that\ncompilation will fail if they do not pass.\n\nThey are also ran for external dependencies, with more or less\nfine-grained exclusions.\n\nTest Plan: Ran gazelle.sh and tests.\n\nBug: T472\n\nX-Origin-Diff: phab/D269\nGitOrigin-RevId: f932555ec8cbb9d0c09f2a3c6a0df94a0f6724a8\n" }, { "commit": "383d4bb84b7b5062b859f81db10e3f16bd427739", "tree": "9430d87be1ea0716b4075d5d19a358c2e3630383", "parents": [ "68c58755e0a56e1b1c565d80f99056ec4948fbec" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Nov 14 22:53:58 2019 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Nov 14 22:53:58 2019 +0100" }, "message": "Run \"bazel test //...\" in CI\n\nThis will build all buildable targets and test all testable targets.\n\nThe hardcoded Harbormaster rules have been removed in Phabricator.\n\nAdds a simple test for booting Smalltown.\n\nBUILD files that are injected into repositories have been renamed to\nBUILD.repo to ensure that Bazel does not recognize them as local BUILD\nfiles and attempt to build them.\n\nTest Plan: Covered by CI :)\n\nBug: T483\n\nX-Origin-Diff: phab/D262\nGitOrigin-RevId: 3512a5e13430001f4e6f91d21ac503564c8fb085\n" }, { "commit": "5f1d05f7ad386d6832a5230c78f6c155659a32e9", "tree": "b37adaa75a67eb544deaea512c0fd829747836a0", "parents": [ "4d39d37035c5e46274183f36221c2e50f99bb411" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Nov 06 13:58:40 2019 +0000" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Nov 06 13:58:40 2019 +0000" }, "message": "Split up linux_kernel build folder to separate repo changes\n\nThis separates the kernel build steps (that happen in our main repo)\nand the things we inject into @linux_kernel.\n\nTest Plan: Covered by CI\n\nX-Origin-Diff: phab/D249\nGitOrigin-RevId: 98982d005ba582f9f08783915ee0603ff8634f55\n" }, { "commit": "0bcaaee19dc2338751705a83126cec40a1b8a2e8", "tree": "00b3015ea5085c7a66aa8f27cd71e750a8745bf2", "parents": [ "f08704a6a47e9a0cdbf7b9173c24f2f8eca581d5" ], "author": { "name": "Lorenz Brun", "email": "lorenz@brun.one", "time": "Wed Nov 06 12:42:39 2019 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@brun.one", "time": "Wed Nov 06 12:42:39 2019 +0100" }, "message": "Build core with separate initramfs\n\nBuild the initramfs separately and include it via mkimage. Also includes\na patch to the kernel which adds support for hardcoded cmdline\nto the Linux efistub.\n\nThis lowers build times by a lot, for normal changes they are now\nbelow 5s\n\nTest Plan: Ran `bazel run //core/scripts:launch`\n\nX-Origin-Diff: phab/D245\nGitOrigin-RevId: 206c7c5c979c10ffd25c36dfefd8b9290a6a3f43\n" }, { "commit": "6c39ea1355bf2853abdbd2f69a7eece222c44b78", "tree": "a0377ac95e3036fb06886c1b9be504faf4773850", "parents": [ "3e6018fcf0645da7876eec06d1604438bea0550e" ], "author": { "name": "Lorenz Brun", "email": "lorenz@brun.one", "time": "Mon Nov 04 11:39:42 2019 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@brun.one", "time": "Mon Nov 04 11:39:42 2019 +0100" }, "message": "Added Kubernetes to build system\n\nThis adds Kubernetes and its dependencies to the WORKSPACE. A small patch\nis needed to make this compatible with Bazel 1.0+ since they still use\n0.23.\n\nTest Plan:\n`bazel test @kubernetes//pkg/...` (:warning: slow)\nThere is one single test failure with OpenAPI, but I\u0027m not yet sure if it\nis actually meaningful since the individual tests of the OpenAPI generated\ncode pass just fine.\n\n`bazel build @kubernetes//cmd/kube-controller-manager @kubernetes//cmd/kube-scheduler @kubernetes//cmd/kube-apiserver`\nAll three required binaries for the control plane build just fine\n\nX-Origin-Diff: phab/D237\nGitOrigin-RevId: 1c0708272636fb68ca6ced6666f885344bb81a7c\n" }, { "commit": "0d7c91e331022831a974c2e34d32bb5b89ddc89c", "tree": "5b822873c015053f4b697d60c33fa3b1ef9a3a4b", "parents": [ "043daa57020dd36e074488dcb432114a548a3d2a" ], "author": { "name": "Hendrik Hofstadt", "email": "hendrik@certus.one", "time": "Wed Oct 23 21:44:47 2019 +0200" }, "committer": { "name": "Hendrik Hofstadt", "email": "hendrik@certus.one", "time": "Wed Oct 23 21:44:47 2019 +0200" }, "message": "Implement monorepo layout\n\nImplemented the nexantic monorepo.\n\nSmalltown code was moved to `core`. From now on all code will live in top level directories named after the projects with the exception for general purpose libraries which should go to `\u003clang\u003elibs`.\n\nGeneral build and utility folders are underscore prefixed.\n\nThe repo name will from now on be rNXT (nexantic). I think this change makes sense since components in this repo will not all be part of Smalltown, the Smalltown brand has been claimed by Signon GmbH so we need to change it anyway and the longer we wait the harder it will be to change/move it.\n\nTest Plan: Launched Smalltown using `./scripts/bin/bazel run //core/scripts:launch`\n\nX-Origin-Diff: phab/D210\nGitOrigin-RevId: fa5a7f08143d2ead2cb7206b4c63ab641794162c\n" }, { "commit": "b51250a42b51b8dc6509c7dc57522d42bced2c00", "tree": "2acae03fe183393dae34c7cabd6f92f10dd8d08b", "parents": [ "3ea707028e5f140b1a5186a7086c0089a70c8f9c" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Oct 23 23:32:59 2019 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Oct 23 23:32:59 2019 +0200" }, "message": "Update Bazel to 1.1.0 and replace bazelisk by a direct download\n\nThis pins the version and avoids the need to redownload the binary\neach time the container is recreated.\n\nThe .bazelversion file was bazelisk-specific and is no longer needed.\n\nTest Plan:\nRebuilt the container, ran `scripts:launch`.\n\nModifying the checksum caused to build to fail.\n\nX-Origin-Diff: phab/D211\nGitOrigin-RevId: ec9ec2b97c6555a676f6444ac3923fad34b2cd16\n" }, { "commit": "5c80acaec733e0b7c43cb0584cdeb7cebc826aa9", "tree": "f7db6de47e4ef38599da89dd4f1082c65569ca03", "parents": [ "a71b5a4c36d5cae089666eaad57514c64baf6f24" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Oct 22 15:48:58 2019 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Oct 22 15:48:58 2019 +0200" }, "message": "Replace build system with a Bazel-based one\n\nThis pins our external dependencies and introduces a mostly-hermetic build where all dependencies are explicitly declared and rebuilt if needed.\n\nNecessary prerequite for a proper CI workflow. Since Bazel can cache build artifacts, we can remove the hardcoded binary artifacts from the repo.\n\nAs suggested in our discussions, the genrule that builds mkfs.xfs is basically doing the same as the previous build_artifacts.sh script (see source code comments for rationale).\n\nThe main issue at this point is that the `build/linux_kernel:image` target rebuilds the kernel each time any of its inputs (like cmd/init)\nchange. This is very hard to fix without compromising on hermeticity, porting kbuild to Bazel (no thanks) or injecting the initramfs into the\nkernel image in a separate rule (might just work, but the kernel build rule would either have custom code, or a massive set of outputs).\n\nPerhaps we could use a separate initramfs for development? Or deliberately poke holes into Bazel\u0027s sandbox to reuse kernel build?\n\nTest Plan:\nRun this in a fresh container with empty Bazel cache:\n\n bazelisk run scripts:launch\n\n... and watch as Bazel rebuilds the world.\n\nX-Origin-Diff: phab/D197\nGitOrigin-RevId: 21eea0e213a50e1c4ad25b2ac2bb87c53e36ea6d\n" } ] }