)]}' { "log": [ { "commit": "b6308cd63854e3ef48e6afcc4c1f51e0c6ac1203", "tree": "ca6a5e292e05e420b7f04250c1e189511a6de3f7", "parents": [ "a85c86f5b2d80251811f3a659fe9570694dd6056" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Oct 10 21:19:03 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Nov 16 18:09:16 2023 +0000" }, "message": "cloud: split shepherd up\n\nChange-Id: I8e386d9eaaf17543743e1e8a37a8d71426910d59\nReviewed-on: https://review.monogon.dev/c/monogon/+/2213\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "a85c86f5b2d80251811f3a659fe9570694dd6056", "tree": "987fdd08f23f5ccb5df390927db6905f3804d03b", "parents": [ "b4f5024731f2f61b0f5b377fe9bcbb4934a5e83b" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Nov 16 05:19:12 2023 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Nov 16 18:09:06 2023 +0000" }, "message": "go/types/mapsets: replace x/exp dependency with stdlib/cmp\n\nChange-Id: I5a97afb12ae161b607e2c5640ca9429dba1461b0\nReviewed-on: https://review.monogon.dev/c/monogon/+/2320\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "b4f5024731f2f61b0f5b377fe9bcbb4934a5e83b", "tree": "d71e84a77c0e77849390bacbde7554bc02fa48b6", "parents": [ "62f1d3680947e1d78bacf2a7277fb4b2007ebacb" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Nov 14 21:51:07 2023 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Nov 15 13:10:19 2023 +0000" }, "message": "treewide: use Pinner to resolve safety issues\n\nPrior to Go 1.21 the only way to pass Go-managed pointers to the kernel\nwas to convert them to a uintptr inside the syscall argument expression.\nThis pattern was special-cased in the compiler to prevent the referenced\nmemory from being moved by an eventual moving GC in Go while the syscall\nis running (thus corrupting the Go heap).\n\nBut this was very restrictive as there are syscalls which take inputs\ncontaining further pointers. According to the official rules this could\nnot be implemented safely.\n\nIn practice you could just do it anyways as the current Go GC does\nin general not move objects, but it was always kind of a hack.\nWith Go 1.21 there is a new Pinner API which can be used to pin the\nmemory which is going to be referenced in these structures, allowing\nthem to be constructed and used over multiple calls.\n\nruntime.KeepAlive is still required to prevent finalizers from running\nprematurely.\n\nUse this new API and remove the relevant comments.\n\nChange-Id: I26bce06e1c20a5fe0c41f9ae736a895f533674c1\nReviewed-on: https://review.monogon.dev/c/monogon/+/2316\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "62f1d3680947e1d78bacf2a7277fb4b2007ebacb", "tree": "38c2fe1d57b68788f79ae018075b246f228310cc", "parents": [ "60461b2b23eb57319525a3e00d7ae57e51598ebc" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Nov 14 16:18:24 2023 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Nov 14 16:44:03 2023 +0000" }, "message": "treewide: stop using LZ4 for initrd compression\n\nThere are two issues at play here: One is a bug in pierrec/lz4 when\nusing the legacy framing format [1]. This bit us when we hit a broken\nsize region with CL:2130, taking hours to debug.\n\nThe other is the fact that the Linux LZ4 frame format has significant\ndesign issues [2], especially with concatenanted initrds.\n\nThe first issue could be fixed by switching to a different LZ4\nimplementation (we do even have the reference impl in the monorepo) but\nthere is no API to generate the legacy frame format and things like [3],\na patch carried by Ubuntu to fix more edge cases just do not inspire\nconfidence in such a solution.\n\nThus, this CL switches over to using zstd for compressing initrds.\n\nZstd is slower than LZ4 for decompressing, but it still decompresses at\nmultiple GB/s per core while having a much better compression ratio.\nIt also doesn\u0027t have any Linux-specific bits and Linux uses the\nreference implementation for decoding, which should make it much more\nrobust. So overall I think this is a good tradeoff.\n\n[1] https://github.com/pierrec/lz4/issues/156\n[2] https://github.com/lz4/lz4/issues/956#issuecomment-736705712\n[3] https://launchpadlibrarian.net/507407918/0001-unlz4-Handle-0-size-chunks-discard-trailing-padding-.patch\n\nChange-Id: I69cf69f2f361de325f4b39f2d3644ee729643716\nReviewed-on: https://review.monogon.dev/c/monogon/+/2313\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "60461b2b23eb57319525a3e00d7ae57e51598ebc", "tree": "17f4eb857a29b08a6e2be059279b9d88691aff09", "parents": [ "3fd0977e92c3e86cdfde736debdda66af05d1015" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Oct 26 19:16:59 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Nov 13 21:05:16 2023 +0000" }, "message": "metropolis: move curator client watches to curator/watcher\n\nThis replaces all the ad-hoc code to watch Curator node(s) with calls\nthrough the new curator/watcher library.\n\nChange-Id: Ie2a82b330e4108b9b725515cb10595916c38b323\nReviewed-on: https://review.monogon.dev/c/monogon/+/2263\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "3fd0977e92c3e86cdfde736debdda66af05d1015", "tree": "879808d1406f1f1caeb5030a10779d25a6c05a07", "parents": [ "8ec6ef0931c7e3d3084bc3180a9d88c002a1618d" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Oct 26 19:13:32 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Nov 13 20:11:06 2023 +0000" }, "message": "m/n/c/curator/watcher: init\n\ncurator/watcher is a new library which simplifies access to the Curator\nfrom client code.\n\nIt implements common logic found in a bunch of Metropolis code, where a\nnode or multiple nodes are watched for updates. The single-node version\nof this RPC is not that complex, but the many-node version is and\ndefinitely deserves a client library to remove possible sources of\nimplementation bugs.\n\nThis doesn\u0027t yet switch over any of the existing code to use this\nlibrary - that will come up in another CR on the stack.\n\nChange-Id: Ia1df6f21473f86cb9af1e962d157350a5cfd7d07\nReviewed-on: https://review.monogon.dev/c/monogon/+/2262\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "8ec6ef0931c7e3d3084bc3180a9d88c002a1618d", "tree": "d9963dad7d76071fcb3d42bc84123f2aaaaa4867", "parents": [ "ea762f621a91400569c3118bbaef395336d90979" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Nov 13 13:30:28 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Nov 13 20:11:06 2023 +0000" }, "message": "go/types/mapsets: implement OrderedMap.{Count,Clear}\n\nChange-Id: Iaee5b914fe63ee7a60f796ef986535f6f8e72960\nReviewed-on: https://review.monogon.dev/c/monogon/+/2302\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "ea762f621a91400569c3118bbaef395336d90979", "tree": "f2d09d28d42e91795c83e5b9b15e88e00a484bf6", "parents": [ "d0424439e5c6637afa5b8156464d14933d955404" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Nov 08 18:54:56 2023 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Nov 13 15:39:29 2023 +0000" }, "message": "m/n/c/n/hostsfile: do not log individual entries\n\nThis gets extremely spammy when spinning up large clusters as it\nemits all entries for every new hostsfile into the log.\nFor a fresh cluster of n nodes this is O(n^2) log lines, which is\nfar too many. The number of entries is already logged and should be\nsufficient for debugging purposes.\n\nChange-Id: I6bf4e489aea52bad3a32a8a0f900e832b6a4f197\nReviewed-on: https://review.monogon.dev/c/monogon/+/2298\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "d0424439e5c6637afa5b8156464d14933d955404", "tree": "98a243e7e4612b6db6271c3ef9c5ef1036d1f519", "parents": [ "60fab1cd31c77234e4840f95d12e2062ca7f0a5c" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Nov 08 15:12:54 2023 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Nov 13 13:53:51 2023 +0000" }, "message": "cloud/bmaas/bmdb/webug: Add provider ip address to webug\n\nChange-Id: Ic0b2767ef6b8dd86b158119e6e109c5acb406121\nReviewed-on: https://review.monogon.dev/c/monogon/+/2297\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "60fab1cd31c77234e4840f95d12e2062ca7f0a5c", "tree": "9ba6f87941285551ae62e3e165e622f148196511", "parents": [ "246f2fe5d8139b167550b957365118d62ad8f4a9" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jun 13 20:41:07 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Nov 06 18:35:37 2023 +0000" }, "message": "cloud/bmaas/scruffy: add nodes per region metric\n\nChange-Id: If9edcdd4a486fd2f141bfcd89dd1a2b60424ab4c\nReviewed-on: https://review.monogon.dev/c/monogon/+/2281\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "246f2fe5d8139b167550b957365118d62ad8f4a9", "tree": "fbded2cea378207e9a605225a75bfbb84995da21", "parents": [ "d9f1f1ec67af21eba685505d7b3086fc222106e1" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Oct 26 04:39:35 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Nov 01 12:54:17 2023 +0000" }, "message": "tools: extend bazel wrapper to execute commands inside nix-shell\n\nChange-Id: I27fd2e2ac863fabdc015437594bc2cc677279af1\nReviewed-on: https://review.monogon.dev/c/monogon/+/2239\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "d9f1f1ec67af21eba685505d7b3086fc222106e1", "tree": "9281d846ff2d20f66dc24d2231969deb7fd1348d", "parents": [ "8456ddf02aea2e1015805f18ef1871812c5cb7f6" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Oct 31 15:44:35 2023 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Oct 31 17:33:45 2023 +0000" }, "message": "node/core: add sysctls\n\nChange-Id: I47b0d639a62f73f134430c5164a35eef2b5622d7\nReviewed-on: https://review.monogon.dev/c/monogon/+/2273\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "8456ddf02aea2e1015805f18ef1871812c5cb7f6", "tree": "7ea30de34d2ed42e2da1c044fb62576464b4e2cc", "parents": [ "7acd92dae19109fff8e6036d0a7fcd64aa1851c1" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Oct 30 18:56:59 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Oct 30 22:12:01 2023 +0000" }, "message": "metropolis: implement node Deletion and framework for Decommissioning\n\nThis implements the basic ability to remove nodes from a cluster.\n\nWe prepare for a more complex workflow involving multi-sage\ndecommissioning, but first implement the \u0027worst case\u0027 workflow, in which\na node needs to be deleted if it hasn\u0027t been gracefully decommissioned.\nThis is what we currently need most in practice, as we have node\nfailures we\u0027d like to deal with.\n\nThe Delete functionality is still not fully complete though, as we\u0027re\nstill accepting client certificates from decommissioned nodes. But we\u0027ll\nfix that in an upcoming CR.\n\nChange-Id: I7322cb1464a9e5bc924363321534033dcc8a6246\nReviewed-on: https://review.monogon.dev/c/monogon/+/2270\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "7acd92dae19109fff8e6036d0a7fcd64aa1851c1", "tree": "23f299c22f1b40014e9bf7bfca47b1788c1f7f28", "parents": [ "91c0397b2f8eab309e0958afa1746c2a2d02b433" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Oct 30 18:56:00 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Oct 30 22:12:01 2023 +0000" }, "message": "metropolis: renamed DISOWNED to DECOMMISSIONED\n\nThis seems like a better name, and the old one was never actually used\nanywhere.\n\nChange-Id: I66b17a9145225828bb978c999bbecd5118188389\nReviewed-on: https://review.monogon.dev/c/monogon/+/2269\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "91c0397b2f8eab309e0958afa1746c2a2d02b433", "tree": "1be5ceff1a23a179d2bbcdf5ca744624112131b4", "parents": [ "da342a424ffbd981df2250ebed2aa845a18356eb" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Oct 30 18:54:32 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Oct 30 22:12:01 2023 +0000" }, "message": "m/n/core/curator: add FsmState to Curator Node data\n\nThe node state from the point of view of the cluster is already exposed\nthrough the Management Node data. Add the same to the Curator Node data.\nWe\u0027ll use this in nodes to detect when a node is requested to be\ndecommissioned.\n\nChange-Id: I60408a5e3a22c21dae6f073e21528ccc309b3fbe\nReviewed-on: https://review.monogon.dev/c/monogon/+/2268\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "da342a424ffbd981df2250ebed2aa845a18356eb", "tree": "2eae1557414e3d3982206e267d2e8ee0bd219bc2", "parents": [ "c0f72dc5bd129a27d9a141a84f3602480a28400a" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Oct 24 15:47:54 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Oct 26 20:58:17 2023 +0000" }, "message": "m/n/b/fwprune: fix bug in firmware deduplication\n\nThe populatedPaths set was checked for the path relative to\n/lib/firmware, but the absolute path was added. This caused the\nbailout for duplicate firmware requests to be ineffective.\n\nFound while using this for a weekend project.\n\nChange-Id: I74f6cd0dd7e2da1fc189da8a4d01aba7ac29b837\nReviewed-on: https://review.monogon.dev/c/monogon/+/2264\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "c0f72dc5bd129a27d9a141a84f3602480a28400a", "tree": "edc135243ce1caf6b11a448339b738629dd91bdb", "parents": [ "f64f197c8039a72d82efaae6a21f725d3cd3ac7a" ], "author": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Thu Oct 19 16:54:38 2023 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Mon Oct 23 21:07:09 2023 +0000" }, "message": "third_party/sandboxroot: bump\n\nMirror is up to date now.\n\nChange-Id: Idfbedccac30000a54ebc8fc0a95f4ff008f7a640\nReviewed-on: https://review.monogon.dev/c/monogon/+/2227\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "f64f197c8039a72d82efaae6a21f725d3cd3ac7a", "tree": "302a5d9c6ee1d5cdf2b2c8e4abe7b0609c9a2ffa", "parents": [ "54a5a053f2250c03d8476293ecb98fdb458ee5fd" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Fri Jul 28 00:00:50 2023 +0000" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Oct 11 10:53:00 2023 +0000" }, "message": "metropolis/node/core/metrics: fixup metrics authentication\n\nChange-Id: I67643855ab61bfdea980211ffe01e50c2409882b\nReviewed-on: https://review.monogon.dev/c/monogon/+/1979\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "54a5a053f2250c03d8476293ecb98fdb458ee5fd", "tree": "acfde3ff61c5181ca89998d725001071f86d9356", "parents": [ "4811e70b3cd8f237c1b57ac85cc4c02b57c82535" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Oct 02 16:40:11 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Oct 10 15:14:57 2023 +0000" }, "message": "metropolis: implement and use A/B preloader\n\nThis switches over from using the EFI built-in bootloader for A/B\nupdates to using our own EFI preloader due to significant issues with\nin-the-wild EFI implementations. It is a very minimal design relying\non a single Protobuf state file instead of EFI variables.\n\nChange-Id: Ieebd0a8172ebe3f44c69b3e8c278c53d3fe2eeb4\nReviewed-on: https://review.monogon.dev/c/monogon/+/2203\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "4811e70b3cd8f237c1b57ac85cc4c02b57c82535", "tree": "aefc6d2f568c61ab5afcb2a7cb4f2c46b479deaf", "parents": [ "0f43359cd444ab84167c9f5305ad5bfb9ffd3a3c" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Oct 09 22:13:34 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Oct 09 20:27:06 2023 +0000" }, "message": "linux: bump to 6.1.56\n\nThis gets us to the latest LTS kernel, 5.15 is nearly two years old.\n\nChange-Id: I2f386c334b5067b9ced1b5286253d439884182bf\nReviewed-on: https://review.monogon.dev/c/monogon/+/2210\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "0f43359cd444ab84167c9f5305ad5bfb9ffd3a3c", "tree": "cea0e3688f15af00f6f2fa28f1119593389835c1", "parents": [ "5a90d306602a5ccb7022fa8c80b7b1e4fb6c85d4" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Oct 09 22:11:58 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Oct 09 20:27:06 2023 +0000" }, "message": "linux-firmware: bump to 20230919\n\nBump linux-firmware to a tagged version again.\n\nChange-Id: I65fcce7ed3ce0323e1504d339b349fc3a901bff7\nReviewed-on: https://review.monogon.dev/c/monogon/+/2209\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "5a90d306602a5ccb7022fa8c80b7b1e4fb6c85d4", "tree": "b6e2bfe17aa8ccb532aeca405e17fc2eda99dc5f", "parents": [ "d141d182614f915ae44250b84c6be10276ca4840" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Oct 09 17:38:13 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Oct 09 15:47:05 2023 +0000" }, "message": "metropolis: fix handling GPT holes\n\nGPT tables can have \"holes\" i.e. unused partition slots. These are\nrepresented as nil values. Code walking these tables did not consider\nthat partition entries might be nil.\nFix the call sites and improve the gpt package documentation to\nexplicitly mention the need to check IsUnused.\n\nChange-Id: I27f5db31e14a4907a84d6069ddcc267b25871f72\nReviewed-on: https://review.monogon.dev/c/monogon/+/2208\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "d141d182614f915ae44250b84c6be10276ca4840", "tree": "8d590cd643144299ccb28960ea7af55b79d8e304", "parents": [ "1dc60af36a57d434689032234fdc9e9d00ed957e" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Oct 02 15:07:01 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Oct 05 13:46:24 2023 +0000" }, "message": "workspace: add Rust EFI infrastructure\n\nThis bumps rules_rust, cleans up the toolchains with the new version.\nIt also adds the Prost codegen to \"normal\" crate set as well as a new\ncrate set specific to EFI. This is separate because of Rust no-std\u0027s\ndependence on create feature tags.\n\nChange-Id: Ie76e66ee83696948391420ca3b011a3a71258690\nReviewed-on: https://review.monogon.dev/c/monogon/+/2202\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "1dc60af36a57d434689032234fdc9e9d00ed957e", "tree": "df6f6d4fef63fb3fa13b4f06b9a06e0339caaec2", "parents": [ "e0c0617e33e3b9c9a69b150189b1b13c010de9e0" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Oct 03 15:40:09 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Oct 05 13:46:24 2023 +0000" }, "message": "m/node: replace image genrule with proper rule\n\nThe genrule has issues with transitions so replace it with a proper\nrule.\n\nChange-Id: Ie5c38ae17da07a3694a6d0ea7a6580c588916175\nReviewed-on: https://review.monogon.dev/c/monogon/+/2205\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "e0c0617e33e3b9c9a69b150189b1b13c010de9e0", "tree": "9908902859bf7245a07e27cb0e6c621f65f15a1d", "parents": [ "48f22ce3a1558ad9994de3bde93f38e1aa997812" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Sep 19 12:28:16 2023 +0000" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Sep 26 10:01:57 2023 +0000" }, "message": "go/clitable: factor out from metroctl\n\nWe need the same functionality in bmcli, so factor it out from metroctl\ninto a generic library.\n\nChange-Id: I3fb3dfaae44a64d204e9220f117f379c382c5c4f\nReviewed-on: https://review.monogon.dev/c/monogon/+/2172\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "48f22ce3a1558ad9994de3bde93f38e1aa997812", "tree": "509c22d629aabf45b1c65e57598dd92eded4a455", "parents": [ "a5588e1c1d15edf055e615be1269aa54eb4955fe" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Sep 20 22:48:26 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Sep 25 14:32:49 2023 +0000" }, "message": "third_party/nix: make nix-env reusable\n\nChange-Id: I19ffb94d0822044ad19b8454f91d2186209d3510\nReviewed-on: https://review.monogon.dev/c/monogon/+/2184\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "a5588e1c1d15edf055e615be1269aa54eb4955fe", "tree": "ed9770046b0f60948f09799a9f5519df6262abac", "parents": [ "1feb0fef61999a073e238cca783ce8011f353add" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Sep 20 19:43:15 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Sep 21 13:01:44 2023 +0000" }, "message": "third_party/sandboxroot: use macros for bazeldnf\n\nChange-Id: I055b377dc3b5580d442abcba939d8b720cb42ad9\nReviewed-on: https://review.monogon.dev/c/monogon/+/2183\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "1feb0fef61999a073e238cca783ce8011f353add", "tree": "26fd32cfef4601aafd41956b8a7cda1d231aedc2", "parents": [ "3c6306ba6b146171f122bdf50f7a8daf63816b5b" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Sep 20 19:42:46 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Sep 21 13:01:44 2023 +0000" }, "message": "third_party/sandboxroot: bump\n\nChange-Id: Ib0870708f53ea5320dcf9240ad9354872880fd93\nReviewed-on: https://review.monogon.dev/c/monogon/+/2182\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "3c6306ba6b146171f122bdf50f7a8daf63816b5b", "tree": "2eb99779ec1157a919938a5d5e5bb7f5081dd0c7", "parents": [ "f0ae33180b59b25d236199e1b874f0dce7aa1e41" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Sep 19 11:48:44 2023 +0000" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Sep 20 09:55:16 2023 +0000" }, "message": "cloud/b/b/reflection: add single-line HumanValue rendering, Index\n\nThis is in preparation for printing fields in bmcli.\n\nChange-Id: I1aa178da1a50e8dd0c572a238f92daa536f9fcd9\nReviewed-on: https://review.monogon.dev/c/monogon/+/2170\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "f0ae33180b59b25d236199e1b874f0dce7aa1e41", "tree": "0d3ffd008695edc1a4b9afde63ac8f149d7d6d94", "parents": [ "65b1c682edc6237dbb50efa7a08475d56a97a7ae" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Sep 12 13:40:30 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Sep 18 13:56:28 2023 +0000" }, "message": "m/p/watchdog: add watchdog package\n\nThis adds the watchdog package for interfacing with devices implementing\nthe Linux watchdog API. There is one alternative implementation at\ngithub.com/mdlayher/watchdog but it is too minimal for our use case.\n\nThe kernel API contains a bunch of weird status bits only relevant for\nphysical watchdog cards which are not made accessible through the\nGo package.\n\nSadly there are no integration tests for this package as ktest wouldn\u0027t\nwork for this because a) no watchdog HW and b) the test success depends\non a condition outside the kernel.\n\nChange-Id: If138a97bc655025da4426665f8cbf1f093cc3bb1\nReviewed-on: https://review.monogon.dev/c/monogon/+/2142\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "65b1c682edc6237dbb50efa7a08475d56a97a7ae", "tree": "98dc265e817dd56c29c03b0bcbfcdaacf52778df", "parents": [ "65702194ea264a0fd01fb470bacaf39264b4f637" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Sep 14 15:49:39 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Sep 14 16:05:16 2023 +0000" }, "message": "m/p/blockdev: use errors.ErrUnsupported in 1.21\n\nChange-Id: Ice8780b092c034cf755aa409ef5fce5a8aef9226\nReviewed-on: https://review.monogon.dev/c/monogon/+/2147\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "65702194ea264a0fd01fb470bacaf39264b4f637", "tree": "3469201097b30e638f1e446655e1d23b33d90f8d", "parents": [ "f551a7696824a9ddbac63191c489db8280aee0a4" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Aug 31 16:27:38 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Sep 14 13:43:45 2023 +0000" }, "message": "workspace: rules_go, gazelle, go, gVisor update\n\nThis commit not only updates rules_go and friends, but also updates\ngVisor, removes legacy protobuf usage and switches from using\nbuild_configuration to a config flag for bazel\n\nChange-Id: Idb383f35ca0fec4cb7329e9d991f08f28cf9b1fb\nReviewed-on: https://review.monogon.dev/c/monogon/+/2129\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "f551a7696824a9ddbac63191c489db8280aee0a4", "tree": "b73af6eab62e92c6ceb2db6c8f1006682e1d2ec9", "parents": [ "5acd380930cf22284b22d8c2f45bd73465e64628" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Aug 29 23:21:25 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 30 11:58:42 2023 +0000" }, "message": "workspace: update rules_rust and add UEFI platform\n\nThis updates rules_rust from 0.16 to 0.26 and adds a patch sent upstream\nfor UEFI support.\n\nExplicit toolchain definitions are needed for UEFI, so three toolchains\nfor all currently-supported host OSs (Linux and macOS) are added.\n\nRust UEFI support libraries will be added in a followup CL.\n\nChange-Id: I52175f69f6a5c424f1f232748ff96dd6fcbbe92a\nReviewed-on: https://review.monogon.dev/c/monogon/+/2104\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "5acd380930cf22284b22d8c2f45bd73465e64628", "tree": "ef1a63c5039fbf735aa0978bc748e04e502a19bb", "parents": [ "9ee160e87a38b185af57de2b9188cc19d53cd1d1" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Aug 29 23:15:06 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 30 11:58:42 2023 +0000" }, "message": "build: upstream UEFI to platforms\n\nThis removes our local UEFI constraint_value for a patch sent upstream\nto @platforms. This will be used by rules_rust in a follow-up.\n\nChange-Id: I16e3bf8a60923a2f77ef036babdda45205d8a078\nReviewed-on: https://review.monogon.dev/c/monogon/+/2103\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "9ee160e87a38b185af57de2b9188cc19d53cd1d1", "tree": "8c0847c278e56f0c7ab41c49051f2cf74d5717fd", "parents": [ "cc5371b8b1b8714134fb45c4dd18d31399c6955f" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Aug 29 23:07:51 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 30 11:58:42 2023 +0000" }, "message": "b/t/llvm-efi: make fltused symbol weak\n\nRust\u0027s libcore for UEFI ships this hack as well, causing a duplicate\nsymbol error when linking. Marking this weak is also enough for clang to\nkeep this for linking, so the separate used attribute is not needed.\n\nChange-Id: I1f6aad626b235bbe1e613c5427b8c4fbd0dc330e\nReviewed-on: https://review.monogon.dev/c/monogon/+/2102\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "cc5371b8b1b8714134fb45c4dd18d31399c6955f", "tree": "f3e19a3af8ff12b3bf8aa32b1ebe2258e3ca0554", "parents": [ "6888873fad889bfb7cd594b4208798f80eb60f43" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Aug 29 23:05:47 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 30 11:58:42 2023 +0000" }, "message": "b/t/llvm-efi: define all_files correctly\n\nThe llvm-efi toolchain has an incorrect all_files definition.\nBazel\u0027s doc says:\n\u003e Bazel assumes that all_files is a superset of all other\n\u003eartifact-providing attributes ...\n\nAdjust the definition to contain all other depsets (currently just one).\n\nChange-Id: Ic0889698a865355b66927d336067aa028501b97b\nReviewed-on: https://review.monogon.dev/c/monogon/+/2101\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "6888873fad889bfb7cd594b4208798f80eb60f43", "tree": "860ca3a83e6a6667888ec8595cc332f44e1cb6aa", "parents": [ "29ac140c4cbdb8dd8d71863de8c9b4473a1c0215" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Aug 03 14:25:28 2023 +0000" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Aug 29 10:08:29 2023 +0000" }, "message": "metropolis/node: dont allocate node ports in constructor\n\nAll good things are three, and this should be the final installment in\nthe saga of getting ports reserved. The Kubernetes codebase always\nstarts a recovery after initialization of a new port allocator, which\ncurrently makes it very unhappy as we already allocated the system\nports, but we are trying to do the same in the recovery by pretending to\nbe a service. Anyway, this removes the initial part of the patch and\nonly uses the recovery way of reserving the ports. This still creates an\nannoying message sometimes, but I can\u0027t find the code path which creates\nthem.\n\nChange-Id: Ib7d9ec5d00cbde7371d876c31c63b5312024a187\nReviewed-on: https://review.monogon.dev/c/monogon/+/2027\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "29ac140c4cbdb8dd8d71863de8c9b4473a1c0215", "tree": "e82efa73a72ddeec624acfefe693ffa66bb2db45", "parents": [ "3781ddbfd7534f88317a44e6fee02670fe36a01e" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Aug 21 15:18:19 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Aug 24 13:03:08 2023 +0000" }, "message": "tools/run_bazel: allow running bazel inside nix-shell without entering\n\nnix-shell does not support arguments for an application running inside\na FHS environment. This adds a workaround by keeping the command inside\nan environment variable and executing it if set. If it doesnt exist, we\nfall back to our bash shell.\n\nChange-Id: I7fd53f9c14019179490af4b9af3b0b16b3d70297\nReviewed-on: https://review.monogon.dev/c/monogon/+/2066\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "3781ddbfd7534f88317a44e6fee02670fe36a01e", "tree": "2c0247c43643cea03672b12d47247acfd4f6d320", "parents": [ "8b000b2217522891cace6ad3b98d805b1a262345" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Aug 21 20:59:01 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Aug 23 08:59:12 2023 +0000" }, "message": "metropolis/curator: report leader based on ledership election status\n\nThis makes GetCurrentLeader calls respond to cluster/leader changes\ninstead of relying on connections getting closed on time when a leader\nchanges, or when a node gets elected as a leader.\n\nThis leads to less churn when cluster leadership status changes (no need\nfor every RPC client to re-establish connectivity to get the new\nleader). It should also be faster to respond to cluster leader changes,\nas it doesn\u0027t rely on the the RPC client detecting that the node it\nconnected to has stopped responding / disconnected.\n\nChange-Id: I9de12286530226b3832d2ae07cb7d943ca537d3f\nReviewed-on: https://review.monogon.dev/c/monogon/+/2069\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "8b000b2217522891cace6ad3b98d805b1a262345", "tree": "2696cf2de6fe72f5e220e4db725a81c816de1bce", "parents": [ "0573d7d031e51af42cb482c3cd788a280ccaaf28" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Aug 08 16:11:26 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Aug 23 08:59:12 2023 +0000" }, "message": "metropolis/hostsfile: update our own node\u0027s roles correctly\n\nThis properly serializes the state of our own node\u0027s roles into startup\ndata (and the hosts file) if it is assigned during node runtime.\n\nWithout this, we could end up serializing out of date node role data and\nthus would not startup up with a cluster directory (and persisted node\nroles) which would allow for proper control plane startup.\n\nChange-Id: I45da5d73cc0eea0a7c32308bbecf512bb9699d55\nReviewed-on: https://review.monogon.dev/c/monogon/+/2068\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "0573d7d031e51af42cb482c3cd788a280ccaaf28", "tree": "8e7cb6f506bbba04985860830dae6f8de4ac4b4f", "parents": [ "67023fe466d35df7ff7e606e74f3bcf51ac8085c" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Aug 08 16:01:04 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Aug 23 08:59:12 2023 +0000" }, "message": "metropolis/resolver: more logging\n\nThis should let us figure out HA connectivity issues better in the\nfuture. We were mostly missing logging connection attempts to control\nplane nodes and leader information received from them.\n\nChange-Id: I88f3e4b289561e7b31fcbb59d26b674d8b6aea39\nReviewed-on: https://review.monogon.dev/c/monogon/+/2067\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "67023fe466d35df7ff7e606e74f3bcf51ac8085c", "tree": "fb5fd15306831b95c84c69d60ce32c2a623c17cf", "parents": [ "c38aca282657ac1ed2fba5dd79477ffe945b5bf6" ], "author": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Mon Aug 14 12:36:35 2023 +0000" }, "committer": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Tue Aug 15 17:10:59 2023 +0000" }, "message": "Improve Nix instructions in README\n\nChange-Id: I758f9f84f449e2ea3f8cd8c28b3dbcce72584496\nReviewed-on: https://review.monogon.dev/c/monogon/+/2083\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "c38aca282657ac1ed2fba5dd79477ffe945b5bf6", "tree": "6af66e1a59839382a906114a088f0b01f676e82f", "parents": [ "14bd519e1a084a4d490f8da8a212ce37ee7d9936" ], "author": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Mon Aug 14 12:22:13 2023 +0000" }, "committer": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Tue Aug 15 17:10:41 2023 +0000" }, "message": "shell.nix: add buildifier\n\nIntellij auto-formats BUILD files when buildifier is present.\n\nChange-Id: I07d650ae879e4f7e168cfed698c68ec6df3ef3ae\nReviewed-on: https://review.monogon.dev/c/monogon/+/2082\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "14bd519e1a084a4d490f8da8a212ce37ee7d9936", "tree": "33241e0942f75e07f6cea3e99afd8cba93876894", "parents": [ "eb79bfa9bae59540920d1a990a61b204bd9977d8" ], "author": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Mon Aug 14 12:19:01 2023 +0000" }, "committer": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Tue Aug 15 17:10:41 2023 +0000" }, "message": "shell.nix: change prompt color to magenta\n\n\"Light gray\" underperforms in light themes.\n\nChange-Id: I03296f04593975cf912da83f3cc5192c7ccb048a\nReviewed-on: https://review.monogon.dev/c/monogon/+/2081\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "eb79bfa9bae59540920d1a990a61b204bd9977d8", "tree": "7c49253bb6108b72be0fe4fbebe9cf32d85c6313", "parents": [ "1e963fe8bdf4eb368b66717bafd640c7f17528d6" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 09 21:09:08 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 09 21:01:36 2023 +0000" }, "message": "t/linux-firmware: update to master\n\nContains new AMD microcode with mitigations for\nInception (CVE-2023-20569) and Phantom (CVE-2022-23825).\n\nChange-Id: If6e26b9f1a96bf6e50c3c9f74bb60ad41c4d441f\nReviewed-on: https://review.monogon.dev/c/monogon/+/2049\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "1e963fe8bdf4eb368b66717bafd640c7f17528d6", "tree": "e6f40f9ee469f824bd3f9bfceae3c6074f95990b", "parents": [ "6eb3fb31f0d1385e96652b6bee043bd9c5f6a577" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 09 18:24:02 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 09 21:01:36 2023 +0000" }, "message": "t/linux: update to 5.15.125\n\nThis kernel contains additional handling and workarounds for Gather Data\nSampling aka Downfall (CVE-2022-40982) on Intel CPUs,\nInception (CVE-2023-20569) and Phantom (CVE-2022-23825) on AMD CPUs.\n\nPerformant workarounds for these issues also requires updated microcode\nfor both CPU vendors. Microcode for Intel has already been updated,\nAMD\u0027s is not merged in linux-firmware yet.\n\nChange-Id: I441c8c7b39a8eec0c42d1aac0375d0d15ec1703d\nReviewed-on: https://review.monogon.dev/c/monogon/+/2048\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "6eb3fb31f0d1385e96652b6bee043bd9c5f6a577", "tree": "33e2e6e6e17ae40519909d0927ce33bb9b0cf2c7", "parents": [ "c7108352bd9e03780e6f8836be6c5fffaa0f6501" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 09 17:19:24 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 09 21:01:28 2023 +0000" }, "message": "m/n/core: pipe kernel logs into logtree\n\nCurrently the kernel log is only available on the local console\n(serial/screen) and only if they are high-severity entries.\nThis log should be inspectable and collectable together with the\nother Metropolis logs, thus pipe it into logtree under the root.kernel\nnode..\n\nChange-Id: If5006db251eb8662ae9939a56e23bbb895304690\nReviewed-on: https://review.monogon.dev/c/monogon/+/2045\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "c7108352bd9e03780e6f8836be6c5fffaa0f6501", "tree": "fa6b87a5cd44288921d18a3f4476c99717da318f", "parents": [ "efa381fa9e8a3850ca1332ce617778d330d5e3ba" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 09 17:09:40 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 09 18:46:57 2023 +0000" }, "message": "m/p/logtree: add kmsg pipe\n\nThis allows ingesting Linux kernel (kmsg) logs into logtree with\nthe original metadata (timestamp, severity) preserved.\n\nChange-Id: Ibb6e3a7a0ae4a008b8e9c98beccb3a95c067cb75\nReviewed-on: https://review.monogon.dev/c/monogon/+/2044\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "efa381fa9e8a3850ca1332ce617778d330d5e3ba", "tree": "6fd0db26eab500ba19d7dd6c92b3f9b2cffb6646", "parents": [ "431acaa53ad0914eaf8bc89366b693640acbde13" ], "author": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Wed Aug 09 17:43:06 2023 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Wed Aug 09 18:11:25 2023 +0000" }, "message": "Set flaky flag on all known flakes\n\nBazel will retry tests marked as flaky up to three times. This has\nthe obvious downside of making the flakes less visible, but popping\nup as unrelated build failures is not the best way to surface them.\n\nChange-Id: I0c97450b17f2e8a56275d3b738e7d34b89be44f6\nReviewed-on: https://review.monogon.dev/c/monogon/+/2047\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "431acaa53ad0914eaf8bc89366b693640acbde13", "tree": "5c6fedd3d4cd204c4b99b42afbc5eba83a167341", "parents": [ "009b12662712fd70670c0dc6015e1a135d4a3cd0" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 09 14:29:24 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 09 16:10:05 2023 +0000" }, "message": "m/n/c/consensus: fix flaky TestEtcdMetrics\n\nThe metrics endpoint comes up before the bootstrap process is complete.\nThe test context then gets cancelled as the test has succeeded,\nbut the consensus runnable is not done bootstrapping, causing it to\nreturn an error and TestHarness to\nfail the test.\n\nFix this by waiting for the etcd state to be populated, indicating that\nthe bootstrap machinery has done its job.\n\nFixes https://github.com/monogon-dev/monogon/issues/258\n\nChange-Id: Ied270191aaebb226822a1c9d7f8c6312bd0da1ed\nReviewed-on: https://review.monogon.dev/c/monogon/+/2043\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "009b12662712fd70670c0dc6015e1a135d4a3cd0", "tree": "d3e164ef5b094489c04939cd4bab8dbf907cb3b1", "parents": [ "8055d23f3116a9695367ee09155ef9e0a4059f90" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 09 13:40:11 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 09 13:43:55 2023 +0000" }, "message": "third_party/intel_ucode: update to 20230808\n\nThis fixes the Intel Gather Data Sampling aka Downfall (CVE-2022-40982)\nmicroarchitectural data disclosure vulnerability.\n\nChange-Id: Ib185e8763f15e2af9fca2b89671825e5e87480fa\nReviewed-on: https://review.monogon.dev/c/monogon/+/2042\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "8055d23f3116a9695367ee09155ef9e0a4059f90", "tree": "17a093240dca129cec9aba29edcf777ff56c9f23", "parents": [ "0e74961fc03de5a439484ea5ec33e0fc52a22edd" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Aug 08 23:56:07 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Aug 08 22:07:41 2023 +0000" }, "message": "third_party/linux: enable VLAN interface support\n\nThis is configurable through the Metropolis static network\nconfiguration and thus needs to be enabled.\n\nChange-Id: Id479e0d26a93819de0e315c8c470e94386f0351f\nReviewed-on: https://review.monogon.dev/c/monogon/+/2041\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "0e74961fc03de5a439484ea5ec33e0fc52a22edd", "tree": "79097191057579098832aaafe30fceb2572a3bdc", "parents": [ "9563673b5913420e143518b53d3134d4f29b404b" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Aug 07 17:42:59 2023 +0000" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Aug 08 12:06:53 2023 +0000" }, "message": "cloud/bmaas/bmdb: Filter for machines based on provider\n\nCurrently the equinix shepherd tries to initialize our nodes from lumen,\nwhich of course is not correct. This change adds another parameter to\nthe queries and prevents that.\n\nChange-Id: Ib3f65e68403cb1b1282b80c1d494fb030a6d17b1\nReviewed-on: https://review.monogon.dev/c/monogon/+/2039\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "9563673b5913420e143518b53d3134d4f29b404b", "tree": "f41aee88ab9e63b2a8f38203d3aa9a169663edc7", "parents": [ "32c5fb80970db711fc2f81ceef2b07c29b409e5b" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Aug 07 16:59:40 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Aug 07 17:54:59 2023 +0000" }, "message": "m/n/c/update: work with invalid boot entries\n\nCurrently if any boot entry is unreadable or unparseable, we refuse to\nperform any updates. This is not desirable as any edge cases in our\nparser or the EFI firmware cause the update mechanism to be\nnon-functional, even preventing us from shipping an update to fix the\nissue. It makes more sense to just log occurrences where such an entry\ncould not be read/parsed.\n\nChange-Id: I8a1161bf35a4c8deb1d82156662b512bcc43ed59\nReviewed-on: https://review.monogon.dev/c/monogon/+/2038\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "32c5fb80970db711fc2f81ceef2b07c29b409e5b", "tree": "45b735a5f41722d0cc5fc6886e894d498830a132", "parents": [ "f025d1b20232385fa09459794dda9f9df0f5295a" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Aug 03 17:37:56 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Aug 07 17:54:59 2023 +0000" }, "message": "m/n/c/update: fix matching boot entries\n\nThe matching code accidentally worked as long as there was only one boot\nentry for each loader path (boot-a.efi/boot-b.efi) as it type-asserted\na pointer which caused ok to always be false and thus all entries passed\nthrough the UUID check.\n\nThis fixes the type assertion and following logic.\n\nChange-Id: I83fdd2204028633dc274055f7d1ecb458747174e\nReviewed-on: https://review.monogon.dev/c/monogon/+/2031\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "f025d1b20232385fa09459794dda9f9df0f5295a", "tree": "e19ea5d8e3af4e2314b42602e60305db5d376051", "parents": [ "3b25cf7c486781e018795066c3337e73ac7e526b" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Aug 07 14:52:49 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Aug 07 13:28:39 2023 +0000" }, "message": "m/p/efivarfs: allow multiple paths in LoadOption\n\nThe FilePathList in an EFI LOAD_OPTION technically allows multiple\ndevice paths separated by end of path markers. These additional paths\nbeyond the first one do not have any standardized function, but some\nEFI vendors use them to store data. Currently we fail to parse them\nbecause they contain more than one end of path marker. Fix this by\nadding an ExtraPaths field to LoadOption and implementing marshalling/\nunmarshalling for it. I chose to use a separate field in the Go\nstruct because these additional paths do not have the same functionality\nas the first one (they are not bootable).\n\nChange-Id: I96df17915966a973a7553fe9864a0b3e6f6b61e8\nReviewed-on: https://review.monogon.dev/c/monogon/+/2037\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "3b25cf7c486781e018795066c3337e73ac7e526b", "tree": "82e9b47b2ffb0614f811b57eb000c249942686d7", "parents": [ "45d6f1821bf047dbe2a71b8d21401dfb60583285" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Jul 17 16:58:10 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Aug 07 13:27:50 2023 +0000" }, "message": "metropolis/cli/metroctl: add update command\n\nChange-Id: Iab7f930923f8009e0e14f96fc64d336614b1251e\nReviewed-on: https://review.monogon.dev/c/monogon/+/1937\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "45d6f1821bf047dbe2a71b8d21401dfb60583285", "tree": "196dd81b11f57f665327e5e53f59a726c0488513", "parents": [ "b80b8449f4a62c797dd397d08fc0caf70776e5c0" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Aug 07 13:19:41 2023 +0000" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Aug 07 13:27:46 2023 +0000" }, "message": "metropolis/node/core/mgmt: add logging for update activation method\n\nChange-Id: Ief4ef6447ac132755df35c5742dedc5d15d71d74\nReviewed-on: https://review.monogon.dev/c/monogon/+/2029\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "b80b8449f4a62c797dd397d08fc0caf70776e5c0", "tree": "be4ca586c31d9abd9152a16d69c1839c28cf1070", "parents": [ "a4b88849c4691a1674d4427ee73a79ae8ea76460" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Aug 03 17:40:17 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Aug 07 13:04:06 2023 +0000" }, "message": "m/n/c/mgmt: unmount ESP before restarting\n\nThis provides additional reliability for the FAT32 ESP partition.\nNothing should keep persistent handles for files on the ESP. Ignore\nerrors in case anything does.\n\nChange-Id: I04bfbb82fddfc740c5c234c028de89539e91a696\nReviewed-on: https://review.monogon.dev/c/monogon/+/2032\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "a4b88849c4691a1674d4427ee73a79ae8ea76460", "tree": "c7e187fc439da01546cf701d5501dab799a91ee9", "parents": [ "d14be0eb8bcffb6ba597f26e3ad57b311ca376fc" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Aug 03 17:34:56 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Aug 07 11:37:10 2023 +0000" }, "message": "m/n/c/localstorage: fix logic error determining ESP\n\nThe OS integration of the A/B update engine has a logic error which\ncaused it to provide all partitions as ESP, of which the last one\n(the data partition) stuck.\n\nChange-Id: Ia721f9f515ca65f710f07ba25b3be68544158a7c\nReviewed-on: https://review.monogon.dev/c/monogon/+/2030\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "d14be0eb8bcffb6ba597f26e3ad57b311ca376fc", "tree": "3a1286f0eb3623db53c4cb2c880eb5a1059ae1f0", "parents": [ "c07d74efd282261c68d33d745d52a6703448c8fd" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Jul 31 16:46:14 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Aug 07 11:37:10 2023 +0000" }, "message": "m/n/c/update: implement kexec-based activation\n\nAs we\u0027ve had some issues with EFI-based slot activation and enterprise\nserver firmware is extremely slow, this implements kexec-based\nactivation. This just kexecs into the freshly-installed slot instead of\nrebooting. It still updates the BootOrder on successful boot to allow\ncold-boots if the server crashes or loses power, but no longer uses the\nNextBoot mechanism to boot into the new slot once (this is taken care of\nby kexec).\n\nChange-Id: I6092c47d988634ba39fb6bdd7fd7ccd41ceb02ef\nReviewed-on: https://review.monogon.dev/c/monogon/+/2021\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "c07d74efd282261c68d33d745d52a6703448c8fd", "tree": "d02247ddbe08318edc5e1ea5eb17c23f0a2c3435", "parents": [ "cf7bd147a0e8b61133472471eb7193566d8b1a4e" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Aug 03 17:41:23 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Aug 03 16:55:34 2023 +0000" }, "message": "m/i/t: replace loglevel\u003d0 with quiet\n\nWe should really not be using loglevel\u003d0 in tests, it hides even\ncritical errors like panics.\n\nChange-Id: I6e8dc0f2352efe7f9328faeb0c5e736a75eacb0e\nReviewed-on: https://review.monogon.dev/c/monogon/+/2033\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "cf7bd147a0e8b61133472471eb7193566d8b1a4e", "tree": "3521de5e73c456870dbbce86d907e3557593b452", "parents": [ "d07489b551c242df6ed73d07d17b47feb3827b48" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Aug 03 15:20:09 2023 +0000" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Aug 03 15:42:45 2023 +0000" }, "message": "metropolis/node: remove genrule image_gcp\n\nThis is currently very flaky and we dont use it anyway\n\nChange-Id: Idf91cdc3f45da11635a8ee78617d209665a5bbc7\nReviewed-on: https://review.monogon.dev/c/monogon/+/2028\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "d07489b551c242df6ed73d07d17b47feb3827b48", "tree": "2684f906758105cb9108c19069091a9d86ad7786", "parents": [ "8e87a062badeb7f6b93c6486925aa99c616cd8a6" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Aug 03 13:09:02 2023 +0000" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Aug 03 15:33:41 2023 +0000" }, "message": "metropolis/pkg/efivarfs: write variables with 0644 perms\n\nThe kernel creates all files with these permissions, so having different ones\nis useless.\n\nChange-Id: Iaafb6080de349f95e566bb2e4faf821864cf75e6\nReviewed-on: https://review.monogon.dev/c/monogon/+/2025\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "8e87a062badeb7f6b93c6486925aa99c616cd8a6", "tree": "73226d80fb80580c02c092d41aac59da1d94d1f9", "parents": [ "3961acd37445d5139040b910e093e759828552ad" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Jul 31 01:33:10 2023 +0000" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Aug 03 15:33:25 2023 +0000" }, "message": "metropolis/node/core/update: set partition start and size in efi\n\nChange-Id: I1dc6b6738a375c6fc581d51494d13fbeda7b724d\nReviewed-on: https://review.monogon.dev/c/monogon/+/2026\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "3961acd37445d5139040b910e093e759828552ad", "tree": "3ed82aa3adca72268431acd88135e2afa2397468", "parents": [ "a622379880cd043e0a12ab25129801e2c63d82bb" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 02 17:55:06 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 02 16:33:55 2023 +0000" }, "message": "m/p/gpt: fix protective MBR off-by-one\n\nSince the protective MBR partition starts at block 1 (the first is the\nthe protective MBR itself) that first block needs to be subtracted from\nits size.\n\nChange-Id: I99bbb449c27596efd2dd260ffb388a9a69a09589\nReviewed-on: https://review.monogon.dev/c/monogon/+/2024\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "a622379880cd043e0a12ab25129801e2c63d82bb", "tree": "2b624fc68521ec72a3d018b2b71cfe755939795a", "parents": [ "0b84a9f5e2caef3f66e4d912b6ac18429dff2c2d" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Jul 31 17:13:11 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 02 10:12:22 2023 +0000" }, "message": "m/n/c/consensus: fix format directive error\n\nThat %w points to err which is not actually populated in this code path.\n\nChange-Id: I025eafbd4733cb584c67af2479992c9368d414e9\nReviewed-on: https://review.monogon.dev/c/monogon/+/2022\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "0b84a9f5e2caef3f66e4d912b6ac18429dff2c2d", "tree": "e44c00c20213a01877783405929f27edc3357d79", "parents": [ "35fcf0397be02883ace364e650b3e8d9a2281e24" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Jul 27 14:20:31 2023 +0000" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Aug 01 13:30:41 2023 +0000" }, "message": "metropolis/node: show build commit on startup\n\nPreviously it was not possible to identify the running version,\nwith this change the build commit and tree state gets stamped into the binary\nand printed on boot.\n\nChange-Id: I3916e3d40dc87f28a58eb74c6450218550fb3214\nReviewed-on: https://review.monogon.dev/c/monogon/+/1978\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "35fcf0397be02883ace364e650b3e8d9a2281e24", "tree": "cb1297a2e4a34eeebb9faf09b44c3b95cf603f7f", "parents": [ "ad131883747f73e51526dd6f163df23b913f69ed" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jun 29 04:15:58 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jul 27 13:58:35 2023 +0000" }, "message": "metropolis: implement A/B updates\n\nThis implements an A/B update mechanism using two slots, A and B.\nThis is realized with two system partitions as well as two EFI\nloaders/kernels.\n\nThe A/B system relies on two EFI loader entries. This has the advantage\nthat there is no preloader required, which makes the system more\nreliable as well as avoiding the complexity of having an un-updatable\npreloader (CoreOS has this issue where their GRUB2 crashed booting newer\nkernels, sadly the issue seems lost with the migration to Fedora\nCoreOS). It also means that the operator can easily override the slot\nbeing booted via the boot loader entries. Primary disadvantage is that\nit relies on EFI working somewhat to spec.\n\nNew versions are booted into only once by setting NextBoot, if the\nbootup doesn\u0027t succeed, i.e. if the boot doesn\u0027t get to a cluster rejoin\nthe next boot will be the old slot. Once it gets to this stage the\npermanent BootOrder is changed.\n\nThe EFI loaders don\u0027t know if they are slot A or B because they are\nidentical and relying on OptionalData in the boot entry to indicate the\nslot means that if the EFI boot entries go away, recovering is very hard.\nThus the loaders look at their own file name to determine what slot they\nare in. If no slot could be determined, they default to booting slot A.\nIt is planned to eventually use Authenticode Stamping (passing data in\nfake certificates) to stamp the slot into the loader without affecting\nthe TPM hash logged.\n\nChange-Id: I40de2df8ff7ff660c17d2c97f3d9eb1bd4ddf5bc\nReviewed-on: https://review.monogon.dev/c/monogon/+/1874\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "ad131883747f73e51526dd6f163df23b913f69ed", "tree": "e5dee1d605cf4df4c507529185a82b49dbb841b3", "parents": [ "cb9f3d3d495b12e26772271e368340a38244d586" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jun 28 16:42:20 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jul 27 13:58:35 2023 +0000" }, "message": "treewide: port everything to blockdev\n\nThis gets rid of most ad-hoc block device code, using blockdev for\neverything. It also gets rid of diskfs for everything but tests. This\nenables Metropolis to be installed on non-512-byte block sizes.\n\nChange-Id: I644b5b68bb7bed8106585df3179674789031687a\nReviewed-on: https://review.monogon.dev/c/monogon/+/1873\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "cb9f3d3d495b12e26772271e368340a38244d586", "tree": "ba362d7665cf7c48f246b9040ce65a506ea5b93b", "parents": [ "1e0e3a47f72a8fb251bec9a98cb3d6acffe79989" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jul 27 15:21:49 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jul 27 13:58:35 2023 +0000" }, "message": "m/p/blockdev: add darwin implementation\n\nThis adds a minimal blockdev implementation for Darwin/macOS.\nProperly implementing Discard() is left for later as it would require\nextending x/sys/unix and it is allowed to just return ErrUnsupported\nfor all calls.\n\nChange-Id: I5f3c85935301857c1f25edd8b8f9acdbe4abf4ad\nReviewed-on: https://review.monogon.dev/c/monogon/+/1977\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "1e0e3a47f72a8fb251bec9a98cb3d6acffe79989", "tree": "64f18c66ac03870d1cbbae02b91e6f14a4ebc090", "parents": [ "fd49f22e3a98d42ffe4d508a1e49ef2549fa8ecf" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jun 28 16:40:18 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jul 27 13:58:35 2023 +0000" }, "message": "m/p/blockdev: init\n\nAdds blockdev, a package providing a Go interface for generic block\ndevices as well as an implementation of it for Linux and auxiliary\ntypes.\n\nThis will replace most ad-hoc block device handling in the monorepo.\n\nChange-Id: I3a4e3b7c31a8344f7859210bbb4942977d1ad1d2\nReviewed-on: https://review.monogon.dev/c/monogon/+/1871\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "fd49f22e3a98d42ffe4d508a1e49ef2549fa8ecf", "tree": "cbca6bd43f671088aaac950a996055d1a3536b09", "parents": [ "4c6720da59d460d74487fb9bf42f42334cf191d3" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Jul 20 14:27:50 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Jul 26 16:49:54 2023 +0000" }, "message": "metropolis/node/core/metrics: export (controller-manager|scheduler) metrics\n\nChange-Id: Ie61551655cbf1130bb5f5beb2923dac1aa52f868\nReviewed-on: https://review.monogon.dev/c/monogon/+/1952\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "4c6720da59d460d74487fb9bf42f42334cf191d3", "tree": "b10de2997c7c711bc579e7cb38c04ffa5d86cd0d", "parents": [ "c37a886044f368ef7b0de61fc77daae8c52e74e8" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jul 25 14:44:19 2023 +0000" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Jul 26 16:41:04 2023 +0000" }, "message": "metropolis/node/core/metrics: migrate labels to sd-meta naming scheme\n\nChange-Id: Ie5ad32d5383abbe13ff9c347d47ecc10f090bccb\nReviewed-on: https://review.monogon.dev/c/monogon/+/1971\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "c37a886044f368ef7b0de61fc77daae8c52e74e8", "tree": "5ed030955e1f57d7fb5df9fa49597e62a808e071", "parents": [ "78a538df4c1112bad6bee08509385af8d0ecc77a" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Jul 19 16:33:21 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Jul 26 16:39:41 2023 +0000" }, "message": "metropolis/node/core/metrics: expose etcd metrics\n\nChange-Id: Ie916d497b44c05ab51b13d0bb14f4e850291a77e\nReviewed-on: https://review.monogon.dev/c/monogon/+/1950\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "78a538df4c1112bad6bee08509385af8d0ecc77a", "tree": "7c0c3d44f2334a2305242f768322f36a175434a9", "parents": [ "90613afdf11f7831fc0a673f2fe502c28ab93729" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jul 25 21:39:04 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jul 26 12:39:17 2023 +0000" }, "message": "t/{linux,-firmware}: fix Zenbleed (CVE-2023-20593)\n\nThis fixes the Zenbleed vulnerability by including the latest fixed\nmicrocode from linux-firmware. They don\u0027t do proper release management\nbut just tag a date approximately every month to keep distros happy.\nThus we need to use a master commit to get the fixes now.\n\nAlso update Linux to 5.15.122 to make sure that we know in case the\nmicrocode fix somehow didn\u0027t get applied.\n\nChange-Id: I5e26826e6df0f665e1a23efe8587dfb93edb2d94\nReviewed-on: https://review.monogon.dev/c/monogon/+/1974\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "90613afdf11f7831fc0a673f2fe502c28ab93729", "tree": "1f524cdd0e25a3dd28ff350803d2bc296c3d6fda", "parents": [ "88a76b7a89b3fc81b9135b1197e1ea6fd3698121" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Jul 20 14:26:18 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Jul 26 12:04:58 2023 +0000" }, "message": "metropolis/node/kubernetes: fix mtls authentication to (controller-manager|scheduler)\n\nPreviously it wasn\u0027t possible to authenticate against the services\nas they had no CA they trusted for the sent client certificate.\n\nChange-Id: Ic7cd2419a9e3496680a9393424c7ca1780c4d38c\nReviewed-on: https://review.monogon.dev/c/monogon/+/1951\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "88a76b7a89b3fc81b9135b1197e1ea6fd3698121", "tree": "b1ab3800149e95405b41a21bd74437c1f43c55e7", "parents": [ "4ac7112b135518b610a84a3a6db535dbb41f1fcf" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Jul 24 13:10:33 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jul 26 10:47:46 2023 +0000" }, "message": "build/ci: ensure that we can build metroctl for macOS\n\nWe should probably soon have separate CI targets for different\nbuild/test kinds/targets, but this will do for now.\n\nChange-Id: I710a498f771fc8fd225c1e3b4666fb28e7421b7d\nReviewed-on: https://review.monogon.dev/c/monogon/+/1962\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "4ac7112b135518b610a84a3a6db535dbb41f1fcf", "tree": "19bcc8dd598928d6413d6721ef52ee211406a8d9", "parents": [ "e5abee60401840f9af83d9181f9ce36f886b10ce" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Jul 24 13:08:34 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jul 26 10:47:46 2023 +0000" }, "message": "metropolis/node/core/rpc: decouple from pki\n\nChange-Id: I15d3e7d1142f0f95081e73c985d96f8d103df55e\nReviewed-on: https://review.monogon.dev/c/monogon/+/1961\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "e5abee60401840f9af83d9181f9ce36f886b10ce", "tree": "9887e5c3f28cd295ec19f35a01469286530fe8b3", "parents": [ "be25a3b839debc10817670fac0c20660a87bea12" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Jul 19 16:33:36 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Jul 24 14:52:41 2023 +0000" }, "message": "metropolis/node/core/metrics: allow exporters without executables\n\nChange-Id: I8f05c5a2a59018e8979c48a0253f2c068a71e5cd\nReviewed-on: https://review.monogon.dev/c/monogon/+/1949\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "be25a3b839debc10817670fac0c20660a87bea12", "tree": "df5c6ef648ad41fb5037a53976835709737454bd", "parents": [ "b551b65225b7398ed4eb8b3361f50c7998f56ce1" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Jul 19 16:31:56 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Jul 24 14:52:41 2023 +0000" }, "message": "metropolis/test/launch/cluster: expose metrics port\n\nChange-Id: I2ef17374db665c5491f9594de2ae4474be5163a4\nReviewed-on: https://review.monogon.dev/c/monogon/+/1948\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "b551b65225b7398ed4eb8b3361f50c7998f56ce1", "tree": "3ae89cf74847693ae13f2c18063a48d4fb8563ba", "parents": [ "5d0906e1db869ddeac081567b469671a5ff25f7c" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Jul 17 16:01:42 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Jul 24 14:45:04 2023 +0000" }, "message": "metropolis/node/core/metrics: implement http_sd discovery endpoint\n\nWe provide prometheus metrics but dont have a way to discover all nodes,\nthis change implements a new http endpoint: /discovery. It implements the\nhttp_sd api and returns all current cluster nodes including their roles as\nlabel.\n\nChange-Id: I931a88e2afb285482d122dd059c96f9ebfab4052\nReviewed-on: https://review.monogon.dev/c/monogon/+/1934\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "5d0906e1db869ddeac081567b469671a5ff25f7c", "tree": "c12afd970111219040b457fc739823513fcb2957", "parents": [ "ffbf393575c52f7444f66d4bef86ecd81e3fdb98" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Jul 20 20:23:57 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Jul 24 14:45:04 2023 +0000" }, "message": "metropolis/test/util: move TestCurator to utils package\n\nTo use it inside other tests this change moves the TestCurator\nto allow usage inside other tests\n\nChange-Id: I75be31f490eb84e5c9bc56b65317ea5483415dcf\nReviewed-on: https://review.monogon.dev/c/monogon/+/1954\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "ffbf393575c52f7444f66d4bef86ecd81e3fdb98", "tree": "05d223a1d481de0e9725997174d45e5874fad785", "parents": [ "a004576acfd826bf8a2a3371a3fde787afb9629b" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Jul 24 13:02:42 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Jul 24 12:36:21 2023 +0000" }, "message": "metropolis/test/util: move in NewEphemeralClusterCredentials from rpc\n\nChange-Id: I41603b19a76ea91c2191b0118183957973fc9ccd\nReviewed-on: https://review.monogon.dev/c/monogon/+/1960\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "a004576acfd826bf8a2a3371a3fde787afb9629b", "tree": "09a029faa89414ea4e7ceaaaa4a424e2ea20f3ae", "parents": [ "9933ef0d18cf42a604fc7ed25cec3e05f8ab6368" ], "author": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Thu Jul 20 19:27:41 2023 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Fri Jul 21 12:04:38 2023 +0000" }, "message": "Set flaky\u003dTrue on roleserve_test and memory_test\n\nThese are frequent CI failures.\n\nChange-Id: Ic45f4dcd22bb608bc96da84c9de74faae1f8daab\nReviewed-on: https://review.monogon.dev/c/monogon/+/1953\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "9933ef0d18cf42a604fc7ed25cec3e05f8ab6368", "tree": "484c711598ccef01f2218564a79a8352c657958b", "parents": [ "394b67e4208e1b2f06e61ab7e69ae58f444a56d8" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jul 06 18:28:29 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jul 20 11:48:17 2023 +0000" }, "message": "m/p/efivarfs: BootOrder fixes\n\nThis doesn\u0027t need to be a pointer as it\u0027s a slice.\nThere was also a bug left in here because it previously skipped over\nthe attributes field which we now treat separately.\n\nChange-Id: Icc80496e9bc826ae11201f96a703fb80f97c478a\nReviewed-on: https://review.monogon.dev/c/monogon/+/1913\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "394b67e4208e1b2f06e61ab7e69ae58f444a56d8", "tree": "76280f2c02e4afe2f9ace484f7fd61040326df47", "parents": [ "4f28b9ed6387dc22225f5e60a78f91ab8e3d65bd" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jul 19 17:34:34 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Jul 20 10:54:36 2023 +0000" }, "message": "m/cli/metroctl: implement buildkind\u003dlite\n\nUsers can now build metroctl with:\n\n bazel build //metropolis/cli/metroctl --//metropolis/cli/metrocli:buildkind\u003dlite\n\nTo request a metroctl built without a direct dependency on the rest of\nMetropolis. Such a metroctl tool will not be able to run `genusb`\nwithout manually specifying a metropolis bundle and metropolis installer\nkernel.\n\nChange-Id: Ic8c135392a7d0ec3120e5dbed8fd6636de578633\nReviewed-on: https://review.monogon.dev/c/monogon/+/1947\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "4f28b9ed6387dc22225f5e60a78f91ab8e3d65bd", "tree": "6b0e7b9014a99a92e23e0a5d2d7c25a8a4e566ba", "parents": [ "46a45f941632de6ef0085eee373a6c3dad5e9f53" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jul 19 17:11:05 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Jul 20 10:54:36 2023 +0000" }, "message": "m/n/core/identity: decouple from localstorage\n\nChange-Id: I825bc7d71f9866b0052e550f0d113bd8bc726fdc\nReviewed-on: https://review.monogon.dev/c/monogon/+/1946\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "46a45f941632de6ef0085eee373a6c3dad5e9f53", "tree": "07f2b51255011347175505c94c2a99ebdb0832c4", "parents": [ "9508b12bba50625eaccadc4aacf908ba538e3dd6" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jul 19 17:09:52 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Jul 20 10:54:36 2023 +0000" }, "message": "m/c/metroctl: move installer dependency to runfiles\n\nThis is the first step in not requiring a full Metropolis build to build\nmetroctl.\n\nThings are still actively coupled at build time, but the resulting\nbinary can now run without any embedded installer.\n\nChange-Id: I55fc53c57ac6d1d3e75a225e7d7c79bae5759b67\nReviewed-on: https://review.monogon.dev/c/monogon/+/1945\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "9508b12bba50625eaccadc4aacf908ba538e3dd6", "tree": "acaf5e1981fc98101f25924a6fb44cf827f826c5", "parents": [ "150f24a5421dc1449d79a801524a7c98754f7bca" ], "author": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Fri Jul 14 17:54:17 2023 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Wed Jul 19 15:57:32 2023 +0000" }, "message": "*: fully hermetic builds and nix shell support\n\nThis change is a slightly more polished version of Serge\u0027s experiment:\n- https://review.monogon.dev/c/monogon/+/1148\n- https://bin.monogon.dev/pasta/sloth-parrot-ant\n- https://bin.monogon.dev/pasta/eel-seal-wolf\n\nThere are two execution environments we have to support:\n\n- Most builds run inside a sandbox, which is a Fedora\n environment and does not require any host dependencies at all.\n\n- Bazel itself and the tooling we require to bootstrap\n the sandbox (mainly, Go and Proto toolchains). This has to\n work directly on the host.\n\nWe first make the sandbox fully hermetic by setting\n--experimental_use_hermetic_linux_sandbox, which set up an empty /\ninstead of mounting over individual directories, removing any remaining\nhost paths from the sandbox (except /proc and /dev/shm, which are\nrequired by some toolchains). We also force static values for the shell,\n$TMPDIR and $PATH, which would otherwise leak into the sandbox.\n\nFor the host, we use buildFHSUserEnv to build an environment which\nsupports our static toolchains, and well as a clean Bazel build\nwithout all the nixpkgs patches which would otherwise break our custom\ntoolchains and sandbox implementation.\n\nThis allows us to use the exact same toolchains on NixOS and other\ndistros for perfect reproducibility.\n\nFixes https://github.com/monogon-dev/monogon/issues/174.\nFixes https://github.com/monogon-dev/monogon/issues/175.\n\nCo-authored-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nChange-Id: I665471a45b315ce7e93ef16d9d056d7622886959\nReviewed-on: https://review.monogon.dev/c/monogon/+/1929\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "150f24a5421dc1449d79a801524a7c98754f7bca", "tree": "c4f69b7e6260a241f3d946b36eda309e2539ccba", "parents": [ "901c7326fe067707812757e4e9409f756edf0e37" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jul 13 20:11:06 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jul 19 12:17:34 2023 +0000" }, "message": "metropolis/test: use localregistry\n\nThis removes everything but the preseed test image from the preseed\nimage pool, instead opting to serve all test image via localregistry.\n\nThe registry API is served from a dedicated IP inside the virtual\nnetwork and forwarded to an ephemeral listener on the host. The relevant\ninfrastructure is added to the launch package.\n\nAs it is required to add configuration to containerd for this registry\nanyways as it does not and should not have TLS we take that opportunity\nto give it a descriptive name (test.monogon.internal).\n\nVisibilities of images are also adjusted as they are now referenced much\ncloser to their point of use.\n\nAgainst main this saves 51MiB in bundle size (289MiB -\u003e 238MiB).\n\nChange-Id: I31f732eb8c4ccec486204f35e3635b588fd9c85b\nReviewed-on: https://review.monogon.dev/c/monogon/+/1927\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "901c7326fe067707812757e4e9409f756edf0e37", "tree": "f07f9dc363f0448076024ec4217858dcf47bcb88", "parents": [ "3df66ebf2ae75de9e62302332412655e8fb45d04" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jul 13 20:10:37 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jul 19 11:54:30 2023 +0000" }, "message": "m/p/localregistry: init\n\nAdds the localregistry package, which serves Bazel-built container\nimages via the Docker/OCI V2 registry API.\n\nThis will be used to serve test images instead of preseeding them.\n\nChange-Id: I0c2ceb9a83f807c9c87ab03bc1141ca67cc64268\nReviewed-on: https://review.monogon.dev/c/monogon/+/1926\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "3df66ebf2ae75de9e62302332412655e8fb45d04", "tree": "afe917d9fa6eba01dbc9aac0b59a7a189c3c64ce", "parents": [ "f0ec0f670512f82b8e1428acd577ffe1693d1f8f" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Jul 17 15:58:07 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jul 18 14:52:36 2023 +0000" }, "message": "metropolis/node/core/metrics: configure node-exporter collectors\n\nTo have a better overview over the nodes we enable additional collectors\nand tell the filesystem collector to not report high cardinality mountpoints.\n\nChange-Id: I267c7c82d671f03c037aabcb067a06fdf29aef65\nReviewed-on: https://review.monogon.dev/c/monogon/+/1933\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "f0ec0f670512f82b8e1428acd577ffe1693d1f8f", "tree": "690b280b94ed797149986fbbbd697ca216386235", "parents": [ "e95007b7090921e2aa4fdc24fea3d23f1bda048e" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Jul 17 13:43:38 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jul 18 13:58:24 2023 +0000" }, "message": "metropolis/cli/metroctl: add cert export command\n\nTo scrape metrics we currently need the owner certificate in a usable format.\n\nChange-Id: Ic6695b14a764d71d9c7b698c113fe0109d5820bf\nReviewed-on: https://review.monogon.dev/c/monogon/+/1932\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "e95007b7090921e2aa4fdc24fea3d23f1bda048e", "tree": "2884539aa61dcf8a8390299869fa63999382f841", "parents": [ "5c829a4aae48ab0f81f24cde89cf8a85e4adcf3e" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Jul 17 19:05:30 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jul 18 12:01:46 2023 +0000" }, "message": "metropolis/node: pretend usage of metropolis ports as node port\n\nWithout this additional change, the repair job detects that we are not\nusing the ports with a service. Since we are using them just not with a\nservice, lets just pretend to have a valid service\n\nChange-Id: Ia226415393031761bdf1d683a8389db65f76bcec\nReviewed-on: https://review.monogon.dev/c/monogon/+/1938\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "5c829a4aae48ab0f81f24cde89cf8a85e4adcf3e", "tree": "1734b3ea9565bf167405d1c4dd85a15272a76537", "parents": [ "800e7c9514c1ea5aa9267a19217086363d6d8c4d" ], "author": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Fri Jul 14 17:41:42 2023 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Mon Jul 17 10:06:40 2023 +0000" }, "message": "third_party/chrony: fix chrony source\n\nThe Git snapshot download currently returns a 500 status code.\nDownload the official release instead.\n\nChange-Id: I673584ec2ea6152ca7338bd3609d2264d31b69bd\nReviewed-on: https://review.monogon.dev/c/monogon/+/1928\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "800e7c9514c1ea5aa9267a19217086363d6d8c4d", "tree": "3543adb39b0f1ba5d84f651a2840edc885b7dce4", "parents": [ "d1c392a788043f2bd82d936a334bd01e1be97421" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jul 12 22:37:39 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jul 13 10:23:27 2023 +0000" }, "message": "m/p/tpm: fix garbage when logging PCRs\n\nCasting an int to a string causes it to be interpreted as a byte of an\nUTF-8 string, not converted to the respective UTF-8 character(s).\nUse strconv instead to actually convert the integers to valid UTF-8\ntext.\n\nChange-Id: I4878d9312f2fd2f2401e7fc3ba0e7a69cbca4d9e\nReviewed-on: https://review.monogon.dev/c/monogon/+/1925\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "d1c392a788043f2bd82d936a334bd01e1be97421", "tree": "1bdf2d7a4d7a54b2d8bda0c3c729eb2c9eef90a4", "parents": [ "0553f885b84ca97384ffdb942b30c67d23166a16" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jul 06 19:10:56 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jul 11 10:48:05 2023 +0000" }, "message": "m/n/kubernetes: fix CSI local PV publishing\n\nExperimentally confirmed to fix pods stuck in creating because the\nmount syscall failed with ENOENT because the target directory did not\nexist. The current CSI spec now explicitly says that creation of\ntarget_path is the responsibility of the storage plugin, so let\u0027s\nactually create that directory.\n\nChange-Id: I57d8086f2e70040095206c36e4302b352d06bb84\nReviewed-on: https://review.monogon.dev/c/monogon/+/1914\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "0553f885b84ca97384ffdb942b30c67d23166a16", "tree": "aacfd7d09e462de3c5cfc4cb5cb23840e0b5f6c3", "parents": [ "93910e666218954def8e1e3b304909f7dbb7a1b5" ], "author": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Sat Jul 08 22:13:30 2023 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Mon Jul 10 11:33:56 2023 +0000" }, "message": "webug: shrink tabs in monospace areas\n\nThis makes prototxt output more readable by saving\nsome horizontal space.\n\nChange-Id: Ia0703f280dfb8c8dd9e3899cc20cefc81773d1e1\nReviewed-on: https://review.monogon.dev/c/monogon/+/1921\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "93910e666218954def8e1e3b304909f7dbb7a1b5", "tree": "bc584ab34d4c5e0caa094d94bcee99ccf01f50a7", "parents": [ "7d1a0dee36f43f232481eb7ca4ec5d520a526907" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Jul 06 16:15:06 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Jul 06 23:09:14 2023 +0000" }, "message": "m/n/core/curator: fix clusternet sync issues\n\nClusternet sync was broken whenever a node just started a curator\nwatcher, as the curator\u0027s codepath to serve the backlog wasn\u0027t copying\nover clusternet data.\n\nThis shouldn\u0027t have happened, especially as we implemented a unified\nfunction to convert node data into node update data, we just forgot to\nuse it during the initial backlog generation code on the curator.\n\nI\u0027ve spent some time trying to come up with a testcase that would\nautomatically catch any further bug of this type, but that\u0027s not really\ndoable without having more formalized type casts between all the\ndifferent types a node can be encoded in (curator in-memory, curator\nproto state, api node object). But we do still update one of the curator\ntests to catch this particular regression.\n\nChange-Id: I203d9a41b735db63d076c7e68a9fc6fe2f795ab4\nReviewed-on: https://review.monogon.dev/c/monogon/+/1912\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" } ], "next": "7d1a0dee36f43f232481eb7ca4ec5d520a526907" }