)]}' { "log": [ { "commit": "e306d780504ae3ddfad3eb852c7adc5ec9757d89", "tree": "3e8e2c7a21430777db525c9ed4717a2cab1c114a", "parents": [ "d7d6e0284de38cbeeb185ca17c0853b4b2c10ee9" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Sep 01 13:01:06 2021 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Sep 06 09:05:40 2021 +0000" }, "message": "m/n/time: add time service\n\nThis adds a bare-minimum time service based on chrony/NTP for keeping\nthe system clock and RTC on Metropolis nodes accurate.\n\nIt also introduces a UID/GID registry in the Metropolis node code\nas this is the first unprivileged service to run on the node itself.\n\nIt does not yet use a secure time source, this is tracked as #73.\n\nChange-Id: I873971e6d3825709bc8c696e227bece4cfbda93a\nReviewed-on: https://review.monogon.dev/c/monogon/+/319\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "68dcee136984e2e16b7682e0c0758c1df831a84c", "tree": "56e89baa3ba3a88b23fe7acf6929c357107509e4", "parents": [ "40025ff859d65f1a50ae38b20841f9e0a908050b" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Aug 31 13:12:07 2021 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Sep 01 10:33:47 2021 +0000" }, "message": "third_party/chrony: support dropping privileges\n\nEnables the configuration flags to build with privdrop and\ncapabilities support and adds the libcap dependency.\n\nThis makes chrony capable of running without root privileges.\n\nChange-Id: Ia80dcde80cc7a72c47a1fd30ab4dfb21c902f737\nReviewed-on: https://review.monogon.dev/c/monogon/+/318\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "40025ff859d65f1a50ae38b20841f9e0a908050b", "tree": "4a81af38eea054baf3cada86a1a94a572096e683", "parents": [ "031243f5a276726080a92410f7d3503e5870ed49" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Aug 31 13:06:02 2021 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Sep 01 10:33:39 2021 +0000" }, "message": "third_party/cap: initialize\n\nThis adds libcap which is needed for any chance at running chrony as non-root.\n\nUpstream contains a multi-stage codegen based on various external utilities\nwhich has been replaced by a clean Go script. Upstream is capable of also\nusing gperf to generate hash tables for faster lookups, but due to the\nextremely low amount of items (~40) and the additional complexity this is\nnot enabled.\n\nThis is not tested standalone, but it has been tested with chrony.\n\nChange-Id: I638f6aea98158cd2e2838531a5a6125e724838f5\nReviewed-on: https://review.monogon.dev/c/monogon/+/317\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "8ff4b7c6f20c9dda91c0eefc524e9bb6c3bff52d", "tree": "6e455a4fe977b47492cc8f1db58b1c5288225036", "parents": [ "158e9a415a72bfacfdf9f46eb06b30486680299f" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Aug 17 19:21:18 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Fri Aug 20 09:02:55 2021 +0000" }, "message": "third_party/chrony: initialize\n\nFirst pass at building chrony. Minimal functionality, notably skipped\nfeatures are:\n\n - PRIVDROP (requires libcap)\n - NTS (requires gnutls)\n\nDo we need anything else?\n\nTested with:\n\n $ bazel build \u0027@chrony//:chrony\u0027 --crosstool_top\u003d//build/toolchain/musl-host-gcc:musl_host_cc_suite\n $ file bazel-bin/external/chrony/chrony\n bazel-bin/external/chrony/chrony: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, not stripped\n $ bazel-bin/external/chrony/chrony -v\n chronyd (chrony) version 4.1-monogon (NTP RTC SCFILTER ASYNCDNS)\n\nChange-Id: I56ac15a23e5741c0428580268cf40ae7744078d4\nReviewed-on: https://review.monogon.dev/c/monogon/+/293\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "cbf1fa97307024b1f0c60c88e8ebf968a42bf980", "tree": "728f661bb449220c98556fdd0635714db750ac9c", "parents": [ "e7bb94c0b2b2a7694c8985c5da80e814a51c4bdf" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Jul 02 17:28:50 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Fri Jul 02 18:16:43 2021 +0000" }, "message": "third_party/rust: initialize, add mdbook\n\nAs we want to use [mdbook](https://github.com/rust-lang/mdBook) to build\ndocumentation, we now have to pull it into the monorepo, alongside\nsupport for Rust in general.\n\nTesting plan: bazel run //third_party/rust:cargo_bin_mdbook. The CI\nshould also pick this up now.\n\nChange-Id: I6cf5d02d926bb0de61a5c882828accd35f3a1076\nReviewed-on: https://review.monogon.dev/c/monogon/+/201\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "dd7b2d22fb0e13547505bacd862b92bf56a35983", "tree": "ef18d20d2688a62bdf80147ec343e05789ac6cae", "parents": [ "76003f807b24a22476b14bc308939fc62e1ad6a2" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Jul 02 17:13:22 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Fri Jul 02 16:28:59 2021 +0000" }, "message": "third_party/go: add package missing from dependency graph\n\nThis is a Windows-specific package being pulled in by github.com/spf13/cobra.\n\nWe don\u0027t need it, and we don\u0027t ever build it (it\u0027s behind a select()\ngate depending on the Windows platform), but its lack causes us to not\nbe able to perform Bazel queries against anything that stumbles upon\nthis select statement.\n\nNotably, things like ibazel don\u0027t work without the ability to query\ndependencies of a target. In theory, cquery could be used of query (and\ncquery would know that it\u0027s not running on a windows platform and not\nattempt to resolve the missing package). This might happen some day,\nbut:\n\n 1) cquery currently does not support the buildfiles() function, which\n is needed by tools like ibazel to find not only source/data/target\n dependencies for a taret, but also every BUILD/.bzl file that\n influenced that target.\n\n See: https://github.com/bazelbuild/bazel-watcher/issues/305#issuecomment-627312885\n\n 2) It\u0027s generally good practice to not have missing objects in our\n dependency graph, I think. We will sooner or later start using this\n data in CI and other automation, and it might be useful to make an\n assumption, at some point, that we don\u0027t ever have a broken\n target dependency graph.\n\nTesting plan: the following now works:\n\n bazel query \u0027deps(set(//...))\u0027 --output\u003dxml\n\nChange-Id: Ic45e293b868b0aaa707f31384b4b24626ba23e29\nReviewed-on: https://review.monogon.dev/c/monogon/+/200\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "6ebdc418f3c4799c12368e34ea78dc9c9757fb54", "tree": "55dcecf2fda5b992c703dea87ef2cea495f6ffe0", "parents": [ "67483ded56f26ced15581d7a87314d776cf5ecb0" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri May 21 16:25:55 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Fri May 28 15:53:36 2021 +0000" }, "message": "RFC: build/analysis: add commentwrap\n\nThis adds a Go analyzer which limits the length of comment lines to 80\ncharacters.\n\nRationale:\n\nMonogon currently follows gofmt style. Gofmt in itself is already quite\nopinionated, but one thing it explicitly does not check for is maximum\nline length.\n\nThis implements a limit for the maximum length of a comment line in Go\nsource within Monogon. It explicitly does not limit code line length, as\nthese can be handled much more easily by soft reflows.\n\nThe tool used, github.com/corverroos/commentwrap, will now be\nautomatically ran by our nogo pass, and prevent any line of commnets\nwithin Go to be longer than 80 characters, with the exception of:\n\n - cgo/generate directives\n - TODOs\n - indented comments (eg. sample code or long URLs)\n\nDownsides:\n\n1. We have to reformat the entire codebase. CR/67 does this.\n\n2. We end up with a bulk Git commit that will pollute Git history. A\n followup CR attempts to resolve this by using Git\u0027s ignoreRevsFile\n functionality.\n\n3. There\u0027s currently no integration with IntelliJ and no way to\n automatically reformat code. If this RFC gets approved, a follow up\n CR will be created that adds integration/automation to make this\n easier to work against.\n\nOpen questions:\n\n1. Is 80 characters the right limit? I, personally, quite like it, but\n am willing to compromise on line length.\n\nChange-Id: I063d64596ca5ef038a8426c6b9f806b65c18451e\nReviewed-on: https://review.monogon.dev/c/monogon/+/66\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "acae1ef4088e0e9579d7c35b2f7ce1de21c5ac22", "tree": "761455858b1e1491981d1d58dc093ca93402d541", "parents": [ "7b73537d3fe08f5bbca741c7abbd95115ac2e6c2" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed May 19 11:31:40 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Wed May 19 11:28:32 2021 +0000" }, "message": "*: replace nxt -\u003e monogon\n\nThese are hopefully the last leftovers from the nxt monorepo.\n\nThis change breaks existing build containers and IntelliJ setups, and\nunfortunately thrashes developer workstation Bazel caches.\n\nRunning `scripts/bin/destroy_container.sh \u0026\u0026\nscripts/bin/create_container.sh` and then following the IntelliJ setup\nguide in //README.md should be enough to fix everything.\n\nDid that locally and was able to set up a fully working IntelliJ\nIDE against this change.\n\nChange-Id: I090f4e4f2ea03998569a4ea3d1aa4cd4ec570f8a\nReviewed-on: https://review.monogon.dev/c/monogon/+/61\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "6feb746cfafeedb600ae12e22be910ad376b30a5", "tree": "6b8f67cc7f183cfaa3b533a20d069abd1e7f3b07", "parents": [ "99d210d48afc2207ffb4064c58068faa9449a981" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue May 18 15:49:15 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Tue May 18 15:37:38 2021 +0000" }, "message": "build/ci: add presubmit Jenkinsfile\n\nThis implements a basic presubmit Jenkinsfile which should be consumed\n(in this CR already) by CI machinery running against review.monogon.dev.\n\nThis presubmit exercises the same build targets as the old, internal\nPhabricator CI. The build executing agents are based off of the \u0027monogon\nbuilder\u0027 Docker image defined within build/Dockerfile. A follow up CR\nwill remove the leftover of Phabricator CI machinery and explicitly\ndocument how that agent image is built and used.\n\nWe also reformat a generated .bzl file to remove a spurious copyright\nheader. This appeases Gazelle/Fietsje checks.\n\nFinally, we add a .gitignore which ignores build files to make the\nGazelle/Fietsje dirty checkout detection work correctly. The internal\nversion of the metropolis repository had an equivalent .gitignore which\nwasn\u0027t carried over during the initial migration into the Monogon\nmonorepo.\n\nChange-Id: Ib88b8b50dbc6fcd034757558697e6ae2334235b1\nReviewed-on: https://review.monogon.dev/c/monogon/+/26\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "f055a7fce0263a30fd2c853b5ed002a765fc23e8", "tree": "de2dc0daeebfc7ecce2b1987ffb13eb4f2475088", "parents": [ "2666513457e8d7a282560a7090f35439ab9695ce" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Apr 13 16:22:33 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Apr 14 14:35:09 2021 +0200" }, "message": "third_party/linux: build using unhermetic rule\n\nThis replaces ad-hoc genrules (for the node Linux image and the ktest\nimage) with a real Bazel rule with an attached transition which ensures\nwe end up with the same-ish configurations for all builds of an image.\n\nThis reduces rebuilds of the ktest Linux kernel, from three down to one.\n\nBefore: https://drive.google.com/file/d/1c6VmY2bqx9Pgs61TOUfgMi8Sn0WQeobu/view\n\nAfter: https://drive.google.com/file/d/13eO1rLhoBCMMRUKrmJz8QnhdAR3ctIGb/view\n\nWe also drive-by fix the Kubernetes CTS test suite to run on a single-node\nCluster (instead of failing early due to that being currently reworked).\n\nTest Plan: Build system refactor, following existing test.\n\nX-Origin-Diff: phab/D761\nGitOrigin-RevId: b5545ac5fd402fbf0340d941a90b9ea6ea0b6d43\n" }, { "commit": "2666513457e8d7a282560a7090f35439ab9695ce", "tree": "328d8f62ddb665b6cd057272f7cae2713aa247ad", "parents": [ "a105db57640d6abf6de368ec0c33a3a5b4f93893" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Apr 13 16:55:59 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Apr 13 19:51:33 2021 +0200" }, "message": "Fix TCP BBR setting\n\nI previously set the TCP queuing discipline to BBR without actually compiling in BBR.\nSee T943. This actually builds in BBR and sets it as default in the kernel config, thus removing\nthe need to manually set it in userspace.\n\nTest Plan: CI\n\nBug: T943\n\nX-Origin-Diff: phab/D760\nGitOrigin-RevId: 779a709e4298ec59bfdcf462fe2f3563952204b6\n" }, { "commit": "09c275bc489bc1de406be9a2e8f158eaa87b7c61", "tree": "31c62a93e37f6052aa99e2addacef6c060d75e85", "parents": [ "37050126ef89ec30cc677c272471debe55ec0d69" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Mar 30 12:47:09 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Apr 13 11:04:05 2021 +0200" }, "message": "Add ftrace support to DebugService\n\nThis allows us to do ad-hoc kernel-level tracing on a running Metropolis node.\nUseful for tracking down complex bugs.\n\nExample: `bazel run //metropolis/cli/dbg -- trace -function_graph_filter blkdev_* function_graph`\n\nTest Plan: Debug utility, manually tested\n\nX-Origin-Diff: phab/D748\nGitOrigin-RevId: 924eb795250412a73eb30c0eef4a8c1cc726e5fd\n" }, { "commit": "37050126ef89ec30cc677c272471debe55ec0d69", "tree": "c64a64a622ec1c3e1e72fc12a6d4252c0e803cc1", "parents": [ "2999427c182463840a339cf0e82885d8a3b6e79f" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Mar 30 14:00:27 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Apr 13 11:04:01 2021 +0200" }, "message": "Implement Block PVCs in our storage backend\n\nThis implements full support for Block PVCs in our Kubernetes storage backend.\nThe block PVCs are backed by files made available to the pods using loop devices and\nhave read-only and online expansion support.\n\nThis also requires a Kubernetes patch because they call losetup if block PVCs are used\nwith CSI to establish a form of lock on the backing block device. This lock is not\nexclusive and does absolutely nothing for our use case and could get very expensive\non dense machines so I removed it.\n\nTest Plan: Comes with E2E tests\n\nX-Origin-Diff: phab/D746\nGitOrigin-RevId: 430d3f445286c0d3498b2153df333a19f3fcab89\n" }, { "commit": "9956e72c6c0b4f6436dc9493bc213965ee0cc191", "tree": "7842ac67432e3a187dda6a2dcb46d11088934159", "parents": [ "dca59d924dac4345099e5acd99405b5451d29cdb" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Mar 24 18:48:55 2021 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Apr 13 11:03:53 2021 +0200" }, "message": "Add Loop Device package\n\nThis adds Loop device support in our Linux kernel and adds a Go package for working with them.\nIt also drive-by adds a pre-mounted tmpfs to ktest as that is quite useful in a lot of situations.\n\nTest Plan: Comes with ktests.\n\nX-Origin-Diff: phab/D745\nGitOrigin-RevId: fa06bcdddc033efb136f56da3b4a91159273bf88\n" }, { "commit": "339f97dc7ae48876f77b1195a8840f9369fb5d25", "tree": "126cb2059727f7bf4fe50adff74aeeb93e8c618b", "parents": [ "fa99799583dfc3b485012dd0575287643f568b72" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Mar 31 22:16:52 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Apr 01 18:58:27 2021 +0200" }, "message": "third_party/go: add k8s.io/code-generator\n\nTest Plan: New dep. Used further down change stack.\n\nX-Origin-Diff: phab/D749\nGitOrigin-RevId: 4cd0cab36dbd2aa17f944ad6fb3bf90af638ebef\n" }, { "commit": "fa99799583dfc3b485012dd0575287643f568b72", "tree": "8bde1e2205ef987181a1bbbb1c8f33fbd29e402d", "parents": [ "55f01c3c338166f2ca7e67ae5d6c3ae6b7ac75c4" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Mar 23 17:29:42 2021 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Apr 01 18:58:25 2021 +0200" }, "message": "third_party/qemu: better explain tb_invalidate_phys_range patch\n\nAt a glance, this change looks somewhat scary, and might be interpreted\nas an attempt to backdoor qemu.\n\nThis better explains what\u0027s going on, and adds an extra always-firing\nassert to prove that there\u0027s nothing up our sleeves, and that this\nbranch should never be taken in the first place.\n\nTest Plan: Refactor, should be covered by tests.\n\nX-Origin-Diff: phab/D744\nGitOrigin-RevId: c86638cf9e90041d2ad19d26715c7d4dd5a43e98\n" }, { "commit": "647cbb28101e628206562fa5c60e1ed8e5307e8a", "tree": "b4796da9b3f4c25d9fdc4ebc4137cdaa513b38fc", "parents": [ "bb95ebd12f8777b1b653653bcb54a081b6c54771" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Mar 16 15:09:56 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Mar 16 15:09:56 2021 +0100" }, "message": "Make QEMU build under musl\n\nQEMU and its glib dependency use a few very bespoke glibc extensions which\nmusl doesn\u0027t implement. This disables their use to make this build on both glibc and musl.\n\nTest Plan: `bazel build --crosstool_top\u003d//build/toolchain/musl-host-gcc:musl_host_cc_suite @qemu//:qemu-x86_64-softmmu` works\n\nX-Origin-Diff: phab/D738\nGitOrigin-RevId: 606f750be4259ca8fcc19f4c0cc0ddd54dff2090\n" }, { "commit": "b60d9cb51462a82a89f9c16f5ca6b4541de6d450", "tree": "6d9d0debaa652988ecbae503c56748f9a17ed481", "parents": [ "c4a3aab4c8d14d05b7e2448ab11897b6f9093046" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Feb 18 17:34:00 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Feb 18 17:34:00 2021 +0100" }, "message": "Add C/C++ header rewriter\n\nThis adds a C/C++ header rewriter utility. See the top comment on a quick description of how it works.\nNo workspace rule is provided yet, that will come later.\n\nTest Plan: This is a build utility, doesn\u0027t really matter.\n\nX-Origin-Diff: phab/D705\nGitOrigin-RevId: 4bf274d8301f3a38a1ec7512bf310be9815fb647\n" }, { "commit": "4e090357c4f1f3bae53a5f2feaf20ea5e1bbbe61", "tree": "335ec273335722befdeca623b8f3f787a2cd6571", "parents": [ "0ed2f96a3a86aff2c9ce36289aa5d58a75f4d59b" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Mar 17 17:44:41 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Mar 17 17:44:41 2021 +0100" }, "message": "Add KVM device plugin\n\nThis adds a KVM device plugin for Kubernetes. This plugin allows for unprivileged access and granular\ncontrol of KVM access.\n\nTest Plan: Tested in subsequent revision\n\nX-Origin-Diff: phab/D739\nGitOrigin-RevId: 5cd738a47d24e7bfdc29bbd1a31537209e1ebf46\n" }, { "commit": "0de189355c6afad6f677029d90fa40dee824141b", "tree": "3e926e04415d4310b120cc641e4cd7893c5a6b61", "parents": [ "735119f8efcd1ce8689703fe455e39f2146b0b3e" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Mar 11 00:36:48 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Mar 11 00:36:48 2021 +0100" }, "message": "Add QEMU into the monorepo\n\nThis adds QEMU and all its dependencies into the monorepo. Enough features are enabled that\nthis QEMU should be both usable for running tests for Metropolis as well as running customer VMs in\ncontainers. Thus we can also get rid of the QEMU ambient dependency.\n\nAll dependencies have their includes fully rewritten as to be reusable without a huge effort. QEMU itself\nrelies on `includes` attributes since the patch would otherwise be enormous and it is a binary and thus\nany include path madness ends there.\n\nOverall though this is quite nice, the final QEMU build with full optimization is \u003c10MiB and has no further\nambient dependencies. It also has full io_uring support, which works very well with our 5.10 kernel.\nTPM support is also included.\n\nThis is not used anywhere, replacing the ambient dependency and shipping a container will be in an upcoming\nrevision.\n\nTest Plan:\nManually tested to run a Ubuntu cloud image with io_uring and virtio. Automated tests will follow as\npart of its roles in this repo.\n\nX-Origin-Diff: phab/D712\nGitOrigin-RevId: 9c2607d75c875b1d65346e3cdac1a5e08467ea33\n" }, { "commit": "735119f8efcd1ce8689703fe455e39f2146b0b3e", "tree": "40fd14c0a07c12974d01d67997349917b40f5d69", "parents": [ "ddd6caff9edac56dad727a79eb5b0faf4dbd6cb9" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Mar 11 00:30:01 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Mar 11 00:30:01 2021 +0100" }, "message": "Host toolchain minimal features\n\nTest Plan: Tested with QEMU and the existing codebase.\n\nX-Origin-Diff: phab/D713\nGitOrigin-RevId: ecfc94ab2b4880447c628fc2e41b5ed6234f90d8\n" }, { "commit": "ddd6caff9edac56dad727a79eb5b0faf4dbd6cb9", "tree": "120710eb4a9acf0c3ad1086d9f6f6f3c850a0d70", "parents": [ "bcae658f9530e95cde2ac931beacae71c9fb240e" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Mar 04 17:16:04 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Mar 04 17:16:04 2021 +0100" }, "message": "Build mkfs.xfs using rules_cc\n\nThis drops the old big genrule for mkfs.xfs and replaces it with a nice rules_cc build system\nwith the help of bazel_cc_fix generated patches and our musl-based toolchain.\nWhile we\u0027re at it I bumped the versions of all related dependencies to their latest stable release.\nThis also means pulling in ini.h which is a dependency of the new xfstools version.\n\nInstructions to regenerate the patches are included in the spec files.\n\nToolchain selection is done by the existing transition in our rootfs rule so we automatically get a musl-built\nstatic binary when building for the rootfs.\n\nTest Plan: Tested with E2E tests, should fail fairly catastrophically if something were wrong.\n\nX-Origin-Diff: phab/D708\nGitOrigin-RevId: 648a05cdd08cfa84a8a9f4c057c52446e7005631\n" }, { "commit": "5999e92b2da34cbbd50391327ec01081a91866ee", "tree": "164e447b7d17e89f2b1046c3da51af141deaa08b", "parents": [ "3a99c590543394ceb5260282ef8e924b44e8eef8" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jan 27 18:53:54 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jan 27 18:53:54 2021 +0100" }, "message": "Bump Linux kernel to 5.10\n\nThis bumps our Linux kernel to 5.10. There\u0027s one minor fix in fsinfo accounting for the fact that strings are\nnow null-terminated. While debugging this I also drive-by fixed a minor typing issue in quotactl.go.\n\nThis drops support for the old initramfs loading method (which was the driving force for the EROFS changes)\nas refactors in the kernel made the patch we carried until now non-viable. Nothing uses it anymore, everything is\neither a microvm-style machine which doesn\u0027t use EFI and thus doesn\u0027t suffer from the issue or uses EROFS.\n\nTest Plan: No new functionality, should be covered by E2E tests.\n\nX-Origin-Diff: phab/D697\nGitOrigin-RevId: d8e40954abb66cb082eecbca372b94a7e40b84a8\n" }, { "commit": "3a99c590543394ceb5260282ef8e924b44e8eef8", "tree": "e1b727a0c12b387e1bc12d71826405b8b588fa40", "parents": [ "6b13bf1a98c4a612d13ae939e68802e77fb45474" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jan 26 19:57:21 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jan 26 19:57:21 2021 +0100" }, "message": "Switch Metropolis to EROFS-based root filesystem\n\nThis gets rid of the old large initramfs and switches to an EROFS-based root\nfilesystem. It also drops the copy \u0026 remount compatibility code. As this filesystem is\nproperly read-only and not just ephemeral, this also brings various changes to the code\nto make systems compatible with that.\n\nTest Plan: Covered by E2E tests, also manually smoke-tested.\n\nX-Origin-Diff: phab/D696\nGitOrigin-RevId: 037f2b8253e7cff8435cc79771fad05f53670ff0\n" }, { "commit": "2073ce34e57b0be3cedd39b8934869abb6f73582", "tree": "8c7f86cecb41848e0614da742935cc656be02239", "parents": [ "7b82227c87f477e9d986d648b8ad63f4268dde3b" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Feb 03 18:52:59 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Feb 03 18:52:59 2021 +0100" }, "message": "Bump Bazel to 4.0.0\n\nThis bumps Bazel to 4.0.0 because we want to use ProtoModule. The update was relatively painless,\nno incompat-flags needed to be switched back off. `bazel_gazelle` is pinned on a master version\nsince they haven\u0027t released a Bazel 4-comaptible version yet and I have one patch against Kubernetes\u0027s\ninfra repo which is going upstream.\n\nTest Plan: Build system change, should be covered by existing tests\n\nX-Origin-Diff: phab/D701\nGitOrigin-RevId: 24f675e6ba33efb9f46191eccca95088d7d2d1f1\n" }, { "commit": "7b82227c87f477e9d986d648b8ad63f4268dde3b", "tree": "bd4f8afb09a40f4217709f956c2344c67f95e660", "parents": [ "378a4455aedda838f60c546e55199092f24952ed" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Feb 03 17:03:41 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Feb 03 17:03:41 2021 +0100" }, "message": "Drop legacy kubelet log path\n\nIt looks like the Kubernetes update broke E2E tests on the EROFS stack because of some change\nto how the legacy log dir is handled. Kubelet currently just crashes because it can\u0027t mkdir\n/var/log/containers. This directory is apparently only used by fluentd for log collection in upstream\nE2E tests and with dockershim, both of which we don\u0027t care about. So let\u0027s just nuke it.\n\nTest Plan: Fixes things on top of the EROFS stack\n\nX-Origin-Diff: phab/D700\nGitOrigin-RevId: 45b7f76a61b7234845ab55fcfbc37a66f69fe065\n" }, { "commit": "74e8e5c35fea1ec9ce13c8a2d16100bab45d42d9", "tree": "3ec734c4b86fed54a5039623c789dd4b805b3b6e", "parents": [ "19eb0006edc79edc53fb53ea0eed67e93f4c8eba" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jan 26 14:00:50 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jan 26 14:00:50 2021 +0100" }, "message": "Make containerd work with read-only root\n\nThis makes containerd work with a read-only root. There were a few config mistakes on our side which\ncaused it to write to the rootfs (mostly leftovers from the switch to /ephemeral) and a semi-hardcoded path\nin /var/lib/cni from containernetworking/cni. This is technically configurable, but it would require patching\nthree different repos (see diff message) and getting all of them to agree to take the change and wait for\nit to propagate to all repos (containerd is known to be slow to release stuff). So let\u0027s just hack in\nthis one-line diff for the time being.\n\nTest Plan: Should be covered by existing tests\n\nX-Origin-Diff: phab/D694\nGitOrigin-RevId: 0e8f5dbfb216539c16e64130af9fe1023722ae1b\n" }, { "commit": "19eb0006edc79edc53fb53ea0eed67e93f4c8eba", "tree": "704a52ab75bde43409d80246cf23bce6b6be3467", "parents": [ "842536b10bd1b11e62317940feef215442a8ecb4" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 21 14:25:25 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 21 14:25:25 2021 +0100" }, "message": "third_party: bump Kubernetes to 1.19.7\n\nThis... didn\u0027t exactly go well. Turns out a change between rc.1 and rc.2\nbroke our runc runtime by enabling seccomp by default for pod sandboxes.\n\nWe work around this by reverting this change, and filing T916 to solve\nthis soon.\n\nThis fixes T910 and T909.\n\nTest Plan: kube bump, CI should run e2e, didn\u0027t run CTS.\n\nBug: T910, T909\n\nX-Origin-Diff: phab/D691\nGitOrigin-RevId: 78afca77c294895859e0af9150128d82677d875b\n" }, { "commit": "842536b10bd1b11e62317940feef215442a8ecb4", "tree": "264906157b5cd51ef39e952326b85da48b5bbb5b", "parents": [ "f12bedfa4cd144c3abc4deac58405067d55f9c87" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jan 26 13:54:57 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jan 26 13:54:57 2021 +0100" }, "message": "Make Kubernetes work with read-only root\n\nThis makes Kubernetes work with a read-only root. There\u0027s two places where they hardcode\npaths: One is the DeviceManager socket path (/var/lib/kubelet/device-plugins/kubelet.sock), that one\nis easy to fix because KubeletRootDir is available one scope above. The other one is the pod logs dir\nwhich is too far removed from the main Kubelet config, so I just changed their hardcoded path to ours.\nThe first patch should be upstreamable, for the second one we\u0027d need to take a different approach to upstream.\n\nTest Plan: Should be covered by existing E2E tests.\n\nX-Origin-Diff: phab/D693\nGitOrigin-RevId: 4606ab228a24bd4a0274f8e3156123710a59f2aa\n" }, { "commit": "f12bedfa4cd144c3abc4deac58405067d55f9c87", "tree": "ddbc408e424a0ea8e446bcf0022ee16278202d63", "parents": [ "c3ad846e0eaf4cf008130a643ff247aa27531e17" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Jan 15 16:58:50 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Jan 15 16:58:50 2021 +0100" }, "message": "*: bump up Go dependencies\n\nThis started off as \u0027let\u0027s bump gVisor\u0027. However, pulling that thread\nresulted in quite a few things that also required bumping for the build\nto actually work. Here I come back from a day in the Bazel mines,\nbearing fruits of my labor.\n\nNotable changes:\n\n - bump up gVisor\n - bump up containerd\n - bump up Bazel\n - bump up rules_go, rules_docker, Gazelle\n - use google.golang.org/protobuf (the \u0027new\u0027 go proto package)\n - bump up gRPC (but not too much, as go-etcd is still straggling)\n\nNotable effects:\n\n - new gVisor supports TTY allocation (kubectl run -it\n --image\u003dubuntu:20.04 ubuntu bash now works!)\n\nNotable notes:\n\n - gVisor shim has new been rolled into the main gVisor package and is\n slightly easier to build (we can get rid of a bunch of patches).\n - Opencontainers\u0027 runtime-specs now follow containerd instead of gVisor\n - gVisor had to be taught to use the slightly newer runtime-specs via a\n new patch.\n - go_rule() in Starlark is now deprecated, and we had to change our\n Starlark rule definitions to use rule() instead. We also had to patch\n gVisor to do that (as there hasn\u0027t yet been a release that rolled\n this up).\n - Gazelle now supports different naming schemes for generated Go\n targets - either the old //foo/bar:go_default_library scheme, or a\n new and nicer //foo/bar:bar scheme. We currently force the usage of\n the old scheme, as switching over is probably not going to be easy\n (we use a lot of external Bazel files, and we have to wait for their\n compatibility with the new scheme first).\n - New Bazel/rules_go sets a TMPDIR long enough to generate paths (via\n ioutil.TempDir) to which sockets cannot be bound (108-byte limit).\n - The new protobuf API is incompatible with gogoproto. containerd/ttrpc\n uses gogoproto, but we are smart enough to pull in the old protobuf\n library as gogoproto\u0027s transitive dep. However, ttrpc also wants to\n use some proto-generated grpc bits, and that doesn\u0027t work. We have to\n pull in a ttrpc fork from a PR that hasn\u0027t yet been merged that fixes\n this issue.\n\nTest Plan: Refactor only, should be covered by tests.\n\nX-Origin-Diff: phab/D689\nGitOrigin-RevId: 1188c0605d25e7f40307fab5fd96e7019f3a9171\n" }, { "commit": "31370b07f0df2dc2765d812d4ce00a6b35185b16", "tree": "15563902eee9591083284441c8505b084b275d0a", "parents": [ "313816f41244d7520eb2b6f8c231328ee5b7a4ef" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 16:31:14 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 16:31:14 2021 +0100" }, "message": "*: git.monogon.dev -\u003e source.monogon.dev\n\nThis implements T882, setting our (virtual) GOPATH to source.monogon.dev\nfor this repository.\n\nTest Plan: Refactor, CI only.\n\nX-Origin-Diff: phab/D686\nGitOrigin-RevId: c5e2309089948ffc3a98e68e2e0e1cbb157d3a36\n" }, { "commit": "d9ed6560d5db2783252945e1dd3c2e4f908c019e", "tree": "7b90c06406fa071f1a7927c25d3526339a509758", "parents": [ "0be9be88224dd87eedb10436b11615fa59862271" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 16:06:44 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 16:06:44 2021 +0100" }, "message": "build: remove cilium\n\nThis was used back when we were considering CIlium for our networking\nlayer. However, we abandoned that idea, and as such these are all\nunnecessary.\n\nTest Plan: Refactor, CI only.\n\nX-Origin-Diff: phab/D685\nGitOrigin-RevId: 30f296d7626d64cc1a07a73e4e7bbd18d9e9d933\n" }, { "commit": "520c934288d32979ed54b7ffde74428e4583509b", "tree": "47fe9a4317e2a13789f4a8f855490ef98edc2065", "parents": [ "6df7c4f6b2c9a896357cb6c4e236d588f4e23277" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Dec 22 10:58:41 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Dec 22 10:58:41 2020 +0100" }, "message": "sqlboiler: remove\n\nWe do not use any SQL anymore in this repository, so we do not need sqlboiler.\n\nTest Plan: Refactor, covered by CI.\n\nX-Origin-Diff: phab/D677\nGitOrigin-RevId: 1ed24f3d57774be14e6611582f691e73b1106ea9\n" }, { "commit": "662b5b3119b0798980b887d1ef9fa1b5632aa7fb", "tree": "3e1fc4ab033530e6d579112ba500d2c6edb43368", "parents": [ "39f2f691726dc6e0a291aa8609085b835a313dad" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Dec 21 13:49:00 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Dec 21 13:49:00 2020 +0100" }, "message": "smalltown -\u003e metropolis\n\nThis pass removes all mentions of Smalltown, both from code and comments,\nand replaces them with appropriate new terminology.\n\nTest Plan: Refactor, covered by CI.\n\nX-Origin-Diff: phab/D674\nGitOrigin-RevId: 04a94d44ef07d46f7821530da5614daefe16d7ea\n" }, { "commit": "26d41999e0c71813648c16ad84bba810c3b9d593", "tree": "13b60089a6d8e40aab345820498e9e703ad41f7a", "parents": [ "023093c104fbddc568e624949ec68a5722dcd180" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Dec 15 19:27:58 2020 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Dec 15 19:27:58 2020 +0100" }, "message": "intellij: use Bazel-built goimports\n\nTest Plan: Tested the watcher, it fixed my code\n\nX-Origin-Diff: phab/D663\nGitOrigin-RevId: 0e06b3a4043e1671d8bb553312c8894d7c916933\n" }, { "commit": "9601f26770e2aed2c8c37a490e936ce300b1a01d", "tree": "4d378d512ac02685b7eccbd8ef41ace024cef2d9", "parents": [ "ede8a80d816f8c102ed4de13ba25512024582a75" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Dec 09 19:44:41 2020 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Dec 09 19:44:41 2020 +0100" }, "message": "Implement DHCPv4 default callbacks\n\nThis implements common callbacks to manage interface IPs and\nroutes in the kernel from DHCPv4.\n\nTest Plan: New integration tests against our kernel via ktest.\n\nX-Origin-Diff: phab/D657\nGitOrigin-RevId: 3c39dddbd0e4151e6e902de150243296e6e459b4\n" }, { "commit": "56a7ae643059875a074ab6e3ca92754520483edd", "tree": "b949c496629eea44dfb0407fc90bef5bcb9bf894", "parents": [ "21b039bcd224dc0ba0050e7281cef8d73071d0a4" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Oct 29 11:03:30 2020 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Oct 29 11:03:30 2020 +0100" }, "message": "Added DHCPv4 Client\n\nThis adds a bare-bones DHCPv4 client. Currently leases are handled by a single callback which\ncan then be used to implement option observers and other ways to deal with them.\n\nTest Plan: Some tests already here, more coming.\n\nX-Origin-Diff: phab/D645\nGitOrigin-RevId: 76fae7080cdd8ba59cf77368179cae0bc9c9c824\n" }, { "commit": "5e4fc2d107722f748f90cad06601c1b20e0934fc", "tree": "3f29a0772e9182a7e7cc0073b61b00f58013e071", "parents": [ "fa5c2fccc528b40f216687e02f0c1cd004e013d6" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Sep 22 18:35:15 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Sep 22 18:35:15 2020 +0200" }, "message": "Add support for runc container runtime\n\nAdds the runc container runtime, its containerd shim, required Linux features and plumbs it into\nKubernetes using RuntimeClasses and containerd runtime selection. Also adds support for building C-based\ntargets as part of our initramfs.\n\nThe Bazel portion is a bit verbose but since label dicts cannot be reasonably concatenated and closures\nare prohibited in Starlark I see no better way.\n\nFor this to be usable for most images new Linux binfmt options have been added. The hashbang binfmt\nshouldn\u0027t have any negative impact, but binfmt_misc has a registry which is only namespaced if used\nwith user namespaces, which are currently not used and thus might represent an exploit vector. This\nis tracked in T864.\n\nTest Plan: New E2E tests covering this feature have been added.\n\nX-Origin-Diff: phab/D625\nGitOrigin-RevId: 1e7e27166135437b2965eca4dc238f3255c9b1ba\n" }, { "commit": "fa5c2fccc528b40f216687e02f0c1cd004e013d6", "tree": "f39c24f681176b7bbf36fe6af304c6902124f552", "parents": [ "4efaa019244db96128941965aa72c0e1371b0d2d" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Sep 28 13:32:12 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Sep 28 13:32:12 2020 +0200" }, "message": "Use CoreDNS for everything and make directives dynamic\n\nThis moves CoreDNS from Kubernetes to the network tree and uses\nit for OS-side resolution too. For this to work together with Kubernetes it now\ncontains a dynamic directive system which allows various parts of the OS\nto register and unregister directives at runtime. This system is used to hook\nKubernetes and DHCP-supplied DNS servers into the configuration.\n\nThis also enables the hosts plugin to resolve the local hostname from within\nCoreDNS to avoid querying external DNS servers for that (T773).\n\nTest Plan:\nCTS covers K8s-related tests, external resolution manually tested from\na container.\n\nBug: T860, T773\n\nX-Origin-Diff: phab/D628\nGitOrigin-RevId: f1729237f3d17d8801506f4d299b90e7dce0893a\n" }, { "commit": "9e861a87775191faf1a027f603a0074446cd1319", "tree": "01fb624b542762594bad6e88d67c947263837769", "parents": [ "5faa2fc7fb6266486183fdc1455e711079d33e37" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Sep 16 13:46:41 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Sep 16 13:46:41 2020 +0200" }, "message": "//build/toolchain/musl-host-gcc: implement\n\nThis is a cc_toolchain which runs on x86 systems with Linux/gcc and\ntargets Smalltown via static musl builds.\n\nIt is currently unused, but can be tested by trying to build any\ncc_binary with\n--crosstool_top\u003d//build/toolchain/musl-host-gcc:musl_host_cc_suite .\n\nTest Plan: This has been tested manually by running it against a simple cc_binary. Another revision on top of this will attempt to build mkfs.xfs with it.\n\nX-Origin-Diff: phab/D623\nGitOrigin-RevId: ebdf51ee76d9d5a7fd94725c66ef53783f787df7\n" }, { "commit": "a50e845df333a4d7531793e3fed61ca8411384f5", "tree": "d27ebc111fce076181d9ddda5c06882334f91823", "parents": [ "ed0503cbe3c2d85d138f2604b87d73417be6c940" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Sep 09 17:09:27 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Sep 09 17:09:27 2020 +0200" }, "message": "Introduce TPM event log infrastructure\n\nThis adds support for reading the local TPM event log and for parsing the\nresulting blob. Reading the log is implemented as part of our TPM library, but\nfor reading and processing the event log binary structure we rely on Google\u0027s\ngo-attestation. Since they don\u0027t separate their event log processing from the rest\nof the package, I imported the relevant files here directly.\n\nSince TPM event logs are really terrible (see included workarounds and\nhttps://github.com/google/go-attestation/blob/master/docs/event-log-disclosure.md)\nit\u0027s probably a bad idea to use them for anything where we can avoid it.\nSo this will likely only be used for EFI boot / secure boot attestation and\neverything we measure will be part of our TPM library with a much less insane format.\n\nTest Plan:\nManually smoke-tested using a custom fixture on a Ryzen 3000 fTPM.\nWe cannot really test this until we have a way of generating and loading\nsecure boot keys since an empty secure boot setup generates no events.\n\nX-Origin-Diff: phab/D622\nGitOrigin-RevId: e730a3ea69c4055e411833c80530f630d77788e4\n" }, { "commit": "ed0503cbe3c2d85d138f2604b87d73417be6c940", "tree": "66fce41e479e22ba8a735fbcbb62d768c0307bd3", "parents": [ "b9431c95082a3de6c87f96b700e69b72e4d87fdc" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jul 28 17:21:25 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jul 28 17:21:25 2020 +0200" }, "message": "Add Kubernetes CTS\n\nThis adds patches and build specifications for the Kubernetes Conformance Test Suite. This involves\ngating various cloud-specific tests behind the providerless flag (otherwise we\u0027d gain a ton of additional dependencies)\nand an additional 60MiB in test binary size.\nSince the CTS for weird reasons requires kubectl to be available in the path we first build a kubectl go_image and then\nstack the CTS on top of it. The output bundle is then preseeded for use.\n\nTest Plan: `bazel run //core/tests/e2e/k8s_cts`\n\nBug: T836\n\nX-Origin-Diff: phab/D615\nGitOrigin-RevId: 7d2cd780a3ffb63b217591c5854b4aec4031d83d\n" }, { "commit": "b29e0b07048697a8e8b4b33adb98dd6d8e79eddf", "tree": "b0b9660a1a783aae391bafd1a9fbac56bcad5498", "parents": [ "efb028fdc542dd2f19bf74a3be98506e7a15c7b7" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jul 28 17:26:12 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jul 28 17:26:12 2020 +0200" }, "message": "Add CoreDNS build\n\nThis adds CoreDNS and all relevant dependencies. Unused plugins are patched out\nto prevent excessive dependencies and binary size.\n\nTest Plan: `bazel build @com_github_coredns_coredns//:coredns`\n\nX-Origin-Diff: phab/D614\nGitOrigin-RevId: a897bc0e9f908218fd2f414d7e3b902c14e0a374\n" }, { "commit": "efb028fdc542dd2f19bf74a3be98506e7a15c7b7", "tree": "778c7ccea019f423ca9f660125fe8898014aa9d8", "parents": [ "8b0431a9d22b1f2bb8ab3e6eb66ffda5ca4a2ea9" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jul 28 17:04:49 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jul 28 17:04:49 2020 +0200" }, "message": "Allow applying patches before BUILD file generation\n\nThis adds support for patching Go dependencies before BUILD file generation and\nalso plumbs that support into fietsje. No actual prepatching is done in this revision.\n\nTest Plan: This has been used successfully in code built on top of it.\n\nX-Origin-Diff: phab/D612\nGitOrigin-RevId: 7013e5f98feb57ac64ff3dc79d1a9bb94e4152a8\n" }, { "commit": "b682ba55d4a51babad2beebb470b0fef0e6067ca", "tree": "d94c2bb98f3a47896558d9cd4d2cc0271a4558c7", "parents": [ "f85748717f32f0a74816de01b1e5f2e0104342c5" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jul 08 14:51:36 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jul 08 14:51:36 2020 +0200" }, "message": "Add service proxy\n\nThis adds a service proxy based on nfproxy and changes to the service IP allocation to make it work.\nAlso adds support for masquerading outbound traffic for outbound network connectivity.\n\nTest Plan:\nCurrently manually tested by creating an alpine pod and running \u0027apk add curl \u0026\u0026 curl -k https://192.168.188.1:443/\u0027.\nWill be covered later by CTS.\n\nBug: T810\n\nX-Origin-Diff: phab/D580\nGitOrigin-RevId: cace863fd8c2f045560f8abf84c40cc77bc275d4\n" }, { "commit": "f042e6f95bb7dc771bf79f309dbdf0b34da933da", "tree": "f18c60fb92202ce2d5ec7041c85579865a81509d", "parents": [ "b876fc31f12628562a51c70668b318b9fc50478b" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jun 24 16:46:09 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jun 24 16:46:09 2020 +0200" }, "message": "Add Wireguard-based K8s pod networking\n\nThis adds a pod networking runnable based on Wireguard which watches all nodes\nand adds their K8s IPAM allocations as routes into the kernel \u0026 WireGuard. It only depends\non K8s and only performs direct routing.\n\nTest Plan: Manually tested by spinning up a two-node cluster and running two Alpine pods pinging eachother. Can be covered by E2E tests once we can do image preseeding for the test infra (T793).\n\nBug: T487\n\nX-Origin-Diff: phab/D573\nGitOrigin-RevId: ba3fc36f421fd75002f6cf8bea25ed6f1eb457b0\n" }, { "commit": "b876fc31f12628562a51c70668b318b9fc50478b", "tree": "b7f4001c6ab56712dd26473b216e74222b1903f0", "parents": [ "78fd97294dbc8bbf5ef1a490b2d7b7ad96fddcae" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jul 14 13:54:01 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jul 14 13:54:01 2020 +0200" }, "message": "Update containerd to 1.4.0-beta.2 and K8s to 1.19.0-rc.0\n\nThis unbreaks bbolt (as part of containerd) on 1.14+ (see https://github.com/etcd-io/bbolt/pull/201 and\nhttps://github.com/etcd-io/bbolt/pull/220), pulls in my patch to ignore image-defined volumes\n(https://github.com/containerd/cri/pull/1504) and gets us some robustness fixes in containerd CNI/CRI integration\n(https://github.com/containerd/cri/pull/1405). This also updates K8s at the same time since they share a lot of\ndependencies and only updating one is very annoying. On the K8s side we mostly get the standard stream of fixes\nplus some patches that are no longer necessary.\n\nOne annoying on the K8s side (but with no impact to the functionality) are these messages in the logs of various\ncomponents:\n```\nW0714 11:51:26.323590 1 warnings.go:67] policy/v1beta1 PodSecurityPolicy is deprecated in v1.22+, unavailable in v1.25+\n```\nThey are caused by KEP-1635, but there\u0027s not explanation why this gets logged so aggressively considering the operators\ncannot do anything about it. There\u0027s no newer version of PodSecurityPolicy and you are pretty much required to use it if\nyou use RBAC.\n\nTest Plan: Covered by existing tests\n\nBug: T753\n\nX-Origin-Diff: phab/D597\nGitOrigin-RevId: f6c447da1de037c27646f9ec9f45ebd5d6660ab0\n" }, { "commit": "78fd97294dbc8bbf5ef1a490b2d7b7ad96fddcae", "tree": "7ae5efa88e132d538d9ec185e6abddd9f46a0570", "parents": [ "cca74b6b61a165e2d1679847731902eaed04bd94" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Jul 13 17:01:42 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Jul 13 17:01:42 2020 +0200" }, "message": "Kubernetes volume \u0026 stamping fixes\n\nThis reenables the projected and downwardapi volume types, both of which are necessary for the CTS to pass\nand are derivatives of the configmap volume which we already support. This also fixes an issue where the stamping\ndefinitions for Kubernetes were not present on our main Kubernetes binary, which broke the CTS.\n\nTest Plan:\nVolumes will be covered by CTS (writing our own tests would be duplicate work), version was manually\ntested to be correct in `bazel run //core/cmd/dbg -- kubectl get nodes` since stamping is hard to test for.\n\nX-Origin-Diff: phab/D584\nGitOrigin-RevId: 403b6c845bc399fdd44ec3ba4ca26e2512a5bc98\n" }, { "commit": "52f7f291c1987fe98bd10d3ad79d4a0c8772ad03", "tree": "eaf212647f9bab001e62bb35647255b5f107bd2e", "parents": [ "3ff5af330857b2aadcdae9d9e6ca37b7e5d2c56e" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jun 24 16:42:02 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jun 24 16:42:02 2020 +0200" }, "message": "Add nanoswitch and cluster testing\n\nAdds nanoswitch and the `switched-multi2` launch target to launch two Smalltown instances on a switched\nnetwork and enroll them into a single cluster. Nanoswitch contains a Linux bridge and a minimal DHCP server\nand connects to the two Smalltown instances over virtual Ethernet cables. Also moves out the DHCP client into\na package since nanoswitch needs it.\n\nTest Plan:\nManually tested using `bazel run //:launch -- switched-multi2` and observing that the second VM\n(whose serial port is mapped to stdout) prints that it is enrolled. Also validated by `bazel run //core/cmd/dbg -- kubectl get node -o wide` returning two ready nodes.\n\nX-Origin-Diff: phab/D572\nGitOrigin-RevId: 9f6e2b3d8268749dd81588205646ae3976ad14b3\n" }, { "commit": "2e30e88fe6afcf06bdd01478bc584619e91d4c1b", "tree": "c7e8a73330d170df708d8dc6de374d440411f224", "parents": [ "5be29dda1d099e1d72636aec06bd3995f39ae4d8" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jun 24 15:17:29 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jun 24 15:17:29 2020 +0200" }, "message": "Add our own qboot firmware\n\nMy qboot fix (https://github.com/bonzini/qboot/pull/28) has (contrary to what I assumed based on the tests passing)\nnot made it into QEMU yet, so the firmware shipped by it is still affected. This fix not being there silently broke our ktests\nsince the return code processing can in weird conditions wrongly succeed. The fix for this will be another revision, same with\ncode that actually uses this. This is just the build.\n\nTest Plan: Build test: `bazel build @com_github_bonzini_qboot//:qboot-bin`. Also tested in subsequent code depending on it.\n\nX-Origin-Diff: phab/D569\nGitOrigin-RevId: b693220768bc8e39be21fd90eedc7ab79e9c4bcf\n" }, { "commit": "c3ae7588e04e283a9ee798823ff590f2eb26e13f", "tree": "dca98f6ae4627ba043527f1a2de01fb3b740be44", "parents": [ "3b544a960249e7000b4fd9ce36f118c261c467df" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Jun 08 17:15:26 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Jun 08 17:15:26 2020 +0200" }, "message": "core/initramfs: add cilium, force static binaries\n\nThis adds a Bazel transition to the initramfs rule to ensure all\nbinaries that are part of it are built statically.\n\nTest Plan: tested by building the binary and checking all binaries are static\n\nX-Origin-Diff: phab/D557\nGitOrigin-RevId: 897b902c6b139fdffd1179caae757f5151ad7804\n" }, { "commit": "140bddcbe1aac46b168f6fc2178eb9c3870a434c", "tree": "8719383a79e42b1334a53f88bdc015872cba66dd", "parents": [ "e6030f696613983ea00fc93b9e8b826cea7a1e9a" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Jun 05 21:01:19 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Jun 05 21:01:19 2020 +0200" }, "message": "core: build initramfs using generic initramfs rule\n\nThis chips away at three different things:\n - it brings us closer to hermetic and cross-platform builds by not\n depending on genrule/shell and lz4-the-tool\n - it generalizes initramfs building (allowing for more than one to be\n built, if necessary)\n - sets the stage to use Bazel transitions [1] to force all included Go\n binaries to be built in pure/static mode while allowing host Go\n binaries to use cgo/dynamic linking if necessary, and hopefully also\n allowing us to get rid of some BUILD patches that set pure\u003d\u0027on\u0027 in\n go_binary calls (notably needed in Cilium and some existing\n third_party dependencies).\n\n[1] - https://docs.bazel.build/versions/master/skylark/config.html#user-defined-transitions\n\nTest Plan: build machinery change, covered by existing tests\n\nX-Origin-Diff: phab/D554\nGitOrigin-RevId: a5561eb5ca16e6529b9a4a2b98352f579c424222\n" }, { "commit": "3058b7ab4e220c37624e1204744f0b17efd920d5", "tree": "d501623c882286d2cd5e0977c1dd262db9f65dbe", "parents": [ "b15abadcd33cc25c220a2e8987f11bd967af5765" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Jun 03 17:51:07 2020 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Jun 03 17:51:07 2020 +0200" }, "message": "build: add fietsje config and alias for Delve debugger\n\nTest Plan: Debugged a running process using `bazel run :dlv`.\n\nX-Origin-Diff: phab/D550\nGitOrigin-RevId: 3bea727afc0cc275fac19238067d871c42beef19\n" }, { "commit": "0db90ba4fde0be782f2dc43f4e6d269d7c1c5f0b", "tree": "49237accda7efdae1c8398aa10da4aaa3ee9a4c8", "parents": [ "8e3b8fc9c4ccf5f92179c249de692e38a92d6ee0" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Apr 06 14:04:52 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Apr 06 14:04:52 2020 +0200" }, "message": "Implement CSI node plugin\n\nThis implements a CSI node plugin with registration support\nbacked by bind mounts from our XFS data partition.\nIt supports online volume expansion (and technically shrinking,\nbut K8s does not support shrinking) and CSI statistics backed by fsquota\n\nTest Plan: TBD\n\nX-Origin-Diff: phab/D471\nGitOrigin-RevId: 6bc37dac3726b39bd5d71cfddb2d53aeee0c8b4d\n" }, { "commit": "878f5f9e5f9de93b09d354db7d116fd3d558dbfa", "tree": "994b67ea5264f7e38bb67e9043a369454eaab75d", "parents": [ "9a741a861a4cb5c52b0251a4abf3a2c606b06198" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue May 12 16:15:39 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue May 12 16:15:39 2020 +0200" }, "message": "Add Kubernetes Worker and infrastructure\n\nAdds Kubernetes Kubelet with patches for syscall-based mounting and\nsyscall-based (and much faster) metrics. fsquota patches have been\ndeferred to a further revision (for robust emptyDir capacity isolation).\n\nChanges encoding of the node ID to hex since Base64-URL is not supported\nas a character set for K8s names. Also adds `/etc/machine-id` and\n`/etc/os-release` since Kubernetes wants them. `os-release` is generated\nby stamping, `machine-id` is the hex-encoded node ID derived from the\npublic key.\n\nAlso includes a primitive reconciler which automatically ensures a set of\nbuilt-in Kubernetes objects are always present. Currently this includes\na PSP and some basic RBAC policies that are elementary to proper cluster\noperations.\n\nAdds an additional gRPC service (NodeDebugService) to cleanly\ncommunicate with external debug and test tooling. It supports reading\nfrom logbuffers for all externally-run components, checking conditions\n(for replacing log matching in testing and debugging) and getting\ndebug credentials for the Kubernetes cluster.\n\nA small utility (dbg) is provided that interfaces with NodeDebugService\nand provides access to its functions from the CLI. It also incorporates\na kubectl wrapper which directly grabs credentials from the Debug API\nand passes them to kubectl\n(e.g. `bazel run //core/cmd/dbg -- kubectl describe node`).\n\nTest Plan:\nManually tested.\nKubernetes:\n`bazel run //core/cmd/dbg -- kubectl create -f test.yml`\n\nChecked that pods run, logs are accessible and exec works.\n\nReading buffers:\n`bazel run //core/cmd/dbg -- logs containerd`\n\nOutputs containerd logs in the right order.\n\nAutomated testing is in the works, but has been deferred to a future\nrevision because this one is already too big again.\n\nX-Origin-Diff: phab/D525\nGitOrigin-RevId: 0fbfa0c433de405526c7f09ef10c466896331328\n" }, { "commit": "9a741a861a4cb5c52b0251a4abf3a2c606b06198", "tree": "1ec5dddcbc049c76f67585c5d03f184ee6c66a9c", "parents": [ "14cf750cac0d6c6e9504871246a45a226b2eb03e" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu May 28 15:08:45 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu May 28 15:08:45 2020 +0200" }, "message": "Apply containerd build patch again\n\nThe containerd pure mode build patch is no longer being applied after D535.\ncontainerd is thus no longer executable since we don\u0027t have a dynamic loader\nin Smalltown. This applies the patch again using Fietsje.\n\nTest Plan: Tested under D544\n\nX-Origin-Diff: phab/D545\nGitOrigin-RevId: 76bc4804c4dd0faf5fd38685d0c69bfa4af6ea94\n" }, { "commit": "14cf750cac0d6c6e9504871246a45a226b2eb03e", "tree": "5c17e5c6e9904675403e47f8a8658e966a9506b0", "parents": [ "f369cfa3ab4ad5ba882fa66f2fd1c3df8e5b4495" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu May 28 14:29:56 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu May 28 14:29:56 2020 +0200" }, "message": "fietsje: implement .replace, add Cilium dependencies.\n\nThe new .replace() can be used to mirror \u0027replace\u0027 stanzas in go.mod,\nand that\u0027s what it\u0027s being used for in Cilium, as it ships a handful of\nforked libraries that we have to pull in.\n\nThe Cilium targets are currently unused, but the ones confirmed to build\nare:\n\n - @com_github_cilium_cilium//cilium: cilium API client\n - @com_github_cilium_cilium//daemon:daemon: cilium daemon/agent\n - @com_github_cilium_cilium//operator: cilium operator\n\nThese currently built as dynamic libraries - turning them into\nstatic/pure builds will come in a later build.\n\nTest Plan: how do we test this? :)\n\nX-Origin-Diff: phab/D542\nGitOrigin-RevId: b38c7c1d0be8b0b88ea8f6992c9c5557189399cc\n" }, { "commit": "f369cfa3ab4ad5ba882fa66f2fd1c3df8e5b4495", "tree": "623bb7e085852f87e9ad6618408dc4b3171f7b29", "parents": [ "df12522ed48dbac7edbae32be01a09770b01d0f7" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri May 22 18:36:42 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri May 22 18:36:42 2020 +0200" }, "message": "fietsje: implement\n\nThis introduces Fietsje, a little Go dependency manager.\n\nFor more information, see third_party/go/fietsje/README.md.\n\nWe also bump some dependencies while we\u0027re at it, notably, sqliboiler\nnow uses Go modules. If we weren\u0027t to do that, we\u0027d have to add more\nheuristics to Fietsje to handle the old version correctly.\n\nTest Plan: fietsje is untested - I\u0027ll add some tests to it. Everything else is just regenerating basically the same repositories.bzl file, but with some bumped dependencies.\n\nX-Origin-Diff: phab/D535\nGitOrigin-RevId: 4fc919e1bd386bc3f3c1c53e672b1e3b9da17dfc\n" }, { "commit": "c88c82db8b1a7f8a07782c970e1d0dfb453f9f66", "tree": "22072c4f18e4aaa855577ff0b42a86ef77a9c4cb", "parents": [ "60febd9db40970a31a2f49bdb969897a37c11cc6" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Fri May 08 14:35:04 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Fri May 08 14:35:04 2020 +0200" }, "message": "Add containerd \u0026 gVisor support\n\nThis adds containerd, CNI, gVisor and all the necessary shims\nand supporting infrastructure. It also enables all relevant features in\nthe Linux kernel. containerd is designed as a simple supervisor.Runnable.\nIt is not being started yet, this will happen in D497.\n\nSplit out from feature/kubelet.\n\nTest Plan:\nHas been tested in conjunction with the rest of D497, will be\ncovered by a K8s E2E test there.\n\nX-Origin-Diff: phab/D509\nGitOrigin-RevId: 92523516b7e361a30da330eb187787e6045bfd17\n" }, { "commit": "60febd9db40970a31a2f49bdb969897a37c11cc6", "tree": "8ac7756b46db3333e0f81dea04ce1d8bbfe38e62", "parents": [ "fc2c4f5bc24286f24d3fe130bec61cf9fc59982d" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu May 07 14:08:18 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu May 07 14:08:18 2020 +0200" }, "message": "Clean up consensus etcd log output\n\nIntegrates our Zap logger into our etcd embedded instance to\nclean up the logs. Split out from D497 (ex feature/kubelet).\n\nTest Plan:\n`bazel run //core/scripts:launch` no longer shows etcd JSON\noutput.\n\nX-Origin-Diff: phab/D498\nGitOrigin-RevId: 8df3b9c3edd20310079306479adfadf983af7da2\n" }, { "commit": "f64021170952839c39f25e13e8771d8e377af898", "tree": "06b4841b976cba50dea2f567d300ae2a5b355a14", "parents": [ "bb7db92ee6e788b576e22ece70914e0321a785f7" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon May 04 16:50:31 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon May 04 16:50:31 2020 +0200" }, "message": "Enable stamping and use correct variables\n\nIn D487 stamping was introduced, but not actually enabled. This enables it.\n\nKubernetes also uses \"volatile\" stamping variables for things that logic\ndepends on. This is a terrible idea because\nyou cannot unbreak a build since volatile stamps don\u0027t trigger a rebuild.\nThe status variables which are not purely informational have been changed\nto \"stable\" variables\n(see https://docs.bazel.build/versions/master/user-manual.html#flag--workspace_status_command).\n\nTest Plan:\nBy itself not really testable, but has been tested on an\nupcoming revision that actually depends on stamping behaving correctly.\n\nX-Origin-Diff: phab/D491\nGitOrigin-RevId: 48dda066d56e29d10fb0f0a88a845d8caf527c98\n" }, { "commit": "bb7db92ee6e788b576e22ece70914e0321a785f7", "tree": "1f4fee21a390625bd9766d0394e3076cf7e34d48", "parents": [ "547b33f2b38dba41f2c171f8730ff5093b267eaf" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Apr 30 12:43:10 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Apr 30 12:43:10 2020 +0200" }, "message": "Add all dependencies for Kubernetes worker\n\nAdds Kubelet, CNI plugins, containerd, runc and gVisor using a\npre-baked list of dependencies generated using scripts/gazelle-deps/sh.\n\nThis moves all dependencies of gVisor, Kubernetes, runc, etc into the\nsame \u0027namespace\u0027 of Bazel external repositories, giving us ease of\naccessing code as libraries, and benefits when it comes to version\nauditing.\n\nThe gazelle-deps.sh script is a temporary solution that will be replaced\nASAP, see T725.\n\nThis unblocks T486.\n\nThis is an alternative to D389.\n\nTest Plan: `bazel build //core:image` runs and picks up the new binaries\n\nX-Origin-Diff: phab/D487\nGitOrigin-RevId: a28a25071fa2ae76b272d237ce9af777485065ff\n" }, { "commit": "547b33f2b38dba41f2c171f8730ff5093b267eaf", "tree": "0b1993d79cd3724613e43caed66e81979de0b082", "parents": [ "3dba53221970a81cdc1158cced2c6acf85b33065" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Apr 23 15:27:06 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Apr 23 15:27:06 2020 +0200" }, "message": "Add in-kernel test runner\n\nThis adds a way to run tests inside the Smalltown kernel.\n\nImprovements to the Bazel part of this are tracked in T726\n\nTest Plan: Tested by intentionally failing the test.\n\nX-Origin-Diff: phab/D485\nGitOrigin-RevId: e4aad7f28d122d82a7fcb6699e678cbe022e2f73\n" }, { "commit": "5d7d2a42ed0394ecc57ef3cde1d837d8a997ec20", "tree": "55ead1cb4ddbd347faf26f7370b46de7e7f634b6", "parents": [ "1d8017549154d0bf2c36610d75eee8de9b25ce02" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Apr 06 14:11:02 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Apr 06 14:11:02 2020 +0200" }, "message": "Update Kubernetes to 1.18.0\n\nUpdates Kubernetes to 1.18.0 and removes patches that are no\nlonger needed. The directories themselves and the build code that deals\nwith patching is left intact since rebasing D389 and subsequent K8s work\nwould otherwise be unnecessarily complicated.\n\nTest Plan: Should be covered by CI\n\nX-Origin-Diff: phab/D470\nGitOrigin-RevId: 5c7749926f0adcc8d58e3bff3ce6413bab1d797d\n" }, { "commit": "1d8017549154d0bf2c36610d75eee8de9b25ce02", "tree": "854997e22377a1a3b2b2ef00fa9efe8fc2651228", "parents": [ "25b82a85dceb8f3ce847d712fa58809d87f316fb" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Apr 02 09:24:51 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Apr 02 09:24:51 2020 +0200" }, "message": "Introduce fsquota package\n\nThis introduces a new fsquota package and\na few low-level support packages to simplify the\nmanagement of filesystem quotas.\n\nTo expose an API that\u0027s nice to use while staying\nperformant and safe the new fsinfo syscall is being\nused. Since that syscall is not yet in mainline it has\nbeen backported to our 5.6 kernel.\n\nTest Plan:\nManually validated on our kernel, automated\ntests are pending some Bazel work to be able to run them\ninside our own kernel.\n\nX-Origin-Diff: phab/D462\nGitOrigin-RevId: bb463056589d2b13b7cf32d48ab0b884e70b1bad\n" }, { "commit": "fd16651a2ef1484b7d8f12d0a7c7f93899af2747", "tree": "f7931a575e0a7133695b2e5a7ec412a2c21731e1", "parents": [ "b1b742f91489cafa199bf5dd6e83d965cb23f63f" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Apr 01 17:29:45 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Apr 01 17:29:45 2020 +0200" }, "message": "Update Linux to 5.6\n\nTest Plan: Covered by existing tests.\n\nX-Origin-Diff: phab/D458\nGitOrigin-RevId: ebc83b17a0bcf66997d65763d8ff852a2613887c\n" }, { "commit": "7b5d994379ef72ccf9f4de15d01b9604fc650287", "tree": "baaa1bb99c2cb3e081d4f978303be56520a3e4df", "parents": [ "9374393a16b9400866003cd972f9c4711c94869c" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Mar 19 16:14:02 2020 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Mar 19 16:14:02 2020 +0100" }, "message": "Update rules_go to 0.22.1 to fix @go_googleapis issue\n\nThis fixes a known issue[1] with rules_go in combination with\nBazel 2.2+ and some protobuf generates (like @go_googleapis).\nAlso updates a few dependencies because rules_go switched to\na newer GRPC compiler.\n\n[1] https://github.com/bazelbuild/bazel/issues/10681\n\nTest Plan: bazel test //... works again on Bazel 2.2+\n\nX-Origin-Diff: phab/D436\nGitOrigin-RevId: d5700cbaa59fefd791f5c9902195f0294a0e6f07\n" }, { "commit": "581b0bd6386a077e29107710e008983b62233ccf", "tree": "85cf721d9711e7adc88c744c55ee12a96ee7114d", "parents": [ "79d7a625709242204993cffbd99ed734dc1c50a5" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Mar 12 13:36:43 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Mar 12 13:36:43 2020 +0100" }, "message": "init: remount to tmpfs\n\nrunsc needs to be able to pivot_root. According to @lorenz this does not\nwork from initramfs. This introduces a temporary fix to re-mount and\nre-exec into a new root based on tmpfs.\n\nA proper fix would be to use a real filesystem instead of initramfs\n(like squashfs), but this will do for now.\n\nWe also use this opportunity to use devtmpfs instead of manually\nmanaging /dev. This collides with the storage manager that tries to\ncreate all storage nodes - we just remove that.\n\nTest Plan: shouldn\u0027t change behaviour\n\nX-Origin-Diff: phab/D433\nGitOrigin-RevId: aa59fec6551bab1b1b9c2fe037dce410e550981b\n" }, { "commit": "79d7a625709242204993cffbd99ed734dc1c50a5", "tree": "6a4b3773d40a468e2fb35c66f4e058c6901baef7", "parents": [ "4ff52bd7326ff5b534261ffb47588a44216095af" ], "author": { "name": "Hendrik Hofstadt", "email": "hendrik@nexantic.com", "time": "Wed Mar 11 19:18:56 2020 +0100" }, "committer": { "name": "Hendrik Hofstadt", "email": "hendrik@nexantic.com", "time": "Wed Mar 11 19:18:56 2020 +0100" }, "message": "Add initial delta module\n\nTest Plan: covered by tests\n\nX-Origin-Diff: phab/D228\nGitOrigin-RevId: e44b5fd9b702bf8490b3c85edaf02f40b5d806c6\n" }, { "commit": "6c8d5f9319706be576563b990c875afc0d60d02d", "tree": "914915b626992cb596323c7756c4f01e02e24832", "parents": [ "2fb13a89a00a1d0bf2e87f10516dcb5d7c0691dc" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Feb 11 12:42:29 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Feb 11 12:42:29 2020 +0100" }, "message": "repositories.bzl -\u003e third_party/go/repositories.bzl\n\nLet\u0027s keep the root of the monorepo tidy. Also, a list of third party\ndependencies sounds like it should belong in third_party/, really.\n\nTest Plan: more build file mangling, CI should catch issues\n\nX-Origin-Diff: phab/D392\nGitOrigin-RevId: 3fdd7bb430e8b44df7301520657170ce28ba859e\n" }, { "commit": "2fb13a89a00a1d0bf2e87f10516dcb5d7c0691dc", "tree": "4a5c4b3b14afdd6d10192d2e6144d62051c92d9d", "parents": [ "aa6b7346a87a5512fbdd5b39db766000c0e10415" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Feb 11 12:41:37 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Feb 11 12:41:37 2020 +0100" }, "message": "third_party: slurp in edk2, kubernetes, mkfs.xfs\n\nThis finishes the move from core/build/* into third_party/.\n\nWhile at first this might look like wasted bandwidth, this separation\nwill make much more sense in the future, where different parts (not only\nthe Smalltown core) might depend on shared external dependencies. In\naddition, having everything in third_party laid out in a similar fashion\nlends itself to writing more general rules. Already there is quite a bit\nof deduplicaiton that we could remove for reliability and readability.\n\nThis does not fix the problem of the big honkin\u0027 genrule for mkfs.xfs -\nwhile I think we should fix it sooner than later by building a real\ntoolchain, that time is not yet now. But at least we\u0027ve moved things out\nof the way so that we can then drop in a better mkfs.xfs, once it is\nbuilt so.\n\nTest Plan: build file mangling, CI should cover this\n\nX-Origin-Diff: phab/D391\nGitOrigin-RevId: fb99c6a6270c5c6a56eeb4f18a41323ffebbc655\n" }, { "commit": "731d00ae802712305d2a01ea4a7bbc74227b2f0d", "tree": "574c39c5ce00a4aeb03cb0e0136320836f2259cb", "parents": [ "7ba3152b450889e81e85a02bd2e28f992edba2b0" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Feb 03 19:08:07 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Feb 03 19:08:07 2020 +0100" }, "message": "Move linux to //third_party.\n\nTest Plan: refactor of build system, should be covered by existing tests\n\nX-Origin-Diff: phab/D367\nGitOrigin-RevId: 603c61bfadadfbd66c0ce31f05f6748251bea9f3\n" } ] }