)]}' { "log": [ { "commit": "d8a3fa2d6a84617b3013b07e15293ae266af8922", "tree": "c2cf863c5ddc2bd770c99c3fc70386247dbd30c6", "parents": [ "63b346d8a41f2c6e668bb17600fbc15c4feb1f2f" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Fri Nov 24 23:14:09 2023 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Fri Dec 01 21:22:22 2023 +0000" }, "message": "third_party/go: disable unused node_exporter collectors\n\nChange-Id: I56115f0b37aeeaca7e7b1648e423f61476186563\nReviewed-on: https://review.monogon.dev/c/monogon/+/2369\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "e6e570ae3c26c5fda4855522e8cf04644627295f", "tree": "1678ee01ccfc5277f2e6f79858466a2847d291fd", "parents": [ "6fa92ac53f2cbeb3b2e63dea9f87b1b19a680434" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Nov 28 19:23:19 2023 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Nov 29 12:23:41 2023 +0000" }, "message": "m/n/k/nfproxy: use discovery/v1 API\n\nThe old discovery/v1beta1 is deprecated and removed in 1.25. We need to\nget nfproxy to use the new API (available since 1.21) before we jump\nto a K8s control plane version above 1.25.\n\nChange-Id: I6336e168e9efbfc4a7b41f6fe15efebf95624df2\nReviewed-on: https://review.monogon.dev/c/monogon/+/2407\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "7a5422e2718017958c0c408cd6f363d33f41fefb", "tree": "f14a3dc1383555eecf538fe8a6ef05257fa9e0e3", "parents": [ "3e756907d9c769bc92efde5325cd965a4dacf5bd" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Nov 27 19:34:53 2023 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Nov 27 18:43:16 2023 +0000" }, "message": "gomod: update rtnentlink to fix ARP table issue\n\nSee https://github.com/prometheus/node_exporter/issues/2849 and\nhttps://github.com/jsimonetti/rtnetlink/releases/tag/v1.4.0\nfor discussion.\n\nChange-Id: Id9d9630bf32c121ec059a3ee1de9b4e8aa42fb92\nReviewed-on: https://review.monogon.dev/c/monogon/+/2402\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "4ff00f89bac159848b5a694a1868885a9dcd2387", "tree": "119cd2a2cb4a6fd03f969b5c2d0b7c7c79e53fde", "parents": [ "538d3098711d0b8ca0ddd2e76c301f45a46eba9f" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Nov 14 00:33:27 2023 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Nov 23 21:47:02 2023 +0000" }, "message": "treewide: update x/exp\n\nChange-Id: Ie8954ba4f170477ff676b64a64bc017e100a01bd\nReviewed-on: https://review.monogon.dev/c/monogon/+/2311\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "538d3098711d0b8ca0ddd2e76c301f45a46eba9f", "tree": "4ba3e2cf0010d359498449df741baf14a76d3de3", "parents": [ "cf8a324b54ad8ab1b6adeb5c54b34de59a936143" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Nov 16 07:59:55 2023 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Nov 23 21:47:02 2023 +0000" }, "message": "treewide: update github.com/insomniacslk/dhcp\n\nChange-Id: Ia53b40a5ef3868043f0d6244ce08c6af458c6a24\nReviewed-on: https://review.monogon.dev/c/monogon/+/2321\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "cf8a324b54ad8ab1b6adeb5c54b34de59a936143", "tree": "c1cf639ddf65ea95fc438752578325950c659a5d", "parents": [ "3fdaeaca3820de37a000a4157617b8c7fca7877c" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Nov 23 02:22:57 2023 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Nov 23 21:47:02 2023 +0000" }, "message": "treewide: update node_exporter and dependencies\n\nChange-Id: I57f73c01905e77459b6c70a196c76ba331c80d8b\nReviewed-on: https://review.monogon.dev/c/monogon/+/2347\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "3fdaeaca3820de37a000a4157617b8c7fca7877c", "tree": "654df63825aa91aa8615e21954dc15e11a450eb9", "parents": [ "37dbb942110eb68df407f43ba1a40d872bb4cb67" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Nov 13 23:33:07 2023 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Nov 23 21:47:02 2023 +0000" }, "message": "treewide: update sqlc\n\nChange-Id: I72b0f33989bb0032d5a42bc888cdfac666db2a54\nReviewed-on: https://review.monogon.dev/c/monogon/+/2309\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "37dbb942110eb68df407f43ba1a40d872bb4cb67", "tree": "8d2972e43004d6bff4061c2894febca3edf273e5", "parents": [ "a56cc4b99f6274fc2f70916b035e4d1da3205d45" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Nov 13 16:06:18 2023 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Nov 23 21:47:02 2023 +0000" }, "message": "treewide: update gazelle,rules_go\n\nnogo does fail with errors because of file in bazel-out/. To fix this we\njust disable the import sort check there.\n\nChange-Id: I241c354f0b23451b4afc989deceb4b38c4e20ee0\nReviewed-on: https://review.monogon.dev/c/monogon/+/2307\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "321cd715b52fb5c252cc2f99030883001748a63f", "tree": "cf4e308ed0cff46be32b58a0b4f4745434dea82d", "parents": [ "3aa00d46256216c799b0a8c4bcaeddcdfada483a" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Nov 22 21:22:16 2023 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Nov 23 04:31:42 2023 +0000" }, "message": "gomod: use our ethtool fork with privflags support\n\nThis change is going upstream, but until it is, pull it in via replace.\n\nThe privflags support will be used in a subsequent CL to set better\ndefaults for certain NIC parameters.\n\nChange-Id: Ied85619ea3fce097722be5c244dcfcb019db7c6e\nReviewed-on: https://review.monogon.dev/c/monogon/+/2343\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "3aa00d46256216c799b0a8c4bcaeddcdfada483a", "tree": "8fed2cccd0de0b0693af6bc27bf9612de2e373d3", "parents": [ "600e2eb39a6581b5c48deac66c4c29015e48b877" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Nov 20 23:08:41 2023 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Nov 22 20:54:23 2023 +0000" }, "message": "third_party/nix: make run launch-multi2 work\n\nThis makes commands like `bazel run //:launch-multi2` work in the\nnix-shell which is nicer than running it inside a Bazel test.\n\nLong-term we should work on reducing these ambient deps, but\nconsidering all the other deps in that list I think this makes sense for\nthe time being.\n\nChange-Id: Iaef701f19bf363536e415b9a0c51a220b8785ca6\nReviewed-on: https://review.monogon.dev/c/monogon/+/2337\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "62f1d3680947e1d78bacf2a7277fb4b2007ebacb", "tree": "38c2fe1d57b68788f79ae018075b246f228310cc", "parents": [ "60461b2b23eb57319525a3e00d7ae57e51598ebc" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Nov 14 16:18:24 2023 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Nov 14 16:44:03 2023 +0000" }, "message": "treewide: stop using LZ4 for initrd compression\n\nThere are two issues at play here: One is a bug in pierrec/lz4 when\nusing the legacy framing format [1]. This bit us when we hit a broken\nsize region with CL:2130, taking hours to debug.\n\nThe other is the fact that the Linux LZ4 frame format has significant\ndesign issues [2], especially with concatenanted initrds.\n\nThe first issue could be fixed by switching to a different LZ4\nimplementation (we do even have the reference impl in the monorepo) but\nthere is no API to generate the legacy frame format and things like [3],\na patch carried by Ubuntu to fix more edge cases just do not inspire\nconfidence in such a solution.\n\nThus, this CL switches over to using zstd for compressing initrds.\n\nZstd is slower than LZ4 for decompressing, but it still decompresses at\nmultiple GB/s per core while having a much better compression ratio.\nIt also doesn\u0027t have any Linux-specific bits and Linux uses the\nreference implementation for decoding, which should make it much more\nrobust. So overall I think this is a good tradeoff.\n\n[1] https://github.com/pierrec/lz4/issues/156\n[2] https://github.com/lz4/lz4/issues/956#issuecomment-736705712\n[3] https://launchpadlibrarian.net/507407918/0001-unlz4-Handle-0-size-chunks-discard-trailing-padding-.patch\n\nChange-Id: I69cf69f2f361de325f4b39f2d3644ee729643716\nReviewed-on: https://review.monogon.dev/c/monogon/+/2313\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "c0f72dc5bd129a27d9a141a84f3602480a28400a", "tree": "edc135243ce1caf6b11a448339b738629dd91bdb", "parents": [ "f64f197c8039a72d82efaae6a21f725d3cd3ac7a" ], "author": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Thu Oct 19 16:54:38 2023 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Mon Oct 23 21:07:09 2023 +0000" }, "message": "third_party/sandboxroot: bump\n\nMirror is up to date now.\n\nChange-Id: Idfbedccac30000a54ebc8fc0a95f4ff008f7a640\nReviewed-on: https://review.monogon.dev/c/monogon/+/2227\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "4811e70b3cd8f237c1b57ac85cc4c02b57c82535", "tree": "aefc6d2f568c61ab5afcb2a7cb4f2c46b479deaf", "parents": [ "0f43359cd444ab84167c9f5305ad5bfb9ffd3a3c" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Oct 09 22:13:34 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Oct 09 20:27:06 2023 +0000" }, "message": "linux: bump to 6.1.56\n\nThis gets us to the latest LTS kernel, 5.15 is nearly two years old.\n\nChange-Id: I2f386c334b5067b9ced1b5286253d439884182bf\nReviewed-on: https://review.monogon.dev/c/monogon/+/2210\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "0f43359cd444ab84167c9f5305ad5bfb9ffd3a3c", "tree": "cea0e3688f15af00f6f2fa28f1119593389835c1", "parents": [ "5a90d306602a5ccb7022fa8c80b7b1e4fb6c85d4" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Oct 09 22:11:58 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Oct 09 20:27:06 2023 +0000" }, "message": "linux-firmware: bump to 20230919\n\nBump linux-firmware to a tagged version again.\n\nChange-Id: I65fcce7ed3ce0323e1504d339b349fc3a901bff7\nReviewed-on: https://review.monogon.dev/c/monogon/+/2209\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "d141d182614f915ae44250b84c6be10276ca4840", "tree": "8d590cd643144299ccb28960ea7af55b79d8e304", "parents": [ "1dc60af36a57d434689032234fdc9e9d00ed957e" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Oct 02 15:07:01 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Oct 05 13:46:24 2023 +0000" }, "message": "workspace: add Rust EFI infrastructure\n\nThis bumps rules_rust, cleans up the toolchains with the new version.\nIt also adds the Prost codegen to \"normal\" crate set as well as a new\ncrate set specific to EFI. This is separate because of Rust no-std\u0027s\ndependence on create feature tags.\n\nChange-Id: Ie76e66ee83696948391420ca3b011a3a71258690\nReviewed-on: https://review.monogon.dev/c/monogon/+/2202\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "48f22ce3a1558ad9994de3bde93f38e1aa997812", "tree": "509c22d629aabf45b1c65e57598dd92eded4a455", "parents": [ "a5588e1c1d15edf055e615be1269aa54eb4955fe" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Sep 20 22:48:26 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Sep 25 14:32:49 2023 +0000" }, "message": "third_party/nix: make nix-env reusable\n\nChange-Id: I19ffb94d0822044ad19b8454f91d2186209d3510\nReviewed-on: https://review.monogon.dev/c/monogon/+/2184\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "a5588e1c1d15edf055e615be1269aa54eb4955fe", "tree": "ed9770046b0f60948f09799a9f5519df6262abac", "parents": [ "1feb0fef61999a073e238cca783ce8011f353add" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Sep 20 19:43:15 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Sep 21 13:01:44 2023 +0000" }, "message": "third_party/sandboxroot: use macros for bazeldnf\n\nChange-Id: I055b377dc3b5580d442abcba939d8b720cb42ad9\nReviewed-on: https://review.monogon.dev/c/monogon/+/2183\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "1feb0fef61999a073e238cca783ce8011f353add", "tree": "26fd32cfef4601aafd41956b8a7cda1d231aedc2", "parents": [ "3c6306ba6b146171f122bdf50f7a8daf63816b5b" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Sep 20 19:42:46 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Sep 21 13:01:44 2023 +0000" }, "message": "third_party/sandboxroot: bump\n\nChange-Id: Ib0870708f53ea5320dcf9240ad9354872880fd93\nReviewed-on: https://review.monogon.dev/c/monogon/+/2182\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "65702194ea264a0fd01fb470bacaf39264b4f637", "tree": "3469201097b30e638f1e446655e1d23b33d90f8d", "parents": [ "f551a7696824a9ddbac63191c489db8280aee0a4" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Aug 31 16:27:38 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Sep 14 13:43:45 2023 +0000" }, "message": "workspace: rules_go, gazelle, go, gVisor update\n\nThis commit not only updates rules_go and friends, but also updates\ngVisor, removes legacy protobuf usage and switches from using\nbuild_configuration to a config flag for bazel\n\nChange-Id: Idb383f35ca0fec4cb7329e9d991f08f28cf9b1fb\nReviewed-on: https://review.monogon.dev/c/monogon/+/2129\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "f551a7696824a9ddbac63191c489db8280aee0a4", "tree": "b73af6eab62e92c6ceb2db6c8f1006682e1d2ec9", "parents": [ "5acd380930cf22284b22d8c2f45bd73465e64628" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Aug 29 23:21:25 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 30 11:58:42 2023 +0000" }, "message": "workspace: update rules_rust and add UEFI platform\n\nThis updates rules_rust from 0.16 to 0.26 and adds a patch sent upstream\nfor UEFI support.\n\nExplicit toolchain definitions are needed for UEFI, so three toolchains\nfor all currently-supported host OSs (Linux and macOS) are added.\n\nRust UEFI support libraries will be added in a followup CL.\n\nChange-Id: I52175f69f6a5c424f1f232748ff96dd6fcbbe92a\nReviewed-on: https://review.monogon.dev/c/monogon/+/2104\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "5acd380930cf22284b22d8c2f45bd73465e64628", "tree": "ef1a63c5039fbf735aa0978bc748e04e502a19bb", "parents": [ "9ee160e87a38b185af57de2b9188cc19d53cd1d1" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Aug 29 23:15:06 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 30 11:58:42 2023 +0000" }, "message": "build: upstream UEFI to platforms\n\nThis removes our local UEFI constraint_value for a patch sent upstream\nto @platforms. This will be used by rules_rust in a follow-up.\n\nChange-Id: I16e3bf8a60923a2f77ef036babdda45205d8a078\nReviewed-on: https://review.monogon.dev/c/monogon/+/2103\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "6888873fad889bfb7cd594b4208798f80eb60f43", "tree": "860ca3a83e6a6667888ec8595cc332f44e1cb6aa", "parents": [ "29ac140c4cbdb8dd8d71863de8c9b4473a1c0215" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Aug 03 14:25:28 2023 +0000" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Aug 29 10:08:29 2023 +0000" }, "message": "metropolis/node: dont allocate node ports in constructor\n\nAll good things are three, and this should be the final installment in\nthe saga of getting ports reserved. The Kubernetes codebase always\nstarts a recovery after initialization of a new port allocator, which\ncurrently makes it very unhappy as we already allocated the system\nports, but we are trying to do the same in the recovery by pretending to\nbe a service. Anyway, this removes the initial part of the patch and\nonly uses the recovery way of reserving the ports. This still creates an\nannoying message sometimes, but I can\u0027t find the code path which creates\nthem.\n\nChange-Id: Ib7d9ec5d00cbde7371d876c31c63b5312024a187\nReviewed-on: https://review.monogon.dev/c/monogon/+/2027\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "eb79bfa9bae59540920d1a990a61b204bd9977d8", "tree": "7c49253bb6108b72be0fe4fbebe9cf32d85c6313", "parents": [ "1e963fe8bdf4eb368b66717bafd640c7f17528d6" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 09 21:09:08 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 09 21:01:36 2023 +0000" }, "message": "t/linux-firmware: update to master\n\nContains new AMD microcode with mitigations for\nInception (CVE-2023-20569) and Phantom (CVE-2022-23825).\n\nChange-Id: If6e26b9f1a96bf6e50c3c9f74bb60ad41c4d441f\nReviewed-on: https://review.monogon.dev/c/monogon/+/2049\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "1e963fe8bdf4eb368b66717bafd640c7f17528d6", "tree": "e6f40f9ee469f824bd3f9bfceae3c6074f95990b", "parents": [ "6eb3fb31f0d1385e96652b6bee043bd9c5f6a577" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 09 18:24:02 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 09 21:01:36 2023 +0000" }, "message": "t/linux: update to 5.15.125\n\nThis kernel contains additional handling and workarounds for Gather Data\nSampling aka Downfall (CVE-2022-40982) on Intel CPUs,\nInception (CVE-2023-20569) and Phantom (CVE-2022-23825) on AMD CPUs.\n\nPerformant workarounds for these issues also requires updated microcode\nfor both CPU vendors. Microcode for Intel has already been updated,\nAMD\u0027s is not merged in linux-firmware yet.\n\nChange-Id: I441c8c7b39a8eec0c42d1aac0375d0d15ec1703d\nReviewed-on: https://review.monogon.dev/c/monogon/+/2048\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "009b12662712fd70670c0dc6015e1a135d4a3cd0", "tree": "d3e164ef5b094489c04939cd4bab8dbf907cb3b1", "parents": [ "8055d23f3116a9695367ee09155ef9e0a4059f90" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 09 13:40:11 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 09 13:43:55 2023 +0000" }, "message": "third_party/intel_ucode: update to 20230808\n\nThis fixes the Intel Gather Data Sampling aka Downfall (CVE-2022-40982)\nmicroarchitectural data disclosure vulnerability.\n\nChange-Id: Ib185e8763f15e2af9fca2b89671825e5e87480fa\nReviewed-on: https://review.monogon.dev/c/monogon/+/2042\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "8055d23f3116a9695367ee09155ef9e0a4059f90", "tree": "17a093240dca129cec9aba29edcf777ff56c9f23", "parents": [ "0e74961fc03de5a439484ea5ec33e0fc52a22edd" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Aug 08 23:56:07 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Aug 08 22:07:41 2023 +0000" }, "message": "third_party/linux: enable VLAN interface support\n\nThis is configurable through the Metropolis static network\nconfiguration and thus needs to be enabled.\n\nChange-Id: Id479e0d26a93819de0e315c8c470e94386f0351f\nReviewed-on: https://review.monogon.dev/c/monogon/+/2041\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "35fcf0397be02883ace364e650b3e8d9a2281e24", "tree": "cb1297a2e4a34eeebb9faf09b44c3b95cf603f7f", "parents": [ "ad131883747f73e51526dd6f163df23b913f69ed" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jun 29 04:15:58 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jul 27 13:58:35 2023 +0000" }, "message": "metropolis: implement A/B updates\n\nThis implements an A/B update mechanism using two slots, A and B.\nThis is realized with two system partitions as well as two EFI\nloaders/kernels.\n\nThe A/B system relies on two EFI loader entries. This has the advantage\nthat there is no preloader required, which makes the system more\nreliable as well as avoiding the complexity of having an un-updatable\npreloader (CoreOS has this issue where their GRUB2 crashed booting newer\nkernels, sadly the issue seems lost with the migration to Fedora\nCoreOS). It also means that the operator can easily override the slot\nbeing booted via the boot loader entries. Primary disadvantage is that\nit relies on EFI working somewhat to spec.\n\nNew versions are booted into only once by setting NextBoot, if the\nbootup doesn\u0027t succeed, i.e. if the boot doesn\u0027t get to a cluster rejoin\nthe next boot will be the old slot. Once it gets to this stage the\npermanent BootOrder is changed.\n\nThe EFI loaders don\u0027t know if they are slot A or B because they are\nidentical and relying on OptionalData in the boot entry to indicate the\nslot means that if the EFI boot entries go away, recovering is very hard.\nThus the loaders look at their own file name to determine what slot they\nare in. If no slot could be determined, they default to booting slot A.\nIt is planned to eventually use Authenticode Stamping (passing data in\nfake certificates) to stamp the slot into the loader without affecting\nthe TPM hash logged.\n\nChange-Id: I40de2df8ff7ff660c17d2c97f3d9eb1bd4ddf5bc\nReviewed-on: https://review.monogon.dev/c/monogon/+/1874\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "1e0e3a47f72a8fb251bec9a98cb3d6acffe79989", "tree": "64f18c66ac03870d1cbbae02b91e6f14a4ebc090", "parents": [ "fd49f22e3a98d42ffe4d508a1e49ef2549fa8ecf" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jun 28 16:40:18 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jul 27 13:58:35 2023 +0000" }, "message": "m/p/blockdev: init\n\nAdds blockdev, a package providing a Go interface for generic block\ndevices as well as an implementation of it for Linux and auxiliary\ntypes.\n\nThis will replace most ad-hoc block device handling in the monorepo.\n\nChange-Id: I3a4e3b7c31a8344f7859210bbb4942977d1ad1d2\nReviewed-on: https://review.monogon.dev/c/monogon/+/1871\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "78a538df4c1112bad6bee08509385af8d0ecc77a", "tree": "7c0c3d44f2334a2305242f768322f36a175434a9", "parents": [ "90613afdf11f7831fc0a673f2fe502c28ab93729" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jul 25 21:39:04 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jul 26 12:39:17 2023 +0000" }, "message": "t/{linux,-firmware}: fix Zenbleed (CVE-2023-20593)\n\nThis fixes the Zenbleed vulnerability by including the latest fixed\nmicrocode from linux-firmware. They don\u0027t do proper release management\nbut just tag a date approximately every month to keep distros happy.\nThus we need to use a master commit to get the fixes now.\n\nAlso update Linux to 5.15.122 to make sure that we know in case the\nmicrocode fix somehow didn\u0027t get applied.\n\nChange-Id: I5e26826e6df0f665e1a23efe8587dfb93edb2d94\nReviewed-on: https://review.monogon.dev/c/monogon/+/1974\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "e95007b7090921e2aa4fdc24fea3d23f1bda048e", "tree": "2884539aa61dcf8a8390299869fa63999382f841", "parents": [ "5c829a4aae48ab0f81f24cde89cf8a85e4adcf3e" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Jul 17 19:05:30 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jul 18 12:01:46 2023 +0000" }, "message": "metropolis/node: pretend usage of metropolis ports as node port\n\nWithout this additional change, the repair job detects that we are not\nusing the ports with a service. Since we are using them just not with a\nservice, lets just pretend to have a valid service\n\nChange-Id: Ia226415393031761bdf1d683a8389db65f76bcec\nReviewed-on: https://review.monogon.dev/c/monogon/+/1938\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "5c829a4aae48ab0f81f24cde89cf8a85e4adcf3e", "tree": "1734b3ea9565bf167405d1c4dd85a15272a76537", "parents": [ "800e7c9514c1ea5aa9267a19217086363d6d8c4d" ], "author": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Fri Jul 14 17:41:42 2023 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Mon Jul 17 10:06:40 2023 +0000" }, "message": "third_party/chrony: fix chrony source\n\nThe Git snapshot download currently returns a 500 status code.\nDownload the official release instead.\n\nChange-Id: I673584ec2ea6152ca7338bd3609d2264d31b69bd\nReviewed-on: https://review.monogon.dev/c/monogon/+/1928\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "0300077941db0edfdcac0ae42e4a5dad3e8d3fd7", "tree": "979cfc5f4269d3428b725acd79b9a216db8a6f82", "parents": [ "a2ee88d585b9b8603f47544c95f09b380b92b5e2" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Jul 03 02:19:28 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jul 04 18:58:49 2023 +0000" }, "message": "metropolis/node: allow all ports as NodePorts except special ones\n\nAs we dont have hostPort implemented we can only provide NodePorts to\napplications. To allow apps to use all ports we have to increase the range\nbut have to prevent them from using reserved metropolis ones. This is\ncurrently prevented by patching the allocator and hardcode all of them.\n\nChange-Id: I7c0e8b17643d1ec03e1a1b678bc6276881b1c5e5\nReviewed-on: https://review.monogon.dev/c/monogon/+/1884\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "7e0649b4ea4e450dde5ea309d984209226d995a3", "tree": "6491043e47a6e8288c3e0887666f21103b6e5812", "parents": [ "0e06e57b7d9a3cc6050bfacfeead3eb54ec8fd29" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jul 04 18:07:34 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jul 04 18:58:09 2023 +0000" }, "message": "third_party/go: remove etcd-fix-stub.patch\n\nThis doesn\u0027t seem to be necessary anymore, tests pass without this.\n\nChange-Id: Ia56b49f7b1c96978af45b42bb72b4618344f08d2\nReviewed-on: https://review.monogon.dev/c/monogon/+/1902\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "0e06e57b7d9a3cc6050bfacfeead3eb54ec8fd29", "tree": "e3e6e2b894c55d84295fb949902fb5c9f7297115", "parents": [ "5308730b6181304ae1d34acf0f2bea6c4cb65339" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jul 04 17:41:22 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jul 04 18:58:06 2023 +0000" }, "message": "third_party/go: remove unreferences patches\n\nChange-Id: Idd00b552c621e3a227fc097e175f0c82fa1a7249\nReviewed-on: https://review.monogon.dev/c/monogon/+/1901\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "2876efab007ae58856891dbe5cb3e985d948c6d9", "tree": "25d2194ef0afd0337d12725dc5848ad870923a22", "parents": [ "83b2a3612d375d60f97500352c1f8a2197c99645" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 20 14:30:40 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jun 21 15:01:51 2023 +0000" }, "message": "third_party/go: disable btrfs in containerd\n\nThis makes sure that if we build with cgo enabled (for race testing) we\nstill don\u0027t attempt to build btrfs.\n\nChange-Id: Ic608188ad1dc0b21c9f1822afa2b455bfd56959f\nReviewed-on: https://review.monogon.dev/c/monogon/+/1830\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "5b13d8112a63282d12690ce05dbfa245f910d5a9", "tree": "f69de58cf76b274e4c83f2472d08b578afb64fdc", "parents": [ "d20af4f15347651efa7b90490f8e657d35281883" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 20 13:22:23 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Jun 20 14:18:03 2023 +0000" }, "message": "third_party/linux: ignore more configuration settings\n\nChange-Id: Id1117d86d742a94f762f186e6c1f9193dc4e0597\nReviewed-on: https://review.monogon.dev/c/monogon/+/1829\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "6d563cac226b327d41d95bf0219b3ff972ab6952", "tree": "02c80c9ad94b0302ffed71fb3b4763104574c394", "parents": [ "634a3cf16ecf4cd551847185e7b539d16ad52d2d" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Jun 14 13:44:20 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Jun 15 09:31:47 2023 +0000" }, "message": "third_party/go: pull in node_exporter, add to metropolis rootfs\n\nChange-Id: I5efe5257e7740bf1721f3dd6f130a3c618e33381\nReviewed-on: https://review.monogon.dev/c/monogon/+/1806\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "6c45434189e387b234109b68b1ed5a8f2cd5b439", "tree": "4cff8bb2fac00df28699559256ce7649b38877e1", "parents": [ "46bf7d6c6437dfbf9dcc1e1d7d80fcc1c601f9b5" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jun 01 12:23:38 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jun 13 13:44:46 2023 +0000" }, "message": "m/node: build Linux with modules\n\nThis introduces modules into our Linux build. I originally didn\u0027t want\nto do this, this is why this wasn\u0027t done until now. But various things\nin the kernel weren\u0027t set up for this, for example the AMD and Intel KVM\nmodules cannot both be loaded, only the first one loaded works. Also,\nthe Linux kernel cannot load firmware for built-in modules reliably as\nthe filesystem it tries to load it from is not always mounted first,\neven if the kernel itself mounts it.\n\nThe firmware issue was brought up multiple times on LKML, but Linus is\nof the opinion that the firmware should be next to the kernel module,\nthus either built-in (not viable for licensing and size reasons) or the\nmodules need to be loadable and on the same filesystem as the firmware.\n\nThus unless we want to carry signifcant patches against the Kernel in a\ndeadlock-prone area, we are forced to adopt a design with loadable\nmodules (or ship everything twice in an initramfs which is also not\ndesirable).\n\nThe kernel config currently only has the modules as non-builtin which\nrequire firmware, everything else has been left as-is. For boot-time\nperformance it would eventually be a good idea to move to a setup with\nmore modules once we\u0027re confident in the implementation and everything\ncan deal with late-loaded modules/devices.\n\nAs a drive-by fix this also moves the kernel builds to out-of-tree so\nthat we no longer pollute the source folder. Bazel protected us from\nserious issues due to this, but it\u0027s still bad practice.\n\nChange-Id: Iced8e12234565e5b7447e732716651e05e67d55b\nReviewed-on: https://review.monogon.dev/c/monogon/+/1791\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "46bf7d6c6437dfbf9dcc1e1d7d80fcc1c601f9b5", "tree": "19b26feaf61870790ce3b27dac3623cba40e6119", "parents": [ "c7b036bca213962a7e60f3edb47624606799d074" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jun 01 12:24:19 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jun 13 13:44:46 2023 +0000" }, "message": "m/n/c/devmgr: init\n\nAdd a minimal device manager based on kobject/uevents. Currently this\nonly loads kernel modules. Further functionality will be added in\nsubsequent CLs.\n\nChange-Id: I444ecdaff3f8ddb9ec169b094ba03e169dd70c4e\nReviewed-on: https://review.monogon.dev/c/monogon/+/1790\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "7c38eef75b395b0515e34e2059091f8b0f8d3daf", "tree": "636f2fa665d79f14109e10a3abc7d277b1ab73a3", "parents": [ "f2af76024340e782002f5d07333e2f3d09031554" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed May 24 14:48:14 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue May 30 16:29:11 2023 +0000" }, "message": "third_party/linux: refresh config\n\nRan oldconfig from 5.15.104, no functional changes intended.\n\nThis is to make subsequent changes easier to review.\n\nChange-Id: I420073d3c8fdc8ce96a4ec22061c4158d9f99a9e\nReviewed-on: https://review.monogon.dev/c/monogon/+/1709\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "a3904fc44595376bc725fed7ac74dfa80d1ada94", "tree": "47d1177071dd190b6409731959d7bc471aaa7229", "parents": [ "ca9cfcf9cfbb0ae46ee4f6f0d207cdbd7085e460" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue May 02 19:33:52 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed May 03 09:47:02 2023 +0000" }, "message": "m/n/c/l/crypt: select partitions more specifically\n\nThis changes partition selection to only consider block devices which\ncontain the ESP we booted from if known.\n\nThis prevents us from mounting spurious partitions sharing the same\ntype identifiers.\n\nWhile at it, convert to our GPT library.\n\nChange-Id: Ie9f5bd596f793439a467759d5066529f3912028b\nReviewed-on: https://review.monogon.dev/c/monogon/+/1641\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "333cb8bd69852ebb2010fc821e525345f0e6a8a9", "tree": "e558dea1d60afb41a0694ffd0bcd5db5134e4c6c", "parents": [ "76e39d81415a51926e784d441760773574ecbdb9" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Apr 20 23:10:39 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Fri Apr 21 10:21:02 2023 +0000" }, "message": "t/linux: patch out static virtual interfaces\n\nA few virtual drivers (bonding, dummy) predate netlink (~2003), which\nmeans that the kernel had no way to dynamically create network\ninterfaces.\nThe solution was kernel module paramter which statically precreated a\nlist of these virtual interfaces. The number was generally set to 1 by\ndefault, meaning that loading the module creates one of its interface.\n\nFor compatibility with legacy userspaces this is still kept around. We\ncould set the parameters to zero, but doing that everywhere is a pain.\nThis just patches the default values to zero.\n\nChange-Id: I605781b80fb8b20a7724e7fdfa5a4f75ca25eea1\nReviewed-on: https://review.monogon.dev/c/monogon/+/1589\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "213d90c4f27478bcdac4a9429422cf496f989431", "tree": "dc98a19b90b1dbe36c6fd09aa241ccbb8c407f3f", "parents": [ "4969fd72246bf4d50436a22acbb1bdcdaa72a0e9" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Apr 19 17:42:06 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Apr 20 08:47:22 2023 +0000" }, "message": "third_party: update sqlc and pganalyze\n\nChange-Id: I82e0d2dfe507c834f64b5cd9a64c5e0071c07620\nReviewed-on: https://review.monogon.dev/c/monogon/+/1575\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "4c825320dc1e02f98c40065494bb6ae11bf81835", "tree": "95ee82c569b0a6a61795bbe0429072241df3ef49", "parents": [ "b902dfc271e2375d8928ad4faef0da7b1b75ec57" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Apr 11 13:25:14 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Apr 18 11:48:46 2023 +0000" }, "message": "m/n/c/network: static networking fixes\n\nThis fixes three issues with static networking:\n\nIt joins interfaces to a master in down state as otherwise Linux\ncan return an error.\n\nIt takes up the automatically-created loopback interface as otherwise we\nhave no working loopback interface which causes some weird breakage.\n\nIt also patches netlink to use RTM_SETLINK instead of RTM_NEWLINK for\nreconfiguring interfaces as otherwise Linux sometimes returns an error.\n\nChange-Id: I512e38c6edc1a6d964feb552b1a3995165d74730\nReviewed-on: https://review.monogon.dev/c/monogon/+/1523\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "98e05e1e5fd348ac07e221732251734256777ecd", "tree": "d202ec3537c7f6faa903910bc5eb0258a8eb6f72", "parents": [ "6c8ee0b3224934cf10b576e8caea15e4ad18a759" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Apr 05 12:44:14 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Apr 06 10:13:54 2023 +0000" }, "message": "metropolis/*: confine etcd output in tests\n\nThe etcd test cluster logic produces some very chatty logs that end up\nin stdout.\n\nThis confines the etcd logs themselves, as well as gRPC logs that the\ntest logic also always enables by default.\n\nChange-Id: I1070f14b20e870865b510ae24015402c0469ceff\nReviewed-on: https://review.monogon.dev/c/monogon/+/1487\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "77b87a6eb9bdc659757ad8edae43ac1fd4b74821", "tree": "5588a6c09cf9d40b9faef9cf917d0aba2a30043c", "parents": [ "a6d8b39959427e4f7e922f7dc095687e07a0caaa" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Apr 03 15:24:27 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Apr 03 15:09:45 2023 +0000" }, "message": "third_party/sandboxroot: add mirror tool\n\nThis mirrors the sandbox RPMs into a GCS bucket any time we regenerate\nit. Hopefully this stops the constant barrage of random 404s when Fedora\njust happened to bump a library and all the mirrors lost its previous\nversion.\n\nThis tool is currently specific to our bazeldnf-based sandboxroot setup,\nbut could be extended to mirror all of our dependencies at some point.\n\nAs our mirror is the last in the list, it should only be used when a\nfile is missing from other mirrors. In the future, we should have some\njob that alerts us when too many of our deps are missing from upstream\nmirrors.\n\nChange-Id: I08ccbdf99ec868363918e30f3d2ae94f463e045f\nReviewed-on: https://review.monogon.dev/c/monogon/+/1473\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "a6d8b39959427e4f7e922f7dc095687e07a0caaa", "tree": "820548670c0e392197a2d7603bb7659ccd9cd9ea", "parents": [ "3fe6615bd837038023b9839fb7300030999c60ff" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Apr 03 15:23:57 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Apr 03 15:09:45 2023 +0000" }, "message": "third_party/go: bump grpc-go\n\nWe\u0027re about to include some new-ish cloud.google.com/go packages, and\nthese want a fairly new grpc-go.\n\nThis version of grpc-go finally deprecates some resolver struct fields,\nwhich means we need to migrate away from them.\n\nThe changes also pull in a bunch of golang.org/x/ updates, including one\nthat breaks our importsort patch in goimports.\n\nChange-Id: I2570af45694a5bf18eb7fabb44120d19c5e487da\nReviewed-on: https://review.monogon.dev/c/monogon/+/1472\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "3fe6615bd837038023b9839fb7300030999c60ff", "tree": "e4b2764ab38362ca95b604f3d906a9c23383164b", "parents": [ "6d6ed31da287a055b18dedaa1fd70420994c66ae" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Apr 03 15:14:07 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Apr 03 14:40:12 2023 +0000" }, "message": "third_party/sandboxroot: bump, use our mirror\n\nThe tooling that was used to generate this mirror will come in another\nchange.\n\nChange-Id: Ib08e6908dc71201680a13ebb04136154ac5463a8\nReviewed-on: https://review.monogon.dev/c/monogon/+/1471\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "8e7df7b33ac88f5b20e28fdce6f6a43e6ca03a48", "tree": "d0d48fd1f2ebd6690e320491bf03606152e8a955", "parents": [ "b58102ce51699183af43248c88aa22b8407baa7c" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Mar 30 15:02:35 2023 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Mar 30 14:42:55 2023 +0000" }, "message": "third_party/sandboxroot: add libstdc++-static\n\nChange-Id: I5528cfe7a218be10448d7b000756ddcd196cdd4d\nReviewed-on: https://review.monogon.dev/c/monogon/+/1441\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "a58047b542002a3045dc18c72ca8889f06b54329", "tree": "b43a79d58d50887b47473612a00880aec955ce2c", "parents": [ "b91938fe16d74272c14e13cad5c6bd8f82391bc4" ], "author": { "name": "Leopold", "email": "leo@monogon.tech", "time": "Thu Mar 30 14:55:37 2023 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Thu Mar 30 13:15:50 2023 +0000" }, "message": "third_party/sandboxroot: bump\n\nChange-Id: I9cca3fe15d8252fc2926968ef098a1434f4243dd\nReviewed-on: https://review.monogon.dev/c/monogon/+/1440\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "4e6fe4aefa98b1c027c4e934472c94b60abe727e", "tree": "0ca77bec8f3048ea67010756b8efa87e0852122f", "parents": [ "677887828c5440ac794e2cbd892f2c3314f7b63e" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Mar 23 17:35:22 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 29 12:44:42 2023 +0000" }, "message": "third_party/qemu: add qemu-img\n\nThis will be used to make our tests faster by using qcow2 images instead\nof copying the entire node disk on startup.\n\nTest with:\n\n bazel run \u0027@qemu//:qemu-img\u0027\n\nChange-Id: If696ed9d26cf5de3318cba0d4bb8c58fd1f1d686\nReviewed-on: https://review.monogon.dev/c/monogon/+/1395\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "0731937d1f66230495e770fcdeaac16aaed8a0cb", "tree": "7e8bd6290ca88cd5630eacf9e87b1ef3a86f984a", "parents": [ "50d39370424b5c8e28b72f976d3b57b7d23a6f8b" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Mar 27 17:56:41 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Mar 28 10:08:04 2023 +0000" }, "message": "WORKSPACE: bump intel_ucode\n\nUpdate intel_ucode to get the latest microcode for newer Intel CPUs.\n\nChange-Id: I5035de1b84a6d190904c1d89258162a26f98774c\nReviewed-on: https://review.monogon.dev/c/monogon/+/1411\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "50d39370424b5c8e28b72f976d3b57b7d23a6f8b", "tree": "d645666a19b861e7f199bdf6fce3f19bcefc8a3f", "parents": [ "48f92e19a60062b696660213d579795866e6e718" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Mar 27 22:20:15 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Mar 28 10:08:04 2023 +0000" }, "message": "WORKSPACE: bump kernel to 5.15.104\n\nBumps the kernel to the latest patch release.\n\nHash verified against GPG signature from\n647F28654894E3BD457199BE38DBBDC86092693E alias Greg KH.\n\nChange-Id: I20d78d0492d1e869d684a1c045341f142f2039c8\nReviewed-on: https://review.monogon.dev/c/monogon/+/1410\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "48f92e19a60062b696660213d579795866e6e718", "tree": "9e36ffdf2899ff9c75e1ef156e265e43c6e09e1e", "parents": [ "c271d6ee5ada79fdec874f5c82315ef7689f84f5" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Mar 27 17:50:26 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Mar 28 10:08:04 2023 +0000" }, "message": "WORKSPACE: bump linux-firmware to 20230310\n\nUpdates our old linux-firmware to include newer firmware, especially\nnewer microcode which is relevant for us.\n\nVerified GPG signature for SHA256 hash against key\n4CDE8575E547BF835FE15807A31B6BD72486CFD6\n\nChange-Id: I73a63ba7f586e686f5c16960a4f3eb2b514022a5\nReviewed-on: https://review.monogon.dev/c/monogon/+/1409\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "439c1b0485e58600b3fce4e97da9fa362b1de099", "tree": "8a6b59105dbdd2794cb79e31505c654f182ca1bb", "parents": [ "5d6cdf4891f5a0662e5485b5fd34039d7bb1f664" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 22 18:43:36 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Mar 23 08:32:15 2023 +0000" }, "message": "third_party/go/gvisor: fix syslog integration\n\nChange-Id: I985517e5b2585a2f29ffd352f38b26c0ab5c8f4a\nReviewed-on: https://review.monogon.dev/c/monogon/+/1385\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "53a85f7e9f68cfc50721e94de717b1973be2b858", "tree": "2e5aca3dfa152cd9860fc199527fce5c8176af7a", "parents": [ "b76b8d19c05e5df546e2b2dc08f6cdbec2a9ead0" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Mar 16 17:53:32 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Mar 16 21:04:59 2023 +0000" }, "message": "third_party/go: patch embedded etcd to prevent spurious panics\n\nThis channel double-close tends to panic etcd if we end up calling\nserver.Close more than once. It seems like a programming bug in etcd\nupstream, this function should be otherwise safe to call more than once.\n\nChange-Id: Iba93dc58202f22f966af251b7424d5d4c4e10612\nReviewed-on: https://review.monogon.dev/c/monogon/+/1353\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "e00a89da1c62e20c2528dadb0543a4578680b073", "tree": "61d9fb147393d3324e66318eaf79e136da9075bc", "parents": [ "60ded32ef9a324e540237a2ca29bd6342ed482a6" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Mar 14 13:24:11 2023 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Mar 14 17:32:12 2023 +0000" }, "message": "third_party/sandboxroot: bump\n\nIt also includes a third_party/go change because gazelle is unhappy\n\nChange-Id: I45178b4827f012d23be9618cbcbd21565555adce\nReviewed-on: https://review.monogon.dev/c/monogon/+/1299\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "60ded32ef9a324e540237a2ca29bd6342ed482a6", "tree": "5e45b35c802782936bec85e6168aea12cd26b5f0", "parents": [ "5b8b86069584664f8be69467290d7cae7d000b8d" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Mar 09 18:07:45 2023 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Mar 09 20:09:06 2023 +0000" }, "message": "third_party/sandboxroot: bump\n\nChange-Id: I59c3a9baeeb2eddf79ada52539869612bdb1eacd\nReviewed-on: https://review.monogon.dev/c/monogon/+/1264\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "b033b380387a999b7ad19f9d001c42ec570c8945", "tree": "6093a955f5c08f29e6590fb71781849d100a3e0e", "parents": [ "d8290c8082f752f52d0ba1c765f668e2992bc5d4" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Mar 07 20:06:36 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Mar 07 22:29:46 2023 +0000" }, "message": "*: fix gomodproxy compatibility\n\nThis is necessary for the source to be fetchable from third-party Go\nprojects (currently via a replace directive, as source.monogon.dev isn\u0027t\ngo-getable). Otherwise, `go mod tidy` complains:\n\nreading https://sum.golang.org/lookup/github.com/monogon-dev/monogon@v0.0.0-20230223122556-665b10937eb8: 404 Not Found\n\tserver response:\n\tnot found: create zip: build/analysis/BUILD.bazel: case-insensitive file name collision: \"BUILD\" and \"build\"\n\tbuild/analysis/importsort/BUILD.bazel: case-insensitive file name collision: \"BUILD\" and \"build\"\n\tbuild/analysis/importsort/classify.go: case-insensitive file name collision: \"BUILD\" and \"build\"\n\tbuild/analysis/importsort/importsort.go: case-insensitive file name collision: \"BUILD\" and \"build\"\n\tbuild/analysis/importsort/importsort_test.go: case-insensitive file name collision: \"BUILD\" and \"build\"\n\tbuild/analysis/importsort/testdata/README.md: case-insensitive file name collision: \"BUILD\" and \"build\"\n\t[Truncated: too long.]\n\nChange-Id: If5947be74f7dfcf4ba4bd79c4dc37589f324b891\nReviewed-on: https://review.monogon.dev/c/monogon/+/1223\nTested-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "d8290c8082f752f52d0ba1c765f668e2992bc5d4", "tree": "98c8dc9875488ba03314ef660406ae70909501c8", "parents": [ "6af91052f33c881c402012038c2f3fd8ee254cdd" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Mar 06 18:31:49 2023 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Mar 07 11:02:15 2023 +0000" }, "message": "t/go: add netlink patch for permanent HW address\n\nThis adds a patch to the netlink dependency which adds a field\ncontaining the permanent hardware address to the Link struct which\ncan be used to reliably identify interface hardware addresses even\nif they have been changed for operational reasons.\n\nThe patch has already been sent upstream at\nhttps://github.com/vishvananda/netlink/pull/850 but has not been\nreviewed or accepted.\n\nChange-Id: I9562d32643f5b3a5dcf9f1930b951b75ccc30da1\nReviewed-on: https://review.monogon.dev/c/monogon/+/1228\nTested-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "0f1939a2f68eb848cca7971808dc451528b47b4f", "tree": "390d92222a1ce1ebefce752329c6f24ff36aae2e", "parents": [ "665b10937eb85c5602f34b3195dbeece066b4247" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Feb 23 09:36:10 2023 +0000" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Mar 02 12:05:24 2023 +0000" }, "message": "third_party/sandboxroot: regenerate, add patch tool\n\nChange-Id: Idf6ef8c38f9cd2afea67230a6d60fe37258eaf13\nReviewed-on: https://review.monogon.dev/c/monogon/+/1144\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "665b10937eb85c5602f34b3195dbeece066b4247", "tree": "195975f290b949200abc69796ae40e7563a03bee", "parents": [ "7448f28cad048a5a7c2fad432dbe31ef91a73867" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Feb 23 09:36:17 2023 +0000" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Feb 23 12:25:56 2023 +0000" }, "message": "third_party/qemu: fix tracetool-cli invocation\n\nThis makes the call actually go through the py_binary wrapper instead of\nthe source, making sure we execute with whatever shebang line is\nappropriate per rules_python and not whatever happens to be in the\nscript already.\n\nChange-Id: I1c12faef897ecae8c5f7621f34e113eea5db0a69\nReviewed-on: https://review.monogon.dev/c/monogon/+/1145\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "6a058e7e0c84306cb0470f2641102a284f98fc0b", "tree": "13b4ef9a4db8275a51bbaa5026f5d926efe67b3f", "parents": [ "424e201b27ce334714d870c0ad0c6e9046a14981" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Wed Nov 30 18:03:07 2022 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Feb 20 12:12:19 2023 +0000" }, "message": "cloud/shepherd/equinix/wrapngo: init\n\nThis adds a wrapper extending packngo for use with the upcoming\nShepherd implementation.\n\nSupersedes: https://review.monogon.dev/c/monogon/+/989\nChange-Id: I55d1a609a8b5241704c5fe4ce8c2294122cfa0c8\nReviewed-on: https://review.monogon.dev/c/monogon/+/1128\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "a01b4ee048e27dc05452912d25d6f718fb263c61", "tree": "0634e398a88a63801763554a0a55af102ea13bf1", "parents": [ "3ccf69641de62c68a5740d8194d4f0776052dd63" ], "author": { "name": "Leopold", "email": "leo@monogon.tech", "time": "Mon Feb 13 12:49:50 2023 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Mon Feb 13 12:04:07 2023 +0000" }, "message": "third_party/sandboxroot: fix base URL and bump\n\nThis only ever worked by accident.\n\nChange-Id: Ic669081b8a4ad5f378d1e199b97674db4d0ec7a0\nReviewed-on: https://review.monogon.dev/c/monogon/+/1123\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "3ccf69641de62c68a5740d8194d4f0776052dd63", "tree": "8a35f1aa01076a35890862f90c186da7fe4ebeda", "parents": [ "d266812c63eb25cf9a586297785add76f5b1f073" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Mon Jan 23 17:01:40 2023 +0000" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Thu Feb 09 12:00:00 2023 +0000" }, "message": "go/net/psample: init\n\nThis adds a minimal golang implementation facilitating network packet\nsampling based on \u0027psample\u0027 kernel module.\n\nMetropolis kernel configuration was modified both in order for this\nchange to be testable in a ktest, as well as to make sure Metropolis\nwill be able to run the included code.\n\nChange-Id: Ie6a4721455f26644b6be01aa6190cf87f21355f3\nReviewed-on: https://review.monogon.dev/c/monogon/+/1102\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "f220b2923c0d8bcf760d1c86af51041371633617", "tree": "21a7b7915b25f2ee619de0973720068da9f72072", "parents": [ "68961c3e99c5045bd50f6b91fca9469e47475f2e" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Tue Jan 31 16:52:53 2023 +0000" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Wed Feb 01 18:08:48 2023 +0000" }, "message": "*: use a vishvananda/netlink fork by Monogon\n\nThis switches Metropolis over to a Monogon-maintained fork of\nvishvananda/netlink.\n\nThe package was modified to support the \u0027sample\u0027 action in packet\nfilters. This is required for the upcoming change enabling network\nanalytics through local packet capture.\n\nMetropolis\u0027 dhcp4c had to be modified to match the vishvananda/netlink\nversion referenced by this change.\n\nChange-Id: I2dd0799a009618f8543904252b85ff63ddd560c7\nReviewed-on: https://review.monogon.dev/c/monogon/+/1109\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "68961c3e99c5045bd50f6b91fca9469e47475f2e", "tree": "9e6f72f6335dc202d34be3ff239219ab9dd5cb8b", "parents": [ "d6397766915e4427f74d59656718acffc92d872c" ], "author": { "name": "Leopold", "email": "leo@monogon.tech", "time": "Wed Feb 01 13:53:08 2023 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Wed Feb 01 14:16:16 2023 +0000" }, "message": "third_party/sandboxroot: bump\n\nChange-Id: I2ecae3b86b310dc74e11cca28841dc2ee2210a85\nReviewed-on: https://review.monogon.dev/c/monogon/+/1111\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "506b88652ae57ca4f85a51b9f51641bb50d875af", "tree": "3c9f18d07b1c925a814a090b9d446dd18e457d88", "parents": [ "97f212c1d25424a099b6a2ff52e0464a2755f11e" ], "author": { "name": "Leopold", "email": "leo@monogon.tech", "time": "Tue Jan 31 14:54:13 2023 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Tue Jan 31 17:13:14 2023 +0000" }, "message": "commentwrap: ignore lines with URIs in them\n\nChange-Id: Iad0234ff59d74845bda35213deecf9719439d1aa\nReviewed-on: https://review.monogon.dev/c/monogon/+/1105\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "7eeec65b849695e7bb1be072e6911694b8a02f54", "tree": "affecceb6edb6eb561a0970eb762684930b5e53e", "parents": [ "a9580a7970010d14ccbfe86c22483eeae9b7c05c" ], "author": { "name": "Leopold", "email": "leo@monogon.tech", "time": "Fri Jan 20 21:16:08 2023 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Mon Jan 23 11:03:52 2023 +0000" }, "message": "third_party/sandboxroot: stabilize repo URLs\n\nMetalink output is not stable, pin mirrors instead. We need to\nset up our own caching proxy next, but this will do for now.\n\nChange-Id: Ibc6ea9672890d88022a9310afb92db824226351d\nReviewed-on: https://review.monogon.dev/c/monogon/+/1087\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "2aa8b184fcbc713d99bb7c3d868d1ab9df6f5b71", "tree": "6ee292c36be2008e8d2fc4d7af23157c17c0c981", "parents": [ "bc93c2b50690e66712d80e4da5837554588ca065" ], "author": { "name": "Leopold", "email": "leo@monogon.tech", "time": "Sat Jan 14 23:31:43 2023 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Thu Jan 19 19:07:21 2023 +0000" }, "message": "third_party/rust: update rules_rust and deps\n\nThis is required for rules_rust to work with CC toolchains.\n\nChange-Id: I15f20c7bde09697fda248f7107be8bcd00e24d57\nReviewed-on: https://review.monogon.dev/c/monogon/+/1073\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "bc93c2b50690e66712d80e4da5837554588ca065", "tree": "68842095e93b11649cdc23da3bb4a6ef24f9dc8a", "parents": [ "e1ebf729194f3673ea0638f0aceb90cb70de23aa" ], "author": { "name": "Leopold", "email": "leo@monogon.tech", "time": "Sat Jan 14 13:12:23 2023 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Thu Jan 19 19:07:21 2023 +0000" }, "message": "*: migrate to CC toolchains and Bazel 5.4.0\n\nChange-Id: Iff3c0ddda4413dd0c5fa657a5b7813223e98611e\nReviewed-on: https://review.monogon.dev/c/monogon/+/1079\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "7fbf10455fd61b4c34182be5cdb3a53fd9897d4b", "tree": "02ead12ee79b10abfdd624071802acc771f6bb3e", "parents": [ "bffdda85d7750c9a9a34289a79281edeae1d73ef" ], "author": { "name": "Leopold", "email": "leo@monogon.tech", "time": "Fri Jan 06 19:57:37 2023 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Thu Jan 19 19:07:21 2023 +0000" }, "message": "*: bring our own sandbox root\n\nThis change removes the build container and replaces it with a\nBazel-built Fedora 37 sysroot which is bind-mounted into the Bazel\nsandbox using --sandbox_add_mount_pair. The tools/bazel wrapper script\nautomatically (re-)generates the sysroot when needed.\n\nBoth Bazelisk and Bazel\u0027s native wrapper automatically run the\ntools/bazel script, which means that our build should now work without\nextra steps on any machine with a working Bazelisk setup and unpriv ns.\n\nThis fixes all kinds of weirdness caused by the previous podman setup\n(\"bazel run\"/container pushes, log access, weird podman bugs,\nbreaking the IDE plugin for any non-Monogon workspaces...).\n\nUsing the sandbox hash as an action var also ensures that the cache\nis invalidated whenever the ambient environment changes. Previously,\nBazel did not invalidate build steps when any host dependency changed.\nTo my knowledge, this was the only remaining cause for stale builds.\n\nIt also means we cannot depend on the host toolchain since it\nwon\u0027t be accessible in the sandbox, and anything that inspects the\nhost during analysis stage will fail. This currently means that\nrunning on a non-Fedora host won\u0027t work - we fix this next.\n\nAll RPMs are pinned and the sysroot is fully reproducible.\n\nOnce we upgrade to Bazel 5.x, we can take it further by enabling\n--experimental_use_hermetic_linux_sandbox and fully remove the\nremaining host paths from the sandbox for full hermeticity.\n\nIn a follow-up, we can clean up the CI image to only contain the\nminimum dependencies needed for Bazelisk and the agent.\n\nExisting IntelliJ users need to remove the -Dbazel.bep.path flag\nfrom their VM options.\n\nHandbook/Rust rules are disabled temporarily to keep CI green\n(requires a more recent rules_rust version).\n\nChange-Id: I1f17d57d985ff9d749bf3359f259d8ef52247c18\nReviewed-on: https://review.monogon.dev/c/monogon/+/1033\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "be326c24068009a0f8aa039f1fb5a004fbacae6a", "tree": "04bb044ad4aa292ac51ba7e8a402b519ad266fe6", "parents": [ "acfad5b4d130084d58235a1eae54f4c51f936e44" ], "author": { "name": "Leopold", "email": "leo@monogon.tech", "time": "Wed Jan 04 20:42:59 2023 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Mon Jan 16 21:45:48 2023 +0000" }, "message": "*: add bazeldnf dependency\n\nThis adds https://github.com/rmohr/bazeldnf, a pure-Go RPM dependency\nresolver. Requires a dummy import for proper Go dependency resolution.\n\nChange-Id: I4d4e7716bfd7da7e3157f06dc1f1612c9e39c17e\nReviewed-on: https://review.monogon.dev/c/monogon/+/1028\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "06f51944c154f10756796323b1cbde1ce5376c47", "tree": "cb616c969928dd53b79eaf6d81afef58edc189c1", "parents": [ "12450d28a5a841994df41bb7c37c24d53a2c80d2" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Dec 20 13:06:53 2022 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jan 03 18:16:07 2023 +0000" }, "message": "third_party/linux: add memory hotplug\n\nWe need this for hardware reporting (and for running in VMs).\n\nChange-Id: I52dff73e0c945dcfde59b014a46c4efe15a133c2\nReviewed-on: https://review.monogon.dev/c/monogon/+/1001\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "ce3d810f4fde5e00aba7539a4d12ebe82d65b672", "tree": "115369420532871a70e28e6985baf486321ecde8", "parents": [ "a5baa87a6ca09502afb077b5fd74f0b374fecaf4" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Oct 18 12:04:43 2022 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Oct 19 20:30:58 2022 +0000" }, "message": "third_party/linux: add bonding\n\nFor our provisioning project we need bonding support, enable it in\nour kernel.\n\nChange-Id: I46c348c7c855be3a2c3a5db88840f4a7611a49fe\nReviewed-on: https://review.monogon.dev/c/monogon/+/957\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "1e9d7d875a7bd10ab30d4b193badab9f76936aca", "tree": "aa51445504663ebe1ec348ec37d6f22bbb59be2b", "parents": [ "bee272f2240dd33f9ec74666205349ced91d3f0a" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Sep 15 18:45:44 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Fri Sep 16 11:30:15 2022 +0000" }, "message": "third_party: add lib/pq, cockroachdb and cockroachdb test server\n\nChange-Id: I0e32635fd9a9e063e53877213ff87ef6d881403d\nReviewed-on: https://review.monogon.dev/c/monogon/+/910\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "a9590fe2dcde11eed3b6e8cf1f7ac42a85c9854e", "tree": "ee7dca479c50df02a2eb39729d49ce402fd70924", "parents": [ "f054486ae95df87cb0811df488bb47aebdac14da" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Sep 13 13:51:41 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Sep 14 11:45:15 2022 +0000" }, "message": "third_party/go: add improbable-eng/grpc-web and klog\n\nThis is in preparation of implementing the cloud service boilerplate.\n\nChange-Id: I393057dfc3c0a5a4f0392e66b1be9eff306496cf\nReviewed-on: https://review.monogon.dev/c/monogon/+/905\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "f054486ae95df87cb0811df488bb47aebdac14da", "tree": "195657113c01909686a9de30aa36d1ebc5014353", "parents": [ "5486a9cf8c7092a213bfda0b52681c156fe87cbb" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Sep 12 17:05:54 2022 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Sep 13 11:33:35 2022 +0000" }, "message": "third_party/linux: improve kernel configuration\n\nThese configuration changes are required to boot the Metropolis kernel\nvia kexec on a PowerEdge R750.\n\nkexec needs to be enabled even if we\u0027re not using it as just using kexec\nto launch a kernel on an EFI machine requires a fixup performed only if\nthe target kernel is built with kexec enabled. Otherwise it crashes\nimmediately after mounting efivars by dereferencing a null pointer.\n\nbpfilter should be disabled because it needs a userspace helper (the\n.ko actually runs in userspacee) and we ship none of that, causing an\nerror-level log message on every boot.\nUntil we actually ship the required infrastructure disable it.\n\nirq_remap is required for x2apic, without it\nthe kernel can\u0027t even boot on that platform.\n\nintel_iommu is just a drive-by enable because the AMD IOMMU is already\nenabled and we want the protection.\n\nChange-Id: Iaf0012e8c0427114c56fc5d90a9748ebeb800a54\nReviewed-on: https://review.monogon.dev/c/monogon/+/904\nTested-by: Jenkins CI\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "1b28e1b92989e827087bc6b594a411e10328e00a", "tree": "6f15262ff5bbbc09b48e184ba59289ff5379ec92", "parents": [ "46e72abb01d6bd4b39fd720680602bd6914e545a" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Sep 05 18:41:18 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Sep 07 13:44:24 2022 +0000" }, "message": "build/sqlc: implement simple sqlc/bindata rules\n\nThis is a first pass at implementing rules to generate sqlc stubs from\n.sql files and embed relevant migration files into bindata.\n\nThis is not yet used. The Go API is subject to change - especially the\nway migrations are laid out in the generated package will probably\nchange.\n\nChange-Id: I0873031603957a176ad4664c3b10768b791e0dd5\nReviewed-on: https://review.monogon.dev/c/monogon/+/884\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "46e72abb01d6bd4b39fd720680602bd6914e545a", "tree": "6b5b740ecc003b62db432f5b2b6b13a88dcb3c8a", "parents": [ "bd2ce6dcffa271d8ef00bceda1a89fc34d1d0f3d" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Sep 05 15:13:22 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Sep 07 13:44:24 2022 +0000" }, "message": "third_party: add libpg_query and sqlc\n\nThis adds sqlc, a SQL query code generator for Go (and other languages).\nIt in turn requires pganalyze\u0027s libpg_query, which is a C library for\nparsing PostgreSQL queries.\n\nTo test:\n\n $ bazel build @com_github_kyleconroy_sqlc//cmd/sqlc\n\nIn the future this will be used by Bazel rules to generate sources at\nbuild time.\n\nChange-Id: I369c9ab503e8ce6952fd3f73c233dd3d59922358\nReviewed-on: https://review.monogon.dev/c/monogon/+/882\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "073a1c562f386ac9b33d5361a380098e5d3fdd74", "tree": "7173e3adfb3b648d60258cc94b4ce33f6d9bac3e", "parents": [ "fab7d46b81250f0b3dab0a588f414b2eb4ac6fc4" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Aug 02 11:36:36 2022 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Aug 04 15:48:57 2022 +0000" }, "message": "workspace: add dosfstools\n\nThis adds dosfstools for its FAT32 fsck which is going to be used for\nthe FAT32 integration tests.\n\nChange-Id: Ie4ae13ad3a63581868fea69fa7d91a27044f1d3b\nReviewed-on: https://review.monogon.dev/c/monogon/+/842\nTested-by: Jenkins CI\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "e5053ed77b4fcfce6f88e2f8f0e98a0581b795cb", "tree": "70b259c9a023b389267064690131597ab2386ecd", "parents": [ "ea0a2c862d41544cf58807b17daf6b3b4dfa12bc" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jul 13 14:25:02 2022 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jul 14 09:01:19 2022 +0000" }, "message": "t/linux: enable LoadPin LSM\n\nThe LoadPin LSM ensures that the kernel only loads files for its own use\n(like firmware, modules, ...) from the root file system. This helps\nprevent attacks which overlay directories with mount points.\n\nChange-Id: Id7f8da0e6030e2a6d19fc25840063e6af56c389c\nReviewed-on: https://review.monogon.dev/c/monogon/+/835\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "961c7a25b6f1e7026ebac57e93501307945e98e4", "tree": "0eb67b5021801b6e6805d87de1ceba2e87308609", "parents": [ "02bc7de3e9f6743f4713edcd83497a14ade48da2" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jul 07 10:51:33 2022 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jul 07 11:10:39 2022 +0000" }, "message": "workspace: update main K8s to 1.24.2\n\nThis was missed in 801. Updating Kubernetes is currently very easy to\nscrew up (see #136 tracking improvements to this).\n\nChange-Id: Ia49ffba93cfdbb3e3111050f59e9dbb64b93361c\nReviewed-on: https://review.monogon.dev/c/monogon/+/823\nTested-by: Jenkins CI\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "adb98f9d02a0b2c6b5def344d421a79ab9c6b37e", "tree": "3e71b40b2ebb7c0ddae3667b58d9ee85a727526b", "parents": [ "237cf4076e4314ea98f4d47e9557857ef73f554b" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Jul 04 14:09:41 2022 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Jul 04 15:32:37 2022 +0000" }, "message": "workspace: support workspace-relative embeds in rules_go\n\nrules_go constrains itself by default to includes from the same\ndirectory or its subdirectories, just like the standard Go compiler.\nWith Bazel however including things from other packages is very common.\nAliases don\u0027t help as Bazel doesn\u0027t actually copy the artifacts for\nefficiency.\n\nThis patches rules_go to also accept Bazel-style embeds.\n\nChange-Id: I8fc9479492da00e463297e11b99ff2a9b88bbfde\nReviewed-on: https://review.monogon.dev/c/monogon/+/820\nTested-by: Jenkins CI\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "b401d635b65ce03c798f679f81d8ab602d7e61e8", "tree": "70424af5c52c281ff33fdc6d4ba32344fc286ce8", "parents": [ "6107ed11f3d8a3da38a5461bde69341ccec9353b" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jun 28 13:00:02 2022 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jun 28 17:09:10 2022 +0000" }, "message": "workspace: update etcd to 3.5.4\n\nVersions prior to 3.5.3 had critical issues, see\nhttps://github.com/etcd-io/etcd/releases/tag/v3.5.3 for more information\n\nChange-Id: I1137f0c7015cdcec55293ab3160fdbb37af34ebc\nReviewed-on: https://review.monogon.dev/c/monogon/+/803\nTested-by: Jenkins CI\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "6107ed11f3d8a3da38a5461bde69341ccec9353b", "tree": "4f97f017bb90765975be74d7f63d75f74a167100", "parents": [ "6f852d5bdc4772b09cd894575950a24ab5c7dc91" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jun 28 12:56:28 2022 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jun 28 17:09:10 2022 +0000" }, "message": "workspace: update containerd and runc\n\nUpdates containerd and runc to their respective stable releases.\n\nChange-Id: I672a831115f46b33b971d1dcc6cf791c1e436603\nReviewed-on: https://review.monogon.dev/c/monogon/+/802\nTested-by: Jenkins CI\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "6f852d5bdc4772b09cd894575950a24ab5c7dc91", "tree": "0091abc1cd8546a660bf34fa7d648c98a8937e2f", "parents": [ "bbb873d19c7b0b981c6d00e78c1d25544835b500" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jun 28 12:50:25 2022 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jun 28 17:09:10 2022 +0000" }, "message": "workspace: update Kubernetes to 1.24.2\n\nThis gets us to the latest stable Kubernetes release in preparation for\nour first release.\n\nChange-Id: I9a1d74c251c7e91254db70d38cf1074771965d33\nReviewed-on: https://review.monogon.dev/c/monogon/+/801\nTested-by: Jenkins CI\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "918d3e39ccf04b8a83d04ba54f6dfde271378385", "tree": "486572ee3f35871740777bbc5eba3763b635d85c", "parents": [ "110434116ae3c5c8c3cb0f23f97aa3c26171a037" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon May 16 15:41:29 2022 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu May 19 12:01:37 2022 +0000" }, "message": "workspace: update cel-go to 0.11.4\n\nThis allows us to remove a patch which has been upstreamed.\nWhile I\u0027m at it let\u0027s also drop the patch fixing up the googleapis\nreferences and make Gazelle do the work as it does include the\nnecessary resolutions since 0.25.\n\nChange-Id: I66d6dae609661c311911144b82807ebddd8f3805\nReviewed-on: https://review.monogon.dev/c/monogon/+/684\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "110434116ae3c5c8c3cb0f23f97aa3c26171a037", "tree": "4495097a8343e28b3e52f8b0a9ed828ddfa5ae7d", "parents": [ "f73d6f0fdf2983a2b578020c56e53f0f0aa91244" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon May 16 14:51:45 2022 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu May 19 10:48:01 2022 +0000" }, "message": "workspace: update CoreDNS to 1.9.2\n\nThis removes a patch that has gone upstream in the meantime.\n\nChange-Id: Ie7192e974f2444091c257ca12d97aa634d962ce7\nReviewed-on: https://review.monogon.dev/c/monogon/+/683\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "f2b7ab697885d2ccf7d7e624566c31f69550b7e8", "tree": "2310ba8534677e755e181bae9a21175572460228", "parents": [ "ed6bcacf756182ee62d249e3675ff050dcbc6800" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed May 04 19:06:00 2022 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed May 04 17:49:54 2022 +0000" }, "message": "workspace: update to Kubernetes 1.24\n\nThis updates our Kubernetes to 1.24. nfproxy needed a small patch as\nK8s decided to gratuitously rename a utility method. CoreDNS also needed\na small patch because they implement an interface which had one method\nrenamed and deprecated by Kubernetes. This is going upstream as\nhttps://github.com/coredns/coredns/pull/5364. Kubernetes adopted runc\n1.1 upstream so we could drop our patch there.\n\nOverall this was fairly painless and took 1h16min including PRing and\nwriting this commit message.\n\nChange-Id: Icda6ad2df96364fd25f50443791147df40bb485c\nReviewed-on: https://review.monogon.dev/c/monogon/+/674\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "fdc3a2473e4ebfd77db342252e1088882e01b2d6", "tree": "addfe894acce55d3088764cc49a6c1c3cee55573", "parents": [ "33ce3bcd5c4791cb66a3020b7792829c534c97c6" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Apr 06 15:56:38 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Apr 19 08:01:17 2022 +0000" }, "message": "third_party/go: fix `go mod tidy`\n\nThis makes our root repository somewhat more gomod-compliant, to the\npoint where we can run `go mod tidy` to manage dependencies.\n\nThe generated placeholder files turn their parent paths into enough of a\nGo package that the go tooling is appeased, but they are ignored by\nGazelle.\n\nIdeally, we will generate these placeholders automatically before\nrunning `go mod tidy` and gitignore them, but this will do as a first\npass.\n\nWe also remove some unused dependencies which got caught by `go mod\ntidy`.\n\nChange-Id: I81e7e92a45f22c8ef9c92207f67a5bd6cc773da5\nReviewed-on: https://review.monogon.dev/c/monogon/+/652\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "ee4bfdb9c59848d618975f24746c78b418e9aebc", "tree": "f84f251df9e2908667f27151794c90cf66965380", "parents": [ "be74284cb84581b7217a934d2a771edb7c948223" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Apr 06 15:30:52 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Apr 06 17:18:39 2022 +0000" }, "message": "build/fietsje: remove\n\nWe\u0027ve moved back to using go.mod as a source of truth, as our main large\ndepdency (Kubernetes) is now mostly gomod compatible.\n\nChange-Id: Ie6215b7330a7dcec7681fa3081437efb2be5bf77\nReviewed-on: https://review.monogon.dev/c/monogon/+/651\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "d13c1c64387ca9a83bb832a3faa5c4b07268d265", "tree": "0c0f534db4726e4400486aad25235e8c573d455e", "parents": [ "79a1a8f9dd49afe8e0a2364c4586b8f39525b204" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Mar 30 19:58:58 2022 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Apr 05 10:35:29 2022 +0000" }, "message": "treewide: switch to gomod and bump everything\n\nThis switches version resolution from fietsje to gomod and updates\nall Go dependencies. It also bumps rules_go (required by gVisor) and\nswitches the Gazelle naming convention from go_default_xxx to the\nstandard Bazel convention of the default target having the package\nname.\n\nSince Kubernetes dropped upstream Bazel support and doesn\u0027t check in\nall generated files I manually pregenerated the OpenAPI spec. This\nshould be fixed, but because of the already-huge scope of this CL\nand the rebase complexity this is not in here.\n\nChange-Id: Iec8ea613d06946882426c2f9fad5bda7e8aaf833\nReviewed-on: https://review.monogon.dev/c/monogon/+/639\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "fc2d0d8275a2596794f4f2d1d32b8a536854d825", "tree": "f868c35e5a72d1c9af108c8df7b8060077424b59", "parents": [ "399ce5537c9d74b2335add19dcb6a4043d9468b5" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Mar 31 14:36:17 2022 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Mar 31 13:10:50 2022 +0000" }, "message": "workspace: bump Linux to 5.15.32\n\nBumps Linux to latest LTS patch release\n\nChange-Id: I40e6c4a7e161915d41a688e00cb4ca98553bf89f\nReviewed-on: https://review.monogon.dev/c/monogon/+/644\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "942f5e2188f67d78fe8da86f42e1902427792f2b", "tree": "b3465cd8996a224a678f12cf1d858173077dadd1", "parents": [ "d3ce0ac027b205b1eeccbbcb062c9d417e205df4" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jan 27 15:03:10 2022 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Mar 08 12:05:38 2022 +0000" }, "message": "b/ci: update build container to Fedora 35\n\nFedora 32 is EOL since over half a year, update to the current stable\nFedora release.\n\ntoolchains: adds clang as it\u0027s no longer part of the llvm package,\nchanges toolchain path references to GCC 11, and rebuilds the sysroot.\n\nedk2: update to latest stable (old version cannot build with a newer\nminor version of Python 3) and patch to disable -Werror and make the\nnewer included Brotli version work as it natively includes BUILD\nfiles which need to be patched out to make the source files accessible.\n\nlinux: add patch to fix PVH ELF note entrypoint with binutils 2.32+ as\notherwise the .notes section gets emitted with broken alignment.\n\nm/t/launch: RunMicroVM is broken if SerialPort is not set with newer\nQEMU versions because fcntl(2) fails to interact with a broken file\ndescriptor. This is due to a confusion between nil interfaces and\ninterfaces containing a nil pointer causing Go to improperly pass the\nfile descriptor. Changing the type of SerialPort to the actual\ninterface resolves the issue.\n\nChange-Id: I03a8cbf4f80a7363794dad1ff62ccb57e778cac3\nReviewed-on: https://review.monogon.dev/c/monogon/+/529\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "d3ce0ac027b205b1eeccbbcb062c9d417e205df4", "tree": "b026e8c1b1d327531a739449b383ad21f8fd9c20", "parents": [ "304d42c86f034386a957eaec36b0d254aef8dc76" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Mar 03 12:51:21 2022 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Mar 08 11:52:07 2022 +0000" }, "message": "m/n/b/fwprune: process links from metadata file\n\nThe linux-firmware repository has a metadata file called WHENCE which\ncontains mostly license and origin information, but critically it also\ncontains data for symbolic links which are not materialized inside the\nrepo itself. So we need to parse that file and create these symlinks\nourselves.\n\nChange-Id: I9e6973e60d6f06e844dc879f658c9dd1913c432d\nReviewed-on: https://review.monogon.dev/c/monogon/+/555\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "d348fd1c66194c0fff46e39a16131a7bd0e45707", "tree": "c2731c55a03e1fdd7f81f25c363345acc508ac73", "parents": [ "b6aa3f7a4bb57fa3d29c846fcfcc6c0d267ae8b7" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Fri Mar 04 12:11:46 2022 +0100" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Fri Mar 04 14:59:11 2022 +0000" }, "message": "t/linux: disable IMA\n\nThis disables IMA in the kernel config. Currently Metropolis doesn\u0027t\nutilize any of its features, since integrity is ensured in other ways.\n\nSee: https://github.com/monogon-dev/monogon/issues/107\nChange-Id: Icc0af8790ef30c2e0497b570abb403cadd89371f\nReviewed-on: https://review.monogon.dev/c/monogon/+/557\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "80deba52ce3d1ff3c60fa2901cbbb0135e40f90b", "tree": "659869cf80fae0c808d7caae2d8341669bd8e1c5", "parents": [ "ac82c0d984cd23b4b35163b223c9ed0001df8f55" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Feb 24 17:07:13 2022 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Mar 01 19:32:09 2022 +0000" }, "message": "m/node: build microcode payloads\n\nThis adds a builder for loadable microcode payloads for the Linux\nkernel and microcode for Intel and AMD CPUs. It also adds a rule\ngenerating a microcode payload for Metropolis at\n//metropolis/node:ucode but does not integrate it yet.\n\nChange-Id: I00145e4c983d9ff3e81881e92cbecc3e09392665\nReviewed-on: https://review.monogon.dev/c/monogon/+/546\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "17c4c8bb0feaa0395b31757c8186521ec3c0d723", "tree": "abcc2f8419659ac3f9dcb55a1c0c3de43f4008f0", "parents": [ "b6a9d3c613847de99be456f17c6b18cc4d1c4e63" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Feb 01 12:59:47 2022 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Feb 08 13:06:05 2022 +0000" }, "message": "m/n/b/fwprune: adapt to fsspec and use\n\nThis modifies the fwprune tool to generate fsspecs instead of making\ncopies and makes it take a list of paths for suffix matching instead\nof a directory as input. It also adds the fsspec_linux_firmware rule\nwhich uses the utility to actually build a partial fsspec. Finally it\nintegrates the linux-firmware external repository and uses that rule\nto ship firmware in Metropolis.\n\nChange-Id: I0552995105eda84e63d7259040ad36d794079308\nReviewed-on: https://review.monogon.dev/c/monogon/+/534\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "b6a9d3c613847de99be456f17c6b18cc4d1c4e63", "tree": "65aa9692174230796bfcc30aba663d5063190d6b", "parents": [ "26d5225a142057b6eb04cff9ba86173a6682b626" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jan 27 18:56:20 2022 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Feb 08 13:06:05 2022 +0000" }, "message": "m/n/build: implement new fsspec infrastructure\n\nThis makes the node_initramfs and erofs_image use the new common fsspec\ninfrastructure. It also adds the fsspecs attribute to both which can\nlater be used to add arbitrary fsspecs.\n\nChange-Id: I384e04712c0a70f82c5c975911cbb1d0d5e6cabc\nReviewed-on: https://review.monogon.dev/c/monogon/+/530\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" } ], "next": "8c2c771a750f30b3edf240fc8352e777795e989b" }